First attempt at migrating bugzilla2fedmsg to openshift

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2019-09-06 10:06:43 +02:00 committed by Pierre-Yves Chibon
parent ebddc53593
commit b811b2dd65
6 changed files with 303 additions and 0 deletions

View file

@ -0,0 +1,71 @@
- name: make the app be real
hosts: os_masters_stg[0]
user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: rabbit/user
username: "bugzilla2fedmsg{{ env_suffix }}"
- role: openshift/project
app: bugzilla2fedmsg
description: bugzilla2fedmsg
appowners:
- abompard
tags:
- apply-appowners
# Fedora Messaging secrets
- role: openshift/secret-file
app: bugzilla2fedmsg
secret_name: fedora-messaging-ca
key: cacert.pem
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
- role: openshift/secret-file
app: bugzilla2fedmsg
secret_name: fedora-messaging-crt
key: bugzilla2fedmsg-cert.pem
privatefile: "rabbitmq/{{env}}/pki/issued/bugzilla2fedmsg{{env_suffix}}.crt"
- role: openshift/secret-file
app: bugzilla2fedmsg
secret_name: fedora-messaging-key
key: bugzilla2fedmsg-key.pem
privatefile: "rabbitmq/{{env}}/pki/private/bugzilla2fedmsg{{env_suffix}}.key"
# STOMP secrets
- role: openshift/secret-file
app: bugzilla2fedmsg
secret_name: stomp-crt
key: msg-client-fedora-prod.crt
privatefile: "bugzilla2fedmsg/msg-client-fedora-prod.crt"
- role: openshift/secret-file
app: bugzilla2fedmsg
secret_name: stomp-key
key: msg-client-fedora-prod.key
privatefile: "bugzilla2fedmsg/msg-client-fedora-prod.key"
- role: openshift/imagestream
app: bugzilla2fedmsg
imagename: bugzilla2fedmsg
- role: openshift/object
app: bugzilla2fedmsg
template: buildconfig.yml
objectname: buildconfig.yml
- role: openshift/start-build
app: bugzilla2fedmsg
buildname: bugzilla2fedmsg-build
- role: openshift/object
app: bugzilla2fedmsg
template: configmap.yml
objectname: configmap.yml
- role: openshift/object
app: bugzilla2fedmsg
template: deploymentconfig.yml
objectname: deploymentconfig.yml
- role: openshift/rollout
app: bugzilla2fedmsg
dcname: bugzilla2fedmsg

View file

@ -0,0 +1,10 @@
---
apiVersion: v1
kind: ImageStream
metadata:
name: bugzilla2fedmsg
spec:
lookupPolicy:
local: false
status:
dockerImageRepository: ""

View file

@ -0,0 +1,32 @@
apiVersion: v1
kind: BuildConfig
metadata:
name: bugzilla2fedmsg-build
labels:
environment: "bugzilla2fedmsg"
spec:
source:
type: Dockerfile
dockerfile: |-
FROM fedora:30
LABEL \
name="bugzilla2fedmsg" \
vendor="Fedora Infrastructure" \
license="MIT"
RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags.repo
{% if env == "staging" %}
RUN curl -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags-stg.repo
{% endif %}
RUN dnf install -y python3-bugzilla2fedmsg
ENV USER=openshift
ENTRYPOINT /usr/bin/bugzilla2fedmsg
strategy:
type: Docker
dockerStrategy:
noCache: false
triggers:
- type: ImageChange
output:
to:
kind: ImageStreamTag
name: bugzilla2fedmsg:latest

View file

@ -0,0 +1,12 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fedora-messaging-configmap
labels:
app: bugzilla2fedmsg
data:
fedora-messaging.toml: |-
{{ load_file('fedora-messaging.toml') | indent }}

View file

@ -0,0 +1,96 @@
---
apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: bugzilla2fedmsg
service: bugzilla2fedmsg
name: bugzilla2fedmsg
spec:
replicas: 2
selector:
app: bugzilla2fedmsg
deploymentconfig: bugzilla2fedmsg
strategy:
resources: {}
template:
metadata:
labels:
app: bugzilla2fedmsg
deploymentconfig: bugzilla2fedmsg
spec:
containers:
- image: bugzilla2fedmsg:latest
name: bugzilla2fedmsg
env:
- name: APP_MODULE
value: "bugzilla2fedmsg:app"
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- name: fedora-messaging-config-volume
mountPath: /etc/fedora-messaging
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: /etc/pki/fedora-messaging/cacert.pem
subPath: cacert.pem
readOnly: true
- name: fedora-messaging-crt-volume
mountPath: /etc/pki/fedora-messaging/bugzilla2fedmsg-cert.pem
subPath: bugzilla2fedmsg-cert.pem
readOnly: true
- name: fedora-messaging-key-volume
mountPath: /etc/pki/fedora-messaging/bugzilla2fedmsg-key.pem
subPath: bugzilla2fedmsg-key.pem
readOnly: true
- name: stomp-crt-volume
mountPath: /etc/pki/stomp/msg-client-fedora-prod.crt
subPath: msg-client-fedora-prod.crt
readOnly: true
- name: stomp-key-volume
mountPath: /etc/pki/stomp/msg-client-fedora-prod.key
subPath: msg-client-fedora-prod.key
readOnly: true
readinessProbe:
timeoutSeconds: 1
initialDelaySeconds: 5
httpGet:
path: /
port: 8080
livenessProbe:
timeoutSeconds: 1
initialDelaySeconds: 30
httpGet:
path: /
port: 8080
volumes:
- name: fedora-messaging-config-volume
configMap:
name: fedora-messaging-configmap
- name: fedora-messaging-ca-volume
secret:
secretName: fedora-messaging-ca
- name: fedora-messaging-crt-volume
secret:
secretName: fedora-messaging-crt
- name: fedora-messaging-key-volume
secret:
secretName: fedora-messaging-key
- name: stomp-crt-volume
secret:
secretName: stomp-crt
- name: stomp-key-volume
secret:
secretName: stomp-key
triggers:
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- bugzilla2fedmsg
from:
kind: ImageStreamTag
name: bugzilla2fedmsg:latest

View file

@ -0,0 +1,82 @@
# Configuraton for Fedora Messaging
# Broker address
amqp_url = "amqps://bugzilla2fedmsg{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
# The topic_prefix configuration value will add a prefix to the topics of every sent message.
# This is used for migrating from fedmsg, and should not be used afterwards.
{% if env == "staging" %}
topic_prefix = "org.fedoraproject.stg"
{% else %}
topic_prefix = "org.fedoraproject.prod"
{% endif %}
[tls]
ca_cert = "/etc/pki/fedora-messaging/cacert.pem"
keyfile = "/etc/pki/fedora-messaging/bugzilla2fedmsg-key.pem"
certfile = "/etc/pki/fedora-messaging/bugzilla2fedmsg-cert.pem"
[consumer_config]
[consumer_config.stomp]
# Broker URI
# http://nikipore.github.io/stompest/protocol.html#stompest.protocol.failover.StompFailoverUri
# Example: failover:(tcp://remote1:61615,tcp://localhost:61616)?randomize=false,startupMaxReconnectAttempts=3,initialReconnectDelay=7,maxReconnectDelay=8,maxReconnectAttempts=0
uri = "ssl://localhost:61612"
{% if env == 'staging' %}
uri = "failover:(ssl://messaging-devops-broker01.dist.stage.ext.phx2.redhat.com:61612,ssl://messaging-devops-broker02.dist.stage.ext.phx2.redhat.com:61612)"
user = "{{ redhat_dmz_dev_broker_username }}"
pass = "{{ redhat_dmz_dev_broker_password }}"
{% else %}
uri = "failover:(ssl://messaging-devops-broker01.dist.prod.ext.phx2.redhat.com:61612,ssl://messaging-devops-broker02.dist.prod.ext.phx2.redhat.com:61612)"
user = "{{ redhat_dmz_prod_broker_username }}"
pass = "{{ redhat_dmz_prod_broker_password }}"
{% endif %}
ssl_crt = "/etc/pki/stomp/msg-client-fedora-prod.crt"
ssl_key = "/etc/pki/stomp/msg-client-fedora-prod.key"
# Queue to subscribe to
queue = "/queue/Consumer.fedora.DO-NOT-COPY.VirtualTopic.eng.bugzilla.>"
# Heartbeat to keep the connection open
heartbeat = 1000
# How many messages to prefetch
prefetch_size = 100
[consumer_config.bugzilla]
# Products to relay messages for - messages for bugs files against
# other products will be ignored
products = ["Fedora", "Fedora EPEL"]
# Whether to modify messages to look more like Bugzilla 4 ones did
bz4compat = true
[client_properties]
app = "bugzilla2fedmsg"
[log_config]
version = 1
disable_existing_loggers = true
[log_config.formatters.simple]
format = "[%(name)s %(levelname)s] %(message)s"
[log_config.handlers.console]
class = "logging.StreamHandler"
formatter = "simple"
stream = "ext://sys.stdout"
[log_config.loggers.fedora_messaging]
level = "INFO"
propagate = false
handlers = ["console"]
[log_config.loggers.bugzilla2fedmsg]
level = "INFO"
propagate = false
handlers = ["console"]
[log_config.root]
level = "WARNING"
handlers = ["console"]