diff --git a/playbooks/openshift-apps/bugzilla2fedmsg.yml b/playbooks/openshift-apps/bugzilla2fedmsg.yml new file mode 100644 index 0000000000..bce57a17b4 --- /dev/null +++ b/playbooks/openshift-apps/bugzilla2fedmsg.yml @@ -0,0 +1,71 @@ +- name: make the app be real + hosts: os_masters_stg[0] + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + + - role: rabbit/user + username: "bugzilla2fedmsg{{ env_suffix }}" + + - role: openshift/project + app: bugzilla2fedmsg + description: bugzilla2fedmsg + appowners: + - abompard + tags: + - apply-appowners + # Fedora Messaging secrets + - role: openshift/secret-file + app: bugzilla2fedmsg + secret_name: fedora-messaging-ca + key: cacert.pem + privatefile: "rabbitmq/{{env}}/pki/ca.crt" + - role: openshift/secret-file + app: bugzilla2fedmsg + secret_name: fedora-messaging-crt + key: bugzilla2fedmsg-cert.pem + privatefile: "rabbitmq/{{env}}/pki/issued/bugzilla2fedmsg{{env_suffix}}.crt" + - role: openshift/secret-file + app: bugzilla2fedmsg + secret_name: fedora-messaging-key + key: bugzilla2fedmsg-key.pem + privatefile: "rabbitmq/{{env}}/pki/private/bugzilla2fedmsg{{env_suffix}}.key" + # STOMP secrets + - role: openshift/secret-file + app: bugzilla2fedmsg + secret_name: stomp-crt + key: msg-client-fedora-prod.crt + privatefile: "bugzilla2fedmsg/msg-client-fedora-prod.crt" + - role: openshift/secret-file + app: bugzilla2fedmsg + secret_name: stomp-key + key: msg-client-fedora-prod.key + privatefile: "bugzilla2fedmsg/msg-client-fedora-prod.key" + + - role: openshift/imagestream + app: bugzilla2fedmsg + imagename: bugzilla2fedmsg + - role: openshift/object + app: bugzilla2fedmsg + template: buildconfig.yml + objectname: buildconfig.yml + - role: openshift/start-build + app: bugzilla2fedmsg + buildname: bugzilla2fedmsg-build + - role: openshift/object + app: bugzilla2fedmsg + template: configmap.yml + objectname: configmap.yml + - role: openshift/object + app: bugzilla2fedmsg + template: deploymentconfig.yml + objectname: deploymentconfig.yml + - role: openshift/rollout + app: bugzilla2fedmsg + dcname: bugzilla2fedmsg diff --git a/roles/openshift-apps/bugzilla2fedmsg/files/imagestream.yml b/roles/openshift-apps/bugzilla2fedmsg/files/imagestream.yml new file mode 100644 index 0000000000..00ea3e0257 --- /dev/null +++ b/roles/openshift-apps/bugzilla2fedmsg/files/imagestream.yml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: ImageStream +metadata: + name: bugzilla2fedmsg +spec: + lookupPolicy: + local: false +status: + dockerImageRepository: "" diff --git a/roles/openshift-apps/bugzilla2fedmsg/templates/buildconfig.yml b/roles/openshift-apps/bugzilla2fedmsg/templates/buildconfig.yml new file mode 100644 index 0000000000..0093bf0d1b --- /dev/null +++ b/roles/openshift-apps/bugzilla2fedmsg/templates/buildconfig.yml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: BuildConfig +metadata: + name: bugzilla2fedmsg-build + labels: + environment: "bugzilla2fedmsg" +spec: + source: + type: Dockerfile + dockerfile: |- + FROM fedora:30 + LABEL \ + name="bugzilla2fedmsg" \ + vendor="Fedora Infrastructure" \ + license="MIT" + RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags.repo +{% if env == "staging" %} + RUN curl -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags-stg.repo +{% endif %} + RUN dnf install -y python3-bugzilla2fedmsg + ENV USER=openshift + ENTRYPOINT /usr/bin/bugzilla2fedmsg + strategy: + type: Docker + dockerStrategy: + noCache: false + triggers: + - type: ImageChange + output: + to: + kind: ImageStreamTag + name: bugzilla2fedmsg:latest \ No newline at end of file diff --git a/roles/openshift-apps/bugzilla2fedmsg/templates/configmap.yml b/roles/openshift-apps/bugzilla2fedmsg/templates/configmap.yml new file mode 100644 index 0000000000..bd945e8ec0 --- /dev/null +++ b/roles/openshift-apps/bugzilla2fedmsg/templates/configmap.yml @@ -0,0 +1,12 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fedora-messaging-configmap + labels: + app: bugzilla2fedmsg +data: + fedora-messaging.toml: |- + {{ load_file('fedora-messaging.toml') | indent }} + diff --git a/roles/openshift-apps/bugzilla2fedmsg/templates/deploymentconfig.yml b/roles/openshift-apps/bugzilla2fedmsg/templates/deploymentconfig.yml new file mode 100644 index 0000000000..380eec2f5d --- /dev/null +++ b/roles/openshift-apps/bugzilla2fedmsg/templates/deploymentconfig.yml @@ -0,0 +1,96 @@ +--- +apiVersion: v1 +kind: DeploymentConfig +metadata: + labels: + app: bugzilla2fedmsg + service: bugzilla2fedmsg + name: bugzilla2fedmsg +spec: + replicas: 2 + selector: + app: bugzilla2fedmsg + deploymentconfig: bugzilla2fedmsg + strategy: + resources: {} + template: + metadata: + labels: + app: bugzilla2fedmsg + deploymentconfig: bugzilla2fedmsg + spec: + containers: + - image: bugzilla2fedmsg:latest + name: bugzilla2fedmsg + env: + - name: APP_MODULE + value: "bugzilla2fedmsg:app" + ports: + - containerPort: 8080 + protocol: TCP + volumeMounts: + - name: fedora-messaging-config-volume + mountPath: /etc/fedora-messaging + readOnly: true + - name: fedora-messaging-ca-volume + mountPath: /etc/pki/fedora-messaging/cacert.pem + subPath: cacert.pem + readOnly: true + - name: fedora-messaging-crt-volume + mountPath: /etc/pki/fedora-messaging/bugzilla2fedmsg-cert.pem + subPath: bugzilla2fedmsg-cert.pem + readOnly: true + - name: fedora-messaging-key-volume + mountPath: /etc/pki/fedora-messaging/bugzilla2fedmsg-key.pem + subPath: bugzilla2fedmsg-key.pem + readOnly: true + - name: stomp-crt-volume + mountPath: /etc/pki/stomp/msg-client-fedora-prod.crt + subPath: msg-client-fedora-prod.crt + readOnly: true + - name: stomp-key-volume + mountPath: /etc/pki/stomp/msg-client-fedora-prod.key + subPath: msg-client-fedora-prod.key + readOnly: true + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + httpGet: + path: / + port: 8080 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + httpGet: + path: / + port: 8080 + volumes: + - name: fedora-messaging-config-volume + configMap: + name: fedora-messaging-configmap + - name: fedora-messaging-ca-volume + secret: + secretName: fedora-messaging-ca + - name: fedora-messaging-crt-volume + secret: + secretName: fedora-messaging-crt + - name: fedora-messaging-key-volume + secret: + secretName: fedora-messaging-key + - name: stomp-crt-volume + secret: + secretName: stomp-crt + - name: stomp-key-volume + secret: + secretName: stomp-key + + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - bugzilla2fedmsg + from: + kind: ImageStreamTag + name: bugzilla2fedmsg:latest diff --git a/roles/openshift-apps/bugzilla2fedmsg/templates/fedora-messaging.toml b/roles/openshift-apps/bugzilla2fedmsg/templates/fedora-messaging.toml new file mode 100644 index 0000000000..82a054dc10 --- /dev/null +++ b/roles/openshift-apps/bugzilla2fedmsg/templates/fedora-messaging.toml @@ -0,0 +1,82 @@ +# Configuraton for Fedora Messaging + +# Broker address +amqp_url = "amqps://bugzilla2fedmsg{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +# The topic_prefix configuration value will add a prefix to the topics of every sent message. +# This is used for migrating from fedmsg, and should not be used afterwards. +{% if env == "staging" %} +topic_prefix = "org.fedoraproject.stg" +{% else %} +topic_prefix = "org.fedoraproject.prod" +{% endif %} + +[tls] +ca_cert = "/etc/pki/fedora-messaging/cacert.pem" +keyfile = "/etc/pki/fedora-messaging/bugzilla2fedmsg-key.pem" +certfile = "/etc/pki/fedora-messaging/bugzilla2fedmsg-cert.pem" + + +[consumer_config] + [consumer_config.stomp] + # Broker URI + # http://nikipore.github.io/stompest/protocol.html#stompest.protocol.failover.StompFailoverUri + # Example: failover:(tcp://remote1:61615,tcp://localhost:61616)?randomize=false,startupMaxReconnectAttempts=3,initialReconnectDelay=7,maxReconnectDelay=8,maxReconnectAttempts=0 + uri = "ssl://localhost:61612" + {% if env == 'staging' %} + uri = "failover:(ssl://messaging-devops-broker01.dist.stage.ext.phx2.redhat.com:61612,ssl://messaging-devops-broker02.dist.stage.ext.phx2.redhat.com:61612)" + user = "{{ redhat_dmz_dev_broker_username }}" + pass = "{{ redhat_dmz_dev_broker_password }}" + {% else %} + uri = "failover:(ssl://messaging-devops-broker01.dist.prod.ext.phx2.redhat.com:61612,ssl://messaging-devops-broker02.dist.prod.ext.phx2.redhat.com:61612)" + user = "{{ redhat_dmz_prod_broker_username }}" + pass = "{{ redhat_dmz_prod_broker_password }}" + {% endif %} + ssl_crt = "/etc/pki/stomp/msg-client-fedora-prod.crt" + ssl_key = "/etc/pki/stomp/msg-client-fedora-prod.key" + + # Queue to subscribe to + queue = "/queue/Consumer.fedora.DO-NOT-COPY.VirtualTopic.eng.bugzilla.>" + + # Heartbeat to keep the connection open + heartbeat = 1000 + + # How many messages to prefetch + prefetch_size = 100 + + [consumer_config.bugzilla] + # Products to relay messages for - messages for bugs files against + # other products will be ignored + products = ["Fedora", "Fedora EPEL"] + # Whether to modify messages to look more like Bugzilla 4 ones did + bz4compat = true + + +[client_properties] +app = "bugzilla2fedmsg" + +[log_config] +version = 1 +disable_existing_loggers = true + +[log_config.formatters.simple] +format = "[%(name)s %(levelname)s] %(message)s" + +[log_config.handlers.console] +class = "logging.StreamHandler" +formatter = "simple" +stream = "ext://sys.stdout" + +[log_config.loggers.fedora_messaging] +level = "INFO" +propagate = false +handlers = ["console"] + +[log_config.loggers.bugzilla2fedmsg] +level = "INFO" +propagate = false +handlers = ["console"] + +[log_config.root] +level = "WARNING" +handlers = ["console"]