datanommer: porting to openshift

playbooks/openshift-apps/datanommer.yml

@@ -0,0 +1,68 @@
+- name: make the app be real
+  hosts: os_masters_stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - role: rabbit/user
+    username: "datanommer{{ env_suffix }}"
+
+  - role: openshift/project
+    app: datanommer
+    description: "Fedora messaging consumer"
+    appowners:
+    - abompard
+    - ryanlerch
+    - james02135
+    - lenkaseg
+    tags:
+      - apply-appowners
+    when: env == "production"
+
+  - role: openshift/project
+    app: datanommer
+    description: "Fedora messaging consumer"
+    appowners:
+    - abompard
+    - ryanlerch
+    - james02135
+    - lenkaseg
+    tags:
+      - apply-appowners
+    when: env == "staging"
+
+  - role: openshift/secret-file
+    app: datanommer
+    secret_name: fedora-messaging-ca
+    key: cacert.pem
+    privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+  - role: openshift/secret-file
+    app: datanommer
+    secret_name: fedora-messaging-crt
+    key: datanommer-cert.pem
+    privatefile: "rabbitmq/{{env}}/pki/issued/datanommer{{env_suffix}}.crt"
+  - role: openshift/secret-file
+    app: datanommer
+    secret_name: fedora-messaging-key
+    key: datanommer-key.pem
+    privatefile: "rabbitmq/{{env}}/pki/private/datanommer{{env_suffix}}.key"
+
+  - role: openshift/object
+    app: datanommer
+    template: buildconfig.yml
+    objectname: buildconfig.yml
+
+  - role: openshift/object
+    app: datanommer
+    template: configmap.yml
+    objectname: configmap.yml
+
+  - role: openshift/object
+    app: datanommer
+    template: deploymentconfig.yml
+    objectname: deploymentconfig.yml

roles/openshift-apps/datanommer/templates/buildconfig.yml

@@ -0,0 +1,38 @@
+apiVersion: build.openshift.io/v1
+kind: BuildConfig
+metadata:
+  name: datanommer
+  labels:
+    app: Datanommer
+    build: datanommer
+spec:
+  runPolicy: Serial
+  source:
+    type: Git
+    git:
+      uri: https://github.com/fedora-infra/datanommer.git
+{% if env == "staging" %}
+      ref: staging
+{% else %}
+      ref: stable
+{% endif %}
+    contextDir: /
+  strategy:
+    type: Source
+    sourceStrategy:
+      from:
+        kind: ImageStreamTag
+        name: python:3.8
+        namespace: openshift
+  output:
+    to:
+      kind: ImageStreamTag
+      name: datanommer:latest
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange
+{% if datanommer_stg_github_secret is defined and env == 'staging' %}
+  - type: GitHub
+    github:
+      secret: "{{ datanommer_stg_github_secret }}"
+{% endif %}

roles/openshift-apps/datanommer/templates/configmap.yml

@@ -0,0 +1,11 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fedora-messaging-config
+  labels:
+    app: datanommer
+data:
+  config.toml: |-
+    {{ load_file('fedora-messaging-config.toml') | indent(6) }}

roles/openshift-apps/datanommer/templates/deploymentconfig.yml

@@ -0,0 +1,71 @@
+apiVersion: apps.openshift.io/v1
+kind: DeploymentConfig
+metadata:
+  name: datanommer
+  labels:
+    app: Datanommer
+spec:
+  replicas: 1
+  selector:
+    app: Datanommer
+    deploymentconfig: datanommer
+  strategy:
+    type: Rolling
+    activeDeadlineSeconds: 21600
+    rollingParams:
+      intervalSeconds: 1
+      maxSurge: 25%
+      maxUnavailable: 25%
+      timeoutSeconds: 600
+      updatePeriodSeconds: 1
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: Datanommer
+        deploymentconfig: datanommer
+    spec:
+      containers:
+      - name: datanommer
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - name: fedora-messaging-config-volume
+          mountPath: "/etc/fedora-messaging"
+          readOnly: true
+        - name: fedora-messaging-ca-volume
+          mountPath: /etc/pki/fedora-messaging/cacert.pem
+          subPath: cacert.pem
+          readOnly: true
+        - name: fedora-messaging-crt-volume
+          mountPath: /etc/pki/fedora-messaging/datanommer-cert.pem
+          subPath: datanommer-cert.pem
+          readOnly: true
+        - name: fedora-messaging-key-volume
+          mountPath: /etc/pki/fedora-messaging/datanommer-key.pem
+          subPath: datanommer-key.pem
+          readOnly: true
+      volumes:
+      - name: fedora-messaging-config-volume
+        configMap:
+          name: fedora-messaging-config
+      - name: fedora-messaging-ca-volume
+        secret:
+          secretName: fedora-messaging-ca
+      - name: fedora-messaging-crt-volume
+        secret:
+          secretName: fedora-messaging-crt
+      - name: fedora-messaging-key-volume
+        secret:
+          secretName: fedora-messaging-key
+  triggers:
+  - imageChangeParams:
+      automatic: true
+      containerNames:
+      - datanommer
+      from:
+        kind: ImageStreamTag
+        name: datanommer:latest
+    type: ImageChange
+  - type: ConfigChange

roles/openshift-apps/datanommer/templates/fedora-messaging-config.toml

@@ -0,0 +1,40 @@
+amqp_url = "amqps://datanommer:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+# Just check if the queue exist, don't try to create it (the server does not allow it).
+passive_declares = true
+
+# The topic_prefix configuration value will add a prefix to the topics of every sent message.
+# This is used for migrating from fedmsg, and should not be used afterwards.
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+[tls]
+ca_cert = "/etc/pki/fedora-messaging/cacert.pem"
+keyfile = "/etc/pki/fedora-messaging/datanommer-key.pem"
+certfile = "/etc/pki/fedora-messaging/datanommer-cert.pem"
+
+[client_properties]
+app = "Datanommer"
+
+[consumer_config]
+datanomer_sqlalchemy_url = 'postgresql://{{ datanommerDBUser }}:{{ datanommerDBPassword }}@db-datanommer01{{ env_suffix }}.iad2.fedoraproject.org/datanommer2'
+
+[log_config]
+version = 1
+disable_existing_loggers = true
+[log_config.formatters.simple]
+format = "[%(levelname)s %(name)s] %(message)s"
+[log_config.handlers.console]
+class = "logging.StreamHandler"
+formatter = "simple"
+stream = "ext://sys.stdout"
+[log_config.loggers.fedora_messaging]
+level = "INFO"
+propagate = false
+handlers = ["console"]
+[log_config.root]
+level = "WARNING"
+handlers = ["console"]