From c3922a050847a06b557bf53f0f86a0ae0f0b31ae Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Mon, 20 May 2019 16:23:30 +0200 Subject: [PATCH] Revert "greenwave: make prod start using fedora-messaging" For now we're reverting the change, we seem to trigger some sort of traceback from fedora-messaging which we'll need to look into. This reverts commit 07baaf81b12e7ce5f18c87f033a3544ce25ecf84. --- playbooks/openshift-apps/greenwave.yml | 19 ++--- .../greenwave/templates/buildconfig.yml | 10 ++- .../greenwave/templates/configmap.yml | 11 +++ .../greenwave/templates/deploymentconfig.yml | 73 ++++++++++++++++++- .../greenwave/templates/settings.py | 3 +- 5 files changed, 96 insertions(+), 20 deletions(-) diff --git a/playbooks/openshift-apps/greenwave.yml b/playbooks/openshift-apps/greenwave.yml index 363bfaaee2..46e5d8a689 100644 --- a/playbooks/openshift-apps/greenwave.yml +++ b/playbooks/openshift-apps/greenwave.yml @@ -31,83 +31,74 @@ - pingou tags: - apply-appowners - - role: openshift/secret-file app: greenwave secret_name: greenwave-fedora-messaging-key key: greenwave.key privatefile: "rabbitmq/{{env}}/pki/private/greenwave{{env_suffix}}.key" - + when: env == "staging" - role: openshift/secret-file app: greenwave secret_name: greenwave-fedora-messaging-crt key: greenwave.crt privatefile: "rabbitmq/{{env}}/pki/issued/greenwave{{env_suffix}}.crt" - + when: env == "staging" - role: openshift/secret-file app: greenwave secret_name: greenwave-fedora-messaging-ca key: greenwave.ca privatefile: "rabbitmq/{{env}}/pki/ca.crt" - + when: env == "staging" - role: openshift/secret-file app: greenwave secret_name: greenwave-fedmsg-key key: fedmsg-greenwave.key privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.fedoraproject.org.key - + when: env != "staging" - role: openshift/secret-file app: greenwave secret_name: greenwave-fedmsg-crt key: fedmsg-greenwave.crt privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.fedoraproject.org.crt - + when: env != "staging" - role: openshift/object app: greenwave template: imagestream.yml objectname: imagestream.yml - - role: openshift/object app: greenwave template: buildconfig.yml objectname: buildconfig.yml tags: - apply-buildconfig - - role: openshift/object app: greenwave template: configmap.yml objectname: configmap.yml - - role: openshift/object app: greenwave file: service.yml objectname: service.yml - - role: openshift/route app: greenwave routename: web-pretty host: "greenwave{{ env_suffix }}.fedoraproject.org" serviceport: web servicename: greenwave-web - # TODO -- someday retire this old route in favor of the pretty one above. - role: openshift/object app: greenwave file: route.yml objectname: route.yml - - role: openshift/object app: greenwave template: deploymentconfig.yml objectname: deploymentconfig.yml tags: - apply-deploymentconfig - - role: openshift/rollout app: greenwave dcname: greenwave-web - - role: openshift/rollout app: greenwave dcname: greenwave-fedmsg-consumers diff --git a/roles/openshift-apps/greenwave/templates/buildconfig.yml b/roles/openshift-apps/greenwave/templates/buildconfig.yml index 8d3df929d5..7d50985a65 100644 --- a/roles/openshift-apps/greenwave/templates/buildconfig.yml +++ b/roles/openshift-apps/greenwave/templates/buildconfig.yml @@ -8,6 +8,13 @@ spec: runPolicy: Serial source: dockerfile: |- +{% if env == 'staging' %} + # See imagestream.yml for the definition + FROM greenwave-upstream:latest + USER 0 + RUN dnf -y install fedora-messaging && dnf clean all + USER 1001 +{% else %} # See imagestream.yml for the definition FROM greenwave-upstream:latest @@ -17,8 +24,6 @@ spec: # Become root during build to chmod USER 0 - RUN dnf -y install fedora-messaging && dnf clean all - # create a symlink for configuring the fedmsg consumers. RUN ln -sfn /etc/fedmsg-greenwave.d/greenwave.py /etc/fedmsg.d/zz_greenwave.py @@ -32,6 +37,7 @@ spec: # Become non-root again USER 1001 +{% endif %} strategy: type: Docker dockerStrategy: diff --git a/roles/openshift-apps/greenwave/templates/configmap.yml b/roles/openshift-apps/greenwave/templates/configmap.yml index f8b678ee28..a062973894 100644 --- a/roles/openshift-apps/greenwave/templates/configmap.yml +++ b/roles/openshift-apps/greenwave/templates/configmap.yml @@ -12,6 +12,16 @@ data: fedora.yaml: |- {{ load_file('fedora.yaml') | indent }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: greenwave-fedmsg-configmap +data: + greenwave.py: |- + {{ load_file('greenwave.py') | indent }} + +{% if env == 'staging' %} --- apiVersion: v1 kind: ConfigMap @@ -22,3 +32,4 @@ metadata: data: config.toml: |- {{ load_file('config.toml') | indent }} +{% endif %} diff --git a/roles/openshift-apps/greenwave/templates/deploymentconfig.yml b/roles/openshift-apps/greenwave/templates/deploymentconfig.yml index ba8656fb46..d8ffb11311 100644 --- a/roles/openshift-apps/greenwave/templates/deploymentconfig.yml +++ b/roles/openshift-apps/greenwave/templates/deploymentconfig.yml @@ -55,7 +55,7 @@ spec: kind: ImageStreamTag name: greenwave:latest - type: ConfigChange - +{% if env == 'staging' %} --- # For fedmsg consumers apiVersion: v1 @@ -129,7 +129,76 @@ spec: kind: ImageStreamTag name: greenwave:latest - type: ConfigChange - +{% else %} +--- +# For fedmsg consumers +apiVersion: v1 +kind: DeploymentConfig +metadata: + name: greenwave-fedmsg-consumers + labels: + app: greenwave + service: fedmsg-consumers +spec: + replicas: 1 + selector: + service: fedmsg-consumers + template: + metadata: + labels: + app: greenwave + service: fedmsg-consumers + spec: + containers: + - name: fedmsg-consumers + image: registry/greenwave:latest + ports: + - containerPort: 8081 + command: + - '/usr/bin/fedmsg-hub-3' + volumeMounts: + - name: config-volume + mountPath: /etc/greenwave + readOnly: true + - name: fedmsg-config-volume + mountPath: /etc/fedmsg-greenwave.d + readOnly: true + - name: fedmsg-key-volume + mountPath: /etc/pki/fedmsg/key + readOnly: true + - name: fedmsg-crt-volume + mountPath: /etc/pki/fedmsg/crt + readOnly: true + resources: + limits: + memory: 384Mi + volumes: + # Give the fedmsg-consumer container access to the general config + - name: config-volume + configMap: + name: greenwave-configmap + # But *also* access to the fedmsg-specific config + - name: fedmsg-config-volume + configMap: + name: greenwave-fedmsg-configmap + # And... this secret volume gets set up in the playbook + - name: fedmsg-key-volume + secret: + secretName: greenwave-fedmsg-key + - name: fedmsg-crt-volume + secret: + secretName: greenwave-fedmsg-crt + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - fedmsg-consumers + from: + kind: ImageStreamTag + name: greenwave:latest + - type: ConfigChange +{% endif %} --- # For memcached apiVersion: v1 diff --git a/roles/openshift-apps/greenwave/templates/settings.py b/roles/openshift-apps/greenwave/templates/settings.py index 40f192d42f..4741ef4c68 100644 --- a/roles/openshift-apps/greenwave/templates/settings.py +++ b/roles/openshift-apps/greenwave/templates/settings.py @@ -3,8 +3,6 @@ PORT = 8080 DEBUG = False POLICIES_DIR = '/etc/greenwave/' -MESSAGING = "fedora-messaging" - {% if env == 'staging' %} DIST_GIT_BASE_URL = 'https://src.stg.fedoraproject.org' DIST_GIT_URL_TEMPLATE = '{DIST_GIT_BASE_URL}/{pkg_namespace}/{pkg_name}/raw/{rev}/f/gating.yaml' @@ -16,6 +14,7 @@ WAIVERDB_API_URL = 'https://waiverdb-web-waiverdb.app.os.stg.fedoraproject.org/a RESULTSDB_API_URL = 'https://taskotron.stg.fedoraproject.org/resultsdb_api/api/v2.0' GREENWAVE_API_URL = 'https://greenwave.stg.fedoraproject.org/api/v1.0' CORS_URL = '*' +MESSAGING = "fedora-messaging" {% else %} DIST_GIT_BASE_URL = 'https://src.fedoraproject.org' DIST_GIT_URL_TEMPLATE = '{DIST_GIT_BASE_URL}/{pkg_namespace}/{pkg_name}/raw/{rev}/f/gating.yaml'