First attempt at ansiblization of openshift/modernpaste

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>

playbooks/openshift-apps/modernpaste.yml

@@ -0,0 +1,18 @@
+- name: make the app be real
+  hosts: os-masters-stg
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - { role: openshift/object, app: modernpaste, file: imagestream.yml }
+  - { role: openshift/object, app: modernpaste, template: secret.yml }
+  - { role: openshift/object, app: modernpaste, file: buildconfig.yml }
+  - { role: openshift/object, app: modernpaste, file: configmap.yml }
+  - { role: openshift/object, app: modernpaste, file: service.yml }
+  - { role: openshift/object, app: modernpaste, file: route.yml }
+  - { role: openshift/object, app: modernpaste, file: deploymentconfig.yml }

roles/openshift-apps/modernpaste/files/buildconfig.yml

@@ -0,0 +1,34 @@
+- apiVersion: v1
+  kind: BuildConfig
+  metadata:
+    name: "modernpaste-docker-build"
+    labels:
+      environment: "modernpaste"
+  spec:
+    runPolicy: Serial
+    source:
+      dockerfile: |-
+        FROM fedora:25
+        LABEL \
+            name="Modern Paste" \
+            vendor="Fedora Infrastructure" \
+            license="MIT"
+        RUN curl -o /etc/yum.repos.d/infra-stg.repo \
+            https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags.repo
+        RUN yum -y install modern-paste
+        RUN yum -y install --setopt=tsflags=nodocs \
+            python-gunicorn \
+            python2-mock \
+            python-psycopg2
+        WORKDIR /usr/share/modern-paste
+        RUN sed -i '216,219d;228,229d' app/api/paste.py
+        RUN mv modern_paste.wsgi modern_paste_wsgi.py
+        USER 1001
+        EXPOSE 8080
+        ENTRYPOINT gunicorn --bind 0.0.0.0:8080 --access-logfile=- --chdir /usr/share/modern-paste modern_paste_wsgi:application
+    strategy:
+      type: Docker
+    output:
+      to:
+        kind: ImageStreamTag
+        name: inframodernpaste:latest

roles/openshift-apps/modernpaste/files/configmap.yml

@@ -0,0 +1,50 @@
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: "modernpaste-configmap"
+    labels:
+      environment: "modernpaste"
+  data:
+    flask_config.py: |-
+      import config
+      import constants
+      import os
+      
+      SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URI')
+      SQLALCHEMY_TRACK_MODIFICATIONS = False
+      SECRET_KEY = config.FLASK_SECRET_KEY
+    config.py: |-
+      import constants
+      import os
+      
+      # Domain from which you will access this app
+      # If running on a port other than 80, append it after a colon at the end of the domain, e.g. 'domain.com:8080'
+      DOMAIN = "modernpaste-web-modernpaste.app.os.stg.fedoraproject.org"
+      
+      # Use HTTPS by default?
+      # This is only used for deciding whether to use the http:// or https:// prefix when constructing full URLs,
+      # and is not related to your web server configuration.
+      DEFAULT_HTTPS = True
+      
+      # The type of build environment
+      # build_environment.DEV won't minify CSS and Closure-compile JavaScript; build_environment.PROD will.
+      # Dev and prod environments also use separate databases, modern_paste_dev and modern_paste, respectively.
+      BUILD_ENVIRONMENT = constants.build_environment.PROD
+      
+      # Option to use encrypted IDs rather than integer IDs
+      # Set this to True if you want paste IDs to be encrypted, e.g. displayed as h0GZ19np17iT~CtpuIH3NcnRi-rYnlYzizqToCmG3BY=
+      # If False, IDs will be displayed as regular, incrementing integers, e.g. 1, 2, 3, etc.
+      USE_ENCRYPTED_IDS = True
+      
+      # Choose to allow paste attachments
+      # This will allow for users to attach files and images to pastes. If disabled, the MAX_ATTACHMENT_SIZE and
+      # ATTACHMENTS_DIR configuration constants will be ignored.
+      ENABLE_PASTE_ATTACHMENTS = False
+      
+      # Allow only paste attachments below a certain size threshold, in MB
+      # Set this to 0 for an unlimited file size.
+      MAX_ATTACHMENT_SIZE = 5
+      
+      # Location to store paste attachments
+      # Please use an absolute path and ensure that it is writable by www-data.
+      ATTACHMENTS_DIR = '/var/www/modern-paste-attachments'

roles/openshift-apps/modernpaste/files/deploymentconfig.yml

@@ -0,0 +1,50 @@
+- apiVersion: v1
+  kind: DeploymentConfig
+  metadata:
+    name: "modernpaste-web"
+    labels:
+      environment: "modernpaste"
+      service: web
+  spec:
+    replicas: 1
+    selector:
+      environment: "modernpaste"
+      service: web
+    template:
+      metadata:
+        labels:
+          environment: "modernpaste"
+          service: web
+      spec:
+        containers:
+        - name: web
+          image: 172.30.53.136:5000/modernpaste/inframodernpaste:latest
+          ports:
+          - containerPort: 8080
+          volumeMounts:
+          - name: config-volume
+            mountPath: /etc/modern-paste
+            readOnly: true
+          - name: secret-volume
+            mountPath: /etc/secret
+            readOnly: true
+          env:
+          - name: ENCRYPTION_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "modernpaste-secret"
+                key: encryption-key
+          - name: SESSION_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "modernpaste-secret"
+                key: session-key
+          - name: DATABASE_URI
+            valueFrom:
+              secretKeyRef:
+                name: "modernpaste-secret"
+                key: database-uri
+          #- name: DOMAIN
+          #  value: ${DOMAIN}
+          readinessProbe:
+            timeoutSeconds: 1

roles/openshift-apps/modernpaste/files/imagestream.yml

@@ -0,0 +1,6 @@
+- apiVersion: v1
+  kind: ImageStream
+  metadata:
+    labels:
+      environment: "modernpaste"
+    name: "inframodernpaste"

roles/openshift-apps/modernpaste/files/route.yml

@@ -0,0 +1,15 @@
+- apiVersion: v1
+  kind: Route
+  metadata:
+    name: "modernpaste-web"
+    labels:
+      environment: "modernpaste"
+  spec:
+    port:
+      targetPort: web
+    to:
+      kind: Service
+      name: "modernpaste-web"
+    tls:
+      termination: edge
+      insecureEdgeTerminationPolicy: Redirect

roles/openshift-apps/modernpaste/files/service.yml

@@ -0,0 +1,14 @@
+- apiVersion: v1
+  kind: Service
+  metadata:
+    name: "modernpaste-web"
+    labels:
+      environment: "modernpaste"
+  spec:
+    selector:
+      environment: "modernpaste"
+      service: web
+    ports:
+    - name: web
+      port: 8080
+      targetPort: 8080

roles/openshift-apps/modernpaste/templates/secret.yml

@@ -0,0 +1,11 @@
+- apiVersion: v1
+  kind: Secret
+  metadata:
+    name: "modernpaste-secret"
+    labels:
+      environment: "modernpaste"
+  stringData:
+    encryption-key: "{{modernpaste_stg_encryption_key}}"
+    session-key: "{{modernpaste_stg_session_key}}"
+    database-uri: "postgres://{{modernpaste_stg_db_user}}:{{modernpaste_stg_db_password}}@db01/modernpaste"
+-

roles/openshift/object/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: Create temporary file
+  tempfile: state=file
+  register: tmpfile
+  run_once: true
+
+- name: Copy template to temporary file ({{tmpfile.path}})
+  template: src={{ansible}}/roles/openshift-apps/{{app}}/templates/{{template}} dest={{tmpfile.path}}.yml
+  when: template is defined
+  run_once: true
+
+- name: Copy file to temporary file ({{tmpfile.path}})
+  copy: src={{ansible}}/roles/openshift-apps/{{app}}/files/{{file}} dest={{tmpfile.path}}.yml
+  when: file is defined
+  run_once: true
+
+- name: Call `oc apply` on the copied file
+  shell: oc -n {{app}} apply -f {{tmpfile.path}}.yml
+  run_once: true