From eb7a00202725d6eb0e01c420dfb1d7835f97a27c Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Tue, 25 Jul 2017 17:52:06 +0000 Subject: [PATCH] First attempt at ansiblization of openshift/modernpaste Signed-off-by: Ricky Elrod --- playbooks/openshift-apps/modernpaste.yml | 18 +++++++ .../modernpaste/files/buildconfig.yml | 34 +++++++++++++ .../modernpaste/files/configmap.yml | 50 +++++++++++++++++++ .../modernpaste/files/deploymentconfig.yml | 50 +++++++++++++++++++ .../modernpaste/files/imagestream.yml | 6 +++ .../modernpaste/files/route.yml | 15 ++++++ .../modernpaste/files/service.yml | 14 ++++++ .../modernpaste/templates/secret.yml | 11 ++++ roles/openshift/object/tasks/main.yml | 18 +++++++ 9 files changed, 216 insertions(+) create mode 100644 playbooks/openshift-apps/modernpaste.yml create mode 100644 roles/openshift-apps/modernpaste/files/buildconfig.yml create mode 100644 roles/openshift-apps/modernpaste/files/configmap.yml create mode 100644 roles/openshift-apps/modernpaste/files/deploymentconfig.yml create mode 100644 roles/openshift-apps/modernpaste/files/imagestream.yml create mode 100644 roles/openshift-apps/modernpaste/files/route.yml create mode 100644 roles/openshift-apps/modernpaste/files/service.yml create mode 100644 roles/openshift-apps/modernpaste/templates/secret.yml create mode 100644 roles/openshift/object/tasks/main.yml diff --git a/playbooks/openshift-apps/modernpaste.yml b/playbooks/openshift-apps/modernpaste.yml new file mode 100644 index 0000000000..7ef4a5d9b0 --- /dev/null +++ b/playbooks/openshift-apps/modernpaste.yml @@ -0,0 +1,18 @@ +- name: make the app be real + hosts: os-masters-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: openshift/object, app: modernpaste, file: imagestream.yml } + - { role: openshift/object, app: modernpaste, template: secret.yml } + - { role: openshift/object, app: modernpaste, file: buildconfig.yml } + - { role: openshift/object, app: modernpaste, file: configmap.yml } + - { role: openshift/object, app: modernpaste, file: service.yml } + - { role: openshift/object, app: modernpaste, file: route.yml } + - { role: openshift/object, app: modernpaste, file: deploymentconfig.yml } diff --git a/roles/openshift-apps/modernpaste/files/buildconfig.yml b/roles/openshift-apps/modernpaste/files/buildconfig.yml new file mode 100644 index 0000000000..198d81c8d2 --- /dev/null +++ b/roles/openshift-apps/modernpaste/files/buildconfig.yml @@ -0,0 +1,34 @@ +- apiVersion: v1 + kind: BuildConfig + metadata: + name: "modernpaste-docker-build" + labels: + environment: "modernpaste" + spec: + runPolicy: Serial + source: + dockerfile: |- + FROM fedora:25 + LABEL \ + name="Modern Paste" \ + vendor="Fedora Infrastructure" \ + license="MIT" + RUN curl -o /etc/yum.repos.d/infra-stg.repo \ + https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags.repo + RUN yum -y install modern-paste + RUN yum -y install --setopt=tsflags=nodocs \ + python-gunicorn \ + python2-mock \ + python-psycopg2 + WORKDIR /usr/share/modern-paste + RUN sed -i '216,219d;228,229d' app/api/paste.py + RUN mv modern_paste.wsgi modern_paste_wsgi.py + USER 1001 + EXPOSE 8080 + ENTRYPOINT gunicorn --bind 0.0.0.0:8080 --access-logfile=- --chdir /usr/share/modern-paste modern_paste_wsgi:application + strategy: + type: Docker + output: + to: + kind: ImageStreamTag + name: inframodernpaste:latest diff --git a/roles/openshift-apps/modernpaste/files/configmap.yml b/roles/openshift-apps/modernpaste/files/configmap.yml new file mode 100644 index 0000000000..61612167c2 --- /dev/null +++ b/roles/openshift-apps/modernpaste/files/configmap.yml @@ -0,0 +1,50 @@ +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "modernpaste-configmap" + labels: + environment: "modernpaste" + data: + flask_config.py: |- + import config + import constants + import os + + SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URI') + SQLALCHEMY_TRACK_MODIFICATIONS = False + SECRET_KEY = config.FLASK_SECRET_KEY + config.py: |- + import constants + import os + + # Domain from which you will access this app + # If running on a port other than 80, append it after a colon at the end of the domain, e.g. 'domain.com:8080' + DOMAIN = "modernpaste-web-modernpaste.app.os.stg.fedoraproject.org" + + # Use HTTPS by default? + # This is only used for deciding whether to use the http:// or https:// prefix when constructing full URLs, + # and is not related to your web server configuration. + DEFAULT_HTTPS = True + + # The type of build environment + # build_environment.DEV won't minify CSS and Closure-compile JavaScript; build_environment.PROD will. + # Dev and prod environments also use separate databases, modern_paste_dev and modern_paste, respectively. + BUILD_ENVIRONMENT = constants.build_environment.PROD + + # Option to use encrypted IDs rather than integer IDs + # Set this to True if you want paste IDs to be encrypted, e.g. displayed as h0GZ19np17iT~CtpuIH3NcnRi-rYnlYzizqToCmG3BY= + # If False, IDs will be displayed as regular, incrementing integers, e.g. 1, 2, 3, etc. + USE_ENCRYPTED_IDS = True + + # Choose to allow paste attachments + # This will allow for users to attach files and images to pastes. If disabled, the MAX_ATTACHMENT_SIZE and + # ATTACHMENTS_DIR configuration constants will be ignored. + ENABLE_PASTE_ATTACHMENTS = False + + # Allow only paste attachments below a certain size threshold, in MB + # Set this to 0 for an unlimited file size. + MAX_ATTACHMENT_SIZE = 5 + + # Location to store paste attachments + # Please use an absolute path and ensure that it is writable by www-data. + ATTACHMENTS_DIR = '/var/www/modern-paste-attachments' diff --git a/roles/openshift-apps/modernpaste/files/deploymentconfig.yml b/roles/openshift-apps/modernpaste/files/deploymentconfig.yml new file mode 100644 index 0000000000..312f265b1b --- /dev/null +++ b/roles/openshift-apps/modernpaste/files/deploymentconfig.yml @@ -0,0 +1,50 @@ +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "modernpaste-web" + labels: + environment: "modernpaste" + service: web + spec: + replicas: 1 + selector: + environment: "modernpaste" + service: web + template: + metadata: + labels: + environment: "modernpaste" + service: web + spec: + containers: + - name: web + image: 172.30.53.136:5000/modernpaste/inframodernpaste:latest + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/modern-paste + readOnly: true + - name: secret-volume + mountPath: /etc/secret + readOnly: true + env: + - name: ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: "modernpaste-secret" + key: encryption-key + - name: SESSION_KEY + valueFrom: + secretKeyRef: + name: "modernpaste-secret" + key: session-key + - name: DATABASE_URI + valueFrom: + secretKeyRef: + name: "modernpaste-secret" + key: database-uri + #- name: DOMAIN + # value: ${DOMAIN} + readinessProbe: + timeoutSeconds: 1 diff --git a/roles/openshift-apps/modernpaste/files/imagestream.yml b/roles/openshift-apps/modernpaste/files/imagestream.yml new file mode 100644 index 0000000000..bff17900a7 --- /dev/null +++ b/roles/openshift-apps/modernpaste/files/imagestream.yml @@ -0,0 +1,6 @@ +- apiVersion: v1 + kind: ImageStream + metadata: + labels: + environment: "modernpaste" + name: "inframodernpaste" diff --git a/roles/openshift-apps/modernpaste/files/route.yml b/roles/openshift-apps/modernpaste/files/route.yml new file mode 100644 index 0000000000..045d9a63e7 --- /dev/null +++ b/roles/openshift-apps/modernpaste/files/route.yml @@ -0,0 +1,15 @@ +- apiVersion: v1 + kind: Route + metadata: + name: "modernpaste-web" + labels: + environment: "modernpaste" + spec: + port: + targetPort: web + to: + kind: Service + name: "modernpaste-web" + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect diff --git a/roles/openshift-apps/modernpaste/files/service.yml b/roles/openshift-apps/modernpaste/files/service.yml new file mode 100644 index 0000000000..d1eaf9136a --- /dev/null +++ b/roles/openshift-apps/modernpaste/files/service.yml @@ -0,0 +1,14 @@ +- apiVersion: v1 + kind: Service + metadata: + name: "modernpaste-web" + labels: + environment: "modernpaste" + spec: + selector: + environment: "modernpaste" + service: web + ports: + - name: web + port: 8080 + targetPort: 8080 diff --git a/roles/openshift-apps/modernpaste/templates/secret.yml b/roles/openshift-apps/modernpaste/templates/secret.yml new file mode 100644 index 0000000000..0153460875 --- /dev/null +++ b/roles/openshift-apps/modernpaste/templates/secret.yml @@ -0,0 +1,11 @@ +- apiVersion: v1 + kind: Secret + metadata: + name: "modernpaste-secret" + labels: + environment: "modernpaste" + stringData: + encryption-key: "{{modernpaste_stg_encryption_key}}" + session-key: "{{modernpaste_stg_session_key}}" + database-uri: "postgres://{{modernpaste_stg_db_user}}:{{modernpaste_stg_db_password}}@db01/modernpaste" +- diff --git a/roles/openshift/object/tasks/main.yml b/roles/openshift/object/tasks/main.yml new file mode 100644 index 0000000000..5d9bbe6a58 --- /dev/null +++ b/roles/openshift/object/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Create temporary file + tempfile: state=file + register: tmpfile + run_once: true + +- name: Copy template to temporary file ({{tmpfile.path}}) + template: src={{ansible}}/roles/openshift-apps/{{app}}/templates/{{template}} dest={{tmpfile.path}}.yml + when: template is defined + run_once: true + +- name: Copy file to temporary file ({{tmpfile.path}}) + copy: src={{ansible}}/roles/openshift-apps/{{app}}/files/{{file}} dest={{tmpfile.path}}.yml + when: file is defined + run_once: true + +- name: Call `oc apply` on the copied file + shell: oc -n {{app}} apply -f {{tmpfile.path}}.yml + run_once: true