update bodhi to openshift4 and use openid connect

Signed-off-by: Mark O Brien <markobri@redhat.com>
2022-06-09 10:42:03 +01:00 · 2022-06-09 10:42:03 +01:00 · fcd8d0c144
commit fcd8d0c144
parent 353979f9ff
5 changed files with 5 additions and 18 deletions
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@ -341,10 +341,10 @@
  - role: httpd/reverseproxy
    website: bodhi.fedoraproject.org
    destname: bodhi
-    balancer_name: app-os
+    balancer_name: apps-ocp
    targettype: openshift
-    balancer_members: "{{ (env == 'staging')|ternary(openshift_nodes_stg, openshift_nodes) }}"
+    balancer_members: "{{ocp_nodes}}"
-    ocp4: false
+    ocp4: true
    keephost: true
    tags: bodhi
    when: env != "staging"
@ -603,7 +603,7 @@
    balancer_name: resultsdb
    balancer_members: ['resultsdb01.vpn.fedoraproject.org:80']
    http_not_https_yes_this_is_insecure_and_i_feel_bad: true
-  
+
  - role: httpd/reverseproxy
    website: taskotron.fedoraproject.org
    destname: taskotron-resultsdbapi
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@ -1,5 +1,5 @@
 - name: make the app be real
-  hosts: os_masters[0]:os_control_stg[0]
+  hosts: os_control[0]:os_control_stg[0]
  user: root
  gather_facts: False
@ -92,7 +92,6 @@
    app: bodhi
    template: imagestreams-tagged.yml
    objectname: imagestreams.yml
    when: env == "staging"
  - role: openshift/imagestream
    app: bodhi
    imagename: bodhi-base
--- a/roles/bodhi2/base/templates/httpd.conf.j2
+++ b/roles/bodhi2/base/templates/httpd.conf.j2
@ -56,11 +56,7 @@ TypesConfig /etc/mime.types
 AddDefaultCharset UTF-8
 CoreDumpDirectory /tmp
 Alias /docs /usr/share/doc/bodhi-docs/html/
 {% if env == "staging" %}
 Alias /static/v{{ bodhi_version.split('-')[0] }} /srv/bodhi/bodhi/server/static/
 {% else %}
 Alias /static/v{{ bodhi_version.split('-')[0] }} /usr/lib/python3.8/site-packages/bodhi/server/static/
 {% endif %}
 WSGIDaemonProcess bodhi display-name=bodhi processes=4 threads=1 maximum-requests=500 home=/httpdir request-timeout=90
 WSGIApplicationGroup %{GLOBAL}
 WSGISocketPrefix run/wsgi
@ -68,6 +64,4 @@ WSGIRestrictStdout Off
 WSGIRestrictSignal Off
 WSGIPythonOptimize 1
 WSGIScriptAlias / /usr/share/bodhi/bodhi.wsgi
 {% if env == "staging" %}
 WSGIPassAuthorization On
 {% endif %}
--- a/roles/bodhi2/base/templates/production.ini.j2
+++ b/roles/bodhi2/base/templates/production.ini.j2
@ -662,12 +662,10 @@ openid.url = https://id{{env_suffix}}.fedoraproject.org/
 openid_template = {username}.id{{env_suffix}}.fedoraproject.org
 openid.sreg_required = email nickname
 {% if env == 'staging' %}
 # OIDC (OpenID Connect)
 oidc.fedora.client_id = bodhi
 oidc.fedora.client_secret = {{ (env == 'staging')|ternary(bodhi2_oidc_client_secret_staging, bodhi2_oidc_client_secret) }}
 oidc.fedora.server_metadata_url = http://id{{ env_suffix }}.fedoraproject.org/openidc/.well-known/openid-configuration
 {% endif %}
 # CORS allowed origins for cornice services
--- a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
@ -36,9 +36,7 @@ items:
        labels:
          app: bodhi-web
          deploymentconfig: bodhi-web
 {% if env == "staging" %}      
          monitoring-key: cpe
 {% endif %}
      spec:
        containers:
        - name: bodhi-web
@ -47,9 +45,7 @@ items:
          args: ["--paste", "/etc/bodhi/production.ini", "-b", "0.0.0.0:8080", "-w", "4", "--log-level", "DEBUG", "-k", "gthread", "--threads", "2", "--preload", "--log-file=-"]
          ports:
          - containerPort: 8080
 {% if env == "staging" %}      
            name: web
 {% endif %}
          resources: {}
          volumeMounts:
          - name: config-volume