From fea60aab95bd45960dbf4a0514c5df28a86090eb Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Fri, 20 Jan 2023 13:08:51 -0800
Subject: [PATCH] Bodhi: try and do critical path data generation in openshift

The previous attempt to have staging Bodhi use grouped JSON
critical path data didn't work because we did it in the backend
(i.e. the composer), not the openshift pods where the web UI
and the consumers run.

We need at least the web UI and consumer pods to have the
critpath data, as both those pods may create updates (Bodhi
decides if the update is critical path at creation time). This
attempts to handle that by having a daily openshift cron job
that runs a simple container with the necessary packages in it,
checks out the script, and runs it. It's run on a persistent
storage volume which is also mounted by all the Bodhi pods in
the place where Bodhi will look for the data.

The cron job frequency is temporarily set to once an hour; this
is so it will run soon after initial deployment. Once it has
run once we can cut it back to once a day.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 playbooks/openshift-apps/bodhi.yml            | 16 +++++++
 roles/openshift-apps/bodhi/files/pvc.yml      | 11 +++++
 .../bodhi/templates/buildconfig.yml           | 24 +++++++++++
 .../bodhi/templates/critpathcron.yml          | 42 +++++++++++++++++++
 .../bodhi/templates/deploymentconfig.yml      | 24 +++++++++++
 .../bodhi/templates/dockerfile-critpathcron   | 16 +++++++
 6 files changed, 133 insertions(+)
 create mode 100644 roles/openshift-apps/bodhi/files/pvc.yml
 create mode 100644 roles/openshift-apps/bodhi/templates/critpathcron.yml
 create mode 100644 roles/openshift-apps/bodhi/templates/dockerfile-critpathcron

diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml
index b1b6452d2c..dc2baa343b 100644
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@@ -67,6 +67,10 @@
     tags:
       - apply-appowners
     when: env == "staging"
+  - role: openshift/object
+    app: bodhi
+    file: pvc.yml
+    objectname: pvc.yml
   - role: openshift/keytab
     app: bodhi
     key: koji-keytab
@@ -132,6 +136,13 @@
     app: bodhi
     template: deploymentconfig.yml
     objectname: deploymentconfig.yml
+  - role: openshift/object
+    app: bodhi
+    template: critpathcron.yml
+    objectname: critpathcron.yml
+  - role: openshift/imagestream
+    app: bodhi
+    imagename: bodhi-critpathcron
   - role: openshift/rollout
     app: bodhi
     dcname: bodhi-web
@@ -165,3 +176,8 @@
     command: "oc -n bodhi annotate route bodhi-web --overwrite haproxy.router.openshift.io/timeout=180s"
     tags:
     - route-timeout
+  - name: trigger critpath cronjob
+    command: "oc -n bodhi create job critpathcron-manual-{{ lookup('pipe','date +%s') }} --from=cronjob/fedora-bodhi-critpathcron"
+    tags:
+    - never
+    - critpathcron
diff --git a/roles/openshift-apps/bodhi/files/pvc.yml b/roles/openshift-apps/bodhi/files/pvc.yml
new file mode 100644
index 0000000000..9768d26b8c
--- /dev/null
+++ b/roles/openshift-apps/bodhi/files/pvc.yml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bodhi-critpath-storage
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Mi
+  storageClassName: ocs-storagecluster-cephfs
diff --git a/roles/openshift-apps/bodhi/templates/buildconfig.yml b/roles/openshift-apps/bodhi/templates/buildconfig.yml
index 558d02c023..61c2f0a6d0 100644
--- a/roles/openshift-apps/bodhi/templates/buildconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/buildconfig.yml
@@ -25,5 +25,29 @@ items:
       to:
         kind: ImageStreamTag
         name: bodhi-base:latest
+- apiVersion: v1
+  kind: BuildConfig
+  metadata:
+    labels:
+      build: bodhi-critpathcron
+    name: bodhi-critpathcron
+  spec:
+    runPolicy: Serial
+    source:
+      dockerfile: |-
+        {{ load_file('dockerfile-critpathcron') | indent(8) }}
+      type: Dockerfile
+    strategy:
+      type: Docker
+      dockerStrategy:
+{% if env == "staging" %}
+        noCache: True
+{% else %}
+        noCache: False
+{% endif %}
+    output:
+      to:
+        kind: ImageStreamTag
+        name: bodhi-critpathcron:latest
 kind: List
 metadata: {}
diff --git a/roles/openshift-apps/bodhi/templates/critpathcron.yml b/roles/openshift-apps/bodhi/templates/critpathcron.yml
new file mode 100644
index 0000000000..a83fd81def
--- /dev/null
+++ b/roles/openshift-apps/bodhi/templates/critpathcron.yml
@@ -0,0 +1,42 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: fedora-bodhi-critpathcron
+spec:
+  concurrencyPolicy: Forbid
+  schedule: "10 3 * * *"
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  activeDeadlineSeconds: 900
+  startingDeadlineSeconds: 300
+  jobTemplate:
+    spec:
+      backoffLimit: 0
+      template:
+        metadata:
+          labels:
+            parent: "cronjobbuild"
+        spec:
+          containers:
+          - name: critpath
+            image: image-registry.openshift-image-registry.svc:5000/bodhi/bodhi-critpathcron:latest
+            command: ["/bin/bash", "-c"]
+            args:
+            - |
+              cd /tmp
+              git clone --depth 1 --single-branch https://pagure.io/releng.git
+              cd /bodhi-critpath
+              /tmp/releng/scripts/critpath.py all
+            env:
+            - name: BUILD_ENV
+              value: "{{ env_short }}"
+            volumeMounts:
+            - name: bodhi-critpath
+              mountPath: /bodhi-critpath
+              readOnly: false
+          restartPolicy: Never
+          startingDeadlineSeconds: 600
+          volumes:
+          - name: bodhi-critpath
+            persistentVolumeClaim:
+              claimName: bodhi-critpath-storage
diff --git a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
index cf60e2be63..d164aae430 100644
--- a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
@@ -53,6 +53,9 @@ items:
           - name: config-volume
             mountPath: /etc/bodhi
             readOnly: true
+          - name: bodhi-critpath-storage
+            mountPath: /etc/bodhi/critpath
+            readOnly: true
           - name: keytab-volume
             mountPath: /etc/keytabs
             readOnly: true
@@ -91,6 +94,9 @@ items:
         - name: config-volume
           configMap:
             name: bodhi-configmap
+        - name: bodhi-critpath-storage
+          persistentVolumeClaim:
+            claimName: "bodhi-critpath-storage"
         - name: keytab-volume
           secret:
             secretName: bodhi-keytab
@@ -164,6 +170,9 @@ items:
           - name: config-volume
             mountPath: /etc/bodhi
             readOnly: true
+          - name: bodhi-critpath-storage
+            mountPath: /etc/bodhi/critpath
+            readOnly: true
           - name: keytab-volume
             mountPath: /etc/keytabs
             readOnly: true
@@ -186,6 +195,9 @@ items:
         - name: config-volume
           configMap:
             name: bodhi-configmap
+        - name: bodhi-critpath-storage
+          persistentVolumeClaim:
+            claimName: "bodhi-critpath-storage"
         - name: keytab-volume
           secret:
             secretName: bodhi-keytab
@@ -257,6 +269,9 @@ items:
           - name: config-volume
             mountPath: /etc/bodhi
             readOnly: true
+          - name: bodhi-critpath-storage
+            mountPath: /etc/bodhi/critpath
+            readOnly: true
           - name: keytab-volume
             mountPath: /etc/keytabs
             readOnly: true
@@ -279,6 +294,9 @@ items:
         - name: config-volume
           configMap:
             name: bodhi-configmap
+        - name: bodhi-critpath-storage
+          persistentVolumeClaim:
+            claimName: "bodhi-critpath-storage"
         - name: keytab-volume
           secret:
             secretName: bodhi-keytab
@@ -352,6 +370,9 @@ items:
           - name: config-volume
             mountPath: /etc/bodhi
             readOnly: true
+          - name: bodhi-critpath-storage
+            mountPath: /etc/bodhi/critpath
+            readOnly: true
           - name: keytab-volume
             mountPath: /etc/keytabs
             readOnly: true
@@ -374,6 +395,9 @@ items:
         - name: config-volume
           configMap:
             name: bodhi-configmap
+        - name: bodhi-critpath-storage
+          persistentVolumeClaim:
+            claimName: "bodhi-critpath-storage"
         - name: keytab-volume
           secret:
             secretName: bodhi-keytab
diff --git a/roles/openshift-apps/bodhi/templates/dockerfile-critpathcron b/roles/openshift-apps/bodhi/templates/dockerfile-critpathcron
new file mode 100644
index 0000000000..c5c43b796f
--- /dev/null
+++ b/roles/openshift-apps/bodhi/templates/dockerfile-critpathcron
@@ -0,0 +1,16 @@
+{% if env == "staging" %}
+FROM fedora:37
+{% else %}
+FROM fedora:37
+{% endif %}
+LABEL \
+    name="bodhi-critpathcron" \
+    vendor="Fedora Infrastructure" \
+    license="MIT"
+{% if env == "staging" %}
+RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags.repo
+RUN curl -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags-stg.repo
+{% else %}
+RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags.repo
+{% endif %}
+RUN dnf install -y python3-dnf git fedora-repos