simple-koji-ci: Start the port to openshift

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2020-02-24 11:57:21 +01:00 · 2020-02-24 11:57:21 +01:00 · 19d025a390
commit 19d025a390
parent e7d1f38175
7 changed files with 278 additions and 0 deletions
--- a/playbooks/openshift-apps/simple-koji-ci.yml
+++ b/playbooks/openshift-apps/simple-koji-ci.yml
@ -0,0 +1,50 @@
+- name: make the app be real
+  hosts: os_masters_stg[0]:os_masters
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - role: openshift/project
+    app: simple-koji-ci
+    description: Do a scratch build on PRs opened on dist-git
+    appowners:
+    - cverna
+    - pingou
+
+  - role: openshift/keytab
+    app: simple-koji-ci
+    key: simple-koji-ci-keytab
+    secret_name: simple-koji-ci-keytab
+    service: simple-koji-ci
+
+  - role: openshift/object
+    app: simple-koji-ci
+    template: imagestream.yml
+    objectname: imagestream.yml
+
+  - role: openshift/object
+    app: simple-koji-ci
+    template: buildconfig.yml
+    objectname: buildconfig.yml
+
+  - role: openshift/object
+    app: simple-koji-ci
+    template: configmap.yml
+    objectname: configmap.yml
+
+  - role: openshift/object
+    app: simple-koji-ci
+    template: deploymentconfig.yml
+    objectname: deploymentconfig.yml
+
+  - role: openshift/start-build
+    app: simple-koji-ci
+    buildname: simple-koji-ci-build
+    objectname: simple-koji-ci-build
+    tags:
+        - build
--- a/roles/openshift-apps/simple-koji-ci/templates/buildconfig.yml
+++ b/roles/openshift-apps/simple-koji-ci/templates/buildconfig.yml
@ -0,0 +1,25 @@
+apiVersion: v1
+kind: BuildConfig
+metadata:
+  name: simple-koji-ci-build
+  labels:
+    environment: "simple-koji-ci"
+spec:
+  source:
+    git:
+{% if env == 'staging' %}
+      uri: https://pagure.io/forks/pingou/fedora-ci/simple-koji-ci.git
+      ref: "staging"
+{% else %}
+      uri: https://pagure.io/fedora-ci/simple-koji-ci/.git
+      ref: "production"
+{% endif %}
+  strategy:
+    type: Docker
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange
+  output:
+    to:
+      kind: ImageStreamTag
+      name: simple-koji-ci:latest
--- a/roles/openshift-apps/simple-koji-ci/templates/configmap.yml
+++ b/roles/openshift-apps/simple-koji-ci/templates/configmap.yml
@ -0,0 +1,23 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: simple-koji-ci-fedmsg
+  labels:
+    app: simple-koji-ci
+data:
+  endpoints.py: |-
+    {{ load_file('endpoints.py') | indent }}
+  runner.cfg: |-
+    {{ load_file('simple_koji_ci.py') | indent }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: simple-koji-ci-krb
+  labels:
+    app: simple-koji-ci
+data:
+  krb5.conf: |
+    {{ lookup('template', roles_path + '/base/templates/krb5.conf.j2') | indent }}
--- a/roles/openshift-apps/simple-koji-ci/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/simple-koji-ci/templates/deploymentconfig.yml
@ -0,0 +1,66 @@
+---
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  labels:
+    app: simple-koji-ci
+  name: simple-koji-ci
+spec:
+  replicas: 1
+  selector:
+    app: simple-koji-ci
+    deploymentconfig: simple-koji-ci
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: simple-koji-ci
+        deploymentconfig: simple-koji-ci
+    spec:
+      hostAliases:
+        - hostnames:
+          - apps.stg.fedoraproject.org
+          ip: 10.5.128.177
+      containers:
+      - name: simple-koji-ci
+        image: simple-koji-ci:latest
+        resources: {}
+        env:
+          - name: KRB5_CONFIG
+            value: /etc/krb/krb5.conf
+          - name: KRB5_CLIENT_KTNAME
+            value: /etc/keytab/koji-keytab
+          - name: OPENSHIFT
+            value: "True"
+        volumeMounts:
+        - name: keytab-volume
+          mountPath: /etc/keytabs
+          readOnly: true
+        - name: simple-koji-ci-krb-volume
+          mountPath: /etc/krb/
+          readOnly: true
+        - name: simple-koji-ci-fedmsg-volumes
+          mountPath: /etc/fedmsg.d
+          readOnly: true
+      volumes:
+       - name: keytab-volume
+         secret:
+           secretName: simple-koji-ci-keytab
+       - name: simple-koji-ci-krb-volume
+         configMap:
+           name: simple-koji-ci-krb
+       - name: simple-koji-ci-fedmsg-volume
+         configMap:
+           name: simple-koji-ci-fedmsg
+
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange
+    imageChangeParams:
+      automatic: true
+      containerNames:
+      - simple-koji-ci
+      from:
+        kind: ImageStreamTag
+        name: simple-koji-ci:latest
--- a/roles/openshift-apps/simple-koji-ci/templates/endpoints.py
+++ b/roles/openshift-apps/simple-koji-ci/templates/endpoints.py
@ -0,0 +1,35 @@
+# This file is part of fedmsg.
+# Copyright (C) 2012 Red Hat, Inc.
+#
+# fedmsg is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# fedmsg is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with fedmsg; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+#
+# Authors:  Ralph Bean <rbean@redhat.com>
+#
+config = dict(
+    # This is a dict of possible addresses from which fedmsg can send
+    # messages.  fedmsg.init(...) requires that a 'name' argument be passed
+    # to it which corresponds with one of the keys in this dict.
+    endpoints={
+        # These are here so your local box can listen to the upstream
+        # infrastructure's bus.  Cool, right?  :)
+        "fedora-infrastructure": [
+            {% if env == 'staging' %}
+            "tcp://stg.fedoraproject.org:9940",
+            {% else %}
+            "tcp://hub.fedoraproject.org:9940",
+            {% endif %}
+        ],
+    },
+)
--- a/roles/openshift-apps/simple-koji-ci/templates/imagestream.yml
+++ b/roles/openshift-apps/simple-koji-ci/templates/imagestream.yml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ImageStream
+metadata:
+   name: "simple-koji-ci"
--- a/roles/openshift-apps/simple-koji-ci/templates/simple_koji_ci.py
+++ b/roles/openshift-apps/simple-koji-ci/templates/simple_koji_ci.py
@ -0,0 +1,75 @@
+class TargetTagsDict(dict):
+    """A dict that returns the key for missing values"""
+    def __missing__(self, key):
+        return key
+
+    def get(self, key, default):
+        """Normally, get() doesn't go trough __missing__"""
+        return self[key]
+
+
+config = {
+    'simple-koji-ci.enabled': True,
+
+    'simple-koji-ci.koji': {
+        {% if env == 'staging' %}
+        'server': 'https://koji.stg.fedoraproject.org/kojihub',
+        'weburl': 'https://koji.stg.fedoraproject.org/koji',
+        'git_url': 'https://src.stg.fedoraproject.org/rpms/{package}.git',
+        'krb_principal': 'simple-koji-ci/simple-koji-ci-dev.fedorainfracloud.org@STG.FEDORAPROJECT.ORG',
+        'krb_keytab': '/etc/krb5.simple-koji-ci_simple-koji-ci-dev.fedorainfracloud.org.keytab',
+        {% else %}
+        'server': 'https://koji.fedoraproject.org/kojihub',
+        'weburl': 'https://koji.fedoraproject.org/koji',
+        'git_url': 'https://src.fedoraproject.org/rpms/{package}.git',
+        'krb_principal': 'simple-koji-ci/simple-koji-ci-prod.fedorainfracloud.org@FEDORAPROJECT.ORG',
+        'krb_keytab': '/etc/krb5.simple-koji-ci_simple-koji-ci-prod.fedorainfracloud.org.keytab',
+        {% endif %}
+        # Kerberos configuration to authenticate with Koji. In development
+        # environments, use `kinit <fas-name>@FEDORAPROJECT.ORG` to get a
+        # Kerberos ticket and use the default settings below.
+        'krb_ccache': None,
+        'krb_proxyuser': None,
+        'krb_sessionopts': {'timeout': 3600, 'krb_rdns': False},
+        'opts': {'scratch': True},
+        'priority': 30,
+        'target_tags': TargetTagsDict(master='rawhide'),
+    },
+
+    "simple-koji-ci.cache": {
+        "backend": "dogpile.cache.dbm",
+        "expiration_time": 300,
+        "arguments": {
+            "filename": "/var/tmp/simple-koji-ci-cache.dbm",
+        },
+    },
+
+    {% if env == 'staging' %}
+    "simple-koji-ci.pagure_url" : "https://src.stg.fedoraproject.org",
+    "simple-koji-ci.pagure_token" : "{{ simple_koji_ci_pagure_token_stg }}",
+    {% else %}
+    "simple-koji-ci.pagure_url" : "https://src.fedoraproject.org",
+    "simple-koji-ci.pagure_token" : "{{ simple_koji_ci_pagure_token }}",
+    {% endif %}
+
+    # The time in seconds the-new-hotness should wait for a socket to connect
+    # before giving up.
+    'simple-koji-ci.connect_timeout': 15,
+    # The time in seconds the-new-hotness should wait for a read from a socket
+    # before giving up.
+    'simple-koji-ci.read_timeout': 15,
+    # The number of times the-new-hotness should retry a network request that
+    # that failed for any reason (e.g. read timeout, DNS error, etc)
+    'simple-koji-ci.requests_retries': 3,
+
+    "logging": {
+        "loggers": {
+            "simple_koji_ci": {
+                "level": "DEBUG",
+                "propagate": True,
+                "handlers": ["console"],
+            },
+        },
+    }
+
+}