infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

simple-koji-ci: Start the port to openshift

Browse source 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This commit is contained in:
Pierre-Yves Chibon 2020-02-24 11:57:21 +01:00
parent e7d1f38175
commit 19d025a390
7 changed files with 278 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

50
playbooks/openshift-apps/simple-koji-ci.yml Normal file
View file

@ -0,0 +1,50 @@
- name: make the app be real
hosts: os_masters_stg[0]:os_masters
user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: openshift/project
app: simple-koji-ci
description: Do a scratch build on PRs opened on dist-git
appowners:
- cverna
- pingou
- role: openshift/keytab
app: simple-koji-ci
key: simple-koji-ci-keytab
secret_name: simple-koji-ci-keytab
service: simple-koji-ci
- role: openshift/object
app: simple-koji-ci
template: imagestream.yml
objectname: imagestream.yml
- role: openshift/object
app: simple-koji-ci
template: buildconfig.yml
objectname: buildconfig.yml
- role: openshift/object
app: simple-koji-ci
template: configmap.yml
objectname: configmap.yml
- role: openshift/object
app: simple-koji-ci
template: deploymentconfig.yml
objectname: deploymentconfig.yml
- role: openshift/start-build
app: simple-koji-ci
buildname: simple-koji-ci-build
objectname: simple-koji-ci-build
tags:
- build

25
roles/openshift-apps/simple-koji-ci/templates/buildconfig.yml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: BuildConfig
metadata:
name: simple-koji-ci-build
labels:
environment: "simple-koji-ci"
spec:
source:
git:
{% if env == 'staging' %}
uri: https://pagure.io/forks/pingou/fedora-ci/simple-koji-ci.git
ref: "staging"
{% else %}
uri: https://pagure.io/fedora-ci/simple-koji-ci/.git
ref: "production"
{% endif %}
strategy:
type: Docker
triggers:
- type: ConfigChange
- type: ImageChange
output:
to:
kind: ImageStreamTag
name: simple-koji-ci:latest

23
roles/openshift-apps/simple-koji-ci/templates/configmap.yml Normal file
View file

@ -0,0 +1,23 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: simple-koji-ci-fedmsg
labels:
app: simple-koji-ci
data:
endpoints.py: |-
{{ load_file('endpoints.py') | indent }}
runner.cfg: |-
{{ load_file('simple_koji_ci.py') | indent }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: simple-koji-ci-krb
labels:
app: simple-koji-ci
data:
krb5.conf: |
{{ lookup('template', roles_path + '/base/templates/krb5.conf.j2') | indent }}

66
roles/openshift-apps/simple-koji-ci/templates/deploymentconfig.yml Normal file
View file

@ -0,0 +1,66 @@
---
apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: simple-koji-ci
name: simple-koji-ci
spec:
replicas: 1
selector:
app: simple-koji-ci
deploymentconfig: simple-koji-ci
strategy:
type: Recreate
template:
metadata:
labels:
app: simple-koji-ci
deploymentconfig: simple-koji-ci
spec:
hostAliases:
- hostnames:
- apps.stg.fedoraproject.org
ip: 10.5.128.177
containers:
- name: simple-koji-ci
image: simple-koji-ci:latest
resources: {}
env:
- name: KRB5_CONFIG
value: /etc/krb/krb5.conf
- name: KRB5_CLIENT_KTNAME
value: /etc/keytab/koji-keytab
- name: OPENSHIFT
value: "True"
volumeMounts:
- name: keytab-volume
mountPath: /etc/keytabs
readOnly: true
- name: simple-koji-ci-krb-volume
mountPath: /etc/krb/
readOnly: true
- name: simple-koji-ci-fedmsg-volumes
mountPath: /etc/fedmsg.d
readOnly: true
volumes:
- name: keytab-volume
secret:
secretName: simple-koji-ci-keytab
- name: simple-koji-ci-krb-volume
configMap:
name: simple-koji-ci-krb
- name: simple-koji-ci-fedmsg-volume
configMap:
name: simple-koji-ci-fedmsg
triggers:
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- simple-koji-ci
from:
kind: ImageStreamTag
name: simple-koji-ci:latest

35
roles/openshift-apps/simple-koji-ci/templates/endpoints.py Normal file
View file

@ -0,0 +1,35 @@
# This file is part of fedmsg.
# Copyright (C) 2012 Red Hat, Inc.
#
# fedmsg is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# fedmsg is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with fedmsg; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
# Authors: Ralph Bean <rbean@redhat.com>
#
config = dict(
# This is a dict of possible addresses from which fedmsg can send
# messages. fedmsg.init(...) requires that a 'name' argument be passed
# to it which corresponds with one of the keys in this dict.
endpoints={
# These are here so your local box can listen to the upstream
# infrastructure's bus. Cool, right? :)
"fedora-infrastructure": [
{% if env == 'staging' %}
"tcp://stg.fedoraproject.org:9940",
{% else %}
"tcp://hub.fedoraproject.org:9940",
{% endif %}
],
},
)

4
roles/openshift-apps/simple-koji-ci/templates/imagestream.yml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: ImageStream
metadata:
name: "simple-koji-ci"

75
roles/openshift-apps/simple-koji-ci/templates/simple_koji_ci.py Normal file
View file

@ -0,0 +1,75 @@
class TargetTagsDict(dict):
"""A dict that returns the key for missing values"""
def __missing__(self, key):
return key
def get(self, key, default):
"""Normally, get() doesn't go trough __missing__"""
return self[key]
config = {
'simple-koji-ci.enabled': True,
'simple-koji-ci.koji': {
{% if env == 'staging' %}
'server': 'https://koji.stg.fedoraproject.org/kojihub',
'weburl': 'https://koji.stg.fedoraproject.org/koji',
'git_url': 'https://src.stg.fedoraproject.org/rpms/{package}.git',
'krb_principal': 'simple-koji-ci/simple-koji-ci-dev.fedorainfracloud.org@STG.FEDORAPROJECT.ORG',
'krb_keytab': '/etc/krb5.simple-koji-ci_simple-koji-ci-dev.fedorainfracloud.org.keytab',
{% else %}
'server': 'https://koji.fedoraproject.org/kojihub',
'weburl': 'https://koji.fedoraproject.org/koji',
'git_url': 'https://src.fedoraproject.org/rpms/{package}.git',
'krb_principal': 'simple-koji-ci/simple-koji-ci-prod.fedorainfracloud.org@FEDORAPROJECT.ORG',
'krb_keytab': '/etc/krb5.simple-koji-ci_simple-koji-ci-prod.fedorainfracloud.org.keytab',
{% endif %}
# Kerberos configuration to authenticate with Koji. In development
# environments, use `kinit <fas-name>@FEDORAPROJECT.ORG` to get a
# Kerberos ticket and use the default settings below.
'krb_ccache': None,
'krb_proxyuser': None,
'krb_sessionopts': {'timeout': 3600, 'krb_rdns': False},
'opts': {'scratch': True},
'priority': 30,
'target_tags': TargetTagsDict(master='rawhide'),
},
"simple-koji-ci.cache": {
"backend": "dogpile.cache.dbm",
"expiration_time": 300,
"arguments": {
"filename": "/var/tmp/simple-koji-ci-cache.dbm",
},
},
{% if env == 'staging' %}
"simple-koji-ci.pagure_url" : "https://src.stg.fedoraproject.org",
"simple-koji-ci.pagure_token" : "{{ simple_koji_ci_pagure_token_stg }}",
{% else %}
"simple-koji-ci.pagure_url" : "https://src.fedoraproject.org",
"simple-koji-ci.pagure_token" : "{{ simple_koji_ci_pagure_token }}",
{% endif %}
# The time in seconds the-new-hotness should wait for a socket to connect
# before giving up.
'simple-koji-ci.connect_timeout': 15,
# The time in seconds the-new-hotness should wait for a read from a socket
# before giving up.
'simple-koji-ci.read_timeout': 15,
# The number of times the-new-hotness should retry a network request that
# that failed for any reason (e.g. read timeout, DNS error, etc)
'simple-koji-ci.requests_retries': 3,
"logging": {
"loggers": {
"simple_koji_ci": {
"level": "DEBUG",
"propagate": True,
"handlers": ["console"],
},
},
}
}