Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

resulsdb-frontend files

Browse source
This commit is contained in:
Leonardo Rossetti 2022-02-17 07:25:11 -03:00 committed by kevin
parent 6c24d53203
commit 661506e918
7 changed files with 228 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

61
playbooks/openshift-apps/resultsdb-frontend.yml Normal file
View file

@ -0,0 +1,61 @@
- name: make the app be real
# hosts: os_masters[0]:os_masters_stg[0]
hosts: local
# user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/roles/openshift-apps/resultsdb/vars/main.yml
roles:
# The openshift/project role breaks if the project already exists:
# https://pagure.io/fedora-infrastructure/issue/6404
- role: openshift/project
app: resultsdb-frontend
description: resultsdb
appowners:
- ralph
- mjia
- dcallagh
- gnaponie
- cverna
- pingou
- lholecek
- vmaljulin
- lrossett
tags:
- apply-appowners
- role: openshift/object
app: resultsdb-frontend
template: secrets.yml
objectname: secrets.yml
- role: openshift/object
app: resultsdb-frontend
template: configmaps.yml
objectname: configmaps.yml
- role: openshift/object
app: resultsdb-frontend
template: deploymentconfigs.yml
objectname: deploymentconfigs.yml
- role: openshift/object
app: resultsdb-frontend
template: services.yml
objectname: services.yml
- role: openshift/route
app: resultsdb-frontend
routename: web
host: "resultsdb{{ env_suffix }}.fedoraproject.org"
serviceport: web
servicename: resultsdb-frontend
- role: openshift/rollout
app: resultsdb-frontend
dcname: "resultsdb-frontend"

53
roles/openshift-apps/resultsdb-frontend/templates/configmaps.yml Normal file
View file

@ -0,0 +1,53 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "resultsdb-frontend-app-config"
labels:
app: resultsdb
service: web
data:
settings.py: |-
import os
{% if env == 'staging' %}
RDB_URL = '{{ stg_resultsdb_frontent_api_url }}'
{% else %}
RDB_URL = '{{ prod_resultsdb_frontent_api_url }}'
{% endif %}
SECRET_KEY = os.environ['RESULTSDB_FRONTEND_SECRET_KEY']
FILE_LOGGING = False
LOGFILE = '/var/log/resultsdb_frontend/resultsdb_frontend.log'
SYSLOG_LOGGING = False
STREAM_LOGGING = True
---
apiVersion: v1
kind: ConfigMap
metadata:
name: "resultsdb-frontend-httpd-config"
labels:
app: resultsdb
service: web
data:
resultsdb_frontend.conf: |-
WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5 home=/usr/share/resultsdb_frontend
WSGIScriptAlias / /usr/share/resultsdb_frontend/conf/resultsdb_frontend.wsgi
WSGISocketPrefix run/wsgi
# this isn't the best way to force SSL but it works for now
#RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteRule ^/resultsdb_frontend/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
<Directory /usr/share/resultsdb_frontend>
WSGIProcessGroup resultsdb_frontend
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_auth_core.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>

68
roles/openshift-apps/resultsdb-frontend/templates/deploymentconfigs.yml Normal file
View file

@ -0,0 +1,68 @@
apiVersion: v1
kind: DeploymentConfig
metadata:
name: "resultsdb-frontend"
labels:
app: resultsdb
service: web
spec:
replicas: 2
selector:
app: resultsdb
service: web
strategy:
type: Rolling
template:
metadata:
labels:
app: resultsdb
service: web
spec:
containers:
- name: webapp
{% if env == 'staging' %}
image: "{{ stg_resultsdb_frontend_image }}"
{% else %}
image: "{{ prod_resultsdb_frontend_image }}"
{% endif %}
imagePullPolicy: Always
ports:
- containerPort: 5001
envFrom:
- secretRef:
name: resultsdb-frontend-key
volumeMounts:
- name: config-volume
mountPath: /etc/resultsdb
readOnly: true
- name: httpd-config-volume
mountPath: /etc/httpd/conf.d
readOnly: true
readinessProbe:
timeoutSeconds: 1
initialDelaySeconds: 5
httpGet:
path: /
port: 5001
livenessProbe:
timeoutSeconds: 1
initialDelaySeconds: 30
httpGet:
path: /
port: 5001
# Limit to 384MB memory. This is probably *not* enough but it is
# necessary in the current environment to allow for 2 replicas and
# rolling updates, without hitting the (very aggressive) memory quota.
resources:
limits:
memory: 384Mi
cpu: 0.3
volumes:
- name: config-volume
configMap:
name: "resultsdb-frontend-app-config"
- name: httpd-config-volume
configMap:
name: "resultsdb-frontend-httpd-config"
triggers:
- type: ConfigChange

17
roles/openshift-apps/resultsdb-frontend/templates/routes.yml Normal file
View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Route
metadata:
name: "resultsdb-frontend"
labels:
app: resultsdb
service: web
spec:
path: /web
port:
targetPort: web
to:
kind: Service
name: "resultsdb-frontend"
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect

13
roles/openshift-apps/resultsdb-frontend/templates/secrets.yml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: resultsdb-frontend-key
labels:
app: resultsdb
service: web
stringData:
{% if env == 'staging' %}
RESULTSDB_FRONTEND_SECRET_KEY: "{{ stg_resultsdb_frontend_secret_key }}"
{% else %}
RESULTSDB_FRONTEND_SECRET_KEY: "{{ prod_resultsdb_frontend_secret_key }}"
{% endif %}

15
roles/openshift-apps/resultsdb-frontend/templates/services.yml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: "resultsdb-frontend"
labels:
app: resultsdb
service: web
spec:
selector:
app: resultsdb
service: web
ports:
- name: web
port: 5001
targetPort: 5001

1
roles/openshift-apps/resultsdb-frontend/vars/main.yml Normal file
View file

@ -0,0 +1 @@
---