Hi,
I have been tasked with helping to deploy coreos.fedoraproject.org, and
so I have a patch to review, Clement told me to send it here for merge/review.
1 patch is for the DNS repo, the other for ansible.
I can't test any of them right now, so maybe I overlooked something
(and as said on irc, the deadline is a bit tight, but I will take care of any errors
arising)
--
Michael Scherer
>From ed97ea13c8c5b16d0095a2fa01bc93cf8d4a984b Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@xxxxxxxx>
Date: Fri, 15 Jun 2018 12:18:01 +0200
Subject: [PATCH] Deploy coreos.fedoraproject.org on Openshift
---
master.yml | 1 +
playbooks/include/proxies-reverseproxy.yml | 9 ++++
playbooks/include/proxies-websites.yml | 6 +++
playbooks/openshift-apps/coreos.yml | 51 ++++++++++++++++++++++
.../templates/nagios/services/websites.cfg.j2 | 9 ++++
.../coreos/files/deploymentconfig.yml | 50 +++++++++++++++++++++
roles/openshift-apps/coreos/files/service.yml | 16 +++++++
.../coreos/templates/buildconfig.yml | 28 ++++++++++++
.../coreos/templates/imagestream.yml | 9 ++++
9 files changed, 179 insertions(+)
create mode 100644 playbooks/openshift-apps/coreos.yml
create mode 100644 roles/openshift-apps/coreos/files/deploymentconfig.yml
create mode 100644 roles/openshift-apps/coreos/files/service.yml
create mode 100644 roles/openshift-apps/coreos/templates/buildconfig.yml
create mode 100644 roles/openshift-apps/coreos/templates/imagestream.yml
diff --git a/master.yml b/master.yml
index b09c130..0837d12 100644
--- a/master.yml
+++ b/master.yml
@@ -120,6 +120,7 @@
- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/greenwave.yml
- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/librariesio2fedmsg.yml
- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/waiverdb.yml
+- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/coreos.yml
# These need work to finish and complete and are all stg currently.
#- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/modernpaste.yml
#- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/rats.yml
diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index a399423..e62fa23 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -711,6 +711,15 @@
tags: waiverdb
- role: httpd/reverseproxy
+ website: coreos.fedoraproject.org
+ destname: coreos
+ # haproxy entry for os-nodes-frontend
+ proxyurl: http://localhost:10065
+ keephost: true
+ tags: coreos
+
+
+ - role: httpd/reverseproxy
website: data-analysis.fedoraproject.org
destname: awstats
remotepath: /
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 8fbbef1..5449a7b 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -847,6 +847,12 @@
server_aliases: [waiverdb.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
+ - role: httpd/website
+ site_name: coreos.fedoraproject.org
+ sslonly: true
+ server_aliases: [coreos.stg.fedoraproject.org]
+ cert_name: "{{wildcard_cert_name}}"
+
# fedorahosted is retired. We have the site here so we can redirect it.
- role: httpd/website
diff --git a/playbooks/openshift-apps/coreos.yml b/playbooks/openshift-apps/coreos.yml
new file mode 100644
index 0000000..0d1ad59
--- /dev/null
+++ b/playbooks/openshift-apps/coreos.yml
@@ -0,0 +1,51 @@
+- name: make the app be real
+ hosts: os-masters[0]:os-masters-stg[0]
+ user: root
+ gather_facts: False
+
+ vars_files:
+ - /srv/web/infra/ansible/vars/global.yml
+ - "/srv/private/ansible/vars.yml"
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+ roles:
+ - role: openshift/project
+ app: coreos
+ description: coreos.fedoraproject.org static website
+ appowners:
+ - misc
+ - sanja
+ - role: openshift/object
+ app: coreos
+ template: imagestream.yml
+ objectname: imagestream.yml
+ - role: openshift/object
+ app: coreos
+ template: buildconfig.yml
+ objectname: buildconfig.yml
+
+ - role: openshift/start-build
+ app: coreos
+ buildname: coreos-build
+ objectname: coreos-build
+
+ - role: openshift/object
+ app: coreos
+ file: service.yml
+ objectname: service.yml
+
+ - role: openshift/route
+ app: coreos
+ routename: coreos
+ host: "coreos.fedoraproject.org"
+ serviceport: web
+ servicename: coreos
+
+ - role: openshift/object
+ app: coreos
+ file: deploymentconfig.yml
+ objectname: deploymentconfig.yml
+
+ - role: openshift/rollout
+ app: coreos
+ dcname: coreos
diff --git a/roles/nagios_server/templates/nagios/services/websites.cfg.j2 b/roles/nagios_server/templates/nagios/services/websites.cfg.j2
index 3561a73..e416de5 100644
--- a/roles/nagios_server/templates/nagios/services/websites.cfg.j2
+++ b/roles/nagios_server/templates/nagios/services/websites.cfg.j2
@@ -116,6 +116,15 @@ define service {
define service {
hostgroup_name proxies
+ service_description http-coreos
+ check_command check_website_ssl!coreos-coreos-coreos.app.os.fedoraproject.org!/!Fedora
+ max_check_attempts 8
+ use websitetemplate
+}
+
+
+define service {
+ hostgroup_name proxies
service_description http-modernpaste
check_command check_website_ssl!paste.fedoraproject.org!/!LOGIN
max_check_attempts 8
diff --git a/roles/openshift-apps/coreos/files/deploymentconfig.yml b/roles/openshift-apps/coreos/files/deploymentconfig.yml
new file mode 100644
index 0000000..9c5d78b
--- /dev/null
+++ b/roles/openshift-apps/coreos/files/deploymentconfig.yml
@@ -0,0 +1,50 @@
+---
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+ labels:
+ app: coreos
+ service: coreos
+ name: coreos
+spec:
+ replicas: 2
+ selector:
+ app: coreos
+ deploymentconfig: coreos
+ strategy:
+ resources: {}
+ template:
+ metadata:
+ labels:
+ app: coreos
+ deploymentconfig: coreos
+ spec:
+ containers:
+ - image: coreos:latest
+ name: coreos
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+ readinessProbe:
+ timeoutSeconds: 1
+ initialDelaySeconds: 5
+ httpGet:
+ path: /
+ port: 8080
+ livenessProbe:
+ timeoutSeconds: 1
+ initialDelaySeconds: 30
+ httpGet:
+ path: /
+ port: 8080
+
+ triggers:
+ - type: ConfigChange
+ - type: ImageChange
+ imageChangeParams:
+ automatic: true
+ containerNames:
+ - coreos
+ from:
+ kind: ImageStreamTag
+ name: coreos:latest
diff --git a/roles/openshift-apps/coreos/files/service.yml b/roles/openshift-apps/coreos/files/service.yml
new file mode 100644
index 0000000..e3ff616
--- /dev/null
+++ b/roles/openshift-apps/coreos/files/service.yml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: coreos
+ name: coreos
+spec:
+ ports:
+ - name: 8080-tcp
+ port: 8080
+ protocol: TCP
+ targetPort: 8080
+ selector:
+ app: coreos
+ deploymentconfig: coreos
+
diff --git a/roles/openshift-apps/coreos/templates/buildconfig.yml b/roles/openshift-apps/coreos/templates/buildconfig.yml
new file mode 100644
index 0000000..68a16e7
--- /dev/null
+++ b/roles/openshift-apps/coreos/templates/buildconfig.yml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: BuildConfig
+metadata:
+ name: coreos
+ label:
+ environment: "coreos"
+spec:
+ output:
+ to:
+ kind: ImageStreamTag
+ name: coreos:latest
+ source:
+ type: Git
+ git:
+ uri: https://github.com/coreos/coreos.fedoraproject.org.git
+ strategy:
+ type: Source
+ sourceStrategy:
+ from:
+ kind: ImageStreamTag
+ name: s2i-golang:latest
+ triggers:
+# TODO add that once it is clear on how to store the secret
+# - type: GitHub
+# github:
+# secret: "some_coreos_github_secret"
+ - type: ConfigChange
+ - type: ImageChange
diff --git a/roles/openshift-apps/coreos/templates/imagestream.yml b/roles/openshift-apps/coreos/templates/imagestream.yml
new file mode 100644
index 0000000..b3df672
--- /dev/null
+++ b/roles/openshift-apps/coreos/templates/imagestream.yml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ImageStream
+metadata:
+ name: coreos
+spec:
+ lookupPolicy:
+ local: false
+status:
+ dockerImageRepository: ""
--
1.8.3.1
>From 86fd9c8b88a4a10e3252f0e1d36cbdf4303324ab Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@xxxxxxxxxxxxxxxxx>
Date: Fri, 15 Jun 2018 10:25:47 +0000
Subject: [PATCH] Add coreos.fedoraproject.org
---
fedoraproject.org.template | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fedoraproject.org.template b/fedoraproject.org.template
index c39cb8a..cd88751 100644
--- a/fedoraproject.org.template
+++ b/fedoraproject.org.template
@@ -166,6 +166,8 @@ community.dev IN CNAME wildcard
community.stg IN A 209.132.181.5
community IN CNAME wildcard
communityblog IN CNAME wildcard
+coreos IN CNAME wildcard
+coreos.stg IN A 209.132.181.5
cdn.communityblog IN CNAME 1504253206.rsc.cdn77.org.
;cvs IN A 209.132.181.1
cvs.stg IN A 209.132.181.11
--
1.8.3.1
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx/message/2DSM7SW7AFIN4X5CQFYICWQXID5S6YZT/
