Hi, I have been tasked with helping to deploy coreos.fedoraproject.org, and so I have a patch to review, Clement told me to send it here for merge/review. 1 patch is for the DNS repo, the other for ansible. I can't test any of them right now, so maybe I overlooked something (and as said on irc, the deadline is a bit tight, but I will take care of any errors arising) -- Michael Scherer
>From ed97ea13c8c5b16d0095a2fa01bc93cf8d4a984b Mon Sep 17 00:00:00 2001 From: Michael Scherer <misc@xxxxxxxx> Date: Fri, 15 Jun 2018 12:18:01 +0200 Subject: [PATCH] Deploy coreos.fedoraproject.org on Openshift --- master.yml | 1 + playbooks/include/proxies-reverseproxy.yml | 9 ++++ playbooks/include/proxies-websites.yml | 6 +++ playbooks/openshift-apps/coreos.yml | 51 ++++++++++++++++++++++ .../templates/nagios/services/websites.cfg.j2 | 9 ++++ .../coreos/files/deploymentconfig.yml | 50 +++++++++++++++++++++ roles/openshift-apps/coreos/files/service.yml | 16 +++++++ .../coreos/templates/buildconfig.yml | 28 ++++++++++++ .../coreos/templates/imagestream.yml | 9 ++++ 9 files changed, 179 insertions(+) create mode 100644 playbooks/openshift-apps/coreos.yml create mode 100644 roles/openshift-apps/coreos/files/deploymentconfig.yml create mode 100644 roles/openshift-apps/coreos/files/service.yml create mode 100644 roles/openshift-apps/coreos/templates/buildconfig.yml create mode 100644 roles/openshift-apps/coreos/templates/imagestream.yml diff --git a/master.yml b/master.yml index b09c130..0837d12 100644 --- a/master.yml +++ b/master.yml @@ -120,6 +120,7 @@ - import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/greenwave.yml - import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/librariesio2fedmsg.yml - import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/waiverdb.yml +- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/coreos.yml # These need work to finish and complete and are all stg currently. #- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/modernpaste.yml #- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/rats.yml diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index a399423..e62fa23 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -711,6 +711,15 @@ tags: waiverdb - role: httpd/reverseproxy + website: coreos.fedoraproject.org + destname: coreos + # haproxy entry for os-nodes-frontend + proxyurl: http://localhost:10065 + keephost: true + tags: coreos + + + - role: httpd/reverseproxy website: data-analysis.fedoraproject.org destname: awstats remotepath: / diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 8fbbef1..5449a7b 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -847,6 +847,12 @@ server_aliases: [waiverdb.stg.fedoraproject.org] cert_name: "{{wildcard_cert_name}}" + - role: httpd/website + site_name: coreos.fedoraproject.org + sslonly: true + server_aliases: [coreos.stg.fedoraproject.org] + cert_name: "{{wildcard_cert_name}}" + # fedorahosted is retired. We have the site here so we can redirect it. - role: httpd/website diff --git a/playbooks/openshift-apps/coreos.yml b/playbooks/openshift-apps/coreos.yml new file mode 100644 index 0000000..0d1ad59 --- /dev/null +++ b/playbooks/openshift-apps/coreos.yml @@ -0,0 +1,51 @@ +- name: make the app be real + hosts: os-masters[0]:os-masters-stg[0] + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: openshift/project + app: coreos + description: coreos.fedoraproject.org static website + appowners: + - misc + - sanja + - role: openshift/object + app: coreos + template: imagestream.yml + objectname: imagestream.yml + - role: openshift/object + app: coreos + template: buildconfig.yml + objectname: buildconfig.yml + + - role: openshift/start-build + app: coreos + buildname: coreos-build + objectname: coreos-build + + - role: openshift/object + app: coreos + file: service.yml + objectname: service.yml + + - role: openshift/route + app: coreos + routename: coreos + host: "coreos.fedoraproject.org" + serviceport: web + servicename: coreos + + - role: openshift/object + app: coreos + file: deploymentconfig.yml + objectname: deploymentconfig.yml + + - role: openshift/rollout + app: coreos + dcname: coreos diff --git a/roles/nagios_server/templates/nagios/services/websites.cfg.j2 b/roles/nagios_server/templates/nagios/services/websites.cfg.j2 index 3561a73..e416de5 100644 --- a/roles/nagios_server/templates/nagios/services/websites.cfg.j2 +++ b/roles/nagios_server/templates/nagios/services/websites.cfg.j2 @@ -116,6 +116,15 @@ define service { define service { hostgroup_name proxies + service_description http-coreos + check_command check_website_ssl!coreos-coreos-coreos.app.os.fedoraproject.org!/!Fedora + max_check_attempts 8 + use websitetemplate +} + + +define service { + hostgroup_name proxies service_description http-modernpaste check_command check_website_ssl!paste.fedoraproject.org!/!LOGIN max_check_attempts 8 diff --git a/roles/openshift-apps/coreos/files/deploymentconfig.yml b/roles/openshift-apps/coreos/files/deploymentconfig.yml new file mode 100644 index 0000000..9c5d78b --- /dev/null +++ b/roles/openshift-apps/coreos/files/deploymentconfig.yml @@ -0,0 +1,50 @@ +--- +apiVersion: v1 +kind: DeploymentConfig +metadata: + labels: + app: coreos + service: coreos + name: coreos +spec: + replicas: 2 + selector: + app: coreos + deploymentconfig: coreos + strategy: + resources: {} + template: + metadata: + labels: + app: coreos + deploymentconfig: coreos + spec: + containers: + - image: coreos:latest + name: coreos + ports: + - containerPort: 8080 + protocol: TCP + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + httpGet: + path: / + port: 8080 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + httpGet: + path: / + port: 8080 + + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - coreos + from: + kind: ImageStreamTag + name: coreos:latest diff --git a/roles/openshift-apps/coreos/files/service.yml b/roles/openshift-apps/coreos/files/service.yml new file mode 100644 index 0000000..e3ff616 --- /dev/null +++ b/roles/openshift-apps/coreos/files/service.yml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: coreos + name: coreos +spec: + ports: + - name: 8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: coreos + deploymentconfig: coreos + diff --git a/roles/openshift-apps/coreos/templates/buildconfig.yml b/roles/openshift-apps/coreos/templates/buildconfig.yml new file mode 100644 index 0000000..68a16e7 --- /dev/null +++ b/roles/openshift-apps/coreos/templates/buildconfig.yml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: BuildConfig +metadata: + name: coreos + label: + environment: "coreos" +spec: + output: + to: + kind: ImageStreamTag + name: coreos:latest + source: + type: Git + git: + uri: https://github.com/coreos/coreos.fedoraproject.org.git + strategy: + type: Source + sourceStrategy: + from: + kind: ImageStreamTag + name: s2i-golang:latest + triggers: +# TODO add that once it is clear on how to store the secret +# - type: GitHub +# github: +# secret: "some_coreos_github_secret" + - type: ConfigChange + - type: ImageChange diff --git a/roles/openshift-apps/coreos/templates/imagestream.yml b/roles/openshift-apps/coreos/templates/imagestream.yml new file mode 100644 index 0000000..b3df672 --- /dev/null +++ b/roles/openshift-apps/coreos/templates/imagestream.yml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ImageStream +metadata: + name: coreos +spec: + lookupPolicy: + local: false +status: + dockerImageRepository: "" -- 1.8.3.1
>From 86fd9c8b88a4a10e3252f0e1d36cbdf4303324ab Mon Sep 17 00:00:00 2001 From: Michael Scherer <misc@xxxxxxxxxxxxxxxxx> Date: Fri, 15 Jun 2018 10:25:47 +0000 Subject: [PATCH] Add coreos.fedoraproject.org --- fedoraproject.org.template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fedoraproject.org.template b/fedoraproject.org.template index c39cb8a..cd88751 100644 --- a/fedoraproject.org.template +++ b/fedoraproject.org.template @@ -166,6 +166,8 @@ community.dev IN CNAME wildcard community.stg IN A 209.132.181.5 community IN CNAME wildcard communityblog IN CNAME wildcard +coreos IN CNAME wildcard +coreos.stg IN A 209.132.181.5 cdn.communityblog IN CNAME 1504253206.rsc.cdn77.org. ;cvs IN A 209.132.181.1 cvs.stg IN A 209.132.181.11 -- 1.8.3.1
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx/message/2DSM7SW7AFIN4X5CQFYICWQXID5S6YZT/