Website deployment on Fedora openshift cluster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have been tasked with helping to deploy coreos.fedoraproject.org, and
so I have a patch to review, Clement told me to send it here for merge/review.

1 patch is for the DNS repo, the other for ansible.

I can't test any of them right now, so maybe I overlooked something
(and as said on irc, the deadline is a bit tight, but I will take care of any errors
arising)

-- 
Michael Scherer
>From ed97ea13c8c5b16d0095a2fa01bc93cf8d4a984b Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@xxxxxxxx>
Date: Fri, 15 Jun 2018 12:18:01 +0200
Subject: [PATCH] Deploy coreos.fedoraproject.org on Openshift

---
 master.yml                                         |  1 +
 playbooks/include/proxies-reverseproxy.yml         |  9 ++++
 playbooks/include/proxies-websites.yml             |  6 +++
 playbooks/openshift-apps/coreos.yml                | 51 ++++++++++++++++++++++
 .../templates/nagios/services/websites.cfg.j2      |  9 ++++
 .../coreos/files/deploymentconfig.yml              | 50 +++++++++++++++++++++
 roles/openshift-apps/coreos/files/service.yml      | 16 +++++++
 .../coreos/templates/buildconfig.yml               | 28 ++++++++++++
 .../coreos/templates/imagestream.yml               |  9 ++++
 9 files changed, 179 insertions(+)
 create mode 100644 playbooks/openshift-apps/coreos.yml
 create mode 100644 roles/openshift-apps/coreos/files/deploymentconfig.yml
 create mode 100644 roles/openshift-apps/coreos/files/service.yml
 create mode 100644 roles/openshift-apps/coreos/templates/buildconfig.yml
 create mode 100644 roles/openshift-apps/coreos/templates/imagestream.yml

diff --git a/master.yml b/master.yml
index b09c130..0837d12 100644
--- a/master.yml
+++ b/master.yml
@@ -120,6 +120,7 @@
 - import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/greenwave.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/librariesio2fedmsg.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/waiverdb.yml
+- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/coreos.yml
 # These need work to finish and complete and are all stg currently.
 #- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/modernpaste.yml
 #- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/rats.yml
diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index a399423..e62fa23 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -711,6 +711,15 @@
     tags: waiverdb
 
   - role: httpd/reverseproxy
+    website: coreos.fedoraproject.org
+    destname: coreos
+    # haproxy entry for os-nodes-frontend
+    proxyurl: http://localhost:10065
+    keephost: true
+    tags: coreos
+
+
+  - role: httpd/reverseproxy
     website: data-analysis.fedoraproject.org
     destname: awstats
     remotepath: /
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 8fbbef1..5449a7b 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -847,6 +847,12 @@
     server_aliases: [waiverdb.stg.fedoraproject.org]
     cert_name: "{{wildcard_cert_name}}"
 
+  - role: httpd/website
+    site_name: coreos.fedoraproject.org
+    sslonly: true
+    server_aliases: [coreos.stg.fedoraproject.org]
+    cert_name: "{{wildcard_cert_name}}"
+
 # fedorahosted is retired. We have the site here so we can redirect it.
 
   - role: httpd/website
diff --git a/playbooks/openshift-apps/coreos.yml b/playbooks/openshift-apps/coreos.yml
new file mode 100644
index 0000000..0d1ad59
--- /dev/null
+++ b/playbooks/openshift-apps/coreos.yml
@@ -0,0 +1,51 @@
+- name: make the app be real
+  hosts: os-masters[0]:os-masters-stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - role: openshift/project
+    app: coreos
+    description: coreos.fedoraproject.org static website
+    appowners:
+    - misc
+    - sanja
+  - role: openshift/object
+    app: coreos
+    template: imagestream.yml
+    objectname: imagestream.yml
+  - role: openshift/object
+    app: coreos
+    template: buildconfig.yml
+    objectname: buildconfig.yml
+
+  - role: openshift/start-build
+    app: coreos
+    buildname: coreos-build
+    objectname: coreos-build
+
+  - role: openshift/object
+    app: coreos
+    file: service.yml
+    objectname: service.yml
+
+  - role: openshift/route
+    app: coreos
+    routename: coreos
+    host: "coreos.fedoraproject.org"
+    serviceport: web
+    servicename: coreos
+
+  - role: openshift/object
+    app: coreos
+    file: deploymentconfig.yml
+    objectname: deploymentconfig.yml
+
+  - role: openshift/rollout
+    app: coreos
+    dcname: coreos
diff --git a/roles/nagios_server/templates/nagios/services/websites.cfg.j2 b/roles/nagios_server/templates/nagios/services/websites.cfg.j2
index 3561a73..e416de5 100644
--- a/roles/nagios_server/templates/nagios/services/websites.cfg.j2
+++ b/roles/nagios_server/templates/nagios/services/websites.cfg.j2
@@ -116,6 +116,15 @@ define service {
 
 define service {
   hostgroup_name        proxies
+  service_description   http-coreos
+  check_command         check_website_ssl!coreos-coreos-coreos.app.os.fedoraproject.org!/!Fedora
+  max_check_attempts    8
+  use                   websitetemplate
+}
+
+
+define service {
+  hostgroup_name        proxies
   service_description   http-modernpaste
   check_command         check_website_ssl!paste.fedoraproject.org!/!LOGIN
   max_check_attempts    8
diff --git a/roles/openshift-apps/coreos/files/deploymentconfig.yml b/roles/openshift-apps/coreos/files/deploymentconfig.yml
new file mode 100644
index 0000000..9c5d78b
--- /dev/null
+++ b/roles/openshift-apps/coreos/files/deploymentconfig.yml
@@ -0,0 +1,50 @@
+---
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  labels:
+    app: coreos
+    service: coreos
+  name: coreos
+spec:
+  replicas: 2
+  selector:
+    app: coreos
+    deploymentconfig: coreos
+  strategy:
+    resources: {}
+  template:
+    metadata:
+      labels:
+        app: coreos
+        deploymentconfig: coreos
+    spec:
+      containers:
+      - image: coreos:latest
+        name: coreos
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        readinessProbe:
+          timeoutSeconds: 1
+          initialDelaySeconds: 5
+          httpGet:
+            path: /
+            port: 8080
+        livenessProbe:
+          timeoutSeconds: 1
+          initialDelaySeconds: 30
+          httpGet:
+            path: /
+            port: 8080
+
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange
+    imageChangeParams:
+      automatic: true
+      containerNames:
+      - coreos
+      from:
+        kind: ImageStreamTag
+        name: coreos:latest
diff --git a/roles/openshift-apps/coreos/files/service.yml b/roles/openshift-apps/coreos/files/service.yml
new file mode 100644
index 0000000..e3ff616
--- /dev/null
+++ b/roles/openshift-apps/coreos/files/service.yml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: coreos
+  name: coreos
+spec:
+  ports:
+  - name: 8080-tcp
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: coreos
+    deploymentconfig: coreos
+
diff --git a/roles/openshift-apps/coreos/templates/buildconfig.yml b/roles/openshift-apps/coreos/templates/buildconfig.yml
new file mode 100644
index 0000000..68a16e7
--- /dev/null
+++ b/roles/openshift-apps/coreos/templates/buildconfig.yml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: BuildConfig
+metadata:
+  name: coreos
+  label:
+    environment: "coreos"
+spec:
+  output:
+    to:
+      kind: ImageStreamTag
+      name: coreos:latest
+  source:
+    type: Git
+    git:
+      uri: https://github.com/coreos/coreos.fedoraproject.org.git
+  strategy:
+    type: Source
+    sourceStrategy:
+      from:
+        kind: ImageStreamTag
+        name: s2i-golang:latest
+  triggers:
+# TODO add that once it is clear on how to store the secret
+#  - type: GitHub
+#    github:
+#      secret: "some_coreos_github_secret"
+  - type: ConfigChange
+  - type: ImageChange
diff --git a/roles/openshift-apps/coreos/templates/imagestream.yml b/roles/openshift-apps/coreos/templates/imagestream.yml
new file mode 100644
index 0000000..b3df672
--- /dev/null
+++ b/roles/openshift-apps/coreos/templates/imagestream.yml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ImageStream
+metadata:
+  name: coreos
+spec:
+  lookupPolicy:
+    local: false
+status:
+  dockerImageRepository: ""
-- 
1.8.3.1

>From 86fd9c8b88a4a10e3252f0e1d36cbdf4303324ab Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@xxxxxxxxxxxxxxxxx>
Date: Fri, 15 Jun 2018 10:25:47 +0000
Subject: [PATCH] Add coreos.fedoraproject.org

---
 fedoraproject.org.template | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fedoraproject.org.template b/fedoraproject.org.template
index c39cb8a..cd88751 100644
--- a/fedoraproject.org.template
+++ b/fedoraproject.org.template
@@ -166,6 +166,8 @@ community.dev	IN    CNAME wildcard
 community.stg	IN    A	    209.132.181.5
 community	IN    CNAME wildcard
 communityblog   IN    CNAME wildcard
+coreos          IN    CNAME wildcard
+coreos.stg      IN    A     209.132.181.5 
 cdn.communityblog	IN	CNAME	1504253206.rsc.cdn77.org.
 ;cvs             IN    A     209.132.181.1
 cvs.stg         IN    A     209.132.181.11
-- 
1.8.3.1

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx/message/2DSM7SW7AFIN4X5CQFYICWQXID5S6YZT/

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux