fedora-infra_ansible/playbooks/openshift-apps/elections.yml

---
- name: Setup the database
  hosts: apps_dbserver:apps_dbserver_stg
  gather_facts: no
  become: yes
  become_user: postgres
  vars_files:
  - /srv/web/infra/ansible/vars/global.yml
  - /srv/private/ansible/vars.yml
  - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
  - name: Elections DB user
    community.postgresql.postgresql_user:
      name: "{{ elections_db_user }}"
      password: "{{ (env == 'production') | ternary(elections_db_pass, elections_stg_db_pass) }}"
  - name: Elections database creation
    community.postgresql.postgresql_db:
      name: "{{ elections_db_name }}"
      owner: "{{ elections_db_user }}"
      encoding: UTF-8


- name: Make the app be real
  hosts: os_control_stg[0]:os_control[0]
  user: root
  gather_facts: false
  vars:
    elections_oidc_overwrite_redirect_uri: >-
      https://elections{{ env_suffix }}.fedoraproject.org/oidc_callback

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - role: rabbit/user
    user_name: "elections{{ env_suffix }}"
    user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_elections\..*

  - role: openshift/project
    project_app: elections
    project_description: Fedora Elections apps
    project_appowners:
    - bcotton
    tags:
    - appowners

  - role: openshift/keytab
    keytab_app: elections
    keytab_key: service.keytab
    keytab_secret_name: elections-keytab
    keytab_service: HTTP
    keytab_host: "elections{{ env_suffix }}.fedoraproject.org"

  - role: openshift/ipa-client
    ipa_client_app: elections

  - role: openshift/object
    object_app: elections
    object_template: imagestream.yml.j2
    object_objectname: imagestream.yml

  - role: openshift/object
    object_app: elections
    object_template: buildconfig.yml.j2
    object_objectname: buildconfig.yml

  - role: openshift/secret-file
    secret_file_app: elections
    secret_file_secret_name: elections-fedora-messaging-key
    secret_file_key: elections.key
    secret_file_privatefile: "rabbitmq/{{env}}/pki/private/elections{{env_suffix}}.key"

  - role: openshift/secret-file
    secret_file_app: elections
    secret_file_secret_name: elections-fedora-messaging-crt
    secret_file_key: elections.crt
    secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/elections{{env_suffix}}.crt"

  - role: openshift/secret-file
    secret_file_app: elections
    secret_file_secret_name: elections-fedora-messaging-ca
    secret_file_key: elections.ca
    secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt"

  - role: openshift/object
    object_app: elections
    object_template: secret.yml.j2
    object_objectname: secret.yml

  - role: openshift/object
    object_app: elections
    object_template: configmap.yml.j2
    object_objectname: configmap.yml

  - role: openshift/start-build
    start_build_app: elections
    start_build_buildname: elections-build
    start_build_objectname: elections-build
    tags:
    - never
    - build

  - role: openshift/object
    object_app: elections
    object_file: service.yml
    object_objectname: service.yml

  - role: openshift/route
    route_app: elections
    route_name: elections
    route_host: "elections{{ env_suffix }}.fedoraproject.org"
    route_serviceport: 8000-tcp
    route_servicename: elections
    route_annotations:
      haproxy.router.openshift.io/set-forwarded-headers: replace

  - role: openshift/object
    object_app: elections
    object_file: deploymentconfig.yml
    object_objectname: deploymentconfig.yml