--- apiVersion: v1 kind: Template metadata: name: mbs-test-template objects: # frontend - apiVersion: v1 kind: ConfigMap metadata: name: "mbs-frontend-fedmsg-config" labels: app: mbs environment: "test-${TEST_ID}" service: frontend data: logging.py: | bare_format = "[%(asctime)s][%(name)10s %(levelname)7s] %(message)s" config = dict( logging=dict( version=1, formatters=dict( bare={ "datefmt": "%Y-%m-%d %H:%M:%S", "format": bare_format }, ), handlers=dict( console={ "class": "logging.StreamHandler", "formatter": "bare", "level": "DEBUG", "stream": "ext://sys.stdout", }, ), loggers=dict( fedmsg={ "level": "DEBUG", "propagate": True, }, moksha={ "level": "DEBUG", "propagate": True, }, ), ), ) mbs-logging.py: | config = dict( logging=dict( loggers=dict( # Quiet this guy down... requests={ "level": "WARNING", "propagate": True, }, module_build_service={ "level": "DEBUG", "propagate": True, }, mbs_messaging_umb={ "level": "DEBUG", "propagate": True, }, ), root=dict( handlers=["console"], level="DEBUG", ), ), ) mbs-fedmsg.py: | config = { 'zmq_enabled': False, 'validate_signatures': False, 'endpoints': {}, 'stomp_uri': '${STOMP_URI}', 'stomp_heartbeat': 5000, 'stomp_ssl_crt': '/etc/mbs-certs/messaging.crt', 'stomp_ssl_key': '/etc/mbs-certs/messaging.key', 'stomp_ack_mode': 'auto', } mbs-scheduler.py: | config = { # The frontend should have these turned off in perpetuity. 'mbsconsumer': False, 'mbspoller': False, } - apiVersion: v1 kind: ConfigMap metadata: name: "mbs-frontend-config" labels: app: mbs environment: "test-${TEST_ID}" service: frontend data: config.py: | class ProdConfiguration(object): DEBUG = False SECRET_KEY = '' SQLALCHEMY_DATABASE_URI = 'postgresql://mbs:${DATABASE_PASSWORD}@mbs-database:5432/mbs' SQLALCHEMY_TRACK_MODIFICATIONS = True # Global network-related values, in seconds NET_TIMEOUT = 120 NET_RETRY_INTERVAL = 30 SYSTEM = 'koji' MESSAGING = 'umb' MESSAGING_TOPIC_PREFIX = ['/queue/Consumer.mbs.queue.VirtualTopic.eng'] KOJI_CONFIG = '/etc/module-build-service/koji.conf' KOJI_PROFILE = 'test' ARCHES = ['x86_64'] KOJI_PROXYUSER = False KOJI_REPOSITORY_URL = '' PDC_URL = '' SCMURLS = [] ALLOW_CUSTOM_SCMURLS = True RESOLVER = 'db' # This is a whitelist of prefixes of koji tags we're allowed to manipulate KOJI_TAG_PREFIXES = ["module", "scrmod"] DEFAULT_DIST_TAG_PREFIX = 'module' # Use the same priority as all other builds KOJI_BUILD_PRIORITY = 0 # Control where modules get tagged post-build. BASE_MODULE_NAMES = ['platform'] KOJI_CG_BUILD_TAG_TEMPLATE = '' KOJI_CG_DEFAULT_BUILD_TAG = '' # Disable authentication NO_AUTH = True YAML_SUBMIT_ALLOWED = False # Allow maintainers to specify something that differs from the git branch. ALLOW_NAME_OVERRIDE_FROM_SCM = False ALLOW_STREAM_OVERRIDE_FROM_SCM = False # How often should we resort to polling, in seconds # Set to zero to disable polling POLLING_INTERVAL = 600 # Determines how many builds that can be submitted to the builder # and be in the build state at a time. Set this to 0 for no restrictions NUM_CONCURRENT_BUILDS = 2 RPMS_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/rpms/' RPMS_ALLOW_REPOSITORY = False MODULES_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/modules/' MODULES_ALLOW_REPOSITORY = False # Our per-build logs for the Koji content generator go here. # CG imports are controlled by KOJI_ENABLE_CONTENT_GENERATOR BUILD_LOGS_DIR = '/var/tmp' # Time after which MBS will delete koji targets it created. KOJI_TARGET_DELETE_TIME = 86400 # Whether or not to import modules back to koji. KOJI_ENABLE_CONTENT_GENERATOR = False # Available backends are: console, file. LOG_BACKEND = 'console' # Available log levels are: debug, info, warn, error. LOG_LEVEL = 'debug' REBUILD_STRATEGY_ALLOW_OVERRIDE = True REBUILD_STRATEGY = 'only-changed' # Settings for Kerberos + LDAP auth AUTH_METHOD = 'oidc' # These groups are allowed to submit builds. ALLOWED_GROUPS = [] # These groups are allowed to cancel the builds of other users. ADMIN_GROUPS = [] koji.conf: | [test] server = ${KOJI_URL}/kojihub weburl = ${KOJI_URL}/koji/ topurl = ${KOJI_URL}/kojiroot/ authtype = ssl ;client certificate cert = /etc/koji-certs/kojiadmin.crt ;certificate of the CA that issued the client certificate ;ca = /etc/koji-certs/clientca.crt ;certificate of the CA that issued the HTTP server certificate serverca = /etc/koji-certs/koji_ca_cert.crt mock.cfg: | config_opts['root'] = '$root' config_opts['target_arch'] = '$arch' config_opts['legal_host_arches'] = ('$arch',) config_opts['chroot_setup_cmd'] = 'install $group' config_opts['dist'] = '' config_opts['extra_chroot_dirs'] = [ '/run/lock', ] config_opts['releasever'] = '' config_opts['package_manager'] = 'dnf' config_opts['nosync'] = True config_opts['use_bootstrap_container'] = False config_opts['yum.conf'] = """ $yum_conf """ yum.conf: | [main] keepcache=1 debuglevel=2 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= install_weak_deps=0 metadata_expire=3600 mdpolicy=group:primary # repos platform.yaml: | document: modulemd version: 1 data: description: Fedora 28 traditional base name: platform license: module: [MIT] profiles: buildroot: rpms: [bash, bzip2, coreutils, cpio, diffutils, fedora-release, findutils, gawk, gcc, gcc-c++, grep, gzip, info, make, module-build-macros, patch, redhat-rpm-config, rpm-build, sed, shadow-utils, tar, unzip, util-linux, which, xz] srpm-buildroot: rpms: [bash, fedora-release, fedpkg-minimal, gnupg2, module-build-macros, redhat-rpm-config, rpm-build, shadow-utils] stream: f28 summary: Fedora 28 traditional base version: 3 context: 00000000 xmd: mbs: buildrequires: {} commit: virtual requires: {} mse: true koji_tag: module-f28-build - apiVersion: v1 kind: ConfigMap metadata: name: "mbs-httpd-config" labels: app: mbs environment: "test-${TEST_ID}" service: frontend data: mbs.conf: | Require all granted RedirectMatch ^/$ /module-build-service/1/module-builds/ - apiVersion: v1 kind: ConfigMap metadata: name: "mbs-wsgi-config" labels: app: mbs environment: "test-${TEST_ID}" service: frontend data: mbs.wsgi: | #-*- coding: utf-8 -*- import logging logging.basicConfig(level='DEBUG') from module_build_service import app as application - apiVersion: v1 # Only creating this as a Secret because it supports base64-encoded data. # Convert to a ConfigMap and use binaryData once we're running on OpenShift 3.10+. kind: Secret metadata: name: mbs-cacerts labels: app: mbs service: frontend environment: "test-${TEST_ID}" data: ca-bundle.crt: |- ${CA_CERTS} - apiVersion: v1 kind: Secret metadata: name: "mbs-frontend-certificates" labels: environment: "test-${TEST_ID}" app: mbs service: frontend data: messaging.crt: |- ${MESSAGING_CERT} messaging.key: |- ${MESSAGING_KEY} - apiVersion: v1 kind: Service metadata: name: "mbs-frontend" labels: environment: "test-${TEST_ID}" app: mbs service: frontend spec: selector: app: mbs environment: "test-${TEST_ID}" service: frontend ports: - name: https port: 443 targetPort: https - name: http port: 80 targetPort: http - apiVersion: v1 kind: Route metadata: name: mbs-api labels: environment: "test-${TEST_ID}" app: mbs service: frontend spec: to: kind: Service name: mbs-frontend tls: termination: edge insecureEdgeTerminationPolicy: Redirect - apiVersion: v1 kind: DeploymentConfig metadata: name: "mbs-frontend" labels: environment: "test-${TEST_ID}" service: frontend app: mbs spec: replicas: 1 strategy: type: Recreate selector: app: mbs environment: "test-${TEST_ID}" service: frontend strategy: type: Rolling template: metadata: labels: environment: "test-${TEST_ID}" service: frontend app: mbs spec: containers: - name: frontend image: "${MBS_FRONTEND_IMAGE}" imagePullPolicy: Always ports: - containerPort: 8080 protocol: TCP name: http - containerPort: 8443 protocol: TCP name: https volumeMounts: - name: fedmsg-config mountPath: /etc/fedmsg.d readOnly: true - name: frontend-certificates mountPath: /etc/mbs-certs readOnly: true - name: mbs-config mountPath: /etc/module-build-service readOnly: true - name: httpd-config mountPath: /etc/httpd/conf.d readOnly: true - name: wsgi-config mountPath: /usr/share/mbs readOnly: true - name: koji-certificates mountPath: /etc/koji-certs readOnly: true - name: cacerts-vol mountPath: /etc/pki/tls/certs readOnly: true resources: limits: memory: 400Mi cpu: 300m volumes: - name: fedmsg-config configMap: name: mbs-frontend-fedmsg-config - name: frontend-certificates secret: secretName: mbs-frontend-certificates - name: mbs-config configMap: name: mbs-frontend-config - name: httpd-config configMap: name: mbs-httpd-config - name: wsgi-config configMap: name: mbs-wsgi-config - name: koji-certificates secret: secretName: mbs-koji-secrets - name: cacerts-vol secret: secretName: mbs-cacerts defaultMode: 0444 triggers: - type: ConfigChange # backend - apiVersion: v1 kind: ConfigMap metadata: name: "mbs-backend-fedmsg-config" labels: app: mbs environment: "test-${TEST_ID}" service: backend data: logging.py: | bare_format = "[%(asctime)s][%(name)10s %(levelname)7s] %(message)s" config = dict( logging=dict( version=1, formatters=dict( bare={ "datefmt": "%Y-%m-%d %H:%M:%S", "format": bare_format }, ), handlers=dict( console={ "class": "logging.StreamHandler", "formatter": "bare", "level": "DEBUG", "stream": "ext://sys.stdout", }, ), loggers=dict( fedmsg={ "level": "DEBUG", "propagate": True, }, moksha={ "level": "DEBUG", "propagate": True, }, ), ), ) mbs-logging.py: | config = dict( logging=dict( loggers=dict( # Quiet this guy down... requests={ "level": "WARNING", "propagate": True, }, module_build_service={ "level": "DEBUG", "propagate": True, }, mbs_messaging_umb={ "level": "DEBUG", "propagate": True, }, ), root=dict( handlers=["console"], level="DEBUG", ), ), ) mbs-fedmsg.py: | config = { 'zmq_enabled': False, 'validate_signatures': False, 'endpoints': {}, 'stomp_uri': '${STOMP_URI}', 'stomp_heartbeat': 5000, 'stomp_ssl_crt': '/etc/mbs-certs/messaging.crt', 'stomp_ssl_key': '/etc/mbs-certs/messaging.key', 'stomp_ca_certs': None, 'stomp_ack_mode': 'auto', } mbs-scheduler.py: | config = { 'mbsconsumer': True, 'mbspoller': True, } - apiVersion: v1 kind: ConfigMap metadata: name: "mbs-backend-config" labels: app: mbs environment: "test-${TEST_ID}" service: backend data: config.py: | class ProdConfiguration(object): DEBUG = False SECRET_KEY = '' SQLALCHEMY_DATABASE_URI = 'postgresql://mbs:${DATABASE_PASSWORD}@mbs-database:5432/mbs' SQLALCHEMY_TRACK_MODIFICATIONS = True # Global network-related values, in seconds NET_TIMEOUT = 120 NET_RETRY_INTERVAL = 30 SYSTEM = 'koji' MESSAGING = 'umb' MESSAGING_TOPIC_PREFIX = ['/queue/Consumer.mbs.queue.VirtualTopic.eng'] KOJI_CONFIG = '/etc/module-build-service/koji.conf' KOJI_PROFILE = 'test' ARCHES = ['x86_64'] KOJI_PROXYUSER = False KOJI_REPOSITORY_URL = '' PDC_URL = '' SCMURLS = [] ALLOW_CUSTOM_SCMURLS = True RESOLVER = 'db' # This is a whitelist of prefixes of koji tags we're allowed to manipulate KOJI_TAG_PREFIXES = ["module"] DEFAULT_DIST_TAG_PREFIX = 'module' # Use the same priority as all other builds KOJI_BUILD_PRIORITY = 0 # Control where modules get tagged post-build. BASE_MODULE_NAMES = ['platform'] KOJI_CG_BUILD_TAG_TEMPLATE = '' KOJI_CG_DEFAULT_BUILD_TAG = '' # Disable authentication NO_AUTH = True YAML_SUBMIT_ALLOWED = False # Allow maintainers to specify something that differs from the git branch. ALLOW_NAME_OVERRIDE_FROM_SCM = False ALLOW_STREAM_OVERRIDE_FROM_SCM = False # How often should we resort to polling, in seconds # Set to zero to disable polling POLLING_INTERVAL = 600 # Determines how many builds that can be submitted to the builder # and be in the build state at a time. Set this to 0 for no restrictions NUM_CONCURRENT_BUILDS = 2 RPMS_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/rpms/' RPMS_ALLOW_REPOSITORY = False MODULES_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/modules/' MODULES_ALLOW_REPOSITORY = False # Our per-build logs for the Koji content generator go here. # CG imports are controlled by KOJI_ENABLE_CONTENT_GENERATOR BUILD_LOGS_DIR = '/var/tmp' # Time after which MBS will delete koji targets it created. KOJI_TARGET_DELETE_TIME = 86400 # Whether or not to import modules back to koji. KOJI_ENABLE_CONTENT_GENERATOR = False # Available backends are: console, file. LOG_BACKEND = 'console' # Available log levels are: debug, info, warn, error. LOG_LEVEL = 'debug' REBUILD_STRATEGY_ALLOW_OVERRIDE = True REBUILD_STRATEGY = 'only-changed' koji.conf: | [test] server = ${KOJI_URL}/kojihub weburl = ${KOJI_URL}/koji/ topurl = ${KOJI_URL}/kojiroot/ authtype = ssl ;client certificate cert = /etc/koji-certs/kojiadmin.crt ;certificate of the CA that issued the client certificate ;ca = /etc/koji-certs/clientca.crt ;certificate of the CA that issued the HTTP server certificate serverca = /etc/koji-certs/koji_ca_cert.crt mock.cfg: | config_opts['root'] = '$root' config_opts['target_arch'] = '$arch' config_opts['legal_host_arches'] = ('$arch',) config_opts['chroot_setup_cmd'] = 'install $group' config_opts['dist'] = '' config_opts['extra_chroot_dirs'] = [ '/run/lock', ] config_opts['releasever'] = '' config_opts['package_manager'] = 'dnf' config_opts['nosync'] = True config_opts['use_bootstrap_container'] = False config_opts['yum.conf'] = """ $yum_conf """ yum.conf: | [main] keepcache=1 debuglevel=2 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= install_weak_deps=0 metadata_expire=3600 mdpolicy=group:primary # repos platform.yaml: | document: modulemd version: 1 data: description: Fedora 28 traditional base name: platform license: module: [MIT] profiles: buildroot: rpms: [bash, bzip2, coreutils, cpio, diffutils, fedora-release, findutils, gawk, gcc, gcc-c++, grep, gzip, info, make, module-build-macros, patch, redhat-rpm-config, rpm-build, sed, shadow-utils, tar, unzip, util-linux, which, xz] srpm-buildroot: rpms: [bash, fedora-release, fedpkg-minimal, gnupg2, module-build-macros, redhat-rpm-config, rpm-build, shadow-utils] stream: f28 summary: Fedora 28 traditional base version: 3 context: 00000000 xmd: mbs: buildrequires: {} commit: virtual requires: {} mse: true koji_tag: module-f28-build - apiVersion: v1 kind: Secret metadata: name: mbs-backend-secrets labels: environment: "test-${TEST_ID}" app: mbs service: backend data: messaging.crt: |- ${MESSAGING_CERT} messaging.key: |- ${MESSAGING_KEY} - apiVersion: v1 kind: Secret metadata: name: mbs-koji-secrets labels: environment: "test-${TEST_ID}" app: mbs data: kojiadmin.crt: |- ${KOJI_CERT} koji_ca_cert.crt: |- ${KOJI_SERVERCA} - apiVersion: v1 kind: DeploymentConfig metadata: name: "mbs-backend" labels: environment: "test-${TEST_ID}" service: backend app: mbs spec: replicas: 1 strategy: type: Recreate selector: app: mbs environment: "test-${TEST_ID}" service: backend strategy: type: Rolling rollingParams: pre: failurePolicy: Abort execNewPod: containerName: backend command: - /bin/sh - -i - -c - | # try for 10 minutes (600 seconds) e=$(( $(date +%s) + 600 )) i=0 while [ $(date +%s) -lt $e ]; do echo 'TRY #'$((++i)) if mbs-upgradedb ; then mbs-manager import_module /etc/module-build-service/platform.yaml exit 0 fi done exit 1 volumes: - mbs-config template: metadata: labels: environment: "test-${TEST_ID}" service: backend app: mbs spec: containers: - name: backend image: "${MBS_BACKEND_IMAGE}" imagePullPolicy: Always volumeMounts: - name: fedmsg-config mountPath: /etc/fedmsg.d readOnly: true - name: mbs-config mountPath: /etc/module-build-service readOnly: true - name: backend-certificates mountPath: /etc/mbs-certs readOnly: true - name: koji-certificates mountPath: /etc/koji-certs readOnly: true - name: cacerts-vol mountPath: /etc/pki/tls/certs readOnly: true resources: limits: memory: 400Mi cpu: 300m volumes: - name: fedmsg-config configMap: name: mbs-backend-fedmsg-config - name: mbs-config configMap: name: mbs-backend-config - name: backend-certificates secret: secretName: mbs-backend-secrets - name: koji-certificates secret: secretName: mbs-koji-secrets - name: cacerts-vol secret: secretName: mbs-cacerts defaultMode: 0444 triggers: - type: ConfigChange # postgresql - apiVersion: v1 kind: Secret metadata: name: "mbs-database-secret" labels: environment: "test-${TEST_ID}" app: mbs service: database stringData: database-password: "${DATABASE_PASSWORD}" - apiVersion: v1 kind: Service metadata: name: "mbs-database" labels: environment: "test-${TEST_ID}" app: mbs service: database spec: selector: app: mbs environment: "test-${TEST_ID}" service: database ports: - name: postgresql port: 5432 targetPort: 5432 - apiVersion: v1 kind: DeploymentConfig metadata: name: "mbs-database" labels: environment: "test-${TEST_ID}" service: database app: mbs spec: replicas: 1 strategy: type: Recreate selector: app: mbs environment: "test-${TEST_ID}" service: database template: metadata: labels: environment: "test-${TEST_ID}" service: database app: mbs spec: containers: - name: postgresql image: registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest imagePullPolicy: Always ports: - containerPort: 5432 protocol: TCP resources: limits: memory: 512Mi cpu: 0.4 readinessProbe: timeoutSeconds: 1 initialDelaySeconds: 5 exec: command: [ /bin/sh, -i, -c, "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'" ] livenessProbe: timeoutSeconds: 1 initialDelaySeconds: 30 tcpSocket: port: 5432 env: - name: POSTGRESQL_USER value: mbs - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: "mbs-database-secret" key: database-password - name: POSTGRESQL_DATABASE value: mbs triggers: - type: ConfigChange # template parameters parameters: - name: TEST_ID displayName: Test id description: Short unique identifier for this test run (e.g. Jenkins job number) required: true - name: MBS_BACKEND_IMAGE displayName: Container image for MBS backend description: Image to be used for MBS backend deployment value: 172.30.1.1:5000/myproject/mbs-backend:latest required: true - name: MBS_FRONTEND_IMAGE displayName: Container image for MBS frontend description: Image to be used for MBS frontend deployment value: 172.30.1.1:5000/myproject/mbs-frontend:latest required: true - name: MESSAGING_CERT displayName: SSL certificate for messaging description: base64 encoded SSL certificate for message bus authentication required: true - name: MESSAGING_KEY displayName: SSL key for messaging description: base64 encoded SSL key for message bus authentication required: true - name: KOJI_CERT displayName: Koji client certificate description: base 64 encoded client certificate used to authenticate with Koji required: true - name: KOJI_SERVERCA displayName: Koji server CA description: >- base64 encoded certificate of the CA that issued the HTTP server certificate for Koji required: true - name: DATABASE_PASSWORD displayName: Database password generate: expression from: "[\\w]{32}" - name: STOMP_URI displayName: Messagebus URI description: Messagebus URI required: true - name: KOJI_URL displayName: Top level URL of the Koji instance to use description: Top level URL of the Koji instance to use. Without a '/' at the end. default: https://mbs-brew-hub.usersys.redhat.com required: true - name: CA_CERTS displayName: CA certificates description: Bundle of CA certificates that should be trusted required: true