modules/fm-orchestrator
1
0
Fork 0
mirror of https://pagure.io/fm-orchestrator.git synced 2026-02-02 20:59:06 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
master
fm-orchestrator/openshift/mbs-test-template.yaml
mprahl daf29dd93c Move some of the defaults from conf/config.py to module_build_service/config.py 
This removes the need to duplicate these configuration values.
2020-03-03 14:48:47 -05:00

934 lines
26 KiB
YAML
Raw Permalink Blame History

---
apiVersion: v1
kind: Template
metadata:
name: mbs-test-template
objects:
# frontend
- apiVersion: v1
kind: ConfigMap
metadata:
name: "mbs-frontend-fedmsg-config"
labels:
app: mbs
environment: "test-${TEST_ID}"
service: frontend
data:
logging.py: |
bare_format = "[%(asctime)s][%(name)10s %(levelname)7s] %(message)s"
config = dict(
logging=dict(
version=1,
formatters=dict(
bare={
"datefmt": "%Y-%m-%d %H:%M:%S",
"format": bare_format
},
),
handlers=dict(
console={
"class": "logging.StreamHandler",
"formatter": "bare",
"level": "DEBUG",
"stream": "ext://sys.stdout",
},
),
loggers=dict(
fedmsg={
"level": "DEBUG",
"propagate": True,
},
moksha={
"level": "DEBUG",
"propagate": True,
},
),
),
)
mbs-logging.py: |
config = dict(
logging=dict(
loggers=dict(
# Quiet this guy down...
requests={
"level": "WARNING",
"propagate": True,
},
module_build_service={
"level": "DEBUG",
"propagate": True,
},
mbs_messaging_umb={
"level": "DEBUG",
"propagate": True,
},
),
root=dict(
handlers=["console"],
level="DEBUG",
),
),
)
mbs-fedmsg.py: |
config = {
'zmq_enabled': False,
'validate_signatures': False,
'endpoints': {},
'stomp_uri': '${STOMP_URI}',
'stomp_heartbeat': 5000,
'stomp_ssl_crt': '/etc/mbs-certs/messaging.crt',
'stomp_ssl_key': '/etc/mbs-certs/messaging.key',
'stomp_ack_mode': 'auto',
}
mbs-scheduler.py: |
config = {
# The frontend should have these turned off in perpetuity.
'mbsconsumer': False,
'mbspoller': False,
}
- apiVersion: v1
kind: ConfigMap
metadata:
name: "mbs-frontend-config"
labels:
app: mbs
environment: "test-${TEST_ID}"
service: frontend
data:
config.py: |
class ProdConfiguration(object):
DEBUG = False
SECRET_KEY = ''
SQLALCHEMY_DATABASE_URI = 'postgresql://mbs:${DATABASE_PASSWORD}@mbs-database:5432/mbs'
SQLALCHEMY_TRACK_MODIFICATIONS = True
# Global network-related values, in seconds
NET_TIMEOUT = 120
NET_RETRY_INTERVAL = 30
SYSTEM = 'koji'
MESSAGING = 'umb'
MESSAGING_TOPIC_PREFIX = ['/queue/Consumer.mbs.queue.VirtualTopic.eng']
KOJI_CONFIG = '/etc/module-build-service/koji.conf'
KOJI_PROFILE = 'test'
ARCHES = ['x86_64']
KOJI_PROXYUSER = False
KOJI_REPOSITORY_URL = ''
PDC_URL = ''
SCMURLS = []
ALLOW_CUSTOM_SCMURLS = True
RESOLVER = 'db'
# This is a whitelist of prefixes of koji tags we're allowed to manipulate
KOJI_TAG_PREFIXES = ["module", "scrmod"]
DEFAULT_DIST_TAG_PREFIX = 'module'
# Use the same priority as all other builds
KOJI_BUILD_PRIORITY = 0
# Control where modules get tagged post-build.
BASE_MODULE_NAMES = ['platform']
KOJI_CG_BUILD_TAG_TEMPLATE = ''
KOJI_CG_DEFAULT_BUILD_TAG = ''
# Disable authentication
NO_AUTH = True
YAML_SUBMIT_ALLOWED = False
# Allow maintainers to specify something that differs from the git branch.
ALLOW_NAME_OVERRIDE_FROM_SCM = False
ALLOW_STREAM_OVERRIDE_FROM_SCM = False
# How often should we resort to polling, in seconds
# Set to zero to disable polling
POLLING_INTERVAL = 600
# Determines how many builds that can be submitted to the builder
# and be in the build state at a time. Set this to 0 for no restrictions
NUM_CONCURRENT_BUILDS = 2
RPMS_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/rpms/'
RPMS_ALLOW_REPOSITORY = False
MODULES_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/modules/'
MODULES_ALLOW_REPOSITORY = False
# Our per-build logs for the Koji content generator go here.
# CG imports are controlled by KOJI_ENABLE_CONTENT_GENERATOR
BUILD_LOGS_DIR = '/var/tmp'
# Time after which MBS will delete koji targets it created.
KOJI_TARGET_DELETE_TIME = 86400
# Whether or not to import modules back to koji.
KOJI_ENABLE_CONTENT_GENERATOR = False
# Available backends are: console, file.
LOG_BACKEND = 'console'
# Available log levels are: debug, info, warn, error.
LOG_LEVEL = 'debug'
REBUILD_STRATEGY_ALLOW_OVERRIDE = True
REBUILD_STRATEGY = 'only-changed'
# Settings for Kerberos + LDAP auth
AUTH_METHOD = 'oidc'
# These groups are allowed to submit builds.
ALLOWED_GROUPS = []
# These groups are allowed to cancel the builds of other users.
ADMIN_GROUPS = []
koji.conf: |
[test]
server = ${KOJI_URL}/kojihub
weburl = ${KOJI_URL}/koji/
topurl = ${KOJI_URL}/kojiroot/
authtype = ssl
;client certificate
cert = /etc/koji-certs/kojiadmin.crt
;certificate of the CA that issued the client certificate
;ca = /etc/koji-certs/clientca.crt
;certificate of the CA that issued the HTTP server certificate
serverca = /etc/koji-certs/koji_ca_cert.crt
mock.cfg: |
config_opts['root'] = '$root'
config_opts['target_arch'] = '$arch'
config_opts['legal_host_arches'] = ('$arch',)
config_opts['chroot_setup_cmd'] = 'install $group'
config_opts['dist'] = ''
config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
config_opts['releasever'] = ''
config_opts['package_manager'] = 'dnf'
config_opts['nosync'] = True
config_opts['use_bootstrap_container'] = False
config_opts['yum.conf'] = """
$yum_conf
"""
yum.conf: |
[main]
keepcache=1
debuglevel=2
reposdir=/dev/null
logfile=/var/log/yum.log
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=
install_weak_deps=0
metadata_expire=3600
mdpolicy=group:primary
# repos
platform.yaml: |
document: modulemd
version: 1
data:
description: Fedora 28 traditional base
name: platform
license:
module: [MIT]
profiles:
buildroot:
rpms: [bash, bzip2, coreutils, cpio, diffutils, fedora-release, findutils, gawk,
gcc, gcc-c++, grep, gzip, info, make, module-build-macros, patch,
redhat-rpm-config, rpm-build, sed, shadow-utils, tar, unzip,
util-linux, which, xz]
srpm-buildroot:
rpms: [bash, fedora-release, fedpkg-minimal, gnupg2, module-build-macros,
redhat-rpm-config, rpm-build, shadow-utils]
stream: f28
summary: Fedora 28 traditional base
version: 3
context: 00000000
xmd:
mbs:
buildrequires: {}
commit: virtual
requires: {}
mse: true
koji_tag: module-f28-build
- apiVersion: v1
kind: ConfigMap
metadata:
name: "mbs-httpd-config"
labels:
app: mbs
environment: "test-${TEST_ID}"
service: frontend
data:
mbs.conf: |
<Location />
Require all granted
</Location>
RedirectMatch ^/$ /module-build-service/1/module-builds/
- apiVersion: v1
kind: ConfigMap
metadata:
name: "mbs-wsgi-config"
labels:
app: mbs
environment: "test-${TEST_ID}"
service: frontend
data:
mbs.wsgi: |
#-*- coding: utf-8 -*-
import logging
logging.basicConfig(level='DEBUG')
from module_build_service import app as application
- apiVersion: v1
# Only creating this as a Secret because it supports base64-encoded data.
# Convert to a ConfigMap and use binaryData once we're running on OpenShift 3.10+.
kind: Secret
metadata:
name: mbs-cacerts
labels:
app: mbs
service: frontend
environment: "test-${TEST_ID}"
data:
ca-bundle.crt: |-
${CA_CERTS}
- apiVersion: v1
kind: Secret
metadata:
name: "mbs-frontend-certificates"
labels:
environment: "test-${TEST_ID}"
app: mbs
service: frontend
data:
messaging.crt: |-
${MESSAGING_CERT}
messaging.key: |-
${MESSAGING_KEY}
- apiVersion: v1
kind: Service
metadata:
name: "mbs-frontend"
labels:
environment: "test-${TEST_ID}"
app: mbs
service: frontend
spec:
selector:
app: mbs
environment: "test-${TEST_ID}"
service: frontend
ports:
- name: https
port: 443
targetPort: https
- name: http
port: 80
targetPort: http
- apiVersion: v1
kind: Route
metadata:
name: mbs-api
labels:
environment: "test-${TEST_ID}"
app: mbs
service: frontend
spec:
to:
kind: Service
name: mbs-frontend
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
- apiVersion: v1
kind: DeploymentConfig
metadata:
name: "mbs-frontend"
labels:
environment: "test-${TEST_ID}"
service: frontend
app: mbs
spec:
replicas: 1
strategy:
type: Recreate
selector:
app: mbs
environment: "test-${TEST_ID}"
service: frontend
strategy:
type: Rolling
template:
metadata:
labels:
environment: "test-${TEST_ID}"
service: frontend
app: mbs
spec:
containers:
- name: frontend
image: "${MBS_FRONTEND_IMAGE}"
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
name: http
- containerPort: 8443
protocol: TCP
name: https
volumeMounts:
- name: fedmsg-config
mountPath: /etc/fedmsg.d
readOnly: true
- name: frontend-certificates
mountPath: /etc/mbs-certs
readOnly: true
- name: mbs-config
mountPath: /etc/module-build-service
readOnly: true
- name: httpd-config
mountPath: /etc/httpd/conf.d
readOnly: true
- name: wsgi-config
mountPath: /usr/share/mbs
readOnly: true
- name: koji-certificates
mountPath: /etc/koji-certs
readOnly: true
- name: cacerts-vol
mountPath: /etc/pki/tls/certs
readOnly: true
resources:
limits:
memory: 400Mi
cpu: 300m
volumes:
- name: fedmsg-config
configMap:
name: mbs-frontend-fedmsg-config
- name: frontend-certificates
secret:
secretName: mbs-frontend-certificates
- name: mbs-config
configMap:
name: mbs-frontend-config
- name: httpd-config
configMap:
name: mbs-httpd-config
- name: wsgi-config
configMap:
name: mbs-wsgi-config
- name: koji-certificates
secret:
secretName: mbs-koji-secrets
- name: cacerts-vol
secret:
secretName: mbs-cacerts
defaultMode: 0444
triggers:
- type: ConfigChange
# backend
- apiVersion: v1
kind: ConfigMap
metadata:
name: "mbs-backend-fedmsg-config"
labels:
app: mbs
environment: "test-${TEST_ID}"
service: backend
data:
logging.py: |
bare_format = "[%(asctime)s][%(name)10s %(levelname)7s] %(message)s"
config = dict(
logging=dict(
version=1,
formatters=dict(
bare={
"datefmt": "%Y-%m-%d %H:%M:%S",
"format": bare_format
},
),
handlers=dict(
console={
"class": "logging.StreamHandler",
"formatter": "bare",
"level": "DEBUG",
"stream": "ext://sys.stdout",
},
),
loggers=dict(
fedmsg={
"level": "DEBUG",
"propagate": True,
},
moksha={
"level": "DEBUG",
"propagate": True,
},
),
),
)
mbs-logging.py: |
config = dict(
logging=dict(
loggers=dict(
# Quiet this guy down...
requests={
"level": "WARNING",
"propagate": True,
},
module_build_service={
"level": "DEBUG",
"propagate": True,
},
mbs_messaging_umb={
"level": "DEBUG",
"propagate": True,
},
),
root=dict(
handlers=["console"],
level="DEBUG",
),
),
)
mbs-fedmsg.py: |
config = {
'zmq_enabled': False,
'validate_signatures': False,
'endpoints': {},
'stomp_uri': '${STOMP_URI}',
'stomp_heartbeat': 5000,
'stomp_ssl_crt': '/etc/mbs-certs/messaging.crt',
'stomp_ssl_key': '/etc/mbs-certs/messaging.key',
'stomp_ca_certs': None,
'stomp_ack_mode': 'auto',
}
mbs-scheduler.py: |
config = {
'mbsconsumer': True,
'mbspoller': True,
}
- apiVersion: v1
kind: ConfigMap
metadata:
name: "mbs-backend-config"
labels:
app: mbs
environment: "test-${TEST_ID}"
service: backend
data:
config.py: |
class ProdConfiguration(object):
DEBUG = False
SECRET_KEY = ''
SQLALCHEMY_DATABASE_URI = 'postgresql://mbs:${DATABASE_PASSWORD}@mbs-database:5432/mbs'
SQLALCHEMY_TRACK_MODIFICATIONS = True
# Global network-related values, in seconds
NET_TIMEOUT = 120
NET_RETRY_INTERVAL = 30
SYSTEM = 'koji'
MESSAGING = 'umb'
MESSAGING_TOPIC_PREFIX = ['/queue/Consumer.mbs.queue.VirtualTopic.eng']
KOJI_CONFIG = '/etc/module-build-service/koji.conf'
KOJI_PROFILE = 'test'
ARCHES = ['x86_64']
KOJI_PROXYUSER = False
KOJI_REPOSITORY_URL = ''
PDC_URL = ''
SCMURLS = []
ALLOW_CUSTOM_SCMURLS = True
RESOLVER = 'db'
# This is a whitelist of prefixes of koji tags we're allowed to manipulate
KOJI_TAG_PREFIXES = ["module"]
DEFAULT_DIST_TAG_PREFIX = 'module'
# Use the same priority as all other builds
KOJI_BUILD_PRIORITY = 0
# Control where modules get tagged post-build.
BASE_MODULE_NAMES = ['platform']
KOJI_CG_BUILD_TAG_TEMPLATE = ''
KOJI_CG_DEFAULT_BUILD_TAG = ''
# Disable authentication
NO_AUTH = True
YAML_SUBMIT_ALLOWED = False
# Allow maintainers to specify something that differs from the git branch.
ALLOW_NAME_OVERRIDE_FROM_SCM = False
ALLOW_STREAM_OVERRIDE_FROM_SCM = False
# How often should we resort to polling, in seconds
# Set to zero to disable polling
POLLING_INTERVAL = 600
# Determines how many builds that can be submitted to the builder
# and be in the build state at a time. Set this to 0 for no restrictions
NUM_CONCURRENT_BUILDS = 2
RPMS_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/rpms/'
RPMS_ALLOW_REPOSITORY = False
MODULES_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/modules/'
MODULES_ALLOW_REPOSITORY = False
# Our per-build logs for the Koji content generator go here.
# CG imports are controlled by KOJI_ENABLE_CONTENT_GENERATOR
BUILD_LOGS_DIR = '/var/tmp'
# Time after which MBS will delete koji targets it created.
KOJI_TARGET_DELETE_TIME = 86400
# Whether or not to import modules back to koji.
KOJI_ENABLE_CONTENT_GENERATOR = False
# Available backends are: console, file.
LOG_BACKEND = 'console'
# Available log levels are: debug, info, warn, error.
LOG_LEVEL = 'debug'
REBUILD_STRATEGY_ALLOW_OVERRIDE = True
REBUILD_STRATEGY = 'only-changed'
koji.conf: |
[test]
server = ${KOJI_URL}/kojihub
weburl = ${KOJI_URL}/koji/
topurl = ${KOJI_URL}/kojiroot/
authtype = ssl
;client certificate
cert = /etc/koji-certs/kojiadmin.crt
;certificate of the CA that issued the client certificate
;ca = /etc/koji-certs/clientca.crt
;certificate of the CA that issued the HTTP server certificate
serverca = /etc/koji-certs/koji_ca_cert.crt
mock.cfg: |
config_opts['root'] = '$root'
config_opts['target_arch'] = '$arch'
config_opts['legal_host_arches'] = ('$arch',)
config_opts['chroot_setup_cmd'] = 'install $group'
config_opts['dist'] = ''
config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
config_opts['releasever'] = ''
config_opts['package_manager'] = 'dnf'
config_opts['nosync'] = True
config_opts['use_bootstrap_container'] = False
config_opts['yum.conf'] = """
$yum_conf
"""
yum.conf: |
[main]
keepcache=1
debuglevel=2
reposdir=/dev/null
logfile=/var/log/yum.log
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=
install_weak_deps=0
metadata_expire=3600
mdpolicy=group:primary
# repos
platform.yaml: |
document: modulemd
version: 1
data:
description: Fedora 28 traditional base
name: platform
license:
module: [MIT]
profiles:
buildroot:
rpms: [bash, bzip2, coreutils, cpio, diffutils, fedora-release, findutils, gawk,
gcc, gcc-c++, grep, gzip, info, make, module-build-macros, patch,
redhat-rpm-config, rpm-build, sed, shadow-utils, tar, unzip,
util-linux, which, xz]
srpm-buildroot:
rpms: [bash, fedora-release, fedpkg-minimal, gnupg2, module-build-macros,
redhat-rpm-config, rpm-build, shadow-utils]
stream: f28
summary: Fedora 28 traditional base
version: 3
context: 00000000
xmd:
mbs:
buildrequires: {}
commit: virtual
requires: {}
mse: true
koji_tag: module-f28-build
- apiVersion: v1
kind: Secret
metadata:
name: mbs-backend-secrets
labels:
environment: "test-${TEST_ID}"
app: mbs
service: backend
data:
messaging.crt: |-
${MESSAGING_CERT}
messaging.key: |-
${MESSAGING_KEY}
- apiVersion: v1
kind: Secret
metadata:
name: mbs-koji-secrets
labels:
environment: "test-${TEST_ID}"
app: mbs
data:
kojiadmin.crt: |-
${KOJI_CERT}
koji_ca_cert.crt: |-
${KOJI_SERVERCA}
- apiVersion: v1
kind: DeploymentConfig
metadata:
name: "mbs-backend"
labels:
environment: "test-${TEST_ID}"
service: backend
app: mbs
spec:
replicas: 1
strategy:
type: Recreate
selector:
app: mbs
environment: "test-${TEST_ID}"
service: backend
strategy:
type: Rolling
rollingParams:
pre:
failurePolicy: Abort
execNewPod:
containerName: backend
command:
- /bin/sh
- -i
- -c
- |
# try for 10 minutes (600 seconds)
e=$(( $(date +%s) + 600 ))
i=0
while [ $(date +%s) -lt $e ]; do
echo 'TRY #'$((++i))
if mbs-upgradedb ; then
mbs-manager import_module /etc/module-build-service/platform.yaml
exit 0
fi
done
exit 1
volumes:
- mbs-config
template:
metadata:
labels:
environment: "test-${TEST_ID}"
service: backend
app: mbs
spec:
containers:
- name: backend
image: "${MBS_BACKEND_IMAGE}"
imagePullPolicy: Always
volumeMounts:
- name: fedmsg-config
mountPath: /etc/fedmsg.d
readOnly: true
- name: mbs-config
mountPath: /etc/module-build-service
readOnly: true
- name: backend-certificates
mountPath: /etc/mbs-certs
readOnly: true
- name: koji-certificates
mountPath: /etc/koji-certs
readOnly: true
- name: cacerts-vol
mountPath: /etc/pki/tls/certs
readOnly: true
resources:
limits:
memory: 400Mi
cpu: 300m
volumes:
- name: fedmsg-config
configMap:
name: mbs-backend-fedmsg-config
- name: mbs-config
configMap:
name: mbs-backend-config
- name: backend-certificates
secret:
secretName: mbs-backend-secrets
- name: koji-certificates
secret:
secretName: mbs-koji-secrets
- name: cacerts-vol
secret:
secretName: mbs-cacerts
defaultMode: 0444
triggers:
- type: ConfigChange
# postgresql
- apiVersion: v1
kind: Secret
metadata:
name: "mbs-database-secret"
labels:
environment: "test-${TEST_ID}"
app: mbs
service: database
stringData:
database-password: "${DATABASE_PASSWORD}"
- apiVersion: v1
kind: Service
metadata:
name: "mbs-database"
labels:
environment: "test-${TEST_ID}"
app: mbs
service: database
spec:
selector:
app: mbs
environment: "test-${TEST_ID}"
service: database
ports:
- name: postgresql
port: 5432
targetPort: 5432
- apiVersion: v1
kind: DeploymentConfig
metadata:
name: "mbs-database"
labels:
environment: "test-${TEST_ID}"
service: database
app: mbs
spec:
replicas: 1
strategy:
type: Recreate
selector:
app: mbs
environment: "test-${TEST_ID}"
service: database
template:
metadata:
labels:
environment: "test-${TEST_ID}"
service: database
app: mbs
spec:
containers:
- name: postgresql
image: registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest
imagePullPolicy: Always
ports:
- containerPort: 5432
protocol: TCP
resources:
limits:
memory: 512Mi
cpu: 0.4
readinessProbe:
timeoutSeconds: 1
initialDelaySeconds: 5
exec:
command: [ /bin/sh, -i, -c, "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'" ]
livenessProbe:
timeoutSeconds: 1
initialDelaySeconds: 30
tcpSocket:
port: 5432
env:
- name: POSTGRESQL_USER
value: mbs
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: "mbs-database-secret"
key: database-password
- name: POSTGRESQL_DATABASE
value: mbs
triggers:
- type: ConfigChange
# template parameters
parameters:
- name: TEST_ID
displayName: Test id
description: Short unique identifier for this test run (e.g. Jenkins job number)
required: true
- name: MBS_BACKEND_IMAGE
displayName: Container image for MBS backend
description: Image to be used for MBS backend deployment
value: 172.30.1.1:5000/myproject/mbs-backend:latest
required: true
- name: MBS_FRONTEND_IMAGE
displayName: Container image for MBS frontend
description: Image to be used for MBS frontend deployment
value: 172.30.1.1:5000/myproject/mbs-frontend:latest
required: true
- name: MESSAGING_CERT
displayName: SSL certificate for messaging
description: base64 encoded SSL certificate for message bus authentication
required: true
- name: MESSAGING_KEY
displayName: SSL key for messaging
description: base64 encoded SSL key for message bus authentication
required: true
- name: KOJI_CERT
displayName: Koji client certificate
description: base 64 encoded client certificate used to authenticate with Koji
required: true
- name: KOJI_SERVERCA
displayName: Koji server CA
description: >-
base64 encoded certificate of the CA
that issued the HTTP server certificate for Koji
required: true
- name: DATABASE_PASSWORD
displayName: Database password
generate: expression
from: "[\\w]{32}"
- name: STOMP_URI
displayName: Messagebus URI
description: Messagebus URI
required: true
- name: KOJI_URL
displayName: Top level URL of the Koji instance to use
description: Top level URL of the Koji instance to use. Without a '/' at the end.
default: https://mbs-brew-hub.usersys.redhat.com
required: true
- name: CA_CERTS
displayName: CA certificates
description: Bundle of CA certificates that should be trusted
required: true
Reference in New Issue View Git Blame Copy Permalink