#42 Remove unused files
Merged 4 years ago by mikeb. Opened 4 years ago by mkovarik.
mkovarik/c3i-library cleanup  into  master

file modified
+1 -5
@@ -6,11 +6,7 @@ 

  The currently available global variables are:

  

  * c3i: General utilities, including cleaning up stale resources from previous test runs.

- * ca: Create a local certificate authority, and generate SSL certificates and Java keystores

-   and truststores.

- * umb: Deploy an instance of the Unified Message Bus (ActiveMQ).

- * koji: Deploy and provision a Koji hub.

- * mbs: Deploy a Module Build Service instance.

+ * pagure: Client for pagure.io .

  

  More complete documentation is in progress.

  

file removed
-70
@@ -1,70 +0,0 @@ 

- [ ca ]

- default_ca       = CA_default        # The default ca section

- 

- [ CA_default ]

- dir              = $ENV::PWD           # Where everything is kept

- certs            = $dir                # Where the issued certs are kept

- database         = $dir/index.txt      # database index file.

- new_certs_dir    = $dir                # default place for new certs.

- certificate      = $dir/ca-cert.pem    # The CA certificate

- private_key      = $dir/ca-key.pem     # The private key

- serial           = $dir/serial         # The current serial number

- x509_extensions  = usr_cert            # The extensions to add to the cert

- name_opt         = ca_default          # Subject Name options

- cert_opt         = ca_default          # Certificate field options

- default_days     = 7                   # how long to certify for

- default_md       = sha256              # use SHA-256 by default

- preserve         = no                  # keep passed DN ordering

- policy           = policy_match

- 

- [ policy_match ]

- countryName            = match

- stateOrProvinceName    = match

- localityName           = match

- organizationName       = match

- organizationalUnitName = supplied

- commonName             = supplied

- emailAddress           = supplied

- 

- [ req ]

- default_bits        = 2048

- default_md          = sha256

- distinguished_name  = req_distinguished_name

- attributes          = req_attributes

- x509_extensions     = v3_ca

- prompt              = no

- string_mask         = utf8only

- req_extensions      = v3_req

- 

- [ req_distinguished_name ]

- countryName                = US

- stateOrProvinceName        = Massachusetts

- localityName               = Boston

- 0.organizationName         = Test Company

- organizationalUnitName     = Test Unit

- commonName                 = ${commonName}

- emailAddress               = test-ca@example.com

- 

- [ req_attributes ]

- 

- [ usr_cert ]

- basicConstraints        = CA:FALSE

- nsCertType              = server, client, email, objsign

- nsComment               = "Certificate for testing purposes only"

- subjectKeyIdentifier    = hash

- authorityKeyIdentifier  = keyid,issuer

- subjectAltName          = ${subjectAltNames}

- 

- [ v3_req ]

- basicConstraints  = CA:FALSE

- keyUsage          = nonRepudiation, digitalSignature, keyEncipherment

- extendedKeyUsage  = serverAuth

- 

- [ v3_ca ]

- basicConstraints        = critical,CA:TRUE,pathlen:0

- subjectKeyIdentifier    = hash

- authorityKeyIdentifier  = keyid:always,issuer

- keyUsage                = keyCertSign

- nsCertType              = sslCA

- subjectAltName          = email:copy

- issuerAltName           = issuer:copy

@@ -1,355 +0,0 @@ 

- apiVersion: v1

- kind: Template

- metadata:

-   name: koji-hub-test-template

-   app: koji

- parameters:

- - name: TEST_ID

-   displayName: Test id

-   description: Short unique identifier for this test run (e.g. Jenkins job number)

-   required: true

- - name: KOJI_HUB_IMAGE

-   displayName: Koji image repo to be tested

-   description: The location of the Koji hub image to deploy

-   value: quay.io/factory2/koji:latest

-   required: true

- - name: DATABASE_PASSWORD

-   displayName: Database password

-   generate: expression

-   from: "[\\w]{12}"

- - name: KOJI_HUB_CERT

-   displayName: Koji hub SSL certificate

-   description: SSL certificate for the Koji hub (base64 encoded)

-   required: true

- - name: KOJI_HUB_KEY

-   displayName: Koji hub SSL private key

-   description: SSL private key for the Koji hub (base64 encoded)

-   required: true

- - name: KOJI_CA_CERT

-   displayName: Koji hub CA certificate

-   description: Certificate for the CA that issued the Koji hub certificate (base64 encoded)

-   required: true

- - name: KOJI_MESSAGING_URL

-   displayName: Koji messaging URL

-   description: The URL to the message broker used by the Koji messaging plugin

-   required: true

- - name: KOJI_MESSAGING_CERT_AND_KEY

-   displayName: Koji messaging certificate and key

-   description: SSL certificate and private key for messaging, concatenated, in PEM format (base64 encoded)

-   required: true

- - name: KOJI_ADMIN_USER

-   displayName: Koji admin user

-   description: Username to add to the Koji instance as an admin

-   value: admin

-   required: true

- objects:

- - apiVersion: v1

-   kind: Secret

-   metadata:

-     name: koji-${TEST_ID}-db-secret

-     labels:

-       app: koji

-       service: database

-       environment: test-${TEST_ID}

-   stringData:

-     password: "${DATABASE_PASSWORD}"

- - apiVersion: v1

-   kind: DeploymentConfig

-   metadata:

-     name: koji-${TEST_ID}-db

-     labels:

-       app: koji

-       service: database

-       environment: test-${TEST_ID}

-   spec:

-     replicas: 1

-     strategy:

-       type: Recreate

-     selector:

-       app: koji

-       service: database

-       environment: test-${TEST_ID}

-     template:

-       metadata:

-         labels:

-           app: koji

-           service: database

-           environment: test-${TEST_ID}

-       spec:

-         containers:

-         - name: postgresql

-           image: registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest

-           imagePullPolicy: Always

-           ports:

-           - containerPort: 5432

-             protocol: TCP

-           resources:

-             limits:

-               memory: 512Mi

-               cpu: 0.4

-           readinessProbe:

-             timeoutSeconds: 1

-             initialDelaySeconds: 30

-             exec:

-               command: [ /bin/sh, -i, -c, "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'" ]

-           livenessProbe:

-             timeoutSeconds: 1

-             initialDelaySeconds: 30

-             tcpSocket:

-               port: 5432

-           env:

-           - name: POSTGRESQL_USER

-             value: koji

-           - name: POSTGRESQL_PASSWORD

-             valueFrom:

-               secretKeyRef:

-                 name: koji-${TEST_ID}-db-secret

-                 key: password

-           - name: POSTGRESQL_DATABASE

-             value: koji

-     triggers:

-     - type: ConfigChange

- - apiVersion: v1

-   kind: Service

-   metadata:

-     name: koji-${TEST_ID}-db

-     labels:

-       app: koji

-       service: database

-       environment: test-${TEST_ID}

-   spec:

-     ports:

-     - port: 5432

-       protocol: TCP

-       targetPort: 5432

-     selector:

-       app: koji

-       service: database

-       environment: test-${TEST_ID}

- - apiVersion: v1

-   kind: Secret

-   metadata:

-     name: koji-${TEST_ID}-hub-certs

-     labels:

-       app: koji

-       service: hub

-       environment: test-${TEST_ID}

-   data:

-     kojihub.crt: |-

-       ${KOJI_HUB_CERT}

-     kojihub.key: |-

-       ${KOJI_HUB_KEY}

-     kojica.crt: |-

-       ${KOJI_CA_CERT}

-     kojimsg.pem: |-

-       ${KOJI_MESSAGING_CERT_AND_KEY}

- - apiVersion: v1

-   kind: ConfigMap

-   metadata:

-     name: koji-${TEST_ID}-hub-config

-     labels:

-       app: koji

-       service: hub

-       environment: test-${TEST_ID}

-   data:

-     ssl.conf: |-

-       LoadModule ssl_module modules/mod_ssl.so

-       Listen 8443

-       SSLPassPhraseDialog builtin

-       SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)

-       SSLSessionCacheTimeout 300

-       SSLRandomSeed startup file:/dev/urandom  256

-       SSLRandomSeed connect builtin

-       SSLCryptoDevice builtin

-       <VirtualHost _default_:8443>

-         ErrorLog logs/ssl_error_log

-         TransferLog logs/ssl_access_log

-         LogLevel debug

-         SSLEngine on

-         SSLProtocol all -SSLv2

-         SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES

-         ServerName koji-hub

-         SSLCertificateFile /etc/pki/koji/certs/kojihub.crt

-         SSLCertificateKeyFile /etc/pki/koji/certs/kojihub.key

-         SSLCertificateChainFile /etc/pki/koji/certs/kojica.crt

-         SSLCACertificateFile /etc/pki/koji/certs/kojica.crt

-         SSLVerifyDepth 1

-         CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

-       </VirtualHost>

-     hub.conf: |-

-       [hub]

-       KojiDir = /mnt/koji

-       LoginCreatesUser = On

-       DisableNotifications = True

-       PluginPath = /usr/lib/koji-hub-plugins

-       Plugins = protonmsg

-       KojiDebug = On

-       KojiTraceback = extended

-       DBName = koji

-       DBUser = koji

-       DBPass = ${DATABASE_PASSWORD}

-       DBHost = koji-${TEST_ID}-db

-       KojiWebURL = https://koji-${TEST_ID}-web/koji

-       EnableMaven = True

-       EnableWin = True

-       KojiDebug = On

-       KojiTraceback = extended

-       DNUsernameComponent = CN

-       ProxyDNs = /C=US/ST=Massachusetts/L=Boston/O=Test Company/OU=Test Unit/CN=koji-${TEST_ID}-web/emailAddress=test-ca@example.com

-     protonmsg.conf: |-

-       [broker]

-       urls = ${KOJI_MESSAGING_URL}

-       cert = /etc/pki/koji/certs/kojimsg.pem

-       cacert = /etc/pki/koji/certs/kojica.crt

-       topic_prefix = VirtualTopic.eng.brew

-       connect_timeout = 10

-       send_timeout = 60

- - apiVersion: v1

-   kind: DeploymentConfig

-   metadata:

-     name: koji-${TEST_ID}-hub

-     labels:

-       app: koji

-       service: hub

-       environment: test-${TEST_ID}

-   spec:

-     replicas: 1

-     strategy:

-       type: Recreate

-       recreateParams:

-         pre:

-           failurePolicy: Abort

-           execNewPod:

-             containerName: koji-hub

-             command:

-             - /bin/sh

-             - -i

-             - -c

-             - |

-               # try for 10 minutes (600 seconds)

-               e=$(( $(date +%s) + 600 ))

-               i=0

-               while [ $(date +%s) -lt $e ]; do

-                 export PGPASSWORD="${DATABASE_PASSWORD}"

-                 echo "TRY #$((++i))"

-                 psql -h koji-${TEST_ID}-db koji koji -c "select 1 from task" || psql -h koji-${TEST_ID}-db koji koji -f /usr/share/doc/koji*/docs/schema.sql

-                 if [ $? -eq 0 ]; then

-                   psql -h koji-${TEST_ID}-db koji koji -c "insert into users (name, usertype, status) values ('${KOJI_ADMIN_USER}', 0, 0)" && \

-                   psql -h koji-${TEST_ID}-db koji koji -c "insert into user_perms (user_id, perm_id, creator_id) values \

-                                                   ((select id from users where name = '${KOJI_ADMIN_USER}'), \

-                                                    (select id from permissions where name = 'admin'), \

-                                                    (select id from users where name = '${KOJI_ADMIN_USER}'))" || :

-                   exit 0

-                 fi

-                 sleep 10

-               done

-               exit 1

-     selector:

-       app: koji

-       service: hub

-       environment: test-${TEST_ID}

-     template:

-       metadata:

-         labels:

-           app: koji

-           service: hub

-           environment: test-${TEST_ID}

-       spec:

-         containers:

-         - name: koji-hub

-           image: ${KOJI_HUB_IMAGE}

-           imagePullPolicy: Always

-           ports:

-           - containerPort: 8080

-             protocol: TCP

-             name: http

-           - containerPort: 8443

-             protocol: TCP

-             name: https

-           livenessProbe:

-             failureThreshold: 3

-             httpGet:

-               path: /kojifiles/

-               port: 8080

-               scheme: HTTP

-             initialDelaySeconds: 10

-             periodSeconds: 10

-             successThreshold: 1

-             timeoutSeconds: 1

-           readinessProbe:

-             failureThreshold: 3

-             httpGet:

-               path: /kojifiles/

-               port: 8080

-               scheme: HTTP

-             initialDelaySeconds: 5

-             periodSeconds: 10

-             successThreshold: 1

-             timeoutSeconds: 1

-           resources:

-             limits:

-               memory: 512Mi

-               cpu: 400m

-             requests:

-               memory: 256Mi

-               cpu: 200m

-           volumeMounts:

-           - mountPath: /mnt/koji

-             name: koji-volume

-           - mountPath: /etc/pki/koji/certs

-             name: koji-hub-certs-vol

-           - mountPath: /etc/pki/tls/cert.pem

-             name: koji-hub-certs-vol

-             subPath: kojica.crt

-           - mountPath: /etc/httpd/conf.d/ssl.conf

-             name: koji-hub-config-vol

-             subPath: ssl.conf

-           - mountPath: /etc/koji-hub/hub.conf

-             name: koji-hub-config-vol

-             subPath: hub.conf

-         volumes:

-         - name: koji-volume

-           emptyDir: {}

-         - name: koji-hub-config-vol

-           configMap:

-             name: koji-${TEST_ID}-hub-config

-         - name: koji-hub-certs-vol

-           secret:

-             secretName: koji-${TEST_ID}-hub-certs

- - apiVersion: v1

-   kind: Service

-   metadata:

-     name: koji-${TEST_ID}-hub

-     labels:

-       app: koji

-       service: hub

-       environment: test-${TEST_ID}

-   spec:

-     ports:

-     - name: http

-       port: 80

-       targetPort: http

-     - name: https

-       port: 443

-       targetPort: https

-     selector:

-       app: koji

-       service: hub

-       environment: test-${TEST_ID}

- - apiVersion: v1

-   kind: Route

-   metadata:

-     name: koji-${TEST_ID}-hub

-     labels:

-       app: koji

-       service: hub

-       environment: test-${TEST_ID}

-   spec:

-     to:

-       kind: Service

-       name: koji-${TEST_ID}-hub

-     port:

-       targetPort: https

-     tls:

-       termination: passthrough

-       insecureEdgeTerminationPolicy: Redirect

@@ -1,262 +0,0 @@ 

- ---

- apiVersion: v1

- kind: Template

- metadata:

-   name: krb5-test-template

- labels:

-   template: krb5-test-template

- parameters:

- - name: TEST_ID

-   displayName: Test id

-   description: Short unique identifier for this test run (e.g. Jenkins job number)

-   required: true

- - name: NAME

-   displayName: The name for this deployment config.

-   required: true

-   value: krb5

- - name: REALM

-   displayName: The Kerberos realm to manage.

-   required: true

-   value: CLUSTER.LOCAL

- - name: DOMAIN

-   displayName: The DNS domain associated with the realm.

-   required: true

-   value: cluster.local

- - name: KDC_DB_PASSWORD

-   displayName: The master password for the Kerberos database.

-   generate: expression

-   from: "[\\w]{16}"

- - name: ADMIN_PASSWORD

-   displayName: The password for the kadmin/admin principal.

-   generate: expression

-   from: "[\\w]{16}"

- - name: INIT_USERS

-   displayName: A comma-separated list of initial users to define, in username:password format.

-   required: false

- - name: IMAGE

-   displayName: Location of the image to deploy.

-   required: true

-   value: quay.io/factory2/krb5-fedora:latest

- objects:

- - apiVersion: v1

-   kind: Secret

-   metadata:

-     name: ${NAME}-${TEST_ID}-secret

-     labels:

-       app: ${NAME}

-       service: kerberos

-       environment: test-${TEST_ID}

-   stringData:

-     KDC_DB_PASSWORD: ${KDC_DB_PASSWORD}

-     ADMIN_PASSWORD: ${ADMIN_PASSWORD}

- - apiVersion: v1

-   kind: ConfigMap

-   metadata:

-     name: ${NAME}-${TEST_ID}-config

-     labels:

-       app: ${NAME}

-       service: kerberos

-       environment: test-${TEST_ID}

-   data:

-     krb5.conf: |

-       includedir /etc/krb5.conf.d/

- 

-       [logging]

-           default = STDERR

-           kdc = STDERR

-           admin_server = STDERR

-           debug = true

- 

-       [libdefaults]

-           dns_lookup_kdc = false

-           dns_lookup_realm = false

-           dns_canonicalize_hostname = false

-           ticket_lifetime = 24h

-           renew_lifetime = 7d

-           forwardable = true

-           pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt

-           spake_preauth_groups = edwards25519

-           default_realm = ${REALM}

-           default_ccache_name = FILE:/tmp/%{uid}-ccache

- 

-       [realms]

-           ${REALM} = {

-               kdc = kerberos-${TEST_ID}:8088

-               admin_server = kerberos-${TEST_ID}:8749

-               kpasswd_server = kerberos-${TEST_ID}:8464

-               kdc_listen = 8088

-               kdc_tcp_listen = 8088

-               kadmind_listen = 8749

-               kpasswd_listen = 8464

-               acl_file = /etc/kadm5.acl

-           }

- 

-       [domain_realm]

-           .${DOMAIN} = ${REALM}

-           ${DOMAIN} = ${REALM}

-     kadm5.acl: |

-       */admin@${REALM} *

- - apiVersion: v1

-   kind: DeploymentConfig

-   metadata:

-     name: ${NAME}-${TEST_ID}

-     labels:

-       app: ${NAME}

-       service: kerberos

-       environment: test-${TEST_ID}

-   spec:

-     replicas: 1

-     strategy:

-       type: Recreate

-     selector:

-       app: ${NAME}

-       service: kerberos

-       environment: test-${TEST_ID}

-     template:

-       metadata:

-         labels:

-           app: ${NAME}

-           service: kerberos

-           environment: test-${TEST_ID}

-       spec:

-         initContainers:

-         - name: init-kdc-db

-           image: ${IMAGE}

-           imagePullPolicy: Always

-           command:

-           - /usr/local/bin/init-kdc-db

-           env:

-           - name: REALM

-             value: ${REALM}

-           - name: INIT_USERS

-             value: ${INIT_USERS}

-           envFrom:

-           - secretRef:

-               name: ${NAME}-${TEST_ID}-secret

-           volumeMounts:

-           - name: config-vol

-             mountPath: /etc/krb5.conf

-             subPath: krb5.conf

-           - name: config-vol

-             mountPath: /etc/kadm5.acl

-             subPath: kadm5.acl

-           - name: data-vol

-             mountPath: /var/kerberos/krb5kdc

-           resources:

-             requests:

-               memory: "384Mi"

-               cpu: "300m"

-             limits:

-               memory: "512Mi"

-               cpu: "500m"

-         containers:

-         - name: kdc

-           image: ${IMAGE}

-           imagePullPolicy: Always

-           command:

-           - /usr/sbin/krb5kdc

-           - -n

-           volumeMounts:

-           - name: config-vol

-             subPath: krb5.conf

-             mountPath: /etc/krb5.conf

-           - name: config-vol

-             subPath: kadm5.acl

-             mountPath: /etc/kadm5.acl

-           - name: data-vol

-             mountPath: /var/kerberos/krb5kdc

-           ports:

-           - name: kdc

-             containerPort: 8088

-           - name: kdc-udp

-             containerPort: 8088

-             protocol: UDP

-           resources:

-             requests:

-               memory: "384Mi"

-               cpu: "300m"

-             limits:

-               memory: "512Mi"

-               cpu: "500m"

-           livenessProbe:

-             tcpSocket:

-               port: 8088

-           readinessProbe:

-             tcpSocket:

-               port: 8088

-         - name: kadmind

-           image: ${IMAGE}

-           imagePullPolicy: Always

-           command:

-           - /usr/sbin/kadmind

-           - -nofork

-           volumeMounts:

-           - name: config-vol

-             subPath: krb5.conf

-             mountPath: /etc/krb5.conf

-           - name: config-vol

-             subPath: kadm5.acl

-             mountPath: /etc/kadm5.acl

-           - name: data-vol

-             mountPath: /var/kerberos/krb5kdc

-           ports:

-           - name: admin

-             containerPort: 8749

-           - name: kpasswd

-             containerPort: 8464

-           - name: kpasswd-udp

-             containerPort: 8464

-             protocol: UDP

-           resources:

-             requests:

-               memory: "384Mi"

-               cpu: "300m"

-             limits:

-               memory: "512Mi"

-               cpu: "500m"

-           livenessProbe:

-             tcpSocket:

-               port: 8749

-           readinessProbe:

-             tcpSocket:

-               port: 8749

-         volumes:

-         - name: config-vol

-           configMap:

-             name: ${NAME}-${TEST_ID}-config

-         - name: data-vol

-           emptyDir: {}

-     triggers:

-     - type: ConfigChange

- - apiVersion: v1

-   kind: Service

-   metadata:

-     name: kerberos-${TEST_ID}

-     labels:

-       app: ${NAME}

-       service: kerberos

-       environment: test-${TEST_ID}

-   spec:

-     type: NodePort

-     ports:

-     - name: kdc

-       port: 8088

-       targetPort: kdc

-     - name: kdc-udp

-       port: 8088

-       protocol: UDP

-       targetPort: kdc-udp

-     - name: admin

-       port: 8749

-       targetPort: admin

-     - name: kpasswd

-       port: 8464

-       targetPort: kpasswd

-     - name: kpasswd-udp

-       port: 8464

-       protocol: UDP

-       targetPort: kpasswd-udp

-     selector:

-       app: ${NAME}

-       service: kerberos

-       environment: test-${TEST_ID}

@@ -1,349 +0,0 @@ 

- ---

- apiVersion: v1

- kind: Template

- metadata:

-   name: mbs-frontend-krb5-template

-   app: mbs

- parameters:

- - name: TEST_ID

-   displayName: Test id

-   description: Short unique identifier for this test run (e.g. Jenkins job number)

-   required: true

- - name: MBS_FRONTEND_IMAGE

-   displayName: Image for MBS frontend

-   description: Image to be used for MBS frontend deployment

-   required: true

- - name: KOJI_URL

-   displayName: Top level URL of the Koji instance to use

-   description: Top level URL of the Koji instance to use. Without a '/' at the end.

-   required: true

- - name: FLASK_SECRET_KEY

-   displayName: The secret key for Flask

-   generate: expression

-   from: "[\\w]{16}"

- - name: DATABASE_PASSWORD

-   displayName: Database password

-   description: The password for the database.

-   required: true

- - name: FRONTEND_KEYTAB

-   displayName: Base64-encoded Kerberos keytab used by the frontend

-   required: true

- - name: KRB5_CONF_CONFIGMAP

-   displayName: Name of the ConfigMap containing the krb5.conf required for Kerberos auth

-   required: true

- - name: KRB5_USER

-   displayName: A user who will be allowed to authenticate to the MBS.

-   required: false

-   value: mbs-admin

- objects:

- - apiVersion: v1

-   kind: Secret

-   metadata:

-     name: mbs-${TEST_ID}-frontend-keytab

-     labels:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-   data:

-     keytab: ${FRONTEND_KEYTAB}

- - apiVersion: v1

-   kind: ConfigMap

-   metadata:

-     name: mbs-${TEST_ID}-httpd-config

-     labels:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-   data:

-     mbs.conf: |

-       WSGIDaemonProcess mbs user=fedmsg group=fedmsg home=/usr/share/mbs maximum-requests=1000 display-name=mbs processes=2 threads=2

-       WSGISocketPrefix run/wsgi

-       WSGIRestrictStdout Off

-       WSGIRestrictSignal Off

-       WSGIPythonOptimize 1

-       WSGIApplicationGroup %{GLOBAL}

- 

-       WSGIScriptAlias / /usr/share/mbs/mbs.wsgi

- 

-       <Location />

-           WSGIProcessGroup mbs

- 

-           # Return JSON when authentication fails

-           ErrorDocument 401 "{\"error\": \"You must be authenticated to perform this action.\"}"

-           Header always set Content-Type "application/json" "expr=%{REQUEST_STATUS} == 401"

- 

-           AuthType GSSAPI

-           AuthName "MBS Kerberos negotiate authentication based on GSSAPI"

-           GssapiSSLonly On

-           GssapiCredStore keytab:/etc/mbs.keytab

- 

-           # GET methods are allowed for everyone, but any other method

-           # needs a valid-user.

-           <RequireAny>

-               Require method GET OPTIONS

-               Require valid-user

-           </RequireAny>

-       </Location>

- 

-       RedirectMatch ^/$ /module-build-service/1/module-builds/

- - apiVersion: v1

-   kind: ConfigMap

-   metadata:

-     name: mbs-${TEST_ID}-frontend-config

-     labels:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-   data:

-     config.py: |

-       class ProdConfiguration(object):

-           DEBUG = True

- 

-           SECRET_KEY = '${FLASK_SECRET_KEY}'

- 

-           SQLALCHEMY_DATABASE_URI = 'postgresql://mbs:${DATABASE_PASSWORD}@mbs-${TEST_ID}-database:5432/mbs'

-           SQLALCHEMY_TRACK_MODIFICATIONS = True

- 

-           # Global network-related values, in seconds

-           NET_TIMEOUT = 120

-           NET_RETRY_INTERVAL = 30

- 

-           SYSTEM = 'koji'

-           MESSAGING = 'umb'

-           MESSAGING_TOPIC_PREFIX = ['/queue/Consumer.mbs.queue.VirtualTopic.eng']

-           KOJI_CONFIG = '/etc/module-build-service/koji.conf'

-           KOJI_PROFILE = 'test'

-           ARCHES = ['x86_64']

-           KOJI_PROXYUSER = False

-           KOJI_REPOSITORY_URL = '${KOJI_URL}/kojiroot/repos'

-           PDC_URL = ''

-           PDC_INSECURE = False

-           PDC_DEVELOP = True

-           SCMURLS = []

-           ALLOW_CUSTOM_SCMURLS = True

- 

-           RESOLVER = 'koji'

- 

-           # This is a whitelist of prefixes of koji tags we're allowed to manipulate

-           KOJI_TAG_PREFIXES = ['module']

- 

-           DEFAULT_DIST_TAG_PREFIX = 'module+'

- 

-           # Use the same priority as all other builds

-           KOJI_BUILD_PRIORITY = 0

- 

-           # Control where modules get tagged post-build.

-           BASE_MODULE_NAMES = set(['platform'])

-           KOJI_CG_TAG_BUILD = False

-           KOJI_CG_BUILD_TAG_TEMPLATE = ''

-           KOJI_CG_DEFAULT_BUILD_TAG = ''

- 

-           # Enable authentication

-           NO_AUTH = False

- 

-           YAML_SUBMIT_ALLOWED = True

- 

-           # Allow maintainers to specify something that differs from the git branch.

-           ALLOW_NAME_OVERRIDE_FROM_SCM = False

-           ALLOW_STREAM_OVERRIDE_FROM_SCM = True

- 

-           # How often should we resort to polling, in seconds

-           # Set to zero to disable polling

-           POLLING_INTERVAL = 600

- 

-           # Determines how many builds that can be submitted to the builder

-           # and be in the build state at a time. Set this to 0 for no restrictions

-           # New name

-           NUM_CONCURRENT_BUILDS = 5

- 

-           RPMS_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/rpms/'

-           RPMS_ALLOW_REPOSITORY = True

-           RPMS_DEFAULT_CACHE = ''

-           RPMS_ALLOW_CACHE = False

-           MODULES_DEFAULT_REPOSITORY = ''

-           MODULES_ALLOW_REPOSITORY = False

-           MODULES_ALLOW_SCRATCH = True

- 

-           # Our per-build logs for the Koji content generator go here.

-           # CG imports are controlled by KOJI_ENABLE_CONTENT_GENERATOR

-           BUILD_LOGS_DIR = '/var/tmp'

- 

-           # Time after which MBS will delete koji targets it created.

-           KOJI_TARGET_DELETE_TIME = 86400

- 

-           # Whether or not to import modules back to koji.

-           KOJI_ENABLE_CONTENT_GENERATOR = True

- 

-           # Available backends are: console, file.

-           LOG_BACKEND = 'console'

- 

-           # Available log levels are: debug, info, warn, error.

-           LOG_LEVEL = 'debug'

- 

-           REBUILD_STRATEGY_ALLOW_OVERRIDE = True

-           REBUILD_STRATEGY = 'only-changed'

- 

-           KOJI_EXTERNAL_REPO_URL_PREFIX = '${KOJI_URL}/kojiroot/'

- 

-           ALLOWED_PRIVILEGED_MODULE_NAMES = ['build']

- 

-           # Settings for Kerberos + LDAP auth

-           AUTH_METHOD = 'kerberos'

-           KERBEROS_KEYTAB = '/etc/mbs.keytab'

-           LDAP_URI = ''

-           LDAP_GROUPS_DN = ''

-           # These groups are allowed to submit builds.

-           ALLOWED_GROUPS = []

-           # These users don't need to be part of a group to submit builds.

-           ALLOWED_USERS = ['${KRB5_USER}']

-           # These groups are allowed to cancel the builds of other users.

-           ADMIN_GROUPS = []

-           # These groups are allowed to import the virtual module.

-           ALLOWED_GROUPS_TO_IMPORT_MODULE = ['packager']

- 

-           KOJI_TAG_EXTRA_OPTS = {u'mock.package_manager': u'dnf', u'mock.yum.module_hotfixes': 1, u'repo_include_all': True, u'mock.new_chroot': 0}

- 

-           SCRATCH_BUILD_ONLY_BRANCHES = [

-               r'^private-.*',

-           ]

-     koji.conf: |

-       [test]

-       server = ${KOJI_URL}/kojihub

-       weburl = ${KOJI_URL}/koji/

-       topurl = ${KOJI_URL}/kojiroot/

-       authtype = ssl

-       ;client certificate

-       cert = /etc/koji-certs/kojiadmin.crt

-       ;certificate of the CA that issued the client certificate

-       ;ca = /etc/koji-certs/clientca.crt

-       ;certificate of the CA that issued the HTTP server certificate

-       serverca = /etc/koji-certs/koji_ca_cert.crt

-     mock.cfg: |

-       config_opts['root'] = '$root'

-       config_opts['target_arch'] = '$arch'

-       config_opts['legal_host_arches'] = ('$arch',)

-       config_opts['chroot_setup_cmd'] = 'install $group'

-       config_opts['dist'] = ''

-       config_opts['extra_chroot_dirs'] = [ '/run/lock', ]

-       config_opts['releasever'] = ''

-       config_opts['package_manager'] = 'dnf'

-       config_opts['nosync'] = True

-       config_opts['use_bootstrap_container'] = False

- 

-       config_opts['yum.conf'] = """

-       $yum_conf

-       """

-     yum.conf: |

-       [main]

-       keepcache=1

-       debuglevel=2

-       reposdir=/dev/null

-       logfile=/var/log/yum.log

-       retries=20

-       obsoletes=1

-       gpgcheck=0

-       assumeyes=1

-       syslog_ident=mock

-       syslog_device=

-       install_weak_deps=0

-       metadata_expire=3600

-       mdpolicy=group:primary

- 

-       # repos

- - apiVersion: v1

-   kind: DeploymentConfig

-   metadata:

-     name: mbs-${TEST_ID}-frontend

-     labels:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-   spec:

-     replicas: 1

-     selector:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-     strategy:

-       type: Rolling

-     template:

-       metadata:

-         labels:

-           app: mbs

-           service: frontend

-           environment: test-${TEST_ID}

-       spec:

-         containers:

-         - name: frontend

-           image: "${MBS_FRONTEND_IMAGE}"

-           imagePullPolicy: Always

-           ports:

-           - containerPort: 8080

-             name: http

-           - containerPort: 8443

-             name: https

-           livenessProbe:

-             httpGet:

-               path: /module-build-service/1/monitor/metrics

-               port: http

-           readinessProbe:

-             httpGet:

-               path: /module-build-service/1/module-builds/?per_page=1&short=true

-               port: http

-           volumeMounts:

-           - name: fedmsg-config

-             mountPath: /etc/fedmsg.d

-           - name: frontend-certs

-             mountPath: /etc/mbs-certs

-           - name: mbs-config

-             mountPath: /etc/module-build-service

-           - name: httpd-config

-             subPath: mbs.conf

-             mountPath: /etc/httpd/conf.d/mbs.conf

-           - name: wsgi-config

-             mountPath: /usr/share/mbs

-           - name: koji-certs

-             mountPath: /etc/koji-certs

-           - name: cacerts-vol

-             subPath: cert-bundle

-             mountPath: /etc/pki/tls/cert.pem

-           - name: krb5-conf-vol

-             subPath: krb5.conf

-             mountPath: /etc/krb5.conf

-           - name: keytab-vol

-             subPath: keytab

-             mountPath: /etc/mbs.keytab

-           resources:

-             limits:

-               memory: 400Mi

-               cpu: 300m

-         volumes:

-         - name: fedmsg-config

-           configMap:

-             name: mbs-${TEST_ID}-frontend-fedmsg-config

-         - name: frontend-certs

-           secret:

-             secretName: mbs-${TEST_ID}-frontend-certs

-         - name: mbs-config

-           configMap:

-             name: mbs-${TEST_ID}-frontend-config

-         - name: httpd-config

-           configMap:

-             name: mbs-${TEST_ID}-httpd-config

-         - name: wsgi-config

-           configMap:

-             name: mbs-${TEST_ID}-wsgi-config

-         - name: koji-certs

-           secret:

-             secretName: mbs-${TEST_ID}-koji-secrets

-         - name: cacerts-vol

-           configMap:

-             name: mbs-${TEST_ID}-cacerts

-         - name: krb5-conf-vol

-           configMap:

-             name: ${KRB5_CONF_CONFIGMAP}

-         - name: keytab-vol

-           secret:

-             secretName: mbs-${TEST_ID}-frontend-keytab

-       triggers:

-       - type: ConfigChange

@@ -1,305 +0,0 @@ 

- ---

- apiVersion: v1

- kind: Template

- metadata:

-   name: mbs-frontend-noauth-template

-   app: mbs

- parameters:

- - name: TEST_ID

-   displayName: Test id

-   description: Short unique identifier for this test run (e.g. Jenkins job number)

-   required: true

- - name: MBS_FRONTEND_IMAGE

-   displayName: Image for MBS frontend

-   description: Image to be used for MBS frontend deployment

-   required: true

- - name: KOJI_URL

-   displayName: Top level URL of the Koji instance to use

-   description: Top level URL of the Koji instance to use. Without a '/' at the end.

-   required: true

- - name: FLASK_SECRET_KEY

-   displayName: The secret key for Flask

-   generate: expression

-   from: "[\\w]{16}"

- - name: DATABASE_PASSWORD

-   displayName: Database password

-   description: The password for the database.

-   required: true

- objects:

- - apiVersion: v1

-   kind: ConfigMap

-   metadata:

-     name: mbs-${TEST_ID}-httpd-config

-     labels:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-   data:

-     mbs.conf: |

-       WSGIDaemonProcess mbs user=fedmsg group=fedmsg home=/usr/share/mbs maximum-requests=1000 display-name=mbs processes=2 threads=2

-       WSGISocketPrefix run/wsgi

-       WSGIRestrictStdout Off

-       WSGIRestrictSignal Off

-       WSGIPythonOptimize 1

-       WSGIApplicationGroup %{GLOBAL}

- 

-       WSGIScriptAlias / /usr/share/mbs/mbs.wsgi

- 

-       <Location />

-           WSGIProcessGroup mbs

- 

-           # Return JSON when authentication fails

-           ErrorDocument 401 "{\"error\": \"You must be authenticated to perform this action.\"}"

-           Header always set Content-Type "application/json" "expr=%{REQUEST_STATUS} == 401"

- 

-           # No authentication methods avalable.

-           Require all granted

-       </Location>

- 

-       RedirectMatch ^/$ /module-build-service/1/module-builds/

- - apiVersion: v1

-   kind: ConfigMap

-   metadata:

-     name: mbs-${TEST_ID}-frontend-config

-     labels:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-   data:

-     config.py: |

-       class ProdConfiguration(object):

-           DEBUG = True

- 

-           SECRET_KEY = '${FLASK_SECRET_KEY}'

- 

-           SQLALCHEMY_DATABASE_URI = 'postgresql://mbs:${DATABASE_PASSWORD}@mbs-${TEST_ID}-database:5432/mbs'

-           SQLALCHEMY_TRACK_MODIFICATIONS = True

- 

-           # Global network-related values, in seconds

-           NET_TIMEOUT = 120

-           NET_RETRY_INTERVAL = 30

- 

-           SYSTEM = 'koji'

-           MESSAGING = 'umb'

-           MESSAGING_TOPIC_PREFIX = ['/queue/Consumer.mbs.queue.VirtualTopic.eng']

-           KOJI_CONFIG = '/etc/module-build-service/koji.conf'

-           KOJI_PROFILE = 'test'

-           ARCHES = ['x86_64']

-           KOJI_PROXYUSER = False

-           KOJI_REPOSITORY_URL = '${KOJI_URL}/kojiroot/repos'

-           PDC_URL = ''

-           PDC_INSECURE = False

-           PDC_DEVELOP = True

-           SCMURLS = []

-           ALLOW_CUSTOM_SCMURLS = True

- 

-           RESOLVER = 'koji'

- 

-           # This is a whitelist of prefixes of koji tags we're allowed to manipulate

-           KOJI_TAG_PREFIXES = ['module']

- 

-           DEFAULT_DIST_TAG_PREFIX = 'module+'

- 

-           # Use the same priority as all other builds

-           KOJI_BUILD_PRIORITY = 0

- 

-           # Control where modules get tagged post-build.

-           BASE_MODULE_NAMES = set(['platform'])

-           KOJI_CG_TAG_BUILD = False

-           KOJI_CG_BUILD_TAG_TEMPLATE = ''

-           KOJI_CG_DEFAULT_BUILD_TAG = ''

- 

-           # Disable authentication

-           NO_AUTH = True

- 

-           YAML_SUBMIT_ALLOWED = True

- 

-           # Allow maintainers to specify something that differs from the git branch.

-           ALLOW_NAME_OVERRIDE_FROM_SCM = False

-           ALLOW_STREAM_OVERRIDE_FROM_SCM = True

- 

-           # How often should we resort to polling, in seconds

-           # Set to zero to disable polling

-           POLLING_INTERVAL = 600

- 

-           # Determines how many builds that can be submitted to the builder

-           # and be in the build state at a time. Set this to 0 for no restrictions

-           # New name

-           NUM_CONCURRENT_BUILDS = 5

- 

-           RPMS_DEFAULT_REPOSITORY = 'git+https://src.fedoraproject.org/rpms/'

-           RPMS_ALLOW_REPOSITORY = True

-           RPMS_DEFAULT_CACHE = ''

-           RPMS_ALLOW_CACHE = False

-           MODULES_DEFAULT_REPOSITORY = ''

-           MODULES_ALLOW_REPOSITORY = False

-           MODULES_ALLOW_SCRATCH = True

- 

-           # Our per-build logs for the Koji content generator go here.

-           # CG imports are controlled by KOJI_ENABLE_CONTENT_GENERATOR

-           BUILD_LOGS_DIR = '/var/tmp'

- 

-           # Time after which MBS will delete koji targets it created.

-           KOJI_TARGET_DELETE_TIME = 86400

- 

-           # Whether or not to import modules back to koji.

-           KOJI_ENABLE_CONTENT_GENERATOR = True

- 

-           # Available backends are: console, file.

-           LOG_BACKEND = 'console'

- 

-           # Available log levels are: debug, info, warn, error.

-           LOG_LEVEL = 'debug'

- 

-           REBUILD_STRATEGY_ALLOW_OVERRIDE = True

-           REBUILD_STRATEGY = 'only-changed'

- 

-           KOJI_EXTERNAL_REPO_URL_PREFIX = '${KOJI_URL}/kojiroot/'

- 

-           ALLOWED_PRIVILEGED_MODULE_NAMES = ['build']

- 

-           # Placeholder auth settings, unused

-           AUTH_METHOD = 'oidc'

-           # These groups are allowed to submit builds.

-           ALLOWED_GROUPS = []

-           # These users don't need to be part of a group to submit builds.

-           ALLOWED_USERS = []

-           # These groups are allowed to cancel the builds of other users.

-           ADMIN_GROUPS = []

-           # These groups are allowed to import the virtual module.

-           ALLOWED_GROUPS_TO_IMPORT_MODULE = ['packager']

- 

-           KOJI_TAG_EXTRA_OPTS = {u'mock.package_manager': u'dnf', u'mock.yum.module_hotfixes': 1, u'repo_include_all': True, u'mock.new_chroot': 0}

- 

-           SCRATCH_BUILD_ONLY_BRANCHES = [

-               r'^private-.*',

-           ]

-     koji.conf: |

-       [test]

-       server = ${KOJI_URL}/kojihub

-       weburl = ${KOJI_URL}/koji/

-       topurl = ${KOJI_URL}/kojiroot/

-       authtype = ssl

-       ;client certificate

-       cert = /etc/koji-certs/kojiadmin.crt

-       ;certificate of the CA that issued the client certificate

-       ;ca = /etc/koji-certs/clientca.crt

-       ;certificate of the CA that issued the HTTP server certificate

-       serverca = /etc/koji-certs/koji_ca_cert.crt

-     mock.cfg: |

-       config_opts['root'] = '$root'

-       config_opts['target_arch'] = '$arch'

-       config_opts['legal_host_arches'] = ('$arch',)

-       config_opts['chroot_setup_cmd'] = 'install $group'

-       config_opts['dist'] = ''

-       config_opts['extra_chroot_dirs'] = [ '/run/lock', ]

-       config_opts['releasever'] = ''

-       config_opts['package_manager'] = 'dnf'

-       config_opts['nosync'] = True

-       config_opts['use_bootstrap_container'] = False

- 

-       config_opts['yum.conf'] = """

-       $yum_conf

-       """

-     yum.conf: |

-       [main]

-       keepcache=1

-       debuglevel=2

-       reposdir=/dev/null

-       logfile=/var/log/yum.log

-       retries=20

-       obsoletes=1

-       gpgcheck=0

-       assumeyes=1

-       syslog_ident=mock

-       syslog_device=

-       install_weak_deps=0

-       metadata_expire=3600

-       mdpolicy=group:primary

- 

-       # repos

- - apiVersion: v1

-   kind: DeploymentConfig

-   metadata:

-     name: mbs-${TEST_ID}-frontend

-     labels:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-   spec:

-     replicas: 1

-     selector:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-     strategy:

-       type: Rolling

-     template:

-       metadata:

-         labels:

-           app: mbs

-           service: frontend

-           environment: test-${TEST_ID}

-       spec:

-         containers:

-         - name: frontend

-           image: "${MBS_FRONTEND_IMAGE}"

-           imagePullPolicy: Always

-           ports:

-           - containerPort: 8080

-             name: http

-           - containerPort: 8443

-             name: https

-           livenessProbe:

-             httpGet:

-               path: /module-build-service/1/monitor/metrics

-               port: http

-           readinessProbe:

-             httpGet:

-               path: /module-build-service/1/module-builds/?per_page=1&short=true

-               port: http

-           volumeMounts:

-           - name: fedmsg-config

-             mountPath: /etc/fedmsg.d

-           - name: frontend-certs

-             mountPath: /etc/mbs-certs

-           - name: mbs-config

-             mountPath: /etc/module-build-service

-           - name: httpd-config

-             subPath: mbs.conf

-             mountPath: /etc/httpd/conf.d/mbs.conf

-           - name: wsgi-config

-             mountPath: /usr/share/mbs

-           - name: koji-certs

-             mountPath: /etc/koji-certs

-           - name: cacerts-vol

-             subPath: cert-bundle

-             mountPath: /etc/pki/tls/cert.pem

-           resources:

-             limits:

-               memory: 400Mi

-               cpu: 300m

-         volumes:

-         - name: fedmsg-config

-           configMap:

-             name: mbs-${TEST_ID}-frontend-fedmsg-config

-         - name: frontend-certs

-           secret:

-             secretName: mbs-${TEST_ID}-frontend-certs

-         - name: mbs-config

-           configMap:

-             name: mbs-${TEST_ID}-frontend-config

-         - name: httpd-config

-           configMap:

-             name: mbs-${TEST_ID}-httpd-config

-         - name: wsgi-config

-           configMap:

-             name: mbs-${TEST_ID}-wsgi-config

-         - name: koji-certs

-           secret:

-             secretName: mbs-${TEST_ID}-koji-secrets

-         - name: cacerts-vol

-           configMap:

-             name: mbs-${TEST_ID}-cacerts

-       triggers:

-       - type: ConfigChange

@@ -1,708 +0,0 @@ 

- ---

- apiVersion: v1

- kind: Template

- metadata:

-   name: mbs-test-template

-   app: mbs

- parameters:

- - name: TEST_ID

-   displayName: Test id

-   description: Short unique identifier for this test run (e.g. Jenkins job number)

-   required: true

- - name: MBS_BACKEND_IMAGE

-   displayName: Container image for MBS backend

-   description: Image to be used for MBS backend deployment

-   value: 172.30.1.1:5000/myproject/mbs-backend:latest

-   required: true

- - name: MBS_FRONTEND_IMAGE

-   displayName: Container image for MBS frontend

-   description: Image to be used for MBS frontend deployment

-   value: 172.30.1.1:5000/myproject/mbs-frontend:latest

-   required: true

- - name: MESSAGING_CERT

-   displayName: SSL certificate for messaging

-   description: base64 encoded SSL certificate for message bus authentication

-   required: true

- - name: MESSAGING_KEY

-   displayName: SSL key for messaging

-   description: base64 encoded SSL key for message bus authentication

-   required: true

- - name: FRONTEND_CERT

-   displayName: SSL certificate for the MBS frontend

-   description: base64 encoded SSL certificate used by the MBS frontend

-   required: true

- - name: FRONTEND_KEY

-   displayName: SSL key for the MBS frontend

-   description: base64 encoded SSL key used by the MBS frontend

-   required: true

- - name: FRONTEND_CA

-   displayName: MBS frontend CA

-   description: >-

-     base64 encoded certificate of the CA

-     that issued the HTTP frontend certificate for MBS

-   required: true

- - name: KOJI_CERT

-   displayName: Koji client certificate

-   description: base 64 encoded client certificate used to authenticate with Koji

-   required: true

- - name: KOJI_SERVERCA

-   displayName: Koji server CA

-   description: >-

-     base64 encoded certificate of the CA

-     that issued the HTTP server certificate for Koji

-   required: true

- - name: DATABASE_PASSWORD

-   displayName: Database password

-   description: The password for the database.

-   required: true

- - name: STOMP_URI

-   displayName: Messagebus URI

-   description: Messagebus URI

-   required: true

- - name: KOJI_URL

-   displayName: Top level URL of the Koji instance to use

-   description: Top level URL of the Koji instance to use. Without a '/' at the end.

-   default: https://mbs-brew-hub.usersys.redhat.com

-   required: true

- - name: CA_CERTS

-   displayName: CA certificates

-   description: Bundle of CA certificates that should be trusted

-   required: true

- objects:

- # frontend

- - apiVersion: v1

-   kind: ConfigMap

-   metadata:

-     name: mbs-${TEST_ID}-frontend-fedmsg-config

-     labels:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-   data:

-     logging.py: |

-       bare_format = "[%(asctime)s][%(name)10s %(levelname)7s] %(message)s"

- 

-       config = dict(

-           logging=dict(

-               version=1,

-               formatters=dict(

-                   bare={

-                       "datefmt": "%Y-%m-%d %H:%M:%S",

-                       "format": bare_format

-                   },

-               ),

-               handlers=dict(

-                   console={

-                       "class": "logging.StreamHandler",

-                       "formatter": "bare",

-                       "level": "DEBUG",

-                       "stream": "ext://sys.stdout",

-                   },

-               ),

-               loggers=dict(

-                   fedmsg={

-                       "level": "DEBUG",

-                       "propagate": True,

-                   },

-                   moksha={

-                       "level": "DEBUG",

-                       "propagate": True,

-                   },

-               ),

-           ),

-       )

-     mbs-logging.py: |

-       config = dict(

-           logging=dict(

-               loggers=dict(

-                   # Quiet this guy down...

-                   requests={

-                       "level": "WARNING",

-                       "propagate": True,

-                   },

-                   module_build_service={

-                       "level": "DEBUG",

-                       "propagate": True,

-                   },

-                   mbs_messaging_umb={

-                       "level": "DEBUG",

-                       "propagate": True,

-                   },

-               ),

-               root=dict(

-                   handlers=["console"],

-                   level="DEBUG",

-               ),

-           ),

-       )

-     mbs-fedmsg.py: |

-       config = {

-           'zmq_enabled': False,

-           'validate_signatures': False,

-           'endpoints': {},

-           'stomp_uri': '${STOMP_URI}',

-           'stomp_heartbeat': 5000,

-           'stomp_ssl_crt': '/etc/mbs-certs/messaging.crt',

-           'stomp_ssl_key': '/etc/mbs-certs/messaging.key',

-           'stomp_ack_mode': 'auto',

-       }

-     mbs-scheduler.py: |

-       config = {

-           # The frontend should have these turned off in perpetuity.

-           'mbsconsumer': False,

-           'mbspoller': False,

-       }

- - apiVersion: v1

-   kind: ConfigMap

-   metadata:

-     name: mbs-${TEST_ID}-httpd-config

-     labels:

-       app: mbs

-       service: frontend

-       environment: test-${TEST_ID}

-   data:

-     mbs.conf: |

-       WSGIDaemonProcess mbs user=fedmsg group=fedmsg home=/usr/share/mbs maximum-requests=1000 display-name=mbs processes=2 threads=2

-       WSGISocketPrefix run/wsgi