+ - name: make the app be real

+   hosts: os_masters_stg[0]

+   user: root

+   gather_facts: False

+ 

+   vars_files:

+     - /srv/web/infra/ansible/vars/global.yml

+     - "/srv/private/ansible/vars.yml"

+     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

+ 

+   roles:

+   - role: openshift/project

+     app: zezere

+     description: Zezere provisioning service

+     appowners:

+     - puiterwijk

+     - pbrobinson

+   - role: openshift/imagestream

+     app: zezere

+     imagename: zezere

+   - role: openshift/object

+     app: zezere

+     objectname: buildconfig.yml

+     file: buildconfig.yml

+   - role: openshift/start-build

+     app: zezere

+     buildname: zezere

+   - role: openshift/object

+     app: zezere

+     file: service.yml

+     objectname: service.yml

+   - role: openshift/route

+     app: zezere

+     routename: zezere

+     host: "provision{{ env_suffix }}.fedoraproject.org"

+     servicename: zezere

+     serviceport: 8080

+   - role: openshift/object

+     app: zezere

+     template: secret.yml

+     objectname: secret.yml

+   - role: openshift/object

+     app: zezere

+     template: deploymentconfig.yml

+     objectname: deploymentconfig.yml

+   - role: openshift/rollout

+     app: zezere

+     dcname: zezere

+ apiVersion: v1

+ kind: BuildConfig

+ metadata:

+   labels:

+     build: zezere-build

+   name: zezere-build

+ spec:

+   runPolicy: Serial

+   source:

+     git:

+       uri: https://github.com/fedora-iot/zezere.git

+       ref: master

+   strategy:

+     sourceStrategy:

+       env:

+         - name: SECRET_KEY

+           value: notsecret

+         - name: ALLOWED_HOSTS

+           value: building.fedoraproject.org

+         - name: DATABASE_engine

+           value: django.db.backends.sqlite3

+       from:

+         kind: DockerImage

+         name: registry.access.redhat.com/rhscl/python-36-rhel7:latest

+   output:

+     to:

+       kind: ImageStreamTag

+       name: zezere:latest

+ apiVersion: v1

+ kind: Service

+ metadata:

+   name: zezere

+   labels:

+     app: zezere

+     service: zezere

+   namespace: zezere

+ spec:

+   ports:

+     - name: web

+       port: 8080

+       targetPort: 8080

+   selector:

+     deploymentconfig: zezere

+ apiVersion: v1

+ kind: DeploymentConfig

+ metadata:

+   labels:

+     app: zezere

+     service: zezere

+   name: zezere

+ spec:

+   replicas: 1

+   selector:

+     deploymentconfig: zezere

+   strategy:

+     activeDeadlineSeconds: 21600

+     recreateParams:

+       timeoutSeconds: 600

+   template:

+     metadata:

+       labels:

+         app: zezere

+         deploymentconfig: zezere

+     spec:

+       containers:

+       - name: zezere

+         image: docker-registry.default.svc:5000/zezere/zezere:latest

+         env:

+           - name: ALLOWED_HOSTS

+             value: "*"

+           - name: WEB_CONCURRENCY

+             value: 8

+           - name: SECRET_KEY

+             valueFrom:

+               secretKeyRef:

+                 name: zezere

+                 key: secret_key

+           - name: DEBUG

+             value: no

+           - name: AUTH_METHOD

+             value: oidc

+           - name: OIDC_OP_AUTHORIZATION_ENDPOINT

+             value: "https://id{{ env_suffix }}.fedoraproject.org/openidc/Authorization"

+           - name: OIDC_OP_TOKEN_ENDPOINT

+             value: "https://id{{ env_suffix }}.fedoraproject.org/openidc/Token"

+           - name: OIDC_OP_USER_ENDPOINT

+             value: "https://id{{ env_suffix }}.fedoraproject.org/openidc/UserInfo"

+           - name: OIDC_OP_JWKS_ENDPOINT

+             value: "https://id{{ env_suffix }}.fedoraproject.org/openidc/Jwks"

+           - name: OIDC_RP_CLIENT_ID

+             value: "provisionfpo"

+           - name: OIDC_RP_CLIENT_SECRET

+             valueFrom:

+               secretKeyRef:

+                 name: zezere

+                 key: oidc_client_secret

+           - name: OIDC_RP_SIGN_ALGO

+             value: RS256

+           - name: SECURE_PROXY_SSL_HEADER_NAME

+             value: HTTP_X_FORWARDED_PROTO

+           - name: SECURE_PROXY_SSL_HEADER_VALUE

+             value: https

+           - name: DATABASE_engine

+             value: "django.db.backends.postgresql_psycopg2"

+           - name: DATABASE_host

+             value: "todo"

+           - name: DATABASE_name

+             value: "todo"

+           - name: DATABASE_user

+             value: "todo"

+           - name: DATABASE_password

+             valueFrom:

+               secretKeyRef:

+                 name: zezere

+                 key: database_password

+         ports:

+         - containerPort: 8080

+         readinessProbe:

+           timeoutSeconds: 1

+           initialDelaySeconds: 5

+           httpGet:

+             path: /

+             port: 8080

+         livenessProbe:

+           timeoutSeconds: 1

+           initialDelaySeconds: 30

+           httpGet:

+             path: /

+             port: 8080

+   triggers:

+   - type: ConfigChange

+ apiVersion: v1

+ kind: Secret

+ metadata:

+   name: zezere

+   labels:

+     app: zezere

+ stringData:

+ {% if env == 'staging' %}

+   secret_key: "{{ zezere_secret_key_staging }}"

+   oidc_client_secret: "{{ zezere_oidc_client_secret_staging }}"

+   database_password: "{{ zezere_db_password_staging }}"

+ {% else %}

+   secret_key: "{{ zezere_secret_key_production }}"

+   oidc_client_secret: "{{ zezere_oidc_client_secret_production }}"

+   database_password: "{{ zezere_db_password_production }}"

+ {% endif %}