I would like to request to deploy compose-tracker in Fedora Openshift.
It was used to run in @dustymabe openshift instance and used to file tickets in https://pagure.io/dusty/failed-composes/issues but we would like to move to Fedora Infra and the source code will be hosted in https://pagure.io/releng/compose-tracker while the failure tickets are filed at https://pagure.io/releng/failed-composes.
More info: https://pagure.io/fedora-infrastructure/issue/7752
Thanks.
Cool. We need to start with staging... get the app setup and working there, although it may be difficult to test since we don't so any composes there.
Metadata Update from @kevin: - Issue assigned to kevin - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: OpenShift, request-for-resources
IIRC, isn't there a way to send a fake message on the message bus?
The app consumes fedmsg so it can just use the input from the prod composes. No need to do a compose in staging I don't think.
Would it be good time to move to fedora-messaging ? I ll be happy to give pointers or help if someone is interested in this work
@cverna I am interested, as I never played with it. Can we do a quick session when you get a chance?
@mohanboddu cool I added a meeting in your calendar for tomorrow ;-)
we were on the same page - I filed this before I even saw your request: https://pagure.io/releng/compose-tracker/issue/2
Please let me know whoever is going to work on this, I want to watch and learn how its done and get some training on deployments in infra openshift.
I'm taking this in agreement with @kevin
Metadata Update from @mizdebsk: - Issue assigned to mizdebsk (was: kevin)
@mizdebsk pointed us at a few places where ansible playbooks exist already:
mizdebsk | dustymabe, all the playbooks for our openshift apps are at | https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/playbooks/openshift-apps mizdebsk | templates for openshift objects are at https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/openshift-apps
@puiterwijk Could you please run the audit check for this ticket.
We will be pushing commits to the ansible for your review and will give you the files.
Related commits pushed to ansible and reviewed by @mohanboddu and @mizdebsk: https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=4a91133400a35c20db93286be7b87c04d6c984b5
SOP: https://pagure.io/infra-docs/pull-request/157 I acknowledge that the service is ready for deployment of staging instance.
Things that I needed to do as sysadmin-main (for documentation purposes):
openshift-apps/compose-tracker.yml
granted RBAC permission to run openshift-apps/compose-tracker.yml playbook
Just wanted to say, the permission is given to sysadmin-releng group.
sysadmin-releng
we already talked about this in releng meetings but here is a message @mohanboddu sent to the infra list to discuss: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/BUJK3FQEHKGZ45FDHMOWEEWQ4G5MJRIU/
Metadata Update from @puiterwijk: - Issue tagged with: security
discussed with @mohanboddu yesterday. Steps left to getting to prod that I know of (may be additional steps in the RFR SOP):
@mizdebsk are we able to do step 2. now or do we need to wait on security audit for that too?
2.
Lets wait for the security audit before deploying to production or even generating production tokens.
Sorry for the delay in providing any feedback about the audit, there had been a few things that were pushed in front. My current ETA for finishing this audit is by Wednesday June 26, 2019.
Thanks @puiterwijk if we can deploy this to prod before FLOCK that would be awesome.
Sorry, this took a bit longer than I'd hoped due to other things.
This code has been approved for production as of revision a99510882a0945073a3dff205417007b176e456f. Please do inform us if any major changes are made to the code base that would possible impact the audit results.
a99510882a0945073a3dff205417007b176e456f
Metadata Update from @puiterwijk: - Issue untagged with: security
thanks @puiterwijk!
Sorry, this took a bit longer than I'd hoped due to other things. This code has been approved for production as of revision a99510882a0945073a3dff205417007b176e456f.
Thanks @puiterwijk. @mohanboddu - do you want to work with @mizdebsk to get this running in production since I'm out for a while.
Please do inform us if any major changes are made to the code base that would possible impact the audit results.
I think our plans right now are mostly to improve the capabilities and possibly also add support for opening tickets against JIRA (for internal RCM usage). I don't think these things would impact the audit results, but I'll send you a message when we get closer to see what you think.
I hereby acknowledge that the resource is fully configured in Ansible and ready to be deployed in production. @dustymabe let me know when you want to deploy compose-tracker in production.
Metadata Update from @mizdebsk: - Issue priority set to: Waiting on Reporter (was: Waiting on Assignee)
hey @mizdebsk can you create the pagure token for the releng user in prod pagure and update the {{compose_tracker_pagure_token}} variable in the ansible private repo
{{compose_tracker_pagure_token}}
Also it appears the {{compose_tracker_pagure_token_stg}} variable has now expired. So can we recreate that one and also make them both not expire?
{{compose_tracker_pagure_token_stg}}
Metadata Update from @dustymabe: - Issue priority set to: Waiting on Assignee (was: Waiting on Reporter)
hey @mizdebsk can you create the pagure token for the releng user in prod pagure and update the {{compose_tracker_pagure_token}} variable in the ansible private repo Also it appears the {{compose_tracker_pagure_token_stg}} variable has now expired. So can we recreate that one and also make them both not expire?
To the person that will look into this: we can't have API tokens that do not expire but using pagure-admin we can make them expire in a far future :)
pagure-admin
I can create one, now that I know how to do that.
I already spoke to @mohanboddu and explained how to create the token:
ssh root@pagure01.fedoraproject.org
pagure-admin admin-token create releng
pagure-admin admin-token list|grep releng
pagure-admin admin-token update $token 2019-12-31
I created the token and updated the config in ansible-private repo and pushed the change.
is there anything else that I need to do? (Like running any playbook, so that the ansible playbooks will see compose_tracker_pagure_token that I added to ansible-private repo)
compose_tracker_pagure_token
can you also update the stg token since it seems to be expired?
I don't think so
ok @kevin helped me here. I'll deploy this to prod tomorrow
Metadata Update from @dustymabe: - Issue priority set to: Waiting on Reporter (was: Waiting on Assignee)
The app has been deployed to prod! New issues should start showing up at https://pagure.io/releng/failed-composes/
Metadata Update from @dustymabe: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.