#7770 RFR: Deploying compose-tracker in Fedora Openshift
Opened 2 months ago by mohanboddu. Modified 7 days ago

I would like to request to deploy compose-tracker in Fedora Openshift.

It was used to run in @dustymabe openshift instance and used to file tickets in https://pagure.io/dusty/failed-composes/issues but we would like to move to Fedora Infra and the source code will be hosted in https://pagure.io/releng/compose-tracker while the failure tickets are filed at https://pagure.io/releng/failed-composes.

More info: https://pagure.io/fedora-infrastructure/issue/7752

Thanks.


Cool. We need to start with staging... get the app setup and working there, although it may be difficult to test since we don't so any composes there.

Metadata Update from @kevin:
- Issue assigned to kevin
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: OpenShift, request-for-resources

2 months ago

Cool. We need to start with staging... get the app setup and working there, although it may be difficult to test since we don't so any composes there.

IIRC, isn't there a way to send a fake message on the message bus?

Cool. We need to start with staging... get the app setup and working there, although it may be difficult to test since we don't so any composes there.

The app consumes fedmsg so it can just use the input from the prod composes. No need to do a compose in staging I don't think.

Would it be good time to move to fedora-messaging ? I ll be happy to give pointers or help if someone is interested in this work

@cverna I am interested, as I never played with it. Can we do a quick session when you get a chance?

@mohanboddu cool I added a meeting in your calendar for tomorrow ;-)

Would it be good time to move to fedora-messaging ? I ll be happy to give pointers or help if someone is interested in this work

we were on the same page - I filed this before I even saw your request: https://pagure.io/releng/compose-tracker/issue/2

Please let me know whoever is going to work on this, I want to watch and learn how its done and get some training on deployments in infra openshift.

Thanks.

I'm taking this in agreement with @kevin

Metadata Update from @mizdebsk:
- Issue assigned to mizdebsk (was: kevin)

a month ago

@mizdebsk pointed us at a few places where ansible playbooks exist already:

mizdebsk | dustymabe, all the playbooks for our openshift apps are at
         | https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/playbooks/openshift-apps
mizdebsk | templates for openshift objects are at https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/openshift-apps

@puiterwijk Could you please run the audit check for this ticket.

We will be pushing commits to the ansible for your review and will give you the files.

Thanks.

SOP: https://pagure.io/infra-docs/pull-request/157
I acknowledge that the service is ready for deployment of staging instance.

Things that I needed to do as sysadmin-main (for documentation purposes):

  • created @releng user in stg.pagure.io - manually inserted into pagure database
  • created staging Pagure token for @releng using pagure-admin CLI
  • extended expiry date for the above token, using pagure-admin CLI
  • defined private Ansible variable with the above token
  • set @mohanboddu as owner of releng group in staging Pagure
  • granted RBAC permission to run openshift-apps/compose-tracker.yml playbook
  • ran FAS client on batcave so that changes to sysadmin-releng group were synced from FAS

granted RBAC permission to run openshift-apps/compose-tracker.yml playbook

Just wanted to say, the permission is given to sysadmin-releng group.

Metadata Update from @puiterwijk:
- Issue tagged with: security

22 days ago

discussed with @mohanboddu yesterday. Steps left to getting to prod that I know of (may be additional steps in the RFR SOP):

  1. we wait on security audit
  2. we get @mizdebsk to create releng user token for us and populate ansible private variable
  3. we edit the playbook to make it also deploy to prod
  4. run the playbook

@mizdebsk are we able to do step 2. now or do we need to wait on security audit for that too?

Lets wait for the security audit before deploying to production or even generating production tokens.

Sorry for the delay in providing any feedback about the audit, there had been a few things that were pushed in front.
My current ETA for finishing this audit is by Wednesday June 26, 2019.

Sorry for the delay in providing any feedback about the audit, there had been a few things that were pushed in front.
My current ETA for finishing this audit is by Wednesday June 26, 2019.

Thanks @puiterwijk if we can deploy this to prod before FLOCK that would be awesome.

Login to comment on this ticket.

Metadata