From d83551926f7ce581d8f16fecb685c313cada90f0 Mon Sep 17 00:00:00 2001
From: Mike Bonnet <mikeb@redhat.com>
Date: Apr 12 2019 17:00:54 +0000
Subject: use httpd to run the MBS frontend


---

diff --git a/openshift/backend/Dockerfile b/openshift/backend/Dockerfile
index 88eb41f..25646d1 100644
--- a/openshift/backend/Dockerfile
+++ b/openshift/backend/Dockerfile
@@ -1,24 +1,47 @@
-FROM fedora:29
+FROM fedora:29 AS builder
 LABEL \
     name="Backend for the Module Build Service (MBS)" \
     vendor="The Factory 2.0 Team" \
+    maintainer="The Factory 2.0 Team <pnt-factory2-devel@redhat.com>" \
     license="MIT" \
     description="The MBS coordinates module builds. This image is to serve as the MBS backend." \
     usage="https://pagure.io/fm-orchestrator"
 
-# The caller can chose to provide an already built module-build-service RPM.
-ARG mbs_rpm=module-build-service
-ARG mbs_messaging_umb_rpm
+ARG EXTRA_RPMS=""
+ARG DNF_CMD="dnf -y --setopt=deltarpm=0 --setopt=install_weak_deps=false --setopt=tsflags=nodocs"
+
+COPY . /src
+WORKDIR /src
+
+RUN ${DNF_CMD} install \
+      'dnf-command(builddep)' rpm-build rpmdevtools rpmlint \
+      python3-tox python3-pytest python3-mock python3-flake8 bandit && \
+    ${DNF_CMD} builddep *.spec && \
+    ${DNF_CMD} clean all
+RUN rpmdev-setuptree && \
+    python3 setup.py sdist && \
+    rpmbuild --define "_sourcedir $PWD/dist" -ba *.spec && \
+    mv $HOME/rpmbuild/RPMS /srv
+RUN flake8 && \
+    bandit -r -ll -s B102,B303,B411,B602 module_build_service && \
+    tox -v -e py3
+
+
+FROM fedora:29
+
+COPY --from=builder /srv/RPMS /srv/RPMS
+COPY repos/ /etc/yum.repos.d/
+
+RUN ${DNF_CMD} install \
+      python3-psycopg2 \
+      python3-docopt \
+      python3-service-identity \
+      /srv/*/*/*.rpm \
+      $EXTRA_RPMS && \
+    ${DNF_CMD} clean all && \
+    rm -rf /srv/RPMS
 
-RUN dnf -y install \
-            --setopt=deltarpm=0 \
-            --setopt=install_weak_deps=false \
-            --setopt=tsflags=nodocs \
-            python3-psycopg2 \
-            python3-docopt \
-            $mbs_rpm \
-            $mbs_messaging_umb_rpm \
-    && dnf -y clean all
+USER 1001
 
 VOLUME ["/etc/module-build-service", "/etc/fedmsg.d", "/etc/mbs-certs"]
-ENTRYPOINT fedmsg-hub-3
+ENTRYPOINT ["fedmsg-hub-3"]
diff --git a/openshift/backend/mbs-backend-build-template.yaml b/openshift/backend/mbs-backend-build-template.yaml
new file mode 100644
index 0000000..23ad5b0
--- /dev/null
+++ b/openshift/backend/mbs-backend-build-template.yaml
@@ -0,0 +1,78 @@
+# Template to produce a new BuildConfig and ImageStream for MBS backend image builds.
+
+---
+apiVersion: v1
+kind: Template
+metadata:
+  name: mbs-backend-build-template
+labels:
+  template: mbs-backend-build-template
+parameters:
+- name: NAME
+  displayName: Short unique identifier for the templated instances.
+  required: true
+  value: mbs-backend
+- name: MBS_GIT_REPO
+  displayName: MBS Git repo URL
+  description: Default MBS Git repo URL in which to run dev tests against
+  required: true
+  value: https://pagure.io/fm-orchestrator.git
+- name: MBS_GIT_REF
+  displayName: MBS Git repo ref
+  description: Default MBS Git repo ref in which to run dev tests against
+  required: true
+  value: master
+- name: MBS_BACKEND_IMAGESTREAM_NAME
+  displayName: ImageStream name of the resulting image
+  required: true
+  value: mbs-backend
+- name: MBS_BACKEND_IMAGESTREAM_NAMESPACE
+  displayName: Namespace of ImageStream for MBS images
+  required: false
+- name: MBS_IMAGE_TAG
+  displayName: Tag of resulting image
+  required: true
+  value: latest
+- name: EXTRA_RPMS
+  displayName: Names of extra rpms to install
+  required: false
+  value: ""
+objects:
+- apiVersion: v1
+  kind: ImageStream
+  metadata:
+    name: "${MBS_BACKEND_IMAGESTREAM_NAME}"
+    labels:
+      app: "${NAME}"
+- kind: "BuildConfig"
+  apiVersion: "v1"
+  metadata:
+    name: "${NAME}"
+    labels:
+      app: "${NAME}"
+  spec:
+    runPolicy: "Parallel"
+    completionDeadlineSeconds: 1800
+    strategy:
+      dockerStrategy:
+        forcePull: true
+        dockerfilePath: openshift/backend/Dockerfile
+        buildArgs:
+        - name: EXTRA_RPMS
+          value: "${EXTRA_RPMS}"
+    resources:
+      requests:
+        memory: "768Mi"
+        cpu: "300m"
+      limits:
+       memory: "1Gi"
+       cpu: "500m"
+    source:
+      git:
+        uri: "${MBS_GIT_REPO}"
+        ref: "${MBS_GIT_REF}"
+    output:
+      to:
+        kind: "ImageStreamTag"
+        name: "${MBS_BACKEND_IMAGESTREAM_NAME}:${MBS_IMAGE_TAG}"
+        namespace: "${MBS_BACKEND_IMAGESTREAM_NAMESPACE}"
diff --git a/openshift/frontend/Dockerfile b/openshift/frontend/Dockerfile
index 9843c9a..1412ad3 100644
--- a/openshift/frontend/Dockerfile
+++ b/openshift/frontend/Dockerfile
@@ -3,26 +3,31 @@ FROM mbs-backend:latest
 LABEL \
     name="Frontend for the Module Build Service (MBS)" \
     vendor="The Factory 2.0 Team" \
+    maintainer="The Factory 2.0 Team <pnt-factory2-devel@redhat.com>" \
     license="MIT" \
     description="The MBS coordinates module builds. This image is to serve as the MBS frontend." \
     usage="https://pagure.io/fm-orchestrator"
 
-RUN dnf -y install \
-            --setopt=deltarpm=0 \
-            --setopt=install_weak_deps=false \
-            --setopt=tsflags=nodocs \
-            python3-mod_wsgi \
-    && dnf -y clean all
+ARG DNF_CMD="dnf -y --setopt=deltarpm=0 --setopt=install_weak_deps=false --setopt=tsflags=nodocs"
+
+USER root
+
+RUN ${DNF_CMD} install \
+      nss_wrapper httpd && \
+    ${DNF_CMD} clean all
+
+RUN chmod a+rwx /run/httpd && \
+    sed -i -r -e 's!Listen 80!Listen 8080!g' \
+              -e 's!^User apache!User default!' \
+              -e 's!^Group apache!Group root!' \
+              -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
+              -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
+        /etc/httpd/conf/httpd.conf
+
+COPY openshift/frontend/run-httpd /usr/bin
+
+USER 1001
 
-EXPOSE 8080/tcp 8443/tcp
 VOLUME ["/etc/module-build-service", "/etc/fedmsg.d", "/etc/mbs-certs", "/etc/httpd/conf.d"]
-ENTRYPOINT ["mod_wsgi-express-3", "start-server", "/usr/share/mbs/mbs.wsgi"]
-CMD [\
-    "--user", "fedmsg", "--group", "fedmsg", \
-    "--port", "8080", "--threads", "1", \
-    "--include-file", "/etc/httpd/conf.d/mbs.conf", \
-    "--log-level", "info", \
-    "--log-to-terminal", \
-    "--access-log", \
-    "--startup-log" \
-]
+EXPOSE 8080/tcp
+ENTRYPOINT ["/usr/bin/run-httpd"]
diff --git a/openshift/frontend/mbs-frontend-build-template.yaml b/openshift/frontend/mbs-frontend-build-template.yaml
new file mode 100644
index 0000000..e215d90
--- /dev/null
+++ b/openshift/frontend/mbs-frontend-build-template.yaml
@@ -0,0 +1,82 @@
+# Template to produce a new BuildConfig and ImageStream for MBS frontend image builds.
+
+---
+apiVersion: v1
+kind: Template
+metadata:
+  name: mbs-frontend-build-template
+labels:
+  template: mbs-frontend-build-template
+parameters:
+- name: NAME
+  displayName: Short unique identifier for the templated instances.
+  required: true
+  value: mbs-frontend
+- name: MBS_GIT_REPO
+  displayName: MBS Git repo URL
+  description: Default MBS Git repo URL in which to run dev tests against
+  required: true
+  value: https://pagure.io/fm-orchestrator.git
+- name: MBS_GIT_REF
+  displayName: MBS Git repo ref
+  description: Default MBS Git repo ref in which to run dev tests against
+  required: true
+  value: master
+- name: MBS_FRONTEND_IMAGESTREAM_NAME
+  displayName: ImageStream name of the resulting image
+  required: true
+  value: mbs-frontend
+- name: MBS_FRONTEND_IMAGESTREAM_NAMESPACE
+  displayName: Namespace of ImageStream for MBS images
+  required: false
+- name: MBS_IMAGE_TAG
+  displayName: Tag of resulting image
+  required: true
+  value: latest
+- name: MBS_BACKEND_IMAGESTREAM_NAME
+  displayName: ImageStream name of the MBS backend image
+  required: true
+  value: mbs-frontend
+- name: MBS_BACKEND_IMAGESTREAM_NAMESPACE
+  displayName: Namespace of ImageStream for MBS backend image
+  required: false
+objects:
+- apiVersion: v1
+  kind: ImageStream
+  metadata:
+    name: "${MBS_FRONTEND_IMAGESTREAM_NAME}"
+    labels:
+      app: "${NAME}"
+- kind: "BuildConfig"
+  apiVersion: "v1"
+  metadata:
+    name: "${NAME}"
+    labels:
+      app: "${NAME}"
+  spec:
+    runPolicy: "Parallel"
+    completionDeadlineSeconds: 1800
+    strategy:
+      dockerStrategy:
+        forcePull: true
+        dockerfilePath: openshift/frontend/Dockerfile
+        from:
+          kind: ImageStreamTag
+          name: "${MBS_BACKEND_IMAGESTREAM_NAME}:${MBS_IMAGE_TAG}"
+          namespace: "${MBS_BACKEND_IMAGESTREAM_NAMESPACE}"
+    resources:
+      requests:
+        memory: "768Mi"
+        cpu: "300m"
+      limits:
+       memory: "1Gi"
+       cpu: "500m"
+    source:
+      git:
+        uri: "${MBS_GIT_REPO}"
+        ref: "${MBS_GIT_REF}"
+    output:
+      to:
+        kind: "ImageStreamTag"
+        name: "${MBS_FRONTEND_IMAGESTREAM_NAME}:${MBS_IMAGE_TAG}"
+        namespace: "${MBS_FRONTEND_IMAGESTREAM_NAMESPACE}"
diff --git a/openshift/frontend/run-httpd b/openshift/frontend/run-httpd
new file mode 100755
index 0000000..230ae9f
--- /dev/null
+++ b/openshift/frontend/run-httpd
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -eu
+
+export USER_ID=$(id -u)
+export GROUP_ID=$(id -g)
+
+cat > /tmp/passwd <<EOF
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+operator:x:11:0:operator:/root:/sbin/nologin
+games:x:12:100:games:/usr/games:/sbin/nologin
+ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
+nobody:x:99:99:Nobody:/:/sbin/nologin
+default:x:${USER_ID}:${GROUP_ID}:Default Application User:${HOME}:/sbin/nologin
+apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
+EOF
+
+export LD_PRELOAD=libnss_wrapper.so
+export NSS_WRAPPER_PASSWD=/tmp/passwd
+export NSS_WRAPPER_GROUP=/etc/group
+
+exec httpd -D FOREGROUND $@
diff --git a/openshift/integration/koji/containers/backend/Dockerfile b/openshift/integration/koji/containers/backend/Dockerfile
deleted file mode 100644
index 95404f5..0000000
--- a/openshift/integration/koji/containers/backend/Dockerfile
+++ /dev/null
@@ -1,45 +0,0 @@
-FROM fedora:29 AS builder
-LABEL \
-    name="Backend for the Module Build Service (MBS)" \
-    vendor="The Factory 2.0 Team" \
-    maintainer="The Factory 2.0 Team <pnt-factory2-devel@redhat.com>" \
-    license="MIT" \
-    description="The MBS coordinates module builds. This image is to serve as the MBS backend." \
-    usage="https://pagure.io/fm-orchestrator"
-
-ARG EXTRA_RPMS=""
-ARG DNF_CMD="dnf -y --setopt=deltarpm=0 --setopt=install_weak_deps=false --setopt=tsflags=nodocs"
-
-COPY . /src
-WORKDIR /src
-
-RUN ${DNF_CMD} install \
-      'dnf-command(builddep)' rpm-build rpmdevtools rpmlint \
-      python3-tox python3-pytest python3-mock python3-flake8 bandit && \
-    ${DNF_CMD} builddep *.spec && \
-    ${DNF_CMD} clean all
-RUN rpmdev-setuptree && \
-    python3 setup.py sdist && \
-    rpmbuild --define "_sourcedir $PWD/dist" -ba *.spec && \
-    mv $HOME/rpmbuild/RPMS /srv
-RUN flake8 && \
-    bandit -r -ll -s B102,B303,B411,B602 module_build_service && \
-    tox -v -e py3
-
-
-FROM fedora:29
-
-COPY --from=builder /srv/RPMS /srv/RPMS
-COPY repos/ /etc/yum.repos.d/
-
-RUN ${DNF_CMD} install \
-      python3-psycopg2 \
-      python3-docopt \
-      python3-service-identity \
-      /srv/*/*/*.rpm \
-      $EXTRA_RPMS && \
-    ${DNF_CMD} clean all && \
-    rm -rf /srv/RPMS
-
-VOLUME ["/etc/module-build-service", "/etc/fedmsg.d", "/etc/mbs-certs"]
-ENTRYPOINT fedmsg-hub-3
diff --git a/openshift/integration/koji/containers/backend/mbs-backend-build-template.yaml b/openshift/integration/koji/containers/backend/mbs-backend-build-template.yaml
deleted file mode 100644
index 9a008cb..0000000
--- a/openshift/integration/koji/containers/backend/mbs-backend-build-template.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
-# Template to produce a new BuildConfig and ImageStream for MBS backend image builds.
-
----
-apiVersion: v1
-kind: Template
-metadata:
-  name: mbs-backend-build-template
-labels:
-  template: mbs-backend-build-template
-parameters:
-- name: NAME
-  displayName: Short unique identifier for the templated instances.
-  required: true
-  value: mbs-backend
-- name: MBS_GIT_REPO
-  displayName: MBS Git repo URL
-  description: Default MBS Git repo URL in which to run dev tests against
-  required: true
-  value: https://pagure.io/fm-orchestrator.git
-- name: MBS_GIT_REF
-  displayName: MBS Git repo ref
-  description: Default MBS Git repo ref in which to run dev tests against
-  required: true
-  value: master
-- name: MBS_BACKEND_IMAGESTREAM_NAME
-  displayName: ImageStream name of the resulting image
-  required: true
-  value: mbs-backend
-- name: MBS_BACKEND_IMAGESTREAM_NAMESPACE
-  displayName: Namespace of ImageStream for MBS images
-  required: false
-- name: MBS_IMAGE_TAG
-  displayName: Tag of resulting image
-  required: true
-  value: latest
-- name: EXTRA_RPMS
-  displayName: Names of extra rpms to install
-  required: false
-  value: ""
-objects:
-- apiVersion: v1
-  kind: ImageStream
-  metadata:
-    name: "${MBS_BACKEND_IMAGESTREAM_NAME}"
-    labels:
-      app: "${NAME}"
-- kind: "BuildConfig"
-  apiVersion: "v1"
-  metadata:
-    name: "${NAME}"
-    labels:
-      app: "${NAME}"
-  spec:
-    runPolicy: "Parallel"
-    completionDeadlineSeconds: 1800
-    strategy:
-      dockerStrategy:
-        forcePull: true
-        dockerfilePath: openshift/integration/koji/containers/backend/Dockerfile
-        buildArgs:
-        - name: EXTRA_RPMS
-          value: "${EXTRA_RPMS}"
-    resources:
-      requests:
-        memory: "768Mi"
-        cpu: "300m"
-      limits:
-       memory: "1Gi"
-       cpu: "500m"
-    source:
-      git:
-        uri: "${MBS_GIT_REPO}"
-        ref: "${MBS_GIT_REF}"
-    output:
-      to:
-        kind: "ImageStreamTag"
-        name: "${MBS_BACKEND_IMAGESTREAM_NAME}:${MBS_IMAGE_TAG}"
-        namespace: "${MBS_BACKEND_IMAGESTREAM_NAMESPACE}"
diff --git a/openshift/integration/koji/containers/frontend/mbs-frontend-build-template.yaml b/openshift/integration/koji/containers/frontend/mbs-frontend-build-template.yaml
deleted file mode 100644
index e215d90..0000000
--- a/openshift/integration/koji/containers/frontend/mbs-frontend-build-template.yaml
+++ /dev/null
@@ -1,82 +0,0 @@
-# Template to produce a new BuildConfig and ImageStream for MBS frontend image builds.
-
----
-apiVersion: v1
-kind: Template
-metadata:
-  name: mbs-frontend-build-template
-labels:
-  template: mbs-frontend-build-template
-parameters:
-- name: NAME
-  displayName: Short unique identifier for the templated instances.
-  required: true
-  value: mbs-frontend
-- name: MBS_GIT_REPO
-  displayName: MBS Git repo URL
-  description: Default MBS Git repo URL in which to run dev tests against
-  required: true
-  value: https://pagure.io/fm-orchestrator.git
-- name: MBS_GIT_REF
-  displayName: MBS Git repo ref
-  description: Default MBS Git repo ref in which to run dev tests against
-  required: true
-  value: master
-- name: MBS_FRONTEND_IMAGESTREAM_NAME
-  displayName: ImageStream name of the resulting image
-  required: true
-  value: mbs-frontend
-- name: MBS_FRONTEND_IMAGESTREAM_NAMESPACE
-  displayName: Namespace of ImageStream for MBS images
-  required: false
-- name: MBS_IMAGE_TAG
-  displayName: Tag of resulting image
-  required: true
-  value: latest
-- name: MBS_BACKEND_IMAGESTREAM_NAME
-  displayName: ImageStream name of the MBS backend image
-  required: true
-  value: mbs-frontend
-- name: MBS_BACKEND_IMAGESTREAM_NAMESPACE
-  displayName: Namespace of ImageStream for MBS backend image
-  required: false
-objects:
-- apiVersion: v1
-  kind: ImageStream
-  metadata:
-    name: "${MBS_FRONTEND_IMAGESTREAM_NAME}"
-    labels:
-      app: "${NAME}"
-- kind: "BuildConfig"
-  apiVersion: "v1"
-  metadata:
-    name: "${NAME}"
-    labels:
-      app: "${NAME}"
-  spec:
-    runPolicy: "Parallel"
-    completionDeadlineSeconds: 1800
-    strategy:
-      dockerStrategy:
-        forcePull: true
-        dockerfilePath: openshift/frontend/Dockerfile
-        from:
-          kind: ImageStreamTag
-          name: "${MBS_BACKEND_IMAGESTREAM_NAME}:${MBS_IMAGE_TAG}"
-          namespace: "${MBS_BACKEND_IMAGESTREAM_NAMESPACE}"
-    resources:
-      requests:
-        memory: "768Mi"
-        cpu: "300m"
-      limits:
-       memory: "1Gi"
-       cpu: "500m"
-    source:
-      git:
-        uri: "${MBS_GIT_REPO}"
-        ref: "${MBS_GIT_REF}"
-    output:
-      to:
-        kind: "ImageStreamTag"
-        name: "${MBS_FRONTEND_IMAGESTREAM_NAME}:${MBS_IMAGE_TAG}"
-        namespace: "${MBS_FRONTEND_IMAGESTREAM_NAMESPACE}"
diff --git a/openshift/integration/koji/pipelines/templates/mbs-koji-int-dev.Jenkinsfile b/openshift/integration/koji/pipelines/templates/mbs-koji-int-dev.Jenkinsfile
index d84846e..57f6d81 100644
--- a/openshift/integration/koji/pipelines/templates/mbs-koji-int-dev.Jenkinsfile
+++ b/openshift/integration/koji/pipelines/templates/mbs-koji-int-dev.Jenkinsfile
@@ -111,7 +111,7 @@ pipeline {
             // OpenShift BuildConfig doesn't support specifying a tag name at build time.
             // We have to create a new BuildConfig for each image build.
             echo "Creating a BuildConfig for mbs-backend build..."
-            def template = readYaml file: "openshift/integration/koji/containers/backend/mbs-backend-build-template.yaml"
+            def template = readYaml file: "openshift/backend/mbs-backend-build-template.yaml"
             def processed = openshift.process(template,
               "-p", "NAME=${env.BACKEND_BUILDCONFIG_ID}",
               "-p", "MBS_GIT_REPO=${params.MBS_GIT_REPO}",
@@ -156,7 +156,7 @@ pipeline {
             // We have to create a new BuildConfig for each container build.
             // Create a BuildConfig from a seperated Template.
             echo "Creating a BuildConfig for mbs-frontend build..."
-            def template = readYaml file: "openshift/integration/koji/containers/frontend/mbs-frontend-build-template.yaml"
+            def template = readYaml file: "openshift/frontend/mbs-frontend-build-template.yaml"
             def processed = openshift.process(template,
               "-p", "NAME=${env.FRONTEND_BUILDCONFIG_ID}",
               "-p", "MBS_GIT_REPO=${params.MBS_GIT_REPO}",
@@ -167,7 +167,7 @@ pipeline {
               "-p", "MBS_BACKEND_IMAGESTREAM_NAME=${params.MBS_BACKEND_IMAGESTREAM_NAME}",
               "-p", "MBS_BACKEND_IMAGESTREAM_NAMESPACE=${env.PIPELINE_NAMESPACE}"
             )
-            def buildname = c3i.buildAndWait(processed)
+            def buildname = c3i.buildAndWait(processed, "--from-dir=.")
             def build = openshift.selector(buildname)
             def ocpBuild = build.object()
             env.FRONTEND_IMAGE_REF = ocpBuild.status.outputDockerImageReference