PR#111: Update OpenShift Dockerfile - taskotron/resultsdb

		`@@ -1,38 +1,41 @@`
		`# This will produce an image to be used in Openshift`
		`# Build should be triggered from repo root like:`
		`- # docker build -f openshift/Dockerfile --tag 172.30.1.1:5000/myproject/resultsdb:latest --build-arg resultsdb_rpm=resultsdb-2.0.2-1.fc25.noarch.rpm .`
		`+ # docker build -f openshift/Dockerfile \`
		`+ # --tag <IMAGE_TAG> \`
		`+ # --build-arg resultsdb_rpm=<RESULTSDB_RPM> ./`

		`- FROM registry.fedoraproject.org/f27/httpd:latest`
		`+ FROM fedora:28`
		`LABEL \`
		`name="ResultsDB application" \`
		`vendor="ResultsDB developers" \`
		`license="GPLv2+" \`
		`+ description="ResultsDB is a results store engine for, but not limited to, Fedora QA tools." \`
		`+ usage="https://pagure.io/taskotron/resultsdb/blob/develop/f/openshift/README.md" \`
		`build-date=""`

		`- USER 0`
		`-`
		`- # The caller should build a resultsdb RPM package using and then pass it in this arg.`
		`+ # The caller should build a resultsdb RPM package used and then pass it in this arg.`
		`+ # Accept both a URL or a local path relative to the build context.`
		`ARG resultsdb_rpm`
		`- COPY $resultsdb_rpm /tmp`
		`+ ADD $resultsdb_rpm /tmp`

		`- RUN yum -y update \`
		`- && yum -y install --setopt=tsflags=nodocs \`
		`+ RUN dnf -y update \`
		`+ && dnf -y install --setopt=tsflags=nodocs \`
		`python-psycopg2 \`
		`- httpd-devel \`
		`- python-devel \`
		`- gcc \`
		`- python2-pip \`
		`+ httpd \`
		`+ mod_wsgi \`
		`/tmp/$(basename $resultsdb_rpm) \`
		`- && yum clean all \`
		`+ && dnf clean all \`
		`&& rm -f /tmp/$(basename $resultsdb_rpm)`

		`- # This is installed from pypi, in order to get`
		`- # mod_wsgi-express.`
		`- RUN pip install mod_wsgi`
		`-`
		`- COPY openshift/run_app.sh /usr/bin/run_app`
		`- RUN chmod 770 /usr/bin/run_app`
		`-`
		`- USER 1001`
		`- EXPOSE 5001`
		`- ENTRYPOINT run_app`
		`+ EXPOSE 5001/tcp`
		`+ VOLUME ["/etc/resultsdb", "/etc/httpd/conf.d"]`
		`+ ENTRYPOINT ["mod_wsgi-express", "start-server", "/usr/share/resultsdb/resultsdb.wsgi"]`
		`+ CMD [\`
		`+ "--user", "apache", "--group", "apache", \`
		`+ "--port", "5001", "--threads", "5", \`
		`+ "--include-file", "/etc/httpd/conf.d/resultsdb.conf", \`
		`+ "--log-level", "info", \`
		`+ "--log-to-terminal", \`
		`+ "--access-log", \`
		`+ "--startup-log" \`
		`+ ]`

openshift/README.md

file added

+61

		`@@ -0,0 +1,61 @@`
		`+ Building the container image`
		`+ ============================`
		`+`
		`+ Building the container image requires the ResultsDB rpm to be provided as a`
		`+ build argument:`
		`+`
		+ ```bash
		`+ $ docker build -f openshift/Dockerfile \`
		`+ --tag <IMAGE_TAG> \`
		`+ --build-arg resultsdb_rpm=<RESULTSDB_RPM> ./`
		+ ```
		`+`
		+ `IMAGE_TAG` is the tag to be applied on the image built.
		`+`
		+ `RESULTSDB_RPM` is either the URL of the ResultsDB rpm, or the relative path of
		`+ that rpm within the build context.`
		`+`
		`+`
		`+ Using the container image`
		`+ =========================`
		`+`
		+ The container image has port `5001/tcp` marked as exposed, but the port to be
		+ used by ResultsDB can be changed in the configuration with the `RUN_PORT`
		`+ configuration option.`
		`+`
		`+ There are two volumes expected to be mounted, holding configuration for`
		`+ ResultsDB and httpd:`
		`+`
		+ 1. The volume mounted at `/etc/resultsdb` should have `settings.py`, holding
		+ ResultsDB configuration. For an example, see `settings.py` in
		+ `resultsdb-test-template.yaml`, or `conf/settings.py.example`
		`+ for a full list of configuration options.`
		`+`
		+ 2. The volume mounted at `/etc/httpd/conf.d` should have `resultsdb.conf`,
		+ holding httpd configuration to be used by `mod_wsgi-express`. For an
		+ example, see `resultsdb.conf` in `resultsdb-test-template.yaml`.
		`+`
		`+`
		`+ Deploying to OpenShift`
		`+ ======================`
		`+`
		+ `resultsdb-test-template.yaml` defines the
		`+ [template](https://docs.openshift.org/latest/dev_guide/templates.html) to`
		`+ deploy ResultsDB and a PostgreSQL database to OpenShift.`
		`+`
		`+ For the full list of template parameters see:`
		`+`
		+ ```bash
		`+ $ oc process -f openshift/resultsdb-test-template.yaml --parameters`
		+ ```
		`+`
		`+ For creating the environment run:`
		`+`
		+ ```bash
		`+ $ oc process -f openshift/resultsdb-test-template.yaml \`
		`+ -p TEST_ID=<TEST_ID> \`
		`+ -p RESULTSDB_IMAGE=<RESULTSDB_IMAGE> \| oc apply -f -`
		+ ```
		`+`
		+ Use the `-p` option of `oc process` to override default values of the template
		`+ parameters.`

openshift/resultsdb-test-template.yaml

file modified

+25 -6

		`@@ -162,9 +162,6 @@`
		`labels:`
		`environment: "test-${TEST_ID}"`
		`app: resultsdb`
		`- annotations:`
		`- service.alpha.openshift.io/dependencies: \|-`
		`- [{"name": "resultsdb-test-${TEST_ID}-database", "kind": "Service"}]`
		`spec:`
		`selector:`
		`app: resultsdb`
		`@@ -197,9 +194,6 @@`
		`labels:`
		`environment: "test-${TEST_ID}"`
		`app: resultsdb`
		`- annotations:`
		`- service.alpha.openshift.io/dependencies: \|-`
		`- [{"name": "resultsdb-test-${TEST_ID}-database", "kind": "Service"}]`
		`spec:`
		`selector:`
		`app: resultsdb`
		`@@ -284,6 +278,31 @@`
		`app: resultsdb`
		`environment: "test-${TEST_ID}"`
		`service: internal-api`
		`+ strategy:`
		`+ type: Rolling`
		`+ rollingParams:`
		`+ pre:`
		`+ failurePolicy: Abort`
		`+ execNewPod:`
		`+ containerName: api`
		`+ command:`
		`+ - /bin/sh`
		`+ - -i`
		`+ - -c`
		`+ - \|`
		`+ # try for 10 minutes (600 seconds)`
		`+ e=$(( $(date +%s) + 600 ))`
		`+ i=0`
		`+ while [ $(date +%s) -lt $e ]; do`
		`+ echo 'TRY #'$((++i))`
		`+ if resultsdb init_db ; then`
		`+ exit 0`
		`+ fi`
		`+ done`
		`+ exit 1`
		`+ volumes:`
		`+ - config-volume`
		`+ - httpd-config-volume`
		`template:`
		`metadata:`
		`labels:`

openshift/run_app.sh

file removed

-15

		`@@ -1,15 +0,0 @@`
		`- #!/bin/bash`
		`- set -x`
		`- set -e`
		`-`
		`- # initialize db (in a non-destructive manner)`
		`- env resultsdb init_db`
		`-`
		`- exec mod_wsgi-express start-server /usr/share/resultsdb/resultsdb.wsgi \`
		`- --user apache --group apache \`
		`- --port 5001 --threads 5 \`
		`- --include-file /etc/httpd/conf.d/resultsdb.conf \`
		`- --log-level info \`
		`- --log-to-terminal \`
		`- --access-log \`
		`- --startup-log`

csomh commented 5 years ago

This is part of the work to create container images suitable for integration testing:

Adjust Dockerfile to be in sync with the ones from WaiverDB and Greenwave.
Add documentation on how to build and use the image, and the OpenShift template.

@dcallagh ptal

csomh commented 5 years ago

@jskladan FYI, I've built an image using this openshift/Dockerfile and pushed it to quay.io/factory2.

jskladan commented 5 years ago

@csomh Cool. Do you want me to wait for for @dcallagh before merging?

csomh commented 5 years ago

@jskladan, yes, please let's wait for him having a look first. Thanks!

csomh commented 5 years ago

@mikeb @ralph ptal

dcallagh commented 5 years ago

Sorry for taking so long to look at this.

It looks good to me. :+1:

One thing I just noticed, looking in the openshift/run_app script... We are initializing the database as part of the app startup. We learnt the hard way in https://pagure.io/waiverdb/issue/121 that that is not a good approach, it should be an OpenShift pre-deployment hook instead. At that point I would probably suggest just eliminating the run_app script and filling in the ENTRYPOINT as mod_wsgi-express ... directly.

But that shouldn't hold up this PR.

csomh commented 5 years ago

Thanks @dcallagh for pointing this out! I'll have a look in that thread and work on a PR to fix the test template and remove run_app.

2 new commits added

Modify container entrypoint
Add pre-deployment hook

5 years ago

csomh commented 5 years ago

@dcallagh, I choose to update this PR after all, please take another look.

See cc5d45d and e94f59a, which add the pre-deployment hook to the test-template and change the ENTRYPOINT of the container.

I choose to use 'Retry' as a failure policy in the hook (as opposed to the 'wait_for_db' approach seen in WaiverDB), in order to handle the database becoming available a little bit slower as the hook is executed. Tested locally in a minishift cluster and the hook was always successful on the second try.

dcallagh commented on line 6 of openshift/resultsdb-test-template.yaml 5 years ago

FYI, a while back when I was researching this stuff, I discovered that this does not actually do anything, for example: https://github.com/openshift/openshift-docs/pull/5846

dcallagh commented on line 22 of openshift/resultsdb-test-template.yaml 5 years ago

Nice idea. I assume this doesn't retry forever, if the migrations are actually failing because of a bug it will give up after 10 minutes or something, right?

dcallagh commented 5 years ago

:+1: aside from a couple of minor things noted inline

csomh commented on line 6 of openshift/resultsdb-test-template.yaml 5 years ago

Removed all dependencies annotations, see fixup 4191a19 .

2 new commits added

fixup! Add pre-deployment hook
fixup! Add pre-deployment hook

5 years ago

csomh commented 5 years ago

failurePolicy: Retry will actually try until it succeeds, so changed it to Abort and modified the command to try resultsdb init_db for 10 minutes, exit with 0 if succeeds or fail if it doesn't.

Let me know if you find this to be a better approach. Thanks!

dcallagh commented 5 years ago

Sounds fine to me. :+1:

I think the Waiverdb approach where it first (silently) waits for the db and then tries the upgrade exactly once -- is still nicer. It results in less scary-looking mess in the logs. But no big deal, we can improve that later.

6 new commits added