Merge "Add paste service"

2021-07-13 00:07:03 +00:00 · 2021-07-13 00:07:03 +00:00 · 51480ca77e
commit 51480ca77e
parent 4feb2b934f 916c1d3dc8
18 changed files with 321 additions and 3 deletions
--- a/inventory/service/groups.yaml
+++ b/inventory/service/groups.yaml
@ -94,6 +94,7 @@ groups:
    - mirror[0-9]*.opendev.org
    - nb[0-9]*.opendev.org
    - openstackid[0-9]*.openstack.org
+    - paste[0-9]*.opendev.org
    - refstack[0-9]*.openstack.org
    - review[0-9]*.open*.org
    - review-test.opendev.org
@ -129,7 +130,9 @@ groups:
    - openstackid.org
    - openstackid[0-9]*.openstack.org
  paste:
-    - paste[0-9]*.open*.org
+    - paste[0-9]*.openstack.org
+  paste_opendev:
+    - paste[0-1]*.opendev.org
  puppet:
    - cacti[0-9]*.open*.org
    - elasticsearch[0-9]*.open*.org
@ -140,7 +143,7 @@ groups:
    - openstackid-dev*.openstack.org
    - openstackid.org
    - openstackid[0-9]*.openstack.org
-    - paste[0-9]*.open*.org
+    - paste[0-9]*.openstack.org
    - status*.open*.org
    - storyboard-dev[0-9]*.opendev.org
    - storyboard[0-9]*.opendev.org
@ -158,7 +161,7 @@ groups:
    - logstash[0-9]*.open*.org
    - openstackid[0-9]*.openstack.org
    - openstackid-dev[0-9]*.openstack.org
-    - paste[0-9]*.open*.org
+    - paste[0-9]*.openstack.org
    - status*.open*.org
    - storyboard[0-9]*.opendev.org
    - storyboard-dev[0-9]*.opendev.org
--- a/inventory/service/host_vars/paste01.opendev.org.yaml
+++ b/inventory/service/host_vars/paste01.opendev.org.yaml
@ -0,0 +1,5 @@
+letsencrypt_certs:
+  paste01-opendev-org-main:
+    - paste01.opendev.org
+    - paste.opendev.org
+    - paste.openstack.org
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@ -153,6 +153,11 @@
 - name: letsencrypt updated nb03-opendev-org-main
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

+# paste
+
+- name: letsencrypt updated paste01-opendev-org-main
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
 # review

 - name: letsencrypt updated review01-opendev-org-main
--- a/playbooks/roles/lodgeit/README.rst
+++ b/playbooks/roles/lodgeit/README.rst
@ -0,0 +1,25 @@
+lodgeit
+
+Paste service.  Runs a mariadb container and lodgeit container.
+
+** Role Variables **
+
+.. zuul:rolevar:: lodgeit_db_username
+   :default: lodgeit
+
+   db username
+
+.. zuul:rolevar:: lodgeit_db_password
+   :default: <unset>
+
+   lodgeit_db_password
+
+.. zuul:rolevar:: lodgeit_db_dbname
+   :default: lodgeit
+
+   database to connect to
+
+.. zuul:rolevar:: lodgeit_secret_key
+   :default: <unset>
+
+   secret key
--- a/playbooks/roles/lodgeit/defaults/main.yaml
+++ b/playbooks/roles/lodgeit/defaults/main.yaml
@ -0,0 +1,2 @@
+lodgeit_db_username: lodgeit
+lodgeit_db_dbname: lodgeit
--- a/playbooks/roles/lodgeit/handlers/main.yaml
+++ b/playbooks/roles/lodgeit/handlers/main.yaml
@ -0,0 +1,4 @@
+- name: paste Reload apache2
+  service:
+    name: apache2
+    state: reloaded
--- a/playbooks/roles/lodgeit/tasks/main.yaml
+++ b/playbooks/roles/lodgeit/tasks/main.yaml
@ -0,0 +1,70 @@
+- name: Ensure /etc/lodgeit-compose directory
+  file:
+    state: directory
+    path: /etc/lodgeit-compose
+    mode: 0755
+
+- name: Put docker-compose file in place
+  template:
+    src: docker-compose.yaml.j2
+    dest: /etc/lodgeit-compose/docker-compose.yaml
+    mode: 0644
+
+- name: Setup mariadb container
+  block:
+    - name: Setup db directory
+      file:
+        state: directory
+        path: /var/lib/lodgeit_db
+        owner: root
+        group: root
+        mode: 0755
+
+    - name: Set up root mariadb conf file
+      template:
+        src: root.my.cnf.mariadb_container.j2
+        dest: /root/.lodgeit_db.cnf
+        mode: 0400
+
+- name: Install apache2
+  apt:
+    name:
+      - apache2
+      - apache2-utils
+    state: present
+
+- name: Apache modules
+  apache2_module:
+    state: present
+    name: "{{ item }}"
+  loop:
+    - rewrite
+    - proxy
+    - proxy_http
+    - ssl
+    - headers
+
+- name: Copy apache config
+  template:
+    src: paste.vhost.j2
+    dest: /etc/apache2/sites-enabled/000-default.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: paste Reload apache2
+
+- name: Run docker-compose pull
+  shell:
+    cmd: docker-compose pull
+    chdir: /etc/lodgeit-compose/
+
+- name: Run docker-compose up
+  shell:
+    cmd: "docker-compose up -d"
+    chdir: /etc/lodgeit-compose/
+
+- name: Run docker prune to cleanup unneeded images
+  shell:
+    cmd: docker image prune -f
+
+# TODO : db backups
--- a/playbooks/roles/lodgeit/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/lodgeit/templates/docker-compose.yaml.j2
@ -0,0 +1,36 @@
+version: '2'
+
+services:
+  mariadb:
+    image: docker.io/library/mariadb:10.4
+    network_mode: host
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: "{{ lodgeit_db_password }}"
+      MYSQL_DATABASE: "{{ lodgeit_db_dbname }}"
+      MYSQL_USER: "{{ lodgeit_db_username }}"
+      MYSQL_PASSWORD: "{{ lodgeit_db_password }}"
+    command: [
+      '--wait_timeout=28800',
+    ]
+    volumes:
+      - /var/lib/lodgeit_db:/var/lib/mysql
+    logging:
+      driver: syslog
+      options:
+        tag: "docker-mariadb"
+  lodgeit:
+    image: docker.io/opendevorg/lodgeit
+    depends_on:
+      - mariadb
+    network_mode: host
+    command: ['/bin/bash', '-c', 'echo "*** Starting"; sleep 30; /usr/local/bin/uwsgi']
+    logging:
+      driver: syslog
+      options:
+        tag: "docker-lodgeit"
+    environment:
+      LODGEIT_DBURI: 'mysql+pymysql://{{ lodgeit_db_username }}:{{ lodgeit_db_password }}@127.0.0.1:3306/{{ lodgeit_db_dbname }}'
+      LODGEIT_SECRET_KEY: '{{ lodgeit_secret_key }}'
+      LODGEIT_TITLE_OVERRIDE: '<img src="https://opendev.org/img/opendev.svg" style="width: 100px; padding-bottom:10px; margin-left:20px;" alt="Opendev Pastebin">'
+
--- a/playbooks/roles/lodgeit/templates/paste.vhost.j2
+++ b/playbooks/roles/lodgeit/templates/paste.vhost.j2
@ -0,0 +1,41 @@
+<VirtualHost *:80>
+  ServerName {{ inventory_hostname }}
+  ServerAdmin webmaster@openstack.org
+
+  ErrorLog ${APACHE_LOG_DIR}/paste-error.log
+
+  LogLevel warn
+
+  CustomLog ${APACHE_LOG_DIR}/paste-access.log combined
+
+  Redirect / https://paste.opendev.org/
+
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName {{ inventory_hostname }}
+  ServerAdmin webmaster@openstack.org
+
+  AllowEncodedSlashes On
+
+  ErrorLog ${APACHE_LOG_DIR}/paste-ssl-error.log
+
+  LogLevel warn
+
+  CustomLog ${APACHE_LOG_DIR}/paste-ssl-access.log combined
+
+  SSLEngine on
+  SSLProtocol All -SSLv2 -SSLv3
+  # Note: this list should ensure ciphers that provide forward secrecy
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+  SSLHonorCipherOrder on
+
+  SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
+  SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
+  SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
+
+  ProxyPass  / http://localhost:9000/ retry=0
+  ProxyPassReverse / http://localhost:9000/
+
+</VirtualHost>
+
--- a/playbooks/roles/lodgeit/templates/root.my.cnf.mariadb_container.j2
+++ b/playbooks/roles/lodgeit/templates/root.my.cnf.mariadb_container.j2
@ -0,0 +1,7 @@
+[client]
+host=127.0.0.1
+port=3306
+user={{ lodgeit_db_username }}
+password={{ lodgeit_db_password }}
+database={{ lodgeit_db_dbname }}
+ssl-mode=disabled
--- a/playbooks/service-paste.yaml
+++ b/playbooks/service-paste.yaml
@ -0,0 +1,6 @@
+- hosts: "paste_opendev:!disabled"
+  name: "Base: configure paste"
+  roles:
+    - iptables
+    - install-docker
+    - lodgeit
--- a/playbooks/test-paste.yaml
+++ b/playbooks/test-paste.yaml
@ -0,0 +1,6 @@
+- hosts: "paste_opendev"
+  tasks:
+
+    - name: Run selenium container
+      include_role:
+        name: run-selenium
--- a/playbooks/zuul/run-base.yaml
+++ b/playbooks/zuul/run-base.yaml
@ -85,6 +85,7 @@
        - host_vars/mirror01.openafs.provider.opendev.org.yaml
        - host_vars/mirror02.openafs.provider.opendev.org.yaml
        - host_vars/mirror-update01.opendev.org.yaml
+        - host_vars/paste01.opendev.org.yaml
        - host_vars/refstack01.openstack.org.yaml
    - name: Display group membership
      command: ansible localhost -m debug -a 'var=groups'
--- a/playbooks/zuul/templates/host_vars/paste01.opendev.org.yaml.j2
+++ b/playbooks/zuul/templates/host_vars/paste01.opendev.org.yaml.j2
@ -0,0 +1,2 @@
+lodgeit_secret_key: secretkey
+lodgeit_db_password: password
--- a/testinfra/test_paste.py
+++ b/testinfra/test_paste.py
@ -0,0 +1,51 @@
+# Copyright 2020 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from selenium import webdriver
+from selenium.webdriver.support.ui import WebDriverWait
+from selenium.common.exceptions import TimeoutException
+import time
+
+testinfra_hosts = ['paste01.opendev.org']
+
+
+def test_lodgeit_container_web_listening(host):
+    paste_http = host.socket("tcp://127.0.0.1:80")
+    assert paste_http.is_listening
+
+    paste_https = host.socket("tcp://127.0.0.1:443")
+    assert paste_https.is_listening
+
+def test_paste(host):
+    cmd = host.run('curl --insecure '
+                   '--resolve paste.opendev.org:443:127.0.0.1 '
+                   'https://paste.opendev.org')
+    assert 'New Paste' in cmd.stdout
+
+def test_paste_screenshots(host):
+    driver = webdriver.Remote(
+        command_executor='http://%s:4444/wd/hub' % (host.backend.get_hostname()),
+        desired_capabilities=webdriver.DesiredCapabilities.FIREFOX)
+
+    try:
+        driver.get("https://localhost")
+        WebDriverWait(driver, 30).until(lambda driver: driver.execute_script(
+            'return document.readyState') == 'complete')
+        time.sleep(5)
+        driver.save_screenshot("/var/log/screenshots/paste-main-page.png")
+
+    except TimeoutException as e:
+        raise e
+    finally:
+        driver.quit()
--- a/zuul.d/infra-prod.yaml
+++ b/zuul.d/infra-prod.yaml
@ -256,6 +256,22 @@
      - playbooks/roles/logrotate/
      - roles/openafs-client/

+- job:
+    name: infra-prod-service-paste
+    parent: infra-prod-service-base
+    description: Run service-paste.yaml playbook.
+    vars:
+      playbook_name: service-paste.yaml
+    files:
+      - inventory/
+      - playbooks/service-paste.yaml
+      - inventory/service/host_vars/paste01.opendev.org.yaml
+      - inventory/service/group_vars/paste
+      - playbooks/roles/install-docker/
+      - playbooks/roles/pip3/
+      - playbooks/roles/lodgeit/
+      - playbooks/roles/iptables/
+
 - job:
    name: infra-prod-service-static
    parent: infra-prod-service-base
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -36,6 +36,9 @@
        - system-config-run-meetpad
        - system-config-run-mirror-x86
        - system-config-run-mirror-update
+        - system-config-run-paste:
+            dependencies:
+              - name: opendev-buildset-registry
        - system-config-run-static
        - system-config-run-docker-registry
        - system-config-run-etherpad:
@ -165,6 +168,9 @@
        - system-config-run-meetpad
        - system-config-run-mirror-x86
        - system-config-run-mirror-update
+        - system-config-run-paste:
+            dependencies:
+              - name: opendev-buildset-registry
        - system-config-run-static
        - system-config-run-docker-registry
        - system-config-run-etherpad:
@ -374,6 +380,7 @@
        - infra-prod-service-kerberos
        - infra-prod-service-mirror-update
        - infra-prod-service-mirror
+        - infra-prod-service-paste
        - infra-prod-service-static
        - infra-prod-service-borg-backup
        - infra-prod-service-zookeeper
--- a/zuul.d/system-config-run.yaml
+++ b/zuul.d/system-config-run.yaml
@ -687,6 +687,37 @@
      - playbooks/zuul/templates/group_vars/meetpad.yaml.j2
      - testinfra/test_meetpad.py

+- job:
+    name: system-config-run-paste
+    parent: system-config-run-containers
+    description: |
+      Run the playbook for the paste server.
+    timeout: 3600
+    required-projects:
+      - opendev/system-config
+    requires:
+      - lodgeit-container-image
+    nodeset:
+      nodes:
+        - name: bridge.openstack.org
+          label: ubuntu-bionic
+        - name: paste01.opendev.org
+          label: ubuntu-focal
+    vars:
+      run_playbooks:
+        - playbooks/letsencrypt.yaml
+        - playbooks/service-paste.yaml
+      run_test_playbook: playbooks/test-paste.yaml
+    files:
+      - playbooks/bridge.yaml
+      - playbooks/letsencrypt.yaml
+      - playbooks/service-paste.yaml
+      - playbooks/roles/lodgeit
+      - playbooks/roles/install-docker/
+      - playbooks/roles/pip3/
+      - playbooks/test-paste.yaml
+      - testinfra/test_paste.py
+
 - job:
    name: system-config-run-zookeeper
    parent: system-config-run