DNM: Openshift-friendly deployment - Add build/deploy manifests

Dockerfile.ocp

@@ -0,0 +1,58 @@
+FROM python:3.11-slim
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    VIRTUAL_ENV=/opt/venv \
+    PATH="/opt/venv/bin:$PATH" \
+    DEBIAN_FRONTEND=noninteractive \
+    PORT=8000
+
+# OS deps for repo building (rpm/createrepo-c for RPM; reprepro for DEB) + DB client libs
+RUN apt-get update && apt-get install -y --no-install-recommends \
+      build-essential git ca-certificates curl \
+      libpq-dev pkg-config \
+      reprepro dpkg-dev gnupg rpm createrepo-c postgresql-client \
+    && rm -rf /var/lib/apt/lists/*
+
+ARG SETUPTOOLS_VERSION=74.1.3
+RUN python -m venv "$VIRTUAL_ENV"
+RUN "$VIRTUAL_ENV/bin/python" -m pip install --no-cache-dir --upgrade \
+      pip \
+      "setuptools==${SETUPTOOLS_VERSION}" \
+      wheel
+RUN "$VIRTUAL_ENV/bin/python" -c "import pkg_resources; print('pkg_resources OK')"
+RUN chgrp -R 0 "$VIRTUAL_ENV" && chmod -R g+rwX "$VIRTUAL_ENV"
+
+RUN "$VIRTUAL_ENV/bin/pip" install --no-cache-dir \
+      "gunicorn<20.1.0" \
+      "pecan" \
+      "sqlalchemy==1.3.0" \
+      "psycopg2-binary==2.9.9" \
+      "pecan-notario" \
+      "celery<=6.2.5" \
+      "alembic" \
+      "python-statsd" \
+      "requests"
+
+# Install Chacra from upstream main 
+RUN "$VIRTUAL_ENV/bin/pip" install --no-cache-dir \
+      "git+https://github.com/ceph/chacra.git@main#egg=chacra"
+
+# Vendor the repo’s Alembic migrations into the image at /alembic
+RUN git clone --depth 1 https://github.com/ceph/chacra.git /tmp/chacra-src
+RUN cp -r /tmp/chacra-src/alembic /alembic
+RUN rm -rf /tmp/chacra-src
+RUN chgrp -R 0 /alembic && chmod -R g+rwX /alembic
+
+# OpenShift-friendly dirs (group-writable for arbitrary UID) 
+RUN mkdir -p /srv/chacra/log /srv/chacra/run /data/binaries /data/repos /etc/chacra \
+ && chgrp -R 0 /srv/chacra /data /etc/chacra \
+ && chmod -R g+rwX /srv/chacra /data /etc/chacra
+
+# Add Debian repo tooling for Chacra repo builds
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+      apt-utils dpkg-dev gnupg && \
+    rm -rf /var/lib/apt/lists/*
+
+EXPOSE 8000

docker/entrypoint-api.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env sh
+set -ex
+/opt/venv/bin/python - <<'PY'
+try:
+    import pkg_resources
+except Exception:
+    import sys, subprocess
+    subprocess.check_call([sys.executable, "-m", "pip", "install", "--no-cache-dir", "setuptools"])
+PY
+exec /opt/venv/bin/celery -A chacra.asynch beat --loglevel=INFO
+❯ cat entrypoint-api.sh
+#!/usr/bin/env bash
+set -euo pipefail
+
+export ALEMBIC_CONFIG=/etc/chacra/alembic.ini
+
+# Wait for Postgres
+until pg_isready -h "${CHACRA_DB_HOST}" -p "${CHACRA_DB_PORT}" -U "${CHACRA_DB_USER}"; do
+  echo "Waiting for Postgres..."
+  sleep 2
+done
+
+# DB migrations + seed (idempotent)
+alembic upgrade head || true
+pecan populate /etc/chacra/prod.py || true
+
+# Serve API
+exec gunicorn --workers="${GUNICORN_WORKERS:-4}" --timeout=1200 \
+  --bind 0.0.0.0:8000 'pecan:make_app("/etc/chacra/prod.py")'

docker/entrypoint-beat.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+set -ex
+/opt/venv/bin/python - <<'PY'
+try:
+    import pkg_resources
+except Exception:
+    import sys, subprocess
+    subprocess.check_call([sys.executable, "-m", "pip", "install", "--no-cache-dir", "setuptools"])
+PY
+exec /opt/venv/bin/celery -A chacra.asynch beat --loglevel=INFO

docker/entrypoint-celery.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env sh
+set -ex
+/opt/venv/bin/python - <<'PY'
+try:
+    import pkg_resources
+except Exception:
+    import sys, subprocess
+    subprocess.check_call([sys.executable, "-m", "pip", "install", "--no-cache-dir", "setuptools"])
+PY
+# Use module path suitable for installed package
+exec /opt/venv/bin/celery -A chacra.asynch worker \
+     --loglevel=INFO -Q poll_repos,celery,build_repos --hostname=worker@%h

openshift/README.md

@@ -0,0 +1,81 @@
+# Chacra on OpenShift — Quick Start
+
+This guide helps you build and deploy **Chacra** on OpenShift using the provided manifests.
+
+---
+
+## Prerequisites
+
+- OpenShift cluster access and `oc` CLI installed.
+- Logged in to the right cluster:  
+  ```bash
+  oc whoami
+  oc project
+
+Need sufficient permissions to create namespace/projects, routes, deployments, and PVCs.
+
+## All commands below assume the namespace is Chacra.
+
+1. (One‑time) Create the namespace
+``` 
+oc apply -f openshift/deploy/namespace.yaml
+```
+2. Build pipeline (ImageStream + BuildConfigs)
+```
+oc -n chacra apply -f openshift/build/
+```
+3. (a) Build from upstream Git
+```
+oc -n chacra start-build bc/chacra-git --follow
+```
+3. (b) OR build from your working tree (binary build)
+
+Use this when you want to build the image from your local repo state.
+```
+oc -n chacra start-build bc/chacra-binary --from-dir=. --follow
+```
+4. Deploy infra and app configs
+
+Apply app configuration, secrets, and infra components (Postgres, RabbitMQ, PVC):
+```
+oc -n chacra apply -f openshift/deploy/configmap.yaml
+oc -n chacra apply -f openshift/deploy/alembic-configmap.yaml
+oc -n chacra apply -f openshift/deploy/secret.yaml
+oc -n chacra apply -f openshift/deploy/chacra-callbacks-secret.yaml
+oc -n chacra apply -f openshift/serviceaccount.yaml
+oc -n chacra apply -f openshift/deploy/postgres.yaml
+oc -n chacra apply -f openshift/deploy/rabbitmq.yaml
+oc -n chacra apply -f openshift/deploy/postgres-pvc.yaml
+oc -n chacra apply -f openshift/deploy/postgres-svc.yaml
+oc -n chacra apply -f openshift/deploy/chacra-data-rwx-pvc.yaml
+```
+5. Run DB migrations
+```bash
+# Run once per brand‑new database
+oc -n chacra apply -f openshift/deploy/db-bootstrap-job.yaml
+
+# Run only when a new release adds Alembic revisions
+oc -n chacra apply -f openshift/deploy/db-migration-job.yaml
+```
+6. Deploy Chacra API, Celery and Beat
+```
+oc -n chacra apply -f openshift/deploy/deployment.yaml
+oc -n chacra apply -f openshift/deploy/service.yaml
+oc -n chacra apply -f openshift/deploy/route.yaml
+```
+7. Verify the rollout
+
+Wait for the Chacra API, Celery and Beat deployments to be ready
+```
+oc -n chacra rollout status deploy/chacra-api
+oc -n chacra rollout status deploy/chacra-celery
+oc -n chacra rollout status deploy/chacra-beat
+```
+Get the public host
+```
+oc -n chacra get route chacra -o jsonpath='{.spec.host}{"\n"}'
+```
+Open the URL in your browser:
+```
+https://<printed-host>/
+```

openshift/deploy/alembic-configmap.yaml

@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: chacra-alembic
+  namespace: chacra
+  labels:
+    app: chacra
+data:
+  alembic.ini: |
+    [alembic]
+    # Tell Alembic where the migration scripts live in the container
+    script_location = /alembic
+
+    # (Optional) logging sections can be omitted; the above is sufficient
+    # sqlalchemy.url is provided via '-x dburl=...' at runtime
+
+
+    sqlalchemy.url = sqlite:///dev.db
+
+
+    # Logging configuration
+    [loggers]
+    keys = root,sqlalchemy,alembic
+
+    [handlers]
+    keys = console
+
+    [formatters]
+    keys = generic
+
+    [logger_root]
+    level = WARN
+    handlers = console
+    qualname =
+
+    [logger_sqlalchemy]
+    level = WARN
+    handlers =
+    qualname = sqlalchemy.engine
+
+    [logger_alembic]
+    level = INFO
+    handlers =
+    qualname = alembic
+
+    [handler_console]
+    class = StreamHandler
+    args = (sys.stderr,)
+    level = NOTSET
+    formatter = generic
+
+    [formatter_generic]
+    format = %(levelname)-5.5s [%(name)s] %(message)s
+    datefmt = %H:%M:%S

openshift/deploy/chacra-callbacks-secret.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: chacra-callbacks
+  namespace: chacra
+type: Opaque
+stringData:
+  # This is the exact Python module Chacra imports at runtime
+  prod_callbacks.py: |
+    # --- Chacra -> Shaman integration (callbacks & health pings) ---
+    # Shaman API base (we will post to /api/... and /api/nodes/...)
+    callback_url = "https://shaman-shaman.apps.pok.os.sepia.ceph.com/api"
+
+    # Basic auth that Shaman expects for POST/DELETE (must match Shaman config)
+    callback_user = "admin"             # TODO: set same user configured in Shaman
+    callback_key  = "secret"  # TODO: set same key configured in Shaman
+
+    # Verify TLS of the Shaman Route (set False only if using a self-signed test cert)
+    callback_verify_ssl = True
+
+    # Enable periodic health pings to Shaman's node registry
+    health_ping = True
+    health_ping_url = "https://shaman-shaman.apps.pok.os.sepia.ceph.com/api/nodes/"
+
+    # Name to register this Chacra node under in Shaman
+    # Tip: choose something meaningful; the in-cluster FQDN is fine too.
+    hostname = "chacra-chacra.apps.pok.os.sepia.ceph.com"

openshift/deploy/chacra-data-rwx-pvc.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: chacra-shared-rwx
+  namespace: chacra
+  labels:
+    app: chacra
+spec:
+  storageClassName: cephfs-rwx
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 200Gi