WIP: config/atomic: Import my Homu work

cluster/ci/config/atomic/homu/ssh-cfg.yml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: homu-ssh-config
+data:
+  known-hosts: |
+    github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+  ssh-config: |
+    UserKnownHostsFile /etc/homu-cfg/known-hosts
+    # We do want this
+    StrictHostKeyChecking yes
+    # Not worth the pain
+    CheckHostIP no
+    # Based on https://stribika.github.io/2015/01/04/secure-secure-shell.html
+    # Algorithms checked for github.com as of 20161222.  Note they
+    # do not offer ed25519 host keys, only DSS and RSA.
+    Host github.com
+        HostKeyAlgorithms [email protected],ssh-ed25519,[email protected],[email protected],ssh-rsa
+        KexAlgorithms [email protected]
+        Ciphers [email protected]
+        MACs [email protected],[email protected],hmac-sha2-512,hmac-sha2-256
+
+    Host *
+        PasswordAuthentication no
+        KbdInteractiveAuthentication no
+        GSSAPIAuthentication no
+        Protocol 2
+        # https://lwn.net/Articles/671874/
+        UseRoaming no

cluster/ci/config/atomic/homu/test/Dockerfile

@@ -0,0 +1,9 @@
+FROM fedora:25
+RUN yum -y install nss_wrapper git python-pip findutils && yum clean all && \
+    mkdir /app && cd /app && git clone -b homu-rollup-2 https://github.com/cgwalters/homu.git && pip3 install ./homu && \
+    find /usr/lib/python* -name git_helper.py -exec chmod a+x {} ';'
+ADD ./nss-wrapper-exec /usr/bin/nss-wrapper-exec
+ENV HOME=/tmp 
+WORKDIR /tmp
+EXPOSE 8080
+CMD ["/usr/bin/nss-wrapper-exec", "env", "PYTHONUNBUFFERED=1", "/usr/bin/homu", "-v", "--config", "/etc/homu-secrets/cfg.toml"]

cluster/ci/config/atomic/homu/test/bc.yml

@@ -0,0 +1,26 @@
+kind: "BuildConfig"
+apiVersion: "v1"
+metadata:
+  name: "homu-test-build" 
+spec:
+  runPolicy: "Serial" 
+  triggers: 
+    - type: "GitHub"
+      github:
+        secret: "b58082a16b117b48a4d5bb3925b9c7b557806170"
+    - type: "ImageChange"
+  source: 
+    type: "Git"
+    git:
+      uri: "ssh://[email protected]/cgwalters/projectatomic-ci-infra"
+    sourceSecret:
+      name: private-github-repo-key
+    contextDir: homu/test
+  strategy: 
+    type: "Docker"
+    dockerStrategy:
+      noCache: true
+  output: 
+    to:
+      kind: "ImageStreamTag"
+      name: "homu-test:latest"

cluster/ci/config/atomic/homu/test/dc.yml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  name: homu-test
+  labels:
+    app: homu-test
+spec:
+  replicas: 1
+  selector:
+    app: homu-test
+    deploymentconfig: homu-test
+  template:
+    metadata:
+      labels:
+        app: homu-test
+        deploymentconfig: homu-test
+    spec:
+      containers:
+        - image: homu-test
+          name: homu-test
+          ports:
+            - containerPort: 8080
+              name: homu
+              protocol: TCP
+          volumeMounts:
+            - name: cfg
+              mountPath: /etc/homu-secrets
+              readOnly: true
+            - name: sshcfg
+              mountPath: /etc/homu-cfg
+              readOnly: true
+          readinessProbe:
+            httpGet:
+              path: /
+              port: homu
+      volumes:
+        - name: cfg
+          secret:
+            secretName: homu-cfg-test
+        - name: sshcfg
+          configMap:
+            name: homu-ssh-config
+  triggers:
+  - type: ConfigChange 
+  - type: ImageChange
+    imageChangeParams:
+      automatic: true
+      containerNames:
+        - homu-test
+      from:
+        kind: ImageStreamTag
+        name: homu-test:latest
+    type: ImageChange  
+  strategy:
+    type: Rolling       

cluster/ci/config/atomic/homu/test/nss-wrapper-exec

@@ -0,0 +1,13 @@
+#!/usr/bin/bash
+set -euo pipefail
+export USER_ID=$(id -u)
+export GROUP_ID=$(id -g)
+passwd=$(mktemp -t 'nss-wrapper-passwd.XXXXXX')
+cat > ${passwd} << EOF
+root:x:0:0:root:/root:/bin/bash
+user:x:${USER_ID}:${GROUP_ID}:user:${HOME}:/bin/bash
+EOF
+export LD_PRELOAD=libnss_wrapper.so
+export NSS_WRAPPER_PASSWD=${passwd}
+export NSS_WRAPPER_GROUP=/etc/group
+exec "$@"

cluster/ci/config/atomic/homu/test/svc.yml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: List
+items:
+
+- apiVersion: v1
+  kind: Service
+  metadata:
+    name: homu-test
+    labels:
+      app: homu-test 
+  spec:
+    ports:
+    - port: 8080
+      targetPort: 8080
+    selector:
+      app: homu-test
+      deploymentconfig: homu-test
+
+- apiVersion: v1
+  kind: Route
+  metadata:
+    labels:
+      app: homu-test
+    name: homu-test
+  spec:
+    to:
+      name: homu-test
+    port:
+      targetPort: 8080
+  tls:
+    termination: edge