firmitas: add cronjob to download certs

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
2024-08-28 13:56:27 +01:00 · 2024-08-28 13:56:27 +01:00 · 293d4d65d4
commit 293d4d65d4
parent e06aa414e5
4 changed files with 51 additions and 2 deletions
--- a/roles/openshift-apps/firmitas/tasks/create-cronjob.yml
+++ b/roles/openshift-apps/firmitas/tasks/create-cronjob.yml
@ -0,0 +1,15 @@
+---
+# generate the templates for project to be created
+- name: create the cronjob template
+  template:
+    src: "cronjob.yml"
+    dest: "/root/ocp4/openshift-apps/firmitas/cronjob.yml"
+    mode: 0770
+
+# apply created openshift resources
+- name: oc apply resources
+  command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/cronjob.yml"
+  retries: 3
+  delay: 5
+  register: cronjob_result
+  until: cronjob_result.rc == 0
--- a/roles/openshift-apps/firmitas/tasks/main.yml
+++ b/roles/openshift-apps/firmitas/tasks/main.yml
@ -10,4 +10,5 @@
 - include_tasks: create-persistent-volume-claim.yml
 - include_tasks: create-imagestream.yml
 - include_tasks: create-buildconfig.yml
+- include_tasks: create-cronjob.yml
 - include_tasks: create-deployment.yml
--- a/roles/openshift-apps/firmitas/templates/cronjob.yml
+++ b/roles/openshift-apps/firmitas/templates/cronjob.yml
@ -0,0 +1,33 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: "{{firmitas_application_name}}"
+  namespace: "{{firmitas_namespace}}"
+spec:
+  schedule: "*/1 * * * *"
+  timeZone: Etc/UTC
+  concurrencyPolicy: "Replace"
+  startingDeadlineSeconds: 200
+  suspend: true
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            parent: "cronjob-certdownloader"
+        spec:
+          containers:
+          - image: "{{ firmitas_image }}"
+            name: "{{ firmitas_application_name }}"
+            command: ["sh", "download_certificates.sh"]
+          restartPolicy: OnFailure
+          volumeMounts:
+            - name: "{{ firmitas_application_name }}-configuration-secret-volume"
+              mountPath: "/etc/firmitas/"
+        volumes:
+          - name: "{{ firmitas_application_name }}-configuration-secret-volume"
+            secret:
+              secretName: "{{ firmitas_application_name }}-configuration-secret"
--- a/roles/openshift-apps/firmitas/templates/myconfig.py.j2
+++ b/roles/openshift-apps/firmitas/templates/myconfig.py.j2
@ -56,10 +56,10 @@ Variables related to probing
 """

 # The location of the X.509 standard TLS certificates
-certloca = "/etc/firmitas/certs/"  # noqa : S108
+certloca = "/etc/firmitas/{{ (env == 'staging')|ternary('certificates/staging', 'certificates/production') }}"  # noqa : S108

 # The location of the service hostnames and maintainers map
-hostloca = "/etc/firmitas/certlist.yml"  # noqa: S108
+hostloca = "/etc/firmitas/{{ (env == 'staging')|ternary('certificates/staging/staging_certlist.txt', 'certificates/production/production_certlist.txt') }}"  # noqa: S108

 """
 Variables related to logging