diff --git a/roles/openshift-apps/firmitas/default/main.yml b/roles/openshift-apps/firmitas/default/main.yml index 63eab83f49..7b6374b16a 100644 --- a/roles/openshift-apps/firmitas/default/main.yml +++ b/roles/openshift-apps/firmitas/default/main.yml @@ -4,8 +4,10 @@ firmitas_application_name: "{{ firmitas_namespace }}" firmitas_pagure_secret_volume_name: "firmitas-pagure-volume" firmitas_pagure_secret_name: "firmitas-pagure-secret" firmitas_stg_pagure_apikey: "OVERRIDEME" # in the ansible-private repo +firmitas_stg_pagure_username: "OVERRIDEME" # in the ansible-private repo firmitas_stg_pagure_host: "OVERRIDEME" # in the ansible-private repo firmitas_pagure_apikey: "OVERRIDEME" # in the ansible-private repo +firmitas_pagure_username: "OVERRIDEME" # in the ansible-private repo firmitas_pagure_host: "OVERRIDEME" # in the ansible-private repo firmitas_certs_location: "https://infrastructure.fedoraproject.org/infra/rabbitmq-certs/" firmitas_requester: "t0xic0der" diff --git a/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml b/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml new file mode 100644 index 0000000000..0ac411de7a --- /dev/null +++ b/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml @@ -0,0 +1,46 @@ +--- +# generate the templates for project to be created +- name: Create the myconfig.py configuration + ansible.builtin.template: + src: myconfig.py.j2 + dest: /ocp4/openshift-apps/firmitas/myconfig.py + mode: 0600 + owner: root + group: root + tags: + - firmitas-configuration-secret + +# generate the templates for project to be created +- name: Create the myconfig.py configuration + ansible.builtin.template: + src: certlist.yml.j2 + dest: /ocp4/openshift-apps/firmitas/certlist.yml + mode: 0600 + owner: root + group: root + tags: + - firmitas-configuration-secret + +# Create the Secret from this file +# generate the templates for project to be created +- name: copy the templates to the host + template: + src: "secret-configuration.yml" + dest: "/root/ocp4/openshift-apps/firmitas/secret-configuration.yml" + mode: 0600 + vars: + firmitas_myconfig_py_file: + "{{ lookup('file', + '/ocp4/openshift-apps/firmitas/myconfig.py') + }}" + firmitas_certlist_yml_file: + "{{ lookup('file', + '/ocp4/openshift-apps/firmitas/certlist.yml') + }}" + + +# apply the openshift resources +- name: oc apply resources + command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/secret-myconfig-py.yml" + tags: + - firmitas-configuration-secret diff --git a/roles/openshift-apps/firmitas/tasks/main.yml b/roles/openshift-apps/firmitas/tasks/main.yml index eddf9cf20e..a913d4b23d 100644 --- a/roles/openshift-apps/firmitas/tasks/main.yml +++ b/roles/openshift-apps/firmitas/tasks/main.yml @@ -2,6 +2,7 @@ - include_tasks: create-namespace.yml - include_tasks: create-pagure-apikey-secret.yml +- include_tasks: create-firmitas-configuration-secret.yml - include_tasks: create-persistent-volume-claim.yml - include_tasks: create-imagestream.yml - include_tasks: create-buildconfig.yml diff --git a/roles/openshift-apps/firmitas/templates/certlist.yml.j2 b/roles/openshift-apps/firmitas/templates/certlist.yml.j2 new file mode 100644 index 0000000000..6f7d1e47b2 --- /dev/null +++ b/roles/openshift-apps/firmitas/templates/certlist.yml.j2 @@ -0,0 +1,1265 @@ +--- +alt-src.stg: + path: alt-src.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +anitya.stg: + path: anitya.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +basset.stg: + path: basset.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +batcave.stg: + path: batcave.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +bodhi.stg: + path: bodhi.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +bugzilla2fedmsg.stg: + path: bugzilla2fedmsg.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +cbs.stg: + path: cbs.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +centos-ci.stg: + path: centos-ci.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +centos-stream-robosignatory.stg: + path: centos-stream-robosignatory.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +copr-be-dev.stg: + path: copr-be-dev.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +copr.stg: + path: copr.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +coreos-ostree-importer.stg: + path: coreos-ostree-importer.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +coreos.stg: + path: coreos.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +datagrepper.stg: + path: datagrepper.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +datanommer.stg: + path: datanommer.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +discourse2fedmsg.stg: + path: discourse2fedmsg.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +distrobuildsync-eln: + path: distrobuildsync-eln.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +elections.stg: + path: elections.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +faf.stg: + path: faf.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +fedbadges.stg: + path: fedbadges.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +fedocal.stg: + path: fedocal.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +fedora-messaging-operator.stg: + path: fedora-messaging-operator.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +fedora-messaging.stg: + path: fedora-messaging.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +fedora-search.stg: + path: fedora-search.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +fedora.stg: + path: fedora.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +fmn.stg: + path: fmn.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +fm-orchestrator.stg: + path: fm-orchestrator.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +git-hooks: + path: git-hooks.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +github2fedmsg.stg: + path: github2fedmsg.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +gitlab-centos.stg: + path: gitlab-centos.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +greenwave.stg: + path: greenwave.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +jclinetest: + path: jclinetest.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +joystick.stg: + path: joystick.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +koji-centos.stg: + path: koji-centos.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +koji.stg: + path: koji.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +koschei.stg: + path: koschei.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +logging.stg: + path: logging.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +mailman3-fedmsg-plugin.stg: + path: mailman3-fedmsg-plugin.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +mailman.stg: + path: mailman.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +mbbox-centos.stg: + path: mbbox-centos.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +mbs-private-queue.stg: + path: mbs-private-queue.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +mdapi.stg: + path: mdapi.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +mediawiki.stg: + path: mediawiki.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +messaging-bridge.stg.fedoraproject.org: + path: messaging-bridge.stg.fedoraproject.org.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +mirrormanager2.stg: + path: mirrormanager2.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +monitor-gating.stg: + path: monitor-gating.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +mts.stg: + path: mts.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +noggin.stg: + path: noggin.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +nuancier.stg: + path: nuancier.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +odcs-private-queue.stg: + path: odcs-private-queue.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +odcs.stg: + path: odcs.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +openqa.stg: + path: openqa.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +pagure.stg: + path: pagure.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +pubsub_federation: + path: pubsub_federation.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +pungi.stg: + path: pungi.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +rabbitmq01.stg.iad2.fedoraproject.org: + path: rabbitmq01.stg.iad2.fedoraproject.org.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +rabbitmq01.stg.phx2.fedoraproject.org: + path: rabbitmq01.stg.phx2.fedoraproject.org.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +rabbitmq02.stg.iad2.fedoraproject.org: + path: rabbitmq02.stg.iad2.fedoraproject.org.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +rabbitmq02.stg.phx2.fedoraproject.org: + path: rabbitmq02.stg.phx2.fedoraproject.org.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +rabbitmq03.stg.iad2.fedoraproject.org: + path: rabbitmq03.stg.iad2.fedoraproject.org.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +rabbitmq03.stg.phx2.fedoraproject.org: + path: rabbitmq03.stg.phx2.fedoraproject.org.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +releng-tools.stg: + path: releng-tools.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +resultsdb-centos.stg: + path: resultsdb-centos.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +resultsdb.stg: + path: resultsdb.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +retrace.stg: + path: retrace.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +robosignatory.stg: + path: robosignatory.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +robosign.stg: + path: robosign.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +rpminspect.stg: + path: rpminspect.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +sse2fedmsg.stg: + path: sse2fedmsg.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +supybot-fedmsg.stg: + path: supybot-fedmsg.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +tag2distrepo.stg: + path: tag2distrepo.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +tahrir-api.stg: + path: tahrir-api.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +tahrir.stg: + path: tahrir.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +testing-farm.stg: + path: testing-farm.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +the-new-hotness.stg: + path: the-new-hotness.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +toddlers.stg: + path: toddlers.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +ursabot: + path: ursabot.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +waiverdb.stg: + path: waiverdb.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: +zanata2fedmsg.stg: + path: zanata2fedmsg.stg.crt + user: t0xic0der + certstat: + cstarted: + cstopped: + daystobt: 0 + daystodd: 0 + issuauth: + serialno: + stopdate: + strtdate: + notistat: + done: false + link: + time: diff --git a/roles/openshift-apps/firmitas/templates/deployment.yml b/roles/openshift-apps/firmitas/templates/deployment.yml index 32bdc549c2..0eb3880227 100644 --- a/roles/openshift-apps/firmitas/templates/deployment.yml +++ b/roles/openshift-apps/firmitas/templates/deployment.yml @@ -11,6 +11,8 @@ spec: app: "{{firmitas_application_name}}" template: metadata: + labels: + app: "{{ firmitas_application_name }}" spec: securityContext: runAsNonRoot: true @@ -23,7 +25,7 @@ spec: # type: RuntimeDefault containers: - image: "{{ firmitas_image }}" - name: firmitas + name: "{{ firmitas_application_name }}" securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/roles/openshift-apps/firmitas/templates/myconfig.py.j2 b/roles/openshift-apps/firmitas/templates/myconfig.py.j2 new file mode 100644 index 0000000000..811b3b9856 --- /dev/null +++ b/roles/openshift-apps/firmitas/templates/myconfig.py.j2 @@ -0,0 +1,96 @@ +""" +Firmitas +Copyright (C) 2023-2024 Akashdeep Dhar + +This program is free software: you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation, either version 3 of the License, or (at your option) any later +version. + +This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +details. + +You should have received a copy of the GNU General Public License along with +this program. If not, see . + +Any Red Hat trademarks that are incorporated in the source code or +documentation are not subject to the GNU General Public License and may only +be used or replicated with the express permission of Red Hat, Inc. +""" + +""" +Variables related to notifications +""" + +# The limit for how long a single request must be attempted for +rqsttime = 30 + +# The source code forge on which the issue tickets need to be created +gitforge = "pagure" + +# The location of the ticketing repository +repoloca = "" + +# The name of the ticketing repository with namespace +reponame = "" + +# The username to masquerade as in order to create notification tickets +username = "{{ (env == 'staging')|ternary(firmitas_stg_pagure_user, firmitas_pagure_user) }}" + +# The API key for the source code forge pertaining to the user +password = "{{ (env == 'staging')|ternary(firmitas_stg_pagure_apikey, firmitas_pagure_apikey) }}" + +# Number of days from validity expiry to make the notification for +daysqant = 30 + +# List of labels to tag the notification tickets with +tagslist = ["firmitas", "automate", "notifier"] + +# Maximum number of retries to opening the notification ticket +maxretry = 5 + +""" +Variables related to probing +""" + +# The location of the X.509 standard TLS certificates +certloca = "/var/tmp/firmitas/certhere" # noqa : S108 + +# The location of the service hostnames and maintainers map +hostloca = "/var/tmp/firmitas/certlist.yml" # noqa: S108 + +""" +Variables related to logging +""" + +# The default configuration for service logging +logrconf = { + "version": 1, + "disable_existing_loggers": False, + "formatters": { + "standard": { + "format": "[FMTS] %(asctime)s [%(levelname)s] %(message)s", + "datefmt": "[%Y-%m-%d %I:%M:%S %z]", + }, + }, + "handlers": { + "console": { + "level": "DEBUG", + "formatter": "standard", + "class": "logging.StreamHandler", + "stream": "ext://sys.stdout", + }, + }, + "root": { + "level": "DEBUG", + "handlers": ["console"], + }, +} + +""" +Variables used for computing +""" + +certdict = {} diff --git a/roles/openshift-apps/firmitas/templates/secret-configuration.yml b/roles/openshift-apps/firmitas/templates/secret-configuration.yml new file mode 100644 index 0000000000..966ec8208c --- /dev/null +++ b/roles/openshift-apps/firmitas/templates/secret-configuration.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ firmitas_application_name }}-configuration-secret" + namespace: "{{ firmitas_namespace }}" +data: + myconfig.py: + "{{ firmitas_myconfig_py_file | b64encode }}" + certlist.yml: + "{{ firmitas_certlist_yml_file | b64encode }}"