firmitas: update deployment with label selector

add configuration for myconfig.py and certlist.yml
add Secret to hold configuration
add task to deploy secret

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>

roles/openshift-apps/firmitas/default/main.yml

@@ -4,8 +4,10 @@ firmitas_application_name: "{{ firmitas_namespace }}"
 firmitas_pagure_secret_volume_name: "firmitas-pagure-volume"
 firmitas_pagure_secret_name: "firmitas-pagure-secret"
 firmitas_stg_pagure_apikey: "OVERRIDEME" # in the ansible-private repo
+firmitas_stg_pagure_username: "OVERRIDEME" # in the ansible-private repo
 firmitas_stg_pagure_host: "OVERRIDEME" # in the ansible-private repo
 firmitas_pagure_apikey: "OVERRIDEME" # in the ansible-private repo
+firmitas_pagure_username: "OVERRIDEME" # in the ansible-private repo
 firmitas_pagure_host: "OVERRIDEME" # in the ansible-private repo
 firmitas_certs_location: "https://infrastructure.fedoraproject.org/infra/rabbitmq-certs/"
 firmitas_requester: "t0xic0der"

roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml

@@ -0,0 +1,46 @@
+---
+# generate the templates for project to be created
+- name: Create the myconfig.py configuration
+  ansible.builtin.template:
+    src: myconfig.py.j2
+    dest: /ocp4/openshift-apps/firmitas/myconfig.py
+    mode: 0600
+    owner: root
+    group: root
+  tags:
+    - firmitas-configuration-secret
+
+# generate the templates for project to be created
+- name: Create the myconfig.py configuration
+  ansible.builtin.template:
+    src: certlist.yml.j2
+    dest: /ocp4/openshift-apps/firmitas/certlist.yml
+    mode: 0600
+    owner: root
+    group: root
+  tags:
+    - firmitas-configuration-secret
+
+# Create the Secret from this file
+# generate the templates for project to be created
+- name: copy the templates to the host
+  template:
+    src: "secret-configuration.yml"
+    dest: "/root/ocp4/openshift-apps/firmitas/secret-configuration.yml"
+    mode: 0600
+  vars:
+    firmitas_myconfig_py_file:
+      "{{ lookup('file',
+      '/ocp4/openshift-apps/firmitas/myconfig.py')
+      }}"
+    firmitas_certlist_yml_file:
+      "{{ lookup('file',
+      '/ocp4/openshift-apps/firmitas/certlist.yml')
+      }}"
+
+
+# apply the openshift resources
+- name: oc apply resources
+  command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/secret-myconfig-py.yml"
+  tags:
+    - firmitas-configuration-secret

roles/openshift-apps/firmitas/tasks/main.yml

@@ -2,6 +2,7 @@
 
 - include_tasks: create-namespace.yml
 - include_tasks: create-pagure-apikey-secret.yml
+- include_tasks: create-firmitas-configuration-secret.yml
 - include_tasks: create-persistent-volume-claim.yml
 - include_tasks: create-imagestream.yml
 - include_tasks: create-buildconfig.yml

roles/openshift-apps/firmitas/templates/deployment.yml

@@ -11,6 +11,8 @@ spec:
       app: "{{firmitas_application_name}}"
   template:
     metadata:
+      labels:
+        app: "{{ firmitas_application_name }}"
     spec:
       securityContext:
         runAsNonRoot: true
@@ -23,7 +25,7 @@ spec:
         #   type: RuntimeDefault
       containers:
       - image: "{{ firmitas_image }}"
-        name: firmitas
+        name: "{{ firmitas_application_name }}"
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:

roles/openshift-apps/firmitas/templates/myconfig.py.j2

@@ -0,0 +1,96 @@
+"""
+Firmitas
+Copyright (C) 2023-2024 Akashdeep Dhar
+
+This program is free software: you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free Software
+Foundation, either version 3 of the License, or (at your option) any later
+version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along with
+this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Any Red Hat trademarks that are incorporated in the source code or
+documentation are not subject to the GNU General Public License and may only
+be used or replicated with the express permission of Red Hat, Inc.
+"""
+
+"""
+Variables related to notifications
+"""
+
+# The limit for how long a single request must be attempted for
+rqsttime = 30
+
+# The source code forge on which the issue tickets need to be created
+gitforge = "pagure"
+
+# The location of the ticketing repository
+repoloca = ""
+
+# The name of the ticketing repository with namespace
+reponame = ""
+
+# The username to masquerade as in order to create notification tickets
+username = "{{ (env == 'staging')|ternary(firmitas_stg_pagure_user, firmitas_pagure_user) }}"
+
+# The API key for the source code forge pertaining to the user
+password = "{{ (env == 'staging')|ternary(firmitas_stg_pagure_apikey, firmitas_pagure_apikey) }}"
+
+# Number of days from validity expiry to make the notification for
+daysqant = 30
+
+# List of labels to tag the notification tickets with
+tagslist = ["firmitas", "automate", "notifier"]
+
+# Maximum number of retries to opening the notification ticket
+maxretry = 5
+
+"""
+Variables related to probing
+"""
+
+# The location of the X.509 standard TLS certificates
+certloca = "/var/tmp/firmitas/certhere"  # noqa : S108
+
+# The location of the service hostnames and maintainers map
+hostloca = "/var/tmp/firmitas/certlist.yml"  # noqa: S108
+
+"""
+Variables related to logging
+"""
+
+# The default configuration for service logging
+logrconf = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "standard": {
+            "format": "[FMTS] %(asctime)s [%(levelname)s] %(message)s",
+            "datefmt": "[%Y-%m-%d %I:%M:%S %z]",
+        },
+    },
+    "handlers": {
+        "console": {
+            "level": "DEBUG",
+            "formatter": "standard",
+            "class": "logging.StreamHandler",
+            "stream": "ext://sys.stdout",
+        },
+    },
+    "root": {
+        "level": "DEBUG",
+        "handlers": ["console"],
+    },
+}
+
+"""
+Variables used for computing
+"""
+
+certdict = {}

roles/openshift-apps/firmitas/templates/secret-configuration.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ firmitas_application_name }}-configuration-secret"
+  namespace: "{{ firmitas_namespace }}"
+data:
+  myconfig.py:
+    "{{ firmitas_myconfig_py_file | b64encode }}"
+  certlist.yml:
+    "{{ firmitas_certlist_yml_file | b64encode }}"