Suggested changes (#99)

Signed-off-by: desmax74 <[email protected]>

README.md

@@ -225,7 +225,7 @@ In order to deploy Trustification on a RHEL 9.3+ VM:
 
 ```
 [trustification]
-192.168.121.60 become=true
+192.168.121.60
 
 [trustification:vars]
 ansible_user=vagrant

roles/tpa_single_node/README.md

@@ -9,7 +9,6 @@ Deploy the [RHTPA](https://docs.redhat.com/en/documentation/red_hat_trusted_prof
 ### Required
 |Option|Description|Type|Default|
 |---|---|---|---|
-| tpa_single_node_rhel_host | Ip of the instance. | str |  |
 | tpa_single_node_storage_access_key | Storage access key, readed form the env var TPA_STORAGE_ACCESS_KEY. | str |  |
 | tpa_single_node_storage_secret_key | Storage access key, readed form the env var TPA_STORAGE_SECRET_KEY. | str |  |
 | tpa_single_node_event_access_key_id | Kafka Username or AWS SQS Access Key ID, readed from TPA_EVENT_ACCESS_KEY_ID env var | str |  |
@@ -26,6 +25,7 @@ Deploy the [RHTPA](https://docs.redhat.com/en/documentation/red_hat_trusted_prof
 | tpa_single_node_trustification_image | Trustification image. | str |  `registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:2943d20c8ac831f4ae4f209c8ca6807619404062`  |
 | tpa_single_node_guac_image | Guac image. | str |  `registry.redhat.io/rhtpa/rhtpa-guac-rhel9:f0688194637cc759052e02c350c38dbabc19484e`  |
 | tpa_single_node_base_hostname | The user name logging in to the registry to pull images. | str |  `trustification`  |
+| tpa_single_node_rhel_host | Ip of the instance. | str |  |
 | tpa_single_node_certificates_dir | Folder where to place the certificates to deploy on the instance. | str |  `certs`  |
 | tpa_single_node_config_dir | Configuration directory on the instance. | str |  `/etc/rhtpa`  |
 | tpa_single_node_kube_manifest_dir | Configuration directory on the instance containing the manifests. | str |  `/etc/rhtpa/manifests`  |
@@ -86,7 +86,6 @@ Deploy the [RHTPA](https://docs.redhat.com/en/documentation/red_hat_trusted_prof
 ```
 - hosts: rhtpa
   vars:
-    tpa_single_node_rhel_host: # TODO: required, type: str
     tpa_single_node_storage_access_key: # TODO: required, type: str
     tpa_single_node_storage_secret_key: # TODO: required, type: str
     tpa_single_node_event_access_key_id: # TODO: required, type: str

roles/tpa_single_node/defaults/main.yml

@@ -1,10 +1,10 @@
 ---
-# defaults file for tpa_single_node
-tpa_single_node_system_packages:
-  - podman
-  - podman-plugins
-  # @postgres-remove
-  - postgresql
-  - postgresql-server
-  - python3-pip
-  - python3-cryptography
+# Storage Service
+tpa_single_node_storage_type: minio # Either s3 or minio or other s3 compatible
+tpa_single_node_storage_region: eu-west-1 # <AWS S3 Storage region> # For Minio just keep eu-west-1
+# SQS_SERVICE
+tpa_single_node_event_bus_type: kafka # Either kafka or sqs
+### AWS SQS fields
+tpa_single_node_sqs_region: eu-west-1 # AWS SQS Region
+# SSO_SERVICE
+tpa_single_node_oidc_type: keycloak # Either Keycloak or AWS Cognito

roles/tpa_single_node/meta/argument_specs.yml

@@ -24,7 +24,6 @@ argument_specs:
       tpa_single_node_rhel_host:
         description: "Ip of the instance."
         type: "str"
-        required: true
         version_added: "1.2.0"
       tpa_single_node_certificates_dir:
         description: "Folder where to place the certificates to deploy on the instance."

roles/tpa_single_node/tasks/collectorist/api.yml

@@ -22,7 +22,7 @@
 - name: Create persistent volume for collectorist-api
   ansible.builtin.command:
     cmd: "podman kube play {{ tpa_single_node_kube_manifest_dir }}/PVCs/collectorist-api.yaml"
-  changed_when: true
+  changed_when: false
 
 - name: Deploy collectorist-api
   ansible.builtin.include_tasks: install_manifest.yml

roles/tpa_single_node/tasks/infra/events.yml

@@ -26,4 +26,4 @@
 - name: Apply Event Storage manifest
   ansible.builtin.command:
     cmd: "podman kube play {{ tpa_single_node_event_secret }}"
-  changed_when: true
+  changed_when: false

roles/tpa_single_node/tasks/infra/oidc.yml

@@ -28,4 +28,4 @@
 - name: Apply storage secret manifest
   ansible.builtin.command:
     cmd: "podman kube play {{ tpa_single_node_oidc_secret }}"
-  changed_when: true
+  changed_when: false

roles/tpa_single_node/tasks/infra/storage.yml

@@ -17,4 +17,4 @@
 - name: Apply storage secret manifest
   ansible.builtin.command:
     cmd: "podman kube play {{ tpa_single_node_storage_secret }}"
-  changed_when: true
+  changed_when: false

roles/tpa_single_node/tasks/infra/tls_cert.yml

@@ -11,4 +11,4 @@
 - name: Play Guac csub secret manifest
   ansible.builtin.command:
     cmd: "podman kube play {{ tpa_single_node_kube_manifest_dir }}/Secrets/tls-cert.yaml"
-  changed_when: true
+  changed_when: false

roles/tpa_single_node/tasks/main.yml

@@ -1,4 +1,8 @@
 ---
+- name: Get IP of the current node
+  ansible.builtin.set_fact:
+    tpa_single_node_rhel_host: "{{ ansible_ssh_host }}"
+
 - name: Set a variable about Rhel
   ansible.builtin.set_fact:
     rhel: false

roles/tpa_single_node/tasks/podman.yml

@@ -41,16 +41,16 @@
   ansible.builtin.command:
     cmd: "podman network create {{ tpa_single_node_podman_network }}"
   when: network_inspect_result.rc != 0
-  changed_when: true
+  changed_when: false
 
 - name: Pull trustification image from registry.redhat.io
   when: rhel
   ansible.builtin.command:
     cmd: "podman pull {{ tpa_single_node_trustification_image }}"
-  changed_when: true
+  changed_when: false
 
 - name: Pull Guac image from registry.redhat.io
   when: rhel
   ansible.builtin.command:
     cmd: "podman pull {{ tpa_single_node_guac_image }}"
-  changed_when: true
+  changed_when: false

roles/tpa_single_node/tasks/spog/api.yml

@@ -27,7 +27,7 @@
 - name: Create persistent volume for spog-api
   ansible.builtin.command:
     cmd: "podman kube play {{ tpa_single_node_kube_manifest_dir }}/PVCs/spog-api.yaml"
-  changed_when: true
+  changed_when: false
 
 - name: Deploy spog-api
   ansible.builtin.include_tasks: install_manifest.yml

roles/tpa_single_node/vars/main.yml

@@ -1,7 +1,6 @@
 ---
 # vars file for tpa_scaffolding
 tpa_single_node_base_hostname: trustification
-tpa_single_node_rhel_host: "{{ lookup('env', 'TPA_RHEL_HOST') | default('192.168.121.60', true) }}"
 tpa_single_node_certificates_dir: ./certs/
 tpa_single_node_config_dir: /etc/rhtpa
 tpa_single_node_kube_manifest_dir: "{{ tpa_single_node_config_dir }}/manifests"
@@ -19,19 +18,16 @@ tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_PASSWORD') }}"
 tpa_single_node_pg_ssl_mode: disable
 
 # Storage Service
-tpa_single_node_storage_type: minio # Either s3 or minio or other s3 compatible
 tpa_single_node_storage_access_key: "{{ lookup('env', 'TPA_STORAGE_ACCESS_KEY') }}" # S3/minio root username
 tpa_single_node_storage_secret_key: "{{ lookup('env', 'TPA_STORAGE_SECRET_KEY') }}" # S3/minio root password
 tpa_single_node_storage_bombastic_bucket: bombastic-default # <bombastic storage bucket name>
 tpa_single_node_storage_v11y_bucket: v11y-default # <v11y storage bucket name>
 tpa_single_node_storage_vexination_bucket: vexination-default # <vexination storage bucket name>
-tpa_single_node_storage_region: eu-west-1 # <AWS S3 Storage region> # For Minio just keep eu-west-1
 
 ## Storage Service - Minio fields
 tpa_single_node_storage_endpoint: "{{ lookup('env', 'TPA_STORAGE_ENDPOINT') }}" # Minio storage URL pointing to API 9000
 
 # SQS_SERVICE
-tpa_single_node_event_bus_type: kafka # Either kafka or sqs
 tpa_single_node_event_access_key_id: "{{ lookup('env', 'TPA_EVENT_ACCESS_KEY_ID') }}" # Kafka Username or AWS SQS Access Key ID
 tpa_single_node_event_secret_access_key: "{{ lookup('env', 'TPA_EVENT_SECRET_ACCESS_KEY') }}" # Kafka password or AWS SQS Secret Access Key
 tpa_single_node_bombastic_topic_failed: bombastic-failed-default # Bombastic Events topic failed
@@ -51,11 +47,7 @@ tpa_single_node_kafka_security_protocol: SASL_PLAINTEXT # Example - SASL_PLAINTE
 # Kafka Authentication Mechanism which is spec.kafka.listeners.authentication.type in Block letters.
 tpa_single_node_kafka_auth_mechanism: SCRAM-SHA-512 # Example - SCRAM-SHA-512
 
-### AWS SQS fields
-tpa_single_node_sqs_region: eu-west-1 # AWS SQS Region
-
 # SSO_SERVICE
-tpa_single_node_oidc_type: keycloak # Either Keycloak or AWS Cognito
 tpa_single_node_oidc_issuer_url: "{{ lookup('env', 'TPA_OIDC_ISSUER_URL') | default('tpa_single_node_default_empty', true) }}"
 tpa_single_node_oidc_frontend_id: "{{ lookup('env', 'TPA_OIDC_FRONTEND_ID') | default('tpa_single_node_default_empty', true) }}"
 tpa_single_node_oidc_provider_client_id: "{{ lookup('env', 'TPA_OIDC_PROVIDER_CLIENT_ID') | default('tpa_single_node_default_empty', true) }}"
@@ -93,3 +85,13 @@ tpa_single_node_bombastic_walker_suspended: true
 tpa_single_node_dataset_job_suspended: true
 tpa_single_node_vexination_walker_suspended: true
 tpa_single_node_v11y_walker_suspended: false
+
+# defaults file for tpa_single_node
+tpa_single_node_system_packages:
+  - podman
+  - podman-plugins
+  # @postgres-remove
+  - postgresql
+  - postgresql-server
+  - python3-pip
+  - python3-cryptography

roles/tpa_single_node/vars/main_example_aws.yml

@@ -1,7 +1,6 @@
 ---
 # vars file for tpa_scaffolding
 tpa_single_node_base_hostname: trustification
-tpa_single_node_rhel_host: "{{ lookup('env', 'TPA_RHEL_HOST') | default('192.168.121.60', true) }}"
 tpa_single_node_certificates_dir: certs/
 tpa_single_node_config_dir: /etc/rhtpa
 tpa_single_node_kube_manifest_dir: "{{ tpa_single_node_config_dir }}/manifests"

roles/tpa_single_node/vars/main_example_nonaws.yml

@@ -1,7 +1,6 @@
 ---
 # vars file for tpa_scaffolding
 tpa_single_node_base_hostname: trustification
-tpa_single_node_rhel_host: "{{ lookup('env', 'TPA_RHEL_HOST') | default('192.168.121.60', true) }}"
 tpa_single_node_certificates_dir: certs/
 tpa_single_node_config_dir: /etc/rhtpa
 tpa_single_node_kube_manifest_dir: "{{ tpa_single_node_config_dir }}/manifests"

vm-testing/rhel9-vm/inventory.ini

@@ -1,10 +1,9 @@
 [trustification]
-192.168.121.60 become=true
+192.168.121.60
 
 [trustification:vars]
 ansible_user=vagrant
-ansible_ssh_pass=vargrant
+ansible_ssh_pass=vagrant
 ansible_private_key_file=./vm-testing/rhel9-vm/.vagrant/machines/trustification/libvirt/private_key
 
 [local]
-