From 94e494cdeec975f58986616868012bd7f40f9bb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Massimiliano=20Dess=C3=AC=20-=20=28Fast=20Chauffeur=29?= Date: Thu, 24 Oct 2024 17:00:09 +0200 Subject: [PATCH] Suggested changes (#99) Signed-off-by: desmax74 --- README.md | 2 +- roles/tpa_single_node/README.md | 3 +-- roles/tpa_single_node/defaults/main.yml | 18 +++++++++--------- roles/tpa_single_node/meta/argument_specs.yml | 1 - .../tpa_single_node/tasks/collectorist/api.yml | 2 +- roles/tpa_single_node/tasks/infra/events.yml | 2 +- roles/tpa_single_node/tasks/infra/oidc.yml | 2 +- roles/tpa_single_node/tasks/infra/storage.yml | 2 +- roles/tpa_single_node/tasks/infra/tls_cert.yml | 2 +- roles/tpa_single_node/tasks/main.yml | 4 ++++ roles/tpa_single_node/tasks/podman.yml | 6 +++--- roles/tpa_single_node/tasks/spog/api.yml | 2 +- roles/tpa_single_node/vars/main.yml | 18 ++++++++++-------- .../tpa_single_node/vars/main_example_aws.yml | 1 - .../vars/main_example_nonaws.yml | 1 - vm-testing/rhel9-vm/inventory.ini | 5 ++--- 16 files changed, 36 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 320369d0..74b9f467 100644 --- a/README.md +++ b/README.md @@ -225,7 +225,7 @@ In order to deploy Trustification on a RHEL 9.3+ VM: ``` [trustification] -192.168.121.60 become=true +192.168.121.60 [trustification:vars] ansible_user=vagrant diff --git a/roles/tpa_single_node/README.md b/roles/tpa_single_node/README.md index ce333795..652ec5d6 100644 --- a/roles/tpa_single_node/README.md +++ b/roles/tpa_single_node/README.md @@ -9,7 +9,6 @@ Deploy the [RHTPA](https://docs.redhat.com/en/documentation/red_hat_trusted_prof ### Required |Option|Description|Type|Default| |---|---|---|---| -| tpa_single_node_rhel_host | Ip of the instance. | str | | | tpa_single_node_storage_access_key | Storage access key, readed form the env var TPA_STORAGE_ACCESS_KEY. | str | | | tpa_single_node_storage_secret_key | Storage access key, readed form the env var TPA_STORAGE_SECRET_KEY. | str | | | tpa_single_node_event_access_key_id | Kafka Username or AWS SQS Access Key ID, readed from TPA_EVENT_ACCESS_KEY_ID env var | str | | @@ -26,6 +25,7 @@ Deploy the [RHTPA](https://docs.redhat.com/en/documentation/red_hat_trusted_prof | tpa_single_node_trustification_image | Trustification image. | str | `registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:2943d20c8ac831f4ae4f209c8ca6807619404062` | | tpa_single_node_guac_image | Guac image. | str | `registry.redhat.io/rhtpa/rhtpa-guac-rhel9:f0688194637cc759052e02c350c38dbabc19484e` | | tpa_single_node_base_hostname | The user name logging in to the registry to pull images. | str | `trustification` | +| tpa_single_node_rhel_host | Ip of the instance. | str | | | tpa_single_node_certificates_dir | Folder where to place the certificates to deploy on the instance. | str | `certs` | | tpa_single_node_config_dir | Configuration directory on the instance. | str | `/etc/rhtpa` | | tpa_single_node_kube_manifest_dir | Configuration directory on the instance containing the manifests. | str | `/etc/rhtpa/manifests` | @@ -86,7 +86,6 @@ Deploy the [RHTPA](https://docs.redhat.com/en/documentation/red_hat_trusted_prof ``` - hosts: rhtpa vars: - tpa_single_node_rhel_host: # TODO: required, type: str tpa_single_node_storage_access_key: # TODO: required, type: str tpa_single_node_storage_secret_key: # TODO: required, type: str tpa_single_node_event_access_key_id: # TODO: required, type: str diff --git a/roles/tpa_single_node/defaults/main.yml b/roles/tpa_single_node/defaults/main.yml index 9cf64e79..2580150d 100644 --- a/roles/tpa_single_node/defaults/main.yml +++ b/roles/tpa_single_node/defaults/main.yml @@ -1,10 +1,10 @@ --- -# defaults file for tpa_single_node -tpa_single_node_system_packages: - - podman - - podman-plugins - # @postgres-remove - - postgresql - - postgresql-server - - python3-pip - - python3-cryptography +# Storage Service +tpa_single_node_storage_type: minio # Either s3 or minio or other s3 compatible +tpa_single_node_storage_region: eu-west-1 # # For Minio just keep eu-west-1 +# SQS_SERVICE +tpa_single_node_event_bus_type: kafka # Either kafka or sqs +### AWS SQS fields +tpa_single_node_sqs_region: eu-west-1 # AWS SQS Region +# SSO_SERVICE +tpa_single_node_oidc_type: keycloak # Either Keycloak or AWS Cognito diff --git a/roles/tpa_single_node/meta/argument_specs.yml b/roles/tpa_single_node/meta/argument_specs.yml index e55c8784..17347ec1 100644 --- a/roles/tpa_single_node/meta/argument_specs.yml +++ b/roles/tpa_single_node/meta/argument_specs.yml @@ -24,7 +24,6 @@ argument_specs: tpa_single_node_rhel_host: description: "Ip of the instance." type: "str" - required: true version_added: "1.2.0" tpa_single_node_certificates_dir: description: "Folder where to place the certificates to deploy on the instance." diff --git a/roles/tpa_single_node/tasks/collectorist/api.yml b/roles/tpa_single_node/tasks/collectorist/api.yml index c1327c33..dd8e19b3 100644 --- a/roles/tpa_single_node/tasks/collectorist/api.yml +++ b/roles/tpa_single_node/tasks/collectorist/api.yml @@ -22,7 +22,7 @@ - name: Create persistent volume for collectorist-api ansible.builtin.command: cmd: "podman kube play {{ tpa_single_node_kube_manifest_dir }}/PVCs/collectorist-api.yaml" - changed_when: true + changed_when: false - name: Deploy collectorist-api ansible.builtin.include_tasks: install_manifest.yml diff --git a/roles/tpa_single_node/tasks/infra/events.yml b/roles/tpa_single_node/tasks/infra/events.yml index d635e4e8..33a04d57 100644 --- a/roles/tpa_single_node/tasks/infra/events.yml +++ b/roles/tpa_single_node/tasks/infra/events.yml @@ -26,4 +26,4 @@ - name: Apply Event Storage manifest ansible.builtin.command: cmd: "podman kube play {{ tpa_single_node_event_secret }}" - changed_when: true + changed_when: false diff --git a/roles/tpa_single_node/tasks/infra/oidc.yml b/roles/tpa_single_node/tasks/infra/oidc.yml index 38b34bf7..3abecd83 100644 --- a/roles/tpa_single_node/tasks/infra/oidc.yml +++ b/roles/tpa_single_node/tasks/infra/oidc.yml @@ -28,4 +28,4 @@ - name: Apply storage secret manifest ansible.builtin.command: cmd: "podman kube play {{ tpa_single_node_oidc_secret }}" - changed_when: true + changed_when: false diff --git a/roles/tpa_single_node/tasks/infra/storage.yml b/roles/tpa_single_node/tasks/infra/storage.yml index 04256112..de54fa22 100644 --- a/roles/tpa_single_node/tasks/infra/storage.yml +++ b/roles/tpa_single_node/tasks/infra/storage.yml @@ -17,4 +17,4 @@ - name: Apply storage secret manifest ansible.builtin.command: cmd: "podman kube play {{ tpa_single_node_storage_secret }}" - changed_when: true + changed_when: false diff --git a/roles/tpa_single_node/tasks/infra/tls_cert.yml b/roles/tpa_single_node/tasks/infra/tls_cert.yml index 96e17873..51384a63 100644 --- a/roles/tpa_single_node/tasks/infra/tls_cert.yml +++ b/roles/tpa_single_node/tasks/infra/tls_cert.yml @@ -11,4 +11,4 @@ - name: Play Guac csub secret manifest ansible.builtin.command: cmd: "podman kube play {{ tpa_single_node_kube_manifest_dir }}/Secrets/tls-cert.yaml" - changed_when: true + changed_when: false diff --git a/roles/tpa_single_node/tasks/main.yml b/roles/tpa_single_node/tasks/main.yml index 384046be..83c3080c 100644 --- a/roles/tpa_single_node/tasks/main.yml +++ b/roles/tpa_single_node/tasks/main.yml @@ -1,4 +1,8 @@ --- +- name: Get IP of the current node + ansible.builtin.set_fact: + tpa_single_node_rhel_host: "{{ ansible_ssh_host }}" + - name: Set a variable about Rhel ansible.builtin.set_fact: rhel: false diff --git a/roles/tpa_single_node/tasks/podman.yml b/roles/tpa_single_node/tasks/podman.yml index b29d7491..c51c4db9 100644 --- a/roles/tpa_single_node/tasks/podman.yml +++ b/roles/tpa_single_node/tasks/podman.yml @@ -41,16 +41,16 @@ ansible.builtin.command: cmd: "podman network create {{ tpa_single_node_podman_network }}" when: network_inspect_result.rc != 0 - changed_when: true + changed_when: false - name: Pull trustification image from registry.redhat.io when: rhel ansible.builtin.command: cmd: "podman pull {{ tpa_single_node_trustification_image }}" - changed_when: true + changed_when: false - name: Pull Guac image from registry.redhat.io when: rhel ansible.builtin.command: cmd: "podman pull {{ tpa_single_node_guac_image }}" - changed_when: true + changed_when: false diff --git a/roles/tpa_single_node/tasks/spog/api.yml b/roles/tpa_single_node/tasks/spog/api.yml index 082f241c..333a90f8 100644 --- a/roles/tpa_single_node/tasks/spog/api.yml +++ b/roles/tpa_single_node/tasks/spog/api.yml @@ -27,7 +27,7 @@ - name: Create persistent volume for spog-api ansible.builtin.command: cmd: "podman kube play {{ tpa_single_node_kube_manifest_dir }}/PVCs/spog-api.yaml" - changed_when: true + changed_when: false - name: Deploy spog-api ansible.builtin.include_tasks: install_manifest.yml diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml index 723ad54a..4a69b944 100644 --- a/roles/tpa_single_node/vars/main.yml +++ b/roles/tpa_single_node/vars/main.yml @@ -1,7 +1,6 @@ --- # vars file for tpa_scaffolding tpa_single_node_base_hostname: trustification -tpa_single_node_rhel_host: "{{ lookup('env', 'TPA_RHEL_HOST') | default('192.168.121.60', true) }}" tpa_single_node_certificates_dir: ./certs/ tpa_single_node_config_dir: /etc/rhtpa tpa_single_node_kube_manifest_dir: "{{ tpa_single_node_config_dir }}/manifests" @@ -19,19 +18,16 @@ tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_PASSWORD') }}" tpa_single_node_pg_ssl_mode: disable # Storage Service -tpa_single_node_storage_type: minio # Either s3 or minio or other s3 compatible tpa_single_node_storage_access_key: "{{ lookup('env', 'TPA_STORAGE_ACCESS_KEY') }}" # S3/minio root username tpa_single_node_storage_secret_key: "{{ lookup('env', 'TPA_STORAGE_SECRET_KEY') }}" # S3/minio root password tpa_single_node_storage_bombastic_bucket: bombastic-default # tpa_single_node_storage_v11y_bucket: v11y-default # tpa_single_node_storage_vexination_bucket: vexination-default # -tpa_single_node_storage_region: eu-west-1 # # For Minio just keep eu-west-1 ## Storage Service - Minio fields tpa_single_node_storage_endpoint: "{{ lookup('env', 'TPA_STORAGE_ENDPOINT') }}" # Minio storage URL pointing to API 9000 # SQS_SERVICE -tpa_single_node_event_bus_type: kafka # Either kafka or sqs tpa_single_node_event_access_key_id: "{{ lookup('env', 'TPA_EVENT_ACCESS_KEY_ID') }}" # Kafka Username or AWS SQS Access Key ID tpa_single_node_event_secret_access_key: "{{ lookup('env', 'TPA_EVENT_SECRET_ACCESS_KEY') }}" # Kafka password or AWS SQS Secret Access Key tpa_single_node_bombastic_topic_failed: bombastic-failed-default # Bombastic Events topic failed @@ -51,11 +47,7 @@ tpa_single_node_kafka_security_protocol: SASL_PLAINTEXT # Example - SASL_PLAINTE # Kafka Authentication Mechanism which is spec.kafka.listeners.authentication.type in Block letters. tpa_single_node_kafka_auth_mechanism: SCRAM-SHA-512 # Example - SCRAM-SHA-512 -### AWS SQS fields -tpa_single_node_sqs_region: eu-west-1 # AWS SQS Region - # SSO_SERVICE -tpa_single_node_oidc_type: keycloak # Either Keycloak or AWS Cognito tpa_single_node_oidc_issuer_url: "{{ lookup('env', 'TPA_OIDC_ISSUER_URL') | default('tpa_single_node_default_empty', true) }}" tpa_single_node_oidc_frontend_id: "{{ lookup('env', 'TPA_OIDC_FRONTEND_ID') | default('tpa_single_node_default_empty', true) }}" tpa_single_node_oidc_provider_client_id: "{{ lookup('env', 'TPA_OIDC_PROVIDER_CLIENT_ID') | default('tpa_single_node_default_empty', true) }}" @@ -93,3 +85,13 @@ tpa_single_node_bombastic_walker_suspended: true tpa_single_node_dataset_job_suspended: true tpa_single_node_vexination_walker_suspended: true tpa_single_node_v11y_walker_suspended: false + +# defaults file for tpa_single_node +tpa_single_node_system_packages: + - podman + - podman-plugins + # @postgres-remove + - postgresql + - postgresql-server + - python3-pip + - python3-cryptography diff --git a/roles/tpa_single_node/vars/main_example_aws.yml b/roles/tpa_single_node/vars/main_example_aws.yml index c8badda1..61a32804 100644 --- a/roles/tpa_single_node/vars/main_example_aws.yml +++ b/roles/tpa_single_node/vars/main_example_aws.yml @@ -1,7 +1,6 @@ --- # vars file for tpa_scaffolding tpa_single_node_base_hostname: trustification -tpa_single_node_rhel_host: "{{ lookup('env', 'TPA_RHEL_HOST') | default('192.168.121.60', true) }}" tpa_single_node_certificates_dir: certs/ tpa_single_node_config_dir: /etc/rhtpa tpa_single_node_kube_manifest_dir: "{{ tpa_single_node_config_dir }}/manifests" diff --git a/roles/tpa_single_node/vars/main_example_nonaws.yml b/roles/tpa_single_node/vars/main_example_nonaws.yml index e8700066..fb2cc236 100644 --- a/roles/tpa_single_node/vars/main_example_nonaws.yml +++ b/roles/tpa_single_node/vars/main_example_nonaws.yml @@ -1,7 +1,6 @@ --- # vars file for tpa_scaffolding tpa_single_node_base_hostname: trustification -tpa_single_node_rhel_host: "{{ lookup('env', 'TPA_RHEL_HOST') | default('192.168.121.60', true) }}" tpa_single_node_certificates_dir: certs/ tpa_single_node_config_dir: /etc/rhtpa tpa_single_node_kube_manifest_dir: "{{ tpa_single_node_config_dir }}/manifests" diff --git a/vm-testing/rhel9-vm/inventory.ini b/vm-testing/rhel9-vm/inventory.ini index 1d5bb942..8076bddc 100644 --- a/vm-testing/rhel9-vm/inventory.ini +++ b/vm-testing/rhel9-vm/inventory.ini @@ -1,10 +1,9 @@ [trustification] -192.168.121.60 become=true +192.168.121.60 [trustification:vars] ansible_user=vagrant -ansible_ssh_pass=vargrant +ansible_ssh_pass=vagrant ansible_private_key_file=./vm-testing/rhel9-vm/.vagrant/machines/trustification/libvirt/private_key [local] -