Regroup pod restart

trustification · Oct 28, 2024 · a3410ab · a3410ab
1 parent ee4e968
commit a3410ab
Show file tree

Hide file tree

Showing 10 changed files with 31 additions and 67 deletions.
diff --git a/roles/tpa_single_node/defaults/main.yml b/roles/tpa_single_node/defaults/main.yml
@@ -1,10 +1,10 @@
 ---
 # Storage Service
-tpa_single_node_storage_type: s3 # Either s3 or minio or other s3 compatible
+tpa_single_node_storage_type: minio # Either s3 or minio or other s3 compatible
 tpa_single_node_storage_region: eu-west-1 # <AWS S3 Storage region> # For Minio just keep eu-west-1
 # SQS_SERVICE
-tpa_single_node_event_bus_type: sqs # Either kafka or sqs
+tpa_single_node_event_bus_type: kafka # Either kafka or sqs
 ### AWS SQS fields
 tpa_single_node_sqs_region: eu-west-1 # AWS SQS Region
 # SSO_SERVICE
-tpa_single_node_oidc_type: cognito # Either Keycloak or AWS Cognito
+tpa_single_node_oidc_type: keycloak # Either Keycloak or AWS Cognito
diff --git a/roles/tpa_single_node/handlers/main.yml b/roles/tpa_single_node/handlers/main.yml
@@ -1 +1,5 @@
 ---
+- name: Reload services
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+  loop: "{{ services }}"
diff --git a/roles/tpa_single_node/tasks/bombastic/walker.yml b/roles/tpa_single_node/tasks/bombastic/walker.yml
@@ -1,6 +1,6 @@
 ---
 - name: Deploy bombastic walker Pod
-  ansible.builtin.include_tasks: install_manifest_cronjob.yml
+  ansible.builtin.include_tasks: install_manifest.yml
   when: not tpa_single_node_bombastic_walker_suspended
   vars:
     podman_spec:
@@ -12,4 +12,4 @@
         pattern: 1h # *:0/10 for realtime instead of monotonic
       kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/bombastic/walker/Deployment.yaml.j2') | from_yaml }}"
       configmaps:
-        - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml"
+        - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml"
diff --git a/roles/tpa_single_node/tasks/install_manifest.yml b/roles/tpa_single_node/tasks/install_manifest.yml
@@ -1,7 +1,4 @@
 ---
-# NOTE: determining when the service will restart with `when: ...` is not ideal, however
-# we would need a dynamic handler otherwise and these are a bit fragile.
-
 - name: Set location of Podman Play Manifest
   ansible.builtin.set_fact:
     kube_play_file: >-
@@ -22,11 +19,16 @@
     mode: "0600"
   register: copy_systemd_file
 
-- name: Restart Podman Service
-  ansible.builtin.systemd:
-    state: restarted
-    enabled: true
-    daemon_reload: true
-    name: "{{ podman_spec.systemd_file }}"
-    no_block: true
-  when: copy_manifest.changed or copy_systemd_file.changed
+- name: Add systemd timer for {{ podman_spec.systemd_file }}
+  when: podman_spec.timer is defined
+  ansible.builtin.template:
+    src: systemd/timer.j2
+    dest: "{{ tpa_single_node_systemd_directory + '/' + podman_spec.systemd_file }}.timer"
+    mode: "0600"
+  register: copy_systemd_timer_file
+
+- name: Add {{ podman_spec.systemd_file }} to services list
+  ansible.builtin.set_fact:
+    services: "{{ services + [  podman_spec.systemd_file ] }}"
+  changed_when: true
+  notify: Reload services
diff --git a/roles/tpa_single_node/tasks/install_manifest_cronjob.yml b/roles/tpa_single_node/tasks/install_manifest_cronjob.yml
diff --git a/roles/tpa_single_node/tasks/main.yml b/roles/tpa_single_node/tasks/main.yml
@@ -15,6 +15,10 @@
     - ansible_facts['distribution_major_version'] == '9'
     - (ansible_facts['distribution_version'] | split('.'))[1] | int >= 3
 
+- name: Create Services list
+  ansible.builtin.set_fact:
+    services: []
+
 - name: Install Operating System Components
   ansible.builtin.include_tasks: os.yml
   when: rhel

diff --git a/roles/tpa_single_node/tasks/v11y/walker.yml b/roles/tpa_single_node/tasks/v11y/walker.yml
@@ -1,6 +1,6 @@
 ---
 - name: Deploy v11y walker Pod
-  ansible.builtin.include_tasks: install_manifest_cronjob.yml
+  ansible.builtin.include_tasks: install_manifest.yml
   when: not tpa_single_node_v11y_walker_suspended
   vars:
     podman_spec:

diff --git a/roles/tpa_single_node/tasks/vexination/walker.yml b/roles/tpa_single_node/tasks/vexination/walker.yml
@@ -1,6 +1,6 @@
 ---
 - name: Deploy vexination walker Pod
-  ansible.builtin.include_tasks: install_manifest_cronjob.yml
+  ansible.builtin.include_tasks: install_manifest.yml
   when: not tpa_single_node_vexination_walker_suspended
   vars:
     podman_spec:

diff --git a/roles/tpa_single_node/templates/systemd/timer.j2 b/roles/tpa_single_node/templates/systemd/timer.j2
@@ -13,4 +13,4 @@ Persistent=true
 {% endif %} 
 
 [Install]
-WantedBy=timers.target
+WantedBy=timers.target
diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml
@@ -10,15 +10,15 @@ tpa_single_node_systemd_directory: /etc/systemd/system
 tpa_single_node_default_empty: ""
 
 # DB_SERVICE
-tpa_single_node_pg_install_enabled: true
+tpa_single_node_pg_install_enabled: false
 tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST') | default('192.168.121.60', true) }}"
 tpa_single_node_pg_port: 5432
 tpa_single_node_pg_db: guac
 tpa_single_node_pg_admin: "{{ lookup('env', 'TPA_PG_ADMIN') }}"
 tpa_single_node_pg_admin_passwd: "{{ lookup('env', 'TPA_PG_ADMIN_PASSWORD') }}"
 tpa_single_node_pg_user: "{{ lookup('env', 'TPA_PG_USER') }}"
 tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_USER_PASSWORD') }}"
-tpa_single_node_pg_ssl_mode: disable
+tpa_single_node_pg_ssl_mode: require
 
 # Storage Service
 tpa_single_node_storage_access_key: "{{ lookup('env', 'TPA_STORAGE_ACCESS_KEY') }}" # S3/minio root username