diff --git a/roles/tpa_single_node/defaults/main.yml b/roles/tpa_single_node/defaults/main.yml index 207074a8..2580150d 100644 --- a/roles/tpa_single_node/defaults/main.yml +++ b/roles/tpa_single_node/defaults/main.yml @@ -1,10 +1,10 @@ --- # Storage Service -tpa_single_node_storage_type: s3 # Either s3 or minio or other s3 compatible +tpa_single_node_storage_type: minio # Either s3 or minio or other s3 compatible tpa_single_node_storage_region: eu-west-1 # # For Minio just keep eu-west-1 # SQS_SERVICE -tpa_single_node_event_bus_type: sqs # Either kafka or sqs +tpa_single_node_event_bus_type: kafka # Either kafka or sqs ### AWS SQS fields tpa_single_node_sqs_region: eu-west-1 # AWS SQS Region # SSO_SERVICE -tpa_single_node_oidc_type: cognito # Either Keycloak or AWS Cognito +tpa_single_node_oidc_type: keycloak # Either Keycloak or AWS Cognito diff --git a/roles/tpa_single_node/handlers/main.yml b/roles/tpa_single_node/handlers/main.yml index ed97d539..b4eb36df 100644 --- a/roles/tpa_single_node/handlers/main.yml +++ b/roles/tpa_single_node/handlers/main.yml @@ -1 +1,5 @@ --- +- name: Reload services + ansible.builtin.systemd_service: + name: "{{ item }}" + loop: "{{ services }}" diff --git a/roles/tpa_single_node/tasks/bombastic/walker.yml b/roles/tpa_single_node/tasks/bombastic/walker.yml index 1009cc24..f5137ad7 100644 --- a/roles/tpa_single_node/tasks/bombastic/walker.yml +++ b/roles/tpa_single_node/tasks/bombastic/walker.yml @@ -1,6 +1,6 @@ --- - name: Deploy bombastic walker Pod - ansible.builtin.include_tasks: install_manifest_cronjob.yml + ansible.builtin.include_tasks: install_manifest.yml when: not tpa_single_node_bombastic_walker_suspended vars: podman_spec: @@ -12,4 +12,4 @@ pattern: 1h # *:0/10 for realtime instead of monotonic kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/bombastic/walker/Deployment.yaml.j2') | from_yaml }}" configmaps: - - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" \ No newline at end of file + - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/install_manifest.yml b/roles/tpa_single_node/tasks/install_manifest.yml index fa770273..1c0992ec 100644 --- a/roles/tpa_single_node/tasks/install_manifest.yml +++ b/roles/tpa_single_node/tasks/install_manifest.yml @@ -1,7 +1,4 @@ --- -# NOTE: determining when the service will restart with `when: ...` is not ideal, however -# we would need a dynamic handler otherwise and these are a bit fragile. - - name: Set location of Podman Play Manifest ansible.builtin.set_fact: kube_play_file: >- @@ -22,11 +19,16 @@ mode: "0600" register: copy_systemd_file -- name: Restart Podman Service - ansible.builtin.systemd: - state: restarted - enabled: true - daemon_reload: true - name: "{{ podman_spec.systemd_file }}" - no_block: true - when: copy_manifest.changed or copy_systemd_file.changed +- name: Add systemd timer for {{ podman_spec.systemd_file }} + when: podman_spec.timer is defined + ansible.builtin.template: + src: systemd/timer.j2 + dest: "{{ tpa_single_node_systemd_directory + '/' + podman_spec.systemd_file }}.timer" + mode: "0600" + register: copy_systemd_timer_file + +- name: Add {{ podman_spec.systemd_file }} to services list + ansible.builtin.set_fact: + services: "{{ services + [ podman_spec.systemd_file ] }}" + changed_when: true + notify: Reload services diff --git a/roles/tpa_single_node/tasks/install_manifest_cronjob.yml b/roles/tpa_single_node/tasks/install_manifest_cronjob.yml deleted file mode 100644 index e71d575d..00000000 --- a/roles/tpa_single_node/tasks/install_manifest_cronjob.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: Set location of Podman Play Manifest - ansible.builtin.set_fact: - kube_play_file: >- - {{ tpa_single_node_kube_manifest_dir + '/Deployments/' + podman_spec.kube_file_content.metadata.namespace + '_' - + podman_spec.kube_file_content.metadata.name + '.yaml' }} - -- name: Copy Manifest to Server - ansible.builtin.copy: - content: "{{ podman_spec.kube_file_content | to_nice_yaml(indent=2) }}" - dest: "{{ kube_play_file }}" - mode: "0600" - register: copy_manifest - -- name: Copy Systemd file to Server - ansible.builtin.template: - src: systemd/systemd-cronjob.j2 - dest: "{{ tpa_single_node_systemd_directory + '/' + podman_spec.systemd_file }}.service" - mode: "0600" - register: copy_systemd_file - -- name: Add systemd timer for {{ podman_spec.systemd_file }} - when: podman_spec.timer is defined - ansible.builtin.template: - src: systemd/timer.j2 - dest: "{{ tpa_single_node_systemd_directory + '/' + podman_spec.systemd_file }}.timer" - mode: "0600" - register: copy_systemd_timer_file - -- name: Restart Podman Service - ansible.builtin.systemd: - state: started - enabled: true - daemon_reload: false - name: "{{ podman_spec.systemd_file }}" - no_block: true - when: copy_manifest.changed or copy_systemd_file.changed - -- name: Restart Timer Podman Service - ansible.builtin.systemd: - state: started - enabled: true - daemon_reload: false - name: "{{ podman_spec.systemd_file }}.timer" - no_block: true - when: copy_manifest.changed or copy_systemd_timer_file.changed diff --git a/roles/tpa_single_node/tasks/main.yml b/roles/tpa_single_node/tasks/main.yml index 83c3080c..6779d749 100644 --- a/roles/tpa_single_node/tasks/main.yml +++ b/roles/tpa_single_node/tasks/main.yml @@ -15,6 +15,10 @@ - ansible_facts['distribution_major_version'] == '9' - (ansible_facts['distribution_version'] | split('.'))[1] | int >= 3 +- name: Create Services list + ansible.builtin.set_fact: + services: [] + - name: Install Operating System Components ansible.builtin.include_tasks: os.yml when: rhel diff --git a/roles/tpa_single_node/tasks/v11y/walker.yml b/roles/tpa_single_node/tasks/v11y/walker.yml index 816bad48..0c999630 100644 --- a/roles/tpa_single_node/tasks/v11y/walker.yml +++ b/roles/tpa_single_node/tasks/v11y/walker.yml @@ -1,6 +1,6 @@ --- - name: Deploy v11y walker Pod - ansible.builtin.include_tasks: install_manifest_cronjob.yml + ansible.builtin.include_tasks: install_manifest.yml when: not tpa_single_node_v11y_walker_suspended vars: podman_spec: diff --git a/roles/tpa_single_node/tasks/vexination/walker.yml b/roles/tpa_single_node/tasks/vexination/walker.yml index a0cc90cf..0bde2278 100644 --- a/roles/tpa_single_node/tasks/vexination/walker.yml +++ b/roles/tpa_single_node/tasks/vexination/walker.yml @@ -1,6 +1,6 @@ --- - name: Deploy vexination walker Pod - ansible.builtin.include_tasks: install_manifest_cronjob.yml + ansible.builtin.include_tasks: install_manifest.yml when: not tpa_single_node_vexination_walker_suspended vars: podman_spec: diff --git a/roles/tpa_single_node/templates/systemd/timer.j2 b/roles/tpa_single_node/templates/systemd/timer.j2 index 618d36e4..3b77709c 100644 --- a/roles/tpa_single_node/templates/systemd/timer.j2 +++ b/roles/tpa_single_node/templates/systemd/timer.j2 @@ -13,4 +13,4 @@ Persistent=true {% endif %} [Install] -WantedBy=timers.target \ No newline at end of file +WantedBy=timers.target diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml index 3961ff4b..eb0dd881 100644 --- a/roles/tpa_single_node/vars/main.yml +++ b/roles/tpa_single_node/vars/main.yml @@ -10,7 +10,7 @@ tpa_single_node_systemd_directory: /etc/systemd/system tpa_single_node_default_empty: "" # DB_SERVICE -tpa_single_node_pg_install_enabled: true +tpa_single_node_pg_install_enabled: false tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST') | default('192.168.121.60', true) }}" tpa_single_node_pg_port: 5432 tpa_single_node_pg_db: guac @@ -18,7 +18,7 @@ tpa_single_node_pg_admin: "{{ lookup('env', 'TPA_PG_ADMIN') }}" tpa_single_node_pg_admin_passwd: "{{ lookup('env', 'TPA_PG_ADMIN_PASSWORD') }}" tpa_single_node_pg_user: "{{ lookup('env', 'TPA_PG_USER') }}" tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_USER_PASSWORD') }}" -tpa_single_node_pg_ssl_mode: disable +tpa_single_node_pg_ssl_mode: require # Storage Service tpa_single_node_storage_access_key: "{{ lookup('env', 'TPA_STORAGE_ACCESS_KEY') }}" # S3/minio root username