From c3f4d25c137c8460f3f1ec634882489fe714355e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Massimiliano=20Dess=C3=AC=20-=20=28Fast=20Chauffeur=29?= Date: Tue, 29 Oct 2024 12:47:19 +0100 Subject: [PATCH 1/3] Ansible ignore file (#116) Signed-off-by: desmax74 --- .ansible-lint-ignore | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .ansible-lint-ignore diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore new file mode 100644 index 0000000..562adbc --- /dev/null +++ b/.ansible-lint-ignore @@ -0,0 +1,8 @@ +# This file contains ignores rule violations for ansible-lint +roles/tpa_single_node/tasks/infra/component_auth.yml name[template] +roles/tpa_single_node/templates/branding/CND-AppSpeed-Keyart-2_at_2x.png load-failure[unicodedecodeerror] +roles/tpa_single_node/templates/branding/android-chrome-192x192.png load-failure[unicodedecodeerror] +roles/tpa_single_node/templates/branding/apple-touch-icon.png load-failure[unicodedecodeerror] +roles/tpa_single_node/templates/branding/favicon-16x16.png load-failure[unicodedecodeerror] +roles/tpa_single_node/templates/branding/favicon-32x32.png load-failure[unicodedecodeerror] +roles/tpa_single_node/templates/branding/favicon.ico load-failure[unicodedecodeerror] From 53e171076ec8a45c3d8d35b2af8446cf630aa6af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Massimiliano=20Dess=C3=AC=20-=20=28Fast=20Chauffeur=29?= Date: Mon, 4 Nov 2024 13:28:00 +0100 Subject: [PATCH 2/3] Images update (#118) Signed-off-by: desmax74 --- play.yml | 4 ++-- roles/tpa_single_node/README.md | 4 ++-- roles/tpa_single_node/meta/argument_specs.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/play.yml b/play.yml index 2535dc4..43820da 100644 --- a/play.yml +++ b/play.yml @@ -2,8 +2,8 @@ hosts: trustification vars: # V1.2.0 - tpa_single_node_trustification_image: quay.io/redhat-user-workloads/trusted-content-tenant/trustification-1-2-z/trustification-product-1-2-z:4fd0c6b401b4b4a553eb2ae9897c1cc66d788391 # noqa yaml[line-length] - tpa_single_node_guac_image: quay.io/redhat-user-workloads/trusted-content-tenant/guac-0-7-x/guac:44ca3c7bc0bce6137acae0e7b5025d41ead11af7 + tpa_single_node_trustification_image: registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:16bc624b40f2863c9e69e8cdd4d557eb0d200eaf # noqa yaml[line-length] + tpa_single_node_guac_image: registry.redhat.io/rhtpa/rhtpa-guac-rhel9:65220008e46d9def5314d56a351e45f918aa68d1 vars_files: - vars/main.yml tasks: diff --git a/roles/tpa_single_node/README.md b/roles/tpa_single_node/README.md index 9e917eb..cd8662d 100644 --- a/roles/tpa_single_node/README.md +++ b/roles/tpa_single_node/README.md @@ -26,8 +26,8 @@ Deploy the [RHTPA](https://docs.redhat.com/en/documentation/red_hat_trusted_prof ### Optional |Option|Description|Type|Default| |---|---|---|---| -| tpa_single_node_trustification_image | Trustification image. | str | `registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:2943d20c8ac831f4ae4f209c8ca6807619404062` | -| tpa_single_node_guac_image | Guac image. | str | `registry.redhat.io/rhtpa/rhtpa-guac-rhel9:f0688194637cc759052e02c350c38dbabc19484e` | +| tpa_single_node_trustification_image | Trustification image. | str | `registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:16bc624b40f2863c9e69e8cdd4d557eb0d200eaf` | +| tpa_single_node_guac_image | Guac image. | str | `registry.redhat.io/rhtpa/rhtpa-guac-rhel9:65220008e46d9def5314d56a351e45f918aa68d1` | | tpa_single_node_base_hostname | The user name logging in to the registry to pull images. | str | `trustification` | | tpa_single_node_rhel_host | Ip of the instance. | str | | | tpa_single_node_certificates_dir | Folder where to place the certificates to deploy on the instance. | str | `certs` | diff --git a/roles/tpa_single_node/meta/argument_specs.yml b/roles/tpa_single_node/meta/argument_specs.yml index d87797e..5feb622 100644 --- a/roles/tpa_single_node/meta/argument_specs.yml +++ b/roles/tpa_single_node/meta/argument_specs.yml @@ -10,12 +10,12 @@ argument_specs: description: "Trustification image." type: "str" version_added: "0.2.0" - default: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:2943d20c8ac831f4ae4f209c8ca6807619404062" + default: "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:16bc624b40f2863c9e69e8cdd4d557eb0d200eaf" tpa_single_node_guac_image: description: "Guac image." type: "str" version_added: "0.2.0" - default: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9:f0688194637cc759052e02c350c38dbabc19484e" + default: "registry.redhat.io/rhtpa/rhtpa-guac-rhel9:65220008e46d9def5314d56a351e45f918aa68d1" tpa_single_node_base_hostname: description: "The user name logging in to the registry to pull images." type: "str" From a97c37c6154bfee2f40566fceaca4f6e0a766a65 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Tue, 17 Sep 2024 11:09:12 +0200 Subject: [PATCH 3/3] Use Quadlet --- roles/tpa_single_node/tasks/bombastic/api.yml | 11 ++--- .../tasks/bombastic/indexer.yml | 11 ++--- .../tasks/bombastic/walker.yml | 14 +++--- roles/tpa_single_node/tasks/collector/osv.yml | 11 ++--- .../tasks/collectorist/api.yml | 11 ++--- roles/tpa_single_node/tasks/dataset/init.yml | 11 ++--- .../tasks/guac/bombastic_collector.yml | 11 ++--- .../tasks/guac/guac_collectsub.yml | 11 ++--- .../tasks/guac/guac_graphql.yml | 11 ++--- .../tasks/guac/vexination_collector.yml | 11 ++--- .../tasks/install_manifest.yml | 32 ------------- .../tasks/install_manifest_cronjob.yml | 45 ------------------- .../tpa_single_node/tasks/install_service.yml | 30 +++++++++++++ roles/tpa_single_node/tasks/spog/api.yml | 11 ++--- roles/tpa_single_node/tasks/spog/nginx.yml | 11 ++--- roles/tpa_single_node/tasks/spog/ui.yml | 11 ++--- roles/tpa_single_node/tasks/v11y/api.yml | 11 ++--- roles/tpa_single_node/tasks/v11y/indexer.yml | 11 ++--- roles/tpa_single_node/tasks/v11y/walker.yml | 14 +++--- .../tpa_single_node/tasks/vexination/api.yml | 11 ++--- .../tasks/vexination/indexer.yml | 11 ++--- .../tasks/vexination/walker.yml | 14 +++--- .../manifests/guac/graphql/Deployment.kube | 13 ++++++ .../templates/systemd/default.kube.j2 | 24 ++++++++++ .../templates/systemd/systemd-cronjob.j2 | 21 --------- .../systemd/systemd-timer-monotonic.j2 | 10 ----- .../systemd/systemd-timer-realtime.j2 | 10 ----- .../templates/systemd/systemd.j2 | 23 ---------- .../templates/systemd/timer.j2 | 16 +++++++ 29 files changed, 203 insertions(+), 239 deletions(-) delete mode 100644 roles/tpa_single_node/tasks/install_manifest.yml delete mode 100644 roles/tpa_single_node/tasks/install_manifest_cronjob.yml create mode 100644 roles/tpa_single_node/tasks/install_service.yml create mode 100644 roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.kube create mode 100644 roles/tpa_single_node/templates/systemd/default.kube.j2 delete mode 100644 roles/tpa_single_node/templates/systemd/systemd-cronjob.j2 delete mode 100644 roles/tpa_single_node/templates/systemd/systemd-timer-monotonic.j2 delete mode 100644 roles/tpa_single_node/templates/systemd/systemd-timer-realtime.j2 delete mode 100644 roles/tpa_single_node/templates/systemd/systemd.j2 create mode 100644 roles/tpa_single_node/templates/systemd/timer.j2 diff --git a/roles/tpa_single_node/tasks/bombastic/api.yml b/roles/tpa_single_node/tasks/bombastic/api.yml index dec09ec..7b9f0be 100644 --- a/roles/tpa_single_node/tasks/bombastic/api.yml +++ b/roles/tpa_single_node/tasks/bombastic/api.yml @@ -7,13 +7,14 @@ type: "api" - name: Deploy bombastic-api - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: bombastic-api + specs: + service: bombastic-api + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/bombastic/api/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/bombastic/api/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/bombastic-api.yaml" - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/bombastic/indexer.yml b/roles/tpa_single_node/tasks/bombastic/indexer.yml index c5fc4f5..ec53872 100644 --- a/roles/tpa_single_node/tasks/bombastic/indexer.yml +++ b/roles/tpa_single_node/tasks/bombastic/indexer.yml @@ -1,10 +1,11 @@ - name: Deploy bombastic-indexer - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: bombastic-indexer + specs: + service: bombastic-indexer + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/bombastic/indexer/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/bombastic/indexer/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/bombastic/walker.yml b/roles/tpa_single_node/tasks/bombastic/walker.yml index 251a115..a7dcf58 100644 --- a/roles/tpa_single_node/tasks/bombastic/walker.yml +++ b/roles/tpa_single_node/tasks/bombastic/walker.yml @@ -1,14 +1,16 @@ --- - name: Deploy bombastic walker Pod - ansible.builtin.include_tasks: install_manifest_cronjob.yml + ansible.builtin.include_tasks: install_service.yml when: not tpa_single_node_bombastic_walker_suspended vars: - podman_spec: + specs: + service: bombastic-walker state: stopped - systemd_file: bombastic-walker network: "{{ tpa_single_node_podman_network }}" - timer_type: monotonic # realtime - time_pattern: 1h # *:0/10 for realtime instead of monotonic - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/bombastic/walker/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/bombastic/walker/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" + timer: + type: monotonic # realtime + pattern: 1h # *:0/10 for realtime instead of monotonic diff --git a/roles/tpa_single_node/tasks/collector/osv.yml b/roles/tpa_single_node/tasks/collector/osv.yml index 42bb5dd..b0520ca 100644 --- a/roles/tpa_single_node/tasks/collector/osv.yml +++ b/roles/tpa_single_node/tasks/collector/osv.yml @@ -14,13 +14,14 @@ type: "osv" - name: Deploy collector-osv - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: collector-osv + specs: + service: collector-osv + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/collector/osv/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/collector/osv/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/collector-osv.yaml" - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/collectorist-api-guac.yaml" diff --git a/roles/tpa_single_node/tasks/collectorist/api.yml b/roles/tpa_single_node/tasks/collectorist/api.yml index dd8e19b..a3fe6db 100644 --- a/roles/tpa_single_node/tasks/collectorist/api.yml +++ b/roles/tpa_single_node/tasks/collectorist/api.yml @@ -25,13 +25,14 @@ changed_when: false - name: Deploy collectorist-api - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: collectorist-api + specs: + service: collectorist-api + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/collectorist/api/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/collectorist/api/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/collectorist-api.yaml" - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/collectorist-api-guac.yaml" diff --git a/roles/tpa_single_node/tasks/dataset/init.yml b/roles/tpa_single_node/tasks/dataset/init.yml index 3d7633a..6de130f 100644 --- a/roles/tpa_single_node/tasks/dataset/init.yml +++ b/roles/tpa_single_node/tasks/dataset/init.yml @@ -1,11 +1,12 @@ --- - name: Deploy init-dataset Pod - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: stopped - systemd_file: init-dataset + specs: + service: init-dataset + state: started network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/init/dataset/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/init/dataset/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/guac/bombastic_collector.yml b/roles/tpa_single_node/tasks/guac/bombastic_collector.yml index 326b1ec..c452d02 100644 --- a/roles/tpa_single_node/tasks/guac/bombastic_collector.yml +++ b/roles/tpa_single_node/tasks/guac/bombastic_collector.yml @@ -1,11 +1,12 @@ --- - name: Deploy Guac bombastic collector - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: guac-collector-bombastic + specs: + service: guac-collector-bombastic + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/guac/bombastic-collector/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/guac/bombastic-collector/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/guac/guac_collectsub.yml b/roles/tpa_single_node/tasks/guac/guac_collectsub.yml index bb99fc0..acb3fe2 100644 --- a/roles/tpa_single_node/tasks/guac/guac_collectsub.yml +++ b/roles/tpa_single_node/tasks/guac/guac_collectsub.yml @@ -1,11 +1,12 @@ --- - name: Deploy guac-collectsub Pod - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: guac-collectsub + specs: + service: guac-collectsub + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/guac/collectsub/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/guac/collectsub/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/guac/guac_graphql.yml b/roles/tpa_single_node/tasks/guac/guac_graphql.yml index ffe9bf5..01903c4 100644 --- a/roles/tpa_single_node/tasks/guac/guac_graphql.yml +++ b/roles/tpa_single_node/tasks/guac/guac_graphql.yml @@ -1,11 +1,12 @@ --- - name: Deploy guac-graphql Pod - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: guac-graphql - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/guac/graphql/Deployment.yaml.j2') | from_yaml }}" + specs: + service: guac-graphql + state: restarted network: "{{ tpa_single_node_podman_network }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/guac/graphql/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/guac/vexination_collector.yml b/roles/tpa_single_node/tasks/guac/vexination_collector.yml index 4a86843..b7e8457 100644 --- a/roles/tpa_single_node/tasks/guac/vexination_collector.yml +++ b/roles/tpa_single_node/tasks/guac/vexination_collector.yml @@ -1,11 +1,12 @@ --- - name: Deploy Guac vexination collector - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: guac-collector-vexination + specs: + service: guac-collector-vexination + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/guac/vexination-collector/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/guac/vexination-collector/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/install_manifest.yml b/roles/tpa_single_node/tasks/install_manifest.yml deleted file mode 100644 index fa77027..0000000 --- a/roles/tpa_single_node/tasks/install_manifest.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# NOTE: determining when the service will restart with `when: ...` is not ideal, however -# we would need a dynamic handler otherwise and these are a bit fragile. - -- name: Set location of Podman Play Manifest - ansible.builtin.set_fact: - kube_play_file: >- - {{ tpa_single_node_kube_manifest_dir + '/Deployments/' + podman_spec.kube_file_content.metadata.namespace + '_' - + podman_spec.kube_file_content.metadata.name + '.yaml' }} - -- name: Copy Manifest to Server - ansible.builtin.copy: - content: "{{ podman_spec.kube_file_content | to_nice_yaml(indent=2) }}" - dest: "{{ kube_play_file }}" - mode: "0600" - register: copy_manifest - -- name: Copy Systemd with configmap file(s) to Server - ansible.builtin.template: - src: systemd/systemd.j2 - dest: "{{ tpa_single_node_systemd_directory + '/' + podman_spec.systemd_file }}.service" - mode: "0600" - register: copy_systemd_file - -- name: Restart Podman Service - ansible.builtin.systemd: - state: restarted - enabled: true - daemon_reload: true - name: "{{ podman_spec.systemd_file }}" - no_block: true - when: copy_manifest.changed or copy_systemd_file.changed diff --git a/roles/tpa_single_node/tasks/install_manifest_cronjob.yml b/roles/tpa_single_node/tasks/install_manifest_cronjob.yml deleted file mode 100644 index f16c12f..0000000 --- a/roles/tpa_single_node/tasks/install_manifest_cronjob.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: Set location of Podman Play Manifest - ansible.builtin.set_fact: - kube_play_file: >- - {{ tpa_single_node_kube_manifest_dir + '/Deployments/' + podman_spec.kube_file_content.metadata.namespace + '_' - + podman_spec.kube_file_content.metadata.name + '.yaml' }} - -- name: Copy Manifest to Server - ansible.builtin.copy: - content: "{{ podman_spec.kube_file_content | to_nice_yaml(indent=2) }}" - dest: "{{ kube_play_file }}" - mode: "0600" - register: copy_manifest - -- name: Copy Systemd file to Server - ansible.builtin.template: - src: systemd/systemd-cronjob.j2 - dest: "{{ tpa_single_node_systemd_directory + '/' + podman_spec.systemd_file }}.service" - mode: "0600" - register: copy_systemd_file - -- name: Copy Systemd file timer to Server - ansible.builtin.template: - src: systemd/systemd-timer-{{ podman_spec.timer_type }}.j2 - dest: "{{ tpa_single_node_systemd_directory + '/' + podman_spec.systemd_file }}.timer" - mode: "0600" - register: copy_systemd_timer_file - -- name: Restart Podman Service - ansible.builtin.systemd: - state: started - enabled: true - daemon_reload: false - name: "{{ podman_spec.systemd_file }}" - no_block: true - when: copy_manifest.changed or copy_systemd_file.changed - -- name: Restart Timer Podman Service - ansible.builtin.systemd: - state: started - enabled: true - daemon_reload: false - name: "{{ podman_spec.systemd_file }}.timer" - no_block: true - when: copy_manifest.changed or copy_systemd_timer_file.changed diff --git a/roles/tpa_single_node/tasks/install_service.yml b/roles/tpa_single_node/tasks/install_service.yml new file mode 100644 index 0000000..415d1c2 --- /dev/null +++ b/roles/tpa_single_node/tasks/install_service.yml @@ -0,0 +1,30 @@ +- name: Generate {{ specs.service }} deployment manifest + ansible.builtin.template: + src: "{{ specs.manifest_file }}" + dest: "{{ tpa_single_node_kube_manifest_dir }}/Deployments/{{ specs.service }}.yaml" + mode: "0600" + register: copy_manifest + +- name: Generate {{ specs.service }} Quadlet file + ansible.builtin.template: + src: "{{ specs.kube_file }}" + dest: "/etc/containers/systemd/{{ specs.service }}.kube" + mode: "0600" + register: copy_systemd_file + +- name: Add systemd timer for {{ specs.service }} + when: specs.timer is defined + ansible.builtin.template: + src: systemd/timer.j2 + dest: "{{ tpa_single_node_systemd_directory + '/' + specs.service }}.timer" + mode: "0600" + register: copy_systemd_timer_file + +- name: Restart Podman Service for {{ specs.service }} + ansible.builtin.systemd: + state: "{{ specs.state }}" + enabled: true + daemon_reload: true + name: "{{ specs.service }}" + no_block: true + when: copy_manifest.changed or copy_systemd_file.changed or copy_systemd_timer_file.changed diff --git a/roles/tpa_single_node/tasks/spog/api.yml b/roles/tpa_single_node/tasks/spog/api.yml index 333a90f..e4b29d7 100644 --- a/roles/tpa_single_node/tasks/spog/api.yml +++ b/roles/tpa_single_node/tasks/spog/api.yml @@ -30,13 +30,14 @@ changed_when: false - name: Deploy spog-api - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: spog-api + specs: + service: spog-api + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/spog/api/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/spog/api/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/spog-api.yaml" - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/spog-ui-config.yaml" diff --git a/roles/tpa_single_node/tasks/spog/nginx.yml b/roles/tpa_single_node/tasks/spog/nginx.yml index 3bcd558..52e658e 100644 --- a/roles/tpa_single_node/tasks/spog/nginx.yml +++ b/roles/tpa_single_node/tasks/spog/nginx.yml @@ -20,12 +20,13 @@ mode: "0600" - name: Deploy nginx reverse proxy - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: nginx + specs: + service: nginx + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/nginx/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/nginx/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/nginx.yaml" diff --git a/roles/tpa_single_node/tasks/spog/ui.yml b/roles/tpa_single_node/tasks/spog/ui.yml index 37cde91..1e3a69b 100644 --- a/roles/tpa_single_node/tasks/spog/ui.yml +++ b/roles/tpa_single_node/tasks/spog/ui.yml @@ -26,13 +26,14 @@ register: spog_ui_branding_configmap_checksum - name: Deploy spog-ui - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: spog-ui + specs: + service: spog-ui + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/spog/ui/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/spog/ui/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/spog-ui-backend.yaml" - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/spog-ui-branding.yaml" diff --git a/roles/tpa_single_node/tasks/v11y/api.yml b/roles/tpa_single_node/tasks/v11y/api.yml index c13f641..f0360d8 100644 --- a/roles/tpa_single_node/tasks/v11y/api.yml +++ b/roles/tpa_single_node/tasks/v11y/api.yml @@ -7,13 +7,14 @@ type: "api" - name: Deploy v11y-api - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: v11y-api + specs: + service: v11y-api + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/api/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/v11y/api/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/v11y-api.yaml" - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/v11y/indexer.yml b/roles/tpa_single_node/tasks/v11y/indexer.yml index a7ceafe..ed4da6f 100644 --- a/roles/tpa_single_node/tasks/v11y/indexer.yml +++ b/roles/tpa_single_node/tasks/v11y/indexer.yml @@ -1,10 +1,11 @@ - name: Deploy v11y-indexer - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: v11y-indexer + specs: + service: v11y-indexer + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/indexer/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/v11y/indexer/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/v11y/walker.yml b/roles/tpa_single_node/tasks/v11y/walker.yml index cfa61da..2ee9835 100644 --- a/roles/tpa_single_node/tasks/v11y/walker.yml +++ b/roles/tpa_single_node/tasks/v11y/walker.yml @@ -1,14 +1,16 @@ --- - name: Deploy v11y walker Pod - ansible.builtin.include_tasks: install_manifest_cronjob.yml + ansible.builtin.include_tasks: install_service.yml when: not tpa_single_node_v11y_walker_suspended vars: - podman_spec: + specs: + service: v11y-walker state: stopped - systemd_file: v11y-walker - timer_type: monotonic # realtime - time_pattern: 1h # *:0/10 for realtime instead of monotonic network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/walker/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/v11y/walker/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" + timer: + type: monotonic # realtime + pattern: 1h # *:0/10 for realtime instead of monotonic diff --git a/roles/tpa_single_node/tasks/vexination/api.yml b/roles/tpa_single_node/tasks/vexination/api.yml index 4987341..7cdd37b 100644 --- a/roles/tpa_single_node/tasks/vexination/api.yml +++ b/roles/tpa_single_node/tasks/vexination/api.yml @@ -7,13 +7,14 @@ type: "api" - name: Deploy vexination-api - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: vexination-api + specs: + service: vexination-api + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/vexination/api/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/vexination/api/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/vexination-api.yaml" - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/vexination/indexer.yml b/roles/tpa_single_node/tasks/vexination/indexer.yml index 306d307..7f461eb 100644 --- a/roles/tpa_single_node/tasks/vexination/indexer.yml +++ b/roles/tpa_single_node/tasks/vexination/indexer.yml @@ -1,10 +1,11 @@ - name: Deploy vexination-indexer - ansible.builtin.include_tasks: install_manifest.yml + ansible.builtin.include_tasks: install_service.yml vars: - podman_spec: - state: started - systemd_file: vexination-indexer + specs: + service: vexination-indexer + state: restarted network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/vexination/indexer/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/vexination/indexer/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/vexination/walker.yml b/roles/tpa_single_node/tasks/vexination/walker.yml index 26d0bc2..96810bf 100644 --- a/roles/tpa_single_node/tasks/vexination/walker.yml +++ b/roles/tpa_single_node/tasks/vexination/walker.yml @@ -1,14 +1,16 @@ --- - name: Deploy vexination walker Pod - ansible.builtin.include_tasks: install_manifest_cronjob.yml + ansible.builtin.include_tasks: install_service.yml when: not tpa_single_node_vexination_walker_suspended vars: - podman_spec: + specs: + service: vexination-walker state: stopped - systemd_file: vexination-walker - timer_type: monotonic # realtime - time_pattern: 1h # *:0/10 for realtime instead of monotonic network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/vexination/walker/Deployment.yaml.j2') | from_yaml }}" + kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" + manifest_file: "{{ role_path }}/templates/manifests/vexination/walker/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" + timer: + type: monotonic # realtime + pattern: 1h # *:0/10 for realtime instead of monotonic diff --git a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.kube b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.kube new file mode 100644 index 0000000..588be44 --- /dev/null +++ b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.kube @@ -0,0 +1,13 @@ +[Unit] +Description=Run Guac Graphql Pod + +[Kube] +Yaml=/etc/rhtpa/manifests/Guac-Graphql-Deployment.yaml + +[Service] +Restart=always +RestartSec=10 +StartLimitInterval=0 + +[Install] +WantedBy=default.target diff --git a/roles/tpa_single_node/templates/systemd/default.kube.j2 b/roles/tpa_single_node/templates/systemd/default.kube.j2 new file mode 100644 index 0000000..f942304 --- /dev/null +++ b/roles/tpa_single_node/templates/systemd/default.kube.j2 @@ -0,0 +1,24 @@ +[Install] +WantedBy=default.target + +[Unit] +Description=RHTPA {{ specs.service }} Pod +Wants=network-online.target +After=network-online.target +RequiresMountsFor=%t/containers + +[Kube] +Yaml=/etc/rhtpa/manifests/Deployments/{{ specs.service }}.yaml +Network={{ specs.network | default('podman') }} +{% if specs.configmaps is defined -%} +{% for configmap in specs.configmaps %} +ConfigMap={{ configmap | default(omit) }} +{% endfor %} +{% endif -%} + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +TimeoutStopSec=70 +TimeoutStartSec=600 +Type=notify +NotifyAccess=all diff --git a/roles/tpa_single_node/templates/systemd/systemd-cronjob.j2 b/roles/tpa_single_node/templates/systemd/systemd-cronjob.j2 deleted file mode 100644 index 2a74d0f..0000000 --- a/roles/tpa_single_node/templates/systemd/systemd-cronjob.j2 +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description="Cronjob {{ podman_spec.systemd_file}}" systemd container -Documentation=man:podman-kube-play(1) -Wants=network-online.target -After=network-online.target -RequiresMountsFor=%t/containers -Wants={{ podman_spec.systemd_file}}.timer - -[Service] -Type=notify -Environment=PODMAN_SYSTEMD_UNIT=%n -TimeoutStartSec=2400 -ExecStart=/usr/bin/podman kube play --replace --service-container=true "{{ kube_play_file }}" --network "{{ podman_spec.network | default('podman') }}" -{%- if podman_spec.configmaps is defined %} - {%- for configmap in podman_spec.configmaps %} - --configmap "{{ configmap | default(omit) }}" - {%- endfor %} -{%- endif %} - -[Install] -WantedBy=default.target diff --git a/roles/tpa_single_node/templates/systemd/systemd-timer-monotonic.j2 b/roles/tpa_single_node/templates/systemd/systemd-timer-monotonic.j2 deleted file mode 100644 index ee49ca6..0000000 --- a/roles/tpa_single_node/templates/systemd/systemd-timer-monotonic.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Run {{ podman_spec.systemd_file}}.timer - -[Timer] -Unit={{ podman_spec.systemd_file}}.service -OnBootSec=1min -OnUnitActiveSec={{ podman_spec.time_pattern }} - -[Install] -WantedBy=timers.target diff --git a/roles/tpa_single_node/templates/systemd/systemd-timer-realtime.j2 b/roles/tpa_single_node/templates/systemd/systemd-timer-realtime.j2 deleted file mode 100644 index 6d66e90..0000000 --- a/roles/tpa_single_node/templates/systemd/systemd-timer-realtime.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Run {{ podman_spec.systemd_file}}.timer - -[Timer] -Unit={{ podman_spec.systemd_file}}.service -OnCalendar={{ podman_spec.time_pattern }} -Persistent=true - -[Install] -WantedBy=timers.target diff --git a/roles/tpa_single_node/templates/systemd/systemd.j2 b/roles/tpa_single_node/templates/systemd/systemd.j2 deleted file mode 100644 index 2c259c9..0000000 --- a/roles/tpa_single_node/templates/systemd/systemd.j2 +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description="{{ podman_spec.systemd_file}}" systemd container -Documentation=man:podman-kube-play(1) -Wants=network-online.target -After=network-online.target -RequiresMountsFor=%t/containers - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -TimeoutStopSec=70 -TimeoutStartSec=600 -ExecStart=/usr/bin/podman kube play --replace --service-container=true "{{ kube_play_file }}" --network "{{ podman_spec.network | default('podman') }}" -{%- if podman_spec.configmaps is defined %} - {%- for configmap in podman_spec.configmaps %} - --configmap "{{ configmap | default(omit) }}" - {%- endfor %} -{%- endif %} -ExecStop=/usr/bin/podman kube down "{{ kube_play_file }}" -Type=notify -NotifyAccess=all - -[Install] -WantedBy=default.target diff --git a/roles/tpa_single_node/templates/systemd/timer.j2 b/roles/tpa_single_node/templates/systemd/timer.j2 new file mode 100644 index 0000000..8de63f9 --- /dev/null +++ b/roles/tpa_single_node/templates/systemd/timer.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Run {{ specs.service}}.timer + +[Timer] +Unit={{ specs.service}}.service +{% if specs.timer.type == "monotonic" -%} +OnBootSec=1min +OnUnitActiveSec={{ specs.timer.pattern }} +{% endif -%} +{% if specs.timer.type == "realtime" -%} +OnCalendar={{ specs.timer.pattern }} +Persistent=true +{% endif %} + +[Install] +WantedBy=timers.target