Initial rip from ansible-community#69, will work on adding Podman Qua…

…dlets now

.zuul.d/jobs.yaml

@@ -98,6 +98,16 @@
       authentication enabled.
     run: tests/with_client_cert.yaml
 
+- job:
+    name: ara-role-api-podman
+    parent: ara-role-integration-base
+    nodeset: ara-multinode
+    description: |
+      Desploys the ARA API server on Fedora 39 as well as CentOS Stream 8/9
+      in a Podman container and tests it using the default sqlite database backend.
+    run: tests/with_podman.yaml
+    ansible_version: '9'
+
 # TODO: The job should build a package from current source and test that package
 # instead of the package in the stable distribution.
 - job:

.zuul.d/project.yaml

@@ -7,6 +7,7 @@
         - ara-role-api-postgresql
         - ara-role-api-gunicorn-nginx
         - ara-role-api-gunicorn-nginx-client-cert
+        - ara-role-api-podman
         - ara-role-api-fedora-packages:
             voting: false
     gate:
@@ -16,3 +17,4 @@
         - ara-role-api-postgresql
         - ara-role-api-gunicorn-nginx
         - ara-role-api-gunicorn-nginx-client-cert
+        - ara-role-api-podman

roles/ara_api/defaults/main.yaml

@@ -43,12 +43,16 @@ ara_api_venv_path: "{{ ara_api_root_dir }}/virtualenv"
 # - source [default]: installs from a local or remote git repository
 # - distribution: installs from distribution packages, if available
 # - pypi : installs from pypi
+# - podman : installs as a podman container
 ara_api_install_method: source
 
 # When installing from source, the URL or filesystem path where the git source
 # repository can be cloned from.
 ara_api_source: "https://github.com/ansible-community/ara"
 
+# Image to pull from the container registry when running with Podman
+ara_api_image: 'quay.io/recordsansible/ara-api'
+
 # When installing from source, location where the source repository will be checked out to.
 ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara"
 
@@ -57,7 +61,7 @@ ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara"
 # When installing from PyPi, it would be a version number that has been released.
 # When using "latest" as the source version, HEAD will be used
 # When using "latest" as the pypi version, the latest release will be used
-ara_api_version: master
+ara_api_version: latest
 
 # The frontend/web server for serving the ARA API
 # It is recommended to specify a web server when deploying a production environment.

roles/ara_api/tasks/config.yaml

@@ -40,19 +40,16 @@
         ara_api_secret_key: "{{ config[ara_api_env]['SECRET_KEY'] }}"
       no_log: "{{ ara_api_secure_logging }}"
 
-# If no secret key has been provided and this is the first time we are
-# running, generate a new random secret key that will be persisted in the
+# If no secret key has been provided or it is the not present in the current
+# configuration, generate a new random secret key that will be persisted in the
 # configuration file.
 - when:
-    - ara_api_secret_key is none
-    - not settings_stat.stat.exists
+    - ara_api_secret_key is none or ara_api_secret_key == ''
   block:
     - name: Generate a random secret key
-      environment:
-        PATH: "{{ path_with_virtualenv }}"
-      command: "{{ ara_api_python_command }} -c 'from django.utils.crypto import get_random_string; print(get_random_string(length=50))'"
-      no_log: "{{ ara_api_secure_logging }}"
-      register: generated_key
+      shell: |
+        set -o pipefail
+        tr -dc A-Za-z0-9 </dev/urandom | head -c 50 ; echo ''
 
     - name: Set ara_api_secret_key
       set_fact:

roles/ara_api/tasks/install/podman.yaml

@@ -0,0 +1,27 @@
+---
+- name: Detecting existing PyPI installation
+  ansible.builtin.stat:
+    path: "{{ ara_api_venv_path }}"
+  register: existing_pypi_install
+
+- name: Notify about existing PyPI installation
+  ansible.builtin.debug:
+    msg: |
+      You seem to have ARA-API installed via PyPI in the past, you might
+      want to clean up that installation and migrate your data
+  when: existing_pypi_install['stat']['exists']
+
+- name: Override file locations with path in container
+  ansible.builtin.set_fact:
+    ara_api_database_name: "/opt/ara/ansible.sqlite"
+    ara_api_log_dir: "/opt/ara/logs"
+    ara_api_settings: "{{ ara_api_root_dir }}/settings.yaml"
+
+# TODO: Insert podman quadlet magic here
+
+- name: Ensure service
+  ansible.builtin.systemd:
+    name: ara-api.service
+    state: started
+    enabled: true
+    daemon_reload: true

roles/ara_api/tasks/main.yaml

@@ -34,10 +34,13 @@
 
 - name: Include configuration of the database engine
   include_tasks: "database_engine/{{ ara_api_database_engine }}.yaml"
+  when: ara_api_install_method != 'podman'
 
 - name: Include installation of the WSGI backend server
   include_tasks: "wsgi_server/{{ ara_api_wsgi_server }}.yaml"
-  when: ara_api_wsgi_server is not none
+  when:
+    - ara_api_wsgi_server is not none
+    - ara_api_install_method != 'podman'
 
 - name: Include installation of the frontend server
   include_role:

tests/with_podman.yaml

@@ -0,0 +1,31 @@
+---
+# Copyright (c) 2020 The ARA Records Ansible authors
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Deploy and test ARA API with podman
+  hosts: ara-api-server
+  gather_facts: yes
+  vars:
+    ara_api_install_method: podman
+    ara_api_version: latest
+    ara_api_root_dir: "{{ ansible_user_dir }}/.ara-tests"
+    ara_api_secret_key: testing
+    ara_api_debug: true
+    ara_api_log_level: DEBUG
+    # Configure cleanup crons to exercise the code path during tests
+    ara_api_configure_cron: true
+  tasks:
+    - name: Install podman
+      become: yes
+      package:
+        name: podman
+        state: present
+
+    - name: Set up the API with the ara_api Ansible role
+      include_role:
+        name: ara_api
+        public: yes
+
+    # These are tasks rather than a standalone playbook to give us an easy
+    # access to all the variables within the same play.
+    - include_tasks: test_tasks.yaml