From 2dd2f8dac511e3719ade3b627c5ff0f7c7ef3710 Mon Sep 17 00:00:00 2001
From: Jeffrey van Pelt <jeff@vanpelt.one>
Date: Thu, 5 Dec 2024 14:23:09 +0100
Subject: [PATCH] Initial rip from #69, will work on adding Podman Quadlets now

---
 .zuul.d/jobs.yaml                       | 10 ++++++++
 .zuul.d/project.yaml                    |  2 ++
 roles/ara_api/defaults/main.yaml        |  6 ++++-
 roles/ara_api/tasks/config.yaml         | 15 +++++-------
 roles/ara_api/tasks/install/podman.yaml | 27 +++++++++++++++++++++
 roles/ara_api/tasks/main.yaml           |  5 +++-
 tests/with_podman.yaml                  | 31 +++++++++++++++++++++++++
 7 files changed, 85 insertions(+), 11 deletions(-)
 create mode 100644 roles/ara_api/tasks/install/podman.yaml
 create mode 100644 tests/with_podman.yaml

diff --git a/.zuul.d/jobs.yaml b/.zuul.d/jobs.yaml
index b3636ed..125b21a 100644
--- a/.zuul.d/jobs.yaml
+++ b/.zuul.d/jobs.yaml
@@ -98,6 +98,16 @@
       authentication enabled.
     run: tests/with_client_cert.yaml
 
+- job:
+    name: ara-role-api-podman
+    parent: ara-role-integration-base
+    nodeset: ara-multinode
+    description: |
+      Desploys the ARA API server on Fedora 39 as well as CentOS Stream 8/9
+      in a Podman container and tests it using the default sqlite database backend.
+    run: tests/with_podman.yaml
+    ansible_version: '9'
+
 # TODO: The job should build a package from current source and test that package
 # instead of the package in the stable distribution.
 - job:
diff --git a/.zuul.d/project.yaml b/.zuul.d/project.yaml
index fa39dbe..4337f0b 100644
--- a/.zuul.d/project.yaml
+++ b/.zuul.d/project.yaml
@@ -7,6 +7,7 @@
         - ara-role-api-postgresql
         - ara-role-api-gunicorn-nginx
         - ara-role-api-gunicorn-nginx-client-cert
+        - ara-role-api-podman
         - ara-role-api-fedora-packages:
             voting: false
     gate:
@@ -16,3 +17,4 @@
         - ara-role-api-postgresql
         - ara-role-api-gunicorn-nginx
         - ara-role-api-gunicorn-nginx-client-cert
+        - ara-role-api-podman
diff --git a/roles/ara_api/defaults/main.yaml b/roles/ara_api/defaults/main.yaml
index 860b5df..550b95b 100644
--- a/roles/ara_api/defaults/main.yaml
+++ b/roles/ara_api/defaults/main.yaml
@@ -43,12 +43,16 @@ ara_api_venv_path: "{{ ara_api_root_dir }}/virtualenv"
 # - source [default]: installs from a local or remote git repository
 # - distribution: installs from distribution packages, if available
 # - pypi : installs from pypi
+# - podman : installs as a podman container
 ara_api_install_method: source
 
 # When installing from source, the URL or filesystem path where the git source
 # repository can be cloned from.
 ara_api_source: "https://github.com/ansible-community/ara"
 
+# Image to pull from the container registry when running with Podman
+ara_api_image: 'quay.io/recordsansible/ara-api'
+
 # When installing from source, location where the source repository will be checked out to.
 ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara"
 
@@ -57,7 +61,7 @@ ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara"
 # When installing from PyPi, it would be a version number that has been released.
 # When using "latest" as the source version, HEAD will be used
 # When using "latest" as the pypi version, the latest release will be used
-ara_api_version: master
+ara_api_version: latest
 
 # The frontend/web server for serving the ARA API
 # It is recommended to specify a web server when deploying a production environment.
diff --git a/roles/ara_api/tasks/config.yaml b/roles/ara_api/tasks/config.yaml
index d8f1ca8..38d7995 100644
--- a/roles/ara_api/tasks/config.yaml
+++ b/roles/ara_api/tasks/config.yaml
@@ -40,19 +40,16 @@
         ara_api_secret_key: "{{ config[ara_api_env]['SECRET_KEY'] }}"
       no_log: "{{ ara_api_secure_logging }}"
 
-# If no secret key has been provided and this is the first time we are
-# running, generate a new random secret key that will be persisted in the
+# If no secret key has been provided or it is the not present in the current
+# configuration, generate a new random secret key that will be persisted in the
 # configuration file.
 - when:
-    - ara_api_secret_key is none
-    - not settings_stat.stat.exists
+    - ara_api_secret_key is none or ara_api_secret_key == ''
   block:
     - name: Generate a random secret key
-      environment:
-        PATH: "{{ path_with_virtualenv }}"
-      command: "{{ ara_api_python_command }} -c 'from django.utils.crypto import get_random_string; print(get_random_string(length=50))'"
-      no_log: "{{ ara_api_secure_logging }}"
-      register: generated_key
+      shell: |
+        set -o pipefail
+        tr -dc A-Za-z0-9 </dev/urandom | head -c 50 ; echo ''
 
     - name: Set ara_api_secret_key
       set_fact:
diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml
new file mode 100644
index 0000000..f33e21f
--- /dev/null
+++ b/roles/ara_api/tasks/install/podman.yaml
@@ -0,0 +1,27 @@
+---
+- name: Detecting existing PyPI installation
+  ansible.builtin.stat:
+    path: "{{ ara_api_venv_path }}"
+  register: existing_pypi_install
+
+- name: Notify about existing PyPI installation
+  ansible.builtin.debug:
+    msg: |
+      You seem to have ARA-API installed via PyPI in the past, you might
+      want to clean up that installation and migrate your data
+  when: existing_pypi_install['stat']['exists']
+
+- name: Override file locations with path in container
+  ansible.builtin.set_fact:
+    ara_api_database_name: "/opt/ara/ansible.sqlite"
+    ara_api_log_dir: "/opt/ara/logs"
+    ara_api_settings: "{{ ara_api_root_dir }}/settings.yaml"
+
+# TODO: Insert podman quadlet magic here
+
+- name: Ensure service
+  ansible.builtin.systemd:
+    name: ara-api.service
+    state: started
+    enabled: true
+    daemon_reload: true
diff --git a/roles/ara_api/tasks/main.yaml b/roles/ara_api/tasks/main.yaml
index 4f69f80..ec72aca 100644
--- a/roles/ara_api/tasks/main.yaml
+++ b/roles/ara_api/tasks/main.yaml
@@ -34,10 +34,13 @@
 
 - name: Include configuration of the database engine
   include_tasks: "database_engine/{{ ara_api_database_engine }}.yaml"
+  when: ara_api_install_method != 'podman'
 
 - name: Include installation of the WSGI backend server
   include_tasks: "wsgi_server/{{ ara_api_wsgi_server }}.yaml"
-  when: ara_api_wsgi_server is not none
+  when:
+    - ara_api_wsgi_server is not none
+    - ara_api_install_method != 'podman'
 
 - name: Include installation of the frontend server
   include_role:
diff --git a/tests/with_podman.yaml b/tests/with_podman.yaml
new file mode 100644
index 0000000..f7b4f98
--- /dev/null
+++ b/tests/with_podman.yaml
@@ -0,0 +1,31 @@
+---
+# Copyright (c) 2020 The ARA Records Ansible authors
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Deploy and test ARA API with podman
+  hosts: ara-api-server
+  gather_facts: yes
+  vars:
+    ara_api_install_method: podman
+    ara_api_version: latest
+    ara_api_root_dir: "{{ ansible_user_dir }}/.ara-tests"
+    ara_api_secret_key: testing
+    ara_api_debug: true
+    ara_api_log_level: DEBUG
+    # Configure cleanup crons to exercise the code path during tests
+    ara_api_configure_cron: true
+  tasks:
+    - name: Install podman
+      become: yes
+      package:
+        name: podman
+        state: present
+
+    - name: Set up the API with the ara_api Ansible role
+      include_role:
+        name: ara_api
+        public: yes
+
+    # These are tasks rather than a standalone playbook to give us an easy
+    # access to all the variables within the same play.
+    - include_tasks: test_tasks.yaml