From cf48e08f1510e9213e2f0d866cef14964c5302b2 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Fri, 14 Jul 2023 16:26:39 +0200 Subject: [PATCH 01/24] Initial version to make it run on Podman --- roles/ara_api/defaults/main.yaml | 1 + roles/ara_api/handlers/main.yaml | 11 +++++++- roles/ara_api/tasks/install/podman.yaml | 36 +++++++++++++++++++++++++ roles/ara_api/tasks/main.yaml | 9 +++++-- 4 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 roles/ara_api/tasks/install/podman.yaml diff --git a/roles/ara_api/defaults/main.yaml b/roles/ara_api/defaults/main.yaml index 860b5df..5c912a5 100644 --- a/roles/ara_api/defaults/main.yaml +++ b/roles/ara_api/defaults/main.yaml @@ -43,6 +43,7 @@ ara_api_venv_path: "{{ ara_api_root_dir }}/virtualenv" # - source [default]: installs from a local or remote git repository # - distribution: installs from distribution packages, if available # - pypi : installs from pypi +# - podman : installs as a podman container ara_api_install_method: source # When installing from source, the URL or filesystem path where the git source diff --git a/roles/ara_api/handlers/main.yaml b/roles/ara_api/handlers/main.yaml index 9d92ef0..f3259db 100644 --- a/roles/ara_api/handlers/main.yaml +++ b/roles/ara_api/handlers/main.yaml @@ -16,11 +16,20 @@ # You should have received a copy of the GNU General Public License # along with ARA Records Ansible. If not, see . -- name: restart ara-api +- name: restart ara-api service become: true + listen: restart ara-api service: name: ara-api state: restarted when: - ara_api_wsgi_server is not none - ara_api_service_enabled is not changed + +- name: restart ara-api + become: true + listen: restart ara-api + containers.podman.podman_container: + name: ara-api + state: restarted + when: ara_api_install_method == 'podman' diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml new file mode 100644 index 0000000..f477017 --- /dev/null +++ b/roles/ara_api/tasks/install/podman.yaml @@ -0,0 +1,36 @@ +--- +- name: Detecting existing PyPI installation + ansible.builtin.stat: + path: "{{ ara_api_venv_path }}" + register: existing_pypi_install + +- name: Remove PyPI virtualenv + ansible.builtin.file: + path: "{{ ara_api_venv_path }}" + state: absent + when: existing_pypi_install['stat']['exists'] + +- name: Detecting existing sqlite database + ansible.builtin.stat: + path: "{{ ara_api_database_name }}" + register: existing_sqlite_database + +- name: Move sqlite database to new location + ansible.builtin.command: mv {{ ara_api_database_name }} {{ ara_api_root_dir }}/ansible.sqlite + when: existing_sqlite_database['stat']['exists'] + +- name: Override file locations with path in container + ansible.builtin.set_fact: + ara_api_database_name: "/opt/ara/ansible.sqlite" + ara_api_log_dir: "/opt/ara/logs" + ara_api_settings: "{{ ara_api_root_dir }}/settings.yaml" + +- name: Ensure ARA API container + containers.podman.podman_container: + name: ara-api + image: recordsansible/ara-api:{{ ara_api_version }} + state: started + ports: + - 127.0.0.1:8000:8000 + volume: + - "{{ ara_api_root_dir }}:/opt/ara" diff --git a/roles/ara_api/tasks/main.yaml b/roles/ara_api/tasks/main.yaml index 4f69f80..97d95ee 100644 --- a/roles/ara_api/tasks/main.yaml +++ b/roles/ara_api/tasks/main.yaml @@ -34,12 +34,17 @@ - name: Include configuration of the database engine include_tasks: "database_engine/{{ ara_api_database_engine }}.yaml" + when: ara_api_install_method != 'podman' - name: Include installation of the WSGI backend server include_tasks: "wsgi_server/{{ ara_api_wsgi_server }}.yaml" - when: ara_api_wsgi_server is not none + when: + - ara_api_wsgi_server is not none + - ara_api_install_method != 'podman' - name: Include installation of the frontend server include_role: name: "ara_frontend_{{ ara_api_frontend_server }}" - when: ara_api_frontend_server is not none + when: + - ara_api_frontend_server is not none + - ara_api_install_method != 'podman' From ea3b3ad5166bd17eb546bf096792b9de101fb89c Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 17 Jul 2023 09:12:57 +0200 Subject: [PATCH 02/24] Fix handler for restarting container as podman_container does not do restart --- roles/ara_api/handlers/main.yaml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/roles/ara_api/handlers/main.yaml b/roles/ara_api/handlers/main.yaml index f3259db..d59f46c 100644 --- a/roles/ara_api/handlers/main.yaml +++ b/roles/ara_api/handlers/main.yaml @@ -28,8 +28,15 @@ - name: restart ara-api become: true - listen: restart ara-api - containers.podman.podman_container: - name: ara-api - state: restarted + block: + - name: stop container + containers.podman.podman_container: + name: ara-api + state: stopped + listen: restart ara-api + - name: start container + containers.podman.podman_container: + name: ara-api + state: started + listen: restart ara-api when: ara_api_install_method == 'podman' From 89d43037fd5a6872082aaed42a864d211a23d994 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 17 Jul 2023 10:08:30 +0200 Subject: [PATCH 03/24] Only attempt migrating SQLite db when ARA has actually been configured to use it --- roles/ara_api/tasks/install/podman.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index f477017..2e22546 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -17,7 +17,9 @@ - name: Move sqlite database to new location ansible.builtin.command: mv {{ ara_api_database_name }} {{ ara_api_root_dir }}/ansible.sqlite - when: existing_sqlite_database['stat']['exists'] + when: + - existing_sqlite_database['stat']['exists'] + - ara_api_database_engine == 'django.db.backends.sqlite3' - name: Override file locations with path in container ansible.builtin.set_fact: From 8223fc921570a92fdd66b876be16c4bc05b60cd7 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 17 Jul 2023 10:09:33 +0200 Subject: [PATCH 04/24] Create container, do not start, wait for config file to be written properly --- roles/ara_api/tasks/install/podman.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index 2e22546..df6a1d1 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -31,7 +31,7 @@ containers.podman.podman_container: name: ara-api image: recordsansible/ara-api:{{ ara_api_version }} - state: started + state: present ports: - 127.0.0.1:8000:8000 volume: From 67a016f587134321abead5c2cb1be408a6121628 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 17 Jul 2023 10:24:33 +0200 Subject: [PATCH 05/24] Reworked service generation for podman service, which also in turn made restarting it much easier as we reuse the systemd service name --- roles/ara_api/handlers/main.yaml | 18 +----------------- roles/ara_api/tasks/install/podman.yaml | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/roles/ara_api/handlers/main.yaml b/roles/ara_api/handlers/main.yaml index d59f46c..9d92ef0 100644 --- a/roles/ara_api/handlers/main.yaml +++ b/roles/ara_api/handlers/main.yaml @@ -16,27 +16,11 @@ # You should have received a copy of the GNU General Public License # along with ARA Records Ansible. If not, see . -- name: restart ara-api service +- name: restart ara-api become: true - listen: restart ara-api service: name: ara-api state: restarted when: - ara_api_wsgi_server is not none - ara_api_service_enabled is not changed - -- name: restart ara-api - become: true - block: - - name: stop container - containers.podman.podman_container: - name: ara-api - state: stopped - listen: restart ara-api - - name: start container - containers.podman.podman_container: - name: ara-api - state: started - listen: restart ara-api - when: ara_api_install_method == 'podman' diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index df6a1d1..6517a8c 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -32,7 +32,28 @@ name: ara-api image: recordsansible/ara-api:{{ ara_api_version }} state: present + auto_remove: true ports: - 127.0.0.1:8000:8000 volume: - "{{ ara_api_root_dir }}:/opt/ara" + +- name: Generate systemd service + ansible.builtin.command: podman generate systemd --no-header --new -n ara-api + register: ara_api_podman_service + changed_when: false # This task only generates input for the task below + +- name: Copy service file into place + ansible.builtin.copy: + content: "{{ ara_api_podman_service['stdout'] }}" + dest: /etc/systemd/system/ara-api.service + remote_src: true + owner: root + group: root + mode: '0644' + +- name: Ensure service + ansible.builtin.systemd: + name: ara-api.service + state: started + daemon_reload: true From 34832a7f61412ef3e453a77a0e497f344c92ee3b Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 17 Jul 2023 10:37:26 +0200 Subject: [PATCH 06/24] Added tests for Podman --- tests/vars/podman_tests.yml | 9 +++++++++ tests/with_podman.yml | 24 ++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 tests/vars/podman_tests.yml create mode 100644 tests/with_podman.yml diff --git a/tests/vars/podman_tests.yml b/tests/vars/podman_tests.yml new file mode 100644 index 0000000..562f842 --- /dev/null +++ b/tests/vars/podman_tests.yml @@ -0,0 +1,9 @@ +ara_tests_cleanup: true +ara_api_root_dir: "{{ ansible_user_dir }}/.ara-tests" +ara_api_secret_key: testing +ara_api_install_method: 'podman' +ara_api_version: 'latest' +ara_api_debug: true +ara_api_log_level: DEBUG +# Configure cleanup crons to exercise the code path during tests +ara_api_configure_cron: true diff --git a/tests/with_podman.yml b/tests/with_podman.yml new file mode 100644 index 0000000..5e60fbd --- /dev/null +++ b/tests/with_podman.yml @@ -0,0 +1,24 @@ +--- +# Copyright (c) 2020 The ARA Records Ansible authors +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: Deploy and test ARA API with podman + hosts: ara-api-server + gather_facts: yes + vars_files: + - vars/podman_tests.yaml + tasks: + - name: Install podman + become: yes + package: + name: podman + state: present + + - name: Set up the API with the ara_api Ansible role + include_role: + name: ara_api + public: yes + + # These are tasks rather than a standalone playbook to give us an easy + # access to all the variables within the same play. + - include_tasks: test_tasks.yaml From 455f1820d3c93615d111d02e7818c85412847d93 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 17 Jul 2023 10:41:45 +0200 Subject: [PATCH 07/24] Added zuul job --- .zuul.d/jobs.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.zuul.d/jobs.yaml b/.zuul.d/jobs.yaml index b3636ed..b85764f 100644 --- a/.zuul.d/jobs.yaml +++ b/.zuul.d/jobs.yaml @@ -98,6 +98,15 @@ authentication enabled. run: tests/with_client_cert.yaml +- job: + name: ara-role-api-podman + parent: ara-role-integration-base + nodeset: ara-multinode + description: | + Desploys the ARA API server on Fedora 36 as well as CentOS Stream 8/9 + in a Podman container and tests it using the default sqlite database backend. + run: tests/with_podman.yaml + # TODO: The job should build a package from current source and test that package # instead of the package in the stable distribution. - job: From 4cadbc5edaa31e6d3c12a25b343e249ba68d4092 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 17 Jul 2023 10:44:17 +0200 Subject: [PATCH 08/24] Enable jobs --- .zuul.d/project.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.zuul.d/project.yaml b/.zuul.d/project.yaml index fa39dbe..4337f0b 100644 --- a/.zuul.d/project.yaml +++ b/.zuul.d/project.yaml @@ -7,6 +7,7 @@ - ara-role-api-postgresql - ara-role-api-gunicorn-nginx - ara-role-api-gunicorn-nginx-client-cert + - ara-role-api-podman - ara-role-api-fedora-packages: voting: false gate: @@ -16,3 +17,4 @@ - ara-role-api-postgresql - ara-role-api-gunicorn-nginx - ara-role-api-gunicorn-nginx-client-cert + - ara-role-api-podman From 19348f06d51e8a1b0a9bd8c1afeeabfac575793d Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 17 Jul 2023 11:22:55 +0200 Subject: [PATCH 09/24] Fix typo --- tests/{with_podman.yml => with_podman.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/{with_podman.yml => with_podman.yaml} (100%) diff --git a/tests/with_podman.yml b/tests/with_podman.yaml similarity index 100% rename from tests/with_podman.yml rename to tests/with_podman.yaml From c4e67a88567af219fa8badcf0feb11adff2be47f Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Sat, 22 Jul 2023 10:47:54 +0200 Subject: [PATCH 10/24] Process feedback --- roles/ara_api/defaults/main.yaml | 5 +++- roles/ara_api/tasks/install/podman.yaml | 40 +++++++++++++++---------- 2 files changed, 29 insertions(+), 16 deletions(-) diff --git a/roles/ara_api/defaults/main.yaml b/roles/ara_api/defaults/main.yaml index 5c912a5..39ce3c1 100644 --- a/roles/ara_api/defaults/main.yaml +++ b/roles/ara_api/defaults/main.yaml @@ -53,12 +53,15 @@ ara_api_source: "https://github.com/ansible-community/ara" # When installing from source, location where the source repository will be checked out to. ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara" +# When installing as podman container, remove existing PyPI installation and migrate data +ara_api_migrate_to_podman: false + # Version of ARA to install # When installing from source, this can be a git ref (tag, branch, commit, etc) # When installing from PyPi, it would be a version number that has been released. # When using "latest" as the source version, HEAD will be used # When using "latest" as the pypi version, the latest release will be used -ara_api_version: master +ara_api_version: latest # The frontend/web server for serving the ARA API # It is recommended to specify a web server when deploying a production environment. diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index 6517a8c..3288280 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -4,22 +4,32 @@ path: "{{ ara_api_venv_path }}" register: existing_pypi_install -- name: Remove PyPI virtualenv - ansible.builtin.file: - path: "{{ ara_api_venv_path }}" - state: absent - when: existing_pypi_install['stat']['exists'] +- name: 'Notify about existing PyPI installation' + ansible.builtin.debug: + msg: | + You seem to have ARA-API installed via PyPI in the past, if you like + this role can clean up that installation and migrate your data to the Podman + installation, by setting ara_api_migrate_to_podman to true -- name: Detecting existing sqlite database - ansible.builtin.stat: - path: "{{ ara_api_database_name }}" - register: existing_sqlite_database - -- name: Move sqlite database to new location - ansible.builtin.command: mv {{ ara_api_database_name }} {{ ara_api_root_dir }}/ansible.sqlite - when: - - existing_sqlite_database['stat']['exists'] - - ara_api_database_engine == 'django.db.backends.sqlite3' +- name: 'Remove PyPI installation and migrate data' + when: ara_api_migrate_to_podman + block: + - name: Remove PyPI virtualenv + ansible.builtin.file: + path: "{{ ara_api_venv_path }}" + state: absent + when: existing_pypi_install['stat']['exists'] + + - name: Detecting existing sqlite database + ansible.builtin.stat: + path: "{{ ara_api_database_name }}" + register: existing_sqlite_database + + - name: Move sqlite database to new location + ansible.builtin.command: mv {{ ara_api_database_name }} {{ ara_api_root_dir }}/ansible.sqlite + when: + - existing_sqlite_database['stat']['exists'] + - ara_api_database_engine == 'django.db.backends.sqlite3' - name: Override file locations with path in container ansible.builtin.set_fact: From 8a2b2c586a1783ca5945f03d91fbbfc27b862d72 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Sun, 23 Jul 2023 23:23:45 +0200 Subject: [PATCH 11/24] Processed feedback, look in detail later --- roles/ara_api/tasks/main.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/ara_api/tasks/main.yaml b/roles/ara_api/tasks/main.yaml index 97d95ee..ec72aca 100644 --- a/roles/ara_api/tasks/main.yaml +++ b/roles/ara_api/tasks/main.yaml @@ -45,6 +45,4 @@ - name: Include installation of the frontend server include_role: name: "ara_frontend_{{ ara_api_frontend_server }}" - when: - - ara_api_frontend_server is not none - - ara_api_install_method != 'podman' + when: ara_api_frontend_server is not none From c8dea740e4bb03a4be4cd2ee26e4a578ea4f197b Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Wed, 6 Sep 2023 23:32:03 +0200 Subject: [PATCH 12/24] Change the command to generate a random string to one that does not require django tools to be present on the target system --- roles/ara_api/tasks/config.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/ara_api/tasks/config.yaml b/roles/ara_api/tasks/config.yaml index d8f1ca8..3343446 100644 --- a/roles/ara_api/tasks/config.yaml +++ b/roles/ara_api/tasks/config.yaml @@ -48,9 +48,7 @@ - not settings_stat.stat.exists block: - name: Generate a random secret key - environment: - PATH: "{{ path_with_virtualenv }}" - command: "{{ ara_api_python_command }} -c 'from django.utils.crypto import get_random_string; print(get_random_string(length=50))'" + command: tr -dc A-Za-z0-9 Date: Thu, 7 Sep 2023 15:48:12 +0200 Subject: [PATCH 13/24] Fix SELinux context for containers, this has no impact on non-SELinux systems, so no further handling is required --- roles/ara_api/tasks/install/podman.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index 3288280..e92e377 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -46,7 +46,7 @@ ports: - 127.0.0.1:8000:8000 volume: - - "{{ ara_api_root_dir }}:/opt/ara" + - "{{ ara_api_root_dir }}:/opt/ara:z" - name: Generate systemd service ansible.builtin.command: podman generate systemd --no-header --new -n ara-api From 3254c8b3d419875d635130009033988ef1568fd6 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Thu, 7 Sep 2023 16:01:17 +0200 Subject: [PATCH 14/24] Fix handling in case no secret key has been defined or it is null in the current config --- roles/ara_api/tasks/config.yaml | 11 ++++++----- roles/ara_api/tasks/install/podman.yaml | 1 + 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/ara_api/tasks/config.yaml b/roles/ara_api/tasks/config.yaml index 3343446..72d6890 100644 --- a/roles/ara_api/tasks/config.yaml +++ b/roles/ara_api/tasks/config.yaml @@ -40,15 +40,16 @@ ara_api_secret_key: "{{ config[ara_api_env]['SECRET_KEY'] }}" no_log: "{{ ara_api_secure_logging }}" -# If no secret key has been provided and this is the first time we are -# running, generate a new random secret key that will be persisted in the +# If no secret key has been provided or it is not present in the current +# configuration, generate a new random secret key that will be persisted in the # configuration file. - when: - - ara_api_secret_key is none - - not settings_stat.stat.exists + - ara_api_secret_key is none or ara_api_secret_key == '' block: - name: Generate a random secret key - command: tr -dc A-Za-z0-9 Date: Mon, 11 Sep 2023 14:42:12 +0200 Subject: [PATCH 15/24] Enable service after creating it --- roles/ara_api/tasks/install/podman.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index ee3fa81..94e2a44 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -67,4 +67,5 @@ ansible.builtin.systemd: name: ara-api.service state: started + enabled: true daemon_reload: true From ede3612ed1bc0951b56abf1f4c46e2387f61fb78 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Tue, 30 Apr 2024 00:30:50 +0200 Subject: [PATCH 16/24] Removed migration tasks to prevent opening can of worms, only warn about existing pypi installation --- roles/ara_api/tasks/install/podman.yaml | 27 +++---------------------- 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index 94e2a44..c0c067b 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -4,34 +4,13 @@ path: "{{ ara_api_venv_path }}" register: existing_pypi_install -- name: 'Notify about existing PyPI installation' +- name: Notify about existing PyPI installation ansible.builtin.debug: msg: | - You seem to have ARA-API installed via PyPI in the past, if you like - this role can clean up that installation and migrate your data to the Podman - installation, by setting ara_api_migrate_to_podman to true + You seem to have ARA-API installed via PyPI in the past, you might + want to clean up that installation and migrate your data when: existing_pypi_install['stat']['exists'] -- name: 'Remove PyPI installation and migrate data' - when: ara_api_migrate_to_podman - block: - - name: Remove PyPI virtualenv - ansible.builtin.file: - path: "{{ ara_api_venv_path }}" - state: absent - when: existing_pypi_install['stat']['exists'] - - - name: Detecting existing sqlite database - ansible.builtin.stat: - path: "{{ ara_api_database_name }}" - register: existing_sqlite_database - - - name: Move sqlite database to new location - ansible.builtin.command: mv {{ ara_api_database_name }} {{ ara_api_root_dir }}/ansible.sqlite - when: - - existing_sqlite_database['stat']['exists'] - - ara_api_database_engine == 'django.db.backends.sqlite3' - - name: Override file locations with path in container ansible.builtin.set_fact: ara_api_database_name: "/opt/ara/ansible.sqlite" From fa5c12e5bb8476db1485f602ea3c032b2e7e8a74 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 9 Sep 2024 13:13:34 +0200 Subject: [PATCH 17/24] Reworked podman tasks into one task (as you do, you learn :) ) --- roles/ara_api/tasks/install/podman.yaml | 16 ++-------------- roles/ara_api/vars/main.yaml | 9 +++++++++ 2 files changed, 11 insertions(+), 14 deletions(-) create mode 100644 roles/ara_api/vars/main.yaml diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index c0c067b..ab4c508 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -21,27 +21,15 @@ containers.podman.podman_container: name: ara-api image: recordsansible/ara-api:{{ ara_api_version }} + pull: newer state: present auto_remove: true + generate_systemd: "{{ ara_api_systemd_config }}" ports: - 127.0.0.1:8000:8000 volume: - "{{ ara_api_root_dir }}:/opt/ara:z" -- name: Generate systemd service - ansible.builtin.command: podman generate systemd --no-header --new -n ara-api - register: ara_api_podman_service - changed_when: false # This task only generates input for the task below - -- name: Copy service file into place - ansible.builtin.copy: - content: "{{ ara_api_podman_service['stdout'] }}" - dest: /etc/systemd/system/ara-api.service - remote_src: true - owner: root - group: root - mode: '0644' - - name: Ensure service ansible.builtin.systemd: name: ara-api.service diff --git a/roles/ara_api/vars/main.yaml b/roles/ara_api/vars/main.yaml new file mode 100644 index 0000000..c079fe1 --- /dev/null +++ b/roles/ara_api/vars/main.yaml @@ -0,0 +1,9 @@ +--- +ara_api_systemd_config: + path: '/etc/systemd/system' + restart_policy: 'always' + time: 120 + names: true + new: true + container_prefix: '' + separator: '' From 41cf6603003c7c057718c64e9faaa6843e9090bf Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Wed, 9 Oct 2024 14:50:41 +0200 Subject: [PATCH 18/24] Clean up unused variable and made image variable (to allow custom locations on local registries etc.) --- roles/ara_api/defaults/main.yaml | 6 +++--- roles/ara_api/tasks/install/podman.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/ara_api/defaults/main.yaml b/roles/ara_api/defaults/main.yaml index 39ce3c1..f8affa7 100644 --- a/roles/ara_api/defaults/main.yaml +++ b/roles/ara_api/defaults/main.yaml @@ -50,12 +50,12 @@ ara_api_install_method: source # repository can be cloned from. ara_api_source: "https://github.com/ansible-community/ara" +# Image to pull from the container registry when running with Podman +ara_api_image: 'recordsansible/ara-api' + # When installing from source, location where the source repository will be checked out to. ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara" -# When installing as podman container, remove existing PyPI installation and migrate data -ara_api_migrate_to_podman: false - # Version of ARA to install # When installing from source, this can be a git ref (tag, branch, commit, etc) # When installing from PyPi, it would be a version number that has been released. diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index ab4c508..8587097 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -20,7 +20,7 @@ - name: Ensure ARA API container containers.podman.podman_container: name: ara-api - image: recordsansible/ara-api:{{ ara_api_version }} + image: {{ ara_api_image }}:{{ ara_api_version }} pull: newer state: present auto_remove: true From 81d5f589c9599cd115e5ec1341c186ddf2d6c22a Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 14 Oct 2024 11:41:46 +0200 Subject: [PATCH 19/24] fix quoting --- roles/ara_api/tasks/install/podman.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index 8587097..29abd55 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -20,7 +20,7 @@ - name: Ensure ARA API container containers.podman.podman_container: name: ara-api - image: {{ ara_api_image }}:{{ ara_api_version }} + image: "{{ ara_api_image }}:{{ ara_api_version }}" pull: newer state: present auto_remove: true From e3a08b3ab1e10dd8001b931bbcaf7a1c2c4ee814 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 21 Oct 2024 10:21:57 +0200 Subject: [PATCH 20/24] Only configure selinux context when selinux is enabled --- roles/ara_api/tasks/install/podman.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ara_api/tasks/install/podman.yaml b/roles/ara_api/tasks/install/podman.yaml index 29abd55..83cbbf7 100644 --- a/roles/ara_api/tasks/install/podman.yaml +++ b/roles/ara_api/tasks/install/podman.yaml @@ -28,7 +28,7 @@ ports: - 127.0.0.1:8000:8000 volume: - - "{{ ara_api_root_dir }}:/opt/ara:z" + - "{{ ara_api_root_dir }}:/opt/ara{{ (ansible_facts['selinux']['status'] == 'enabled') | ternary(':z', '') }}" - name: Ensure service ansible.builtin.systemd: From 1bf132589c8f400c0881f9d2c455cca98e071438 Mon Sep 17 00:00:00 2001 From: Jeffrey van Pelt Date: Mon, 21 Oct 2024 11:11:13 +0200 Subject: [PATCH 21/24] Something seems off with the vars_file, lets see what happens with direct vars in the play --- tests/vars/podman_tests.yml | 9 --------- tests/with_podman.yaml | 11 +++++++++-- 2 files changed, 9 insertions(+), 11 deletions(-) delete mode 100644 tests/vars/podman_tests.yml diff --git a/tests/vars/podman_tests.yml b/tests/vars/podman_tests.yml deleted file mode 100644 index 562f842..0000000 --- a/tests/vars/podman_tests.yml +++ /dev/null @@ -1,9 +0,0 @@ -ara_tests_cleanup: true -ara_api_root_dir: "{{ ansible_user_dir }}/.ara-tests" -ara_api_secret_key: testing -ara_api_install_method: 'podman' -ara_api_version: 'latest' -ara_api_debug: true -ara_api_log_level: DEBUG -# Configure cleanup crons to exercise the code path during tests -ara_api_configure_cron: true diff --git a/tests/with_podman.yaml b/tests/with_podman.yaml index 5e60fbd..f7b4f98 100644 --- a/tests/with_podman.yaml +++ b/tests/with_podman.yaml @@ -5,8 +5,15 @@ - name: Deploy and test ARA API with podman hosts: ara-api-server gather_facts: yes - vars_files: - - vars/podman_tests.yaml + vars: + ara_api_install_method: podman + ara_api_version: latest + ara_api_root_dir: "{{ ansible_user_dir }}/.ara-tests" + ara_api_secret_key: testing + ara_api_debug: true + ara_api_log_level: DEBUG + # Configure cleanup crons to exercise the code path during tests + ara_api_configure_cron: true tasks: - name: Install podman become: yes From cc629697aae162b6596b57fd588821858b1145bb Mon Sep 17 00:00:00 2001 From: David Moreau Simard Date: Wed, 30 Oct 2024 05:57:36 -0400 Subject: [PATCH 22/24] Test podman job with ansible 9 --- .zuul.d/jobs.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.zuul.d/jobs.yaml b/.zuul.d/jobs.yaml index b85764f..0928571 100644 --- a/.zuul.d/jobs.yaml +++ b/.zuul.d/jobs.yaml @@ -106,6 +106,7 @@ Desploys the ARA API server on Fedora 36 as well as CentOS Stream 8/9 in a Podman container and tests it using the default sqlite database backend. run: tests/with_podman.yaml + ansible_version: '9' # TODO: The job should build a package from current source and test that package # instead of the package in the stable distribution. From c6ad33a155e7d21383c3f46c944ed6811f9a6697 Mon Sep 17 00:00:00 2001 From: David Moreau Simard Date: Wed, 30 Oct 2024 05:59:27 -0400 Subject: [PATCH 23/24] s/ansible_version/ansible-version/ --- .zuul.d/jobs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.zuul.d/jobs.yaml b/.zuul.d/jobs.yaml index 0928571..a163e29 100644 --- a/.zuul.d/jobs.yaml +++ b/.zuul.d/jobs.yaml @@ -106,7 +106,7 @@ Desploys the ARA API server on Fedora 36 as well as CentOS Stream 8/9 in a Podman container and tests it using the default sqlite database backend. run: tests/with_podman.yaml - ansible_version: '9' + ansible-version: '9' # TODO: The job should build a package from current source and test that package # instead of the package in the stable distribution. From 19546a60668b284b061395506a1e2833fc659907 Mon Sep 17 00:00:00 2001 From: David Moreau Simard Date: Wed, 30 Oct 2024 06:10:31 -0400 Subject: [PATCH 24/24] Fully quality container image name --- roles/ara_api/defaults/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ara_api/defaults/main.yaml b/roles/ara_api/defaults/main.yaml index f8affa7..550b95b 100644 --- a/roles/ara_api/defaults/main.yaml +++ b/roles/ara_api/defaults/main.yaml @@ -51,7 +51,7 @@ ara_api_install_method: source ara_api_source: "https://github.com/ansible-community/ara" # Image to pull from the container registry when running with Podman -ara_api_image: 'recordsansible/ara-api' +ara_api_image: 'quay.io/recordsansible/ara-api' # When installing from source, location where the source repository will be checked out to. ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara"