From 8a0ec40fe7fdbb44711cc046da11522bd5ac4410 Mon Sep 17 00:00:00 2001
From: akumari <akumari@redhat.com>
Date: Tue, 15 Oct 2024 15:39:45 +0530
Subject: [PATCH] add pulp services

---
 playbooks/deploy.yaml               |   7 +-
 roles/pulp/defaults/main.yaml       |  18 +++--
 roles/pulp/tasks/main.yaml          | 102 ++++++++++++++++++++++++----
 roles/pulp/templates/settings.py.j2 |  17 +++++
 tests/pulp_test.py                  |  27 +++++++-
 5 files changed, 151 insertions(+), 20 deletions(-)

diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml
index 278021a..6653d35 100644
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@@ -27,16 +27,21 @@
     httpd_client_ca_certificate: "{{ certificates_ca_directory }}/certs/ca.crt"
     httpd_server_certificate: "{{ certificates_ca_directory }}/certs/{{ certificates_server }}.crt"
     httpd_server_key: "{{ certificates_ca_directory }}/private/{{ certificates_server }}.key"
+    pulp_db_password: "CHANGEME"
     postgresql_databases:
       - name: candlepin
         owner: candlepin
       - name: foreman
         owner: foreman
+      - name: pulp
+        owner: pulp
     postgresql_users:
       - name: candlepin
         password: "{{ candlepin_db_password }}"
       - name: foreman
         password: "{{ foreman_db_password }}"
+      - name: pulp
+        password: "{{ pulp_db_password }}"
     postgresql_hba_entries:
       - { type: local, database: all, user: postgres, auth_method: ident }
       - { type: local, database: all, user: all, auth_method: ident }
@@ -47,9 +52,9 @@
   roles:
     - certificates
     - geerlingguy.postgresql
+    - redis
     - candlepin
     - httpd
     - pulp
     - foreman_proxy
-    - redis
     - foreman
diff --git a/roles/pulp/defaults/main.yaml b/roles/pulp/defaults/main.yaml
index fee3d5f..2faa9e6 100644
--- a/roles/pulp/defaults/main.yaml
+++ b/roles/pulp/defaults/main.yaml
@@ -1,10 +1,20 @@
 ---
-pulp_image: quay.io/pulp/pulp:stable
-pulp_ports:
-  - "8080:80"
+pulp_api_image: quay.io/pulp/pulp-minimal:stable
+pulp_content_image: quay.io/pulp/pulp-minimal:stable
+pulp_worker_image: quay.io/pulp/pulp-minimal:stable
+
+pulp_api_ports:
+  - "24817:80"
+pulp_content_ports:
+  - "24816:80"
+pulp_worker_count: 2
+
 pulp_volumes:
   - /var/lib/pulp/settings:/etc/pulp:Z
   - /var/lib/pulp/pulp_storage:/var/lib/pulp:Z
   - /var/lib/pulp/pgsql:/var/lib/pgsql:Z
   - /var/lib/pulp/containers:/var/lib/containers:Z
-pulp_container_name: pulp
+
+pulp_api_container_name: pulp-api
+pulp_content_container_name: pulp-content
+pulp_worker_container_name: pulp-worker
diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml
index f5f8bd8..8a3d2fa 100644
--- a/roles/pulp/tasks/main.yaml
+++ b/roles/pulp/tasks/main.yaml
@@ -1,6 +1,16 @@
-- name: Pull the Pulp container image
+- name: Pull the Pulp API container image
   containers.podman.podman_image:
-    name: "{{ pulp_image }}"
+    name: "{{ pulp_api_image }}"
+    state: present
+
+- name: Pull the Pulp Content container image
+  containers.podman.podman_image:
+    name: "{{ pulp_content_image }}"
+    state: present
+
+- name: Pull the Pulp Worker container image
+  containers.podman.podman_image:
+    name: "{{ pulp_worker_image }}"
     state: present
 
 - name: Create Pulp storage
@@ -16,15 +26,71 @@
     name: pulp-settings-py
     data: "{{ lookup('ansible.builtin.template', 'settings.py.j2') }}"
 
-- name: Deploy Pulp Container
+- name: Generate database symmetric key
+  ansible.builtin.command: "bash -c 'openssl rand -base64 32 | tr \"+/\" \"-_\" > /var/lib/pulp/symmetric_key.txt'"
+  args:
+    creates: /var/lib/pulp/symmetric_key.txt
+
+- name: Create database symmetric key secret
+  containers.podman.podman_secret:
+    state: present
+    name: pulp-symmetric-key
+    data: "{{ lookup('file', '/var/lib/pulp/symmetric_key.txt') }}"
+
+- name: Wait for PostgreSQL to be ready
+  ansible.builtin.wait_for:
+    host: "localhost"
+    port: 5432
+    timeout: 300
+
+- name: Deploy Pulp API Container
   containers.podman.podman_container:
-    name: "{{ pulp_container_name }}"
-    image: "{{ pulp_image }}"
+    name: "{{ pulp_api_container_name }}"
+    image: "{{ pulp_api_image }}"
     state: quadlet
-    ports: "{{ pulp_ports }}"
+    command: pulp-api
+    ports: "{{ pulp_api_ports }}"
     volumes: "{{ pulp_volumes }}"
     secrets:
       - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py'
+      - 'pulp-symmetric-key,type=mount,target=/etc/pulp/symmetric_key'
+    quadlet_options:
+      - |
+        [Install]
+        WantedBy=default.target
+
+- name: Deploy Pulp Content Container
+  containers.podman.podman_container:
+    name: "{{ pulp_content_container_name }}"
+    image: "{{ pulp_content_image }}"
+    state: quadlet
+    command: pulp-content
+    ports: "{{ pulp_content_ports }}"
+    volumes: "{{ pulp_volumes }}"
+    secrets:
+      - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py'
+      - 'pulp-symmetric-key,type=mount,target=/etc/pulp/symmetric_key'
+    quadlet_options:
+      - |
+        [Install]
+        WantedBy=default.target
+
+- name: Wait for Pulp API service to be accessible
+  ansible.builtin.wait_for:
+    host: "{{ ansible_hostname }}"
+    port: 24817
+    timeout: 300
+
+- name: Deploy Pulp Worker Container
+  containers.podman.podman_container:
+    name: "{{ pulp_worker_container_name }}"
+    image: "{{ pulp_worker_image }}"
+    state: quadlet
+    command: pulp-worker
+    volumes: "{{ pulp_volumes }}"
+    secrets:
+      - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py'
+      - 'pulp-symmetric-key,type=mount,target=/etc/pulp/symmetric_key'
     quadlet_options:
       - |
         [Install]
@@ -34,17 +100,29 @@
   ansible.builtin.systemd:
     daemon_reload: true
 
-- name: Start the Pulp Service
+- name: Start the Pulp API services
   ansible.builtin.systemd:
-    name: pulp
+    name: pulp-api
     enabled: true
-    state: restarted
+    state: started
 
-- name: Wait for Pulp service to be accessible
+- name: Start the Pulp Content services
+  ansible.builtin.systemd:
+    name: pulp-content
+    enabled: true
+    state: started
+
+- name: Wait for Pulp Content service to be accessible
   ansible.builtin.wait_for:
     host: "{{ ansible_hostname }}"
-    port: 8080
-    timeout: 300
+    port: 24816
+    timeout: 600
+
+- name: Start the Pulp Worker service
+  ansible.builtin.systemd:
+    name: pulp-worker
+    enabled: true
+    state: started
 
 # Only needed until we have cert auth configured
 - name: Set Pulp admin password
diff --git a/roles/pulp/templates/settings.py.j2 b/roles/pulp/templates/settings.py.j2
index 16a2a0a..9d3a169 100644
--- a/roles/pulp/templates/settings.py.j2
+++ b/roles/pulp/templates/settings.py.j2
@@ -1,7 +1,24 @@
 CONTENT_ORIGIN="http://{{ ansible_hostname }}:8080"
+API_CONTENT_ORIGIN="http://{{ ansible_hostname }}:24817"
+CONTENT_SERVICE_ORIGIN="http://{{ ansible_hostname }}:24816"
 CACHE_ENABLED=True
 REDIS_HOST="localhost"
 REDIS_PORT=6379
+
+DATABASES = {
+	'default': {
+		'ENGINE': 'django.db.backends.postgresql',
+		'NAME': 'pulp',
+		'USER': 'pulp',
+		'PASSWORD': '{{ pulp_db_password }}',
+		'HOST': 'localhost',
+		'PORT': '5432',
+	}
+}
+
 AUTHENTICATION_BACKENDS=['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
 REMOTE_USER_ENVIRON_NAME="HTTP_REMOTE_USER"
 REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES=('rest_framework.authentication.SessionAuthentication', 'pulpcore.app.authentication.PulpRemoteUserAuthentication')
+
+with open('/etc/pulp/symmetric_key', 'r') as key_file:
+    SYMMETRIC_KEY = key_file.read().strip()
diff --git a/tests/pulp_test.py b/tests/pulp_test.py
index 1ee4e9c..9fe7729 100644
--- a/tests/pulp_test.py
+++ b/tests/pulp_test.py
@@ -1,11 +1,11 @@
 import json
-
 import pytest
 
 
 PULP_HOST = 'localhost'
 PULP_PORT = 8080
-
+PULP_API_PORT = 24817
+PULP_CONTENT_PORT = 24816
 
 @pytest.fixture(scope="module")
 def pulp_status_curl(host):
@@ -22,17 +22,38 @@ def test_pulp_service(host):
     assert pulp.is_running
     assert pulp.is_enabled
 
+def test_pulp_api_service(host):
+    pulp_api = host.service("pulp-api")
+    assert pulp_api.is_running
+    assert pulp_api.is_enabled
+
+def test_pulp_content_service(host):
+    pulp_content = host.service("pulp-content")
+    assert pulp_content.is_running
+    assert pulp_content.is_enabled
+
+def test_pulp_worker_services(host):
+    for i in range(1, 3):
+        pulp_worker = host.service(f"pulp-worker@{i}")
+        assert pulp_worker.is_running
+        assert pulp_worker.is_enabled
 
 def test_pulp_port(host):
     pulp = host.addr(PULP_HOST)
     assert pulp.port(PULP_PORT).is_reachable
 
+def test_pulp_api_port(host):
+    pulp_api = host.addr(PULP_HOST)
+    assert pulp_api.port(PULP_API_PORT).is_reachable
+
+def test_pulp_content_port(host):
+    pulp_content = host.addr(PULP_HOST)
+    assert pulp_content.port(PULP_CONTENT_PORT).is_reachable
 
 def test_pulp_status(pulp_status_curl):
     assert pulp_status_curl.succeeded
     assert pulp_status_curl.stderr == '200'
 
-
 def test_pulp_status_database_connection(pulp_status):
     assert pulp_status['database_connection']['connected']