From 8577568c9044993a966392976019d9b689ebac9d Mon Sep 17 00:00:00 2001 From: akumari Date: Tue, 15 Oct 2024 15:39:45 +0530 Subject: [PATCH 01/18] add pulp services --- playbooks/deploy.yaml | 7 +- roles/pulp/defaults/main.yaml | 18 +++-- roles/pulp/tasks/main.yaml | 102 ++++++++++++++++++++++++---- roles/pulp/templates/settings.py.j2 | 14 ++++ tests/pulp_test.py | 27 +++++++- 5 files changed, 148 insertions(+), 20 deletions(-) diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index 278021a..6653d35 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -27,16 +27,21 @@ httpd_client_ca_certificate: "{{ certificates_ca_directory }}/certs/ca.crt" httpd_server_certificate: "{{ certificates_ca_directory }}/certs/{{ certificates_server }}.crt" httpd_server_key: "{{ certificates_ca_directory }}/private/{{ certificates_server }}.key" + pulp_db_password: "CHANGEME" postgresql_databases: - name: candlepin owner: candlepin - name: foreman owner: foreman + - name: pulp + owner: pulp postgresql_users: - name: candlepin password: "{{ candlepin_db_password }}" - name: foreman password: "{{ foreman_db_password }}" + - name: pulp + password: "{{ pulp_db_password }}" postgresql_hba_entries: - { type: local, database: all, user: postgres, auth_method: ident } - { type: local, database: all, user: all, auth_method: ident } @@ -47,9 +52,9 @@ roles: - certificates - geerlingguy.postgresql + - redis - candlepin - httpd - pulp - foreman_proxy - - redis - foreman diff --git a/roles/pulp/defaults/main.yaml b/roles/pulp/defaults/main.yaml index fee3d5f..2faa9e6 100644 --- a/roles/pulp/defaults/main.yaml +++ b/roles/pulp/defaults/main.yaml @@ -1,10 +1,20 @@ --- -pulp_image: quay.io/pulp/pulp:stable -pulp_ports: - - "8080:80" +pulp_api_image: quay.io/pulp/pulp-minimal:stable +pulp_content_image: quay.io/pulp/pulp-minimal:stable +pulp_worker_image: quay.io/pulp/pulp-minimal:stable + +pulp_api_ports: + - "24817:80" +pulp_content_ports: + - "24816:80" +pulp_worker_count: 2 + pulp_volumes: - /var/lib/pulp/settings:/etc/pulp:Z - /var/lib/pulp/pulp_storage:/var/lib/pulp:Z - /var/lib/pulp/pgsql:/var/lib/pgsql:Z - /var/lib/pulp/containers:/var/lib/containers:Z -pulp_container_name: pulp + +pulp_api_container_name: pulp-api +pulp_content_container_name: pulp-content +pulp_worker_container_name: pulp-worker diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index f5f8bd8..bbd6eec 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -1,6 +1,16 @@ -- name: Pull the Pulp container image +- name: Pull the Pulp API container image containers.podman.podman_image: - name: "{{ pulp_image }}" + name: "{{ pulp_api_image }}" + state: present + +- name: Pull the Pulp Content container image + containers.podman.podman_image: + name: "{{ pulp_content_image }}" + state: present + +- name: Pull the Pulp Worker container image + containers.podman.podman_image: + name: "{{ pulp_worker_image }}" state: present - name: Create Pulp storage @@ -16,15 +26,71 @@ name: pulp-settings-py data: "{{ lookup('ansible.builtin.template', 'settings.py.j2') }}" -- name: Deploy Pulp Container +- name: Generate database symmetric key + ansible.builtin.command: "bash -c 'openssl rand -base64 32 | tr \"+/\" \"-_\" > /var/lib/pulp/database_fields.symmetric.key'" + args: + creates: /var/lib/pulp/database_fields.symmetric.key + +- name: Create database symmetric key secret + containers.podman.podman_secret: + state: present + name: pulp-symmetric-key + data: "{{ lookup('file', '/var/lib/pulp/database_fields.symmetric.key') }}" + +- name: Wait for PostgreSQL to be ready + ansible.builtin.wait_for: + host: "localhost" + port: 5432 + timeout: 300 + +- name: Deploy Pulp API Container containers.podman.podman_container: - name: "{{ pulp_container_name }}" - image: "{{ pulp_image }}" + name: "{{ pulp_api_container_name }}" + image: "{{ pulp_api_image }}" state: quadlet - ports: "{{ pulp_ports }}" + command: pulp-api + ports: "{{ pulp_api_ports }}" volumes: "{{ pulp_volumes }}" secrets: - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py' + - 'pulp-symmetric-key,type=mount,target=/etc/pulp/certs/database_fields.symmetric.key' + quadlet_options: + - | + [Install] + WantedBy=default.target + +- name: Deploy Pulp Content Container + containers.podman.podman_container: + name: "{{ pulp_content_container_name }}" + image: "{{ pulp_content_image }}" + state: quadlet + command: pulp-content + ports: "{{ pulp_content_ports }}" + volumes: "{{ pulp_volumes }}" + secrets: + - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py' + - 'pulp-symmetric-key,type=mount,target=/etc/pulp/certs/database_fields.symmetric.key' + quadlet_options: + - | + [Install] + WantedBy=default.target + +- name: Wait for Pulp API service to be accessible + ansible.builtin.wait_for: + host: "{{ ansible_hostname }}" + port: 24817 + timeout: 300 + +- name: Deploy Pulp Worker Container + containers.podman.podman_container: + name: "{{ pulp_worker_container_name }}" + image: "{{ pulp_worker_image }}" + state: quadlet + command: pulp-worker + volumes: "{{ pulp_volumes }}" + secrets: + - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py' + - 'pulp-symmetric-key,type=mount,target=/etc/pulp/certs/database_fields.symmetric.key' quadlet_options: - | [Install] @@ -34,17 +100,29 @@ ansible.builtin.systemd: daemon_reload: true -- name: Start the Pulp Service +- name: Start the Pulp API services ansible.builtin.systemd: - name: pulp + name: pulp-api enabled: true - state: restarted + state: started -- name: Wait for Pulp service to be accessible +- name: Start the Pulp Content services + ansible.builtin.systemd: + name: pulp-content + enabled: true + state: started + +- name: Wait for Pulp Content service to be accessible ansible.builtin.wait_for: host: "{{ ansible_hostname }}" - port: 8080 - timeout: 300 + port: 24816 + timeout: 600 + +- name: Start the Pulp Worker service + ansible.builtin.systemd: + name: pulp-worker + enabled: true + state: started # Only needed until we have cert auth configured - name: Set Pulp admin password diff --git a/roles/pulp/templates/settings.py.j2 b/roles/pulp/templates/settings.py.j2 index 16a2a0a..97982fb 100644 --- a/roles/pulp/templates/settings.py.j2 +++ b/roles/pulp/templates/settings.py.j2 @@ -1,7 +1,21 @@ CONTENT_ORIGIN="http://{{ ansible_hostname }}:8080" +API_CONTENT_ORIGIN="http://{{ ansible_hostname }}:24817" +CONTENT_SERVICE_ORIGIN="http://{{ ansible_hostname }}:24816" CACHE_ENABLED=True REDIS_HOST="localhost" REDIS_PORT=6379 + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': 'pulp', + 'USER': 'pulp', + 'PASSWORD': '{{ pulp_db_password }}', + 'HOST': 'localhost', + 'PORT': '5432', + } +} + AUTHENTICATION_BACKENDS=['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'] REMOTE_USER_ENVIRON_NAME="HTTP_REMOTE_USER" REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES=('rest_framework.authentication.SessionAuthentication', 'pulpcore.app.authentication.PulpRemoteUserAuthentication') diff --git a/tests/pulp_test.py b/tests/pulp_test.py index 1ee4e9c..9fe7729 100644 --- a/tests/pulp_test.py +++ b/tests/pulp_test.py @@ -1,11 +1,11 @@ import json - import pytest PULP_HOST = 'localhost' PULP_PORT = 8080 - +PULP_API_PORT = 24817 +PULP_CONTENT_PORT = 24816 @pytest.fixture(scope="module") def pulp_status_curl(host): @@ -22,17 +22,38 @@ def test_pulp_service(host): assert pulp.is_running assert pulp.is_enabled +def test_pulp_api_service(host): + pulp_api = host.service("pulp-api") + assert pulp_api.is_running + assert pulp_api.is_enabled + +def test_pulp_content_service(host): + pulp_content = host.service("pulp-content") + assert pulp_content.is_running + assert pulp_content.is_enabled + +def test_pulp_worker_services(host): + for i in range(1, 3): + pulp_worker = host.service(f"pulp-worker@{i}") + assert pulp_worker.is_running + assert pulp_worker.is_enabled def test_pulp_port(host): pulp = host.addr(PULP_HOST) assert pulp.port(PULP_PORT).is_reachable +def test_pulp_api_port(host): + pulp_api = host.addr(PULP_HOST) + assert pulp_api.port(PULP_API_PORT).is_reachable + +def test_pulp_content_port(host): + pulp_content = host.addr(PULP_HOST) + assert pulp_content.port(PULP_CONTENT_PORT).is_reachable def test_pulp_status(pulp_status_curl): assert pulp_status_curl.succeeded assert pulp_status_curl.stderr == '200' - def test_pulp_status_database_connection(pulp_status): assert pulp_status['database_connection']['connected'] From 266dfc65ced36914392a3e2b818afe916fb92f58 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Nov 2024 15:35:24 +0100 Subject: [PATCH 02/18] stop managing etc pulp and pgsql, disable selinux labeling --- roles/pulp/defaults/main.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/pulp/defaults/main.yaml b/roles/pulp/defaults/main.yaml index 2faa9e6..2ded723 100644 --- a/roles/pulp/defaults/main.yaml +++ b/roles/pulp/defaults/main.yaml @@ -10,10 +10,8 @@ pulp_content_ports: pulp_worker_count: 2 pulp_volumes: - - /var/lib/pulp/settings:/etc/pulp:Z - - /var/lib/pulp/pulp_storage:/var/lib/pulp:Z - - /var/lib/pulp/pgsql:/var/lib/pgsql:Z - - /var/lib/pulp/containers:/var/lib/containers:Z + - /var/lib/pulp/pulp_storage:/var/lib/pulp + - /var/lib/pulp/containers:/var/lib/containers pulp_api_container_name: pulp-api pulp_content_container_name: pulp-content From 1d08e23a26f62aff6e5ecf5d97f5c82308176d2e Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Nov 2024 15:36:05 +0100 Subject: [PATCH 03/18] run podman with label=disable to avoid permission errors the folders are shared between the containers, and mounting them with :z or :Z breaks stuff (even if :Z *should* work). label=disable avoids this issues. --- roles/pulp/tasks/main.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index bbd6eec..dcde530 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -51,6 +51,8 @@ command: pulp-api ports: "{{ pulp_api_ports }}" volumes: "{{ pulp_volumes }}" + security_opt: + - "label=disable" secrets: - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py' - 'pulp-symmetric-key,type=mount,target=/etc/pulp/certs/database_fields.symmetric.key' @@ -67,6 +69,8 @@ command: pulp-content ports: "{{ pulp_content_ports }}" volumes: "{{ pulp_volumes }}" + security_opt: + - "label=disable" secrets: - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py' - 'pulp-symmetric-key,type=mount,target=/etc/pulp/certs/database_fields.symmetric.key' @@ -88,6 +92,8 @@ state: quadlet command: pulp-worker volumes: "{{ pulp_volumes }}" + security_opt: + - "label=disable" secrets: - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py' - 'pulp-symmetric-key,type=mount,target=/etc/pulp/certs/database_fields.symmetric.key' From 9f99f698ac8eb783ec8831d3138c623169e7c522 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Nov 2024 15:37:13 +0100 Subject: [PATCH 04/18] manually create tmp and asset dirs for pulp --- roles/pulp/tasks/main.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index dcde530..b424824 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -20,6 +20,15 @@ mode: "0755" loop: "{{ pulp_volumes }}" +- name: Create Pulp storage subdirs + ansible.builtin.file: + path: "/var/lib/pulp/pulp_storage/{{ item }}" + state: directory + mode: "0755" + loop: + - tmp + - assets + - name: Create settings config secret containers.podman.podman_secret: state: present From 06378a762666ae494dc943edb0cf3de00f411809 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Nov 2024 15:37:31 +0100 Subject: [PATCH 05/18] get the encryption key from the vm --- roles/pulp/tasks/main.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index b424824..b3e69c6 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -40,11 +40,16 @@ args: creates: /var/lib/pulp/database_fields.symmetric.key +- name: Load database symmetric key + ansible.builtin.slurp: + src: /var/lib/pulp/database_fields.symmetric.key + register: pulp_key + - name: Create database symmetric key secret containers.podman.podman_secret: state: present name: pulp-symmetric-key - data: "{{ lookup('file', '/var/lib/pulp/database_fields.symmetric.key') }}" + data: "{{ pulp_key['content'] | b64decode }}" - name: Wait for PostgreSQL to be ready ansible.builtin.wait_for: From e9541cc03b8c2aad63b15983aadba1bace9cca57 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Nov 2024 15:38:22 +0100 Subject: [PATCH 06/18] use host networking so that the containers can reach psql on localhost --- roles/pulp/tasks/main.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index b3e69c6..ee94ef6 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -63,7 +63,7 @@ image: "{{ pulp_api_image }}" state: quadlet command: pulp-api - ports: "{{ pulp_api_ports }}" + network: host volumes: "{{ pulp_volumes }}" security_opt: - "label=disable" @@ -81,7 +81,7 @@ image: "{{ pulp_content_image }}" state: quadlet command: pulp-content - ports: "{{ pulp_content_ports }}" + network: host volumes: "{{ pulp_volumes }}" security_opt: - "label=disable" @@ -105,6 +105,7 @@ image: "{{ pulp_worker_image }}" state: quadlet command: pulp-worker + network: host volumes: "{{ pulp_volumes }}" security_opt: - "label=disable" From 94328d47a15a1687a38b8f0b8dd30caa3ffef905 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Nov 2024 15:39:03 +0100 Subject: [PATCH 07/18] manually migrate the database --- roles/pulp/tasks/main.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index ee94ef6..6d74a36 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -127,6 +127,11 @@ enabled: true state: started +- name: Migrate the Pylp database + containers.podman.podman_container_exec: + name: "{{ pulp_api_container_name }}" + command: pulpcore-manager migrate --noinput + - name: Start the Pulp Content services ansible.builtin.systemd: name: pulp-content From a36e0ac83021aa31344ee208bfbb0adba0deaa6f Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Nov 2024 15:39:16 +0100 Subject: [PATCH 08/18] use the right container name when reseting the password --- roles/pulp/tasks/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index 6d74a36..20c5f0b 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -153,5 +153,5 @@ # Only needed until we have cert auth configured - name: Set Pulp admin password containers.podman.podman_container_exec: - name: "{{ pulp_container_name }}" + name: "{{ pulp_api_container_name }}" command: pulpcore-manager reset-admin-password --password CHANGEME From c0a052c9fdae2b663e03d4e87152d7780fb4d7cb Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Nov 2024 17:04:46 +0100 Subject: [PATCH 09/18] wait for api later --- roles/pulp/tasks/main.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index 20c5f0b..c25ae3d 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -93,12 +93,6 @@ [Install] WantedBy=default.target -- name: Wait for Pulp API service to be accessible - ansible.builtin.wait_for: - host: "{{ ansible_hostname }}" - port: 24817 - timeout: 300 - - name: Deploy Pulp Worker Container containers.podman.podman_container: name: "{{ pulp_worker_container_name }}" @@ -132,6 +126,12 @@ name: "{{ pulp_api_container_name }}" command: pulpcore-manager migrate --noinput +- name: Wait for Pulp API service to be accessible + ansible.builtin.wait_for: + host: "{{ ansible_hostname }}" + port: 24817 + timeout: 300 + - name: Start the Pulp Content services ansible.builtin.systemd: name: pulp-content From ced9c95db7a9488ecc368311f9ca6a6e222cf62e Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Nov 2024 17:30:52 +0100 Subject: [PATCH 10/18] use right ports for pulp in http config --- roles/httpd/defaults/main.yml | 4 ++-- roles/pulp/defaults/main.yaml | 8 +++---- roles/pulp/tasks/main.yaml | 5 ++++- roles/pulp/templates/settings.py.j2 | 5 ++--- tests/pulp_test.py | 33 ++++++++--------------------- 5 files changed, 21 insertions(+), 34 deletions(-) diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml index d3dd774..9339947 100644 --- a/roles/httpd/defaults/main.yml +++ b/roles/httpd/defaults/main.yml @@ -1,4 +1,4 @@ httpd_ssl_dir: /etc/pki/httpd -httpd_pulp_api_backend: http://localhost:8080 -httpd_pulp_content_backend: http://localhost:8080 +httpd_pulp_api_backend: http://localhost:24817 +httpd_pulp_content_backend: http://localhost:24816 httpd_foreman_backend: http://localhost:3000 diff --git a/roles/pulp/defaults/main.yaml b/roles/pulp/defaults/main.yaml index 2ded723..a2dadd1 100644 --- a/roles/pulp/defaults/main.yaml +++ b/roles/pulp/defaults/main.yaml @@ -1,7 +1,8 @@ --- -pulp_api_image: quay.io/pulp/pulp-minimal:stable -pulp_content_image: quay.io/pulp/pulp-minimal:stable -pulp_worker_image: quay.io/pulp/pulp-minimal:stable +pulp_image: quay.io/pulp/pulp-minimal:stable +pulp_api_image: "{{ pulp_image }}" +pulp_content_image: "{{ pulp_image }}" +pulp_worker_image: "{{ pulp_image }}" pulp_api_ports: - "24817:80" @@ -11,7 +12,6 @@ pulp_worker_count: 2 pulp_volumes: - /var/lib/pulp/pulp_storage:/var/lib/pulp - - /var/lib/pulp/containers:/var/lib/containers pulp_api_container_name: pulp-api pulp_content_container_name: pulp-content diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index c25ae3d..97fbcaf 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -74,6 +74,7 @@ - | [Install] WantedBy=default.target + Wants=postgresql.service - name: Deploy Pulp Content Container containers.podman.podman_container: @@ -92,6 +93,7 @@ - | [Install] WantedBy=default.target + Wants=postgresql.service - name: Deploy Pulp Worker Container containers.podman.podman_container: @@ -110,6 +112,7 @@ - | [Install] WantedBy=default.target + Wants=postgresql.service - name: Run daemon reload to make Quadlet create the service files ansible.builtin.systemd: @@ -121,7 +124,7 @@ enabled: true state: started -- name: Migrate the Pylp database +- name: Migrate the Pulp database containers.podman.podman_container_exec: name: "{{ pulp_api_container_name }}" command: pulpcore-manager migrate --noinput diff --git a/roles/pulp/templates/settings.py.j2 b/roles/pulp/templates/settings.py.j2 index 97982fb..6b1f4b0 100644 --- a/roles/pulp/templates/settings.py.j2 +++ b/roles/pulp/templates/settings.py.j2 @@ -1,9 +1,8 @@ -CONTENT_ORIGIN="http://{{ ansible_hostname }}:8080" -API_CONTENT_ORIGIN="http://{{ ansible_hostname }}:24817" -CONTENT_SERVICE_ORIGIN="http://{{ ansible_hostname }}:24816" +CONTENT_ORIGIN="http://{{ ansible_hostname }}:24816" CACHE_ENABLED=True REDIS_HOST="localhost" REDIS_PORT=6379 +REDIS_DB=8 DATABASES = { 'default': { diff --git a/tests/pulp_test.py b/tests/pulp_test.py index 9fe7729..b7a5747 100644 --- a/tests/pulp_test.py +++ b/tests/pulp_test.py @@ -1,27 +1,18 @@ import json import pytest - PULP_HOST = 'localhost' -PULP_PORT = 8080 PULP_API_PORT = 24817 PULP_CONTENT_PORT = 24816 @pytest.fixture(scope="module") def pulp_status_curl(host): - return host.run(f"curl -k -s -w '%{{stderr}}%{{http_code}}' http://{PULP_HOST}:{PULP_PORT}/pulp/api/v3/status/") - + return host.run(f"curl -k -s -w '%{{stderr}}%{{http_code}}' http://{PULP_HOST}:{PULP_API_PORT}/pulp/api/v3/status/") @pytest.fixture(scope="module") def pulp_status(pulp_status_curl): return json.loads(pulp_status_curl.stdout) - -def test_pulp_service(host): - pulp = host.service("pulp") - assert pulp.is_running - assert pulp.is_enabled - def test_pulp_api_service(host): pulp_api = host.service("pulp-api") assert pulp_api.is_running @@ -32,15 +23,10 @@ def test_pulp_content_service(host): assert pulp_content.is_running assert pulp_content.is_enabled -def test_pulp_worker_services(host): - for i in range(1, 3): - pulp_worker = host.service(f"pulp-worker@{i}") - assert pulp_worker.is_running - assert pulp_worker.is_enabled - -def test_pulp_port(host): - pulp = host.addr(PULP_HOST) - assert pulp.port(PULP_PORT).is_reachable +def test_pulp_worker_service(host): + pulp_worker = host.service("pulp-worker") + assert pulp_worker.is_running + assert pulp_worker.is_enabled def test_pulp_api_port(host): pulp_api = host.addr(PULP_HOST) @@ -50,10 +36,6 @@ def test_pulp_content_port(host): pulp_content = host.addr(PULP_HOST) assert pulp_content.port(PULP_CONTENT_PORT).is_reachable -def test_pulp_status(pulp_status_curl): - assert pulp_status_curl.succeeded - assert pulp_status_curl.stderr == '200' - def test_pulp_status_database_connection(pulp_status): assert pulp_status['database_connection']['connected'] @@ -75,6 +57,9 @@ def test_pulp_status_workers(pulp_status): @pytest.mark.xfail(reason='password auth is deactivated when we use cert auth') def test_pulp_admin_auth(host): - cmd = host.run(f"curl --silent --write-out '%{{stderr}}%{{http_code}}' --user admin:CHANGEME http://{PULP_HOST}:{PULP_PORT}/pulp/api/v3/users/") + cmd = host.run(f"curl --silent --write-out '%{{stderr}}%{{http_code}}' --user admin:CHANGEME http://{PULP_HOST}:{PULP_API_PORT}/pulp/api/v3/users/") assert cmd.succeeded assert cmd.stderr == '200' + +def test_pulp_volumes(host): + assert host.file("/var/lib/pulp").is_directory From 992a6f8e87562dae9b14f28e8f83df8572e8a0cf Mon Sep 17 00:00:00 2001 From: akumari Date: Wed, 6 Nov 2024 04:33:26 +0530 Subject: [PATCH 11/18] added restart option --- roles/pulp/tasks/main.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index 97fbcaf..3a3c939 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -75,6 +75,9 @@ [Install] WantedBy=default.target Wants=postgresql.service + [Service] + Restart=always + RestartSec=3 - name: Deploy Pulp Content Container containers.podman.podman_container: @@ -94,6 +97,9 @@ [Install] WantedBy=default.target Wants=postgresql.service + [Service] + Restart=always + RestartSec=3 - name: Deploy Pulp Worker Container containers.podman.podman_container: @@ -113,6 +119,9 @@ [Install] WantedBy=default.target Wants=postgresql.service + [Service] + Restart=always + RestartSec=3 - name: Run daemon reload to make Quadlet create the service files ansible.builtin.systemd: From 675a2ee51f2c3e7d5ead5d1fbeb270590c015d10 Mon Sep 17 00:00:00 2001 From: akumari Date: Thu, 7 Nov 2024 02:43:12 +0530 Subject: [PATCH 12/18] fix volume mapping --- roles/pulp/defaults/main.yaml | 2 +- roles/pulp/tasks/main.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pulp/defaults/main.yaml b/roles/pulp/defaults/main.yaml index a2dadd1..ea75a3f 100644 --- a/roles/pulp/defaults/main.yaml +++ b/roles/pulp/defaults/main.yaml @@ -11,7 +11,7 @@ pulp_content_ports: pulp_worker_count: 2 pulp_volumes: - - /var/lib/pulp/pulp_storage:/var/lib/pulp + - /var/lib/pulp:/var/lib/pulp pulp_api_container_name: pulp-api pulp_content_container_name: pulp-content diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index 3a3c939..480c4f8 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -22,7 +22,7 @@ - name: Create Pulp storage subdirs ansible.builtin.file: - path: "/var/lib/pulp/pulp_storage/{{ item }}" + path: "/var/lib/pulp/{{ item }}" state: directory mode: "0755" loop: From 846263cdcbae5dc266c35c57816ee1d4c3749b7a Mon Sep 17 00:00:00 2001 From: akumari Date: Thu, 7 Nov 2024 02:48:49 +0530 Subject: [PATCH 13/18] add test to check pulp service health --- tests/pulp_test.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/pulp_test.py b/tests/pulp_test.py index b7a5747..c875671 100644 --- a/tests/pulp_test.py +++ b/tests/pulp_test.py @@ -36,6 +36,10 @@ def test_pulp_content_port(host): pulp_content = host.addr(PULP_HOST) assert pulp_content.port(PULP_CONTENT_PORT).is_reachable +def test_pulp_status(pulp_status_curl): + assert pulp_status_curl.succeeded + assert pulp_status_curl.stderr == '200' + def test_pulp_status_database_connection(pulp_status): assert pulp_status['database_connection']['connected'] From 84a5a67dfc3929c8339304591519b51b91c45520 Mon Sep 17 00:00:00 2001 From: akumari Date: Thu, 7 Nov 2024 03:53:40 +0530 Subject: [PATCH 14/18] add task to create pulp tem dir From f87525f45871040a73dcebe189093469cc9876ae Mon Sep 17 00:00:00 2001 From: akumari Date: Thu, 7 Nov 2024 19:40:57 +0530 Subject: [PATCH 15/18] update CONTENT_ORIGIN config --- playbooks/deploy.yaml | 1 + roles/pulp/templates/settings.py.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index 6653d35..1450e2e 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -28,6 +28,7 @@ httpd_server_certificate: "{{ certificates_ca_directory }}/certs/{{ certificates_server }}.crt" httpd_server_key: "{{ certificates_ca_directory }}/private/{{ certificates_server }}.key" pulp_db_password: "CHANGEME" + content_origin: "https://{{ ansible_fqdn }}" postgresql_databases: - name: candlepin owner: candlepin diff --git a/roles/pulp/templates/settings.py.j2 b/roles/pulp/templates/settings.py.j2 index 6b1f4b0..4e02f30 100644 --- a/roles/pulp/templates/settings.py.j2 +++ b/roles/pulp/templates/settings.py.j2 @@ -1,4 +1,4 @@ -CONTENT_ORIGIN="http://{{ ansible_hostname }}:24816" +CONTENT_ORIGIN="http://{{ ansible_fqdn }}:24816" CACHE_ENABLED=True REDIS_HOST="localhost" REDIS_PORT=6379 From 78ca43a624ac6627fc41086214128a983a9c9a9e Mon Sep 17 00:00:00 2001 From: akumari Date: Fri, 15 Nov 2024 14:51:57 +0530 Subject: [PATCH 16/18] update migrate task --- roles/pulp/tasks/main.yaml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/roles/pulp/tasks/main.yaml b/roles/pulp/tasks/main.yaml index 480c4f8..297e738 100644 --- a/roles/pulp/tasks/main.yaml +++ b/roles/pulp/tasks/main.yaml @@ -127,17 +127,22 @@ ansible.builtin.systemd: daemon_reload: true +- name: Migrate the Pulp database + containers.podman.podman_container: + name: pulpcore-manager-migrate + image: "{{ pulp_api_image }}" + command: pulpcore-manager migrate --noinput + network: host + secrets: + - 'pulp-settings-py,type=mount,target=/etc/pulp/settings.py' + - 'pulp-symmetric-key,type=mount,target=/etc/pulp/certs/database_fields.symmetric.key' + - name: Start the Pulp API services ansible.builtin.systemd: name: pulp-api enabled: true state: started -- name: Migrate the Pulp database - containers.podman.podman_container_exec: - name: "{{ pulp_api_container_name }}" - command: pulpcore-manager migrate --noinput - - name: Wait for Pulp API service to be accessible ansible.builtin.wait_for: host: "{{ ansible_hostname }}" From 3a92635274e58753de8f425c5d7ea1f4e90cdfcc Mon Sep 17 00:00:00 2001 From: akumari Date: Fri, 15 Nov 2024 16:26:07 +0530 Subject: [PATCH 17/18] remove unused pulp_api_ports and pulp_content_ports variables these variables are no longer used in the playbook due to the host network configuration, which eliminates the need for explicit port mappings. --- roles/pulp/defaults/main.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/pulp/defaults/main.yaml b/roles/pulp/defaults/main.yaml index ea75a3f..c30cabf 100644 --- a/roles/pulp/defaults/main.yaml +++ b/roles/pulp/defaults/main.yaml @@ -4,10 +4,6 @@ pulp_api_image: "{{ pulp_image }}" pulp_content_image: "{{ pulp_image }}" pulp_worker_image: "{{ pulp_image }}" -pulp_api_ports: - - "24817:80" -pulp_content_ports: - - "24816:80" pulp_worker_count: 2 pulp_volumes: From 3d1f220d8d54bdd6cac98310014c615780eb4dc0 Mon Sep 17 00:00:00 2001 From: akumari Date: Fri, 15 Nov 2024 16:28:09 +0530 Subject: [PATCH 18/18] update the PORT value to empty string --- roles/pulp/templates/settings.py.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pulp/templates/settings.py.j2 b/roles/pulp/templates/settings.py.j2 index 4e02f30..f7947b0 100644 --- a/roles/pulp/templates/settings.py.j2 +++ b/roles/pulp/templates/settings.py.j2 @@ -11,7 +11,7 @@ DATABASES = { 'USER': 'pulp', 'PASSWORD': '{{ pulp_db_password }}', 'HOST': 'localhost', - 'PORT': '5432', + 'PORT': '', } }