Merge pull request trustification#30 from gildub/quadlet

Enable and start systemd services for guac csub and graphql
desmax74 · Sep 17, 2024 · 0cecbe9 · 0cecbe9
2 parents 201c511 + 63a60d9
commit 0cecbe9
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 16 deletions.
diff --git a/roles/tpa_single_node/tasks/podman/guac_collectsub.yml b/roles/tpa_single_node/tasks/podman/guac_collectsub.yml
@@ -16,8 +16,19 @@
     dest: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Collectsub-Deployment.yaml"
     mode: "0600"
 
-- name: Play Guac csub deployment manifest
-  containers.podman.podman_play:
-    kube_file: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Collectsub-Deployment.yaml"
-    state: started
-    network: "{{ tpa_single_node_podman_network }}"
+- name: Copy Guac csub Quadlet file
+  ansible.builtin.copy:
+    src: "{{ role_path }}/templates/manifests/guac/collectsub/Deployment.kube"
+    dest: /etc/containers/systemd/guac-collectsub.kube
+    mode: "0600"
+
+- name: Reload systemd manager configuration
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+
+- name: Ensure guac-collectsub service is enabled and started
+  ansible.builtin.systemd_service:
+    name: guac-collectsub
+    state: restarted
+    no_block: true
+    enabled: true
diff --git a/roles/tpa_single_node/tasks/podman/guac_graphql.yml b/roles/tpa_single_node/tasks/podman/guac_graphql.yml
@@ -16,8 +16,19 @@
     dest: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Graphql-Deployment.yaml"
     mode: "0600"
 
-- name: Play Guac graphql deployment manifest
-  containers.podman.podman_play:
-    kube_file: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Graphql-Deployment.yaml"
-    state: started
-    network: "{{ tpa_single_node_podman_network }}"
+- name: Copy Guac graphql Quadlet file
+  ansible.builtin.copy:
+    src: "{{ role_path }}/templates/manifests/guac/graphql/Deployment.kube"
+    dest: /etc/containers/systemd/guac-graphql.kube
+    mode: "0600"
+
+- name: Reload systemd manager configuration
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+
+- name: Ensure guac-graphql service is enabled and started
+  ansible.builtin.systemd_service:
+    name: guac-graphql
+    state: restarted
+    no_block: true
+    enabled: true
diff --git a/roles/tpa_single_node/tasks/podman/install_manifest.yml b/roles/tpa_single_node/tasks/podman/install_manifest.yml
@@ -37,4 +37,5 @@
     enabled: true
     daemon_reload: true
     name: "{{ podman_spec.systemd_file }}"
+    no_block: true
   when: copy_manifest.changed or copy_systemd_file.changed
diff --git a/roles/tpa_single_node/tasks/podman/v11y_walker.yml b/roles/tpa_single_node/tasks/podman/v11y_walker.yml
@@ -27,7 +27,6 @@
     job: "{{ lookup('ansible.builtin.template', 'configs/v11y_cronjob.sh') }}"
     state: present
 
-
 - name: Copy v11-walker to tmp for the podman build
   ansible.builtin.copy:
     src: "/etc/cron.d/v11-walker"
@@ -44,7 +43,7 @@
       state: started
       systemd_file: v11y-walker
       network: "{{ tpa_single_node_podman_network }}"
-      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/walker/v11y-walker.yaml') | from_yaml }}"
+      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/walker/Deployment.yaml') | from_yaml }}"
 
 # Here we build a container only for the cronjob using trustification as a base image and adding cronie package
 

diff --git a/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.kube b/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.kube
@@ -0,0 +1,13 @@
+[Unit]
+Description=Run Guac Collectsub Pod 
+
+[Kube]
+Yaml=/etc/rhtpa/manifests/Guac-Collectsub-Deployment.yaml
+
+[Service]
+Restart=always
+RestartSec=10
+StartLimitInterval=0
+
+[Install]
+WantedBy=default.target
diff --git a/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml b/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml
@@ -26,7 +26,7 @@ spec:
         app.kubernetes.io/instance: redhat-trusted-profile-analyzer
     spec:
       volumes:
-        - name: tls
+        - name: tls-cert
           secret:
             secretName: guac-collectsub-tls
       containers:
@@ -35,15 +35,17 @@ spec:
           imagePullPolicy: IfNotPresent
           command:
             - /opt/guac/guaccsub
-          args: 
-           - "--csub-listen-port 2782"
+          # TODO - We get an error with following args so we could use a variable for configuration purposes
+          # The default port is 2782 so that's no blocker for now
+          # args: 
+          #  - --csub-listen-port 2782
           env:
             - name: GUAC_CSUB_TLS_CERT_FILE
               value: /etc/tls/tls.crt
             - name: GUAC_CSUB_TLS_KEY_FILE
               value: /etc/tls/tls.key
           volumeMounts:
-            - mountPath: /etc/tls/tls
+            - mountPath: /etc/tls
               name: tls-cert
               readOnly: true
           livenessProbe:

diff --git a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.kube b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.kube
@@ -0,0 +1,13 @@
+[Unit]
+Description=Run Guac Graphql Pod 
+
+[Kube]
+Yaml=/etc/rhtpa/manifests/Guac-Graphql-Deployment.yaml
+
+[Service]
+Restart=always
+RestartSec=10
+StartLimitInterval=0
+
+[Install]
+WantedBy=default.target
diff --git a/...es/manifests/v11y/walker/v11y-walker.yaml → ...tes/manifests/v11y/walker/Deployment.yaml b/...es/manifests/v11y/walker/v11y-walker.yaml → ...tes/manifests/v11y/walker/Deployment.yaml