diff --git a/roles/tpa_single_node/tasks/podman/guac_collectsub.yml b/roles/tpa_single_node/tasks/podman/guac_collectsub.yml index 6e65007e..b2000c70 100644 --- a/roles/tpa_single_node/tasks/podman/guac_collectsub.yml +++ b/roles/tpa_single_node/tasks/podman/guac_collectsub.yml @@ -16,8 +16,19 @@ dest: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Collectsub-Deployment.yaml" mode: "0600" -- name: Play Guac csub deployment manifest - containers.podman.podman_play: - kube_file: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Collectsub-Deployment.yaml" - state: started - network: "{{ tpa_single_node_podman_network }}" +- name: Copy Guac csub Quadlet file + ansible.builtin.copy: + src: "{{ role_path }}/templates/manifests/guac/collectsub/Deployment.kube" + dest: /etc/containers/systemd/guac-collectsub.kube + mode: "0600" + +- name: Reload systemd manager configuration + ansible.builtin.systemd_service: + daemon_reload: true + +- name: Ensure guac-collectsub service is enabled and started + ansible.builtin.systemd_service: + name: guac-collectsub + state: restarted + no_block: true + enabled: true diff --git a/roles/tpa_single_node/tasks/podman/guac_graphql.yml b/roles/tpa_single_node/tasks/podman/guac_graphql.yml index 8e5a0967..1558b6ce 100644 --- a/roles/tpa_single_node/tasks/podman/guac_graphql.yml +++ b/roles/tpa_single_node/tasks/podman/guac_graphql.yml @@ -16,8 +16,19 @@ dest: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Graphql-Deployment.yaml" mode: "0600" -- name: Play Guac graphql deployment manifest - containers.podman.podman_play: - kube_file: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Graphql-Deployment.yaml" - state: started - network: "{{ tpa_single_node_podman_network }}" +- name: Copy Guac graphql Quadlet file + ansible.builtin.copy: + src: "{{ role_path }}/templates/manifests/guac/graphql/Deployment.kube" + dest: /etc/containers/systemd/guac-graphql.kube + mode: "0600" + +- name: Reload systemd manager configuration + ansible.builtin.systemd_service: + daemon_reload: true + +- name: Ensure guac-graphql service is enabled and started + ansible.builtin.systemd_service: + name: guac-graphql + state: restarted + no_block: true + enabled: true diff --git a/roles/tpa_single_node/tasks/podman/install_manifest.yml b/roles/tpa_single_node/tasks/podman/install_manifest.yml index 260c58a9..2e07a1d4 100644 --- a/roles/tpa_single_node/tasks/podman/install_manifest.yml +++ b/roles/tpa_single_node/tasks/podman/install_manifest.yml @@ -37,4 +37,5 @@ enabled: true daemon_reload: true name: "{{ podman_spec.systemd_file }}" + no_block: true when: copy_manifest.changed or copy_systemd_file.changed diff --git a/roles/tpa_single_node/tasks/podman/v11y_walker.yml b/roles/tpa_single_node/tasks/podman/v11y_walker.yml index d3382003..5922177d 100644 --- a/roles/tpa_single_node/tasks/podman/v11y_walker.yml +++ b/roles/tpa_single_node/tasks/podman/v11y_walker.yml @@ -27,7 +27,6 @@ job: "{{ lookup('ansible.builtin.template', 'configs/v11y_cronjob.sh') }}" state: present - - name: Copy v11-walker to tmp for the podman build ansible.builtin.copy: src: "/etc/cron.d/v11-walker" @@ -44,7 +43,7 @@ state: started systemd_file: v11y-walker network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/walker/v11y-walker.yaml') | from_yaml }}" + kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/walker/Deployment.yaml') | from_yaml }}" # Here we build a container only for the cronjob using trustification as a base image and adding cronie package diff --git a/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.kube b/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.kube new file mode 100644 index 00000000..6ad0d338 --- /dev/null +++ b/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.kube @@ -0,0 +1,13 @@ +[Unit] +Description=Run Guac Collectsub Pod + +[Kube] +Yaml=/etc/rhtpa/manifests/Guac-Collectsub-Deployment.yaml + +[Service] +Restart=always +RestartSec=10 +StartLimitInterval=0 + +[Install] +WantedBy=default.target diff --git a/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml b/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml index 3be597b2..415c8174 100644 --- a/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml +++ b/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/instance: redhat-trusted-profile-analyzer spec: volumes: - - name: tls + - name: tls-cert secret: secretName: guac-collectsub-tls containers: @@ -35,15 +35,17 @@ spec: imagePullPolicy: IfNotPresent command: - /opt/guac/guaccsub - args: - - "--csub-listen-port 2782" + # TODO - We get an error with following args so we could use a variable for configuration purposes + # The default port is 2782 so that's no blocker for now + # args: + # - --csub-listen-port 2782 env: - name: GUAC_CSUB_TLS_CERT_FILE value: /etc/tls/tls.crt - name: GUAC_CSUB_TLS_KEY_FILE value: /etc/tls/tls.key volumeMounts: - - mountPath: /etc/tls/tls + - mountPath: /etc/tls name: tls-cert readOnly: true livenessProbe: diff --git a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.kube b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.kube new file mode 100644 index 00000000..588be44a --- /dev/null +++ b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.kube @@ -0,0 +1,13 @@ +[Unit] +Description=Run Guac Graphql Pod + +[Kube] +Yaml=/etc/rhtpa/manifests/Guac-Graphql-Deployment.yaml + +[Service] +Restart=always +RestartSec=10 +StartLimitInterval=0 + +[Install] +WantedBy=default.target diff --git a/roles/tpa_single_node/templates/manifests/v11y/walker/v11y-walker.yaml b/roles/tpa_single_node/templates/manifests/v11y/walker/Deployment.yaml similarity index 100% rename from roles/tpa_single_node/templates/manifests/v11y/walker/v11y-walker.yaml rename to roles/tpa_single_node/templates/manifests/v11y/walker/Deployment.yaml