Merge pull request trustification#33 from gildub/guac-graphql-run

Guac services using standard install_manifest; Guac graphql manifest close to run
desmax74 · Sep 20, 2024 · b14c45b · b14c45b
2 parents ed0bf02 + f37658f
commit b14c45b
Show file tree

Hide file tree

Showing 9 changed files with 83 additions and 131 deletions.
diff --git a/roles/tpa_single_node/handlers/main.yml b/roles/tpa_single_node/handlers/main.yml
@@ -1,7 +1 @@
 ---
-# handlers file for tpa_single_node
-# @postgres-remove
-- name: Restart postgres
-  ansible.builtin.service:
-    name: postgresql
-    state: restarted
diff --git a/roles/tpa_single_node/tasks/podman/guac_collectsub.yml b/roles/tpa_single_node/tasks/podman/guac_collectsub.yml
@@ -10,25 +10,11 @@
     kube_file: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Collectsub-Secret.yaml"
     state: started
 
-- name: Copy Guac csub deployment manifest
-  ansible.builtin.copy:
-    src: "{{ role_path }}/templates/manifests/guac/collectsub/Deployment.yaml"
-    dest: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Collectsub-Deployment.yaml"
-    mode: "0600"
-
-- name: Copy Guac csub Quadlet file
-  ansible.builtin.copy:
-    src: "{{ role_path }}/templates/manifests/guac/collectsub/Deployment.kube"
-    dest: /etc/containers/systemd/guac-collectsub.kube
-    mode: "0600"
-
-- name: Reload systemd manager configuration
-  ansible.builtin.systemd_service:
-    daemon_reload: true
-
-- name: Ensure guac-collectsub service is enabled and started
-  ansible.builtin.systemd_service:
-    name: guac-collectsub
-    state: restarted
-    no_block: true
-    enabled: true
+- name: Deploy guac-collectsub Pod
+  ansible.builtin.include_tasks: podman/install_manifest.yml
+  vars:
+    podman_spec:
+      state: started
+      systemd_file: guac-collectsub
+      network: "{{ tpa_single_node_podman_network }}"
+      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/guac/collectsub/Deployment.yaml') | from_yaml }}"
diff --git a/roles/tpa_single_node/tasks/podman/guac_graphql.yml b/roles/tpa_single_node/tasks/podman/guac_graphql.yml
@@ -10,25 +10,11 @@
     kube_file: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Graphql-Secret.yaml"
     state: started
 
-- name: Copy Guac graphql deployment manifest
-  ansible.builtin.copy:
-    src: "{{ role_path }}/templates/manifests/guac/graphql/Deployment.yaml"
-    dest: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Graphql-Deployment.yaml"
-    mode: "0600"
-
-- name: Copy Guac graphql Quadlet file
-  ansible.builtin.copy:
-    src: "{{ role_path }}/templates/manifests/guac/graphql/Deployment.kube"
-    dest: /etc/containers/systemd/guac-graphql.kube
-    mode: "0600"
-
-- name: Reload systemd manager configuration
-  ansible.builtin.systemd_service:
-    daemon_reload: true
-
-- name: Ensure guac-graphql service is enabled and started
-  ansible.builtin.systemd_service:
-    name: guac-graphql
-    state: restarted
-    no_block: true
-    enabled: true
+- name: Deploy guac-graphql Pod
+  ansible.builtin.include_tasks: podman/install_manifest.yml
+  vars:
+    podman_spec:
+      state: started
+      systemd_file: guac-graphql
+      network: "{{ tpa_single_node_podman_network }}"
+      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/guac/graphql/Deployment.yaml') | from_yaml }}"
diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml
@@ -20,11 +20,26 @@
     content: "{{ lookup('ansible.builtin.template', 'configs/init-db.sql') }}"
     dest: "/tmp/init-db.sql"
     remote_src: true
-    mode: "0600"
+    mode: "0666"
 
 - name: Run init-db.sql
-  ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pguser }}:{{ tpa_single_node_pgpassword }}@{{ tpa_single_node_pghost }}/\n
-  {{ tpa_single_node_pgdatabase }} -v ON_ERROR_STOP=1 \n
-  -v db_name={{ tpa_single_node_pgdatabase }} -v db_user={{ tpa_single_node_pguser }} \n
-  -v db_password={{ tpa_single_node_pgpassword }} -f /tmp/init-db.sql"
+  ansible.builtin.command:
+    cmd: >
+      psql -v ON_ERROR_STOP=1
+      -v db_name={{ tpa_single_node_pg_db }}
+      -v db_user={{ tpa_single_node_pg_user }}
+      -v db_password={{ tpa_single_node_pg_user_passwd }}
+      -f /tmp/init-db.sql
+  changed_when: false
+  become: true
+  become_user: postgres
+
+- name: Create psql test command
+  ansible.builtin.template:
+    src: "templates/scripts/psql_test.sh.j2"
+    dest: "/tmp/psql_test.sh"
+    mode: "0755"
+
+- name: Testing DB guac to make sure it is available
+  ansible.builtin.command: "/tmp/psql_test.sh"
   changed_when: false
diff --git a/roles/tpa_single_node/tasks/podman/postgresql.yml b/roles/tpa_single_node/tasks/podman/postgresql.yml
@@ -37,40 +37,48 @@
 - name: "Create app database"
   postgresql_db:
     state: present
-    name: "{{ tpa_single_node_pgdatabase }}"
+    name: "{{ tpa_single_node_pg_db }}"
   become: yes
   become_user: postgres
-
+  
 - name: "Create db user"
   postgresql_user:
     state: present
-    name: "{{ tpa_single_node_pguser }}"
-    password: "{{ tpa_single_node_pgpassword }}"
+    name: "{{ tpa_single_node_pg_user }}"
+    password: "{{ tpa_single_node_pg_user_passwd }}"
   become: yes
   become_user: postgres
 
 - name: "Grant db user access to app db"
   postgresql_privs:
     type: database
-    database: "{{ tpa_single_node_pgdatabase }}"
-    roles: "{{ tpa_single_node_pguser }}"
+    database: "{{ tpa_single_node_pg_db }}"
+    roles: "{{ tpa_single_node_pg_user }}"
     grant_option: no
     privs: all
   become: yes
   become_user: postgres
 
+- name: "Ensure the IP is set to all"
+  lineinfile:
+    path: /var/lib/pgsql/data/postgresql.conf
+    regexp: '^#?listen_addresses ='
+    line: "listen_addresses = '*'"
+    state: present
+
 - name: "Allow md5 connection for the db user"
   postgresql_pg_hba:
-    dest: "~/data/pg_hba.conf"
+    dest: "/var/lib/pgsql/data/pg_hba.conf"
     contype: host
     databases: all
+    source: 0.0.0.0/0
     method: md5
-    users: "{{ tpa_single_node_pguser }}"
+    users: all
     create: true
   become: yes
   become_user: postgres
-  notify: restart postgres
-
-- name: Testing DB to make sure it is available
-  command: psql postgresql://{{ tpa_single_node_pguser }}:{{ tpa_single_node_pgpassword }}@{{ tpa_single_node_pghost }}/{{ tpa_single_node_pgdatabase }} -c 'SELECT 1'
-
+
+- name: Restart postgres
+  ansible.builtin.service:
+    name: postgresql
+    state: restarted
diff --git a/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml b/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: guac-collectsub
+  namespace: trustification
   labels:
     app.kubernetes.io/name: guac-collectsub
     app.kubernetes.io/component: guac

diff --git a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: guac-graphql
+  namespace: trustification
   labels:
     app.kubernetes.io/name: guac-graphql
     app.kubernetes.io/component: guac
@@ -25,73 +26,31 @@ spec:
     spec:
       initContainers:
         - name: migrate
-          image: registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:a0cd9379eeaa15e95230fe330649b74928c776fbd35438b76fa17f3f4bbea954
+          image: {{ tpa_single_node_guac_image }}
           imagePullPolicy: IfNotPresent
           command:
-            - /bin/sh
+            - /opt/guac/guacmigrate
           args:
-            - -ec
-            - 'TC_PGOPTIONS="?"
-
-                  TC_PGOPTIONS="${TC_PGOPTIONS}sslmode=${TC_PGSSLMODE}&"
-
-                  exec /opt/guac/guacmigrate "--db-address" "postgres://${TC_PGUSER}:${TC_PGPASSWORD}@${TC_PGHOST}:${TC_PGPORT}/${TC_PGDATABASE}${TC_PGOPTIONS}"
-                  "--db-driver" "postgres" "--db-debug" "true"
-
-                  '
-          env:
-            - name: TC_PGHOST
-              value: keycloak-postgresql
-# TODO : WIP              
-#             valueFrom:
-#               secretKeyRef:
-#                 key: POSTGRES_HOST
-#                 name: keycloak-db-secret
-            - name: TC_PGPORT
-              value: '5432'
-            - name: TC_PGDATABASE
-              value: guac
-            - name: TC_PGUSER
-              value: postgres
-            - name: TC_PGPASSWORD
-              value: postgres
-            - name: TC_PGSSLMODE
-              value: disable
+            - --db-address=postgres://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }}
+            - --db-driver=postgres
+            - --db-debug=true
+          workingDir: /opt/guac
           volumeMounts: null
       containers:
         - name: service
-          image: registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:1472d5acb56cb72d49cd0d25186e6a02af53cd14c84c1a22357d115958921e52
+          image: {{ tpa_single_node_guac_image }}
           imagePullPolicy: IfNotPresent
           command:
-            - /bin/sh
+            - /opt/guac/guacgql 
           args:
-            - -ec
-            - 'TC_PGOPTIONS="?"
-
-                  TC_PGOPTIONS="${TC_PGOPTIONS}sslmode=${TC_PGSSLMODE}&"
-
-                  exec /opt/guac/guacgql "--gql-backend" "ent" "--db-address" "postgres://${TC_PGUSER}:${TC_PGPASSWORD}@${TC_PGHOST}:${TC_PGPORT}/${TC_PGDATABASE}${TC_PGOPTIONS}"
-                  "--db-driver" "postgres" "--db-migrate=false"
-
-                  '
-          workingDir: /guac
+            - --gql-listen-port=8080
+            - --gql-backend=ent
+            - --db-address=postgres://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }}
+            - --db-driver=postgres
+            - --db-debug=true
+            - --gql-debug=true
+          workingDir: /opt/guac
           env:
-            - name: TC_PGHOST
-              value: keycloak-postgresql
-            - name: TC_PGPORT
-              value: '5432'
-            - name: TC_PGDATABASE
-              value: guac
-            - name: TC_PGUSER
-              value: guac
-            - name: TC_PGPASSWORD
-              value: guac1234
-            - name: TC_PGSSLMODE
-              value: disable
-            - name: GUAC_GQL_TLS_CERT_FILE
-              value: /etc/tls/tls.crt
-            - name: GUAC_GQL_TLS_KEY_FILE
-              value: /etc/tls/tls.key
             - name: GUAC_PROMETHEUS_ADDR
               value: '9010'
           volumeMounts:

diff --git a/roles/tpa_single_node/templates/scripts/psql_test.sh.j2 b/roles/tpa_single_node/templates/scripts/psql_test.sh.j2
@@ -0,0 +1,2 @@
+#!/bin/env sh
+psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1'
diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml
@@ -10,12 +10,13 @@ tpa_single_node_skip_os_install: true
 tpa_single_node_systemd_directory: /etc/systemd/system
 
 # DB_SERVICE
-tpa_single_node_pghost: localhost
-tpa_single_node_pgport: 5432
-tpa_single_node_pgdatabase: guac
-tpa_single_node_pguser: guac
-tpa_single_node_pgpassword: guac1234
-tpa_single_node_pgsslmode: disable
+# TODO - Workaround for PostgreSQL PG_HBA issue
+tpa_single_node_pg_host: 192.168.121.60
+tpa_single_node_pg_port: 5432
+tpa_single_node_pg_db: guac
+tpa_single_node_pg_user: guac
+tpa_single_node_pg_user_passwd: guac1234
+tpa_single_node_pg_ssl_mode: disable
 
 # S3_SERVICE
 tpa_single_node_s3_url:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/bin/env sh
		psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1'