From 57b24240149e00440e3435027b8e2841ebfd7759 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Tue, 17 Sep 2024 15:14:00 +0200 Subject: [PATCH 01/14] Guac step using std install_manifest --- .../tasks/podman/guac_collectsub.yml | 30 ++------ .../tasks/podman/guac_graphql.yml | 30 ++------ .../tasks/podman/init_guac.yml | 8 +- .../tasks/podman/postgresql.yml | 22 ++++-- .../manifests/guac/collectsub/Deployment.yaml | 1 + .../manifests/guac/graphql/Deployment.yaml | 73 ++++--------------- roles/tpa_single_node/vars/main.yml | 15 ++-- 7 files changed, 61 insertions(+), 118 deletions(-) diff --git a/roles/tpa_single_node/tasks/podman/guac_collectsub.yml b/roles/tpa_single_node/tasks/podman/guac_collectsub.yml index b2000c7..9b031f3 100644 --- a/roles/tpa_single_node/tasks/podman/guac_collectsub.yml +++ b/roles/tpa_single_node/tasks/podman/guac_collectsub.yml @@ -10,25 +10,11 @@ kube_file: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Collectsub-Secret.yaml" state: started -- name: Copy Guac csub deployment manifest - ansible.builtin.copy: - src: "{{ role_path }}/templates/manifests/guac/collectsub/Deployment.yaml" - dest: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Collectsub-Deployment.yaml" - mode: "0600" - -- name: Copy Guac csub Quadlet file - ansible.builtin.copy: - src: "{{ role_path }}/templates/manifests/guac/collectsub/Deployment.kube" - dest: /etc/containers/systemd/guac-collectsub.kube - mode: "0600" - -- name: Reload systemd manager configuration - ansible.builtin.systemd_service: - daemon_reload: true - -- name: Ensure guac-collectsub service is enabled and started - ansible.builtin.systemd_service: - name: guac-collectsub - state: restarted - no_block: true - enabled: true +- name: Deploy guac-collectsub Pod + ansible.builtin.include_tasks: podman/install_manifest.yml + vars: + podman_spec: + state: started + systemd_file: guac-collectsub + network: "{{ tpa_single_node_podman_network }}" + kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/guac/collectsub/Deployment.yaml') | from_yaml }}" diff --git a/roles/tpa_single_node/tasks/podman/guac_graphql.yml b/roles/tpa_single_node/tasks/podman/guac_graphql.yml index 1558b6c..e63422e 100644 --- a/roles/tpa_single_node/tasks/podman/guac_graphql.yml +++ b/roles/tpa_single_node/tasks/podman/guac_graphql.yml @@ -10,25 +10,11 @@ kube_file: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Graphql-Secret.yaml" state: started -- name: Copy Guac graphql deployment manifest - ansible.builtin.copy: - src: "{{ role_path }}/templates/manifests/guac/graphql/Deployment.yaml" - dest: "{{ tpa_single_node_kube_manifest_dir }}/Guac-Graphql-Deployment.yaml" - mode: "0600" - -- name: Copy Guac graphql Quadlet file - ansible.builtin.copy: - src: "{{ role_path }}/templates/manifests/guac/graphql/Deployment.kube" - dest: /etc/containers/systemd/guac-graphql.kube - mode: "0600" - -- name: Reload systemd manager configuration - ansible.builtin.systemd_service: - daemon_reload: true - -- name: Ensure guac-graphql service is enabled and started - ansible.builtin.systemd_service: - name: guac-graphql - state: restarted - no_block: true - enabled: true +- name: Deploy guac-graphql Pod + ansible.builtin.include_tasks: podman/install_manifest.yml + vars: + podman_spec: + state: started + systemd_file: guac-graphql + network: "{{ tpa_single_node_podman_network }}" + kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/guac/graphql/Deployment.yaml') | from_yaml }}" diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index 94cbde7..96041f1 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -23,8 +23,8 @@ mode: "0600" - name: Run init-db.sql - ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pguser }}:{{ tpa_single_node_pgpassword }}@{{ tpa_single_node_pghost }}/\n - {{ tpa_single_node_pgdatabase }} -v ON_ERROR_STOP=1 \n - -v db_name={{ tpa_single_node_pgdatabase }} -v db_user={{ tpa_single_node_pguser }} \n - -v db_password={{ tpa_single_node_pgpassword }} -f /tmp/init-db.sql" + ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}/\n + {{ tpa_single_node_pg_db }} -v ON_ERROR_STOP=1 \n + -v db_name={{ tpa_single_node_pg_db }} -v db_user={{ tpa_single_node_pg_user }} \n + -v db_password={{ tpa_single_node_pg_user_passwd }} -f /tmp/init-db.sql" changed_when: false diff --git a/roles/tpa_single_node/tasks/podman/postgresql.yml b/roles/tpa_single_node/tasks/podman/postgresql.yml index dc760e8..18d615f 100644 --- a/roles/tpa_single_node/tasks/podman/postgresql.yml +++ b/roles/tpa_single_node/tasks/podman/postgresql.yml @@ -37,23 +37,31 @@ - name: "Create app database" postgresql_db: state: present - name: "{{ tpa_single_node_pgdatabase }}" + name: "{{ tpa_single_node_pg_db }}" become: yes become_user: postgres +- name: "Set db admin user" + postgresql_user: + state: present + name: "{{ tpa_single_node_pg_admin_user }}" + password: "{{ tpa_single_node_pg_admin_passwd }}" + become: yes + become_user: postgres + - name: "Create db user" postgresql_user: state: present - name: "{{ tpa_single_node_pguser }}" - password: "{{ tpa_single_node_pgpassword }}" + name: "{{ tpa_single_node_pg_user }}" + password: "{{ tpa_single_node_pg_user_passwd }}" become: yes become_user: postgres - name: "Grant db user access to app db" postgresql_privs: type: database - database: "{{ tpa_single_node_pgdatabase }}" - roles: "{{ tpa_single_node_pguser }}" + database: "{{ tpa_single_node_pg_db }}" + roles: "{{ tpa_single_node_pg_user }}" grant_option: no privs: all become: yes @@ -65,12 +73,12 @@ contype: host databases: all method: md5 - users: "{{ tpa_single_node_pguser }}" + users: all create: true become: yes become_user: postgres notify: restart postgres - name: Testing DB to make sure it is available - command: psql postgresql://{{ tpa_single_node_pguser }}:{{ tpa_single_node_pgpassword }}@{{ tpa_single_node_pghost }}/{{ tpa_single_node_pgdatabase }} -c 'SELECT 1' + command: psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1' diff --git a/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml b/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml index 415c817..9481766 100644 --- a/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml +++ b/roles/tpa_single_node/templates/manifests/guac/collectsub/Deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: guac-collectsub + namespace: trustification labels: app.kubernetes.io/name: guac-collectsub app.kubernetes.io/component: guac diff --git a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml index 0795c21..1ab1eb2 100644 --- a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml +++ b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: guac-graphql + namespace: trustification labels: app.kubernetes.io/name: guac-graphql app.kubernetes.io/component: guac @@ -25,73 +26,31 @@ spec: spec: initContainers: - name: migrate - image: registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:a0cd9379eeaa15e95230fe330649b74928c776fbd35438b76fa17f3f4bbea954 + image: {{ tpa_single_node_guac_image }} imagePullPolicy: IfNotPresent command: - - /bin/sh + - /opt/guac/guacmigrate args: - - -ec - - 'TC_PGOPTIONS="?" - - TC_PGOPTIONS="${TC_PGOPTIONS}sslmode=${TC_PGSSLMODE}&" - - exec /opt/guac/guacmigrate "--db-address" "postgres://${TC_PGUSER}:${TC_PGPASSWORD}@${TC_PGHOST}:${TC_PGPORT}/${TC_PGDATABASE}${TC_PGOPTIONS}" - "--db-driver" "postgres" "--db-debug" "true" - - ' - env: - - name: TC_PGHOST - value: keycloak-postgresql -# TODO : WIP -# valueFrom: -# secretKeyRef: -# key: POSTGRES_HOST -# name: keycloak-db-secret - - name: TC_PGPORT - value: '5432' - - name: TC_PGDATABASE - value: guac - - name: TC_PGUSER - value: postgres - - name: TC_PGPASSWORD - value: postgres - - name: TC_PGSSLMODE - value: disable + - --db-address=postgres://{{ tpa_single_node_pg_admin_user }}:{{ tpa_single_node_pg_admin_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_admin_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} + - --db-driver=postgres + - --db-debug=true + workingDir: /opt/guac volumeMounts: null containers: - name: service - image: registry.redhat.io/rhtpa/rhtpa-guac-rhel9@sha256:1472d5acb56cb72d49cd0d25186e6a02af53cd14c84c1a22357d115958921e52 + image: {{ tpa_single_node_guac_image }} imagePullPolicy: IfNotPresent command: - - /bin/sh + - /opt/guac/guacgql args: - - -ec - - 'TC_PGOPTIONS="?" - - TC_PGOPTIONS="${TC_PGOPTIONS}sslmode=${TC_PGSSLMODE}&" - - exec /opt/guac/guacgql "--gql-backend" "ent" "--db-address" "postgres://${TC_PGUSER}:${TC_PGPASSWORD}@${TC_PGHOST}:${TC_PGPORT}/${TC_PGDATABASE}${TC_PGOPTIONS}" - "--db-driver" "postgres" "--db-migrate=false" - - ' - workingDir: /guac + - --gql-listen-port=8080 + - --gql-backend=ent + - --db-address=postgres://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} + - --db-driver=postgres + - --db-debug=true + - --gql-debug=true + workingDir: /opt/guac env: - - name: TC_PGHOST - value: keycloak-postgresql - - name: TC_PGPORT - value: '5432' - - name: TC_PGDATABASE - value: guac - - name: TC_PGUSER - value: guac - - name: TC_PGPASSWORD - value: guac1234 - - name: TC_PGSSLMODE - value: disable - - name: GUAC_GQL_TLS_CERT_FILE - value: /etc/tls/tls.crt - - name: GUAC_GQL_TLS_KEY_FILE - value: /etc/tls/tls.key - name: GUAC_PROMETHEUS_ADDR value: '9010' volumeMounts: diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml index 09cea91..4a1d0a1 100644 --- a/roles/tpa_single_node/vars/main.yml +++ b/roles/tpa_single_node/vars/main.yml @@ -10,12 +10,15 @@ tpa_single_node_skip_os_install: true tpa_single_node_systemd_directory: /etc/systemd/system # DB_SERVICE -tpa_single_node_pghost: localhost -tpa_single_node_pgport: 5432 -tpa_single_node_pgdatabase: guac -tpa_single_node_pguser: guac -tpa_single_node_pgpassword: guac1234 -tpa_single_node_pgsslmode: disable +tpa_single_node_pg_host: localhost +tpa_single_node_pg_port: 5432 +tpa_single_node_pg_admin_db: postgres +tpa_single_node_pg_admin_user: admin +tpa_single_node_pg_admin_passwd: admin1234 +tpa_single_node_pg_db: guac +tpa_single_node_pg_user: guac +tpa_single_node_pg_user_passwd: guac1234 +tpa_single_node_pg_ssl_mode: disable # S3_SERVICE tpa_single_node_s3_url: From 42bcbf7fcf9b4666a08cf96bc0d1864079f93172 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Thu, 19 Sep 2024 14:41:38 +0200 Subject: [PATCH 02/14] Latest with PG handler fix --- .../tpa_single_node/tasks/podman/init_guac.yml | 9 +++++---- .../tasks/podman/postgresql.yml | 18 +++--------------- .../manifests/guac/graphql/Deployment.yaml | 4 +++- roles/tpa_single_node/vars/main.yml | 5 +---- 4 files changed, 12 insertions(+), 24 deletions(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index 96041f1..314996b 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -23,8 +23,9 @@ mode: "0600" - name: Run init-db.sql - ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}/\n - {{ tpa_single_node_pg_db }} -v ON_ERROR_STOP=1 \n - -v db_name={{ tpa_single_node_pg_db }} -v db_user={{ tpa_single_node_pg_user }} \n - -v db_password={{ tpa_single_node_pg_user_passwd }} -f /tmp/init-db.sql" + ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}/{{ tpa_single_node_pg_db }} -v ON_ERROR_STOP=1 -v db_name={{ tpa_single_node_pg_db }} -v db_user={{ tpa_single_node_pg_user }} -v db_password={{ tpa_single_node_pg_user_passwd }} -f /tmp/init-db.sql" changed_when: false + +- name: Testing DB to make sure it is available + command: psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1' + diff --git a/roles/tpa_single_node/tasks/podman/postgresql.yml b/roles/tpa_single_node/tasks/podman/postgresql.yml index 18d615f..43b505e 100644 --- a/roles/tpa_single_node/tasks/podman/postgresql.yml +++ b/roles/tpa_single_node/tasks/podman/postgresql.yml @@ -40,14 +40,6 @@ name: "{{ tpa_single_node_pg_db }}" become: yes become_user: postgres - -- name: "Set db admin user" - postgresql_user: - state: present - name: "{{ tpa_single_node_pg_admin_user }}" - password: "{{ tpa_single_node_pg_admin_passwd }}" - become: yes - become_user: postgres - name: "Create db user" postgresql_user: @@ -69,16 +61,12 @@ - name: "Allow md5 connection for the db user" postgresql_pg_hba: - dest: "~/data/pg_hba.conf" + dest: "/var/lib/pgsql/data/pg_hba.conf" contype: host databases: all method: md5 - users: all + users: "{{ tpa_single_node_pg_user }}" create: true become: yes become_user: postgres - notify: restart postgres - -- name: Testing DB to make sure it is available - command: psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1' - + notify: Restart postgres diff --git a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml index 1ab1eb2..d2a8a10 100644 --- a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml +++ b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml @@ -31,7 +31,7 @@ spec: command: - /opt/guac/guacmigrate args: - - --db-address=postgres://{{ tpa_single_node_pg_admin_user }}:{{ tpa_single_node_pg_admin_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_admin_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} + - --db-address=postgres://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} - --db-driver=postgres - --db-debug=true workingDir: /opt/guac @@ -40,6 +40,8 @@ spec: - name: service image: {{ tpa_single_node_guac_image }} imagePullPolicy: IfNotPresent + tty: true + stdin: true command: - /opt/guac/guacgql args: diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml index 4a1d0a1..ca69660 100644 --- a/roles/tpa_single_node/vars/main.yml +++ b/roles/tpa_single_node/vars/main.yml @@ -10,11 +10,8 @@ tpa_single_node_skip_os_install: true tpa_single_node_systemd_directory: /etc/systemd/system # DB_SERVICE -tpa_single_node_pg_host: localhost +tpa_single_node_pg_host: 127.0.0.1 tpa_single_node_pg_port: 5432 -tpa_single_node_pg_admin_db: postgres -tpa_single_node_pg_admin_user: admin -tpa_single_node_pg_admin_passwd: admin1234 tpa_single_node_pg_db: guac tpa_single_node_pg_user: guac tpa_single_node_pg_user_passwd: guac1234 From 1e7346e4f8a7a7b406031e140fa40476f7790c37 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Thu, 19 Sep 2024 18:01:29 +0200 Subject: [PATCH 03/14] Fix pg permissions and run guac-graphql --- .../tasks/podman/postgresql.yml | 24 +++++++++++++++++-- .../manifests/guac/graphql/Deployment.yaml | 3 +-- roles/tpa_single_node/vars/main.yml | 3 ++- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/roles/tpa_single_node/tasks/podman/postgresql.yml b/roles/tpa_single_node/tasks/podman/postgresql.yml index 43b505e..fe23c0a 100644 --- a/roles/tpa_single_node/tasks/podman/postgresql.yml +++ b/roles/tpa_single_node/tasks/podman/postgresql.yml @@ -59,14 +59,34 @@ become: yes become_user: postgres +# - name: "Allow md5 connection for the db user" +# postgresql_pg_hba: +# dest: "/var/lib/pgsql/data/pg_hba.conf" +# contype: host +# databases: all +# method: md5 +# users: "{{ tpa_single_node_pg_user }}" +# create: true +# become: yes +# become_user: postgres +# notify: Restart postgres + +- name: "Ensure the IP is set to all" + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^#?listen_addresses =' + line: "listen_addresses = '*'" + state: present + - name: "Allow md5 connection for the db user" postgresql_pg_hba: dest: "/var/lib/pgsql/data/pg_hba.conf" contype: host databases: all + source: 0.0.0.0/0 method: md5 - users: "{{ tpa_single_node_pg_user }}" + users: all create: true become: yes become_user: postgres - notify: Restart postgres + notify: Restart postgres \ No newline at end of file diff --git a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml index d2a8a10..9e75abd 100644 --- a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml +++ b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml @@ -40,8 +40,7 @@ spec: - name: service image: {{ tpa_single_node_guac_image }} imagePullPolicy: IfNotPresent - tty: true - stdin: true + command: - /opt/guac/guacgql args: diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml index ca69660..d9030ee 100644 --- a/roles/tpa_single_node/vars/main.yml +++ b/roles/tpa_single_node/vars/main.yml @@ -10,7 +10,8 @@ tpa_single_node_skip_os_install: true tpa_single_node_systemd_directory: /etc/systemd/system # DB_SERVICE -tpa_single_node_pg_host: 127.0.0.1 +# TODO - Workaround for PostgreSQL PG_HBA issue +tpa_single_node_pg_host: 192.168.121.60 tpa_single_node_pg_port: 5432 tpa_single_node_pg_db: guac tpa_single_node_pg_user: guac From 47c85ed9616cb7c441eece26ceb6ca01fbc2dbeb Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Thu, 19 Sep 2024 19:59:17 +0200 Subject: [PATCH 04/14] Make init db work with new PG permissions --- roles/tpa_single_node/tasks/podman/init_guac.yml | 6 ++++-- roles/tpa_single_node/tasks/podman/postgresql.yml | 13 +------------ .../manifests/guac/graphql/Deployment.yaml | 1 - 3 files changed, 5 insertions(+), 15 deletions(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index 314996b..f1d350b 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -20,11 +20,13 @@ content: "{{ lookup('ansible.builtin.template', 'configs/init-db.sql') }}" dest: "/tmp/init-db.sql" remote_src: true - mode: "0600" + mode: "0666" - name: Run init-db.sql - ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}/{{ tpa_single_node_pg_db }} -v ON_ERROR_STOP=1 -v db_name={{ tpa_single_node_pg_db }} -v db_user={{ tpa_single_node_pg_user }} -v db_password={{ tpa_single_node_pg_user_passwd }} -f /tmp/init-db.sql" + ansible.builtin.command: "psql -v ON_ERROR_STOP=1 -v db_name={{ tpa_single_node_pg_db }} -v db_user={{ tpa_single_node_pg_user }} -v db_password={{ tpa_single_node_pg_user_passwd }} -f /tmp/init-db.sql" changed_when: false + become: true + become_user: postgres - name: Testing DB to make sure it is available command: psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1' diff --git a/roles/tpa_single_node/tasks/podman/postgresql.yml b/roles/tpa_single_node/tasks/podman/postgresql.yml index fe23c0a..e1c5c3d 100644 --- a/roles/tpa_single_node/tasks/podman/postgresql.yml +++ b/roles/tpa_single_node/tasks/podman/postgresql.yml @@ -59,24 +59,13 @@ become: yes become_user: postgres -# - name: "Allow md5 connection for the db user" -# postgresql_pg_hba: -# dest: "/var/lib/pgsql/data/pg_hba.conf" -# contype: host -# databases: all -# method: md5 -# users: "{{ tpa_single_node_pg_user }}" -# create: true -# become: yes -# become_user: postgres -# notify: Restart postgres - - name: "Ensure the IP is set to all" lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^#?listen_addresses =' line: "listen_addresses = '*'" state: present + notify: Restart postgres - name: "Allow md5 connection for the db user" postgresql_pg_hba: diff --git a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml index 9e75abd..7b3a26d 100644 --- a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml +++ b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml @@ -40,7 +40,6 @@ spec: - name: service image: {{ tpa_single_node_guac_image }} imagePullPolicy: IfNotPresent - command: - /opt/guac/guacgql args: From feb75b3783e3d15f81f281eb886aadb588db70a4 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Thu, 19 Sep 2024 21:53:41 +0200 Subject: [PATCH 05/14] Fix Testing DB --- roles/tpa_single_node/tasks/podman/init_guac.yml | 11 ++++++++--- roles/tpa_single_node/tasks/podman/postgresql.yml | 3 +-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index f1d350b..c7d0947 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -27,7 +27,12 @@ changed_when: false become: true become_user: postgres - -- name: Testing DB to make sure it is available - command: psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1' + +- name: Restart postgres + ansible.builtin.service: + name: postgresql + state: restarted + +- name: Testing DB guac to make sure it is available + command: psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:5432/{{ tpa_single_node_pg_db }} -c 'SELECT 1' diff --git a/roles/tpa_single_node/tasks/podman/postgresql.yml b/roles/tpa_single_node/tasks/podman/postgresql.yml index e1c5c3d..bd58177 100644 --- a/roles/tpa_single_node/tasks/podman/postgresql.yml +++ b/roles/tpa_single_node/tasks/podman/postgresql.yml @@ -65,7 +65,6 @@ regexp: '^#?listen_addresses =' line: "listen_addresses = '*'" state: present - notify: Restart postgres - name: "Allow md5 connection for the db user" postgresql_pg_hba: @@ -78,4 +77,4 @@ create: true become: yes become_user: postgres - notify: Restart postgres \ No newline at end of file + \ No newline at end of file From 0def56ed3e767fc5ec5b6cc3875f009c8c50f2fe Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 08:13:52 +0200 Subject: [PATCH 06/14] Cleanup --- roles/tpa_single_node/handlers/main.yml | 6 ------ roles/tpa_single_node/tasks/podman/init_guac.yml | 12 ++++-------- roles/tpa_single_node/tasks/podman/postgresql.yml | 6 +++++- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/roles/tpa_single_node/handlers/main.yml b/roles/tpa_single_node/handlers/main.yml index 5b5301d..ed97d53 100644 --- a/roles/tpa_single_node/handlers/main.yml +++ b/roles/tpa_single_node/handlers/main.yml @@ -1,7 +1 @@ --- -# handlers file for tpa_single_node -# @postgres-remove -- name: Restart postgres - ansible.builtin.service: - name: postgresql - state: restarted diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index c7d0947..3efa112 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -23,16 +23,12 @@ mode: "0666" - name: Run init-db.sql - ansible.builtin.command: "psql -v ON_ERROR_STOP=1 -v db_name={{ tpa_single_node_pg_db }} -v db_user={{ tpa_single_node_pg_user }} -v db_password={{ tpa_single_node_pg_user_passwd }} -f /tmp/init-db.sql" + ansible.builtin.command: + cmd: psql -v ON_ERROR_STOP=1 -v db_name={{ tpa_single_node_pg_db }} -v db_user={{ tpa_single_node_pg_user }} -v db_password={{ tpa_single_node_pg_user_passwd }} -f /tmp/init-db.sql changed_when: false become: true become_user: postgres -- name: Restart postgres - ansible.builtin.service: - name: postgresql - state: restarted - - name: Testing DB guac to make sure it is available - command: psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:5432/{{ tpa_single_node_pg_db }} -c 'SELECT 1' - + ansible.builtin.command: + cmd: psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1' diff --git a/roles/tpa_single_node/tasks/podman/postgresql.yml b/roles/tpa_single_node/tasks/podman/postgresql.yml index bd58177..aaf6c43 100644 --- a/roles/tpa_single_node/tasks/podman/postgresql.yml +++ b/roles/tpa_single_node/tasks/podman/postgresql.yml @@ -77,4 +77,8 @@ create: true become: yes become_user: postgres - \ No newline at end of file + +- name: Restart postgres + ansible.builtin.service: + name: postgresql + state: restarted \ No newline at end of file From 2f0c38867e9f2c970e0f9c3068f79182ae7de1b9 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 08:19:18 +0200 Subject: [PATCH 07/14] Split 'too long' cmd lines --- roles/tpa_single_node/tasks/podman/init_guac.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index 3efa112..a6c575d 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -24,11 +24,19 @@ - name: Run init-db.sql ansible.builtin.command: - cmd: psql -v ON_ERROR_STOP=1 -v db_name={{ tpa_single_node_pg_db }} -v db_user={{ tpa_single_node_pg_user }} -v db_password={{ tpa_single_node_pg_user_passwd }} -f /tmp/init-db.sql + cmd: > + psql -v ON_ERROR_STOP=1 + -v db_name={{ tpa_single_node_pg_db }} + -v db_user={{ tpa_single_node_pg_user }} + -v db_password={{ tpa_single_node_pg_user_passwd }} + -f /tmp/init-db.sql changed_when: false become: true become_user: postgres - name: Testing DB guac to make sure it is available ansible.builtin.command: - cmd: psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1' + cmd: > + psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }} + @{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} + -c 'SELECT 1' From 2ec6a77539488dd1c59a22e3fdee181afd2f58cb Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 08:21:39 +0200 Subject: [PATCH 08/14] Cleanup --- roles/tpa_single_node/tasks/podman/init_guac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index a6c575d..0410bab 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -35,7 +35,7 @@ become_user: postgres - name: Testing DB guac to make sure it is available - ansible.builtin.command: + ansible.builtin.command: cmd: > psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }} @{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} From 57d251917dd67e47f5a2345e3a77d17910dc9a43 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 08:23:58 +0200 Subject: [PATCH 09/14] Cleanup --- roles/tpa_single_node/tasks/podman/init_guac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index 0410bab..ec4294a 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -23,7 +23,7 @@ mode: "0666" - name: Run init-db.sql - ansible.builtin.command: + ansible.builtin.command: cmd: > psql -v ON_ERROR_STOP=1 -v db_name={{ tpa_single_node_pg_db }} From 84d8b11b9a1cfec02d50f77054797e0b8646e894 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 08:27:27 +0200 Subject: [PATCH 10/14] Fix lint violation --- roles/tpa_single_node/tasks/podman/init_guac.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index ec4294a..95c4b12 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -37,6 +37,6 @@ - name: Testing DB guac to make sure it is available ansible.builtin.command: cmd: > - psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }} - @{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} + psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1' + changed_when: false From ab303ab8cda46ff89f06a358ed7e0521afb6da22 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 08:50:31 +0200 Subject: [PATCH 11/14] Move pg test to a template --- roles/tpa_single_node/tasks/podman/init_guac.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index 95c4b12..f810d64 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -34,9 +34,11 @@ become: true become_user: postgres +- name: Create psql test command template + ansible.builtin.template: + src: "templates/scripts/psql_test.sh.j2" + dest: "/tmp/psql_test.sh" + mode: "0755" + - name: Testing DB guac to make sure it is available - ansible.builtin.command: - cmd: > - psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} - -c 'SELECT 1' - changed_when: false + ansible.builtin.shell: "/tmp/psql_test.sh" From 830036fb8b4420b5af3ffa203651334ebd93a4dd Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 08:57:13 +0200 Subject: [PATCH 12/14] Use command before shell --- roles/tpa_single_node/tasks/podman/init_guac.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index f810d64..01113a3 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -34,11 +34,12 @@ become: true become_user: postgres -- name: Create psql test command template +- name: Create psql test command ansible.builtin.template: src: "templates/scripts/psql_test.sh.j2" dest: "/tmp/psql_test.sh" mode: "0755" - name: Testing DB guac to make sure it is available - ansible.builtin.shell: "/tmp/psql_test.sh" + ansible.builtin.command: "/tmp/psql_test.sh" + changed_when: false \ No newline at end of file From 97208c1e1f43f51813133d8e59cd0fc7062da5fa Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 08:58:15 +0200 Subject: [PATCH 13/14] EOF missing --- roles/tpa_single_node/tasks/podman/init_guac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tpa_single_node/tasks/podman/init_guac.yml b/roles/tpa_single_node/tasks/podman/init_guac.yml index 01113a3..4b49eab 100644 --- a/roles/tpa_single_node/tasks/podman/init_guac.yml +++ b/roles/tpa_single_node/tasks/podman/init_guac.yml @@ -42,4 +42,4 @@ - name: Testing DB guac to make sure it is available ansible.builtin.command: "/tmp/psql_test.sh" - changed_when: false \ No newline at end of file + changed_when: false From f37658f188036d0651427731a6af5d35daaaf0eb Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 09:22:01 +0200 Subject: [PATCH 14/14] Add psql test script template --- roles/tpa_single_node/templates/scripts/psql_test.sh.j2 | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 roles/tpa_single_node/templates/scripts/psql_test.sh.j2 diff --git a/roles/tpa_single_node/templates/scripts/psql_test.sh.j2 b/roles/tpa_single_node/templates/scripts/psql_test.sh.j2 new file mode 100644 index 0000000..2fa7fef --- /dev/null +++ b/roles/tpa_single_node/templates/scripts/psql_test.sh.j2 @@ -0,0 +1,2 @@ +#!/bin/env sh +psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} -c 'SELECT 1'