From 2c3df079ead127efc0753644d34c25a05dd26f67 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Tue, 14 May 2024 11:29:28 +0200 Subject: [PATCH] run foreman in a container --- .fixtures.yml | 3 ++ manifests/config.pp | 36 +++++++++++++++--------- manifests/init.pp | 3 ++ manifests/service.pp | 40 +++++++++++++++++++++------ metadata.json | 4 +++ spec/acceptance/foreman_basic_spec.rb | 16 +++++++++++ 6 files changed, 81 insertions(+), 21 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 571994bd9..0d6fa6e5e 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -6,6 +6,9 @@ fixtures: concat: 'https://github.com/puppetlabs/puppetlabs-concat' cron_core: 'https://github.com/puppetlabs/puppetlabs-cron_core' extlib: 'https://github.com/voxpupuli/puppet-extlib' + podman: + repo: 'https://github.com/evgeni/puppet-podman' + branch: 'quadlet' postgresql: 'https://github.com/puppetlabs/puppetlabs-postgresql' puppet: 'https://github.com/theforeman/puppet-puppet' redis: 'https://github.com/voxpupuli/puppet-redis' diff --git a/manifests/config.pp b/manifests/config.pp index 5007126f7..103325899 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -98,11 +98,13 @@ ) ) $min_puma_threads = pick($foreman::foreman_service_puma_threads_min, $foreman::foreman_service_puma_threads_max) - systemd::dropin_file { 'foreman-service': - filename => 'installer.conf', - unit => "${foreman::foreman_service}.service", - content => template('foreman/foreman.service-overrides.erb'), - notify_service => true, + if $foreman::deployment_mode == 'package' { + systemd::dropin_file { 'foreman-service': + filename => 'installer.conf', + unit => "${foreman::foreman_service}.service", + content => template('foreman/foreman.service-overrides.erb'), + notify_service => true, + } } if ! defined(File[$foreman::app_root]) { @@ -153,7 +155,13 @@ } if $foreman::apache { - $listen_socket = '/run/foreman.sock' + if $foreman::deployment_mode == 'container' { + $listen_socket = 'localhost:3000' + $backend_protocol = 'http' + } else { + $listen_socket = '/run/foreman.sock' + $backend_protocol = 'unix' + } class { 'foreman::config::apache': app_root => $foreman::app_root, @@ -162,7 +170,7 @@ serveraliases => $foreman::serveraliases, server_port => $foreman::server_port, server_ssl_port => $foreman::server_ssl_port, - proxy_backend => "unix://${listen_socket}", + proxy_backend => "${backend_protocol}://${listen_socket}", ssl => $foreman::ssl, ssl_ca => $foreman::server_ssl_ca, ssl_chain => $foreman::server_ssl_chain, @@ -280,11 +288,13 @@ $foreman_socket_override = undef } - systemd::dropin_file { 'foreman-socket': - ensure => bool2str($foreman_socket_override =~ Undef, 'absent', 'present'), - filename => 'installer.conf', - unit => "${foreman::foreman_service}.socket", - content => $foreman_socket_override, - notify_service => true, + if $foreman::deployment_mode == 'package' { + systemd::dropin_file { 'foreman-socket': + ensure => bool2str($foreman_socket_override =~ Undef, 'absent', 'present'), + filename => 'installer.conf', + unit => "${foreman::foreman_service}.socket", + content => $foreman_socket_override, + notify_service => true, + } } } diff --git a/manifests/init.pp b/manifests/init.pp index a3dde8393..cb52a90e5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -189,6 +189,8 @@ # # $provisioning_fcct_location:: The location of the binary to call when transpiling Fedora CoreOS templates. # +# $deployment_mode:: The way foreman is deployed: packages or container +# # === Dynflow parameters: # # $dynflow_manage_services:: Whether to manage the dynflow services @@ -307,6 +309,7 @@ Boolean $register_in_foreman = true, Optional[Stdlib::Absolutepath] $provisioning_ct_location = undef, Optional[Stdlib::Absolutepath] $provisioning_fcct_location = undef, + Enum['package', 'container'] $deployment_mode = 'package', ) inherits foreman::params { assert_type(Array[Stdlib::IP::Address], $trusted_proxies) diff --git a/manifests/service.pp b/manifests/service.pp index 7e532bd80..f4d92064e 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -35,14 +35,38 @@ } } - service { "${foreman_service}.socket": - ensure => $foreman_service_ensure, - enable => $foreman_service_enable, - } + if $foreman::deployment_mode == 'package' { + service { "${foreman_service}.socket": + ensure => $foreman_service_ensure, + enable => $foreman_service_enable, + } - service { $foreman_service: - ensure => $foreman_service_ensure, - enable => $foreman_service_enable, - before => Service["${foreman_service}.socket"], + service { $foreman_service: + ensure => $foreman_service_ensure, + enable => $foreman_service_enable, + before => Service["${foreman_service}.socket"], + } + } else { + podman::quadlet { 'foreman.container': + ensure => present, + unit_entry => { + 'Description' => 'Foreman', + }, + service_entry => { + 'TimeoutStartSec' => '900', + }, + container_entry => { + 'Image' => 'quay.io/evgeni/foreman-rpm:latest', + 'PublishPort' => ['127.0.0.1:3000:3000'], + 'Volume' => ['/etc/foreman/:/etc/foreman/'], + 'AddCapability' => ['CAP_DAC_OVERRIDE', 'CAP_IPC_OWNER'], + 'Network' => 'host', + 'HostName' => $foreman::servername, + }, + install_entry => { + 'WantedBy' => 'default.target', + }, + active => true, + } } } diff --git a/metadata.json b/metadata.json index 04f1dc1b6..9de829d57 100644 --- a/metadata.json +++ b/metadata.json @@ -43,6 +43,10 @@ { "name": "puppet/redis", "version_requirement": ">= 5.0.0 < 12.0.0" + }, + { + "name": "southalc/podman", + "version_requirement": ">= 0.6.7 < 1.0.0" } ], "requirements": [ diff --git a/spec/acceptance/foreman_basic_spec.rb b/spec/acceptance/foreman_basic_spec.rb index 2655c0874..e4f46acd0 100644 --- a/spec/acceptance/foreman_basic_spec.rb +++ b/spec/acceptance/foreman_basic_spec.rb @@ -36,6 +36,22 @@ class { 'foreman': # https://projects.theforeman.org/issues/36113 end + describe 'in a Container' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<~PUPPET + class { 'foreman': + deployment_mode => 'container', + db_host => 'localhost', + db_manage_rake => false, + } + PUPPET + end + end + + it_behaves_like 'the foreman application' + end + context 'GSSAPI auth enabled' do before { on default, 'mkdir -p /etc/httpd && touch /etc/httpd/conf.keytab' }