PoC to deploy with quadlets

lib/puppet/provider/cpdb_create/cpdb_create.rb → lib/puppet/provider/cpdb_create/cpdb.rb

@@ -1,4 +1,4 @@
-Puppet::Type.type(:cpdb_create).provide(:cpdb_create) do
+Puppet::Type.type(:cpdb_create).provide(:cpdb) do
 
   commands :cpdb => '/usr/share/candlepin/cpdb'
 

lib/puppet/provider/cpdb_create/podman.rb

@@ -0,0 +1,42 @@
+Puppet::Type.type(:cpdb_create).provide(:podman) do
+
+  commands :podman => '/bin/podman'
+
+  def create
+    create_database
+    write_done_file
+  end
+
+  def exists?
+    File.exist?(done_file)
+  end
+
+  private
+
+  def create_database
+    podman(
+      "run",
+      "--network=host",
+      "quay.io/ehelms/candlepin:4.3.12",
+      "/usr/share/candlepin/cpdb",
+      "--create",
+      "--schema-only",
+      "--dbhost=#{resource[:db_host]}",
+      "--dbport=#{resource[:db_port]}",
+      "--database=#{resource[:db_name]}#{resource[:ssl_options]}",
+      "--user=#{resource[:db_user]}",
+      "--password=#{resource[:db_password]}"
+    )
+  end
+
+  def done_file
+    "/var/lib/candlepin/.puppet-candlepin-cpdb-create-done"
+  end
+
+  def write_done_file
+    File.open(done_file, 'w') do |file|
+      file.write(Time.now)
+    end
+  end
+
+end

lib/puppet/provider/cpdb_update/cpdb_update.rb → lib/puppet/provider/cpdb_update/cpdb.rb

@@ -1,4 +1,4 @@
-Puppet::Type.type(:cpdb_update).provide(:cpdb_update) do
+Puppet::Type.type(:cpdb_update).provide(:cpdb) do
 
   commands :cpdb => '/usr/share/candlepin/cpdb'
   commands :rpm => 'rpm'
@@ -18,7 +18,7 @@ def exists?
   private
 
   def migrate_database
-    output = cpdb(
+    cpdb(
       "--update",
       "--dbhost=#{resource[:db_host]}",
       "--dbport=#{resource[:db_port]}",

lib/puppet/provider/cpdb_update/podman.rb

@@ -0,0 +1,59 @@
+Puppet::Type.type(:cpdb_update).provide(:podman) do
+
+  commands :podman => 'podman'
+
+  def create
+    migrate_database
+    update_version_file
+  end
+
+  def exists?
+    return false if previous_candlepin_version.nil?
+    return false if candlepin_rpm_version.nil?
+
+    Gem::Version.new(previous_candlepin_version) == Gem::Version.new(candlepin_rpm_version)
+  end
+
+  private
+
+  def migrate_database
+    podman(
+      "run",
+      "--network=host",
+      "quay.io/ehelms/candlepin:4.3.12",
+      "/usr/share/candlepin/cpdb",
+      "--update",
+      "--dbhost=#{resource[:db_host]}",
+      "--dbport=#{resource[:db_port]}",
+      "--database=#{resource[:db_name]}#{resource[:ssl_options]}",
+      "--user=#{resource[:db_user]}",
+      "--password=#{resource[:db_password]}"
+    )
+  end
+
+  def version_file
+    "/var/lib/candlepin/.puppet-candlepin-rpm-version"
+  end
+
+  def update_version_file
+    File.open(version_file, "w") do |file|
+      file.write(candlepin_rpm_version)
+    end
+  end
+
+  def candlepin_rpm_version
+    podman(
+      'run',
+      "--network=host",
+      "quay.io/ehelms/candlepin:4.3.12",
+      'rpm',
+      '-q',
+      'candlepin',
+      '--queryformat=%{version}'
+    )
+  end
+
+  def previous_candlepin_version
+    File.read(version_file) if File.exist?(version_file)
+  end
+end

lib/puppet/type/cpdb_create.rb

@@ -25,6 +25,10 @@
     desc "Password of the database user"
   end
 
+  newparam(:container_based) do
+    desc "To use a container"
+  end
+
   autorequire(:concat) do
     ['/etc/candlepin/candlepin.conf']
   end

lib/puppet/type/cpdb_update.rb

@@ -29,6 +29,10 @@
     ['/etc/candlepin/candlepin.conf']
   end
 
+  newparam(:container_based) do
+    desc "To use a container"
+  end
+
   autorequire(:cpdb_create) do
     [self[:db_name]]
   end

manifests/artemis.pp

@@ -22,6 +22,13 @@
     group   => $candlepin::group,
   }
 
+  file { "${candlepin::tomcat_conf}/conf.d":
+    ensure => directory,
+    mode   => '0755',
+    owner  => $candlepin::user,
+    group  => $candlepin::group,
+  }
+
   file { "${candlepin::tomcat_conf}/login.config":
     ensure  => file,
     content => file('candlepin/tomcat/login.config'),

manifests/config.pp

@@ -55,6 +55,20 @@
     'truststore_password' => $candlepin::_truststore_password,
   }
 
+  file { $candlepin::tomcat_conf:
+    ensure => directory,
+    mode   => '0755',
+    owner  => 'root',
+    group  => $candlepin::group,
+  }
+
+  file { '/var/lib/candlepin':
+    ensure => directory,
+    mode   => '0755',
+    owner  => 'root',
+    group  => $candlepin::group,
+  }
+
   file { "${candlepin::tomcat_conf}/server.xml":
     ensure  => file,
     content => epp('candlepin/tomcat/server.xml.epp', $server_context),
@@ -70,4 +84,12 @@
     owner   => 'root',
     group   => $candlepin::group,
   }
+
+  file { '/etc/tomcat/logging.properties':
+    ensure  => file,
+    content => template('candlepin/tomcat/logging.properties'),
+    mode    => '0644',
+    owner   => 'root',
+    group   => $candlepin::group,
+  }
 }

manifests/database/postgresql.pp

@@ -76,13 +76,19 @@
       default => ''
     }
 
+    $cpdb_provider = $candlepin::use_container ? {
+      true  => 'podman',
+      false => 'cpdb',
+    }
+
     cpdb_create { $db_name:
       ensure      => present,
       db_host     => $db_host,
       db_port     => $db_port,
       db_user     => $db_user,
       db_password => $db_password,
       ssl_options => $ssl_options,
+      provider    => $cpdb_provider,
     } ->
     cpdb_update { $db_name:
       ensure      => present,
@@ -91,6 +97,7 @@
       db_user     => $db_user,
       db_password => $db_password,
       ssl_options => $ssl_options,
+      provider    => $cpdb_provider,
     }
 
     # if both manage_db and init_db enforce order of resources

manifests/init.pp

@@ -167,6 +167,9 @@
 #   Disable FIPS within the Java environment for Tomcat explicitly.
 #   When set to false, no flag is added. Then on FIPS enabled systems, a Candlepin build that supports FIPS is required.
 #
+# @param use_container
+#   If true, deploys systemd service using a container.
+#
 # @example Set debug logging
 #   class { 'candlepin':
 #     loggers => {
@@ -229,6 +232,7 @@
   String $user = 'tomcat',
   String $group = 'tomcat',
   Boolean $disable_fips = true,
+  Boolean $use_container = true,
 ) inherits candlepin::params {
   contain candlepin::service
 

manifests/install.pp

@@ -4,33 +4,37 @@
 class candlepin::install {
   assert_private()
 
-  $enable_pki_core = $facts['os']['release']['major'] == '8'
+  if !$candlepin::use_container {
+    $enable_pki_core = $facts['os']['release']['major'] == '8'
 
-  if $candlepin::java_package {
-    stdlib::ensure_packages([$candlepin::java_package])
-    Package[$candlepin::java_package] -> Package['candlepin']
-  }
-
-  if $enable_pki_core {
-    package { 'pki-core':
-      ensure      => installed,
-      enable_only => true,
-      provider    => 'dnfmodule',
-      before      => Package['candlepin'],
+    if $candlepin::java_package {
+      stdlib::ensure_packages([$candlepin::java_package])
+      Package[$candlepin::java_package] -> Package['candlepin']
     }
-  }
 
-  package { ['candlepin']:
-    ensure => $candlepin::version,
-  }
+    if $enable_pki_core {
+      package { 'pki-core':
+        ensure      => installed,
+        enable_only => true,
+        provider    => 'dnfmodule',
+        before      => Package['candlepin'],
+      }
+    }
 
-  if $facts['os']['selinux']['enabled'] {
-    package { ['candlepin-selinux']:
+    package { ['candlepin']:
       ensure => $candlepin::version,
     }
 
-    if $enable_pki_core {
-      Package['pki-core'] -> Package['candlepin-selinux']
+    if $facts['os']['selinux']['enabled'] {
+      package { ['candlepin-selinux']:
+        ensure => $candlepin::version,
+      }
+
+      if $enable_pki_core {
+        Package['pki-core'] -> Package['candlepin-selinux']
+      }
     }
+  } else {
+    stdlib::ensure_packages(['podman'])
   }
 }

manifests/service.pp

@@ -4,10 +4,21 @@
 class candlepin::service {
   assert_private()
 
+  if $candlepin::use_container {
+    file { '/etc/containers/systemd/tomcat.container':
+      ensure  => file,
+      content => template('candlepin/candlepin.container'),
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0444',
+      before  => Service['tomcat'],
+    }
+  }
+
   service { 'tomcat':
-    ensure     => running,
-    enable     => true,
-    hasstatus  => true,
-    hasrestart => true,
+    ensure   => 'running',
+    enable   => true,
+    restart  => true,
+    provider => 'systemd',
   }
 }

templates/candlepin.container

@@ -0,0 +1,25 @@
+[Unit]
+Description=Candlepin
+After=local-fs.target
+
+[Container]
+Image=quay.io/ehelms/candlepin:4.3.12
+PodmanArgs=--cgroups=enabled
+LogDriver=journald
+Network=host
+
+Volume=/etc/tomcat/logging.properties:/etc/tomcat/logging.properties
+Volume=/etc/tomcat/server.xml:/etc/tomcat/server.xml
+Volume=/etc/tomcat/login.config:/etc/tomcat/login.config
+Volume=/etc/tomcat/cert-roles.properties:/etc/tomcat/cert-roles.properties
+Volume=/etc/tomcat/cert-users.properties:/etc/tomcat/cert-users.properties
+Volume=/etc/tomcat/conf.d/jaas.conf:/etc/tomcat/conf.d/jaas.conf
+Volume=/etc/tomcat/tomcat.conf:/etc/tomcat/tomcat.conf
+Volume=/etc/candlepin:/etc/candlepin
+
+PublishPort=8443:8443
+PublishPort=61613:61613
+
+[Install]
+# Start by default on boot
+WantedBy=multi-user.target default.target