From 059cc07cdbd52fbb9ebff169e85fd6501e89dce9 Mon Sep 17 00:00:00 2001 From: "Eric D. Helms" Date: Wed, 13 Mar 2024 08:39:15 -0400 Subject: [PATCH] PoC to deploy with quadlets --- .../cpdb_create/{cpdb_create.rb => cpdb.rb} | 2 +- lib/puppet/provider/cpdb_create/podman.rb | 42 ++++++++++ .../cpdb_update/{cpdb_update.rb => cpdb.rb} | 4 +- lib/puppet/provider/cpdb_update/podman.rb | 59 ++++++++++++++ lib/puppet/type/cpdb_create.rb | 4 + lib/puppet/type/cpdb_update.rb | 4 + manifests/artemis.pp | 7 ++ manifests/config.pp | 22 ++++++ manifests/database/postgresql.pp | 7 ++ manifests/init.pp | 4 + manifests/install.pp | 44 ++++++----- manifests/service.pp | 19 ++++- templates/candlepin.container | 25 ++++++ templates/tomcat/logging.properties | 79 +++++++++++++++++++ 14 files changed, 295 insertions(+), 27 deletions(-) rename lib/puppet/provider/cpdb_create/{cpdb_create.rb => cpdb.rb} (92%) create mode 100644 lib/puppet/provider/cpdb_create/podman.rb rename lib/puppet/provider/cpdb_update/{cpdb_update.rb => cpdb.rb} (93%) create mode 100644 lib/puppet/provider/cpdb_update/podman.rb create mode 100644 templates/candlepin.container create mode 100644 templates/tomcat/logging.properties diff --git a/lib/puppet/provider/cpdb_create/cpdb_create.rb b/lib/puppet/provider/cpdb_create/cpdb.rb similarity index 92% rename from lib/puppet/provider/cpdb_create/cpdb_create.rb rename to lib/puppet/provider/cpdb_create/cpdb.rb index 1692871..f519e72 100644 --- a/lib/puppet/provider/cpdb_create/cpdb_create.rb +++ b/lib/puppet/provider/cpdb_create/cpdb.rb @@ -1,4 +1,4 @@ -Puppet::Type.type(:cpdb_create).provide(:cpdb_create) do +Puppet::Type.type(:cpdb_create).provide(:cpdb) do commands :cpdb => '/usr/share/candlepin/cpdb' diff --git a/lib/puppet/provider/cpdb_create/podman.rb b/lib/puppet/provider/cpdb_create/podman.rb new file mode 100644 index 0000000..d50f334 --- /dev/null +++ b/lib/puppet/provider/cpdb_create/podman.rb @@ -0,0 +1,42 @@ +Puppet::Type.type(:cpdb_create).provide(:podman) do + + commands :podman => '/bin/podman' + + def create + create_database + write_done_file + end + + def exists? + File.exist?(done_file) + end + + private + + def create_database + podman( + "run", + "--network=host", + "quay.io/ehelms/candlepin:4.3.12", + "/usr/share/candlepin/cpdb", + "--create", + "--schema-only", + "--dbhost=#{resource[:db_host]}", + "--dbport=#{resource[:db_port]}", + "--database=#{resource[:db_name]}#{resource[:ssl_options]}", + "--user=#{resource[:db_user]}", + "--password=#{resource[:db_password]}" + ) + end + + def done_file + "/var/lib/candlepin/.puppet-candlepin-cpdb-create-done" + end + + def write_done_file + File.open(done_file, 'w') do |file| + file.write(Time.now) + end + end + +end diff --git a/lib/puppet/provider/cpdb_update/cpdb_update.rb b/lib/puppet/provider/cpdb_update/cpdb.rb similarity index 93% rename from lib/puppet/provider/cpdb_update/cpdb_update.rb rename to lib/puppet/provider/cpdb_update/cpdb.rb index ffd8579..eab4c5b 100644 --- a/lib/puppet/provider/cpdb_update/cpdb_update.rb +++ b/lib/puppet/provider/cpdb_update/cpdb.rb @@ -1,4 +1,4 @@ -Puppet::Type.type(:cpdb_update).provide(:cpdb_update) do +Puppet::Type.type(:cpdb_update).provide(:cpdb) do commands :cpdb => '/usr/share/candlepin/cpdb' commands :rpm => 'rpm' @@ -18,7 +18,7 @@ def exists? private def migrate_database - output = cpdb( + cpdb( "--update", "--dbhost=#{resource[:db_host]}", "--dbport=#{resource[:db_port]}", diff --git a/lib/puppet/provider/cpdb_update/podman.rb b/lib/puppet/provider/cpdb_update/podman.rb new file mode 100644 index 0000000..0926a97 --- /dev/null +++ b/lib/puppet/provider/cpdb_update/podman.rb @@ -0,0 +1,59 @@ +Puppet::Type.type(:cpdb_update).provide(:podman) do + + commands :podman => 'podman' + + def create + migrate_database + update_version_file + end + + def exists? + return false if previous_candlepin_version.nil? + return false if candlepin_rpm_version.nil? + + Gem::Version.new(previous_candlepin_version) == Gem::Version.new(candlepin_rpm_version) + end + + private + + def migrate_database + podman( + "run", + "--network=host", + "quay.io/ehelms/candlepin:4.3.12", + "/usr/share/candlepin/cpdb", + "--update", + "--dbhost=#{resource[:db_host]}", + "--dbport=#{resource[:db_port]}", + "--database=#{resource[:db_name]}#{resource[:ssl_options]}", + "--user=#{resource[:db_user]}", + "--password=#{resource[:db_password]}" + ) + end + + def version_file + "/var/lib/candlepin/.puppet-candlepin-rpm-version" + end + + def update_version_file + File.open(version_file, "w") do |file| + file.write(candlepin_rpm_version) + end + end + + def candlepin_rpm_version + podman( + 'run', + "--network=host", + "quay.io/ehelms/candlepin:4.3.12", + 'rpm', + '-q', + 'candlepin', + '--queryformat=%{version}' + ) + end + + def previous_candlepin_version + File.read(version_file) if File.exist?(version_file) + end +end diff --git a/lib/puppet/type/cpdb_create.rb b/lib/puppet/type/cpdb_create.rb index de07535..316d919 100644 --- a/lib/puppet/type/cpdb_create.rb +++ b/lib/puppet/type/cpdb_create.rb @@ -25,6 +25,10 @@ desc "Password of the database user" end + newparam(:container_based) do + desc "To use a container" + end + autorequire(:concat) do ['/etc/candlepin/candlepin.conf'] end diff --git a/lib/puppet/type/cpdb_update.rb b/lib/puppet/type/cpdb_update.rb index e031f1a..3241a3e 100644 --- a/lib/puppet/type/cpdb_update.rb +++ b/lib/puppet/type/cpdb_update.rb @@ -29,6 +29,10 @@ ['/etc/candlepin/candlepin.conf'] end + newparam(:container_based) do + desc "To use a container" + end + autorequire(:cpdb_create) do [self[:db_name]] end diff --git a/manifests/artemis.pp b/manifests/artemis.pp index 32452a1..80e2079 100644 --- a/manifests/artemis.pp +++ b/manifests/artemis.pp @@ -22,6 +22,13 @@ group => $candlepin::group, } + file { "${candlepin::tomcat_conf}/conf.d": + ensure => directory, + mode => '0755', + owner => $candlepin::user, + group => $candlepin::group, + } + file { "${candlepin::tomcat_conf}/login.config": ensure => file, content => file('candlepin/tomcat/login.config'), diff --git a/manifests/config.pp b/manifests/config.pp index bf0e33d..f242733 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -55,6 +55,20 @@ 'truststore_password' => $candlepin::_truststore_password, } + file { $candlepin::tomcat_conf: + ensure => directory, + mode => '0755', + owner => 'root', + group => $candlepin::group, + } + + file { '/var/lib/candlepin': + ensure => directory, + mode => '0755', + owner => 'root', + group => $candlepin::group, + } + file { "${candlepin::tomcat_conf}/server.xml": ensure => file, content => epp('candlepin/tomcat/server.xml.epp', $server_context), @@ -70,4 +84,12 @@ owner => 'root', group => $candlepin::group, } + + file { '/etc/tomcat/logging.properties': + ensure => file, + content => template('candlepin/tomcat/logging.properties'), + mode => '0644', + owner => 'root', + group => $candlepin::group, + } } diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 731d737..815fa6a 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -76,6 +76,11 @@ default => '' } + $cpdb_provider = $candlepin::use_container ? { + true => 'podman', + false => 'cpdb', + } + cpdb_create { $db_name: ensure => present, db_host => $db_host, @@ -83,6 +88,7 @@ db_user => $db_user, db_password => $db_password, ssl_options => $ssl_options, + provider => $cpdb_provider, } -> cpdb_update { $db_name: ensure => present, @@ -91,6 +97,7 @@ db_user => $db_user, db_password => $db_password, ssl_options => $ssl_options, + provider => $cpdb_provider, } # if both manage_db and init_db enforce order of resources diff --git a/manifests/init.pp b/manifests/init.pp index 6f4a65f..f8f5f4c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -167,6 +167,9 @@ # Disable FIPS within the Java environment for Tomcat explicitly. # When set to false, no flag is added. Then on FIPS enabled systems, a Candlepin build that supports FIPS is required. # +# @param use_container +# If true, deploys systemd service using a container. +# # @example Set debug logging # class { 'candlepin': # loggers => { @@ -229,6 +232,7 @@ String $user = 'tomcat', String $group = 'tomcat', Boolean $disable_fips = true, + Boolean $use_container = true, ) inherits candlepin::params { contain candlepin::service diff --git a/manifests/install.pp b/manifests/install.pp index 884da0f..0e00c83 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -4,33 +4,37 @@ class candlepin::install { assert_private() - $enable_pki_core = $facts['os']['release']['major'] == '8' + if !$candlepin::use_container { + $enable_pki_core = $facts['os']['release']['major'] == '8' - if $candlepin::java_package { - stdlib::ensure_packages([$candlepin::java_package]) - Package[$candlepin::java_package] -> Package['candlepin'] - } - - if $enable_pki_core { - package { 'pki-core': - ensure => installed, - enable_only => true, - provider => 'dnfmodule', - before => Package['candlepin'], + if $candlepin::java_package { + stdlib::ensure_packages([$candlepin::java_package]) + Package[$candlepin::java_package] -> Package['candlepin'] } - } - package { ['candlepin']: - ensure => $candlepin::version, - } + if $enable_pki_core { + package { 'pki-core': + ensure => installed, + enable_only => true, + provider => 'dnfmodule', + before => Package['candlepin'], + } + } - if $facts['os']['selinux']['enabled'] { - package { ['candlepin-selinux']: + package { ['candlepin']: ensure => $candlepin::version, } - if $enable_pki_core { - Package['pki-core'] -> Package['candlepin-selinux'] + if $facts['os']['selinux']['enabled'] { + package { ['candlepin-selinux']: + ensure => $candlepin::version, + } + + if $enable_pki_core { + Package['pki-core'] -> Package['candlepin-selinux'] + } } + } else { + stdlib::ensure_packages(['podman']) } } diff --git a/manifests/service.pp b/manifests/service.pp index d543d8f..18c41d1 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -4,10 +4,21 @@ class candlepin::service { assert_private() + if $candlepin::use_container { + file { '/etc/containers/systemd/tomcat.container': + ensure => file, + content => template('candlepin/candlepin.container'), + owner => 'root', + group => 'root', + mode => '0444', + before => Service['tomcat'], + } + } + service { 'tomcat': - ensure => running, - enable => true, - hasstatus => true, - hasrestart => true, + ensure => 'running', + enable => true, + restart => true, + provider => 'systemd', } } diff --git a/templates/candlepin.container b/templates/candlepin.container new file mode 100644 index 0000000..df3fc3e --- /dev/null +++ b/templates/candlepin.container @@ -0,0 +1,25 @@ +[Unit] +Description=Candlepin +After=local-fs.target + +[Container] +Image=quay.io/ehelms/candlepin:4.3.12 +PodmanArgs=--cgroups=enabled +LogDriver=journald +Network=host + +Volume=/etc/tomcat/logging.properties:/etc/tomcat/logging.properties +Volume=/etc/tomcat/server.xml:/etc/tomcat/server.xml +Volume=/etc/tomcat/login.config:/etc/tomcat/login.config +Volume=/etc/tomcat/cert-roles.properties:/etc/tomcat/cert-roles.properties +Volume=/etc/tomcat/cert-users.properties:/etc/tomcat/cert-users.properties +Volume=/etc/tomcat/conf.d/jaas.conf:/etc/tomcat/conf.d/jaas.conf +Volume=/etc/tomcat/tomcat.conf:/etc/tomcat/tomcat.conf +Volume=/etc/candlepin:/etc/candlepin + +PublishPort=8443:8443 +PublishPort=61613:61613 + +[Install] +# Start by default on boot +WantedBy=multi-user.target default.target diff --git a/templates/tomcat/logging.properties b/templates/tomcat/logging.properties new file mode 100644 index 0000000..67e7099 --- /dev/null +++ b/templates/tomcat/logging.properties @@ -0,0 +1,79 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +handlers = java.util.logging.ConsoleHandler + +.handlers = java.util.logging.ConsoleHandler + +############################################################ +# Handler specific properties. +# Describes specific configuration info for Handlers. +############################################################ + +1catalina.org.apache.juli.AsyncFileHandler.level = FINE +1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs +1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina. +1catalina.org.apache.juli.AsyncFileHandler.maxDays = 90 +1catalina.org.apache.juli.AsyncFileHandler.encoding = UTF-8 + +2localhost.org.apache.juli.AsyncFileHandler.level = FINE +2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs +2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost. +2localhost.org.apache.juli.AsyncFileHandler.maxDays = 90 +2localhost.org.apache.juli.AsyncFileHandler.encoding = UTF-8 + +3manager.org.apache.juli.AsyncFileHandler.level = FINE +3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs +3manager.org.apache.juli.AsyncFileHandler.prefix = manager. +3manager.org.apache.juli.AsyncFileHandler.maxDays = 90 +3manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8 + +4host-manager.org.apache.juli.AsyncFileHandler.level = FINE +4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs +4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager. +4host-manager.org.apache.juli.AsyncFileHandler.maxDays = 90 +4host-manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8 + +java.util.logging.ConsoleHandler.level = FINE +java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter +java.util.logging.ConsoleHandler.encoding = UTF-8 + + +############################################################ +# Facility specific properties. +# Provides extra control for each logger. +############################################################ + +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = java.util.logging.ConsoleHandler + +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = java.util.logging.ConsoleHandler + +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = java.util.logging.ConsoleHandler + +# For example, set the org.apache.catalina.util.LifecycleBase logger to log +# each component that extends LifecycleBase changing state: +#org.apache.catalina.util.LifecycleBase.level = FINE + +# To see debug messages in TldLocationsCache, uncomment the following line: +#org.apache.jasper.compiler.TldLocationsCache.level = FINE + +# To see debug messages for HTTP/2 handling, uncomment the following line: +#org.apache.coyote.http2.level = FINE + +# To see debug messages for WebSocket handling, uncomment the following line: +#org.apache.tomcat.websocket.level = FINE