PoC to deploy with quadlets

manifests/artemis.pp

@@ -22,6 +22,13 @@
     group   => $candlepin::group,
   }
 
+  file { "${candlepin::tomcat_conf}/conf.d":
+    ensure => directory,
+    mode   => '0755',
+    owner  => $candlepin::user,
+    group  => $candlepin::group,
+  }
+
   file { "${candlepin::tomcat_conf}/login.config":
     ensure  => file,
     content => file('candlepin/tomcat/login.config'),

manifests/config.pp

@@ -71,4 +71,34 @@
     owner   => 'root',
     group   => $candlepin::group,
   }
+
+  if $candlepin::use_container {
+    file { $candlepin::tomcat_conf:
+      ensure => directory,
+      mode   => '0755',
+      owner  => 'root',
+      group  => $candlepin::group,
+    }
+
+    file { '/var/lib/candlepin':
+      ensure => directory,
+      mode   => '0755',
+      owner  => 'root',
+      group  => $candlepin::group,
+    }
+
+    file { '/var/log/candlepin':
+      ensure => directory,
+      mode   => '0755',
+      owner  => 'root',
+      group  => $candlepin::group,
+    }
+
+    file { '/var/log/tomcat':
+      ensure => directory,
+      mode   => '0755',
+      owner  => 'root',
+      group  => $candlepin::group,
+    }
+  }
 }

manifests/database/postgresql.pp

@@ -77,6 +77,14 @@
     }
 
     if $candlepin::db_manage_on_startup != 'Manage' {
+      cpdb_create { $db_name:
+        ensure      => present,
+        db_host     => $db_host,
+        db_port     => $db_port,
+        db_user     => $db_user,
+        db_password => $db_password,
+        ssl_options => $ssl_options,
+      } ->
       cpdb_update { $db_name:
         ensure      => present,
         db_host     => $db_host,

manifests/init.pp

@@ -170,6 +170,12 @@
 # @param db_manage_on_startup
 #   How to manage database migrations on startup.
 #
+# @param use_container
+#   If true, deploys systemd service using a container.
+#
+# @param container_image
+#   Specifies the container image to use when deploying via container.
+#
 # @example Set debug logging
 #   class { 'candlepin':
 #     loggers => {
@@ -233,6 +239,8 @@
   String $group = 'tomcat',
   Boolean $disable_fips = true,
   Enum['None', 'Report', 'Halt', 'Manage'] $db_manage_on_startup = 'Manage',
+  Boolean $use_container = true,
+  String[1] $container_image = 'quay.io/ehelms/candlepin:4.4.5-1',
 ) inherits candlepin::params {
   contain candlepin::service
 

manifests/install.pp

@@ -4,33 +4,37 @@
 class candlepin::install {
   assert_private()
 
-  $enable_pki_core = $facts['os']['release']['major'] == '8'
+  if !$candlepin::use_container {
+    $enable_pki_core = $facts['os']['release']['major'] == '8'
 
-  if $candlepin::java_package {
-    stdlib::ensure_packages([$candlepin::java_package])
-    Package[$candlepin::java_package] -> Package['candlepin']
-  }
-
-  if $enable_pki_core {
-    package { 'pki-core':
-      ensure      => installed,
-      enable_only => true,
-      provider    => 'dnfmodule',
-      before      => Package['candlepin'],
+    if $candlepin::java_package {
+      stdlib::ensure_packages([$candlepin::java_package])
+      Package[$candlepin::java_package] -> Package['candlepin']
     }
-  }
 
-  package { ['candlepin']:
-    ensure => $candlepin::version,
-  }
+    if $enable_pki_core {
+      package { 'pki-core':
+        ensure      => installed,
+        enable_only => true,
+        provider    => 'dnfmodule',
+        before      => Package['candlepin'],
+      }
+    }
 
-  if $facts['os']['selinux']['enabled'] {
-    package { ['candlepin-selinux']:
+    package { ['candlepin']:
       ensure => $candlepin::version,
     }
 
-    if $enable_pki_core {
-      Package['pki-core'] -> Package['candlepin-selinux']
+    if $facts['os']['selinux']['enabled'] {
+      package { ['candlepin-selinux']:
+        ensure => $candlepin::version,
+      }
+
+      if $enable_pki_core {
+        Package['pki-core'] -> Package['candlepin-selinux']
+      }
     }
+  } else {
+    stdlib::ensure_packages(['podman'])
   }
 }

manifests/service.pp

@@ -4,6 +4,21 @@
 class candlepin::service {
   assert_private()
 
+  if $candlepin::use_container {
+    $container_context = {
+      'image'          => $candlepin::container_image,
+    }
+
+    file { '/etc/containers/systemd/tomcat.container':
+      ensure  => file,
+      content => epp('candlepin/candlepin.container.epp', $container_context),
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0444',
+      before  => Service['tomcat'],
+    }
+  }
+
   service { 'tomcat':
     ensure     => running,
     enable     => true,

templates/candlepin.conf.epp

@@ -25,6 +25,8 @@ candlepin.environment_content_filtering=<%= $env_filtering_enabled %>
 candlepin.auth.basic.enable=<%= $enable_basic_auth %>
 candlepin.auth.trusted.enable=<%= $enable_trusted_auth %>
 
+candlepin.db.database_manage_on_startup=Manage
+
 candlepin.audit.hornetq.config_path=<%= $broker_config_file %>
 <% if $oauth_key != "" { %>
 

templates/candlepin.container.epp

@@ -0,0 +1,27 @@
+<%- |
+  String[1] $image,
+| -%>
+### File managed with puppet ###
+## Module: '<%= $module_name %>'
+[Unit]
+Description=Candlepin
+After=local-fs.target
+
+[Install]
+WantedBy=multi-user.target default.target
+
+[Container]
+Image=<%= $image %>
+PodmanArgs=--cgroups=enabled
+LogDriver=journald
+Network=host
+
+Volume=/etc/tomcat/server.xml:/etc/tomcat/server.xml
+Volume=/etc/tomcat/login.config:/etc/tomcat/login.config
+Volume=/etc/tomcat/cert-roles.properties:/etc/tomcat/cert-roles.properties
+Volume=/etc/tomcat/cert-users.properties:/etc/tomcat/cert-users.properties
+Volume=/etc/tomcat/conf.d/jaas.conf:/etc/tomcat/conf.d/jaas.conf
+Volume=/etc/tomcat/tomcat.conf:/etc/tomcat/tomcat.conf
+Volume=/etc/candlepin:/etc/candlepin
+Volume=/var/log/candlepin:/var/log/candlepin
+Volume=/var/log/tomcat:/var/log/tomcat