-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial simple ARA support through podman/container for api (default …
…sqlite for now) Signed-off-by: Fabian Arrotin <arrfab@centos.org>
- Loading branch information
Showing
7 changed files
with
128 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
|
||
[Unit] | ||
Description=ARA api service | ||
DefaultDependencies=no | ||
After=network.target | ||
|
||
[Install] | ||
WantedBy=multi-user.target | ||
|
||
[Service] | ||
Type=oneshot | ||
User=ara | ||
Group=ara | ||
ExecStart=/var/lib/ara/podman-ara start | ||
ExecStop=/var/lib/ara/podman-ara stop | ||
RemainAfterExit=yes | ||
#Restart=on-failure | ||
RestartSec=1 | ||
|
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
|
||
module podman-unpriv-init 1.0.1; | ||
|
||
require { | ||
type container_file_t; | ||
type var_lib_t; | ||
type init_t; | ||
class file { execute execute_no_trans }; | ||
} | ||
|
||
#============= init_t ============== | ||
|
||
allow init_t container_file_t:file { execute execute_no_trans }; | ||
allow init_t var_lib_t:file { execute execute_no_trans }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# Tasks included if we want to have local ara for ansible reports | ||
- block: | ||
- name: Creating ara user to start ara container | ||
user: | ||
name: ara | ||
comment: AnsibleRecordsAnsible service user | ||
|
||
- name: Install pkgs to start and connect to ara api container | ||
yum: | ||
name: ['podman', 'git', 'ara'] | ||
state: installed | ||
|
||
- name: Pulling container if needed | ||
podman_image: | ||
name: "{{ ansible_ara_container_image }}" | ||
become_user: ara | ||
|
||
- name: Creating directory for ara sqlite db and files | ||
file: | ||
path: /var/lib/ara | ||
state: directory | ||
owner: ara | ||
|
||
# This wrapper/init for systemd and selinux policy will have to be removed once User= can be used for podman | ||
# See https://github.com/containers/podman/issues/6582 and https://github.com/containers/libpod/issues/5572 | ||
- name: Creating wrapper script to start ara-api | ||
template: | ||
src: podman-ara.j2 | ||
dest: /var/lib/ara/podman-ara | ||
mode: 0750 | ||
owner: ara | ||
|
||
- name: Distributing custom selinux policies | ||
copy: | ||
src: "selinux/{{ ansible_distribution_version[0] }}/{{ item }}" | ||
dest: "/etc/selinux/centos/{{ item }}" | ||
register: sepolicy | ||
with_items: | ||
- podman-unpriv-init.pp | ||
|
||
- name: reload custom selinux files | ||
shell: /usr/sbin/semodule -u "/etc/selinux/centos/podman-unpriv-init.pp" | ||
when: ansible_selinux.status == "enabled" and sepolicy is changed | ||
|
||
- name: systemd unit to start ara container | ||
copy: | ||
src: ara-api.service | ||
dest: /etc/systemd/system/ara-api.service | ||
register: ara_systemd | ||
|
||
- name: Enable the ara-service container | ||
systemd: | ||
name: ara-api | ||
daemon-reload: "{% if ara_systemd is changed %}yes{% else %}no{% endif %}" | ||
state: started | ||
enabled: yes | ||
tags: | ||
- ara |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
#!/bin/bash | ||
action="$1" | ||
# Some settings | ||
local_vol="/var/lib/ara" | ||
local_port="{{ ansible_ara_server_port }}" | ||
container_image="{{ ansible_ara_container_image }}" | ||
|
||
if [ "$action" == "start" ] ; then | ||
podman ps --all|grep -q ara-api-server | ||
if [ "$?" -eq "0" ] ; then | ||
echo "container ara-api-server defined, starting it" | ||
exec podman start ara-api-server | ||
else | ||
echo "container ara-api-server undefined, starting it" | ||
exec podman run --name ara-api-server --detach --volume ${local_vol}:/opt/ara:z -p ${local_port}:8000 ${container_image} | ||
fi | ||
exit 0 | ||
elif [ "$action" == "stop" ] ; then | ||
exec podman stop ara-api-server >/dev/null | ||
exit 0 | ||
else | ||
logger "wrong action ${action} for podman ara" | ||
fi | ||
|