diff --git a/README.rst b/README.rst index bdf023cde..b632fad71 100644 --- a/README.rst +++ b/README.rst @@ -18,6 +18,7 @@ repositories on Ark is controlled via X.509 certificates issued by StackHPC. This configuration is a base, and should be merged with any existing Kayobe configuration. It currently provides the following: +* Configuration to deploy a local Pulp service as a container on the seed * Pulp repository definitions for CentOS Stream 8 * Playbooks to synchronise a local Pulp service with Ark * Configuration to use the local Pulp repository mirrors on control plane hosts @@ -68,14 +69,19 @@ need to merge the changes in this repository into your repository. Configuration ============= -The URL and credentials of the local Pulp server should be configured in -``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the password: +Local Pulp server +----------------- -.. code-block:: yaml +The URL and credentials of the local Pulp server are configured in +``etc/kayobe/pulp.yml`` via ``pulp_url``, ``pulp_username`` and +``pulp_password``. In most cases, the default values should be sufficient. +An admin password must be generated and set as the value of a +``secrets_pulp_password`` variable, typically in an Ansible Vault encrypted +``etc/kayobe/secrets.yml`` file. This password will be automatically set on +Pulp startup. - pulp_url: - pulp_username: admin - pulp_password: +StackHPC Ark +------------ The container image registry credentials issued by StackHPC should be configured in ``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the @@ -98,6 +104,10 @@ The distribution name for the environment should be configured as either Usage ===== +The local Pulp service will be deployed as a `Seed custom container +`__ +on next ``kayobe seed service deploy`` or ``kayobe seed service upgrade``. + The following custom playbooks are provided in ``etc/kayobe/ansible/``: See the Kayobe `custom playbook documentation diff --git a/etc/kayobe/containers/pulp/post.yml b/etc/kayobe/containers/pulp/post.yml new file mode 100644 index 000000000..0548b9926 --- /dev/null +++ b/etc/kayobe/containers/pulp/post.yml @@ -0,0 +1,19 @@ +--- +- name: Wait for Pulp to become ready + uri: + url: "{{ pulp_url }}/pulp/api/v3/status/" + register: pulp_status + until: pulp_status is success + retries: 30 + delay: 2 + +- name: Set the Pulp admin password + become: true + command: >- + docker exec -u root {{ seed_containers.pulp.name }} + bash -c + 'pulpcore-manager reset-admin-password -p {{ pulp_password }}' + no_log: true + register: pulp_manager_result + failed_when: + - "'Successfully set password' not in pulp_manager_result.stdout" diff --git a/etc/kayobe/containers/pulp/pre.yml b/etc/kayobe/containers/pulp/pre.yml new file mode 100644 index 000000000..22d999023 --- /dev/null +++ b/etc/kayobe/containers/pulp/pre.yml @@ -0,0 +1,21 @@ +--- +- name: Ensure /opt/kayobe/containers/pulp exists + file: + path: "/opt/kayobe/containers/pulp" + state: directory + become: true + +- name: Ensure required Docker volumes exist + docker_volume: + name: "{{ item }}" + loop: + - pulp_containers + - pulp_pgsql + - pulp_storage + +- name: Copy modified settings.py + template: + src: "{{ kayobe_config_path }}/containers/pulp/settings.py" + dest: /opt/kayobe/containers/pulp/settings.py + mode: 0644 + become: true diff --git a/etc/kayobe/containers/pulp/settings.py b/etc/kayobe/containers/pulp/settings.py new file mode 100644 index 000000000..c30454845 --- /dev/null +++ b/etc/kayobe/containers/pulp/settings.py @@ -0,0 +1,4 @@ +CONTENT_ORIGIN='http://{{ ansible_facts.fqdn }}' +ANSIBLE_API_HOSTNAME='http://{{ ansible_facts.fqdn }}' +ANSIBLE_CONTENT_HOSTNAME='http://{{ ansible_facts.fqdn }}/pulp/content' +TOKEN_AUTH_DISABLED=True diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index a0d8be9de..fde63a14d 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -2,10 +2,13 @@ ############################################################################### # Local Pulp access credentials -pulp_url: http://localhost:8080 -pulp_username: admin -pulp_password: +# Base URL of the local Pulp service. +# Default uses the seed node's IP on the admin network. +pulp_url: "http://{{ admin_oc_net_name | net_ip(groups['seed'][0]) }}:8080" +# Credentials used to access the local Pulp REST API. +pulp_username: admin +pulp_password: "{{ secrets_pulp_password }}" ############################################################################### # StackHPC Pulp server diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml index 35f2aadaa..b833a1c34 100644 --- a/etc/kayobe/seed.yml +++ b/etc/kayobe/seed.yml @@ -95,7 +95,20 @@ # pre: "{{ kayobe_env_config_path }}/containers/squid/pre.yml" # post: "{{ kayobe_env_config_path }}/containers/squid/post.yml" # -#seed_containers: +seed_containers: + pulp: + name: pulp + image: pulp/pulp + pre: "{{ kayobe_config_path }}/containers/pulp/pre.yml" + post: "{{ kayobe_config_path }}/containers/pulp/post.yml" + tag: "3.16" + network_mode: host + volumes: + - /opt/kayobe/containers/pulp:/etc/pulp + - pulp_storage:/var/lib/pulp + - pulp_pgsql:/var/lib/pgsql + - pulp_containers:/var/lib/containers + restart_policy: unless-stopped ############################################################################### # Dummy variable to allow Ansible to accept this file.