From 7ef439a1a33597efa232876f1d429abb8140feb0 Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Wed, 8 Dec 2021 14:31:57 +0000 Subject: [PATCH 1/6] Deploy a local pulp server on the seed Co-authored-by: Michal Nasiadka Co-authored-by: Bartosz Bezak --- etc/kayobe/containers/pulp/pre.yml | 21 +++++++++++++++++++++ etc/kayobe/containers/pulp/settings.py | 4 ++++ etc/kayobe/seed.yml | 14 +++++++++++++- 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 etc/kayobe/containers/pulp/pre.yml create mode 100644 etc/kayobe/containers/pulp/settings.py diff --git a/etc/kayobe/containers/pulp/pre.yml b/etc/kayobe/containers/pulp/pre.yml new file mode 100644 index 000000000..22d999023 --- /dev/null +++ b/etc/kayobe/containers/pulp/pre.yml @@ -0,0 +1,21 @@ +--- +- name: Ensure /opt/kayobe/containers/pulp exists + file: + path: "/opt/kayobe/containers/pulp" + state: directory + become: true + +- name: Ensure required Docker volumes exist + docker_volume: + name: "{{ item }}" + loop: + - pulp_containers + - pulp_pgsql + - pulp_storage + +- name: Copy modified settings.py + template: + src: "{{ kayobe_config_path }}/containers/pulp/settings.py" + dest: /opt/kayobe/containers/pulp/settings.py + mode: 0644 + become: true diff --git a/etc/kayobe/containers/pulp/settings.py b/etc/kayobe/containers/pulp/settings.py new file mode 100644 index 000000000..d07798b3a --- /dev/null +++ b/etc/kayobe/containers/pulp/settings.py @@ -0,0 +1,4 @@ +CONTENT_ORIGIN='http://{{ ansible_fqdn }}' +ANSIBLE_API_HOSTNAME='http://{{ ansible_fqdn }}' +ANSIBLE_CONTENT_HOSTNAME='http://{{ ansible_fqdn }}/pulp/content' +TOKEN_AUTH_DISABLED=True diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml index 35f2aadaa..3e315a93f 100644 --- a/etc/kayobe/seed.yml +++ b/etc/kayobe/seed.yml @@ -95,7 +95,19 @@ # pre: "{{ kayobe_env_config_path }}/containers/squid/pre.yml" # post: "{{ kayobe_env_config_path }}/containers/squid/post.yml" # -#seed_containers: +seed_containers: + pulp: + name: pulp + image: pulp/pulp + pre: "{{ kayobe_config_path }}/containers/pulp/pre.yml" + tag: "3.16" + network_mode: host + volumes: + - /opt/kayobe/containers/pulp:/etc/pulp + - pulp_storage:/var/lib/pulp + - pulp_pgsql:/var/lib/pgsql + - pulp_containers:/var/lib/containers + restart_policy: unless-stopped ############################################################################### # Dummy variable to allow Ansible to accept this file. From 527b5874eb9f05271d15d5876e0a4fa68790440b Mon Sep 17 00:00:00 2001 From: Isaac Prior Date: Fri, 10 Dec 2021 11:50:15 +0000 Subject: [PATCH 2/6] Use full var paths for settings template --- etc/kayobe/containers/pulp/settings.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/kayobe/containers/pulp/settings.py b/etc/kayobe/containers/pulp/settings.py index d07798b3a..c30454845 100644 --- a/etc/kayobe/containers/pulp/settings.py +++ b/etc/kayobe/containers/pulp/settings.py @@ -1,4 +1,4 @@ -CONTENT_ORIGIN='http://{{ ansible_fqdn }}' -ANSIBLE_API_HOSTNAME='http://{{ ansible_fqdn }}' -ANSIBLE_CONTENT_HOSTNAME='http://{{ ansible_fqdn }}/pulp/content' +CONTENT_ORIGIN='http://{{ ansible_facts.fqdn }}' +ANSIBLE_API_HOSTNAME='http://{{ ansible_facts.fqdn }}' +ANSIBLE_CONTENT_HOSTNAME='http://{{ ansible_facts.fqdn }}/pulp/content' TOKEN_AUTH_DISABLED=True From 1cb6e8807d971fbf35a76b3bc279920be88ce512 Mon Sep 17 00:00:00 2001 From: Isaac Prior Date: Fri, 10 Dec 2021 12:23:52 +0000 Subject: [PATCH 3/6] Link to kayobe docs for pulp deployment mechanism --- README.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.rst b/README.rst index bdf023cde..ee0c08885 100644 --- a/README.rst +++ b/README.rst @@ -18,6 +18,7 @@ repositories on Ark is controlled via X.509 certificates issued by StackHPC. This configuration is a base, and should be merged with any existing Kayobe configuration. It currently provides the following: +* Configuration to deploy a local Pulp service * Pulp repository definitions for CentOS Stream 8 * Playbooks to synchronise a local Pulp service with Ark * Configuration to use the local Pulp repository mirrors on control plane hosts @@ -98,6 +99,10 @@ The distribution name for the environment should be configured as either Usage ===== +The local Pulp service will be deployed as a `Seed custom container +`__ +on next ``kayobe seed service deploy`` or ``kayobe seed service upgrade``. + The following custom playbooks are provided in ``etc/kayobe/ansible/``: See the Kayobe `custom playbook documentation From 3e477879f0e64eccd65e3ce7f49a39d393da435d Mon Sep 17 00:00:00 2001 From: Isaac Prior Date: Fri, 10 Dec 2021 17:25:54 +0000 Subject: [PATCH 4/6] Set the pulp api admin password --- README.rst | 10 ++++++++-- etc/kayobe/containers/pulp/post.yml | 11 +++++++++++ etc/kayobe/pulp.yml | 7 +++++-- etc/kayobe/seed.yml | 1 + 4 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 etc/kayobe/containers/pulp/post.yml diff --git a/README.rst b/README.rst index ee0c08885..d51b722e8 100644 --- a/README.rst +++ b/README.rst @@ -70,14 +70,20 @@ Configuration ============= The URL and credentials of the local Pulp server should be configured in -``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the password: +``etc/kayobe/pulp.yml`` in advance of deployment, using Ansible Vault +to encrypt the password: .. code-block:: yaml - pulp_url: + pulp_url: "http://{{ admin_oc_net_name | net_ip(groups['seed'][0]) }}:8080" pulp_username: admin pulp_password: +This is used to configure `Basic Auth for the Pulp API +`__. +Note that ``pulp_username`` is currently unused as only `admin` is supported. +``pulp_password`` is used to automatically set the admin password. + The container image registry credentials issued by StackHPC should be configured in ``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the password: diff --git a/etc/kayobe/containers/pulp/post.yml b/etc/kayobe/containers/pulp/post.yml new file mode 100644 index 000000000..855260d50 --- /dev/null +++ b/etc/kayobe/containers/pulp/post.yml @@ -0,0 +1,11 @@ +--- +- name: Set the pulp api password + become: true + command: >- + docker exec -u root {{ seed_containers.pulp.name }} + bash -c + 'pulpcore-manager reset-admin-password -p {{ pulp_password }}' + no_log: true + register: pulp_manager_result + failed_when: + - "'Successfully set password' not in pulp_manager_result.stdout" diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index a0d8be9de..3babd9b66 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -2,11 +2,14 @@ ############################################################################### # Local Pulp access credentials -pulp_url: http://localhost:8080 +# Base URL of the local Pulp service. +# Default uses the seed node's IP on the admin network. +pulp_url: "http://{{ admin_oc_net_name | net_ip(groups['seed'][0]) }}:8080" + +# Credentials used to access the local Pulp REST API. pulp_username: admin pulp_password: - ############################################################################### # StackHPC Pulp server diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml index 3e315a93f..b833a1c34 100644 --- a/etc/kayobe/seed.yml +++ b/etc/kayobe/seed.yml @@ -100,6 +100,7 @@ seed_containers: name: pulp image: pulp/pulp pre: "{{ kayobe_config_path }}/containers/pulp/pre.yml" + post: "{{ kayobe_config_path }}/containers/pulp/post.yml" tag: "3.16" network_mode: host volumes: From 5d7378b1a2be406b7e1e212c2b70bbd9bb31c6a0 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Tue, 14 Dec 2021 12:08:11 +0000 Subject: [PATCH 5/6] Wait for pulp to become ready before setting the password --- etc/kayobe/containers/pulp/post.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/etc/kayobe/containers/pulp/post.yml b/etc/kayobe/containers/pulp/post.yml index 855260d50..0548b9926 100644 --- a/etc/kayobe/containers/pulp/post.yml +++ b/etc/kayobe/containers/pulp/post.yml @@ -1,5 +1,13 @@ --- -- name: Set the pulp api password +- name: Wait for Pulp to become ready + uri: + url: "{{ pulp_url }}/pulp/api/v3/status/" + register: pulp_status + until: pulp_status is success + retries: 30 + delay: 2 + +- name: Set the Pulp admin password become: true command: >- docker exec -u root {{ seed_containers.pulp.name }} From 736562d2343dc2ad667ba91e6efbdfdbc2470358 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Tue, 14 Dec 2021 12:59:44 +0000 Subject: [PATCH 6/6] Use secrets.yml to set Pulp admin password, update readme --- README.rst | 25 ++++++++++++------------- etc/kayobe/pulp.yml | 2 +- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/README.rst b/README.rst index d51b722e8..b632fad71 100644 --- a/README.rst +++ b/README.rst @@ -18,7 +18,7 @@ repositories on Ark is controlled via X.509 certificates issued by StackHPC. This configuration is a base, and should be merged with any existing Kayobe configuration. It currently provides the following: -* Configuration to deploy a local Pulp service +* Configuration to deploy a local Pulp service as a container on the seed * Pulp repository definitions for CentOS Stream 8 * Playbooks to synchronise a local Pulp service with Ark * Configuration to use the local Pulp repository mirrors on control plane hosts @@ -69,20 +69,19 @@ need to merge the changes in this repository into your repository. Configuration ============= -The URL and credentials of the local Pulp server should be configured in -``etc/kayobe/pulp.yml`` in advance of deployment, using Ansible Vault -to encrypt the password: +Local Pulp server +----------------- -.. code-block:: yaml - - pulp_url: "http://{{ admin_oc_net_name | net_ip(groups['seed'][0]) }}:8080" - pulp_username: admin - pulp_password: +The URL and credentials of the local Pulp server are configured in +``etc/kayobe/pulp.yml`` via ``pulp_url``, ``pulp_username`` and +``pulp_password``. In most cases, the default values should be sufficient. +An admin password must be generated and set as the value of a +``secrets_pulp_password`` variable, typically in an Ansible Vault encrypted +``etc/kayobe/secrets.yml`` file. This password will be automatically set on +Pulp startup. -This is used to configure `Basic Auth for the Pulp API -`__. -Note that ``pulp_username`` is currently unused as only `admin` is supported. -``pulp_password`` is used to automatically set the admin password. +StackHPC Ark +------------ The container image registry credentials issued by StackHPC should be configured in ``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 3babd9b66..fde63a14d 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -8,7 +8,7 @@ pulp_url: "http://{{ admin_oc_net_name | net_ip(groups['seed'][0]) }}:8080" # Credentials used to access the local Pulp REST API. pulp_username: admin -pulp_password: +pulp_password: "{{ secrets_pulp_password }}" ############################################################################### # StackHPC Pulp server