Deploy a local pulp server on the seed

README.rst

@@ -18,6 +18,7 @@ repositories on Ark is controlled via X.509 certificates issued by StackHPC.
 This configuration is a base, and should be merged with any existing Kayobe
 configuration. It currently provides the following:
 
+* Configuration to deploy a local Pulp service as a container on the seed
 * Pulp repository definitions for CentOS Stream 8
 * Playbooks to synchronise a local Pulp service with Ark
 * Configuration to use the local Pulp repository mirrors on control plane hosts
@@ -68,14 +69,19 @@ need to merge the changes in this repository into your repository.
 Configuration
 =============
 
-The URL and credentials of the local Pulp server should be configured in
-``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the password:
+Local Pulp server
+-----------------
 
-.. code-block:: yaml
+The URL and credentials of the local Pulp server are configured in
+``etc/kayobe/pulp.yml`` via ``pulp_url``, ``pulp_username`` and
+``pulp_password``. In most cases, the default values should be sufficient.
+An admin password must be generated and set as the value of a
+``secrets_pulp_password`` variable, typically in an Ansible Vault encrypted
+``etc/kayobe/secrets.yml`` file. This password will be automatically set on
+Pulp startup.
 
-   pulp_url: <url>
-   pulp_username: admin
-   pulp_password: <password>
+StackHPC Ark
+------------
 
 The container image registry credentials issued by StackHPC should be
 configured in ``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the
@@ -98,6 +104,10 @@ The distribution name for the environment should be configured as either
 Usage
 =====
 
+The local Pulp service will be deployed as a `Seed custom container
+<https://docs.openstack.org/kayobe/wallaby/configuration/reference/seed-custom-containers.html>`__
+on next ``kayobe seed service deploy`` or ``kayobe seed service upgrade``.
+
 The following custom playbooks are provided in ``etc/kayobe/ansible/``:
 
 See the Kayobe `custom playbook documentation

etc/kayobe/containers/pulp/post.yml

@@ -0,0 +1,19 @@
+---
+- name: Wait for Pulp to become ready
+  uri:
+    url: "{{ pulp_url }}/pulp/api/v3/status/"
+  register: pulp_status
+  until: pulp_status is success
+  retries: 30
+  delay: 2
+
+- name: Set the Pulp admin password
+  become: true
+  command: >-
+    docker exec -u root {{ seed_containers.pulp.name }}
+    bash -c
+      'pulpcore-manager reset-admin-password -p {{ pulp_password }}'
+  no_log: true
+  register: pulp_manager_result
+  failed_when:
+    - "'Successfully set password' not in pulp_manager_result.stdout"

etc/kayobe/containers/pulp/pre.yml

@@ -0,0 +1,21 @@
+---
+- name: Ensure /opt/kayobe/containers/pulp exists
+  file:
+    path: "/opt/kayobe/containers/pulp"
+    state: directory
+  become: true
+
+- name: Ensure required Docker volumes exist
+  docker_volume:
+    name: "{{ item }}"
+  loop:
+    - pulp_containers
+    - pulp_pgsql
+    - pulp_storage
+
+- name: Copy modified settings.py
+  template:
+    src: "{{ kayobe_config_path }}/containers/pulp/settings.py"
+    dest: /opt/kayobe/containers/pulp/settings.py
+    mode: 0644
+  become: true

etc/kayobe/containers/pulp/settings.py

@@ -0,0 +1,4 @@
+CONTENT_ORIGIN='http://{{ ansible_facts.fqdn }}'
+ANSIBLE_API_HOSTNAME='http://{{ ansible_facts.fqdn }}'
+ANSIBLE_CONTENT_HOSTNAME='http://{{ ansible_facts.fqdn }}/pulp/content'
+TOKEN_AUTH_DISABLED=True

etc/kayobe/pulp.yml

@@ -2,10 +2,13 @@
 ###############################################################################
 # Local Pulp access credentials
 
-pulp_url: http://localhost:8080
-pulp_username: admin
-pulp_password:
+# Base URL of the local Pulp service.
+# Default uses the seed node's IP on the admin network.
+pulp_url: "http://{{ admin_oc_net_name | net_ip(groups['seed'][0]) }}:8080"
 
+# Credentials used to access the local Pulp REST API.
+pulp_username: admin
+pulp_password: "{{ secrets_pulp_password }}"
 
 ###############################################################################
 # StackHPC Pulp server

etc/kayobe/seed.yml

@@ -95,7 +95,20 @@
 #     pre: "{{ kayobe_env_config_path }}/containers/squid/pre.yml"
 #     post: "{{ kayobe_env_config_path }}/containers/squid/post.yml"
 #
-#seed_containers:
+seed_containers:
+  pulp:
+    name: pulp
+    image: pulp/pulp
+    pre: "{{ kayobe_config_path }}/containers/pulp/pre.yml"
+    post: "{{ kayobe_config_path }}/containers/pulp/post.yml"
+    tag: "3.16"
+    network_mode: host
+    volumes:
+      - /opt/kayobe/containers/pulp:/etc/pulp
+      - pulp_storage:/var/lib/pulp
+      - pulp_pgsql:/var/lib/pgsql
+      - pulp_containers:/var/lib/containers
+    restart_policy: unless-stopped
 
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.