Backport: local pulp deployment & small fixes (Victoria)

README.rst

@@ -19,6 +19,7 @@ repositories on Ark is controlled via X.509 certificates issued by StackHPC.
 This configuration is a base, and should be merged with any existing Kayobe
 configuration. It currently provides the following:
 
+* Configuration to deploy a local Pulp service as a container on the seed
 * Pulp repository definitions for CentOS Stream 8
 * Playbooks to synchronise a local Pulp service with Ark
 * Configuration to use the local Pulp repository mirrors on control plane hosts
@@ -63,19 +64,24 @@ need to merge the changes in this repository into your repository.
 Configuration
 =============
 
-The URL and credentials of the local Pulp server should be configured in
-``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the password:
+Local Pulp server
+-----------------
 
-.. code-block:: yaml
+The URL and credentials of the local Pulp server are configured in
+``etc/kayobe/pulp.yml`` via ``pulp_url``, ``pulp_username`` and
+``pulp_password``. In most cases, the default values should be sufficient.
+An admin password must be generated and set as the value of a
+``secrets_pulp_password`` variable, typically in an Ansible Vault encrypted
+``etc/kayobe/secrets.yml`` file. This password will be automatically set on
+Pulp startup.
 
-   pulp_url: <url>
-   pulp_username: admin
-   pulp_password: <password>
+StackHPC Ark
+------------
 
-The client certificate and key issued by StackHPC should be stored in
-``certs/ark.stackhpc.com/client-cert.pem`` and
-``certs/ark.stackhpc.com/client-key.pem``, respectively, with the private key
-encrypted via Ansible Vault.
+The client certificate and private key issued by StackHPC should be stored in
+``etc/kayobe/ansible/certs/ark.stackhpc.com/client-cert.pem`` and
+``etc/kayobe/ansible/certs/ark.stackhpc.com/client-key.pem``, respectively,
+with the private key encrypted via Ansible Vault.
 
 The distribution name for the environment should be configured as either
 ``development`` or ``production`` via ``stackhpc_repo_distribution`` in
@@ -84,9 +90,14 @@ The distribution name for the environment should be configured as either
 Usage
 =====
 
-Several custom playbooks are provided in ``etc/kayobe/ansible/``.  See the
-Kayobe `custom playbook documentation
-<https://docs.openstack.org/kayobe/victoria/custom-ansible-playbooks.html>`__
+The local Pulp service will be deployed as a `Seed custom container
+<https://docs.openstack.org/kayobe/wallaby/configuration/reference/seed-custom-containers.html>`__
+on next ``kayobe seed service deploy`` or ``kayobe seed service upgrade``.
+
+The following custom playbooks are provided in ``etc/kayobe/ansible/``:
+
+See the Kayobe `custom playbook documentation
+<https://docs.openstack.org/kayobe/wallaby/custom-ansible-playbooks.html>`__
 for information on how to run them.
 
 * ``pulp-repo-sync.yml``: Pull packages from Ark to the local Pulp. This will
@@ -99,7 +110,7 @@ for information on how to run them.
   (typically a development or staging environment). The new packages will not
   be available to cloud nodes using the ``production`` distribution until they
   have been promoted.
-* ``pulp-repo-promote.yml``: Promote packages in the ``development``
+* ``pulp-repo-promote-production.yml``: Promote packages in the ``development``
   distribution to the ``production`` distribution in the local Pulp. This will
   make all packages currently available to cloud nodes using the
   ``development`` distribution also available to cloud nodes using the

etc/kayobe/containers/pulp/post.yml

@@ -0,0 +1,19 @@
+---
+- name: Wait for Pulp to become ready
+  uri:
+    url: "{{ pulp_url }}/pulp/api/v3/status/"
+  register: pulp_status
+  until: pulp_status is success
+  retries: 30
+  delay: 2
+
+- name: Set the Pulp admin password
+  become: true
+  command: >-
+    docker exec -u root {{ seed_containers.pulp.name }}
+    bash -c
+      'pulpcore-manager reset-admin-password -p {{ pulp_password }}'
+  no_log: true
+  register: pulp_manager_result
+  failed_when:
+    - "'Successfully set password' not in pulp_manager_result.stdout"

etc/kayobe/containers/pulp/pre.yml

@@ -0,0 +1,21 @@
+---
+- name: Ensure /opt/kayobe/containers/pulp exists
+  file:
+    path: "/opt/kayobe/containers/pulp"
+    state: directory
+  become: true
+
+- name: Ensure required Docker volumes exist
+  docker_volume:
+    name: "{{ item }}"
+  loop:
+    - pulp_containers
+    - pulp_pgsql
+    - pulp_storage
+
+- name: Copy modified settings.py
+  template:
+    src: "{{ kayobe_config_path }}/containers/pulp/settings.py"
+    dest: /opt/kayobe/containers/pulp/settings.py
+    mode: 0644
+  become: true

etc/kayobe/containers/pulp/settings.py

@@ -0,0 +1,4 @@
+CONTENT_ORIGIN='http://{{ ansible_facts.fqdn }}'
+ANSIBLE_API_HOSTNAME='http://{{ ansible_facts.fqdn }}'
+ANSIBLE_CONTENT_HOSTNAME='http://{{ ansible_facts.fqdn }}/pulp/content'
+TOKEN_AUTH_DISABLED=True

etc/kayobe/pulp.yml

@@ -2,10 +2,13 @@
 ###############################################################################
 # Local Pulp access credentials
 
-pulp_url: http://localhost:8080
-pulp_username: admin
-pulp_password:
+# Base URL of the local Pulp service.
+# Default uses the seed node's IP on the admin network.
+pulp_url: "http://{{ admin_oc_net_name | net_ip(groups['seed'][0]) }}:80"
 
+# Credentials used to access the local Pulp REST API.
+pulp_username: admin
+pulp_password: "{{ secrets_pulp_password }}"
 
 ###############################################################################
 # StackHPC Pulp server
@@ -118,36 +121,30 @@ stackhpc_pulp_distribution_rpm_development:
 stackhpc_pulp_distribution_rpm_production:
   # Base CentOS 8 Stream repositories
   - name: "centos-stream-8-baseos-production"
-    repository: CentOS Stream 8 - BaseOS
     base_path: "centos/8-stream/BaseOS/x86_64/os/production"
-    distribution: "centos-stream-8-baseos-staging"
+    distribution: "centos-stream-8-baseos-development"
     state: present
   - name: "centos-stream-8-appstream-production"
-    repository: CentOS Stream 8 - AppStream
     base_path: "centos/8-stream/AppStream/x86_64/os/production"
-    distribution: "centos-stream-8-appstream-staging"
+    distribution: "centos-stream-8-appstream-development"
     state: present
   - name: "centos-stream-8-extras-production"
-    repository: CentOS Stream 8 - Extras
     base_path: "centos/8-stream/extras/x86_64/os/production"
-    distribution: "centos-stream-8-extras-staging"
+    distribution: "centos-stream-8-extras-development"
     state: present
 
   # EPEL repositories
   - name: "extra-packages-for-enterprise-linux-8-x86_64-production"
-    repository: Extra Packages for Enterprise Linux 8 - x86_64
     base_path: "epel/8/Everything/x86_64/production"
-    distribution: "extra-packages-for-enterprise-linux-8-x86_64-staging"
+    distribution: "extra-packages-for-enterprise-linux-8-x86_64-development"
     state: present
   - name: "extra-packages-for-enterprise-linux-modular-8-x86_64-production"
-    repository: Extra Packages for Enterprise Linux Modular 8 - x86_64
     base_path: "epel/8/Modular/x86_64/production"
-    distribution: "extra-packages-for-enterprise-linux-modular-8-x86_64-staging"
+    distribution: "extra-packages-for-enterprise-linux-modular-8-x86_64-development"
     state: present
 
   # Third-party repositories
   - name: "docker-ce-for-centos-8-production"
-    repository: Docker CE for CentOS 8
     base_path: "docker-ce/centos/8/x86_64/stable/production"
-    distribution: "docker-ce-for-centos-8-staging"
+    distribution: "docker-ce-for-centos-8-development"
     state: present

etc/kayobe/seed.yml

@@ -95,7 +95,20 @@
 #     pre: "{{ kayobe_config_path }}/containers/squid/pre.yml"
 #     post: "{{ kayobe_config_path }}/containers/squid/post.yml"
 #
-#seed_containers:
+seed_containers:
+  pulp:
+    name: pulp
+    image: pulp/pulp
+    pre: "{{ kayobe_config_path }}/containers/pulp/pre.yml"
+    post: "{{ kayobe_config_path }}/containers/pulp/post.yml"
+    tag: "3.16"
+    network_mode: host
+    volumes:
+      - /opt/kayobe/containers/pulp:/etc/pulp
+      - pulp_storage:/var/lib/pulp
+      - pulp_pgsql:/var/lib/pgsql
+      - pulp_containers:/var/lib/containers
+    restart_policy: unless-stopped
 
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.