From c9e394384c525c91b835b978777cdb708e8aa715 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Tue, 4 Jul 2023 17:38:55 +0200 Subject: [PATCH 1/2] server container: expose metrics endpoints --- salt/server_containerized/k3s-traefik-config.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/salt/server_containerized/k3s-traefik-config.yaml b/salt/server_containerized/k3s-traefik-config.yaml index e27590046..fd78e0024 100644 --- a/salt/server_containerized/k3s-traefik-config.yaml +++ b/salt/server_containerized/k3s-traefik-config.yaml @@ -36,6 +36,16 @@ spec: expose: true exposedPort: 8001 protocol: TCP + psql-metrics: + port: 9187 + expose: true + exposedPort: 9187 + protocol: TCP + node-metrics: + port: 9101 + expose: true + exposedPort: 9101 + protocol: TCP tftp: port: 69 expose: true From 158c80142f2cb26d92dc1d04b93e80fa9f790d8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Mon, 31 Jul 2023 17:20:55 +0200 Subject: [PATCH 2/2] Use uyuniadm to install the containerized server Since uyuniadm install embeds all the logic to setup a containerized server use it to setup both k3s and podman containers. --- modules/server_containerized/main.tf | 2 + modules/server_containerized/variables.tf | 5 ++ .../cert-manager-selfsigned-issuer.yaml | 44 ---------- salt/server_containerized/chart-values.yaml | 14 --- salt/server_containerized/init.sls | 3 +- salt/server_containerized/install_k3s.sls | 88 ------------------- salt/server_containerized/install_podman.sls | 87 +----------------- .../server_containerized/install_uyuniadm.sls | 25 ++++++ salt/server_containerized/tools.sls | 7 ++ salt/server_containerized/uyuniadm.yaml | 33 +++++++ .../wait_for_kube_resource.py | 35 -------- .../wait_for_setup_end.py | 37 -------- 12 files changed, 75 insertions(+), 305 deletions(-) delete mode 100644 salt/server_containerized/cert-manager-selfsigned-issuer.yaml create mode 100644 salt/server_containerized/install_uyuniadm.sls create mode 100644 salt/server_containerized/uyuniadm.yaml delete mode 100644 salt/server_containerized/wait_for_kube_resource.py delete mode 100644 salt/server_containerized/wait_for_setup_end.py diff --git a/modules/server_containerized/main.tf b/modules/server_containerized/main.tf index 15a6797fa..660df07ea 100644 --- a/modules/server_containerized/main.tf +++ b/modules/server_containerized/main.tf @@ -46,6 +46,8 @@ module "server_containerized" { server_username = var.server_username server_password = var.server_password java_debugging = var.java_debugging + from_email = var.from_email + traceback_email = var.traceback_email skip_changelog_import = var.skip_changelog_import create_first_user = var.create_first_user mgr_sync_autologin = var.mgr_sync_autologin diff --git a/modules/server_containerized/variables.tf b/modules/server_containerized/variables.tf index 6557b03d9..467ceb3b1 100644 --- a/modules/server_containerized/variables.tf +++ b/modules/server_containerized/variables.tf @@ -172,6 +172,11 @@ variable "from_email" { default = null } +variable "traceback_email" { + description = "recipient email address that will receive errors during usage" + default = null +} + variable "smt" { description = "URL to an SMT server to get packages from" default = null diff --git a/salt/server_containerized/cert-manager-selfsigned-issuer.yaml b/salt/server_containerized/cert-manager-selfsigned-issuer.yaml deleted file mode 100644 index 171830319..000000000 --- a/salt/server_containerized/cert-manager-selfsigned-issuer.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: uyuni-issuer - namespace: default -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: uyuni-ca - namespace: default -spec: - isCA: true - subject: - countries: ["DE"] - provinces: ["Bayern"] - localities: ["Nuernberg"] - organizations: ["SUSE"] - organizationalUnits: ["SUSE"] - emailAddresses: - - galaxy-noise@suse.de - commonName: {{ grains.get('fqdn') }} - dnsNames: - - {{ grains.get('fqdn') }} - secretName: uyuni-ca - privateKey: - algorithm: ECDSA - size: 256 - issuerRef: - name: uyuni-issuer - kind: Issuer - group: cert-manager.io ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: uyuni-ca-issuer - namespace: default -spec: - ca: - secretName: - uyuni-ca diff --git a/salt/server_containerized/chart-values.yaml b/salt/server_containerized/chart-values.yaml index fcb9bbd46..ad77d90ce 100644 --- a/salt/server_containerized/chart-values.yaml +++ b/salt/server_containerized/chart-values.yaml @@ -1,15 +1 @@ -ingressSslAnnotations: - cert-manager.io/issuer: uyuni-ca-issuer -{%- if grains.get("container_repository") %} -repository: {{ grains.get("container_repository") }} -{%- endif %} exposeJavaDebug: {{ grains.get("java_debugging") }} -uyuniMailFrom: {{ grains.get("from_email") }} -fqdn: {{ grains.get("fqdn") }} -sccUser: {{ grains.get("cc_username") }} -sccPass: {{ grains.get("cc_password") }} -{%- set mirror_hostname = grains.get('server_mounted_mirror') if grains.get('server_mounted_mirror') else grains.get('mirror') %} -{%- if mirror_hostname %} -mirror: - hostPath: /srv/mirror -{%- endif %} diff --git a/salt/server_containerized/init.sls b/salt/server_containerized/init.sls index dfb84b28a..dbb4b97ad 100644 --- a/salt/server_containerized/init.sls +++ b/salt/server_containerized/init.sls @@ -2,8 +2,7 @@ include: {% if 'build_image' not in grains.get('product_version') | default('', true) %} - repos {% endif %} - #- server.salt_master #required by sumaform monitoring - - server_containerized.install_{{ grains.get('container_runtime') | default('podman', true) }} + - server_containerized.install_uyuniadm - server_containerized.initial_content - server_containerized.tools - server_containerized.testsuite diff --git a/salt/server_containerized/install_k3s.sls b/salt/server_containerized/install_k3s.sls index eba412b42..52f0ee2a9 100644 --- a/salt/server_containerized/install_k3s.sls +++ b/salt/server_containerized/install_k3s.sls @@ -20,96 +20,8 @@ helm_install: - refresh: True - name: helm -cert_manager_install: - cmd.run: - - name: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml - - unless: kubectl get deployment -n cert-manager | grep cert-manager - -wait_cert_manager_ready: - cmd.script: - - name: salt://server_containerized/wait_for_kube_resource.py - - args: cert-manager deployment cert-manager-webhook - - use_vt: True - - template: jinja - - require: - - cmd: cert_manager_install - -ca_issuer_file: - file.managed: - - name: /root/cert-manager-issuer.yaml - - source: salt://server_containerized/cert-manager-selfsigned-issuer.yaml - - template: jinja - -ca_issuer: - cmd.run: - - name: kubectl apply -f /root/cert-manager-issuer.yaml - - unless: kubectl get issuer | grep uyuni-ca-issuer - - require: - - file: ca_issuer_file - - cmd: wait_cert_manager_ready - -wait_issuer_ready: - cmd.script: - - name: salt://server_containerized/wait_for_kube_resource.py - - args: default issuer uyuni-ca-issuer - - use_vt: True - - template: jinja - - require: - - cmd: ca_issuer - -get_ca: - cmd.run: - - name: kubectl get secret uyuni-ca -o=jsonpath='{.data.ca\.crt}' | base64 -d > /root/ca.crt - - creates: /root/ca.crt - - require: - - cmd: wait_issuer_ready - -ca_configmap_file: - cmd.run: - - name: kubectl create configmap uyuni-ca --from-file=/root/ca.crt --dry-run=client -o yaml >/root/uyuni-ca.yaml - - creates: /root/uyuni-ca.yaml - - require: - - cmd: get_ca - -ca_configmap: - cmd.run: - - name: kubectl apply -f /root/uyuni-ca.yaml - - require: - - cmd: ca_configmap_file - chart_values_file: file.managed: - name: /root/chart-values.yaml - source: salt://server_containerized/chart-values.yaml - template: jinja - -{% set helm_chart_default = 'oci://registry.opensuse.org/uyuni/server' %} - -chart_install: - cmd.run: - - name: helm upgrade --install uyuni {{ grains.get("helm_chart_url") | default(helm_chart_default, true) }} -f /root/chart-values.yaml - - env: - - KUBECONFIG: /etc/rancher/k3s/k3s.yaml - - unless: helm --kubeconfig /etc/rancher/k3s/k3s.yaml list | grep uyuni - - require: - - file: chart_values_file - - cmd: ca_configmap - - sls: server_containerized.install_common - -wait_pod_running: - cmd.script: - - name: salt://server_containerized/wait_for_kube_resource.py - - args: default pod -lapp=uyuni - - use_vt: True - - template: jinja - - require: - - cmd: chart_install - -wait_for_setup_end: - cmd.script: - - name: salt://server_containerized/wait_for_setup_end.py - - args: {{ grains.get('container_runtime') }} - - use_vt: True - - template: jinja - - require: - - cmd: wait_pod_running diff --git a/salt/server_containerized/install_podman.sls b/salt/server_containerized/install_podman.sls index 4548b85d0..02072b9a8 100644 --- a/salt/server_containerized/install_podman.sls +++ b/salt/server_containerized/install_podman.sls @@ -1,93 +1,10 @@ include: - server_containerized.install_common -server_packages: +podman_package: pkg.installed: - - refresh: True - - name: uyuni-server-systemd-services + - name: podman - require: {% if 'build_image' not in grains.get('product_version') | default('', true) %} - sls: repos {% endif %} - -uyuni_server_services_config_sccuser: - file.replace: - - name: /etc/sysconfig/uyuni-server-systemd-services - - pattern: ^SCC_USER=.*$ - - repl: SCC_USER="{{ grains.get('cc_username') }}" - - append_if_not_found: True - -uyuni_server_services_config_sccpass: - file.replace: - - name: /etc/sysconfig/uyuni-server-systemd-services - - pattern: ^SCC_PASS=.*$ - - repl: SCC_PASS="{{ grains.get('cc_password') }}" - - append_if_not_found: True - -uyuni_server_services_config_fqdn: - file.replace: - - name: /etc/sysconfig/uyuni-server-systemd-services - - pattern: ^(REPORT_DB_HOST|UYUNI_FQDN)=.*$ - - repl: \1="{{ grains.get('fqdn') }}" - - append_if_not_found: True - -{% if grains.get("java_debugging") %} -uyuni_server_services_config_debug: - file.replace: - - name: /etc/sysconfig/uyuni-server-systemd-services - - pattern: ^EXTRA_POD_ARGS='([^']*)'$ - - repl: EXTRA_POD_ARGS='-p 8000:8000 -p 8001:8001 \1' - - append_if_not_found: True -{% endif %} - -{% if grains.get("container_repository") -%} -uyuni-server-services_config: - file.replace: - - name: /etc/sysconfig/uyuni-server-systemd-services - - pattern: ^NAMESPACE=.*$ - - repl: NAMESPACE="{{ grains.get('container_repository') }}" - - append_if_not_found: True -{%- endif %} - -{%- set mirror_hostname = grains.get('server_mounted_mirror') if grains.get('server_mounted_mirror') else grains.get('mirror') %} -{% if mirror_hostname -%} -uyuni_server_services_config_mirror: - file.replace: - - name: /etc/sysconfig/uyuni-server-systemd-services - - pattern: ^EXTRA_POD_ARGS='([^']*)'$ - - repl: EXTRA_POD_ARGS='-v=/srv/mirror:/mirror -e MIRROR_PATH=/mirror \1' - - append_if_not_found: True -{%- endif %} - -uyuni-server_service: - service.running: - - name: uyuni-server - - enable: True - - require: - - pkg: uyuni-server-systemd-services - - sls: server_containerized.install_common - - file: uyuni_server_services_config_sccuser - - file: uyuni_server_services_config_sccpass - - file: uyuni_server_services_config_fqdn -{% if grains.get("java_debugging") %} - - file: uyuni_server_services_config_debug -{% endif %} -{% if mirror_hostname %} - - file: uyuni_server_services_config_mirror -{% endif %} -{% if grains.get("container_repository") %} - - file: uyuni-server-services_config - - watch: - - file: uyuni-server-services_config -{% endif %} - -wait_for_setup_end: - cmd.script: - - name: salt://server_containerized/wait_for_setup_end.py - - args: {{ grains.get('container_runtime') }} - - use_vt: True - - template: jinja - - require: - - sls: server_containerized.install_common - - service: uyuni-server_service - diff --git a/salt/server_containerized/install_uyuniadm.sls b/salt/server_containerized/install_uyuniadm.sls new file mode 100644 index 000000000..bd51122de --- /dev/null +++ b/salt/server_containerized/install_uyuniadm.sls @@ -0,0 +1,25 @@ +include: + - server_containerized.install_{{ grains.get('container_runtime') | default('podman', true) }} + +uyuniadm_config: + file.managed: + - name: /root/uyuniadm.yaml + - source: salt://server_containerized/uyuniadm.yaml + - template: jinja + +uyuniadm_install: + cmd.run: + - name: uyuniadm install --config /root/uyuniadm.yaml {{ grains.get("fqdn") }} + - env: + - KUBECONFIG: /etc/rancher/k3s/k3s.yaml +{%- if grains.get('container_runtime') | default('podman', true) == 'podman' %} + - unless: podman ps | grep uyuni-server +{%- else %} + - unless: helm --kubeconfig /etc/rancher/k3s/k3s.yaml list | grep uyuni +{%- endif %} + - require: + - sls: server_containerized.tools + - sls: server_containerized.install_common + - sls: server_containerized.install_{{ grains.get('container_runtime') | default('podman', true) }} + - file: uyuniadm_config + diff --git a/salt/server_containerized/tools.sls b/salt/server_containerized/tools.sls index f02139970..ceeb4cf86 100644 --- a/salt/server_containerized/tools.sls +++ b/salt/server_containerized/tools.sls @@ -25,3 +25,10 @@ uyunictl_symlink: - target: /root/uyuni-tools/bin/uyunictl - require: - cmd: tools_built + +uyuniadm_symlink: + file.symlink: + - name: /usr/bin/uyuniadm + - target: /root/uyuni-tools/bin/uyuniadm + - require: + - cmd: tools_built diff --git a/salt/server_containerized/uyuniadm.yaml b/salt/server_containerized/uyuniadm.yaml new file mode 100644 index 000000000..25786c408 --- /dev/null +++ b/salt/server_containerized/uyuniadm.yaml @@ -0,0 +1,33 @@ +db: + password: spacewalk +cert: + password: spacewalk +scc: + user: {{ grains.get("cc_username") }} + password: {{ grains.get("cc_password") }} +email: {{ grains.get("traceback_email") | default('galaxy-noise@suse.de', true) }} +emailFrom: {{ grains.get("from_email") | default('galaxy-noise@suse.de', true) }} +{%- if grains.get('container_repository') %} +image: {{ grains.get('container_repository') }}/server +{% endif %} +{%- set mirror_hostname = grains.get('server_mounted_mirror') if grains.get('server_mounted_mirror') else grains.get('mirror') %} +{%- if mirror_hostname %} +mirrorPath: /srv/mirror +{% endif -%} +{% set helm_chart_default = 'oci://registry.opensuse.org/uyuni/server' %} +helm: + uyuni: + chart: {{ grains.get("helm_chart_url") | default(helm_chart_default, true) }} + values: /root/chart-values.yaml +podman: + arg: +{%- if mirror_hostname %} + - -v=/srv/mirror:/mirror +{%- endif %} +{%- if grains.get("java_debugging") %} + - -p + - 8000:8000 + - -p + - 8001:8001 +{%- endif %} + - "" diff --git a/salt/server_containerized/wait_for_kube_resource.py b/salt/server_containerized/wait_for_kube_resource.py deleted file mode 100644 index 766cfea92..000000000 --- a/salt/server_containerized/wait_for_kube_resource.py +++ /dev/null @@ -1,35 +0,0 @@ -#!{{grains['pythonexecutable']}} - -import subprocess -import sys -import time - - -if len(sys.argv) != 4: - print("Usage: wait_for_kube_resource.py ") - -_, namespace, kind, name = sys.argv - -print("Waiting for {} {} to be ready...".format(name, kind)) - -ready_check = "grep Running" -if kind in ["service", "svc"]: - ready_check = "wc -l | grep 1" -elif kind == "deployment": - ready_check = "grep 1/1" -elif kind == "issuer": - ready_check = "grep True" - -cmd = "kubectl get --no-headers -n {} {} {} | {}".format(namespace, kind, name, ready_check) - -while True: - - process = subprocess.run(cmd, shell=True) - if process.returncode == 0: - break - - print("... not finished yet...") - time.sleep(10) - -print("Done.") - diff --git a/salt/server_containerized/wait_for_setup_end.py b/salt/server_containerized/wait_for_setup_end.py deleted file mode 100644 index f005ec885..000000000 --- a/salt/server_containerized/wait_for_setup_end.py +++ /dev/null @@ -1,37 +0,0 @@ -#!{{grains['pythonexecutable']}} - -import subprocess -import sys -import time - - -if len(sys.argv) != 2: - print("Usage: wait_for_setup_end.py podman|k3s") - -_, runtime = sys.argv - -print("Waiting for setup to complete...") - -cmd = "" -if runtime == "podman": - cmd = "podman exec uyuni-server " -elif runtime == "k3s": - cmd = "kubectl exec $(kubectl get pod -lapp=uyuni -o jsonpath={.items[0].metadata.name}) -- " - -enabled_cmd = cmd + "systemctl is-enabled uyuni-setup" -failed_cmd = cmd + "systemctl is-failed uyuni-setup" - -while True: - enabled_process = subprocess.run(enabled_cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - if enabled_process.returncode == 1 and b"Failed to connect to bus" not in enabled_process.stdout: - break - - failed_process = subprocess.run(failed_cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - if failed_process.returncode == 0: - print("Failed") - sys.exit(1) - - print("... not finished yet...") - time.sleep(10) - -print("Done.")