forked from theforeman/foremanctl
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.yaml
More file actions
150 lines (134 loc) · 5.09 KB
/
main.yaml
File metadata and controls
150 lines (134 loc) · 5.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
- name: Pull the Foreman container image
containers.podman.podman_image:
name: "{{ foreman_container_image }}:{{ foreman_container_tag }}"
state: present
- name: Create secret for DATABASE_URL
containers.podman.podman_secret:
state: present
name: foreman-database-url
data: "postgresql://foreman:{{ foreman_db_password }}@localhost/foreman"
- name: Create settings config secret
containers.podman.podman_secret:
state: present
name: foreman-settings-yaml
data: "{{ lookup('ansible.builtin.template', 'settings.yaml.j2') }}"
- name: Create katello config secret
containers.podman.podman_secret:
state: present
name: foreman-katello-yaml
data: "{{ lookup('ansible.builtin.template', 'katello.yaml.j2') }}"
- name: Create dynflow hosts_queue worker config secret
containers.podman.podman_secret:
state: present
name: foreman-dynflow-worker-hosts-queue-yaml
data: "{{ lookup('ansible.builtin.template', 'dynflow-worker-hosts-queue.yml') }}"
- name: Create the podman secret for Foreman CA certificate
containers.podman.podman_secret:
name: foreman-ca-cert
path: "{{ foreman_ca_certificate }}"
state: present
- name: Create the podman secret for Foreman client certificate
containers.podman.podman_secret:
state: present
name: foreman-client-cert
path: "{{ foreman_client_certificate }}"
- name: Create the podman secret for Foreman client key
containers.podman.podman_secret:
state: present
name: foreman-client-key
path: "{{ foreman_client_key }}"
- name: Deploy Foreman Container
containers.podman.podman_container:
name: "foreman"
image: "{{ foreman_container_image }}:{{ foreman_container_tag }}"
state: quadlet
network: host
hostname: "{{ ansible_fqdn }}"
secrets:
- 'foreman-database-url,type=env,target=DATABASE_URL'
- 'foreman-settings-yaml,type=mount,target=/etc/foreman/settings.yaml'
- 'foreman-katello-yaml,type=mount,target=/etc/foreman/plugins/katello.yaml'
- 'foreman-ca-cert,type=mount,target=/etc/foreman/katello-default-ca.crt'
- 'foreman-client-cert,type=mount,target=/etc/foreman/client_cert.pem'
- 'foreman-client-key,type=mount,target=/etc/foreman/client_key.pem'
env:
SEED_ADMIN_PASSWORD: changeme
quadlet_options:
- |
[Install]
WantedBy=default.target
- name: Deploy Dynflow Container
containers.podman.podman_container:
name: "dynflow-sidekiq-%i"
quadlet_filename: "dynflow-sidekiq@"
image: "{{ foreman_container_image }}:{{ foreman_container_tag }}"
state: quadlet
network: host
hostname: "{{ ansible_fqdn }}"
secrets:
- 'foreman-database-url,type=env,target=DATABASE_URL'
- 'foreman-settings-yaml,type=mount,target=/etc/foreman/settings.yaml'
- 'foreman-katello-yaml,type=mount,target=/etc/foreman/plugins/katello.yaml'
- 'foreman-ca-cert,type=mount,target=/etc/foreman/katello-default-ca.crt'
- 'foreman-client-cert,type=mount,target=/etc/foreman/client_cert.pem'
- 'foreman-client-key,type=mount,target=/etc/foreman/client_key.pem'
- 'foreman-dynflow-worker-hosts-queue-yaml,type=mount,target=/etc/foreman/dynflow/worker-hosts-queue.yml'
env:
DYNFLOW_SIDEKIQ_SCRIPT: "/usr/share/foreman/extras/dynflow-sidekiq.rb"
DYNFLOW_REDIS_URL: "redis://localhost:6379/6"
REDIS_PROVIDER: "DYNFLOW_REDIS_URL"
command: "/usr/libexec/foreman/sidekiq-selinux -e production -r /usr/share/foreman/extras/dynflow-sidekiq.rb -C /etc/foreman/dynflow/%i.yml"
quadlet_options:
- |
[Install]
WantedBy=default.target
- name: Create Dynflow Container instances
ansible.builtin.file:
state: link
src: "/etc/containers/systemd/dynflow-sidekiq@.container"
dest: "/etc/containers/systemd/dynflow-sidekiq@{{ item }}.container"
loop:
- orchestrator
- worker
- worker-hosts-queue
- name: Run daemon reload to make Quadlet create the service files
ansible.builtin.systemd:
daemon_reload: true
- name: Start the Foreman Service
ansible.builtin.systemd:
name: foreman
enabled: true
state: started
- name: Wait for Foreman service to be accessible
ansible.builtin.uri:
url: 'http://{{ ansible_hostname }}:3000/api/v2/ping'
until: foreman_status.status == 200
retries: 60
delay: 5
register: foreman_status
- name: Start the Dynflow Services
ansible.builtin.systemd:
name: "dynflow-sidekiq@{{ item }}"
enabled: true
state: started
loop:
- orchestrator
- worker
- worker-hosts-queue
- name: Wait for Foreman tasks to be ready
ansible.builtin.uri:
url: 'http://{{ ansible_hostname }}:3000/api/v2/ping'
until: foreman_tasks_status.json['results']['katello']['services']['foreman_tasks']['status'] == 'ok'
retries: 60
delay: 5
register: foreman_tasks_status
when:
- "'katello' in foreman_status.json['results']"
- name: Configure Foreman Proxy
theforeman.foreman.smart_proxy:
name: "{{ ansible_fqdn }}-pulp"
url: "https://{{ ansible_fqdn }}/pulp/api/v3/smart_proxy"
server_url: "http://{{ ansible_fqdn }}:3000"
username: admin
password: changeme