latest quadlet

Author: gildub

roles/tpa_single_node/defaults/main.yml

@@ -1,10 +1,10 @@
 ---
 # Storage Service
-tpa_single_node_storage_type: s3 # Either s3 or minio or other s3 compatible
+tpa_single_node_storage_type: minio # Either s3 or minio or other s3 compatible
 tpa_single_node_storage_region: eu-west-1 # <AWS S3 Storage region> # For Minio just keep eu-west-1
 # SQS_SERVICE
-tpa_single_node_event_bus_type: sqs # Either kafka or sqs
+tpa_single_node_event_bus_type: kafka # Either kafka or sqs
 ### AWS SQS fields
 tpa_single_node_sqs_region: eu-west-1 # AWS SQS Region
 # SSO_SERVICE
-tpa_single_node_oidc_type: cognito # Either Keycloak or AWS Cognito
+tpa_single_node_oidc_type: keycloak # Either Keycloak or AWS Cognito

roles/tpa_single_node/handlers/main.yml

@@ -1,9 +1 @@
 ---
-- name: Reload systemd
-  ansible.builtin.systemd_service:
-    name: "{{ item }}"
-  loop: "{{ services }}"
-
-- name: Reboot machine
-  ansible.builtin.reboot:
-    msg: "Rebooting machine..."

roles/tpa_single_node/tasks/bombastic/api.yml

@@ -11,7 +11,7 @@
   vars:
     specs:
       service: bombastic-api
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" 
       manifest_file: "{{ role_path }}/templates/manifests/bombastic/api/Deployment.yaml.j2"

roles/tpa_single_node/tasks/bombastic/indexer.yml

@@ -3,9 +3,9 @@
   vars:
     specs:
       service: bombastic-indexer
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" 
-      manifest_file: "{{ role_path }}/templates/manifests/bombastic/api/Deployment.yaml.j2"
+      manifest_file: "{{ role_path }}/templates/manifests/bombastic/indexer/Deployment.yaml.j2"
       configmaps:
         - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml"

roles/tpa_single_node/tasks/collector/osv.yml

@@ -18,10 +18,10 @@
   vars:
     specs:
       service: collector-osv
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" 
-      manifest_file: "{{ role_path }}/templates/manifests/bombastic/api/Deployment.yaml.j2"
+      manifest_file: "{{ role_path }}/templates/manifests/collector/osv/Deployment.yaml.j2"
       configmaps:
         - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/collector-osv.yaml"
         - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/collectorist-api-guac.yaml"

roles/tpa_single_node/tasks/collectorist/api.yml

@@ -29,7 +29,7 @@
   vars:
     specs:
       service: collectorist-api
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/collectorist/api/Deployment.yaml.j2"

roles/tpa_single_node/tasks/dataset/init.yml

@@ -4,7 +4,7 @@
   vars:
     specs:
       service: init-dataset
-      state: stopped
+      state: started
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/init/dataset/Deployment.yaml.j2"

roles/tpa_single_node/tasks/guac/bombastic_collector.yml

@@ -4,7 +4,7 @@
   vars:
     specs:
       service: guac-collector-bombastic
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/guac/bombastic-collector/Deployment.yaml.j2"

roles/tpa_single_node/tasks/guac/guac_collectsub.yml

@@ -4,7 +4,7 @@
   vars:
     specs:
       service: guac-collectsub
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/guac/collectsub/Deployment.yaml.j2"

roles/tpa_single_node/tasks/guac/guac_graphql.yml

@@ -4,7 +4,7 @@
   vars:
     specs:
       service: guac-graphql
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/guac/graphql/Deployment.yaml.j2"

roles/tpa_single_node/tasks/guac/vexination_collector.yml

@@ -4,7 +4,7 @@
   vars:
     specs:
       service: guac-collector-vexination
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/guac/vexination-collector/Deployment.yaml.j2"

roles/tpa_single_node/tasks/install_service.yml

@@ -3,13 +3,15 @@
     src: "{{ specs.manifest_file }}"
     dest: "{{ tpa_single_node_kube_manifest_dir }}/Deployments/{{ specs.service }}.yaml"
     mode: "0600"
+  register: copy_manifest
 
 - name: Generate {{ specs.service }} Quadlet file
   ansible.builtin.template:
     src: "{{ specs.kube_file }}"
     dest: "/etc/containers/systemd/{{ specs.service }}.kube"
     mode: "0600"
-  
+  register: copy_systemd_file
+
 - name: Add systemd timer for {{ specs.service }}
   when: specs.timer is defined
   ansible.builtin.template:
@@ -18,8 +20,11 @@
     mode: "0600"
   register: copy_systemd_timer_file
 
-- name: Add {{ specs.service }} to services list
-  ansible.builtin.set_fact:
-    services: "{{ services + [  specs.service ] }}"
-  changed_when: true
-  notify: Reload systemd
+- name: Restart Podman Service for {{ specs.service }}
+  ansible.builtin.systemd:
+    state: "{{ specs.state }}"
+    enabled: true
+    daemon_reload: true
+    name: "{{ specs.service }}"
+    no_block: true
+  when: copy_manifest.changed or copy_systemd_file.changed or copy_systemd_timer_file.changed

roles/tpa_single_node/tasks/main.yml

@@ -15,10 +15,6 @@
     - ansible_facts['distribution_major_version'] == '9'
     - (ansible_facts['distribution_version'] | split('.'))[1] | int >= 3
 
-- name: Create Services list
-  ansible.builtin.set_fact:
-    services: []
-
 - name: Install Operating System Components
   ansible.builtin.include_tasks: os.yml
   when: rhel

roles/tpa_single_node/tasks/spog/api.yml

@@ -34,7 +34,7 @@
   vars:
     specs:
       service: spog-api
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/spog/api/Deployment.yaml.j2"

roles/tpa_single_node/tasks/spog/nginx.yml

@@ -24,7 +24,7 @@
   vars:
     specs:
       service: nginx
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/nginx/Deployment.yaml.j2"

roles/tpa_single_node/tasks/spog/ui.yml

@@ -30,7 +30,7 @@
   vars:
     specs:
       service: spog-ui
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/spog/ui/Deployment.yaml.j2"

roles/tpa_single_node/tasks/v11y/api.yml

@@ -11,7 +11,7 @@
   vars:
     specs:
       service: v11y-api
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/v11y/api/Deployment.yaml.j2"    

roles/tpa_single_node/tasks/v11y/indexer.yml

@@ -3,7 +3,7 @@
   vars:
     specs:
       service: v11y-indexer
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/v11y/indexer/Deployment.yaml.j2"

roles/tpa_single_node/tasks/vexination/api.yml

@@ -11,7 +11,7 @@
   vars:
     specs:
       service: vexination-api
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/vexination/api/Deployment.yaml.j2"

roles/tpa_single_node/tasks/vexination/indexer.yml

@@ -3,7 +3,7 @@
   vars:
     specs:
       service: vexination-indexer
-      state: started
+      state: restarted
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
       manifest_file: "{{ role_path }}/templates/manifests/vexination/indexer/Deployment.yaml.j2"

roles/tpa_single_node/tasks/vexination/walker.yml

@@ -8,7 +8,7 @@
       state: stopped
       network: "{{ tpa_single_node_podman_network }}"
       kube_file: "{{ role_path }}/templates/systemd/default.kube.j2"
-      manifest_file: "{{ role_path }}/templates/manifests/vexination/walker//Deployment.yaml.j2"
+      manifest_file: "{{ role_path }}/templates/manifests/vexination/walker/Deployment.yaml.j2"
       configmaps:
         - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml"
       timer:

roles/tpa_single_node/vars/main.yml

@@ -10,38 +10,38 @@ tpa_single_node_systemd_directory: /etc/systemd/system
 tpa_single_node_default_empty: ""
 
 # DB_SERVICE
-tpa_single_node_pg_install_enabled: true
+tpa_single_node_pg_install_enabled: false
 tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST') | default('192.168.121.60', true) }}"
 tpa_single_node_pg_port: 5432
 tpa_single_node_pg_db: guac
 tpa_single_node_pg_admin: "{{ lookup('env', 'TPA_PG_ADMIN') }}"
 tpa_single_node_pg_admin_passwd: "{{ lookup('env', 'TPA_PG_ADMIN_PASSWORD') }}"
 tpa_single_node_pg_user: "{{ lookup('env', 'TPA_PG_USER') }}"
 tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_USER_PASSWORD') }}"
-tpa_single_node_pg_ssl_mode: disable
+tpa_single_node_pg_ssl_mode: require
 
 # Storage Service
 tpa_single_node_storage_access_key: "{{ lookup('env', 'TPA_STORAGE_ACCESS_KEY') }}" # S3/minio root username
 tpa_single_node_storage_secret_key: "{{ lookup('env', 'TPA_STORAGE_SECRET_KEY') }}" # S3/minio root password
-tpa_single_node_storage_bombastic_bucket: bombastic-rhtpa # <bombastic storage bucket name>
-tpa_single_node_storage_v11y_bucket: v11y-rhtpa # <v11y storage bucket name>
-tpa_single_node_storage_vexination_bucket: vexination-rhtpa # <vexination storage bucket name>
+tpa_single_node_storage_bombastic_bucket: bombastic-default # <bombastic storage bucket name>
+tpa_single_node_storage_v11y_bucket: v11y-default # <v11y storage bucket name>
+tpa_single_node_storage_vexination_bucket: vexination-default # <vexination storage bucket name>
 
 ## Storage Service - Minio fields
 tpa_single_node_storage_endpoint: "{{ lookup('env', 'TPA_STORAGE_ENDPOINT') }}" # Minio storage URL pointing to API 9000
 
 # SQS_SERVICE
 tpa_single_node_event_access_key_id: "{{ lookup('env', 'TPA_EVENT_ACCESS_KEY_ID') }}" # Kafka Username or AWS SQS Access Key ID
 tpa_single_node_event_secret_access_key: "{{ lookup('env', 'TPA_EVENT_SECRET_ACCESS_KEY') }}" # Kafka password or AWS SQS Secret Access Key
-tpa_single_node_bombastic_topic_failed: bombastic-failed-rhtpa # Bombastic Events topic failed
-tpa_single_node_bombastic_topic_indexed: bombastic-indexed-rhtpa # Bombastic Events topic indexed
-tpa_single_node_bombastic_topic_stored: bombastic-stored-rhtpa # Bombastic Events topic stored
-tpa_single_node_vexination_topic_failed: vexination-failed-rhtpa # Vexination Events topic failed
-tpa_single_node_vexination_topic_indexed: vexination-indexed-rhtpa # Vexination Events topic indexed
-tpa_single_node_vexination_topic_stored: vexination-stored-rhtpa # Vexination Events topic stored
-tpa_single_node_v11y_topic_failed: v11y-failed-rhtpa # v11y Events topic failed
-tpa_single_node_v11y_topic_indexed: v11y-indexed-rhtpa # v11y Events topic indexed
-tpa_single_node_v11y_topic_stored: v11y-stored-rhtpa # v11y Events topic stored
+tpa_single_node_bombastic_topic_failed: bombastic-failed-default # Bombastic Events topic failed
+tpa_single_node_bombastic_topic_indexed: bombastic-indexed-default # Bombastic Events topic indexed
+tpa_single_node_bombastic_topic_stored: bombastic-stored-default # Bombastic Events topic stored
+tpa_single_node_vexination_topic_failed: vexination-failed-default # Vexination Events topic failed
+tpa_single_node_vexination_topic_indexed: vexination-indexed-default # Vexination Events topic indexed
+tpa_single_node_vexination_topic_stored: vexination-stored-default # Vexination Events topic stored
+tpa_single_node_v11y_topic_failed: v11y-failed-default # v11y Events topic failed
+tpa_single_node_v11y_topic_indexed: v11y-indexed-default # v11y Events topic indexed
+tpa_single_node_v11y_topic_stored: v11y-stored-default # v11y Events topic stored
 
 ## SQS_SERVICE - Kafka fields
 tpa_single_node_kafka_bootstrap_servers: "{{ lookup('env', 'TPA_EVENT_BOOTSTRAP_SERVER') | default('tpa_single_node_default_empty', true) }}"