diff --git a/roles/tpa_single_node/defaults/main.yml b/roles/tpa_single_node/defaults/main.yml index 207074a8..2580150d 100644 --- a/roles/tpa_single_node/defaults/main.yml +++ b/roles/tpa_single_node/defaults/main.yml @@ -1,10 +1,10 @@ --- # Storage Service -tpa_single_node_storage_type: s3 # Either s3 or minio or other s3 compatible +tpa_single_node_storage_type: minio # Either s3 or minio or other s3 compatible tpa_single_node_storage_region: eu-west-1 # # For Minio just keep eu-west-1 # SQS_SERVICE -tpa_single_node_event_bus_type: sqs # Either kafka or sqs +tpa_single_node_event_bus_type: kafka # Either kafka or sqs ### AWS SQS fields tpa_single_node_sqs_region: eu-west-1 # AWS SQS Region # SSO_SERVICE -tpa_single_node_oidc_type: cognito # Either Keycloak or AWS Cognito +tpa_single_node_oidc_type: keycloak # Either Keycloak or AWS Cognito diff --git a/roles/tpa_single_node/handlers/main.yml b/roles/tpa_single_node/handlers/main.yml index bc385923..ed97d539 100644 --- a/roles/tpa_single_node/handlers/main.yml +++ b/roles/tpa_single_node/handlers/main.yml @@ -1,9 +1 @@ --- -- name: Reload systemd - ansible.builtin.systemd_service: - name: "{{ item }}" - loop: "{{ services }}" - -- name: Reboot machine - ansible.builtin.reboot: - msg: "Rebooting machine..." diff --git a/roles/tpa_single_node/tasks/bombastic/api.yml b/roles/tpa_single_node/tasks/bombastic/api.yml index 9c98b947..c42b82c9 100644 --- a/roles/tpa_single_node/tasks/bombastic/api.yml +++ b/roles/tpa_single_node/tasks/bombastic/api.yml @@ -11,7 +11,7 @@ vars: specs: service: bombastic-api - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/bombastic/api/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/bombastic/indexer.yml b/roles/tpa_single_node/tasks/bombastic/indexer.yml index a707b93f..43429eda 100644 --- a/roles/tpa_single_node/tasks/bombastic/indexer.yml +++ b/roles/tpa_single_node/tasks/bombastic/indexer.yml @@ -3,9 +3,9 @@ vars: specs: service: bombastic-indexer - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" - manifest_file: "{{ role_path }}/templates/manifests/bombastic/api/Deployment.yaml.j2" + manifest_file: "{{ role_path }}/templates/manifests/bombastic/indexer/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" diff --git a/roles/tpa_single_node/tasks/collector/osv.yml b/roles/tpa_single_node/tasks/collector/osv.yml index 3b7c9b16..bb951a0d 100644 --- a/roles/tpa_single_node/tasks/collector/osv.yml +++ b/roles/tpa_single_node/tasks/collector/osv.yml @@ -18,10 +18,10 @@ vars: specs: service: collector-osv - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" - manifest_file: "{{ role_path }}/templates/manifests/bombastic/api/Deployment.yaml.j2" + manifest_file: "{{ role_path }}/templates/manifests/collector/osv/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/collector-osv.yaml" - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/collectorist-api-guac.yaml" diff --git a/roles/tpa_single_node/tasks/collectorist/api.yml b/roles/tpa_single_node/tasks/collectorist/api.yml index ba576f2d..a3fe6db4 100644 --- a/roles/tpa_single_node/tasks/collectorist/api.yml +++ b/roles/tpa_single_node/tasks/collectorist/api.yml @@ -29,7 +29,7 @@ vars: specs: service: collectorist-api - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/collectorist/api/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/dataset/init.yml b/roles/tpa_single_node/tasks/dataset/init.yml index 36adedee..6de130fa 100644 --- a/roles/tpa_single_node/tasks/dataset/init.yml +++ b/roles/tpa_single_node/tasks/dataset/init.yml @@ -4,7 +4,7 @@ vars: specs: service: init-dataset - state: stopped + state: started network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/init/dataset/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/guac/bombastic_collector.yml b/roles/tpa_single_node/tasks/guac/bombastic_collector.yml index 87d0b5a8..c452d025 100644 --- a/roles/tpa_single_node/tasks/guac/bombastic_collector.yml +++ b/roles/tpa_single_node/tasks/guac/bombastic_collector.yml @@ -4,7 +4,7 @@ vars: specs: service: guac-collector-bombastic - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/guac/bombastic-collector/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/guac/guac_collectsub.yml b/roles/tpa_single_node/tasks/guac/guac_collectsub.yml index be3daa33..acb3fe23 100644 --- a/roles/tpa_single_node/tasks/guac/guac_collectsub.yml +++ b/roles/tpa_single_node/tasks/guac/guac_collectsub.yml @@ -4,7 +4,7 @@ vars: specs: service: guac-collectsub - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/guac/collectsub/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/guac/guac_graphql.yml b/roles/tpa_single_node/tasks/guac/guac_graphql.yml index c4b4006c..01903c40 100644 --- a/roles/tpa_single_node/tasks/guac/guac_graphql.yml +++ b/roles/tpa_single_node/tasks/guac/guac_graphql.yml @@ -4,7 +4,7 @@ vars: specs: service: guac-graphql - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/guac/graphql/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/guac/vexination_collector.yml b/roles/tpa_single_node/tasks/guac/vexination_collector.yml index dfaaba83..b7e84571 100644 --- a/roles/tpa_single_node/tasks/guac/vexination_collector.yml +++ b/roles/tpa_single_node/tasks/guac/vexination_collector.yml @@ -4,7 +4,7 @@ vars: specs: service: guac-collector-vexination - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/guac/vexination-collector/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/install_service.yml b/roles/tpa_single_node/tasks/install_service.yml index 91a4b0ef..415d1c28 100644 --- a/roles/tpa_single_node/tasks/install_service.yml +++ b/roles/tpa_single_node/tasks/install_service.yml @@ -3,13 +3,15 @@ src: "{{ specs.manifest_file }}" dest: "{{ tpa_single_node_kube_manifest_dir }}/Deployments/{{ specs.service }}.yaml" mode: "0600" + register: copy_manifest - name: Generate {{ specs.service }} Quadlet file ansible.builtin.template: src: "{{ specs.kube_file }}" dest: "/etc/containers/systemd/{{ specs.service }}.kube" mode: "0600" - + register: copy_systemd_file + - name: Add systemd timer for {{ specs.service }} when: specs.timer is defined ansible.builtin.template: @@ -18,8 +20,11 @@ mode: "0600" register: copy_systemd_timer_file -- name: Add {{ specs.service }} to services list - ansible.builtin.set_fact: - services: "{{ services + [ specs.service ] }}" - changed_when: true - notify: Reload systemd \ No newline at end of file +- name: Restart Podman Service for {{ specs.service }} + ansible.builtin.systemd: + state: "{{ specs.state }}" + enabled: true + daemon_reload: true + name: "{{ specs.service }}" + no_block: true + when: copy_manifest.changed or copy_systemd_file.changed or copy_systemd_timer_file.changed diff --git a/roles/tpa_single_node/tasks/main.yml b/roles/tpa_single_node/tasks/main.yml index 6779d749..83c3080c 100644 --- a/roles/tpa_single_node/tasks/main.yml +++ b/roles/tpa_single_node/tasks/main.yml @@ -15,10 +15,6 @@ - ansible_facts['distribution_major_version'] == '9' - (ansible_facts['distribution_version'] | split('.'))[1] | int >= 3 -- name: Create Services list - ansible.builtin.set_fact: - services: [] - - name: Install Operating System Components ansible.builtin.include_tasks: os.yml when: rhel diff --git a/roles/tpa_single_node/tasks/spog/api.yml b/roles/tpa_single_node/tasks/spog/api.yml index 8e10126c..e4b29d74 100644 --- a/roles/tpa_single_node/tasks/spog/api.yml +++ b/roles/tpa_single_node/tasks/spog/api.yml @@ -34,7 +34,7 @@ vars: specs: service: spog-api - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/spog/api/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/spog/nginx.yml b/roles/tpa_single_node/tasks/spog/nginx.yml index 9ce8beb1..52e658ed 100644 --- a/roles/tpa_single_node/tasks/spog/nginx.yml +++ b/roles/tpa_single_node/tasks/spog/nginx.yml @@ -24,7 +24,7 @@ vars: specs: service: nginx - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/nginx/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/spog/ui.yml b/roles/tpa_single_node/tasks/spog/ui.yml index 4a00ed67..1e3a69b8 100644 --- a/roles/tpa_single_node/tasks/spog/ui.yml +++ b/roles/tpa_single_node/tasks/spog/ui.yml @@ -30,7 +30,7 @@ vars: specs: service: spog-ui - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/spog/ui/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/v11y/api.yml b/roles/tpa_single_node/tasks/v11y/api.yml index ca57369e..259edc9f 100644 --- a/roles/tpa_single_node/tasks/v11y/api.yml +++ b/roles/tpa_single_node/tasks/v11y/api.yml @@ -11,7 +11,7 @@ vars: specs: service: v11y-api - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/v11y/api/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/v11y/indexer.yml b/roles/tpa_single_node/tasks/v11y/indexer.yml index a5583f1e..ed4da6fa 100644 --- a/roles/tpa_single_node/tasks/v11y/indexer.yml +++ b/roles/tpa_single_node/tasks/v11y/indexer.yml @@ -3,7 +3,7 @@ vars: specs: service: v11y-indexer - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/v11y/indexer/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/vexination/api.yml b/roles/tpa_single_node/tasks/vexination/api.yml index 512ca80e..7cdd37b4 100644 --- a/roles/tpa_single_node/tasks/vexination/api.yml +++ b/roles/tpa_single_node/tasks/vexination/api.yml @@ -11,7 +11,7 @@ vars: specs: service: vexination-api - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/vexination/api/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/vexination/indexer.yml b/roles/tpa_single_node/tasks/vexination/indexer.yml index 64046fcc..7f461ebe 100644 --- a/roles/tpa_single_node/tasks/vexination/indexer.yml +++ b/roles/tpa_single_node/tasks/vexination/indexer.yml @@ -3,7 +3,7 @@ vars: specs: service: vexination-indexer - state: started + state: restarted network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" manifest_file: "{{ role_path }}/templates/manifests/vexination/indexer/Deployment.yaml.j2" diff --git a/roles/tpa_single_node/tasks/vexination/walker.yml b/roles/tpa_single_node/tasks/vexination/walker.yml index 74159c4d..96810bff 100644 --- a/roles/tpa_single_node/tasks/vexination/walker.yml +++ b/roles/tpa_single_node/tasks/vexination/walker.yml @@ -8,7 +8,7 @@ state: stopped network: "{{ tpa_single_node_podman_network }}" kube_file: "{{ role_path }}/templates/systemd/default.kube.j2" - manifest_file: "{{ role_path }}/templates/manifests/vexination/walker//Deployment.yaml.j2" + manifest_file: "{{ role_path }}/templates/manifests/vexination/walker/Deployment.yaml.j2" configmaps: - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml" timer: diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml index f3c62a9f..eb0dd881 100644 --- a/roles/tpa_single_node/vars/main.yml +++ b/roles/tpa_single_node/vars/main.yml @@ -10,7 +10,7 @@ tpa_single_node_systemd_directory: /etc/systemd/system tpa_single_node_default_empty: "" # DB_SERVICE -tpa_single_node_pg_install_enabled: true +tpa_single_node_pg_install_enabled: false tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST') | default('192.168.121.60', true) }}" tpa_single_node_pg_port: 5432 tpa_single_node_pg_db: guac @@ -18,14 +18,14 @@ tpa_single_node_pg_admin: "{{ lookup('env', 'TPA_PG_ADMIN') }}" tpa_single_node_pg_admin_passwd: "{{ lookup('env', 'TPA_PG_ADMIN_PASSWORD') }}" tpa_single_node_pg_user: "{{ lookup('env', 'TPA_PG_USER') }}" tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_USER_PASSWORD') }}" -tpa_single_node_pg_ssl_mode: disable +tpa_single_node_pg_ssl_mode: require # Storage Service tpa_single_node_storage_access_key: "{{ lookup('env', 'TPA_STORAGE_ACCESS_KEY') }}" # S3/minio root username tpa_single_node_storage_secret_key: "{{ lookup('env', 'TPA_STORAGE_SECRET_KEY') }}" # S3/minio root password -tpa_single_node_storage_bombastic_bucket: bombastic-rhtpa # -tpa_single_node_storage_v11y_bucket: v11y-rhtpa # -tpa_single_node_storage_vexination_bucket: vexination-rhtpa # +tpa_single_node_storage_bombastic_bucket: bombastic-default # +tpa_single_node_storage_v11y_bucket: v11y-default # +tpa_single_node_storage_vexination_bucket: vexination-default # ## Storage Service - Minio fields tpa_single_node_storage_endpoint: "{{ lookup('env', 'TPA_STORAGE_ENDPOINT') }}" # Minio storage URL pointing to API 9000 @@ -33,15 +33,15 @@ tpa_single_node_storage_endpoint: "{{ lookup('env', 'TPA_STORAGE_ENDPOINT') }}" # SQS_SERVICE tpa_single_node_event_access_key_id: "{{ lookup('env', 'TPA_EVENT_ACCESS_KEY_ID') }}" # Kafka Username or AWS SQS Access Key ID tpa_single_node_event_secret_access_key: "{{ lookup('env', 'TPA_EVENT_SECRET_ACCESS_KEY') }}" # Kafka password or AWS SQS Secret Access Key -tpa_single_node_bombastic_topic_failed: bombastic-failed-rhtpa # Bombastic Events topic failed -tpa_single_node_bombastic_topic_indexed: bombastic-indexed-rhtpa # Bombastic Events topic indexed -tpa_single_node_bombastic_topic_stored: bombastic-stored-rhtpa # Bombastic Events topic stored -tpa_single_node_vexination_topic_failed: vexination-failed-rhtpa # Vexination Events topic failed -tpa_single_node_vexination_topic_indexed: vexination-indexed-rhtpa # Vexination Events topic indexed -tpa_single_node_vexination_topic_stored: vexination-stored-rhtpa # Vexination Events topic stored -tpa_single_node_v11y_topic_failed: v11y-failed-rhtpa # v11y Events topic failed -tpa_single_node_v11y_topic_indexed: v11y-indexed-rhtpa # v11y Events topic indexed -tpa_single_node_v11y_topic_stored: v11y-stored-rhtpa # v11y Events topic stored +tpa_single_node_bombastic_topic_failed: bombastic-failed-default # Bombastic Events topic failed +tpa_single_node_bombastic_topic_indexed: bombastic-indexed-default # Bombastic Events topic indexed +tpa_single_node_bombastic_topic_stored: bombastic-stored-default # Bombastic Events topic stored +tpa_single_node_vexination_topic_failed: vexination-failed-default # Vexination Events topic failed +tpa_single_node_vexination_topic_indexed: vexination-indexed-default # Vexination Events topic indexed +tpa_single_node_vexination_topic_stored: vexination-stored-default # Vexination Events topic stored +tpa_single_node_v11y_topic_failed: v11y-failed-default # v11y Events topic failed +tpa_single_node_v11y_topic_indexed: v11y-indexed-default # v11y Events topic indexed +tpa_single_node_v11y_topic_stored: v11y-stored-default # v11y Events topic stored ## SQS_SERVICE - Kafka fields tpa_single_node_kafka_bootstrap_servers: "{{ lookup('env', 'TPA_EVENT_BOOTSTRAP_SERVER') | default('tpa_single_node_default_empty', true) }}"