Candlepin service running via a systemd container

theforeman · Nov 19, 2018 · e833edf · e833edf
1 parent 799f33c
commit e833edf
Show file tree

Hide file tree

Showing 8 changed files with 70 additions and 14 deletions.
diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp
@@ -66,7 +66,7 @@
                        >> ${log_dir}/cpdb.log \
                        2>&1 && touch /var/lib/candlepin/cpdb_done",
       creates => '/var/lib/candlepin/cpdb_done',
-      before  => Service['tomcat'],
+      before  => Service[$candlepin::service],
       require => Concat['/etc/candlepin/candlepin.conf'],
     }
     # if both manage_db and init_db enforce order of resources

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -176,6 +176,9 @@
 # @param shutdown_wait
 #   Time to wait in seconds, before killing process
 #
+# @param container
+#   Run Candlepin as a systemd service via a container
+#
 class candlepin (
   Boolean $manage_db = $candlepin::params::manage_db,
   Boolean $init_db = $candlepin::params::init_db,
@@ -234,12 +237,19 @@
   Optional[String] $lang = $candlepin::params::lang,
   Boolean $security_manager = $candlepin::params::security_manager,
   Optional[Integer[0]] $shutdown_wait = $candlepin::params::shutdown_wait,
+	Boolean $container = $candlepin::params::container,
 ) inherits candlepin::params {
   if $amq_enable {
     assert_type(String, $amqp_keystore_password)
     assert_type(String, $amqp_truststore_password)
   }
 
+	if $candlepin::container {
+    $service_name = 'candlepin'
+	} else {
+    $service_name = 'tomcat'
+	}
+
   $amqpurl = "tcp://${qpid_hostname}:${qpid_ssl_port}?ssl='true'&ssl_cert_alias='amqp-client'"
 
   contain candlepin::service

diff --git a/manifests/install.pp b/manifests/install.pp
@@ -4,9 +4,11 @@
 class candlepin::install {
   assert_private()
 
-  package { ['candlepin']:
-    ensure => $candlepin::version,
-  }
+	if !$candlepin::container {
+		package { ['candlepin']:
+			ensure => $candlepin::version,
+		}
 
-  ensure_packages(['wget'], { ensure => $candlepin::wget_version, })
+		ensure_packages(['wget'], { ensure => $candlepin::wget_version, })
+	}
 }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -4,6 +4,8 @@
 class candlepin::params {
   $ssl_port = 8443
 
+	$container = false
+
   $manage_db = true
   $init_db = true
   $db_type = 'postgresql'

diff --git a/manifests/service.pp b/manifests/service.pp
@@ -4,18 +4,36 @@
 class candlepin::service {
   assert_private()
 
-  service { 'tomcat':
-    ensure     => running,
-    enable     => true,
-    hasstatus  => true,
-    hasrestart => true,
-  }
+	if $candlepin::container {
+		ensure_packages(['podman'])
+
+		file { '/etc/sysconfig/candlepin':
+			ensure  => file,
+			content => template("candlepin/candlepin.sysconfig.erb"),
+			before	=> Service[$candlepin::service_name],
+		} ~>
+		file { '/etc/systemd/system/candlepin.service':
+			ensure  => file,
+			content => template('candlepin/candlepin.service.erb'),
+			mode    => '0644',
+			owner   => 'root',
+			group   => 'root',
+			before	=> Service[$candlepin::service_name],
+		}
+	}
+
+	service { $candlepin::service_name:
+		ensure     => running,
+		enable     => true,
+		hasstatus  => true,
+		hasrestart => true,
+	}
 
   if $candlepin::run_init {
     exec { 'cpinit':
       # tomcat startup is slow - try multiple times (the initialization service is idempotent)
       command => '/usr/bin/wget --no-proxy --timeout=30 --tries=40 --wait=20 --retry-connrefused -qO- http://localhost:8080/candlepin/admin/init > /var/log/candlepin/cpinit.log 2>&1 && touch /var/lib/candlepin/cpinit_done',
-      require => [Package['wget'], Service['tomcat']],
+      require => [Package['wget'], Service[$candlepin::service_name]],
       creates => '/var/lib/candlepin/cpinit_done',
       # timeout is roughly "wait" * "tries" from above
       timeout =>  800,

diff --git a/templates/candlepin.conf.erb b/templates/candlepin.conf.erb
@@ -27,8 +27,8 @@ candlepin.auth.oauth.consumer.<%= scope['candlepin::oauth_key'] %>.secret=<%= sc
 module.config.adapter_module=<%= scope['candlepin::adapter_module'] %>
 <%- end -%>
 
-candlepin.ca_key=<%= scope['candlepin::ca_key'] %>
-candlepin.ca_cert=<%= scope['candlepin::ca_cert'] %>
+candlepin.ca_key=/etc/candlepin/certs/candlepin-ca.key
+candlepin.ca_cert=/etc/candlepin/certs/candlepin-ca.crt
 candlepin.crl.file=<%= scope['candlepin::crl_file'] %>
 <% unless [nil, :undefined, :undef].include?(scope['candlepin::ca_key_password']) -%>
 candlepin.ca_key_password=<%= scope['candlepin::ca_key_password'] %>

diff --git a/templates/candlepin.service.erb b/templates/candlepin.service.erb
@@ -0,0 +1,19 @@
+[Unit]
+Description=Candlepin
+Wants=syslog.service
+
+[Service]
+Restart=always
+RestartSec=30
+TimeoutStartSec=0
+TimeoutSec=300
+ExecStartPre=-/usr/bin/podman pull quay.io/foreman/candlepin:latest
+ExecStartPre=-/usr/bin/podman rm "candlepin-1"
+ExecStart=/usr/bin/podman run --name candlepin-1 --env-file /etc/sysconfig/candlepin --net host -v /etc/candlepin:/etc/candlepin:z -v /etc/tomcat:/etc/tomcat:z -p 8443 quay.io/foreman/candlepin:latest
+ExecReload=-/usr/bin/podman stop "candlepin-1"
+ExecReload=-/usr/bin/podman rm "candlepin-1"
+ExecStop=-/usr/bin/podman stop "candlepin-1"
+EnvironmentFile=-/etc/sysconfig/candlepin
+
+[Install]
+WantedBy=multi-user.target
diff --git a/templates/candlepin.sysconfig.erb b/templates/candlepin.sysconfig.erb
@@ -0,0 +1,5 @@
+POSTGRES_SERVICE_HOST=<%= scope['candlepin::db_host'] %>
+POSTGRES_PORT=5432
+POSTGRES_DB=<%= scope['candlepin::db_name'] %>
+POSTGRES_USER=<%= scope['candlepin::db_user'] %>
+POSTGRES_PASSWORD=<%= scope['candlepin::db_password'] %>