Candlepin service running via a systemd container

theforeman · Nov 27, 2018 · 8e754ca · 8e754ca
1 parent 96efae4
commit 8e754ca
Show file tree

Hide file tree

Showing 9 changed files with 70 additions and 8 deletions.
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -5,6 +5,7 @@ fixtures:
     concat:     'https://github.com/puppetlabs/puppetlabs-concat'
     postgresql: 'https://github.com/puppetlabs/puppetlabs-postgresql.git'
     qpid:       'https://github.com/theforeman/puppet-qpid.git'
+    systemd:    'https://github.com/camptocamp/puppet-systemd.git'
     yumrepo_core:
       repo: 'https://github.com/puppetlabs/puppetlabs-yumrepo_core'
       puppet_version: '>= 6.0.0'
diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp
@@ -66,7 +66,7 @@
                        >> ${log_dir}/cpdb.log \
                        2>&1 && touch /var/lib/candlepin/cpdb_done",
       creates => '/var/lib/candlepin/cpdb_done',
-      before  => Service['tomcat'],
+      before  => Service[$candlepin::service],
       require => Concat['/etc/candlepin/candlepin.conf'],
     }
     # if both manage_db and init_db enforce order of resources

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -176,6 +176,9 @@
 # @param shutdown_wait
 #   Time to wait in seconds, before killing process
 #
+# @param container
+#   Run Candlepin as a systemd service via a container
+#
 class candlepin (
   Boolean $manage_db = $candlepin::params::manage_db,
   Boolean $init_db = $candlepin::params::init_db,
@@ -234,12 +237,19 @@
   Optional[String] $lang = $candlepin::params::lang,
   Boolean $security_manager = $candlepin::params::security_manager,
   Optional[Integer[0]] $shutdown_wait = $candlepin::params::shutdown_wait,
+  Boolean $container = $candlepin::params::container,
 ) inherits candlepin::params {
   if $amq_enable {
     assert_type(String, $amqp_keystore_password)
     assert_type(String, $amqp_truststore_password)
   }
 
+  if $candlepin::container {
+    $service_name = 'candlepin'
+  } else {
+    $service_name = 'tomcat'
+  }
+
   $amqpurl = "tcp://${qpid_hostname}:${qpid_ssl_port}?ssl='true'&ssl_cert_alias='amqp-client'"
 
   contain candlepin::service

diff --git a/manifests/install.pp b/manifests/install.pp
@@ -4,11 +4,15 @@
 class candlepin::install {
   assert_private()
 
-  package { ['candlepin']:
-    ensure => $candlepin::version,
-  }
+  if $candlepin::container {
+    ensure_packages(['podman'])
+  } else {
+    package { ['candlepin']:
+      ensure => $candlepin::version,
+    }
 
-  if $candlepin::run_init {
-    ensure_packages(['wget'], { ensure => $candlepin::wget_version, })
+    if $candlepin::run_init {
+      ensure_packages(['wget'], { ensure => $candlepin::wget_version, })
+    }
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -4,6 +4,9 @@
 class candlepin::params {
   $ssl_port = 8443
 
+  $candlepin_version = 'latest'
+  $container = false
+
   $manage_db = true
   $init_db = true
   $db_type = 'postgresql'

diff --git a/manifests/service.pp b/manifests/service.pp
@@ -4,7 +4,23 @@
 class candlepin::service {
   assert_private()
 
-  service { 'tomcat':
+  if $candlepin::container {
+    ensure_packages(['podman'])
+
+    file { '/etc/sysconfig/candlepin':
+      ensure  => file,
+      content => template('candlepin/candlepin.sysconfig.erb'),
+      notify  => Service[$candlepin::service_name],
+      mode    => '0640',
+    }
+
+    systemd::unit_file { 'candlepin.service':
+      source => template('candlepin/candlepin.service.erb'),
+      notify => Service[$candlepin::service_name],
+    }
+  }
+
+  service { $candlepin::service_name:
     ensure     => running,
     enable     => true,
     hasstatus  => true,
@@ -15,7 +31,7 @@
     exec { 'cpinit':
       # tomcat startup is slow - try multiple times (the initialization service is idempotent)
       command => "/usr/bin/wget --no-check-certificate --no-proxy --timeout=30 --tries=40 --wait=20 --retry-connrefused -qO- https://localhost:${candlepin::ssl_port}/candlepin/admin/init > /var/log/candlepin/cpinit.log 2>&1 && touch /var/lib/candlepin/cpinit_done",
-      require => [Package['wget'], Service['tomcat']],
+      require => [Package['wget'], Service[$candlepin::service_name]],
       creates => '/var/lib/candlepin/cpinit_done',
       # timeout is roughly "wait" * "tries" from above
       timeout =>  800,

diff --git a/metadata.json b/metadata.json
@@ -27,6 +27,10 @@
     {
       "name": "katello/qpid",
       "version_requirement": ">= 3.0.0 < 5.0.0"
+    },
+    {
+      "name": "camptocamp/systemd",
+      "version_requirement": ">= 0.4.0 < 3.0.0"
     }
   ],
   "requirements": [

diff --git a/templates/candlepin.service.erb b/templates/candlepin.service.erb
@@ -0,0 +1,19 @@
+[Unit]
+Description=Candlepin
+Wants=syslog.service
+
+[Service]
+Restart=always
+RestartSec=30
+TimeoutStartSec=0
+TimeoutSec=300
+ExecStartPre=-/usr/bin/podman pull quay.io/foreman/candlepin:<%= scope['candlepin::ssl_port'] %>
+ExecStartPre=-/usr/bin/podman rm "candlepin-1"
+ExecStart=/usr/bin/podman run --name candlepin-1 --env-file /etc/sysconfig/candlepin --net host -v /etc/candlepin:/etc/candlepin:z -v /etc/tomcat:/etc/tomcat:z -p <%= scope['candlepin::ssl_port'] %> quay.io/foreman/candlepin:<%= scope['candlepin::candlepin_version'] %>
+ExecReload=-/usr/bin/podman stop "candlepin-1"
+ExecReload=-/usr/bin/podman rm "candlepin-1"
+ExecStop=-/usr/bin/podman stop "candlepin-1"
+EnvironmentFile=-/etc/sysconfig/candlepin
+
+[Install]
+WantedBy=multi-user.target
diff --git a/templates/candlepin.sysconfig.erb b/templates/candlepin.sysconfig.erb
@@ -0,0 +1,5 @@
+POSTGRES_SERVICE_HOST=<%= scope['candlepin::db_host'] %>
+POSTGRES_PORT=5432
+POSTGRES_DB=<%= scope['candlepin::db_name'] %>
+POSTGRES_USER=<%= scope['candlepin::db_user'] %>
+POSTGRES_PASSWORD=<%= scope['candlepin::db_password'] %>