move all package files from /srv

branding/spacewalk-branding.spec

@@ -24,8 +24,10 @@
 %global wwwdocroot %{_var}/www/html
 %else
 %if 0%{?suse_version}
-%global tomcat_path /srv/tomcat
-%global wwwdocroot /srv/www/htdocs
+%global susemanager_shared_path /usr/share/susemanager
+%global wwwroot %{susemanager_shared_path}/www
+%global tomcat_path %{wwwroot}/tomcat
+%global wwwdocroot %{wwwroot}/htdocs
 %else
 %global tomcat_path %{_var}/lib/tomcat6
 %global wwwdocroot %{_var}/www/html
@@ -93,6 +95,11 @@ ln -s %{_datadir}/rhn/lib/java-branding.jar %{buildroot}%{tomcat_path}/webapps/r
 %{tomcat_path}/webapps/rhn/WEB-INF/lib/java-branding.jar
 %license LICENSE
 %if 0%{?suse_version}
+%attr(775,tomcat,tomcat) %dir %{susemanager_shared_path}
+%attr(775,tomcat,tomcat) %dir %{wwwroot}
+%attr(775,tomcat,tomcat) %dir %{wwwdocroot}
+%attr(775,tomcat,tomcat) %dir %{tomcat_path}
+%attr(775,tomcat,tomcat) %dir %{tomcat_path}/webapps
 %attr(775,tomcat,tomcat) %dir %{tomcat_path}/webapps/rhn
 %attr(775,tomcat,tomcat) %dir %{tomcat_path}/webapps/rhn/WEB-INF
 %attr(775,tomcat,tomcat) %dir %{tomcat_path}/webapps/rhn/WEB-INF/lib/

client/tools/mgr-push/mgr-push.changes.cbosdo.http-server

@@ -0,0 +1 @@
+- Use http to connect to localhost server

client/tools/mgr-push/rhnpushrc

@@ -53,7 +53,7 @@ count			=
 dir				=
 
 #Push to this server (http[s]://<hostname>/APP)
-server 			=	https://localhost/APP
+server 			=	http://localhost/APP
 
 #Manage this channel(s)
 channel			=

containers/doc/server-kubernetes/README.md

@@ -0,0 +1,284 @@
+# Prerequisites
+
+The following assumes you have either a single-node RKE2 or K3s cluster ready or a server with Podman installed and enough resources for the Uyuni server.
+When installing on a Kubernetes cluster, it also assumes that `kubectl` and `helm` are installed on the server and configured to connect to the cluster.
+
+Note that in the case of a k3s or rke2 cluster the kubeconfig will be discovered in the default `/etc/rancher` folder: there is no need to set `KUBECONFIG` or copy the file to `~/.kube/config`.
+
+# Preparing the installation
+
+## Podman specific setup
+
+Podman stores its volumes in `/var/lib/containers/storage/volumes/`.
+In order to provide custom storage for the volumes, mount disks on that path oreven the expected volume path inside it like `/var/lib/containers/storage/volumes/var-spacewalk`. 
+
+**This needs to be performed before installing Uyuni as the volumes will be populated at that time.**
+
+## RKE2 specific setup
+
+RKE2 doesn't have automatically provisioning Persistent Volume by default.
+Either the expected Persisten Volumes need to be created before hand or a storage class with automatic provisioning has to be defined before installing Uyuni.
+
+## K3s specific setup
+
+The installation will work perfectly fine without changing anything, but tuning the storage class may be needed to avoid using the local path provisioner.
+
+# Offline installation
+
+
+## For K3s
+
+With K3s it is possible to preload the container images and avoid it to be fetched from a registry.
+For this, on a machine with internet access, pull the image using `podman`, `docker` or `skopeo` and save it as a `tar` archive.
+For example:
+
+⚠️ **TODO**: Verify instructions
+```
+for image in cert-manager-cainjector cert-manager-controller cert-manager-ctl cert-manager-webhook; do
+  podman pull quay.io/jetstack/$image
+  podman save --output $image.tar quay.io/jetstack/$image:latest
+done
+
+podman pull registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest
+
+podman save --output server.tar registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest
+```
+
+or
+
+⚠️ **TODO**: Verify instructions
+```
+for image in cert-manager-cainjector cert-manager-controller cert-manager-ctl cert-manager-webhook; do
+    skopeo copy docker://quay.io/jetstack/$image:latest docker-archive:$image.tar:quay.io/jetstack/$image:latest
+done
+
+skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest docker-archive:server.tar:registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest
+```
+
+Copy the `cert-manager` and `uyuni/server` helm charts locally:
+
+⚠️ **TODO**: verify instructions
+
+```
+helm pull --repo https://charts.jetstack.io --destination . cert-manager
+helm pull --destination . oci://registry.opensuse.org/uyuni/server
+```
+
+Transfer the resulting `*.tar` images to the K3s node and load them using the following command:
+
+```
+for archive in `ls *.tar`; do
+    k3s ctr images import $archive 
+done
+```
+
+In order to tell K3s to not pull the images, set the image pull policy needs to be set to `Never`.
+This needs to be done for both Uyuni and cert-manager helm charts.
+
+For the Uyuni helm chart, set the `pullPolicy` chart value to `Never` by passing a `--helm-uyuni-values=uyuni-values.yaml` parameter to `uyuniadm install` with the following `uyuni-values.yaml` file content:
+
+```
+pullPolicy: Never
+```
+
+For the cert-manager helm chart, create a `cert-values.yaml` file with the following content and pass `--helm-certmanager-values=values.yaml` parameter to `uyuniadm install`:
+
+```
+image:
+  pullPolicy: Never
+```
+
+⚠️ **TODO**: verify the file names
+To use the downloaded helm charts instead of the default ones, pass `--helm-uyuni-chart=server.tgz` and `--helm-certmanager-chart=cert-manager.tgz` or add the following to the `uyuniadm` configuration file:
+
+```
+helm:
+  uyuni:
+    chart: server.tgz
+    values: uyuni-values.yaml
+  certmanager:
+    chart: cert-manager.tgz
+    values: cert.values.yaml
+```
+
+## For RKE2
+
+RKE2 doesn't allow to preload images on the nodes.
+Instead, use `skopeo` to import the images in a local registry and use this one to install.
+
+Copy the `cert-manager` and `uyuni/server` helm charts locally:
+
+⚠️ **TODO**: verify instructions
+
+```
+helm pull --repo https://charts.jetstack.io --destination . cert-manager
+helm pull --destination . oci://registry.opensuse.org/uyuni/server
+```
+
+⚠️  **TODO** Prepare instructions
+```
+# TODO Copy the cert-manager and uyuni images
+# TODO Set the uyuniadm parameters
+```
+
+## For Podman
+
+With K3s it is possible to preload the container images and avoid it to be fetched from a registry.
+For this, on a machine with internet access, pull the image using `podman`, `docker` or `skopeo` and save it as a `tar` archive.
+For example:
+
+```
+podman pull registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest
+podman save --output server-image.tar registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest
+```
+
+or
+
+```
+skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest docker-archive:server-image.tar:registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest
+```
+
+Transfer the resulting `server-image.tar` to the server and load it using the following command:
+
+```
+podman load -i server-image.tar
+```
+
+# Migrating from a regular server
+
+In order to migrate a regular Uyuni server to containers, a new machine is required: it is not possible to perform an in-place migration.
+The old server is designated as the source server and the new machine is the destination one.
+
+The migration procedure does not perform any hostname rename.
+The fully qualified domain name will be the same on the new server than on the source one.
+This means the DNS records need to be adjusted after the migration to use the new server.
+
+## Preparing
+
+### Stop the source server
+
+Stop the source services:
+
+```
+spacewalk-service stop
+systemctl stop postgresql
+```
+
+### Preparing the SSH connection
+
+The `SSH` configuration and agent should be ready on the host for a passwordless connection to the source server.
+The migration script only uses the source server fully qualified domain name in the SSH command.
+This means that every other configuration required to connect needs to be defined in the `~/.ssh/config` file.
+
+For a passwordless connection, the migration script will use an SSH agent on the server.
+If none is running yet, run `eval $(ssh-agent)`.
+Add the SSH key to the running agent using `ssh-add /path/to/the/private/key`.
+The private key password will be prompted.
+
+### Prepare for Kubernetes
+
+Since the migration job will start the container from scratch the Persistent Volumes need to be defined before running the `uyuniadm migrate command`.
+Refer to the installation section for more details on the volumes preparation.
+
+## Migrating
+
+Run the following command to install a new Uyuni server from the source one after replacing the `uyuni.source.fqdn` by the proper source server FQDN:
+This command will synchronize all the data from the source server to the new one: this can take time!
+
+```
+uyuniadm migrate podman uyuni.source.fqdn
+```
+
+or
+
+```
+uyuniadm migrate kubernetes uyuni.source.fqdn
+```
+
+# Installing Uyuni
+
+## Installing
+
+The installation using `uyuniadm install` will ask for the password if those are not provided using the command line parameters or the configuration file.
+For security reason, using command line parameters to specify passwords should be avoided: use the configuration file with proper permissions instead.
+
+Prepare an `uyuniadm.yaml` file like the following:
+
+```
+db:
+  password: MySuperSecretDBPass
+cert:
+  password: MySuperSecretCAPass
+```
+
+To dismiss the email prompts add the `email` and `emailFrom` configurations to the above file or use the `--email` and `--emailFrom` parameters for `uyuniadm install`.
+
+Run one of the following command to install after replacing the `uyuni.example.com` by the FQDN of the server to install:
+
+```
+uyuniadm -c uyuniadm.yaml install podman uyuni.example.com
+```
+
+or
+
+```
+uyuniadm -c uyuniadm.yaml install kubernetes uyuni.example.com
+```
+
+### Podman specific configuration
+
+Additional parameters can be passed to Podman using `--podman-arg` parameters.
+
+### Kubernetes specific configuration
+
+The `uyuniadm install` command comes with parameters and thus configuration values for advanced helm chart configuration.
+To pass additional values to the Uyuni helm chart at installation time, use the `--helm-uyuni-values chart-values.yaml` parameter or a configuration like the following:
+
+```
+helm:
+  uyuni:
+    values: chart-values.yaml
+```
+
+The path set as value for this configuration is a YAML file passed to the Uyuni Helm chart.
+Be aware that some of the values in this file will be overriden by the `uyuniadm install` parameters.
+
+Note that the Helm chart installs a deployment with one replica.
+The pod name is automatically generated by Kubernetes and changes at every start.
+
+
+# Using Uyuni in containers
+
+To get a shell in the pod run `uyunictl exec -ti bash`.
+Note that this command can be used to run any command inside the server like `uyunictl exec tail /var/log/rhn/rhn_web_ui.log`
+
+To copy files to the server, use the `uyunictl cp <local_path> server:<remote_path>` command.
+Conversely to copy files from the server use `uyunictl cp server:<remote_path> <local_path>`.
+
+# Developping with the containers
+
+##  Deploying code
+
+To deploy java code on the pod change to the `java` directory and run:
+
+```
+ant -f manager-build.xml refresh-branding-jar deploy-restart-container
+```
+
+**Note** To deploy TSX or Salt code, use the `deploy-static-resources-container` and `deploy-salt-files-container` tasks of the ant file.
+
+## Attaching a java debugger
+
+In order to attach a Java debugger Uyuni need to have been installed using the `--debug-java` option to setup the container to listen on JDWP ports and expose them.
+
+The debugger can now be attached to the usual ports (8003 for tomcat and 8001 for taskomatic and 8002 for the search server) on the host FQDN.
+
+# Uninstalling
+
+To remove everything including the volumes, run the following command:
+
+```
+uyuniadm uninstall --purge-volumes
+```
+
+Note that `cert-manager` will not be uninstalled if it was not installed by `uyuniadm`.

containers/hub-xmlrpc-api-image/Dockerfile

@@ -0,0 +1,27 @@
+# SPDX-License-Identifier: MIT
+#!BuildTag: uyuni/hub-xmlrpc-api:latest
+
+ARG BASE=registry.suse.com/bci/bci-base:15.5
+FROM $BASE
+
+RUN zypper --gpg-auto-import-keys --non-interactive install hub-xmlrpc-api
+
+# LABELs
+ARG PRODUCT=Uyuni
+ARG VENDOR="Uyuni project"
+ARG URL="https://www.uyuni-project.org/"
+ARG REFERENCE_PREFIX="registry.opensuse.org/uyuni"
+
+# Build Service required labels
+# labelprefix=org.opensuse.uyuni.hub-xmlrpc-api
+LABEL org.opencontainers.image.title="${PRODUCT} Hub XML-RPC API container"
+LABEL org.opencontainers.image.description="${PRODUCT} Hub XML-RPC API image"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="${VENDOR}"
+LABEL org.opencontainers.image.url="${URL}"
+LABEL org.opencontainers.image.version="4.4.0"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL org.opensuse.reference="${REFERENCE_PREFIX}/server:4.4.0.%RELEASE%"
+# endlabelprefix
+
+CMD ["/usr/bin/hub-xmlrpc-api"]

containers/hub-xmlrpc-api-image/_service

@@ -0,0 +1,4 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service mode="buildtime" name="docker_label_helper"/>
+</services>

containers/hub-xmlrpc-api-image/hub-xmlrpc-api.changes

@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Thu Jun 22 07:30:36 UTC 2023 - Cédric Bosdonnat <cbosdonnat@suse.com>
+
+- Initial image for Uyuni Hub XML-RPC API

containers/hub-xmlrpc-api-image/tito.props

@@ -0,0 +1,2 @@
+[buildconfig]
+tagger = tito.tagger.SUSEContainerTagger