Add podman_socket role

This patch adds a role for creating podman unix socket for TripleO purposes. It will be used during collectd deployments since collectd-sensubility requires accessing podman via the socket. Fixes molecule tests for tripleo_podman role. Change-Id: I7538def60e4fd3a7187ede0e1f5ada1b0c460f65 (cherry picked from commit 4fd0e5a9ae)
2022-09-15 11:39:24 +02:00 · 2022-09-15 11:39:24 +02:00 · 64ea7d8b33
parent 82b87c1a6a
commit 64ea7d8b33
8 changed files with 77 additions and 0 deletions
--- a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml
@ -87,3 +87,7 @@ tripleo_container_default_infra_image: "registry.access.redhat.com/ubi8/pause"
 # additional ordering dependencies for the systemd
 # scopes associated to podman containers.
 tripleo_podman_systemd_drop_in_dependencies: true
+
+tripleo_podman_service_unit_name: "tripleo_podman.service"
+tripleo_podman_service_unit_description: "Podman API service for TripleO purposes"
+tripleo_podman_socket_path: /var/lib/tripleo-podman/podman.sock
--- a/tripleo_ansible/roles/tripleo_podman/meta/main.yml
+++ b/tripleo_ansible/roles/tripleo_podman/meta/main.yml
@ -33,6 +33,7 @@ galaxy_info:
      versions:
        - 7
        - 8
+        - 9

  galaxy_tags:
    - tripleo
--- a/tripleo_ansible/roles/tripleo_podman/molecule/default/prepare.yml
+++ b/tripleo_ansible/roles/tripleo_podman/molecule/default/prepare.yml
@ -35,6 +35,7 @@
    - role: test_deps
      test_deps_extra_packages:
        - runc
+        - containernetworking-plugins
    - role: env_data
  post_tasks:
    - name: pull an image
--- a/tripleo_ansible/roles/tripleo_podman/molecule/install/prepare.yml
+++ b/tripleo_ansible/roles/tripleo_podman/molecule/install/prepare.yml
@ -21,4 +21,7 @@
  gather_facts: true
  roles:
    - role: test_deps
+      test_deps_extra_packages:
+        - runc
+        - containernetworking-plugins
    - role: env_data
--- a/tripleo_ansible/roles/tripleo_podman/molecule/login/prepare.yml
+++ b/tripleo_ansible/roles/tripleo_podman/molecule/login/prepare.yml
@ -33,6 +33,9 @@

  roles:
    - role: test_deps
+      test_deps_extra_packages:
+        - runc
+        - containernetworking-plugins
    - role: env_data

  tasks:
--- a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_rsyslog_cleanup.yml
+++ b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_rsyslog_cleanup.yml
@ -0,0 +1,17 @@
+---
+
+# Note: Previous versions of TripleO used log file with podman exec specific data
+#       to provide health check execution results to sensubility. This serves for
+#       cleanup of unneeded rsyslog configuration since sensubility is fetching
+#       data straight from podman socket
+
+- name: remove unneeded podman-related rsyslog configuration
+  ansible.builtin.file:
+    path: /etc/rsyslog.d/openstack-healthcheck.conf
+    state: absent
+    ignore_errors: yes
+    register: rmcfg
+- when: rmcfg is changed
+  service:
+    name: rsyslog
+    state: restarted
--- a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_service.yml
+++ b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_service.yml
@ -0,0 +1,34 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License
+
+- name: Ensure podman socket directory exists
+  become: true
+  ansible.builtin.file:
+    path: "{{ tripleo_podman_socket_path | dirname }}"
+    state: directory
+
+- name: Create required systemd unit file for podman service
+  become: true
+  ansible.builtin.template:
+    src: podman.service.j2
+    dest: "/etc/systemd/system/{{ tripleo_podman_service_unit_name }}"
+    mode: 0644
+
+- name: Enable podman service unit
+  ansible.builtin.service:
+    name: "{{ tripleo_podman_service_unit_name }}"
+    state: started
+    enabled: true
--- a/tripleo_ansible/roles/tripleo_podman/templates/podman.service.j2
+++ b/tripleo_ansible/roles/tripleo_podman/templates/podman.service.j2
@ -0,0 +1,14 @@
+[Unit]
+Description={{ tripleo_podman_service_unit_description }}
+Documentation=man:podman-system-service(1)
+StartLimitIntervalSec=0
+
+[Service]
+Delegate=true
+Type=exec
+KillMode=process
+Environment=LOGGING="--log-level=info"
+ExecStart=/usr/bin/podman $LOGGING system service --time=0 unix://{{ tripleo_podman_socket_path }}
+
+[Install]
+WantedBy=default.target