Alternative v11y walker (trustification#35)

* Alternative v11y walker Signed-off-by: desmax74 <[email protected]> * increase startup time for the git clone Signed-off-by: desmax74 <[email protected]> --------- Signed-off-by: desmax74 <[email protected]>
desmax74 · Sep 23, 2024 · b8a2b9a · b8a2b9a
1 parent 22098dd
commit b8a2b9a
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 33 deletions.
diff --git a/roles/tpa_single_node/tasks/podman.yml b/roles/tpa_single_node/tasks/podman.yml
@@ -53,21 +53,24 @@
 - name: Configure/Deploy guac init
   ansible.builtin.include_tasks: podman/init_guac.yml
 
-# 3 V11y Walker deployment and cronjob
+# 3 V11y Walker
 - name: Configure/Deploy v11y walker
   ansible.builtin.include_tasks: podman/v11y_walker.yml
 
+# 4 Guac Collectsub
 - name: Provision Guac collectsub
   ansible.builtin.include_tasks: podman/guac_collectsub.yml
   vars:
     tpa_single_node_guac_csub_tls_cert_pem: "{{ lookup('file', tpa_single_node_guac_csub_tls_cert_pem_path) }}"
     tpa_single_node_guac_csub_tls_cert_key: "{{ lookup('file', tpa_single_node_guac_csub_tls_cert_key_path) }}"
 
+# 5 Guac Graphql
 - name: Provision Guac graphql
   ansible.builtin.include_tasks: podman/guac_graphql.yml
   vars:
     tpa_single_node_guac_graphql_tls_cert_pem: "{{ lookup('file', tpa_single_node_guac_graphql_tls_cert_pem_path) }}"
     tpa_single_node_guac_graphql_tls_cert_key: "{{ lookup('file', tpa_single_node_guac_graphql_tls_cert_key_path) }}"
 
+# 6 V11y api
 - name: Configure/Deploy v11y api
   ansible.builtin.include_tasks: podman/v11y_api.yml
diff --git a/roles/tpa_single_node/tasks/podman/v11y_walker.yml b/roles/tpa_single_node/tasks/podman/v11y_walker.yml
@@ -15,8 +15,6 @@
   ansible.builtin.set_fact:
     dns_resolver: "{{ tpa_podman_network_results.network.subnets[0].gateway }}"
 
-# pv and cronjob
-
 - name: Creates a v11y walker cron file under /etc/cron.d # 0 1 * * *
   ansible.builtin.cron:
     name: v11y cronjob
@@ -27,37 +25,11 @@
     job: "{{ lookup('ansible.builtin.template', 'configs/v11y_cronjob.sh') }}"
     state: present
 
-- name: Copy v11-walker to tmp for the podman build
-  ansible.builtin.copy:
-    src: "/etc/cron.d/v11-walker"
-    dest: "/tmp/v11-walker"
-    remote_src: true
-    mode: "0600"
-
-#  @TODO remove v11-walker from /etc/cron.d after the podman build
-
 - name: Deploy v11walker Pod
   ansible.builtin.include_tasks: podman/install_manifest.yml
   vars:
     podman_spec:
-      state: started
+      state: stopped
       systemd_file: v11y-walker
       network: "{{ tpa_single_node_podman_network }}"
       kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/walker/Deployment.yaml') | from_yaml }}"
-
-# Here we build a container only for the cronjob using trustification as a base image and adding cronie package
-
-- name: Copy v11y-cronjob-container
-  ansible.builtin.copy:
-    content: "{{ lookup('ansible.builtin.template', 'configs/Containerfile.v11y-cronjob-container') }}"
-    dest: "/tmp/Containerfile.v11y-cronjob-container"
-    remote_src: true
-    mode: "0600"
-
-- name: Build a trustification container with cronjob inside
-  ansible.builtin.command: "podman build -t rhtpa/v11y-cronjob -f /tmp/Containerfile.v11y-cronjob-container"
-  become: true
-  become_user: root
-  changed_when: false
-  args:
-    chdir: /tmp
diff --git a/roles/tpa_single_node/templates/configs/v11y_cronjob.sh b/roles/tpa_single_node/templates/configs/v11y_cronjob.sh
@@ -1 +1 @@
-bombastic walker --sink https://sbom.trustification --source https://access.redhat.com/security/data/sbom/beta/ '-3' --signing-key https://access.redhat.com/security/data/97f5eac4.txt#77E79ABE93673533ED09EBE2DCE3823597F5EAC4 --fix-licenses 'true' --since-file /walker-state/since
+systemctl start v11y-walker.service
diff --git a/roles/tpa_single_node/templates/systemd/systemd-cm.j2 b/roles/tpa_single_node/templates/systemd/systemd-cm.j2
@@ -8,10 +8,11 @@ RequiresMountsFor=%t/containers
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
 TimeoutStopSec=70
+TimeoutStartSec=600
 ExecStart=/usr/bin/podman kube play --replace --service-container=true "{{ kube_play_file }}"  --network "{{ podman_spec.network | default('podman') }}" --configmap "{{ podman_spec.configmap | default(omit) }}"
 ExecStop=/usr/bin/podman kube down "{{ kube_play_file }}"
 Type=notify
 NotifyAccess=all
 
 [Install]
-WantedBy=default.target
+WantedBy=default.target
diff --git a/roles/tpa_single_node/templates/systemd/systemd-nocm.j2 b/roles/tpa_single_node/templates/systemd/systemd-nocm.j2
@@ -8,10 +8,11 @@ RequiresMountsFor=%t/containers
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
 TimeoutStopSec=70
+TimeoutStartSec=600
 ExecStart=/usr/bin/podman kube play --replace --service-container=true "{{ kube_play_file }}"  --network "{{ podman_spec.network | default('podman') }}"
 ExecStop=/usr/bin/podman kube down "{{ kube_play_file }}"
 Type=notify
 NotifyAccess=all
 
 [Install]
-WantedBy=default.target
+WantedBy=default.target
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		bombastic walker --sink https://sbom.trustification --source https://access.redhat.com/security/data/sbom/beta/ '-3' --signing-key https://access.redhat.com/security/data/97f5eac4.txt#77E79ABE93673533ED09EBE2DCE3823597F5EAC4 --fix-licenses 'true' --since-file /walker-state/since
		systemctl start v11y-walker.service