Add core services for iop

Signed-off-by: Eric D. Helms <[email protected]>

Author: ehelms

.github/workflows/test.yml

@@ -121,3 +121,72 @@ jobs:
         uses: re-actors/alls-green@release/v1
         with:
           jobs: ${{ toJSON(needs) }}
+
+  iop-tests:
+    strategy:
+      fail-fast: false
+      matrix:
+        certificate_source:
+          - default
+          - installer
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v5
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.12'
+      - name: Setup libvirt for Vagrant
+        uses: voxpupuli/setup-vagrant@v0
+      - name: Install Ansible
+        run: pip install --upgrade ansible-core
+      - name: Setup environment
+        run: ./setup-environment
+      - name: Start VMs
+        run: |
+          ./forge vms start
+      - name: Configure repositories
+        run: |
+          ./forge setup-repositories
+      - name: Create installer certificates
+        if: contains(matrix.certificate_source, 'installer')
+        run: |
+          ./forge installer-certs
+      - name: Run image pull
+        run: |
+          ./foremanctl pull-images
+      - name: Run deployment
+        run: |
+          ./foremanctl deploy --enable-iop true --certificate-source=${{ matrix.certificate_source }} --foreman-initial-admin-password=changeme
+      - name: Setup hammer
+        run: |
+          ./foremanctl setup-hammer
+      - name: Run tests
+        run: |
+          ./forge test --pytest-args="--certificate-source=${{ matrix.certificate_source }}"
+      - name: Run smoker
+        run: |
+          ./forge smoker
+      - name: Archive smoker report
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v5
+        with:
+          name: smoker-iop-${{ matrix.certificate_source }}
+          path: "/home/runner/smoker/report/"
+      - name: Generate sos reports
+        if: ${{ always() }}
+        run: ./forge sos
+      - name: Archive sos reports
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v5
+        with:
+          name: sosreport-iop-${{ matrix.certificate_source }}
+          path: sos/
+      - name: Setup upterm session
+        if: ${{ failure() }}
+        uses: owenthereal/action-upterm@v1
+        with:
+          ## limits ssh access and adds the ssh public key for the user which triggered the workflow
+          limit-access-to-actor: true
+          ## If no one connects after 5 minutes, shut down server.
+          wait-timeout-minutes: 5

development/ansible.cfg

@@ -2,5 +2,5 @@
 host_key_checking = False
 stdout_callback=debug
 stderr_callback=debug
-roles_path = ./roles
+roles_path = ./roles:../src/roles
 display_skipped_hosts = no

docs/parameters.md

@@ -51,6 +51,14 @@ There are multiple use cases from the users perspective that dictate what parame
 | `--foreman-initial-admin-password` | Initial password for the admin user | `--foreman-initial-admin-password` |
 | `--foreman-puma-workers` | Number of workers for Puma | `--foreman-foreman-service-puma-workers` |
 
+#### IOP
+
+##### Mapped
+
+| Parameter | Description | foreman-installer Parameters |
+| ----------| ----------- | ---------------------------- |
+| `--enable-iop` | Enable deployment of IOP services | `--enable-iop` |
+
 #### Certs
 
 ##### Mapped

src/playbooks/deploy/deploy.yaml

@@ -54,4 +54,6 @@
     - pulp
     - foreman
     - role: systemd_target
+    - role: iop_core
+      when: enable_iop | bool
     - post_install

src/playbooks/deploy/metadata.obsah.yaml

@@ -9,6 +9,8 @@ variables:
     help: Initial password for the admin user.
   foreman_puma_workers:
     help: Number of workers for Puma.
+  enable_iop:
+    help: Enable deployment of IOP services.
 
 include:
   - _certificate_source

src/roles/iop_core/tasks/main.yaml

@@ -0,0 +1,24 @@
+---
+- name: Deploy IOP Kafka service
+  ansible.builtin.include_role:
+    name: iop_kafka
+
+- name: Deploy IOP Ingress service
+  ansible.builtin.include_role:
+    name: iop_ingress
+
+- name: Deploy IOP Gateway service
+  ansible.builtin.include_role:
+    name: iop_gateway
+
+- name: Deploy IOP Puptoo service
+  ansible.builtin.include_role:
+    name: iop_puptoo
+
+- name: Deploy IOP Yuptoo service
+  ansible.builtin.include_role:
+    name: iop_yuptoo
+
+- name: Deploy IOP Engine service
+  ansible.builtin.include_role:
+    name: iop_engine

src/roles/iop_engine/defaults/main.yaml

@@ -0,0 +1,8 @@
+---
+iop_engine_container_image: "quay.io/iop/insights-engine"
+iop_engine_container_tag: "latest"
+
+iop_engine_packages:
+  - "insights.specs.default"
+  - "insights.specs.insights_archive"
+  - "insights_kafka_service.rules"

src/roles/iop_engine/handlers/main.yaml

@@ -0,0 +1,14 @@
+---
+- name: Check if engine service exists
+  ansible.builtin.systemd:
+    name: iop-core-engine
+  register: engine_service_status
+  failed_when: false
+  listen: restart engine
+
+- name: Restart engine service if it exists
+  ansible.builtin.systemd:
+    name: iop-core-engine
+    state: restarted
+  when: engine_service_status.status is defined and engine_service_status.status.LoadState != "not-found"
+  listen: restart engine

src/roles/iop_engine/tasks/main.yaml

@@ -0,0 +1,44 @@
+---
+- name: Pull Engine container image
+  containers.podman.podman_image:
+    name: "{{ iop_engine_container_image }}:{{ iop_engine_container_tag }}"
+    state: present
+
+- name: Create Engine config secret
+  containers.podman.podman_secret:
+    state: present
+    name: iop-core-engine-config-yml
+    data: "{{ lookup('ansible.builtin.template', 'engine/config.yml.j2') }}"
+  notify: restart engine
+
+- name: Deploy Engine container
+  containers.podman.podman_container:
+    name: iop-core-engine
+    image: "{{ iop_engine_container_image }}:{{ iop_engine_container_tag }}"
+    state: quadlet
+    network: host
+    command: insights-core-engine /var/config.yml
+    secrets:
+      - 'iop-core-engine-config-yml,target=/var/config.yml,mode=0440,uid=1000,type=mount'
+    etc_hosts:
+      console.redhat.com: "127.0.0.1"
+    quadlet_options:
+      - |
+        [Unit]
+        Description=IOP Core Engine Container
+        After=iop-core-kafka.service iop-core-ingress.service
+        Wants=iop-core-kafka.service iop-core-ingress.service
+        [Service]
+        Restart=on-failure
+        [Install]
+        WantedBy=default.target
+
+- name: Run daemon reload to make Quadlet create the service files
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Start Engine service
+  ansible.builtin.systemd:
+    name: iop-core-engine
+    enabled: true
+    state: started

src/roles/iop_engine/templates/engine/config.yml.j2

@@ -0,0 +1,33 @@
+plugins:
+  default_component_enabled: true
+  packages:
+{% for package in iop_engine_packages %}
+      - {{ package }}
+{% endfor %}
+configs: []
+service:
+  extract_timeout: 10
+  unpacked_archive_size_limit: 1800000000
+  extract_tmp_dir:
+  format: insights_kafka_service.formats._insights.InsightsFormat
+  target_components: []
+  consumer:
+    name: "insights_kafka_service.consumer.InsightsKafkaConsumer"
+    kwargs:
+      services:
+        - "advisor"
+      group_id: "insights-core-kafka"
+      queued.max.messages.kbytes: 10000
+      session.timeout.ms: 30000
+      max.poll.interval.ms: 600000
+      bootstrap_servers:
+        - "localhost:9092"
+      incoming_topic: platform.inventory.events
+  publisher:
+    name: "insights_kafka_service.producer.InsightsKafkaProducer"
+    kwargs:
+      bootstrap_servers:
+        - "localhost:9092"
+      topic: platform.engine.results
+  downloader:
+    name: "insights_messaging.downloaders.httpfs.Http"