From f46f7fac1fcf7a64956e1b7e27c7a8b74f6bd2d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Mon, 10 Feb 2025 17:14:00 +0100 Subject: [PATCH] DB container improvements List of improvements: - Use Secrets for SSL and DB credentials - Add DB container support to uninstall, start, stop, restart and status - Cleanup the setup from the now unneeded parameters --- mgradm/cmd/inspect/kubernetes.go | 2 +- mgradm/cmd/install/kubernetes/kubernetes.go | 2 +- .../cmd/install/kubernetes/kubernetes_test.go | 2 +- mgradm/cmd/install/podman/podman.go | 3 +- mgradm/cmd/install/podman/podman_test.go | 8 +- mgradm/cmd/install/podman/ssl.go | 12 +- mgradm/cmd/install/podman/utils.go | 47 ++++-- mgradm/cmd/install/shared/flags.go | 2 +- mgradm/cmd/migrate/kubernetes/kubernetes.go | 2 +- .../cmd/migrate/kubernetes/kubernetes_test.go | 2 +- mgradm/cmd/migrate/kubernetes/utils.go | 2 +- mgradm/cmd/migrate/podman/podman.go | 2 +- mgradm/cmd/migrate/podman/podman_test.go | 2 +- mgradm/cmd/migrate/podman/utils.go | 2 +- mgradm/cmd/migrate/shared/flags.go | 2 +- mgradm/cmd/restart/podman.go | 12 +- mgradm/cmd/start/podman.go | 12 +- mgradm/cmd/status/podman.go | 6 +- mgradm/cmd/stop/podman.go | 12 +- mgradm/cmd/support/ptf/podman/podman.go | 2 +- mgradm/cmd/support/ptf/podman/utils.go | 2 +- mgradm/cmd/uninstall/podman.go | 13 +- mgradm/cmd/upgrade/kubernetes/kubernetes.go | 2 +- .../cmd/upgrade/kubernetes/kubernetes_test.go | 2 +- mgradm/cmd/upgrade/podman/podman.go | 3 +- mgradm/cmd/upgrade/podman/podman_test.go | 2 +- mgradm/cmd/upgrade/podman/utils.go | 2 +- mgradm/cmd/upgrade/shared/flags.go | 2 +- mgradm/shared/coco/coco.go | 7 +- mgradm/shared/hub/xmlrpcapi.go | 7 +- mgradm/shared/kubernetes/db.go | 2 +- mgradm/shared/kubernetes/dbFinalize.go | 2 +- mgradm/shared/kubernetes/deployment.go | 2 +- mgradm/shared/kubernetes/services.go | 2 +- mgradm/shared/pgsql/pgsql.go | 143 +++++------------- mgradm/shared/podman/podman.go | 9 +- .../shared/templates/migrateScriptTemplate.go | 2 +- .../templates/pgsqlFinalizeScriptTemplate.go | 2 +- .../templates/pgsqlMigrateScriptTemplate.go | 5 +- .../shared/templates/pgsqlServiceTemplate.go | 56 ++++--- .../pgsqlVersionUpgradeScriptTemplate.go | 5 +- mgradm/shared/templates/serviceTemplate.go | 2 +- mgradm/shared/utils/cmd_utils.go | 18 +-- mgradm/shared/utils/exec_test.go | 2 +- mgradm/shared/utils/flags.go | 7 +- mgradm/shared/utils/setup.go | 29 +--- mgradm/shared/utils/types.go | 2 +- .../cmd/upgrade/kubernetes/kubernetes_test.go | 2 +- mgrpxy/cmd/upgrade/podman/podman_test.go | 2 +- mgrpxy/shared/utils/flags.go | 2 +- shared/connection.go | 2 +- shared/kubernetes/inspect.go | 2 +- shared/kubernetes/kubernetes.go | 2 +- shared/podman/images.go | 8 +- shared/podman/secret.go | 58 +++++-- shared/podman/selinux.go | 2 +- shared/podman/selinux_test.go | 2 +- shared/podman/systemd.go | 6 +- shared/podman/utils.go | 4 +- shared/testutils/flagstests/mgradm.go | 5 +- shared/testutils/flagstests/mgradm_install.go | 2 +- .../testutils/flagstests/mgrpxy_kubernetes.go | 2 +- shared/utils/exec.go | 2 +- shared/utils/ports.go | 10 +- shared/utils/ports_test.go | 4 +- shared/utils/serverinspector.go | 2 +- shared/utils/serverinspector_test.go | 2 +- shared/utils/volumes.go | 41 ++--- 68 files changed, 310 insertions(+), 320 deletions(-) diff --git a/mgradm/cmd/inspect/kubernetes.go b/mgradm/cmd/inspect/kubernetes.go index 7631b460d..037ebdc05 100644 --- a/mgradm/cmd/inspect/kubernetes.go +++ b/mgradm/cmd/inspect/kubernetes.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/install/kubernetes/kubernetes.go b/mgradm/cmd/install/kubernetes/kubernetes.go index df151afe0..728562f03 100644 --- a/mgradm/cmd/install/kubernetes/kubernetes.go +++ b/mgradm/cmd/install/kubernetes/kubernetes.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/install/kubernetes/kubernetes_test.go b/mgradm/cmd/install/kubernetes/kubernetes_test.go index 4ec34b95f..8644f6360 100644 --- a/mgradm/cmd/install/kubernetes/kubernetes_test.go +++ b/mgradm/cmd/install/kubernetes/kubernetes_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/install/podman/podman.go b/mgradm/cmd/install/podman/podman.go index 29ed07bf8..0c8f776a8 100644 --- a/mgradm/cmd/install/podman/podman.go +++ b/mgradm/cmd/install/podman/podman.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -37,7 +37,6 @@ NOTE: installing on a remote podman is not supported yet! flags.ServerFlags.Coco.IsChanged = v.IsSet("coco.replicas") flags.ServerFlags.HubXmlrpc.IsChanged = v.IsSet("hubxmlrpc.replicas") flags.ServerFlags.Saline.IsChanged = v.IsSet("saline.replicas") || v.IsSet("saline.port") - flags.ServerFlags.Pgsql.IsChanged = v.IsSet("pgsql.replicas") } return utils.CommandHelper(globalFlags, cmd, args, &flags, flagsUpdater, run) }, diff --git a/mgradm/cmd/install/podman/podman_test.go b/mgradm/cmd/install/podman/podman_test.go index 3edd8a30a..8b28ff19d 100644 --- a/mgradm/cmd/install/podman/podman_test.go +++ b/mgradm/cmd/install/podman/podman_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -54,8 +54,6 @@ hubxmlrpc: saline: port: 8226 replicas: 1 -pgsql: - replicas: 0 ` dir := t.TempDir() @@ -74,8 +72,6 @@ pgsql: testutils.AssertEquals(t, "Saline replicas badly parsed", 1, flags.Saline.Replicas) testutils.AssertEquals(t, "Saline port badly parsed", 8226, flags.Saline.Port) testutils.AssertTrue(t, "Saline flags not marked as changed", flags.Saline.IsChanged) - testutils.AssertEquals(t, "Pgsql replicas badly parsed", 0, flags.Pgsql.Replicas) - testutils.AssertTrue(t, "Pgsql flags not marked as changed", flags.Pgsql.IsChanged) return nil } @@ -99,8 +95,6 @@ func TestParamsNoConfig(t *testing.T) { testutils.AssertEquals(t, "Saline replicas badly parsed", 0, flags.Saline.Replicas) testutils.AssertEquals(t, "Saline port badly parsed", 8216, flags.Saline.Port) testutils.AssertTrue(t, "Saline flags marked as changed", !flags.Saline.IsChanged) - testutils.AssertEquals(t, "Pgsql replicas badly parsed", 1, flags.Pgsql.Replicas) - testutils.AssertTrue(t, "Pgsql flags marked as changed", !flags.Pgsql.IsChanged) return nil } diff --git a/mgradm/cmd/install/podman/ssl.go b/mgradm/cmd/install/podman/ssl.go index 206d49c82..2e74f0a34 100644 --- a/mgradm/cmd/install/podman/ssl.go +++ b/mgradm/cmd/install/podman/ssl.go @@ -6,6 +6,7 @@ package podman import ( "fmt" + "path" "strings" "github.com/rs/zerolog/log" @@ -92,6 +93,15 @@ func generateSSLCertificates(image string, flags *adm_utils.ServerFlags, fqdn st log.Info().Msg(L("SSL certificates generated")) + // Create secret for the database key and certificate + if err := shared_podman.CreateDBTLSSecrets( + path.Join(tempDir, "ca.crt"), + path.Join(tempDir, "reportdb.crt"), + path.Join(tempDir, "reportdb.key"), + ); err != nil { + return []string{}, cleaner, err + } + return []string{"-v", tempDir + ":/ssl"}, cleaner, nil } @@ -147,7 +157,7 @@ const sslSetupScript = ` --set-country "$CERT_COUNTRY" --set-state "$CERT_STATE" --set-city "$CERT_CITY" \ --set-org "$CERT_O" --set-org-unit "$CERT_OU" \ --set-hostname reportdb.mgr.internal --cert-expiration 3650 --set-email "$CERT_EMAIL" \ - $cert_args + --set-cname reportdb --set-cname db $cert_args cp /root/ssl-build/reportdb/server.crt /ssl/reportdb.crt cp /root/ssl-build/reportdb/server.key /ssl/reportdb.key diff --git a/mgradm/cmd/install/podman/utils.go b/mgradm/cmd/install/podman/utils.go index fd771c6dd..de94faa5d 100644 --- a/mgradm/cmd/install/podman/utils.go +++ b/mgradm/cmd/install/podman/utils.go @@ -102,17 +102,41 @@ func installForPodman( return err } - // TODO Generate SSL Certificates in a separate container + // Create all the database credentials secrets + if err := shared_podman.CreateCredentialsSecrets( + shared_podman.DBUserSecret, flags.Installation.DB.User, + shared_podman.DBPassSecret, flags.Installation.DB.Password, + ); err != nil { + return err + } - // Run the DB container setup - // TODO Adjust with the new setup mechanism - if err := pgsql.SetupPgsql(systemd, authFile, flags.ServerFlags.Pgsql, - flags.Installation.DB.Admin.User, - flags.Installation.DB.Admin.Password, + if err := shared_podman.CreateCredentialsSecrets( + shared_podman.ReportDBUserSecret, flags.Installation.ReportDB.User, + shared_podman.ReportDBPassSecret, flags.Installation.ReportDB.Password, ); err != nil { return err } + if flags.ServerFlags.Installation.DB.Host == "db" { + // The admin password is not needed for external databases + if err := shared_podman.CreateCredentialsSecrets( + shared_podman.DBAdminUserSecret, flags.Installation.DB.Admin.User, + shared_podman.DBAdminPassSecret, flags.Installation.DB.Admin.Password, + ); err != nil { + return err + } + + // Run the DB container setup if the user doesn't set a custom host name for it. + if err := pgsql.SetupPgsql(systemd, authFile, &flags.ServerFlags.Pgsql, &flags.Image); err != nil { + return err + } + } else { + log.Info().Msgf( + L("Skipped database container setup to use external database %s"), + flags.ServerFlags.Installation.DB.Host, + ) + } + log.Info().Msg(L("Run setup command in the container")) if err := runSetup(preparedImage, &flags.ServerFlags, fqdn, sslArgs); err != nil { @@ -127,11 +151,6 @@ func installForPodman( return utils.Error(err, L("failed to add SSL CA certificate to host trusted certificates")) } - log.Info().Msg(L("Enabling SSL in the postgres container")) - if err := pgsql.EnableSSL(systemd); err != nil { - return err - } - if path, err := exec.LookPath("uyuni-payg-extract-data"); err == nil { // the binary is installed err = utils.RunCmdStdMapping(zerolog.DebugLevel, path) @@ -141,10 +160,6 @@ func installForPodman( } if flags.Coco.Replicas > 0 { - // This may need to be moved up later once more containers require DB access - if err := shared_podman.CreateDBSecrets(flags.Installation.DB.User, flags.Installation.DB.Password); err != nil { - return err - } if err := coco.SetupCocoContainer( systemd, authFile, flags.Image.Registry, flags.Coco, flags.Image, flags.Installation.DB.Name, flags.Installation.DB.Port, @@ -206,7 +221,7 @@ func runSetup(image string, flags *adm_utils.ServerFlags, fqdn string, sslArgs [ if err != nil { return err } - command = append(command, "/usr/bin/sh", "-c", script) + command = append(command, "/usr/bin/sh", "-e", "-c", script) if _, err := newRunner("podman", command...).Env(envValues).StdMapping().Exec(); err != nil { return utils.Error(err, L("server setup failed")) diff --git a/mgradm/cmd/install/shared/flags.go b/mgradm/cmd/install/shared/flags.go index 64bb00364..27df15241 100644 --- a/mgradm/cmd/install/shared/flags.go +++ b/mgradm/cmd/install/shared/flags.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/migrate/kubernetes/kubernetes.go b/mgradm/cmd/migrate/kubernetes/kubernetes.go index 85d51a8a9..9c226ecd1 100644 --- a/mgradm/cmd/migrate/kubernetes/kubernetes.go +++ b/mgradm/cmd/migrate/kubernetes/kubernetes.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/migrate/kubernetes/kubernetes_test.go b/mgradm/cmd/migrate/kubernetes/kubernetes_test.go index 159b37238..baf4ccdc6 100644 --- a/mgradm/cmd/migrate/kubernetes/kubernetes_test.go +++ b/mgradm/cmd/migrate/kubernetes/kubernetes_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/migrate/kubernetes/utils.go b/mgradm/cmd/migrate/kubernetes/utils.go index b3366c05d..c823f4cec 100644 --- a/mgradm/cmd/migrate/kubernetes/utils.go +++ b/mgradm/cmd/migrate/kubernetes/utils.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/migrate/podman/podman.go b/mgradm/cmd/migrate/podman/podman.go index 9916cf37c..b72fcf331 100644 --- a/mgradm/cmd/migrate/podman/podman.go +++ b/mgradm/cmd/migrate/podman/podman.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/migrate/podman/podman_test.go b/mgradm/cmd/migrate/podman/podman_test.go index decfcebb9..a9029c1ff 100644 --- a/mgradm/cmd/migrate/podman/podman_test.go +++ b/mgradm/cmd/migrate/podman/podman_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/migrate/podman/utils.go b/mgradm/cmd/migrate/podman/utils.go index 3511d1258..daa11695f 100644 --- a/mgradm/cmd/migrate/podman/utils.go +++ b/mgradm/cmd/migrate/podman/utils.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/migrate/shared/flags.go b/mgradm/cmd/migrate/shared/flags.go index f19f488bb..a800ca61f 100644 --- a/mgradm/cmd/migrate/shared/flags.go +++ b/mgradm/cmd/migrate/shared/flags.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/restart/podman.go b/mgradm/cmd/restart/podman.go index e801e31dc..73235c307 100644 --- a/mgradm/cmd/restart/podman.go +++ b/mgradm/cmd/restart/podman.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -19,8 +19,10 @@ func podmanRestart( _ *cobra.Command, _ []string, ) error { - err1 := systemd.RestartService(podman.ServerService) - err2 := systemd.RestartInstantiated(podman.ServerAttestationService) - err3 := systemd.RestartInstantiated(podman.HubXmlrpcService) - return utils.JoinErrors(err1, err2, err3) + return utils.JoinErrors( + systemd.RestartService(podman.DBService), + systemd.RestartService(podman.ServerService), + systemd.RestartInstantiated(podman.ServerAttestationService), + systemd.RestartInstantiated(podman.HubXmlrpcService), + ) } diff --git a/mgradm/cmd/start/podman.go b/mgradm/cmd/start/podman.go index eafb10b60..a5660c20a 100644 --- a/mgradm/cmd/start/podman.go +++ b/mgradm/cmd/start/podman.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -19,8 +19,10 @@ func podmanStart( _ *cobra.Command, _ []string, ) error { - err1 := systemd.StartInstantiated(podman.ServerAttestationService) - err2 := systemd.StartInstantiated(podman.HubXmlrpcService) - err3 := systemd.StartService(podman.ServerService) - return utils.JoinErrors(err1, err2, err3) + return utils.JoinErrors( + systemd.StartService(podman.DBService), + systemd.StartInstantiated(podman.ServerAttestationService), + systemd.StartInstantiated(podman.HubXmlrpcService), + systemd.StartService(podman.ServerService), + ) } diff --git a/mgradm/cmd/status/podman.go b/mgradm/cmd/status/podman.go index 86a61b172..385a0f36b 100644 --- a/mgradm/cmd/status/podman.go +++ b/mgradm/cmd/status/podman.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -24,6 +24,10 @@ func podmanStatus( _ *cobra.Command, _ []string, ) error { + if systemd.HasService(podman.DBService) { + _ = utils.RunCmdStdMapping(zerolog.DebugLevel, "systemctl", "status", "--no-pager", podman.DBService) + } + // Show the status and that's it if the service is not running if !systemd.IsServiceRunning(podman.ServerService) { _ = utils.RunCmdStdMapping(zerolog.DebugLevel, "systemctl", "status", "--no-pager", podman.ServerService) diff --git a/mgradm/cmd/stop/podman.go b/mgradm/cmd/stop/podman.go index 030d02f95..cded57e71 100644 --- a/mgradm/cmd/stop/podman.go +++ b/mgradm/cmd/stop/podman.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -19,8 +19,10 @@ func podmanStop( _ *cobra.Command, _ []string, ) error { - err1 := systemd.StopInstantiated(podman.ServerAttestationService) - err2 := systemd.StopInstantiated(podman.HubXmlrpcService) - err3 := systemd.StopService(podman.ServerService) - return utils.JoinErrors(err1, err2, err3) + return utils.JoinErrors( + systemd.StopInstantiated(podman.ServerAttestationService), + systemd.StopInstantiated(podman.HubXmlrpcService), + systemd.StopService(podman.ServerService), + systemd.StopService(podman.DBService), + ) } diff --git a/mgradm/cmd/support/ptf/podman/podman.go b/mgradm/cmd/support/ptf/podman/podman.go index e5950fe82..369642989 100644 --- a/mgradm/cmd/support/ptf/podman/podman.go +++ b/mgradm/cmd/support/ptf/podman/podman.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 //go:build ptf diff --git a/mgradm/cmd/support/ptf/podman/utils.go b/mgradm/cmd/support/ptf/podman/utils.go index 5e6fe297d..60b91cd9c 100644 --- a/mgradm/cmd/support/ptf/podman/utils.go +++ b/mgradm/cmd/support/ptf/podman/utils.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 //go:build ptf diff --git a/mgradm/cmd/uninstall/podman.go b/mgradm/cmd/uninstall/podman.go index f8d62fc86..f2ae82be9 100644 --- a/mgradm/cmd/uninstall/podman.go +++ b/mgradm/cmd/uninstall/podman.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -27,7 +27,7 @@ func uninstallForPodman( podman.GetServiceImage(podman.ServerAttestationService + "@"), podman.GetServiceImage(podman.HubXmlrpcService), podman.GetServiceImage(podman.ServerSalineService + "@"), - podman.GetServiceImage(podman.PgsqlService), + podman.GetServiceImage(podman.DBService), } // Uninstall the service @@ -38,7 +38,7 @@ func uninstallForPodman( systemd.UninstallInstantiatedService(podman.ServerAttestationService, !flags.Force) systemd.UninstallInstantiatedService(podman.HubXmlrpcService, !flags.Force) systemd.UninstallInstantiatedService(podman.ServerSalineService, !flags.Force) - systemd.UninstallInstantiatedService(podman.PgsqlService, !flags.Force) + systemd.UninstallService(podman.DBService, !flags.Force) // Remove the volumes if flags.Purge.Volumes { @@ -76,8 +76,15 @@ func uninstallForPodman( podman.DeleteNetwork(!flags.Force) + podman.DeleteSecret(podman.ReportDBUserSecret, !flags.Force) + podman.DeleteSecret(podman.ReportDBPassSecret, !flags.Force) podman.DeleteSecret(podman.DBUserSecret, !flags.Force) podman.DeleteSecret(podman.DBPassSecret, !flags.Force) + podman.DeleteSecret(podman.DBAdminUserSecret, !flags.Force) + podman.DeleteSecret(podman.DBAdminPassSecret, !flags.Force) + podman.DeleteSecret(podman.DBSSLCertSecret, !flags.Force) + podman.DeleteSecret(podman.DBSSLKeySecret, !flags.Force) + podman.DeleteSecret(podman.CASecret, !flags.Force) err := systemd.ReloadDaemon(!flags.Force) diff --git a/mgradm/cmd/upgrade/kubernetes/kubernetes.go b/mgradm/cmd/upgrade/kubernetes/kubernetes.go index 90ce1dd94..b5442ada4 100644 --- a/mgradm/cmd/upgrade/kubernetes/kubernetes.go +++ b/mgradm/cmd/upgrade/kubernetes/kubernetes.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/upgrade/kubernetes/kubernetes_test.go b/mgradm/cmd/upgrade/kubernetes/kubernetes_test.go index 5a33eb631..9da85d47e 100644 --- a/mgradm/cmd/upgrade/kubernetes/kubernetes_test.go +++ b/mgradm/cmd/upgrade/kubernetes/kubernetes_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/upgrade/podman/podman.go b/mgradm/cmd/upgrade/podman/podman.go index 3f4148abd..2483ccf62 100644 --- a/mgradm/cmd/upgrade/podman/podman.go +++ b/mgradm/cmd/upgrade/podman/podman.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -31,7 +31,6 @@ func newCmd(globalFlags *types.GlobalFlags, run utils.CommandFunc[podmanUpgradeF flags.ServerFlags.Coco.IsChanged = v.IsSet("coco.replicas") flags.ServerFlags.HubXmlrpc.IsChanged = v.IsSet("hubxmlrpc.replicas") flags.ServerFlags.Saline.IsChanged = v.IsSet("saline.replicas") || v.IsSet("saline.port") - flags.ServerFlags.Pgsql.IsChanged = v.IsSet("pgsql.replicas") } return utils.CommandHelper(globalFlags, cmd, args, &flags, flagsUpdater, run) }, diff --git a/mgradm/cmd/upgrade/podman/podman_test.go b/mgradm/cmd/upgrade/podman/podman_test.go index 5734ddf3f..a40df4453 100644 --- a/mgradm/cmd/upgrade/podman/podman_test.go +++ b/mgradm/cmd/upgrade/podman/podman_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/upgrade/podman/utils.go b/mgradm/cmd/upgrade/podman/utils.go index 97d0f9835..9b4b3a6e8 100644 --- a/mgradm/cmd/upgrade/podman/utils.go +++ b/mgradm/cmd/upgrade/podman/utils.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/cmd/upgrade/shared/flags.go b/mgradm/cmd/upgrade/shared/flags.go index 7f0182dbd..b5d4d50bf 100644 --- a/mgradm/cmd/upgrade/shared/flags.go +++ b/mgradm/cmd/upgrade/shared/flags.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/shared/coco/coco.go b/mgradm/shared/coco/coco.go index bb72d46dd..3bb296e79 100644 --- a/mgradm/shared/coco/coco.go +++ b/mgradm/shared/coco/coco.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -33,7 +33,10 @@ func Upgrade( return nil } - if err := podman.CreateDBSecrets(dbUser, dbPassword); err != nil { + if err := podman.CreateCredentialsSecrets( + podman.DBUserSecret, dbUser, + podman.DBPassSecret, dbPassword, + ); err != nil { return err } diff --git a/mgradm/shared/hub/xmlrpcapi.go b/mgradm/shared/hub/xmlrpcapi.go index 771c804ee..d48824c1d 100644 --- a/mgradm/shared/hub/xmlrpcapi.go +++ b/mgradm/shared/hub/xmlrpcapi.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -32,12 +32,11 @@ func SetupHubXmlrpc( if hubXmlrpcFlags.Replicas == 0 { log.Debug().Msg("No HUB requested.") } - if !hubXmlrpcFlags.IsChanged { + if !hubXmlrpcFlags.IsChanged && hubXmlrpcFlags.Replicas == currentReplicas { log.Info().Msgf(L("No changes requested for hub. Keep %d replicas."), currentReplicas) } - pullEnabled := (hubXmlrpcFlags.Replicas > 0 && hubXmlrpcFlags.IsChanged) || - (currentReplicas > 0 && !hubXmlrpcFlags.IsChanged) + pullEnabled := hubXmlrpcFlags.Replicas > 0 || (currentReplicas > 0 && !hubXmlrpcFlags.IsChanged) hubXmlrpcImage, err := utils.ComputeImage(registry, tag, image) diff --git a/mgradm/shared/kubernetes/db.go b/mgradm/shared/kubernetes/db.go index da5ea7d69..7fc4f6d3d 100644 --- a/mgradm/shared/kubernetes/db.go +++ b/mgradm/shared/kubernetes/db.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/shared/kubernetes/dbFinalize.go b/mgradm/shared/kubernetes/dbFinalize.go index e776ba122..8f4f5a31e 100644 --- a/mgradm/shared/kubernetes/dbFinalize.go +++ b/mgradm/shared/kubernetes/dbFinalize.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/shared/kubernetes/deployment.go b/mgradm/shared/kubernetes/deployment.go index 1c2dfb348..91229f727 100644 --- a/mgradm/shared/kubernetes/deployment.go +++ b/mgradm/shared/kubernetes/deployment.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/shared/kubernetes/services.go b/mgradm/shared/kubernetes/services.go index 009ccce7f..7a72f3ca4 100644 --- a/mgradm/shared/kubernetes/services.go +++ b/mgradm/shared/kubernetes/services.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/shared/pgsql/pgsql.go b/mgradm/shared/pgsql/pgsql.go index cabaf96c9..d4ce1c1d1 100644 --- a/mgradm/shared/pgsql/pgsql.go +++ b/mgradm/shared/pgsql/pgsql.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -7,12 +7,12 @@ package pgsql import ( "fmt" - "github.com/rs/zerolog/log" "github.com/uyuni-project/uyuni-tools/mgradm/shared/templates" cmd_utils "github.com/uyuni-project/uyuni-tools/mgradm/shared/utils" "github.com/uyuni-project/uyuni-tools/shared" . "github.com/uyuni-project/uyuni-tools/shared/l10n" "github.com/uyuni-project/uyuni-tools/shared/podman" + "github.com/uyuni-project/uyuni-tools/shared/types" "github.com/uyuni-project/uyuni-tools/shared/utils" ) @@ -20,83 +20,41 @@ import ( func SetupPgsql( systemd podman.Systemd, authFile string, - pgsqlFlags cmd_utils.PgsqlFlags, - admin string, - password string, + pgsqlFlags *cmd_utils.PgsqlFlags, + globalImageFlags *types.ImageFlags, ) error { image := pgsqlFlags.Image - currentReplicas := systemd.CurrentReplicaCount(podman.PgsqlService) - log.Debug().Msgf("Current HUB replicas running are %d.", currentReplicas) - - if pgsqlFlags.Replicas == 0 { - log.Debug().Msg("No pgsql requested.") - } - if !pgsqlFlags.IsChanged { - log.Info().Msgf(L("No changes requested for hub. Keep %d replicas."), currentReplicas) - } - - pullEnabled := (pgsqlFlags.Replicas > 0 && pgsqlFlags.IsChanged) || (currentReplicas > 0 && !pgsqlFlags.IsChanged) - - pgsqlImage, err := utils.ComputeImage(pgsqlFlags.Image.Registry, pgsqlFlags.Image.Tag, image) + pgsqlImage, err := utils.ComputeImage(globalImageFlags.Registry, globalImageFlags.Tag, image) if err != nil { - return utils.Errorf(err, L("failed to compute image URL")) + return utils.Error(err, L("failed to compute image URL")) } - preparedImage, err := podman.PrepareImage(authFile, pgsqlImage, pgsqlFlags.Image.PullPolicy, pullEnabled) + preparedImage, err := podman.PrepareImage(authFile, pgsqlImage, globalImageFlags.PullPolicy, true) if err != nil { return err } - if err := generatePgsqlSystemdService(systemd, preparedImage, admin, password); err != nil { - return utils.Errorf(err, L("cannot generate systemd service")) + if err := generatePgsqlSystemdService(systemd, preparedImage); err != nil { + return utils.Error(err, L("cannot generate systemd service")) } - if err := EnablePgsql(systemd, 0); err != nil { - return err - } - if err := EnablePgsql(systemd, pgsqlFlags.Replicas); err != nil { + if err := EnablePgsql(systemd); err != nil { return err } - cnx := shared.NewConnection("podman", podman.PgsqlContainerName, "") + cnx := shared.NewConnection("podman", podman.DBContainerName, "") if err := cnx.WaitForHealthcheck(); err != nil { return err } - // Now the servisce is up and ready, the admin credentials are no longer needed - if err := generatePgsqlSystemdService(systemd, preparedImage, "", ""); err != nil { - return utils.Errorf(err, L("cannot generate systemd service")) - } return nil } -// EnableSSL enables ssl in postgres container, as long as the certs are mounted. -func EnableSSL(systemd podman.Systemd) error { - cnx := shared.NewConnection("podman", podman.PgsqlContainerName, "") - if _, err := cnx.Exec("/docker-entrypoint-initdb.d/uyuni-postgres-config.sh"); err != nil { - return err - } - - if err := systemd.RestartInstantiated(podman.PgsqlService); err != nil { - return utils.Errorf(err, L("cannot restart service")) - } - - if err := cnx.WaitForHealthcheck(); err != nil { - return err - } - return nil -} - -// EnablePgsql enables the hub xmlrpc service if the number of replicas is 1. -// This function is meant for installation or migration, to enable or disable the service after, use ScaleService. -func EnablePgsql(systemd podman.Systemd, replicas int) error { - if replicas > 1 { - log.Warn().Msg(L("Multiple Hub XML-RPC container replicas are not currently supported, setting up only one.")) - replicas = 1 - } - - if err := systemd.ScaleService(replicas, podman.PgsqlService); err != nil { - return utils.Errorf(err, L("cannot enable service")) +// EnablePgsql enables the database service. +// This function is meant for installation or migration, to enable and start the service. +func EnablePgsql(systemd podman.Systemd) error { + if err := systemd.EnableService(podman.DBService); err != nil { + return utils.Errorf(err, L("cannot enable %s service"), podman.DBService) } return nil } @@ -108,83 +66,64 @@ func Upgrade( pgsqlFlags cmd_utils.PgsqlFlags, ) error { image := pgsqlFlags.Image - currentReplicas := systemd.CurrentReplicaCount(podman.PgsqlService) - log.Debug().Msgf("Current HUB replicas running are %d.", currentReplicas) - - if pgsqlFlags.Replicas == 0 { - log.Debug().Msg("No pgsql requested.") - } - if !pgsqlFlags.IsChanged { - log.Info().Msgf(L("No changes requested for hub. Keep %d replicas."), currentReplicas) - } - - pullEnabled := (pgsqlFlags.Replicas > 0 && pgsqlFlags.IsChanged) || (currentReplicas > 0 && !pgsqlFlags.IsChanged) - pgsqlImage, err := utils.ComputeImage(pgsqlFlags.Image.Registry, pgsqlFlags.Image.Tag, image) if err != nil { - return utils.Errorf(err, L("failed to compute image URL")) + return utils.Error(err, L("failed to compute image URL")) } - preparedImage, err := podman.PrepareImage(authFile, pgsqlImage, pgsqlFlags.Image.PullPolicy, pullEnabled) - if err != nil { - return err - } - err = podman.RunContainer("uyuni-db-migrate", pgsqlImage, utils.PgsqlRequiredVolumeMounts, []string{}, - []string{"chown", "postgres", "/etc/pki/tls/private/pg-spacewalk.key"}) + preparedImage, err := podman.PrepareImage(authFile, pgsqlImage, pgsqlFlags.Image.PullPolicy, true) if err != nil { return err } - if err := generatePgsqlSystemdService(systemd, preparedImage, "", ""); err != nil { - return utils.Errorf(err, L("cannot generate systemd service")) + if err := generatePgsqlSystemdService(systemd, preparedImage); err != nil { + return utils.Error(err, L("cannot generate systemd service")) } if err := systemd.ReloadDaemon(false); err != nil { return err } - if err := EnablePgsql(systemd, 0); err != nil { - return err - } - if err := EnablePgsql(systemd, pgsqlFlags.Replicas); err != nil { + if err := EnablePgsql(systemd); err != nil { return err } - cnx := shared.NewConnection("podman", podman.PgsqlContainerName, "") + cnx := shared.NewConnection("podman", podman.DBContainerName, "") return cnx.WaitForHealthcheck() } -// generatePgsqlSystemdService creates the Hub XMLRPC systemd files. +// generatePgsqlSystemdService creates the DB container systemd files. func generatePgsqlSystemdService( systemd podman.Systemd, image string, - admin string, - password string, ) error { pgsqlData := templates.PgsqlServiceTemplateData{ - Volumes: utils.PgsqlRequiredVolumeMounts, - Ports: utils.DBPorts, - NamePrefix: "uyuni", - Network: podman.UyuniNetwork, - Image: image, + Volumes: utils.PgsqlRequiredVolumeMounts, + Ports: utils.DBPorts, + NamePrefix: "uyuni", + Network: podman.UyuniNetwork, + Image: image, + CaSecret: podman.CASecret, + CertSecret: podman.DBSSLCertSecret, + KeySecret: podman.DBSSLKeySecret, + AdminUser: podman.DBAdminUserSecret, + AdminPassword: podman.DBAdminPassSecret, + ManagerUser: podman.DBUserSecret, + ManagerPassword: podman.DBPassSecret, + ReportUser: podman.ReportDBUserSecret, + ReportPassword: podman.ReportDBPassSecret, } if err := utils.WriteTemplateToFile( - pgsqlData, podman.GetServicePath(podman.PgsqlService+"@"), 0555, true, + pgsqlData, podman.GetServicePath(podman.DBService), 0555, true, ); err != nil { - return utils.Errorf(err, L("failed to generate systemd service unit file")) + return utils.Error(err, L("failed to generate systemd service unit file")) } environment := fmt.Sprintf("Environment=UYUNI_IMAGE=%s\n", image) - if admin != "" { - environment += fmt.Sprintf("Environment=POSTGRES_USER=\"%s\"\n", admin) - } - if password != "" { - environment += fmt.Sprintf("Environment=POSTGRES_PASSWORD=\"%s\"\n", password) - } - if err := podman.GenerateSystemdConfFile(podman.PgsqlService+"@", "generated.conf", environment, true); err != nil { - return utils.Errorf(err, L("cannot generate systemd conf file")) + if err := podman.GenerateSystemdConfFile(podman.DBService, "generated.conf", environment, true); err != nil { + return utils.Error(err, L("cannot generate systemd configuration file")) } return systemd.ReloadDaemon(false) diff --git a/mgradm/shared/podman/podman.go b/mgradm/shared/podman/podman.go index f81ab06be..f3af86aeb 100644 --- a/mgradm/shared/podman/podman.go +++ b/mgradm/shared/podman/podman.go @@ -415,21 +415,18 @@ func Upgrade( if inspectedValues.CurrentPgVersionNotMigrated != "" || inspectedValues.DBHost == "localhost" || inspectedValues.ReportDBHost == "localhost" { - log.Info().Msgf(L("Configuring external postgresql. Current version: %[1]s, not migrated version: %[2]s"), + log.Info().Msgf(L("Configuring split PostgreSQL container. Current version: %[1]s, not migrated version: %[2]s"), inspectedValues.CurrentPgVersion, inspectedValues.CurrentPgVersionNotMigrated) - if err := RunPgsqlContainerMigration( - preparedImage, "uyuni-pgsql-server.mgr.internal", "uyuni-pgsql-server.mgr.internal", - ); err != nil { + if err := RunPgsqlContainerMigration(preparedImage, "db", "reportdb"); err != nil { return utils.Errorf(err, L("cannot run PostgreSQL version upgrade script")) } inspectedValues.CurrentPgVersion = inspectedValues.CurrentPgVersionNotMigrated - pgsqlFlags.Replicas = 1 // migrating pgsql to separate container } if inspectedValues.ImagePgVersion > inspectedValues.CurrentPgVersion { log.Info().Msgf( - L("Previous postgresql is %[1]s, instead new one is %[2]s. Performing a DB version upgradeā€¦"), + L("Previous PostgreSQL is %[1]s, instead new one is %[2]s. Performing a DB version upgradeā€¦"), inspectedValues.CurrentPgVersion, inspectedValues.ImagePgVersion, ) if err := RunPgsqlVersionUpgrade( diff --git a/mgradm/shared/templates/migrateScriptTemplate.go b/mgradm/shared/templates/migrateScriptTemplate.go index fa01502bc..229f383be 100644 --- a/mgradm/shared/templates/migrateScriptTemplate.go +++ b/mgradm/shared/templates/migrateScriptTemplate.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/shared/templates/pgsqlFinalizeScriptTemplate.go b/mgradm/shared/templates/pgsqlFinalizeScriptTemplate.go index cd6df01b3..183b45d5d 100644 --- a/mgradm/shared/templates/pgsqlFinalizeScriptTemplate.go +++ b/mgradm/shared/templates/pgsqlFinalizeScriptTemplate.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/shared/templates/pgsqlMigrateScriptTemplate.go b/mgradm/shared/templates/pgsqlMigrateScriptTemplate.go index 84cea9ef3..326e1143c 100644 --- a/mgradm/shared/templates/pgsqlMigrateScriptTemplate.go +++ b/mgradm/shared/templates/pgsqlMigrateScriptTemplate.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -21,11 +21,10 @@ if [ -d /var/lib/pgsql/data/data ] ; then echo "Adding database access for other containers..." db_user=$(sed -n '/^db_user/{s/^.*=[ \t]\+\(.*\)$/\1/ ; p}' /etc/rhn/rhn.conf) db_name=$(sed -n '/^db_name/{s/^.*=[ \t]\+\(.*\)$/\1/ ; p}' /etc/rhn/rhn.conf) - ip=$(ip -o -4 addr show up scope global | head -1 | awk '{print $4}' || true) echo "host $db_name $db_user all scram-sha-256" >> /var/lib/pgsql/data/pg_hba.conf ls -la /var/lib/pgsql/data - + fi {{ if .ReportDBHost }} diff --git a/mgradm/shared/templates/pgsqlServiceTemplate.go b/mgradm/shared/templates/pgsqlServiceTemplate.go index 391649cb5..265acf003 100644 --- a/mgradm/shared/templates/pgsqlServiceTemplate.go +++ b/mgradm/shared/templates/pgsqlServiceTemplate.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -11,11 +11,11 @@ import ( "github.com/uyuni-project/uyuni-tools/shared/types" ) -const pgsqlServiceTemplate = `# uyuni-pgsql-server.service, generated by mgradm -# Use an uyuni-pgsql-server.service.d/local.conf file to override +const pgsqlServiceTemplate = `# uyuni-db-server.service, generated by mgradm +# Use an uyuni-db-server.service.d/local.conf file to override [Unit] -Description=Uyuni postgres server image container service +Description=Uyuni database container service Wants=network.target After=network-online.target RequiresMountsFor=%t/containers @@ -23,19 +23,29 @@ RequiresMountsFor=%t/containers [Service] Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure -ExecStartPre=/bin/rm -f %t/uyuni-pgsql-server.pid %t/%n.ctr-id -ExecStartPre=/usr/bin/podman rm --ignore --force -t 10 {{ .NamePrefix }}-pgsql-server +ExecStartPre=/bin/rm -f %t/%n.pid %t/%n.ctr-id +ExecStartPre=/usr/bin/podman rm --ignore --force -t 10 {{ .NamePrefix }}-db ExecStart=/bin/sh -c '/usr/bin/podman run \ - --conmon-pidfile %t/uyuni-pgsql-server.pid \ + --conmon-pidfile %t/%n.pid \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ --shm-size=0 \ --shm-size-systemd=0 \ --sdnotify=conmon \ -d \ - --name {{ .NamePrefix }}-pgsql-server \ - --hostname {{ .NamePrefix }}-pgsql-server.mgr.internal \ - {{ .Args }} \ + --name {{ .NamePrefix }}-db \ + --hostname {{ .NamePrefix }}-db.mgr.internal \ + --network-alias db \ + --network-alias reportdb \ + --secret {{ .CaSecret }},type=mount,target=/etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT \ + --secret {{ .KeySecret }},type=mount,mode=0400,target=/etc/pki/tls/private/pg-spacewalk.key \ + --secret {{ .CertSecret }},type=mount,target=/etc/pki/tls/certs/spacewalk.crt \ + --secret {{ .AdminUser }},type=env,target=POSTGRES_USER \ + --secret {{ .AdminPassword }},type=env,target=POSTGRES_PASSWORD \ + --secret {{ .ManagerUser }},type=env,target=MANAGER_USER \ + --secret {{ .ManagerPassword }},type=env,target=MANAGER_PASSWORD \ + --secret {{ .ReportUser }},type=env,target=REPORTDB_USER \ + --secret {{ .ReportPassword }},type=env,target=REPORTDB_PASSWORD \ {{- range .Ports }} -p {{ .Exposed }}:{{ .Port }}{{if .Protocol}}/{{ .Protocol }}{{end}} \ {{- if $.IPV6Enabled }} @@ -45,8 +55,6 @@ ExecStart=/bin/sh -c '/usr/bin/podman run \ {{- range .Volumes }} -v {{ .Name }}:{{ .MountPath }}:z \ {{- end }} - -e TZ=${TZ} \ - -e POSTGRES_PASSWORD \ --network {{ .Network }} \ ${PODMAN_EXTRA_ARGS} ${UYUNI_IMAGE}' ExecStop=/usr/bin/podman stop \ @@ -57,7 +65,7 @@ ExecStopPost=/usr/bin/podman rm \ --ignore -t 10 \ --cidfile=%t/%n.ctr-id -PIDFile=%t/uyuni-pgsql-server.pid +PIDFile=%t/%n.pid TimeoutStopSec=180 TimeoutStartSec=900 Type=forking @@ -68,13 +76,21 @@ WantedBy=multi-user.target default.target // PostgresServiceTemplateData POD information to create systemd file. type PgsqlServiceTemplateData struct { - Volumes []types.VolumeMount - NamePrefix string - Args string - Ports []types.PortMap - Image string - Network string - IPV6Enabled bool + Volumes []types.VolumeMount + NamePrefix string + Ports []types.PortMap + Image string + Network string + IPV6Enabled bool + CaSecret string + CertSecret string + KeySecret string + AdminUser string + AdminPassword string + ManagerUser string + ManagerPassword string + ReportUser string + ReportPassword string } // Render will create the systemd configuration file. diff --git a/mgradm/shared/templates/pgsqlVersionUpgradeScriptTemplate.go b/mgradm/shared/templates/pgsqlVersionUpgradeScriptTemplate.go index 277bcadc7..d9267664c 100644 --- a/mgradm/shared/templates/pgsqlVersionUpgradeScriptTemplate.go +++ b/mgradm/shared/templates/pgsqlVersionUpgradeScriptTemplate.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -17,7 +17,6 @@ echo "PostgreSQL version upgrade" ls -la /var/lib/pgsql/data/ OLD_VERSION={{ .OldVersion }} NEW_VERSION={{ .NewVersion }} -FAST_UPGRADE= #--link echo "Testing presence of postgresql$NEW_VERSION..." test -d /usr/lib/postgresql$NEW_VERSION/bin @@ -57,7 +56,7 @@ echo "Temporarily disable SSL in the old posgresql configuration" cp /var/lib/pgsql/data-backup/postgresql.conf /var/lib/pgsql/data-backup/postgresql.conf.bak sed 's/^ssl/#ssl/' -i /var/lib/pgsql/data-backup/postgresql.conf -su -s /bin/bash - postgres -c "pg_upgrade --old-bindir=/usr/lib/postgresql$OLD_VERSION/bin --new-bindir=/usr/lib/postgresql$NEW_VERSION/bin --old-datadir=/var/lib/pgsql/data-backup --new-datadir=/var/lib/pgsql/data $FAST_UPGRADE" +su -s /bin/bash - postgres -c "pg_upgrade --old-bindir=/usr/lib/postgresql$OLD_VERSION/bin --new-bindir=/usr/lib/postgresql$NEW_VERSION/bin --old-datadir=/var/lib/pgsql/data-backup --new-datadir=/var/lib/pgsql/data" echo "Enable SSL again" cp /var/lib/pgsql/data-backup/postgresql.conf.bak /var/lib/pgsql/data-backup/postgresql.conf diff --git a/mgradm/shared/templates/serviceTemplate.go b/mgradm/shared/templates/serviceTemplate.go index 8fe4d0bf5..0f244c9d0 100644 --- a/mgradm/shared/templates/serviceTemplate.go +++ b/mgradm/shared/templates/serviceTemplate.go @@ -50,7 +50,7 @@ ExecStart=/bin/sh -c '/usr/bin/podman run \ ${PODMAN_EXTRA_ARGS} ${UYUNI_IMAGE}' ExecStop=/usr/bin/podman exec \ uyuni-server \ - /bin/bash -c 'spacewalk-service stop && systemctl stop postgresql' + /bin/bash -c 'spacewalk-service stop' ExecStop=/usr/bin/podman stop \ --ignore -t 10 \ --cidfile=%t/%n.ctr-id diff --git a/mgradm/shared/utils/cmd_utils.go b/mgradm/shared/utils/cmd_utils.go index f5b99c776..8445afbca 100644 --- a/mgradm/shared/utils/cmd_utils.go +++ b/mgradm/shared/utils/cmd_utils.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -210,20 +210,14 @@ Leave it unset if you want to keep the previous number of replicas. _ = utils.AddFlagToHelpGroupID(cmd, "saline-port", "saline-container") } -// AddPgsqlFlags adds hub XML-RPC related parameters to cmd. +// AddPgsqlFlags adds PostgreSQL related parameters to cmd. func AddPgsqlFlags(cmd *cobra.Command) { - _ = utils.AddFlagHelpGroup(cmd, &utils.Group{ID: "pgsql-container", Title: L("Postgresql Database Container Flags")}) - AddContainerImageFlags(cmd, "pgsql", L("Postgresql Database"), "pgsql-container", "server-postgres") - cmd.Flags().Int("pgsql-replicas", 1, L("How many replicas of the Postgresql service container should be started.")) - _ = utils.AddFlagToHelpGroupID(cmd, "pgsql-replicas", "pgsql-container") + _ = utils.AddFlagHelpGroup(cmd, &utils.Group{ID: "pgsql-container", Title: L("PostgreSQL Database Container Flags")}) + AddContainerImageFlags(cmd, "pgsql", L("PostgreSQL Database"), "pgsql-container", "server-postgresql") } // AddUpgradePgsqlFlags adds hub XML-RPC related parameters to cmd upgrade. func AddUpgradePgsqlFlags(cmd *cobra.Command) { - _ = utils.AddFlagHelpGroup(cmd, &utils.Group{ID: "pgsql-container", Title: L("Postgresql Database Container Flags")}) - AddContainerImageFlags(cmd, "pgsql", L("Postgresql Database"), "pgsql-container", "server-postgres") - cmd.Flags().Int("pgsql-replicas", 1, - L(`How many replicas of the Postgresql service container should be started. -Leave it unset if you want to keep the previous number of replicas.`)) - _ = utils.AddFlagToHelpGroupID(cmd, "pgsql-replicas", "pgsql-container") + _ = utils.AddFlagHelpGroup(cmd, &utils.Group{ID: "pgsql-container", Title: L("PostgreSQL Database Container Flags")}) + AddContainerImageFlags(cmd, "pgsql", L("PostgreSQL Database"), "pgsql-container", "server-postgresql") } diff --git a/mgradm/shared/utils/exec_test.go b/mgradm/shared/utils/exec_test.go index 5133c1e60..3e92c0b28 100644 --- a/mgradm/shared/utils/exec_test.go +++ b/mgradm/shared/utils/exec_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgradm/shared/utils/flags.go b/mgradm/shared/utils/flags.go index baa3602a1..bcb373f10 100644 --- a/mgradm/shared/utils/flags.go +++ b/mgradm/shared/utils/flags.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -65,7 +65,10 @@ func (flags *InstallationFlags) CheckParameters(cmd *cobra.Command, command stri flags.ReportDB.Password = utils.GetRandomBase64(30) } - utils.AskPasswordIfMissing(&flags.DB.Admin.Password, cmd.Flag("db-admin-password").Usage, 5, 48) + // The admin password is only needed for local database + if flags.DB.Host == "db" { + flags.DB.Admin.Password = utils.GetRandomBase64(30) + } // Make sure we have all the required 3rd party flags or none flags.SSL.CheckParameters() diff --git a/mgradm/shared/utils/setup.go b/mgradm/shared/utils/setup.go index 0296f10a1..d520347a1 100644 --- a/mgradm/shared/utils/setup.go +++ b/mgradm/shared/utils/setup.go @@ -16,25 +16,6 @@ import ( // GetSetupEnv computes the environment variables required by the setup script from the flags. // As the requirements are slightly different for kubernetes there is a toggle parameter for it. func GetSetupEnv(mirror string, flags *InstallationFlags, fqdn string, kubernetes bool) map[string]string { - localHostValues := []string{ - "localhost", - "127.0.0.1", - "::1", - fqdn, - } - - localDB := utils.Contains(localHostValues, flags.DB.Host) - - dbHost := flags.DB.Host - reportdbHost := flags.ReportDB.Host - - if localDB { - dbHost = "localhost" - if reportdbHost == "" { - reportdbHost = "localhost" - } - } - dbPort := "5432" if flags.DB.Port != 0 { dbPort = strconv.Itoa(flags.DB.Port) @@ -50,31 +31,27 @@ func GetSetupEnv(mirror string, flags *InstallationFlags, fqdn string, kubernete "MANAGER_ADMIN_EMAIL": flags.Email, "MANAGER_MAIL_FROM": flags.EmailFrom, "MANAGER_ENABLE_TFTP": boolToString(flags.Tftp), - "LOCAL_DB": boolToString(localDB), "MANAGER_DB_NAME": flags.DB.Name, - "MANAGER_DB_HOST": dbHost, + "MANAGER_DB_HOST": flags.DB.Host, "MANAGER_DB_PORT": dbPort, - "MANAGER_DB_PROTOCOL": "tcp", "REPORT_DB_NAME": flags.ReportDB.Name, - "REPORT_DB_HOST": reportdbHost, + "REPORT_DB_HOST": flags.ReportDB.Host, "REPORT_DB_PORT": reportdbPort, "EXTERNALDB_PROVIDER": flags.DB.Provider, "ISS_PARENT": flags.IssParent, - "ACTIVATE_SLP": "N", // Deprecated, will be removed soon } if kubernetes { env["NO_SSL"] = "Y" } else { // Only add the credentials for podman as we have secret for Kubernetes. + // TODO Replace with --secret env["MANAGER_USER"] = flags.DB.User env["MANAGER_PASS"] = flags.DB.Password env["ADMIN_USER"] = flags.Admin.Login env["ADMIN_PASS"] = flags.Admin.Password env["REPORT_DB_USER"] = flags.ReportDB.User env["REPORT_DB_PASS"] = flags.ReportDB.Password - env["EXTERNALDB_ADMIN_USER"] = flags.DB.Admin.User - env["EXTERNALDB_ADMIN_PASS"] = flags.DB.Admin.Password env["SCC_USER"] = flags.SCC.User env["SCC_PASS"] = flags.SCC.Password } diff --git a/mgradm/shared/utils/types.go b/mgradm/shared/utils/types.go index 6cc763505..3d048f9b3 100644 --- a/mgradm/shared/utils/types.go +++ b/mgradm/shared/utils/types.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgrpxy/cmd/upgrade/kubernetes/kubernetes_test.go b/mgrpxy/cmd/upgrade/kubernetes/kubernetes_test.go index 1f7867dce..72bf30df7 100644 --- a/mgrpxy/cmd/upgrade/kubernetes/kubernetes_test.go +++ b/mgrpxy/cmd/upgrade/kubernetes/kubernetes_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgrpxy/cmd/upgrade/podman/podman_test.go b/mgrpxy/cmd/upgrade/podman/podman_test.go index dd7cb8fe0..203335452 100644 --- a/mgrpxy/cmd/upgrade/podman/podman_test.go +++ b/mgrpxy/cmd/upgrade/podman/podman_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/mgrpxy/shared/utils/flags.go b/mgrpxy/shared/utils/flags.go index 3a740dbe0..8a0cdf8d8 100644 --- a/mgrpxy/shared/utils/flags.go +++ b/mgrpxy/shared/utils/flags.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/connection.go b/shared/connection.go index 3dded50e3..25e3035f8 100644 --- a/shared/connection.go +++ b/shared/connection.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/kubernetes/inspect.go b/shared/kubernetes/inspect.go index e285d0fb0..ebe23dce9 100644 --- a/shared/kubernetes/inspect.go +++ b/shared/kubernetes/inspect.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/kubernetes/kubernetes.go b/shared/kubernetes/kubernetes.go index 168d4665e..f2152e311 100644 --- a/shared/kubernetes/kubernetes.go +++ b/shared/kubernetes/kubernetes.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/podman/images.go b/shared/podman/images.go index 29c939697..4fc392e0f 100644 --- a/shared/podman/images.go +++ b/shared/podman/images.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -68,7 +68,7 @@ func PrepareImage(authFile string, image string, pullPolicy string, pullEnabled log.Debug().Msgf("Pulling image %s because it is missing and pull policy is not 'never'", image) return image, pullImage(authFile, image) } - log.Debug().Msgf("Do not pulling image %s, although the pull policy is not 'never', maybe replicas is zero?", image) + log.Debug().Msgf("Not pulling image %s, although the pull policy is not 'never', maybe replicas is zero?", image) return image, nil } @@ -119,6 +119,10 @@ func GetRpmImagePath(image string) string { log.Debug().Msgf("Looking for installed RPM package containing %s image", image) rpmImageFile, tag := GetRpmImageName(image) + if !utils.FileExists(rpmImageDir) { + log.Info().Msgf(L("skipping loading image from RPM as %s doesn't exist"), rpmImageDir) + return "" + } files, err := os.ReadDir(rpmImageDir) if err != nil { diff --git a/shared/podman/secret.go b/shared/podman/secret.go index b89b8576d..50c126a81 100644 --- a/shared/podman/secret.go +++ b/shared/podman/secret.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -15,26 +15,53 @@ import ( ) const ( - //DBUserSecret is the name of the podman secret containing the database username. + // DBUserSecret is the name of the podman secret containing the database username. DBUserSecret = "uyuni-db-user" - //DBUserSecret is the name of the podman secret containing the database password. + // DBPassSecret is the name of the podman secret containing the database password. DBPassSecret = "uyuni-db-pass" + // ReportDBUserSecret is the name of the podman secret containing the report database username. + ReportDBUserSecret = "uyuni-reportdb-user" + // ReportDBPassSecret is the name of the podman secret containing the report database password. + ReportDBPassSecret = "uyuni-reportdb-pass" + // DBUserSecret is the name of the podman secret containing the database admin username. + DBAdminUserSecret = "uyuni-db-admin-user" + // DBAdminPassSecret is the name of the podman secret containing the database admin password. + DBAdminPassSecret = "uyuni-db-admin-pass" + // CASecret is the name of the podman secret containing the CA certificate. + CASecret = "uyuni-ca" + // DBSSLCertSecret is the name of the podman secret containing the report database certificate. + DBSSLCertSecret = "uyuni-db-cert" + // DBSSLKeySecret is the name of the podman secret containing the report database SSL certificate key. + DBSSLKeySecret = "uyuni-db-key" ) -// CreateDBSecrets creates the podman secrets for the database credentials. -func CreateDBSecrets(user string, password string) error { - if err := createSecret(DBUserSecret, user); err != nil { +// CreateCredentialsSecrets creates the podman secrets, one for the user name and one for the password. +func CreateCredentialsSecrets(userSecret string, user string, passwordSecret string, password string) error { + if err := createSecret(userSecret, user); err != nil { return err } - return createSecret(DBPassSecret, password) + return createSecret(passwordSecret, password) } -// createSecret creates a podman secret. -func createSecret(name string, value string) error { - if hasSecret(name) { - return nil +// CreateDBTLSSecrets creates the SSL CA, Certificate and key secrets. +func CreateDBTLSSecrets(caPath string, certPath string, keyPath string) error { + if err := createSecretFromFile(CASecret, caPath); err != nil { + return utils.Errorf(err, L("failed to create %s secret"), CASecret) + } + + if err := createSecretFromFile(DBSSLCertSecret, certPath); err != nil { + return utils.Errorf(err, L("failed to create %s secret"), DBSSLCertSecret) + } + + if err := createSecretFromFile(DBSSLKeySecret, keyPath); err != nil { + return utils.Errorf(err, L("failed to create %s secret"), DBSSLKeySecret) } + return nil +} + +// createSecret creates a podman secret. +func createSecret(name string, value string) error { tmpDir, cleaner, err := utils.TempDir() if err != nil { return err @@ -46,6 +73,15 @@ func createSecret(name string, value string) error { return utils.Errorf(err, L("failed to write %s secret to file"), name) } + return createSecretFromFile(name, secretFile) +} + +// createSecretFromFile creates a podman secret from a file. +func createSecretFromFile(name string, secretFile string) error { + if hasSecret(name) { + return nil + } + if err := utils.RunCmd("podman", "secret", "create", name, secretFile); err != nil { return utils.Errorf(err, L("failed to create podman secret %s"), name) } diff --git a/shared/podman/selinux.go b/shared/podman/selinux.go index 3386c18b4..24d1ea920 100644 --- a/shared/podman/selinux.go +++ b/shared/podman/selinux.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/podman/selinux_test.go b/shared/podman/selinux_test.go index 19d860370..a06383e14 100644 --- a/shared/podman/selinux_test.go +++ b/shared/podman/selinux_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/podman/systemd.go b/shared/podman/systemd.go index c6721632a..f2fffc5b5 100644 --- a/shared/podman/systemd.go +++ b/shared/podman/systemd.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -22,8 +22,8 @@ var servicesPath = "/etc/systemd/system/" // ServerService is the name of the systemd service for the server. const ServerService = "uyuni-server" -// PgsqlService is the name of the systemd service for the Pgsql container. -const PgsqlService = "uyuni-pgsql-server" +// DBService is the name of the systemd service for the database container. +const DBService = "uyuni-db" // ServerAttestationService is the name of the systemd service for the coco attestation container. const ServerAttestationService = "uyuni-server-attestation" diff --git a/shared/podman/utils.go b/shared/podman/utils.go index 669898b40..a42956d0e 100644 --- a/shared/podman/utils.go +++ b/shared/podman/utils.go @@ -32,8 +32,8 @@ const ServerContainerName = "uyuni-server" // HubXmlrpcContainerName is the container name for the Hub XML-RPC API. const HubXmlrpcContainerName = "uyuni-hub-xmlrpc" -// PgsqlContainerName represents the postgres container name. -const PgsqlContainerName = "uyuni-pgsql-server" +// DBContainerName represents the database container name. +const DBContainerName = "uyuni-db" // ProxyContainerNames represents all the proxy container names. var ProxyContainerNames = []string{ diff --git a/shared/testutils/flagstests/mgradm.go b/shared/testutils/flagstests/mgradm.go index 6f1e3c729..155afd987 100644 --- a/shared/testutils/flagstests/mgradm.go +++ b/shared/testutils/flagstests/mgradm.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -153,13 +153,10 @@ func AssertSalineFlag(t *testing.T, flags *utils.SalineFlags) { var PgsqlFlagsTestArgs = []string{ "--pgsql-image", "pgsqlimg", "--pgsql-tag", "pgsqltag", - "--pgsql-replicas", "0", } // AssertPgsqlFlag asserts that all pgsql flags are parsed correctly. func AssertPgsqlFlag(t *testing.T, flags *utils.PgsqlFlags) { testutils.AssertEquals(t, "Error parsing --pgsql-image", "pgsqlimg", flags.Image.Name) testutils.AssertEquals(t, "Error parsing --pgsql-tag", "pgsqltag", flags.Image.Tag) - testutils.AssertEquals(t, "Error parsing --pgsql-replicas", 0, flags.Replicas) - testutils.AssertTrue(t, "Pgsql should be changed", flags.IsChanged) } diff --git a/shared/testutils/flagstests/mgradm_install.go b/shared/testutils/flagstests/mgradm_install.go index 69cc301be..fab3961df 100644 --- a/shared/testutils/flagstests/mgradm_install.go +++ b/shared/testutils/flagstests/mgradm_install.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/testutils/flagstests/mgrpxy_kubernetes.go b/shared/testutils/flagstests/mgrpxy_kubernetes.go index ce53e2520..080e5b9b6 100644 --- a/shared/testutils/flagstests/mgrpxy_kubernetes.go +++ b/shared/testutils/flagstests/mgrpxy_kubernetes.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/utils/exec.go b/shared/utils/exec.go index a1cd4b66c..cac82d09f 100644 --- a/shared/utils/exec.go +++ b/shared/utils/exec.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/utils/ports.go b/shared/utils/ports.go index 60a4f7bf6..7d0d12884 100644 --- a/shared/utils/ports.go +++ b/shared/utils/ports.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -53,16 +53,19 @@ var WebPorts = []types.PortMap{ NewPortMap(WebServiceName, "http", 80, 80), } +// DBExporterPorts is the list of ports for the db exporter service. +var DBExporterPorts = []types.PortMap{ + NewPortMap(ReportdbServiceName, "exporter", 9187, 9187), +} + // ReportDBPorts is the list of ports for the server report db service. var ReportDBPorts = []types.PortMap{ NewPortMap(ReportdbServiceName, "pgsql", 5432, 5432), - NewPortMap(ReportdbServiceName, "exporter", 9187, 9187), } // DBPorts is the list of ports for the server internal db service. var DBPorts = []types.PortMap{ NewPortMap(DBServiceName, "pgsql", 5432, 5432), - NewPortMap(DBServiceName, "exporter", 9187, 9187), } // SaltPorts is the list of ports for the server salt service. @@ -117,6 +120,7 @@ func GetServerPorts(debug bool) []types.PortMap { ports = appendPorts(ports, debug, TomcatPorts...) ports = appendPorts(ports, debug, SearchPorts...) ports = appendPorts(ports, debug, TftpPorts...) + ports = appendPorts(ports, debug, DBExporterPorts...) return ports } diff --git a/shared/utils/ports_test.go b/shared/utils/ports_test.go index f8541f79f..cf3eb14bc 100644 --- a/shared/utils/ports_test.go +++ b/shared/utils/ports_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 @@ -12,7 +12,7 @@ import ( func TestGetServerPorts(t *testing.T) { allPorts := len(WebPorts) + len(SaltPorts) + len(CobblerPorts) + - len(TaskoPorts) + len(TomcatPorts) + len(SearchPorts) + len(TftpPorts) + len(TaskoPorts) + len(TomcatPorts) + len(SearchPorts) + len(TftpPorts) + len(DBExporterPorts) ports := GetServerPorts(false) testutils.AssertEquals(t, "Wrong number of ports without debug ones", allPorts-3, len(ports)) diff --git a/shared/utils/serverinspector.go b/shared/utils/serverinspector.go index f5cfe10b3..e111fdac9 100644 --- a/shared/utils/serverinspector.go +++ b/shared/utils/serverinspector.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/utils/serverinspector_test.go b/shared/utils/serverinspector_test.go index 40bc28e29..c99d2aaa6 100644 --- a/shared/utils/serverinspector_test.go +++ b/shared/utils/serverinspector_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2024 SUSE LLC +// SPDX-FileCopyrightText: 2025 SUSE LLC // // SPDX-License-Identifier: Apache-2.0 diff --git a/shared/utils/volumes.go b/shared/utils/volumes.go index 4712a205f..fd7313aa8 100644 --- a/shared/utils/volumes.go +++ b/shared/utils/volumes.go @@ -15,35 +15,12 @@ var VarPgsqlDataVolumeMount = types.VolumeMount{MountPath: "/var/lib/pgsql/data" // RootVolumeMount defines the /root volume mount. var RootVolumeMount = types.VolumeMount{MountPath: "/root", Name: "root", Size: "1Mi"} -// PgsqlRequiredSharedVolumeMounts represents volumes shared between Server and PostgreSQL. -var PgsqlRequiredSharedVolumeMounts = []types.VolumeMount{ - {MountPath: "/etc/pki/tls", Name: "etc-tls", Size: "1Mi"}, - {MountPath: "/etc/pki/spacewalk-tls", Name: "tls-key"}, -} - // PgsqlRequiredVolumeMounts represents volumes mount used by PostgreSQL. -var PgsqlRequiredVolumeMounts = append(PgsqlRequiredSharedVolumeMounts, VarPgsqlDataVolumeMount) - -// etcServerVolumeMounts represents volumes mounted in /etc folder. -var etcServerVolumeMounts = []types.VolumeMount{ - {MountPath: "/etc/apache2", Name: "etc-apache2", Size: "1Mi"}, - {MountPath: "/etc/systemd/system/multi-user.target.wants", Name: "etc-systemd-multi", Size: "1Mi"}, - {MountPath: "/etc/systemd/system/sockets.target.wants", Name: "etc-systemd-sockets", Size: "1Mi"}, - {MountPath: "/etc/salt", Name: "etc-salt", Size: "1Mi"}, - {MountPath: "/etc/tomcat", Name: "etc-tomcat", Size: "1Mi"}, - {MountPath: "/etc/cobbler", Name: "etc-cobbler", Size: "1Mi"}, - {MountPath: "/etc/sysconfig", Name: "etc-sysconfig", Size: "20Mi"}, - {MountPath: "/etc/postfix", Name: "etc-postfix", Size: "1Mi"}, - {MountPath: "/etc/sssd", Name: "etc-sssd", Size: "1Mi"}, -} - -var etcAndPgsqlVolumeMounts = append(append(PgsqlRequiredSharedVolumeMounts, - EtcRhnVolumeMount), - etcServerVolumeMounts[:]...) +var PgsqlRequiredVolumeMounts = []types.VolumeMount{VarPgsqlDataVolumeMount} // ServerVolumeMounts should match the volumes mapping from the container definition in both // the helm chart and the systemctl services definitions. -var ServerVolumeMounts = append([]types.VolumeMount{ +var ServerVolumeMounts = []types.VolumeMount{ {MountPath: "/var/lib/cobbler", Name: "var-cobbler", Size: "10Mi"}, {MountPath: "/var/lib/rhn/search", Name: "var-search", Size: "10Gi"}, {MountPath: "/var/lib/salt", Name: "var-salt", Size: "10Mi"}, @@ -60,7 +37,19 @@ var ServerVolumeMounts = append([]types.VolumeMount{ RootVolumeMount, {MountPath: "/etc/pki/trust/anchors/", Name: "ca-cert"}, {MountPath: "/run/salt/master", Name: "run-salt-master"}, -}, etcAndPgsqlVolumeMounts[:]...) + {MountPath: "/etc/apache2", Name: "etc-apache2", Size: "1Mi"}, + {MountPath: "/etc/systemd/system/multi-user.target.wants", Name: "etc-systemd-multi", Size: "1Mi"}, + {MountPath: "/etc/systemd/system/sockets.target.wants", Name: "etc-systemd-sockets", Size: "1Mi"}, + {MountPath: "/etc/salt", Name: "etc-salt", Size: "1Mi"}, + {MountPath: "/etc/tomcat", Name: "etc-tomcat", Size: "1Mi"}, + {MountPath: "/etc/cobbler", Name: "etc-cobbler", Size: "1Mi"}, + {MountPath: "/etc/sysconfig", Name: "etc-sysconfig", Size: "20Mi"}, + {MountPath: "/etc/postfix", Name: "etc-postfix", Size: "1Mi"}, + {MountPath: "/etc/sssd", Name: "etc-sssd", Size: "1Mi"}, + {MountPath: "/etc/pki/tls", Name: "etc-tls", Size: "1Mi"}, + {MountPath: "/etc/pki/spacewalk-tls", Name: "tls-key"}, + EtcRhnVolumeMount, +} // ServerMigrationVolumeMounts match server + postgres volume mounts, used for migration. var ServerMigrationVolumeMounts = append(ServerVolumeMounts, VarPgsqlDataVolumeMount, EtcRhnVolumeMount)