uyuni-project · nadvornik · Oct 30, 2024 · Nov 25, 2024 · Jan 10, 2025 · Feb 10, 2025
diff --git a/mgradm/cmd/inspect/kubernetes.go b/mgradm/cmd/inspect/kubernetes.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 

diff --git a/mgradm/cmd/install/kubernetes/kubernetes.go b/mgradm/cmd/install/kubernetes/kubernetes.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -38,6 +38,7 @@ NOTE: installing on a remote cluster is not supported yet!
 				flags.ServerFlags.Coco.IsChanged = v.IsSet("coco.replicas")
 				flags.ServerFlags.HubXmlrpc.IsChanged = v.IsSet("hubxmlrpc.replicas")
 				flags.ServerFlags.Saline.IsChanged = v.IsSet("saline.replicas") || v.IsSet("saline.port")
+				flags.ServerFlags.Pgsql.IsChanged = v.IsSet("pgsql.replicas")
 			}
 			return utils.CommandHelper(globalFlags, cmd, args, &flags, flagsUpdater, run)
 		},

diff --git a/mgradm/cmd/install/kubernetes/kubernetes_test.go b/mgradm/cmd/install/kubernetes/kubernetes_test.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -20,6 +20,7 @@ func TestParamsParsing(t *testing.T) {
 	args := flagstests.InstallFlagsTestArgs()
 	args = append(args, flagstests.ServerKubernetesFlagsTestArgs...)
 	args = append(args, flagstests.VolumesFlagsTestExpected...)
+	args = append(args, flagstests.PgsqlFlagsTestArgs...)
 	args = append(args, "srv.fq.dn")
 
 	// Test function asserting that the args are properly parsed
@@ -29,6 +30,7 @@ func TestParamsParsing(t *testing.T) {
 		flagstests.AssertInstallFlags(t, &flags.ServerFlags)
 		flagstests.AssertServerKubernetesFlags(t, &flags.Kubernetes)
 		flagstests.AssertVolumesFlags(t, &flags.Volumes)
+		flagstests.AssertPgsqlFlag(t, &flags.Pgsql)
 		testutils.AssertEquals(t, "Wrong FQDN", "srv.fq.dn", args[0])
 		return nil
 	}

diff --git a/mgradm/cmd/install/podman/podman.go b/mgradm/cmd/install/podman/podman.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 

diff --git a/mgradm/cmd/install/podman/podman_test.go b/mgradm/cmd/install/podman/podman_test.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -19,6 +19,7 @@ func TestParamsParsing(t *testing.T) {
 	args := flagstests.InstallFlagsTestArgs()
 	args = append(args, flagstests.MirrorFlagTestArgs...)
 	args = append(args, flagstests.PodmanFlagsTestArgs...)
+	args = append(args, flagstests.PgsqlFlagsTestArgs...)
 	args = append(args, "srv.fq.dn")
 
 	// Test function asserting that the args are properly parsed
@@ -28,6 +29,7 @@ func TestParamsParsing(t *testing.T) {
 		flagstests.AssertMirrorFlag(t, flags.Mirror)
 		flagstests.AssertInstallFlags(t, &flags.ServerFlags)
 		flagstests.AssertPodmanInstallFlags(t, &flags.Podman)
+		flagstests.AssertPgsqlFlag(t, &flags.Pgsql)
 		testutils.AssertEquals(t, "Wrong FQDN", "srv.fq.dn", args[0])
 		return nil
 	}
@@ -51,7 +53,8 @@ hubxmlrpc:
   replicas: 0
 saline:
   port: 8226
-  replicas: 1`
+  replicas: 1
+`
 
 	dir := t.TempDir()
 	configPath := path.Join(dir, "config.yaml")

diff --git a/mgradm/cmd/install/podman/ssl.go b/mgradm/cmd/install/podman/ssl.go
@@ -6,6 +6,7 @@ package podman
 
 import (
 	"fmt"
+	"path"
 	"strings"
 
 	"github.com/rs/zerolog/log"
@@ -92,6 +93,15 @@ func generateSSLCertificates(image string, flags *adm_utils.ServerFlags, fqdn st
 
 	log.Info().Msg(L("SSL certificates generated"))
 
+	// Create secret for the database key and certificate
+	if err := shared_podman.CreateDBTLSSecrets(
+		path.Join(tempDir, "ca.crt"),
+		path.Join(tempDir, "reportdb.crt"),
+		path.Join(tempDir, "reportdb.key"),
+	); err != nil {
+		return []string{}, cleaner, err
+	}
+
 	return []string{"-v", tempDir + ":/ssl"}, cleaner, nil
 }
 
@@ -147,7 +157,7 @@ const sslSetupScript = `
 		--set-country "$CERT_COUNTRY" --set-state "$CERT_STATE" --set-city "$CERT_CITY" \
 	    --set-org "$CERT_O" --set-org-unit "$CERT_OU" \
 	    --set-hostname reportdb.mgr.internal --cert-expiration 3650 --set-email "$CERT_EMAIL" \
-		$cert_args
+		--set-cname reportdb --set-cname db $cert_args
 
 	cp /root/ssl-build/reportdb/server.crt /ssl/reportdb.crt
 	cp /root/ssl-build/reportdb/server.key /ssl/reportdb.key

diff --git a/mgradm/cmd/install/podman/utils.go b/mgradm/cmd/install/podman/utils.go
@@ -14,6 +14,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/coco"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/hub"
+	"github.com/uyuni-project/uyuni-tools/mgradm/shared/pgsql"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/podman"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/saline"
 	adm_utils "github.com/uyuni-project/uyuni-tools/mgradm/shared/utils"
@@ -101,6 +102,41 @@ func installForPodman(
 		return err
 	}
 
+	// Create all the database credentials secrets
+	if err := shared_podman.CreateCredentialsSecrets(
+		shared_podman.DBUserSecret, flags.Installation.DB.User,
+		shared_podman.DBPassSecret, flags.Installation.DB.Password,
+	); err != nil {
+		return err
+	}
+
+	if err := shared_podman.CreateCredentialsSecrets(
+		shared_podman.ReportDBUserSecret, flags.Installation.ReportDB.User,
+		shared_podman.ReportDBPassSecret, flags.Installation.ReportDB.Password,
+	); err != nil {
+		return err
+	}
+
+	if flags.ServerFlags.Installation.DB.Host == "db" {
+		// The admin password is not needed for external databases
+		if err := shared_podman.CreateCredentialsSecrets(
+			shared_podman.DBAdminUserSecret, flags.Installation.DB.Admin.User,
+			shared_podman.DBAdminPassSecret, flags.Installation.DB.Admin.Password,
+		); err != nil {
+			return err
+		}
+
+		// Run the DB container setup if the user doesn't set a custom host name for it.
+		if err := pgsql.SetupPgsql(systemd, authFile, &flags.ServerFlags.Pgsql, &flags.Image); err != nil {
+			return err
+		}
+	} else {
+		log.Info().Msgf(
+			L("Skipped database container setup to use external database %s"),
+			flags.ServerFlags.Installation.DB.Host,
+		)
+	}
+
 	log.Info().Msg(L("Run setup command in the container"))
 
 	if err := runSetup(preparedImage, &flags.ServerFlags, fqdn, sslArgs); err != nil {
@@ -111,7 +147,6 @@ func installForPodman(
 	if err := waitForSystemStart(systemd, cnx, preparedImage, flags); err != nil {
 		return utils.Error(err, L("cannot wait for system start"))
 	}
-
 	if err := cnx.CopyCaCertificate(fqdn); err != nil {
 		return utils.Error(err, L("failed to add SSL CA certificate to host trusted certificates"))
 	}
@@ -125,10 +160,6 @@ func installForPodman(
 	}
 
 	if flags.Coco.Replicas > 0 {
-		// This may need to be moved up later once more containers require DB access
-		if err := shared_podman.CreateDBSecrets(flags.Installation.DB.User, flags.Installation.DB.Password); err != nil {
-			return err
-		}
 		if err := coco.SetupCocoContainer(
 			systemd, authFile, flags.Image.Registry, flags.Coco, flags.Image,
 			flags.Installation.DB.Name, flags.Installation.DB.Port,
@@ -178,6 +209,10 @@ func runSetup(image string, flags *adm_utils.ServerFlags, fqdn string, sslArgs [
 		"--name", "uyuni-setup",
 		"--network", shared_podman.UyuniNetwork,
 		"-e", "TZ=" + flags.Installation.TZ,
+		"--secret", shared_podman.DBUserSecret + ",type=env,target=MANAGER_USER",
+		"--secret", shared_podman.DBPassSecret + ",type=env,target=MANAGER_PASSWORD",
+		"--secret", shared_podman.ReportDBUserSecret + ",type=env,target=REPORTDB_USER",
+		"--secret", shared_podman.ReportDBPassSecret + ",type=env,target=REPORTDB_PASSWORD",
 	}
 	command = append(command, sslArgs...)
 	for _, volume := range utils.ServerVolumeMounts {
@@ -190,7 +225,7 @@ func runSetup(image string, flags *adm_utils.ServerFlags, fqdn string, sslArgs [
 	if err != nil {
 		return err
 	}
-	command = append(command, "/usr/bin/sh", "-c", script)
+	command = append(command, "/usr/bin/sh", "-e", "-c", script)
 
 	if _, err := newRunner("podman", command...).Env(envValues).StdMapping().Exec(); err != nil {
 		return utils.Error(err, L("server setup failed"))

diff --git a/mgradm/cmd/install/shared/flags.go b/mgradm/cmd/install/shared/flags.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -28,10 +28,10 @@ func AddInstallFlags(cmd *cobra.Command) {
 	cmd.Flags().String("db-user", "spacewalk", L("Database user"))
 	cmd.Flags().String("db-password", "", L("Database password. Randomly generated by default"))
 	cmd.Flags().String("db-name", "susemanager", L("Database name"))
-	cmd.Flags().String("db-host", "localhost", L("Database host"))
+	cmd.Flags().String("db-host", "db", L("Database host"))
 	cmd.Flags().Int("db-port", 5432, L("Database port"))
-	cmd.Flags().String("db-admin-user", "", L("External database admin user name"))
-	cmd.Flags().String("db-admin-password", "", L("External database admin password"))
+	cmd.Flags().String("db-admin-user", "postgres", L("Database admin user name"))
+	cmd.Flags().String("db-admin-password", "", L("Database admin password"))
 	cmd.Flags().String("db-provider", "", L("External database provider. Possible values 'aws'"))
 
 	_ = utils.AddFlagHelpGroup(cmd, &utils.Group{ID: "db", Title: L("Database Flags")})
@@ -46,7 +46,7 @@ func AddInstallFlags(cmd *cobra.Command) {
 
 	cmd.Flags().Bool("tftp", true, L("Enable TFTP"))
 	cmd.Flags().String("reportdb-name", "reportdb", L("Report database name"))
-	cmd.Flags().String("reportdb-host", "localhost", L("Report database host"))
+	cmd.Flags().String("reportdb-host", "reportdb", L("Report database host"))
 	cmd.Flags().Int("reportdb-port", 5432, L("Report database port"))
 	cmd.Flags().String("reportdb-user", "pythia_susemanager", L("Report Database username"))
 	cmd.Flags().String("reportdb-password", "", L("Report database password. Randomly generated by default"))
@@ -86,6 +86,8 @@ func AddInstallFlags(cmd *cobra.Command) {
 
 	cmd_utils.AddSalineFlag(cmd)
 
+	cmd_utils.AddPgsqlFlags(cmd)
+
 	cmd.Flags().String("admin-login", "admin", L("Administrator user name"))
 	cmd.Flags().String("admin-password", "", L("Administrator password"))
 	cmd.Flags().String("admin-firstName", "Administrator", L("First name of the administrator"))

diff --git a/mgradm/cmd/migrate/kubernetes/kubernetes.go b/mgradm/cmd/migrate/kubernetes/kubernetes.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -44,6 +44,7 @@ This is not needed if the source server does not have a generated SSL CA certifi
 				flags.ServerFlags.Coco.IsChanged = v.IsSet("coco.replicas")
 				flags.ServerFlags.HubXmlrpc.IsChanged = v.IsSet("hubxmlrpc.replicas")
 				flags.ServerFlags.Saline.IsChanged = v.IsSet("saline.replicas") || v.IsSet("saline.port")
+				flags.ServerFlags.Pgsql.IsChanged = v.IsSet("pgsql.replicas")
 			}
 			return utils.CommandHelper(globalFlags, cmd, args, &flags, flagsUpdater, run)
 		},

diff --git a/mgradm/cmd/migrate/kubernetes/kubernetes_test.go b/mgradm/cmd/migrate/kubernetes/kubernetes_test.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -37,6 +37,7 @@ func TestParamsParsing(t *testing.T) {
 	args = append(args, flagstests.SalineFlagsTestArgs...)
 	args = append(args, flagstests.ServerKubernetesFlagsTestArgs...)
 	args = append(args, flagstests.VolumesFlagsTestExpected...)
+	args = append(args, flagstests.PgsqlFlagsTestArgs...)
 
 	// Test function asserting that the args are properly parsed
 	tester := func(_ *types.GlobalFlags, flags *kubernetes.KubernetesServerFlags,
@@ -50,6 +51,7 @@ func TestParamsParsing(t *testing.T) {
 		flagstests.AssertCocoFlag(t, &flags.Coco)
 		flagstests.AssertHubXmlrpcFlag(t, &flags.HubXmlrpc)
 		flagstests.AssertSalineFlag(t, &flags.Saline)
+		flagstests.AssertPgsqlFlag(t, &flags.Pgsql)
 		testutils.AssertEquals(t, "Error parsing --user", "sudoer", flags.Migration.User)
 		flagstests.AssertServerKubernetesFlags(t, &flags.Kubernetes)
 		flagstests.AssertVolumesFlags(t, &flags.Volumes)

diff --git a/mgradm/cmd/migrate/kubernetes/utils.go b/mgradm/cmd/migrate/kubernetes/utils.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 

diff --git a/mgradm/cmd/migrate/podman/podman.go b/mgradm/cmd/migrate/podman/podman.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -41,6 +41,7 @@ NOTE: migrating to a remote podman is not supported yet!
 				flags.ServerFlags.Coco.IsChanged = v.IsSet("coco.replicas")
 				flags.ServerFlags.HubXmlrpc.IsChanged = v.IsSet("hubxmlrpc.replicas")
 				flags.ServerFlags.Saline.IsChanged = v.IsSet("saline.replicas") || v.IsSet("saline.port")
+				flags.ServerFlags.Pgsql.IsChanged = v.IsSet("pgsql.replicas")
 			}
 			return utils.CommandHelper(globalFlags, cmd, args, &flags, flagsUpdater, run)
 		},

diff --git a/mgradm/cmd/migrate/podman/podman_test.go b/mgradm/cmd/migrate/podman/podman_test.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -28,6 +28,7 @@ func TestParamsParsing(t *testing.T) {
 	args = append(args, flagstests.HubXmlrpcFlagsTestArgs...)
 	args = append(args, flagstests.SalineFlagsTestArgs...)
 	args = append(args, flagstests.PodmanFlagsTestArgs...)
+	args = append(args, flagstests.PgsqlFlagsTestArgs...)
 
 	// Test function asserting that the args are properly parsed
 	tester := func(_ *types.GlobalFlags, flags *podmanMigrateFlags,
@@ -44,6 +45,7 @@ func TestParamsParsing(t *testing.T) {
 		testutils.AssertEquals(t, "Error parsing --user", "sudoer", flags.Migration.User)
 		flagstests.AssertPodmanInstallFlags(t, &flags.Podman)
 		testutils.AssertEquals(t, "Wrong FQDN", "source.fq.dn", args[0])
+		flagstests.AssertPgsqlFlag(t, &flags.Pgsql)
 		return nil
 	}
 

diff --git a/mgradm/cmd/migrate/podman/utils.go b/mgradm/cmd/migrate/podman/utils.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -14,6 +14,7 @@ import (
 	migration_shared "github.com/uyuni-project/uyuni-tools/mgradm/cmd/migrate/shared"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/coco"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/hub"
+	"github.com/uyuni-project/uyuni-tools/mgradm/shared/pgsql"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/podman"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/saline"
 	"github.com/uyuni-project/uyuni-tools/shared"
@@ -94,6 +95,16 @@ func migrateToPodman(
 		}
 	}
 
+	if err := podman_utils.SetupNetwork(false); err != nil {
+		return err
+	}
+
+	if err := pgsql.Upgrade(
+		systemd, authFile, flags.Pgsql,
+	); err != nil {
+		return err
+	}
+
 	schemaUpdateRequired := oldPgVersion != newPgVersion
 	if err := podman.RunPgsqlFinalizeScript(preparedImage, schemaUpdateRequired, true); err != nil {
 		return utils.Errorf(err, L("cannot run PostgreSQL finalize script"))

diff --git a/mgradm/cmd/migrate/shared/flags.go b/mgradm/cmd/migrate/shared/flags.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -17,6 +17,7 @@ func AddMigrateFlags(cmd *cobra.Command) {
 	utils.AddSCCFlag(cmd)
 	utils.AddImageFlag(cmd)
 	utils.AddDBUpgradeImageFlag(cmd)
+	utils.AddPgsqlFlags(cmd)
 	utils.AddUpgradeCocoFlag(cmd)
 	utils.AddUpgradeHubXmlrpcFlags(cmd)
 	utils.AddUpgradeSalineFlag(cmd)

diff --git a/mgradm/cmd/restart/podman.go b/mgradm/cmd/restart/podman.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -19,8 +19,10 @@ func podmanRestart(
 	_ *cobra.Command,
 	_ []string,
 ) error {
-	err1 := systemd.RestartService(podman.ServerService)
-	err2 := systemd.RestartInstantiated(podman.ServerAttestationService)
-	err3 := systemd.RestartInstantiated(podman.HubXmlrpcService)
-	return utils.JoinErrors(err1, err2, err3)
+	return utils.JoinErrors(
+		systemd.RestartService(podman.DBService),
+		systemd.RestartService(podman.ServerService),
+		systemd.RestartInstantiated(podman.ServerAttestationService),
+		systemd.RestartInstantiated(podman.HubXmlrpcService),
+	)
 }