From c3079c8d43a3d3b29b1599193430a78d82ec4fef Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Fri, 16 Jan 2026 10:43:57 +0530 Subject: [PATCH 01/18] deploy build stream container --- .../tasks/deploy_build_stream.yml | 218 ++++++++++++++++++ .../build_stream/tasks/main.yml | 20 ++ .../build_stream/templates/build_stream.j2 | 33 +++ .../build_stream/vars/main.yml | 61 +++++ 4 files changed, 332 insertions(+) create mode 100644 prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml create mode 100644 prepare_oim/roles/deploy_containers/build_stream/tasks/main.yml create mode 100644 prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 create mode 100644 prepare_oim/roles/deploy_containers/build_stream/vars/main.yml diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml new file mode 100644 index 0000000000..892cadc47f --- /dev/null +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml @@ -0,0 +1,218 @@ +# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- + +- name: Check if omnia_core container is running + containers.podman.podman_container_info: + name: omnia_core + register: omnia_core_info + failed_when: false + +- name: Fail if omnia_core is not running + ansible.builtin.fail: + msg: "{{ build_stream_omnia_core_not_running_msg }}" + when: omnia_core_info.containers | length == 0 or omnia_core_info.containers[0].State.Running != true + +- name: Get omnia shared path from omnia_core metadata + containers.podman.podman_container_exec: + name: omnia_core + command: cat /opt/omnia/.data/oim_metadata.yml + register: metadata_content + changed_when: false + +- name: Extract omnia shared path from metadata + ansible.builtin.set_fact: + omnia_shared_path_result: "{{ metadata_content.stdout | regex_search('oim_shared_path:\\s*(\\S+)', '\\1') | first }}" + +- name: Set omnia_path fact + ansible.builtin.set_fact: + omnia_path: "{{ omnia_shared_path_result }}" + +- name: Display image source configuration + ansible.builtin.debug: + msg: + - "Image Source: {{ build_stream_image_source }}" + - "Image Name: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" + +- name: Pull omnia_build_stream image from Docker Hub + containers.podman.podman_image: + name: "{{ build_stream_image_name }}" + tag: "{{ build_stream_image_tag }}" + state: present + when: build_stream_image_source == 'dockerhub' + register: dockerhub_pull_result + +- name: Display Docker Hub pull result + ansible.builtin.debug: + msg: "{{ build_stream_dockerhub_pull_success_msg }}" + when: build_stream_image_source == 'dockerhub' and dockerhub_pull_result is succeeded + +- name: Check if local omnia_build_stream image exists + containers.podman.podman_image_info: + name: "{{ build_stream_image_name }}:{{ build_stream_image_tag }}" + register: build_stream_image_info + failed_when: false + when: build_stream_image_source == 'local' + +- name: Fail if local omnia_build_stream image does not exist + ansible.builtin.fail: + msg: "{{ build_stream_local_image_not_found_msg }}" + when: build_stream_image_source == 'local' and (build_stream_image_info.images | length == 0) + +- name: Check if omnia_build_stream container already exists + containers.podman.podman_container_info: + name: "{{ build_stream_container_name }}" + register: existing_container_info + failed_when: false + +- name: Stop and remove existing omnia_build_stream container + containers.podman.podman_container: + name: "{{ build_stream_container_name }}" + state: absent + when: existing_container_info.containers | length > 0 + +- name: Create log directory for omnia_build_stream + ansible.builtin.file: + path: "{{ build_stream_log_dir }}" + state: directory + mode: '0755' + +- name: Extract share option from metadata + ansible.builtin.set_fact: + share_option: "{{ metadata_content.stdout | regex_search('omnia_share_option:\\s*(\\S+)', '\\1') | first | default('') }}" + +- name: Extract NFS type from metadata + ansible.builtin.set_fact: + nfs_type: "{{ metadata_content.stdout | regex_search('nfs_type:\\s*(\\S+)', '\\1') | first | default('') }}" + when: "'NFS' in share_option" + +- name: Set SELinux option for volume mounts + ansible.builtin.set_fact: + selinux_option: "{{ ':z' if (share_option != 'NFS' or nfs_type | default('') != 'external') else '' }}" + +- name: Extract Pulp server IP from metadata + ansible.builtin.set_fact: + pulp_server_ip: "{{ metadata_content.stdout | regex_search('pulp_server_ip:\\s*(\\S+)', '\\1') | first | default('') }}" + +- name: Extract admin NIC IP from metadata if Pulp IP not found + ansible.builtin.set_fact: + pulp_server_ip: "{{ metadata_content.stdout | regex_search('admin_nic_ip:\\s*(\\S+)', '\\1') | first }}" + when: pulp_server_ip | length == 0 + +- name: Set Pulp base URL + ansible.builtin.set_fact: + pulp_base_url: "https://{{ pulp_server_ip }}:443" + when: pulp_server_ip | length > 0 + +- name: Create SSL certificate directory + ansible.builtin.file: + path: "{{ build_stream_ssl_dir }}" + state: directory + mode: '0755' + +- name: Check if SSL certificates already exist + ansible.builtin.stat: + path: "{{ build_stream_ssl_cert }}" + register: ssl_cert_stat + +- name: Generate self-signed SSL certificate for build_stream + ansible.builtin.command: | + openssl req -x509 -newkey rsa:4096 -nodes -days {{ build_stream_ssl_days }} + -keyout {{ build_stream_ssl_key }} + -out {{ build_stream_ssl_cert }} + -subj "/C=US/ST=State/L=City/O=Omnia/CN={{ ansible_hostname }}" + -addext "subjectAltName=DNS:{{ ansible_hostname }},DNS:localhost,IP:{{ ansible_default_ipv4.address }}" + when: not ssl_cert_stat.stat.exists + changed_when: true + +- name: Set permissions on SSL certificate files + ansible.builtin.file: + path: "{{ item }}" + mode: '0600' + loop: + - "{{ build_stream_ssl_cert }}" + - "{{ build_stream_ssl_key }}" + +- name: Create Quadlet service file for omnia_build_stream + ansible.builtin.template: + src: build_stream.j2 + dest: "{{ build_stream_quadlet_path }}" + mode: '0644' + +- name: Remove old systemd service if exists + ansible.builtin.systemd: + name: "{{ build_stream_container_name }}.service" + state: stopped + enabled: false + failed_when: false + +- name: Reload systemd daemon to recognize Quadlet + ansible.builtin.systemd: + daemon_reexec: true + +- name: Reload systemd daemon + ansible.builtin.systemd: + daemon_reload: true + +- name: Start omnia_build_stream service + ansible.builtin.systemd: + name: "{{ build_stream_container_name }}.service" + state: started + enabled: true + +- name: Wait for omnia_build_stream container to be ready + ansible.builtin.wait_for: + host: localhost + port: "{{ build_stream_port }}" + delay: 5 + timeout: 60 + state: started + +- name: Configure firewall for omnia_build_stream + block: + - name: Start firewalld service + ansible.builtin.systemd: + name: firewalld + state: started + enabled: true + + - name: Open port {{ build_stream_port }} in firewall + ansible.posix.firewalld: + port: "{{ build_stream_firewall_port }}" + permanent: true + state: enabled + immediate: true + +- name: Verify omnia_build_stream health endpoint + ansible.builtin.uri: + url: "{{ build_stream_health_endpoint }}" + method: GET + return_content: true + status_code: 200 + register: health_check + retries: 5 + delay: 10 + until: health_check.status == 200 + +- name: Display omnia_build_stream deployment status + ansible.builtin.debug: + msg: + - "{{ build_stream_deployment_success_msg }}" + - "Container Name: {{ build_stream_container_name }}" + - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" + - "Image Source: {{ build_stream_image_source }}" + - "Port: {{ build_stream_port }}" + - "Health Check: {{ build_stream_health_endpoint }}" + - "Status: {{ health_check.json }}" diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/main.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/main.yml new file mode 100644 index 0000000000..fc65d443d4 --- /dev/null +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/main.yml @@ -0,0 +1,20 @@ +# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- + +- name: Deploy omnia_build_stream container + ansible.builtin.include_tasks: deploy_build_stream.yml + tags: + - build_stream diff --git a/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 new file mode 100644 index 0000000000..c988fa3fa1 --- /dev/null +++ b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 @@ -0,0 +1,33 @@ +# =============================================================== +# omnia_build_stream Quadlet Service +# FastAPI Service for Omnia Build Stream Automation +# =============================================================== +[Unit] +Description=Omnia Build Stream FastAPI Container +After=omnia_core.service +Requires=omnia_core.service + +[Container] +ContainerName={{ build_stream_container_name }} +HostName={{ build_stream_container_name }} +Image={{ build_stream_image_name }}:{{ build_stream_image_tag }} +Network=host + +# Environment variables +Environment=OMNIA_ENV=production +Environment=OMNIA_DEBUG=false +{% if pulp_base_url is defined %} +Environment=PULP_BASE_URL={{ pulp_base_url }} +{% endif %} + +# Volume mounts (shared from omnia_core) +Volume={{ omnia_path }}/omnia:/opt/omnia{{ selinux_option }} +Volume={{ build_stream_log_dir }}:/var/log{{ selinux_option }} +Volume={{ build_stream_ssl_dir }}:/etc/ssl/omnia:ro{{ selinux_option }} +Volume={{ pulp_certs_dir }}:/etc/pulp/certs:ro{{ selinux_option }} + +[Service] +Restart=always + +[Install] +WantedBy=multi-user.target default.target diff --git a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml new file mode 100644 index 0000000000..9568144ceb --- /dev/null +++ b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml @@ -0,0 +1,61 @@ +# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- + +# Build Stream Container Configuration +build_stream_container_name: "omnia_build_stream" + +# Image source configuration +# Set to 'dockerhub' to pull from Docker Hub or 'local' to use locally built image +# Default: local +build_stream_image_source: "local" + +# Docker Hub configuration +build_stream_dockerhub_registry: "docker.io/dellhpcomniaaisolution" +build_stream_dockerhub_image: "{{ build_stream_dockerhub_registry }}/omnia_build_stream" + +# Local image configuration +build_stream_local_image: "omnia_build_stream" + +# Image name (dynamically set based on source) +build_stream_image_name: "{{ build_stream_dockerhub_image if build_stream_image_source == 'dockerhub' else build_stream_local_image }}" +build_stream_image_tag: "1.0" +build_stream_port: 443 +build_stream_log_dir: "/var/log/omnia_build_stream" + +# SSL certificate configuration +build_stream_ssl_dir: "/opt/omnia/build_stream/ssl" +build_stream_ssl_cert: "{{ build_stream_ssl_dir }}/cert.pem" +build_stream_ssl_key: "{{ build_stream_ssl_dir }}/key.pem" +build_stream_ssl_days: 365 + +# Pulp certificate configuration +pulp_certs_dir: "/opt/omnia/pulp/settings/certs" +pulp_webserver_cert: "{{ pulp_certs_dir }}/pulp_webserver.crt" + +# Quadlet service file path +build_stream_quadlet_path: "/etc/containers/systemd/{{ build_stream_container_name }}.container" + +# Health check endpoint +build_stream_health_endpoint: "https://localhost:{{ build_stream_port }}/health" + +# Firewall configuration +build_stream_firewall_port: "{{ build_stream_port }}/tcp" + +# Messages +build_stream_omnia_core_not_running_msg: "omnia_core container must be running before deploying omnia_build_stream" +build_stream_local_image_not_found_msg: "Container image {{ build_stream_image_name }}:{{ build_stream_image_tag }} not found locally. Please build it first using build_images.sh or set build_stream_image_source to 'dockerhub'" +build_stream_dockerhub_pull_success_msg: "Successfully pulled {{ build_stream_image_name }}:{{ build_stream_image_tag }} from Docker Hub" +build_stream_deployment_success_msg: "omnia_build_stream container deployed successfully" From 29a8b7c910bbbb20aa60e54a5d78c8220bd19ee9 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Fri, 16 Jan 2026 12:35:36 +0530 Subject: [PATCH 02/18] updating prepare oim --- prepare_oim/prepare_oim.yml | 7 +++++-- .../build_stream/tasks/deploy_build_stream.yml | 18 ++---------------- .../build_stream/vars/main.yml | 14 +------------- 3 files changed, 8 insertions(+), 31 deletions(-) diff --git a/prepare_oim/prepare_oim.yml b/prepare_oim/prepare_oim.yml index 49bead531f..e37628b1ed 100644 --- a/prepare_oim/prepare_oim.yml +++ b/prepare_oim/prepare_oim.yml @@ -74,10 +74,10 @@ name: deploy_containers/auth tasks_from: generate_ldap_password_hashes.yml -- name: Deploy the pulp container +- name: Deploy containers hosts: oim connection: ssh - gather_facts: false + gather_facts: true roles: - role: deploy_containers/common # noqa:role-name[path] tags: always @@ -85,6 +85,9 @@ tags: pulp - role: deploy_containers/auth # noqa:role-name[path] tags: auth + - role: deploy_containers/build_stream # noqa:role-name[path] + tags: build_stream + when: enable_build_stream | default(false) | bool - name: Verify openchami install status hosts: oim diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml index 892cadc47f..ee855d409d 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml @@ -40,7 +40,7 @@ ansible.builtin.set_fact: omnia_path: "{{ omnia_shared_path_result }}" -- name: Display image source configuration +- name: Display image configuration ansible.builtin.debug: msg: - "Image Source: {{ build_stream_image_source }}" @@ -51,25 +51,12 @@ name: "{{ build_stream_image_name }}" tag: "{{ build_stream_image_tag }}" state: present - when: build_stream_image_source == 'dockerhub' register: dockerhub_pull_result - name: Display Docker Hub pull result ansible.builtin.debug: msg: "{{ build_stream_dockerhub_pull_success_msg }}" - when: build_stream_image_source == 'dockerhub' and dockerhub_pull_result is succeeded - -- name: Check if local omnia_build_stream image exists - containers.podman.podman_image_info: - name: "{{ build_stream_image_name }}:{{ build_stream_image_tag }}" - register: build_stream_image_info - failed_when: false - when: build_stream_image_source == 'local' - -- name: Fail if local omnia_build_stream image does not exist - ansible.builtin.fail: - msg: "{{ build_stream_local_image_not_found_msg }}" - when: build_stream_image_source == 'local' and (build_stream_image_info.images | length == 0) + when: dockerhub_pull_result is succeeded - name: Check if omnia_build_stream container already exists containers.podman.podman_container_info: @@ -212,7 +199,6 @@ - "{{ build_stream_deployment_success_msg }}" - "Container Name: {{ build_stream_container_name }}" - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" - - "Image Source: {{ build_stream_image_source }}" - "Port: {{ build_stream_port }}" - "Health Check: {{ build_stream_health_endpoint }}" - "Status: {{ health_check.json }}" diff --git a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml index 9568144ceb..de1ec78fce 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml @@ -17,20 +17,9 @@ # Build Stream Container Configuration build_stream_container_name: "omnia_build_stream" -# Image source configuration -# Set to 'dockerhub' to pull from Docker Hub or 'local' to use locally built image -# Default: local -build_stream_image_source: "local" - # Docker Hub configuration build_stream_dockerhub_registry: "docker.io/dellhpcomniaaisolution" -build_stream_dockerhub_image: "{{ build_stream_dockerhub_registry }}/omnia_build_stream" - -# Local image configuration -build_stream_local_image: "omnia_build_stream" - -# Image name (dynamically set based on source) -build_stream_image_name: "{{ build_stream_dockerhub_image if build_stream_image_source == 'dockerhub' else build_stream_local_image }}" +build_stream_image_name: "{{ build_stream_dockerhub_registry }}/omnia_build_stream" build_stream_image_tag: "1.0" build_stream_port: 443 build_stream_log_dir: "/var/log/omnia_build_stream" @@ -56,6 +45,5 @@ build_stream_firewall_port: "{{ build_stream_port }}/tcp" # Messages build_stream_omnia_core_not_running_msg: "omnia_core container must be running before deploying omnia_build_stream" -build_stream_local_image_not_found_msg: "Container image {{ build_stream_image_name }}:{{ build_stream_image_tag }} not found locally. Please build it first using build_images.sh or set build_stream_image_source to 'dockerhub'" build_stream_dockerhub_pull_success_msg: "Successfully pulled {{ build_stream_image_name }}:{{ build_stream_image_tag }} from Docker Hub" build_stream_deployment_success_msg: "omnia_build_stream container deployed successfully" From 4285dd9d6e4aa3a2f24661c0df17b3125d83e303 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Fri, 16 Jan 2026 15:59:56 +0530 Subject: [PATCH 03/18] prepare OIM changes --- .../tasks/deploy_build_stream.yml | 54 +++++++++---------- .../build_stream/templates/build_stream.j2 | 2 +- .../build_stream/vars/main.yml | 2 +- 3 files changed, 27 insertions(+), 31 deletions(-) diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml index ee855d409d..9a570eca04 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml @@ -1,4 +1,4 @@ -# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright 2026 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -43,7 +43,7 @@ - name: Display image configuration ansible.builtin.debug: msg: - - "Image Source: {{ build_stream_image_source }}" + - "Image Source: Docker Hub" - "Image Name: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" - name: Pull omnia_build_stream image from Docker Hub @@ -89,14 +89,9 @@ ansible.builtin.set_fact: selinux_option: "{{ ':z' if (share_option != 'NFS' or nfs_type | default('') != 'external') else '' }}" -- name: Extract Pulp server IP from metadata +- name: Extract admin NIC IP from metadata for Pulp ansible.builtin.set_fact: - pulp_server_ip: "{{ metadata_content.stdout | regex_search('pulp_server_ip:\\s*(\\S+)', '\\1') | first | default('') }}" - -- name: Extract admin NIC IP from metadata if Pulp IP not found - ansible.builtin.set_fact: - pulp_server_ip: "{{ metadata_content.stdout | regex_search('admin_nic_ip:\\s*(\\S+)', '\\1') | first }}" - when: pulp_server_ip | length == 0 + pulp_server_ip: "{{ (metadata_content.stdout | regex_search('admin_nic_ip:\\s*(\\S+)', '\\1') | default([None], true))[0] | default('', true) }}" - name: Set Pulp base URL ansible.builtin.set_fact: @@ -159,13 +154,14 @@ state: started enabled: true -- name: Wait for omnia_build_stream container to be ready - ansible.builtin.wait_for: - host: localhost - port: "{{ build_stream_port }}" - delay: 5 - timeout: 60 - state: started +# TODO: Uncomment when API server is implemented +# - name: Wait for omnia_build_stream container to be ready +# ansible.builtin.wait_for: +# host: localhost +# port: "{{ build_stream_port }}" +# delay: 5 +# timeout: 60 +# state: started - name: Configure firewall for omnia_build_stream block: @@ -182,16 +178,17 @@ state: enabled immediate: true -- name: Verify omnia_build_stream health endpoint - ansible.builtin.uri: - url: "{{ build_stream_health_endpoint }}" - method: GET - return_content: true - status_code: 200 - register: health_check - retries: 5 - delay: 10 - until: health_check.status == 200 +# TODO: Uncomment when API server is implemented +# - name: Verify omnia_build_stream health endpoint +# ansible.builtin.uri: +# url: "{{ build_stream_health_endpoint }}" +# method: GET +# return_content: true +# status_code: 200 +# register: health_check +# retries: 5 +# delay: 10 +# until: health_check.status == 200 - name: Display omnia_build_stream deployment status ansible.builtin.debug: @@ -199,6 +196,5 @@ - "{{ build_stream_deployment_success_msg }}" - "Container Name: {{ build_stream_container_name }}" - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" - - "Port: {{ build_stream_port }}" - - "Health Check: {{ build_stream_health_endpoint }}" - - "Status: {{ health_check.json }}" + - "Port: {{ build_stream_port }} (API server disabled - not implemented yet)" + - "Note: Container is running but API endpoints are not available" diff --git a/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 index c988fa3fa1..f584d5096e 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 +++ b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 @@ -22,7 +22,7 @@ Environment=PULP_BASE_URL={{ pulp_base_url }} # Volume mounts (shared from omnia_core) Volume={{ omnia_path }}/omnia:/opt/omnia{{ selinux_option }} -Volume={{ build_stream_log_dir }}:/var/log{{ selinux_option }} +Volume={{ build_stream_log_dir }}:/var/log/omnia_build_stream{{ selinux_option }} Volume={{ build_stream_ssl_dir }}:/etc/ssl/omnia:ro{{ selinux_option }} Volume={{ pulp_certs_dir }}:/etc/pulp/certs:ro{{ selinux_option }} diff --git a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml index de1ec78fce..5ced8ab086 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml @@ -22,7 +22,7 @@ build_stream_dockerhub_registry: "docker.io/dellhpcomniaaisolution" build_stream_image_name: "{{ build_stream_dockerhub_registry }}/omnia_build_stream" build_stream_image_tag: "1.0" build_stream_port: 443 -build_stream_log_dir: "/var/log/omnia_build_stream" +build_stream_log_dir: "{{ omnia_path }}/omnia/log/build_stream" # SSL certificate configuration build_stream_ssl_dir: "/opt/omnia/build_stream/ssl" From fef37c359730a8ad0b8d9345d93ae899e5730be8 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Fri, 16 Jan 2026 17:15:54 +0530 Subject: [PATCH 04/18] build stream container should be deployed after pulp container deployment --- prepare_oim/prepare_oim.yml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/prepare_oim/prepare_oim.yml b/prepare_oim/prepare_oim.yml index e37628b1ed..f1219c82d5 100644 --- a/prepare_oim/prepare_oim.yml +++ b/prepare_oim/prepare_oim.yml @@ -74,6 +74,17 @@ name: deploy_containers/auth tasks_from: generate_ldap_password_hashes.yml +- name: Load build_stream configuration + hosts: localhost + connection: local + gather_facts: false + tags: build_stream + tasks: + - name: Include build_stream config file + ansible.builtin.include_vars: + file: "{{ input_project_dir }}/build_stream_config.yml" + failed_when: false + - name: Deploy containers hosts: oim connection: ssh @@ -85,9 +96,6 @@ tags: pulp - role: deploy_containers/auth # noqa:role-name[path] tags: auth - - role: deploy_containers/build_stream # noqa:role-name[path] - tags: build_stream - when: enable_build_stream | default(false) | bool - name: Verify openchami install status hosts: oim @@ -138,6 +146,15 @@ tasks_from: reload_pulp_nginx.yml when: hostvars['oim']['pulp_protocol_https'] +- name: Deploy build_stream container + hosts: oim + connection: ssh + gather_facts: false + tags: build_stream + roles: + - role: deploy_containers/build_stream # noqa:role-name[path] + when: enable_build_stream | default(false) | bool + - name: Omnia service deployment hosts: oim connection: ssh From 43e24e637224f26fba174913874a24e6bf0b1bfa Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Fri, 16 Jan 2026 17:37:11 +0530 Subject: [PATCH 05/18] add omnia_build_stream target --- .../roles/deploy_containers/common/templates/omnia.service.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/prepare_oim/roles/deploy_containers/common/templates/omnia.service.j2 b/prepare_oim/roles/deploy_containers/common/templates/omnia.service.j2 index 56628f7907..1a711165a2 100644 --- a/prepare_oim/roles/deploy_containers/common/templates/omnia.service.j2 +++ b/prepare_oim/roles/deploy_containers/common/templates/omnia.service.j2 @@ -1,6 +1,7 @@ [Unit] Description=Top-level target for Omnia Core and OpenCHAMI -Requires=omnia_core.service openchami.target pulp.service registry.service minio.service {{ auth_service }} +Requires=omnia_core.service openchami.target pulp.service registry.service minio.service {{ auth_service }}{% if enable_build_stream | default(false) | bool %} omnia_build_stream.service{% endif %} + After=network.target Wants=network-online.target From 7dc979eb19618bba21243214f292d4fe00b62afd Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Fri, 16 Jan 2026 17:49:04 +0530 Subject: [PATCH 06/18] adding omnia build stream target --- prepare_oim/prepare_oim.yml | 2 +- .../deploy_containers/common/tasks/omnia_service.yml | 9 +++++++++ .../deploy_containers/common/templates/omnia.service.j2 | 3 +-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/prepare_oim/prepare_oim.yml b/prepare_oim/prepare_oim.yml index f1219c82d5..24ffa1ba6e 100644 --- a/prepare_oim/prepare_oim.yml +++ b/prepare_oim/prepare_oim.yml @@ -78,7 +78,7 @@ hosts: localhost connection: local gather_facts: false - tags: build_stream + tags: always tasks: - name: Include build_stream config file ansible.builtin.include_vars: diff --git a/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml b/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml index 4994e3ecf6..98cc97208a 100644 --- a/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml +++ b/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml @@ -22,6 +22,15 @@ auth_service: "omnia_auth.service" when: hostvars['localhost']['openldap_support'] +- name: Initialize build_stream service variable + ansible.builtin.set_fact: + build_stream_service: "" + +- name: Set build_stream service if enabled + ansible.builtin.set_fact: + build_stream_service: "omnia_build_stream.service" + when: enable_build_stream | default(false) | bool + - name: Start network manager services ansible.builtin.systemd: name: "{{ item }}" diff --git a/prepare_oim/roles/deploy_containers/common/templates/omnia.service.j2 b/prepare_oim/roles/deploy_containers/common/templates/omnia.service.j2 index 1a711165a2..d47787f282 100644 --- a/prepare_oim/roles/deploy_containers/common/templates/omnia.service.j2 +++ b/prepare_oim/roles/deploy_containers/common/templates/omnia.service.j2 @@ -1,7 +1,6 @@ [Unit] Description=Top-level target for Omnia Core and OpenCHAMI -Requires=omnia_core.service openchami.target pulp.service registry.service minio.service {{ auth_service }}{% if enable_build_stream | default(false) | bool %} omnia_build_stream.service{% endif %} - +Requires=omnia_core.service openchami.target pulp.service registry.service minio.service {{ auth_service }} {{ build_stream_service }} After=network.target Wants=network-online.target From f5daff701f6f7f405fe34c8eda1e20a39073a32c Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Fri, 16 Jan 2026 18:10:23 +0530 Subject: [PATCH 07/18] adding cleanup --- .../common/tasks/omnia_service.yml | 2 +- .../tasks/cleanup_build_stream.yml | 101 ++++++++++++++++++ .../oim_container_cleanup/tasks/main.yml | 4 + .../oim_container_cleanup/vars/main.yml | 7 ++ 4 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 utils/roles/oim_cleanup/oim_container_cleanup/tasks/cleanup_build_stream.yml diff --git a/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml b/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml index 98cc97208a..26a71059c5 100644 --- a/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml +++ b/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml @@ -29,7 +29,7 @@ - name: Set build_stream service if enabled ansible.builtin.set_fact: build_stream_service: "omnia_build_stream.service" - when: enable_build_stream | default(false) | bool + when: hostvars['localhost']['enable_build_stream'] | default(false) | bool - name: Start network manager services ansible.builtin.systemd: diff --git a/utils/roles/oim_cleanup/oim_container_cleanup/tasks/cleanup_build_stream.yml b/utils/roles/oim_cleanup/oim_container_cleanup/tasks/cleanup_build_stream.yml new file mode 100644 index 0000000000..3f569ea42b --- /dev/null +++ b/utils/roles/oim_cleanup/oim_container_cleanup/tasks/cleanup_build_stream.yml @@ -0,0 +1,101 @@ +# Copyright 2026 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Reload systemd daemon + ansible.builtin.systemd: + daemon_reload: true + +- name: Populate service facts + ansible.builtin.service_facts: + +- name: Select only the omnia_build_stream service name + ansible.builtin.set_fact: + build_stream_services: "{{ ansible_facts['services'].keys() | select('match', '^omnia_build_stream') | list }}" + +- name: Stop all matching omnia_build_stream services + ansible.builtin.systemd_service: + name: "{{ item }}" + state: stopped + loop: "{{ build_stream_services }}" + when: + - item in ansible_facts.services + - ansible_facts.services[item].state == 'running' + +- name: Get omnia_build_stream container files + ansible.builtin.find: + paths: "/etc/containers/systemd/" + patterns: 'omnia_build_stream*' + file_type: file + register: found_files + +- name: Get the list of omnia build_stream paths + ansible.builtin.set_fact: + build_stream_quad_path_list: "{{ found_files.files | map(attribute='path') | list }}" + +- name: Remove omnia_build_stream systemd unit files + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: "{{ build_stream_quad_path_list }}" + +- name: Reload systemd daemon + ansible.builtin.systemd: + daemon_reload: true + +- name: Get podman info for omnia_build_stream container + containers.podman.podman_container_info: + name: "{{ build_stream_container_name }}" + register: podmen + no_log: true + +- name: Get info about omnia_build_stream + containers.podman.podman_container_info: + name: "{{ build_stream_container_name }}" + register: podinfo + failed_when: false + +- name: Stop build_stream service only if it exists + containers.podman.podman_container: + name: "{{ build_stream_container_name }}" + state: stopped + when: podinfo.containers | length > 0 + +- name: Remove omnia_build_stream containers + containers.podman.podman_container: + name: "{{ build_stream_container_name }}" + state: absent + force_delete: true + when: podinfo.containers | length > 0 + +- name: Remove build_stream cleanup directories + ansible.builtin.file: + path: "{{ item }}" + state: absent + force: true + register: directory_deletion + until: directory_deletion is not failed + retries: "{{ max_retries }}" + loop: "{{ build_stream_cleanup_directory }}" + +- name: Check if target file exists + ansible.builtin.stat: + path: "{{ omnia_target }}" + register: p + +- name: Remove all omnia_build_stream services from omnia.target + ansible.builtin.replace: + path: "{{ omnia_target }}" + regexp: "{{ build_stream_container_name }}.service" + replace: '' + when: p.stat.exists diff --git a/utils/roles/oim_cleanup/oim_container_cleanup/tasks/main.yml b/utils/roles/oim_cleanup/oim_container_cleanup/tasks/main.yml index 55baafbec9..ed0c21c56f 100644 --- a/utils/roles/oim_cleanup/oim_container_cleanup/tasks/main.yml +++ b/utils/roles/oim_cleanup/oim_container_cleanup/tasks/main.yml @@ -43,6 +43,10 @@ ansible.builtin.import_tasks: cleanup_auth.yml tags: auth +- name: Cleanup build_stream container + ansible.builtin.import_tasks: cleanup_build_stream.yml + tags: build_stream + - name: Cleanup common configuration ansible.builtin.import_tasks: cleanup_common.yml tags: common diff --git a/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml b/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml index 2df22d09be..3f470258b9 100644 --- a/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml +++ b/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml @@ -140,6 +140,13 @@ auth_cleanup_directory: auth_service_container_name: omnia_auth +# Usage: cleanup_build_stream.yml +build_stream_cleanup_directory: + - "{{ omnia_nfs_share }}/log/build_stream" + - "{{ omnia_nfs_share }}/build_stream" + +build_stream_container_name: omnia_build_stream + # Usage: cleanup_note.yml oim_cleanup_note: | [Post-Cleanup Actions Required] From 78fbef7644567202e9921d8a2f1cd0ec205f40a9 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Fri, 16 Jan 2026 18:25:35 +0530 Subject: [PATCH 08/18] update copyright --- prepare_oim/roles/deploy_containers/build_stream/tasks/main.yml | 2 +- prepare_oim/roles/deploy_containers/build_stream/vars/main.yml | 2 +- .../roles/deploy_containers/common/tasks/omnia_service.yml | 2 +- utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/main.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/main.yml index fc65d443d4..d2146a7628 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/tasks/main.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/main.yml @@ -1,4 +1,4 @@ -# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright 2026 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml index 5ced8ab086..84852a335b 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml @@ -1,4 +1,4 @@ -# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright 2026 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml b/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml index 26a71059c5..a888a19eec 100644 --- a/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml +++ b/prepare_oim/roles/deploy_containers/common/tasks/omnia_service.yml @@ -1,4 +1,4 @@ -# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright 2026 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml b/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml index 3f470258b9..2a43504e02 100644 --- a/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml +++ b/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml @@ -1,4 +1,4 @@ -# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright 2026 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. From 851863d39685d98a8f146f30cabdcb2a5e6199b8 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Sat, 17 Jan 2026 05:34:53 +0530 Subject: [PATCH 09/18] pulp certification --- prepare_oim/prepare_oim.yml | 4 ++-- .../build_stream/tasks/deploy_build_stream.yml | 8 +++++--- .../build_stream/templates/build_stream.j2 | 5 +++-- .../roles/deploy_containers/build_stream/vars/main.yml | 3 +++ 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/prepare_oim/prepare_oim.yml b/prepare_oim/prepare_oim.yml index 24ffa1ba6e..975170aa41 100644 --- a/prepare_oim/prepare_oim.yml +++ b/prepare_oim/prepare_oim.yml @@ -1,4 +1,4 @@ -# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright 2026 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -153,7 +153,7 @@ tags: build_stream roles: - role: deploy_containers/build_stream # noqa:role-name[path] - when: enable_build_stream | default(false) | bool + when: hostvars['localhost']['enable_build_stream'] | default(false) | bool - name: Omnia service deployment hosts: oim diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml index 9a570eca04..6e3feea2a9 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml @@ -89,13 +89,15 @@ ansible.builtin.set_fact: selinux_option: "{{ ':z' if (share_option != 'NFS' or nfs_type | default('') != 'external') else '' }}" -- name: Extract admin NIC IP from metadata for Pulp +- name: Extract Pulp server IP and password from metadata ansible.builtin.set_fact: - pulp_server_ip: "{{ (metadata_content.stdout | regex_search('admin_nic_ip:\\s*(\\S+)', '\\1') | default([None], true))[0] | default('', true) }}" + pulp_server_ip: "{{ (metadata_content.stdout | from_yaml).admin_nic_ip }}" + pulp_password: "{{ (metadata_content.stdout | from_yaml).pulp_password }}" + no_log: true - name: Set Pulp base URL ansible.builtin.set_fact: - pulp_base_url: "https://{{ pulp_server_ip }}:443" + pulp_base_url: "https://{{ pulp_server_ip }}:2225" when: pulp_server_ip | length > 0 - name: Create SSL certificate directory diff --git a/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 index f584d5096e..b620115f9e 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 +++ b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 @@ -16,9 +16,10 @@ Network=host # Environment variables Environment=OMNIA_ENV=production Environment=OMNIA_DEBUG=false -{% if pulp_base_url is defined %} Environment=PULP_BASE_URL={{ pulp_base_url }} -{% endif %} +Environment=PULP_USERNAME=admin +Environment=PULP_PASSWORD={{ pulp_password }} +Environment=PULP_VERIFY_SSL=true # Volume mounts (shared from omnia_core) Volume={{ omnia_path }}/omnia:/opt/omnia{{ selinux_option }} diff --git a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml index 84852a335b..3c42bb6b19 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml @@ -34,6 +34,9 @@ build_stream_ssl_days: 365 pulp_certs_dir: "/opt/omnia/pulp/settings/certs" pulp_webserver_cert: "{{ pulp_certs_dir }}/pulp_webserver.crt" +# Pulp server configuration - will be set dynamically during deployment +pulp_base_url: "https://{{ admin_nic_ip }}:2225" + # Quadlet service file path build_stream_quadlet_path: "/etc/containers/systemd/{{ build_stream_container_name }}.container" From f92d4b5ff9592d7045430a651327394f17e32bcd Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Sat, 17 Jan 2026 06:40:41 +0530 Subject: [PATCH 10/18] Read pulp certification --- .../tasks/deploy_build_stream.yml | 22 ++++++++++++++++--- .../build_stream/vars/main.yml | 5 +++++ 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml index 6e3feea2a9..bdc3cc0c96 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml @@ -89,10 +89,10 @@ ansible.builtin.set_fact: selinux_option: "{{ ':z' if (share_option != 'NFS' or nfs_type | default('') != 'external') else '' }}" -- name: Extract Pulp server IP and password from metadata +- name: Set Pulp server IP and password from hostvars ansible.builtin.set_fact: - pulp_server_ip: "{{ (metadata_content.stdout | from_yaml).admin_nic_ip }}" - pulp_password: "{{ (metadata_content.stdout | from_yaml).pulp_password }}" + pulp_server_ip: "{{ hostvars['localhost']['admin_nic_ip'] }}" + pulp_password: "{{ hostvars['localhost']['pulp_password'] }}" no_log: true - name: Set Pulp base URL @@ -156,6 +156,22 @@ state: started enabled: true +- name: Wait for container to be ready + ansible.builtin.pause: + seconds: "{{ container_startup_wait_seconds }}" + +- name: Copy Pulp certificate to container trust store + containers.podman.podman_container_exec: + name: "{{ build_stream_container_name }}" + command: cp {{ pulp_cert_container_path }} {{ ca_trust_anchors_path }} + changed_when: true + +- name: Update CA trust in container + containers.podman.podman_container_exec: + name: "{{ build_stream_container_name }}" + command: update-ca-trust extract + changed_when: true + # TODO: Uncomment when API server is implemented # - name: Wait for omnia_build_stream container to be ready # ansible.builtin.wait_for: diff --git a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml index 3c42bb6b19..045f544372 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml @@ -33,10 +33,15 @@ build_stream_ssl_days: 365 # Pulp certificate configuration pulp_certs_dir: "/opt/omnia/pulp/settings/certs" pulp_webserver_cert: "{{ pulp_certs_dir }}/pulp_webserver.crt" +pulp_cert_container_path: "/etc/pulp/certs/pulp_webserver.crt" +ca_trust_anchors_path: "/etc/pki/ca-trust/source/anchors/pulp_webserver.crt" # Pulp server configuration - will be set dynamically during deployment pulp_base_url: "https://{{ admin_nic_ip }}:2225" +# Container startup wait time +container_startup_wait_seconds: 5 + # Quadlet service file path build_stream_quadlet_path: "/etc/containers/systemd/{{ build_stream_container_name }}.container" From 8f72aaafefcec0cd35b49689f4a235267f7d6cd6 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Sun, 18 Jan 2026 05:35:56 +0530 Subject: [PATCH 11/18] updating build stream deployment --- .../tasks/deploy_build_stream.yml | 197 +++++++----------- .../build_stream/templates/build_stream.j2 | 2 + .../build_stream/vars/main.yml | 13 +- 3 files changed, 87 insertions(+), 125 deletions(-) diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml index bdc3cc0c96..201ffd29db 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml @@ -14,104 +14,93 @@ --- -- name: Check if omnia_core container is running +# Check and remove existing build_stream container if running +- name: Check if omnia_build_stream service exists + ansible.builtin.systemd: + name: "{{ build_stream_container_name }}.service" + register: build_stream_service_status + failed_when: false + +- name: Stop omnia_build_stream service if running + ansible.builtin.systemd: + name: "{{ build_stream_container_name }}.service" + state: stopped + enabled: false + when: build_stream_service_status.status is defined + failed_when: false + +- name: Check if omnia_build_stream container exists containers.podman.podman_container_info: - name: omnia_core - register: omnia_core_info + name: "{{ build_stream_container_name }}" + register: existing_container_info failed_when: false -- name: Fail if omnia_core is not running - ansible.builtin.fail: - msg: "{{ build_stream_omnia_core_not_running_msg }}" - when: omnia_core_info.containers | length == 0 or omnia_core_info.containers[0].State.Running != true +- name: Remove existing omnia_build_stream container + containers.podman.podman_container: + name: "{{ build_stream_container_name }}" + state: absent + when: existing_container_info.containers | length > 0 -- name: Get omnia shared path from omnia_core metadata +# Get metadata and configuration +- name: Get metadata from omnia_core containers.podman.podman_container_exec: name: omnia_core command: cat /opt/omnia/.data/oim_metadata.yml register: metadata_content changed_when: false -- name: Extract omnia shared path from metadata +- name: Extract configuration from metadata ansible.builtin.set_fact: - omnia_shared_path_result: "{{ metadata_content.stdout | regex_search('oim_shared_path:\\s*(\\S+)', '\\1') | first }}" + omnia_path: "{{ metadata_content.stdout | regex_search('oim_shared_path:\\s*(\\S+)', '\\1') | first }}" + share_option: "{{ metadata_content.stdout | regex_search('omnia_share_option:\\s*(\\S+)', '\\1') | first | default('') }}" + nfs_type: "{{ metadata_content.stdout | regex_search('nfs_type:\\s*(\\S+)', '\\1') | first | default('') }}" + pulp_server_ip: "{{ hostvars['localhost']['admin_nic_ip'] }}" + pulp_password: "{{ hostvars['localhost']['pulp_password'] }}" + no_log: true -- name: Set omnia_path fact +- name: Set SELinux option for volume mounts ansible.builtin.set_fact: - omnia_path: "{{ omnia_shared_path_result }}" + selinux_option: "{{ ':z' if (share_option != 'NFS' or nfs_type | default('') != 'external') else '' }}" -- name: Display image configuration - ansible.builtin.debug: - msg: - - "Image Source: Docker Hub" - - "Image Name: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" +- name: Set Pulp base URL + ansible.builtin.set_fact: + pulp_base_url: "https://{{ pulp_server_ip }}:2225" +# Pull container image - name: Pull omnia_build_stream image from Docker Hub containers.podman.podman_image: name: "{{ build_stream_image_name }}" tag: "{{ build_stream_image_tag }}" state: present - register: dockerhub_pull_result + register: image_pull_result -- name: Display Docker Hub pull result +- name: Display image pull result ansible.builtin.debug: - msg: "{{ build_stream_dockerhub_pull_success_msg }}" - when: dockerhub_pull_result is succeeded - -- name: Check if omnia_build_stream container already exists - containers.podman.podman_container_info: - name: "{{ build_stream_container_name }}" - register: existing_container_info - failed_when: false - -- name: Stop and remove existing omnia_build_stream container - containers.podman.podman_container: - name: "{{ build_stream_container_name }}" - state: absent - when: existing_container_info.containers | length > 0 + msg: + - "Successfully pulled image from Docker Hub" + - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" + when: image_pull_result is succeeded +# Create required directories - name: Create log directory for omnia_build_stream ansible.builtin.file: path: "{{ build_stream_log_dir }}" state: directory mode: '0755' -- name: Extract share option from metadata - ansible.builtin.set_fact: - share_option: "{{ metadata_content.stdout | regex_search('omnia_share_option:\\s*(\\S+)', '\\1') | first | default('') }}" - -- name: Extract NFS type from metadata - ansible.builtin.set_fact: - nfs_type: "{{ metadata_content.stdout | regex_search('nfs_type:\\s*(\\S+)', '\\1') | first | default('') }}" - when: "'NFS' in share_option" - -- name: Set SELinux option for volume mounts - ansible.builtin.set_fact: - selinux_option: "{{ ':z' if (share_option != 'NFS' or nfs_type | default('') != 'external') else '' }}" - -- name: Set Pulp server IP and password from hostvars - ansible.builtin.set_fact: - pulp_server_ip: "{{ hostvars['localhost']['admin_nic_ip'] }}" - pulp_password: "{{ hostvars['localhost']['pulp_password'] }}" - no_log: true - -- name: Set Pulp base URL - ansible.builtin.set_fact: - pulp_base_url: "https://{{ pulp_server_ip }}:2225" - when: pulp_server_ip | length > 0 - - name: Create SSL certificate directory ansible.builtin.file: path: "{{ build_stream_ssl_dir }}" state: directory mode: '0755' +# Generate SSL certificates - name: Check if SSL certificates already exist ansible.builtin.stat: path: "{{ build_stream_ssl_cert }}" register: ssl_cert_stat -- name: Generate self-signed SSL certificate for build_stream +- name: Generate self-signed SSL certificate ansible.builtin.command: | openssl req -x509 -newkey rsa:4096 -nodes -days {{ build_stream_ssl_days }} -keyout {{ build_stream_ssl_key }} @@ -121,7 +110,7 @@ when: not ssl_cert_stat.stat.exists changed_when: true -- name: Set permissions on SSL certificate files +- name: Set permissions on SSL certificates ansible.builtin.file: path: "{{ item }}" mode: '0600' @@ -129,20 +118,14 @@ - "{{ build_stream_ssl_cert }}" - "{{ build_stream_ssl_key }}" -- name: Create Quadlet service file for omnia_build_stream +# Deploy container using Quadlet +- name: Create Quadlet service file ansible.builtin.template: src: build_stream.j2 dest: "{{ build_stream_quadlet_path }}" mode: '0644' -- name: Remove old systemd service if exists - ansible.builtin.systemd: - name: "{{ build_stream_container_name }}.service" - state: stopped - enabled: false - failed_when: false - -- name: Reload systemd daemon to recognize Quadlet +- name: Reload systemd to recognize Quadlet ansible.builtin.systemd: daemon_reexec: true @@ -156,63 +139,43 @@ state: started enabled: true -- name: Wait for container to be ready - ansible.builtin.pause: - seconds: "{{ container_startup_wait_seconds }}" - -- name: Copy Pulp certificate to container trust store - containers.podman.podman_container_exec: - name: "{{ build_stream_container_name }}" - command: cp {{ pulp_cert_container_path }} {{ ca_trust_anchors_path }} - changed_when: true - -- name: Update CA trust in container - containers.podman.podman_container_exec: - name: "{{ build_stream_container_name }}" - command: update-ca-trust extract - changed_when: true - # TODO: Uncomment when API server is implemented -# - name: Wait for omnia_build_stream container to be ready -# ansible.builtin.wait_for: -# host: localhost -# port: "{{ build_stream_port }}" -# delay: 5 -# timeout: 60 -# state: started - -- name: Configure firewall for omnia_build_stream - block: - - name: Start firewalld service - ansible.builtin.systemd: - name: firewalld - state: started - enabled: true - - - name: Open port {{ build_stream_port }} in firewall - ansible.posix.firewalld: - port: "{{ build_stream_firewall_port }}" - permanent: true - state: enabled - immediate: true - -# TODO: Uncomment when API server is implemented -# - name: Verify omnia_build_stream health endpoint +# - name: Wait for container to be ready +# ansible.builtin.pause: +# seconds: "{{ container_ready_wait_seconds }}" +# +# - name: Verify API endpoint health # ansible.builtin.uri: # url: "{{ build_stream_health_endpoint }}" # method: GET # return_content: true -# status_code: 200 +# status_code: "{{ health_check_status_code }}" +# validate_certs: false # register: health_check -# retries: 5 -# delay: 10 -# until: health_check.status == 200 +# retries: "{{ health_check_retries }}" +# delay: "{{ health_check_delay }}" +# until: health_check.status == health_check_status_code + +# Configure firewall +- name: Ensure firewalld is running + ansible.builtin.systemd: + name: firewalld + state: started + enabled: true + +- name: Open build_stream port in firewall + ansible.posix.firewalld: + port: "{{ build_stream_firewall_port }}" + permanent: true + state: enabled + immediate: true -- name: Display omnia_build_stream deployment status +# Display deployment status +- name: Display deployment status ansible.builtin.debug: msg: - "{{ build_stream_deployment_success_msg }}" - - "Container Name: {{ build_stream_container_name }}" + - "Container: {{ build_stream_container_name }}" - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" - - "Port: {{ build_stream_port }} (API server disabled - not implemented yet)" - - "Note: Container is running but API endpoints are not available" + - "Pulp Server: {{ pulp_base_url }}" + - "SSL Verification: Enabled (using REQUESTS_CA_BUNDLE and SSL_CERT_FILE)" diff --git a/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 index b620115f9e..9f32246df6 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 +++ b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 @@ -20,6 +20,8 @@ Environment=PULP_BASE_URL={{ pulp_base_url }} Environment=PULP_USERNAME=admin Environment=PULP_PASSWORD={{ pulp_password }} Environment=PULP_VERIFY_SSL=true +Environment=REQUESTS_CA_BUNDLE=/etc/pulp/certs/pulp_webserver.crt +Environment=SSL_CERT_FILE=/etc/pulp/certs/pulp_webserver.crt # Volume mounts (shared from omnia_core) Volume={{ omnia_path }}/omnia:/opt/omnia{{ selinux_option }} diff --git a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml index 045f544372..8dca4d270b 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml @@ -22,7 +22,7 @@ build_stream_dockerhub_registry: "docker.io/dellhpcomniaaisolution" build_stream_image_name: "{{ build_stream_dockerhub_registry }}/omnia_build_stream" build_stream_image_tag: "1.0" build_stream_port: 443 -build_stream_log_dir: "{{ omnia_path }}/omnia/log/build_stream" +build_stream_log_dir: "{{ omnia_path }}/log/build_stream" # SSL certificate configuration build_stream_ssl_dir: "/opt/omnia/build_stream/ssl" @@ -33,25 +33,22 @@ build_stream_ssl_days: 365 # Pulp certificate configuration pulp_certs_dir: "/opt/omnia/pulp/settings/certs" pulp_webserver_cert: "{{ pulp_certs_dir }}/pulp_webserver.crt" -pulp_cert_container_path: "/etc/pulp/certs/pulp_webserver.crt" -ca_trust_anchors_path: "/etc/pki/ca-trust/source/anchors/pulp_webserver.crt" # Pulp server configuration - will be set dynamically during deployment pulp_base_url: "https://{{ admin_nic_ip }}:2225" -# Container startup wait time -container_startup_wait_seconds: 5 - # Quadlet service file path build_stream_quadlet_path: "/etc/containers/systemd/{{ build_stream_container_name }}.container" # Health check endpoint build_stream_health_endpoint: "https://localhost:{{ build_stream_port }}/health" +container_ready_wait_seconds: 5 +health_check_retries: 5 +health_check_delay: 10 +health_check_status_code: 200 # Firewall configuration build_stream_firewall_port: "{{ build_stream_port }}/tcp" # Messages -build_stream_omnia_core_not_running_msg: "omnia_core container must be running before deploying omnia_build_stream" -build_stream_dockerhub_pull_success_msg: "Successfully pulled {{ build_stream_image_name }}:{{ build_stream_image_tag }} from Docker Hub" build_stream_deployment_success_msg: "omnia_build_stream container deployed successfully" From 1a25a5d8c8cec69fec816ed4a3fd6cf49cadde9a Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Sun, 18 Jan 2026 05:43:29 +0530 Subject: [PATCH 12/18] updating cleanup files --- .../tasks/cleanup_build_stream.yml | 10 ++-------- .../oim_cleanup/oim_container_cleanup/vars/main.yml | 1 + 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/utils/roles/oim_cleanup/oim_container_cleanup/tasks/cleanup_build_stream.yml b/utils/roles/oim_cleanup/oim_container_cleanup/tasks/cleanup_build_stream.yml index 3f569ea42b..fae35bd389 100644 --- a/utils/roles/oim_cleanup/oim_container_cleanup/tasks/cleanup_build_stream.yml +++ b/utils/roles/oim_cleanup/oim_container_cleanup/tasks/cleanup_build_stream.yml @@ -53,19 +53,13 @@ ansible.builtin.systemd: daemon_reload: true -- name: Get podman info for omnia_build_stream container - containers.podman.podman_container_info: - name: "{{ build_stream_container_name }}" - register: podmen - no_log: true - -- name: Get info about omnia_build_stream +- name: Get info about omnia_build_stream container containers.podman.podman_container_info: name: "{{ build_stream_container_name }}" register: podinfo failed_when: false -- name: Stop build_stream service only if it exists +- name: Stop build_stream container only if it exists containers.podman.podman_container: name: "{{ build_stream_container_name }}" state: stopped diff --git a/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml b/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml index 2a43504e02..49623349d9 100644 --- a/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml +++ b/utils/roles/oim_cleanup/oim_container_cleanup/vars/main.yml @@ -143,6 +143,7 @@ auth_service_container_name: omnia_auth # Usage: cleanup_build_stream.yml build_stream_cleanup_directory: - "{{ omnia_nfs_share }}/log/build_stream" + - "{{ omnia_nfs_share }}/build_stream/ssl" - "{{ omnia_nfs_share }}/build_stream" build_stream_container_name: omnia_build_stream From 148038c81d8fb7ca3b7e23bcd8dc403b57d43b92 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Sun, 18 Jan 2026 06:19:31 +0530 Subject: [PATCH 13/18] update copyright year --- utils/roles/oim_cleanup/oim_container_cleanup/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/roles/oim_cleanup/oim_container_cleanup/tasks/main.yml b/utils/roles/oim_cleanup/oim_container_cleanup/tasks/main.yml index ed0c21c56f..c36b3c5cc6 100644 --- a/utils/roles/oim_cleanup/oim_container_cleanup/tasks/main.yml +++ b/utils/roles/oim_cleanup/oim_container_cleanup/tasks/main.yml @@ -1,4 +1,4 @@ -# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright 2026 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. From 7e319c05c052f95ed1e7e88c334a4eb65b1477b4 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Mon, 19 Jan 2026 08:51:48 +0530 Subject: [PATCH 14/18] removing build stream files --- omnia.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omnia.sh b/omnia.sh index 45394baa38..2628028950 100755 --- a/omnia.sh +++ b/omnia.sh @@ -204,7 +204,7 @@ cleanup_config(){ # Remove the Omnia core configuration. echo -e "${BLUE} Removing Omnia core configuration.${NC}" - rm -rf $omnia_path/omnia/{hosts,input,log,pulp,provision,pcs,ssh_config,tmp,.data} + rm -rf $omnia_path/omnia/{hosts,input,log,pulp,provision,pcs,ssh_config,tmp,.data,build_stream} # Unmount the NFS shared path if the share option is NFS. if [ "$share_option" = "NFS" ] && [ "$nfs_type" = "external" ]; then From f6530bb3bd0d6270773931bcdd605f85755ca9ce Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Mon, 19 Jan 2026 17:44:22 +0530 Subject: [PATCH 15/18] Updating verbosity and msgs in vars --- .../tasks/deploy_build_stream.yml | 22 +++++++------------ .../build_stream/vars/main.yml | 16 ++++++++++++++ 2 files changed, 24 insertions(+), 14 deletions(-) diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml index 201ffd29db..61733b5933 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml @@ -45,7 +45,7 @@ - name: Get metadata from omnia_core containers.podman.podman_container_exec: name: omnia_core - command: cat /opt/omnia/.data/oim_metadata.yml + command: cat {{ oim_metadata_file }} register: metadata_content changed_when: false @@ -76,9 +76,8 @@ - name: Display image pull result ansible.builtin.debug: - msg: - - "Successfully pulled image from Docker Hub" - - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" + msg: "{{ build_stream_image_pull_success_msg }}" + verbosity: 2 when: image_pull_result is succeeded # Create required directories @@ -86,13 +85,13 @@ ansible.builtin.file: path: "{{ build_stream_log_dir }}" state: directory - mode: '0755' + mode: "{{ build_stream_dir_mode }}" - name: Create SSL certificate directory ansible.builtin.file: path: "{{ build_stream_ssl_dir }}" state: directory - mode: '0755' + mode: "{{ build_stream_dir_mode }}" # Generate SSL certificates - name: Check if SSL certificates already exist @@ -113,7 +112,7 @@ - name: Set permissions on SSL certificates ansible.builtin.file: path: "{{ item }}" - mode: '0600' + mode: "{{ build_stream_ssl_file_mode }}" loop: - "{{ build_stream_ssl_cert }}" - "{{ build_stream_ssl_key }}" @@ -123,7 +122,7 @@ ansible.builtin.template: src: build_stream.j2 dest: "{{ build_stream_quadlet_path }}" - mode: '0644' + mode: "{{ build_stream_quadlet_file_mode }}" - name: Reload systemd to recognize Quadlet ansible.builtin.systemd: @@ -173,9 +172,4 @@ # Display deployment status - name: Display deployment status ansible.builtin.debug: - msg: - - "{{ build_stream_deployment_success_msg }}" - - "Container: {{ build_stream_container_name }}" - - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" - - "Pulp Server: {{ pulp_base_url }}" - - "SSL Verification: Enabled (using REQUESTS_CA_BUNDLE and SSL_CERT_FILE)" + msg: "{{ build_stream_deployment_status_msg }}" diff --git a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml index 8dca4d270b..dd8122cf84 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml @@ -17,6 +17,9 @@ # Build Stream Container Configuration build_stream_container_name: "omnia_build_stream" +# OIM metadata file path +oim_metadata_file: "/opt/omnia/.data/oim_metadata.yml" + # Docker Hub configuration build_stream_dockerhub_registry: "docker.io/dellhpcomniaaisolution" build_stream_image_name: "{{ build_stream_dockerhub_registry }}/omnia_build_stream" @@ -24,11 +27,15 @@ build_stream_image_tag: "1.0" build_stream_port: 443 build_stream_log_dir: "{{ omnia_path }}/log/build_stream" +# Directory permissions +build_stream_dir_mode: "0755" + # SSL certificate configuration build_stream_ssl_dir: "/opt/omnia/build_stream/ssl" build_stream_ssl_cert: "{{ build_stream_ssl_dir }}/cert.pem" build_stream_ssl_key: "{{ build_stream_ssl_dir }}/key.pem" build_stream_ssl_days: 365 +build_stream_ssl_file_mode: "0600" # Pulp certificate configuration pulp_certs_dir: "/opt/omnia/pulp/settings/certs" @@ -39,6 +46,7 @@ pulp_base_url: "https://{{ admin_nic_ip }}:2225" # Quadlet service file path build_stream_quadlet_path: "/etc/containers/systemd/{{ build_stream_container_name }}.container" +build_stream_quadlet_file_mode: "0644" # Health check endpoint build_stream_health_endpoint: "https://localhost:{{ build_stream_port }}/health" @@ -52,3 +60,11 @@ build_stream_firewall_port: "{{ build_stream_port }}/tcp" # Messages build_stream_deployment_success_msg: "omnia_build_stream container deployed successfully" +build_stream_image_pull_success_msg: + - "Successfully pulled image from Docker Hub" + - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" +build_stream_deployment_status_msg: + - "{{ build_stream_deployment_success_msg }}" + - "Container: {{ build_stream_container_name }}" + - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" + - "Pulp Server: {{ pulp_base_url }}" From bb4ad6de9a1bf41975368ff032d49e25c254d707 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Mon, 19 Jan 2026 18:09:47 +0530 Subject: [PATCH 16/18] revert gather fact changes --- prepare_oim/prepare_oim.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prepare_oim/prepare_oim.yml b/prepare_oim/prepare_oim.yml index 975170aa41..39d4ea2976 100644 --- a/prepare_oim/prepare_oim.yml +++ b/prepare_oim/prepare_oim.yml @@ -88,7 +88,7 @@ - name: Deploy containers hosts: oim connection: ssh - gather_facts: true + gather_facts: false roles: - role: deploy_containers/common # noqa:role-name[path] tags: always From 8f2f8ab559af29d235e41e4120317f45b696252e Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Mon, 19 Jan 2026 19:32:10 +0530 Subject: [PATCH 17/18] adding rescue block --- .../tasks/deploy_build_stream.yml | 123 ++++++++++-------- .../build_stream/vars/main.yml | 5 + 2 files changed, 72 insertions(+), 56 deletions(-) diff --git a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml index 61733b5933..5e20b92ff2 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml @@ -117,59 +117,70 @@ - "{{ build_stream_ssl_cert }}" - "{{ build_stream_ssl_key }}" -# Deploy container using Quadlet -- name: Create Quadlet service file - ansible.builtin.template: - src: build_stream.j2 - dest: "{{ build_stream_quadlet_path }}" - mode: "{{ build_stream_quadlet_file_mode }}" - -- name: Reload systemd to recognize Quadlet - ansible.builtin.systemd: - daemon_reexec: true - -- name: Reload systemd daemon - ansible.builtin.systemd: - daemon_reload: true - -- name: Start omnia_build_stream service - ansible.builtin.systemd: - name: "{{ build_stream_container_name }}.service" - state: started - enabled: true - -# TODO: Uncomment when API server is implemented -# - name: Wait for container to be ready -# ansible.builtin.pause: -# seconds: "{{ container_ready_wait_seconds }}" -# -# - name: Verify API endpoint health -# ansible.builtin.uri: -# url: "{{ build_stream_health_endpoint }}" -# method: GET -# return_content: true -# status_code: "{{ health_check_status_code }}" -# validate_certs: false -# register: health_check -# retries: "{{ health_check_retries }}" -# delay: "{{ health_check_delay }}" -# until: health_check.status == health_check_status_code - -# Configure firewall -- name: Ensure firewalld is running - ansible.builtin.systemd: - name: firewalld - state: started - enabled: true - -- name: Open build_stream port in firewall - ansible.posix.firewalld: - port: "{{ build_stream_firewall_port }}" - permanent: true - state: enabled - immediate: true - -# Display deployment status -- name: Display deployment status - ansible.builtin.debug: - msg: "{{ build_stream_deployment_status_msg }}" +# Deploy container using Quadlet and check deployment status +- name: Deploy build_stream container and check deployment status + block: + - name: Create Quadlet service file + ansible.builtin.template: + src: build_stream.j2 + dest: "{{ build_stream_quadlet_path }}" + mode: "{{ build_stream_quadlet_file_mode }}" + register: quadlet_out + + - name: Reload systemd if Quadlet changed + ansible.builtin.systemd_service: + daemon_reload: true + when: quadlet_out.changed # noqa: no-handler + + - name: Enable and start build_stream service + ansible.builtin.systemd_service: + name: "{{ build_stream_container_name }}.service" + enabled: true + state: started + + # TODO: Uncomment when API server is implemented + # - name: Wait for container to be ready + # ansible.builtin.pause: + # seconds: "{{ container_ready_wait_seconds }}" + # + # - name: Verify API endpoint health + # ansible.builtin.uri: + # url: "{{ build_stream_health_endpoint }}" + # method: GET + # return_content: true + # status_code: "{{ health_check_status_code }}" + # validate_certs: false + # register: health_check + # retries: "{{ health_check_retries }}" + # delay: "{{ health_check_delay }}" + # until: health_check.status == health_check_status_code + + - name: Configure firewall + ansible.builtin.systemd: + name: firewalld + state: started + enabled: true + + - name: Open build_stream port in firewall + ansible.posix.firewalld: + port: "{{ build_stream_firewall_port }}" + permanent: true + state: enabled + immediate: true + + - name: Check if build_stream container is running after deployment + containers.podman.podman_container_info: + name: "{{ build_stream_container_name }}" + register: build_stream_container_status + + - name: Notify user of build_stream container deployment status + ansible.builtin.debug: + msg: "{{ build_stream_container_success_msg }}" + when: + - build_stream_container_status.containers | length > 0 + - build_stream_container_status.containers[0].State.Status == 'running' + + rescue: + - name: Build_stream container deployment failed + ansible.builtin.fail: + msg: "{{ build_stream_container_failure_msg }}" diff --git a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml index dd8122cf84..bc90597436 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml +++ b/prepare_oim/roles/deploy_containers/build_stream/vars/main.yml @@ -68,3 +68,8 @@ build_stream_deployment_status_msg: - "Container: {{ build_stream_container_name }}" - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}" - "Pulp Server: {{ pulp_base_url }}" +build_stream_container_success_msg: "The {{ build_stream_container_name }} container has been successfully deployed." +build_stream_container_failure_msg: | + The deployment of the {{ build_stream_container_name }} container has failed. To resolve this issue, + please run the utility/oim_cleanup.yml playbook to clean up any existing OIM resources. + After the cleanup, you can re-run the original playbook to deploy the {{ build_stream_container_name }} container successfully. From e15a2fd1d202f5438d84a400241b8976d6712891 Mon Sep 17 00:00:00 2001 From: priti-parate <140157516+priti-parate@users.noreply.github.com> Date: Tue, 20 Jan 2026 12:46:01 +0530 Subject: [PATCH 18/18] removed application based env variables --- .../deploy_containers/build_stream/templates/build_stream.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 index 9f32246df6..cf2f6494a8 100644 --- a/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 +++ b/prepare_oim/roles/deploy_containers/build_stream/templates/build_stream.j2 @@ -14,8 +14,6 @@ Image={{ build_stream_image_name }}:{{ build_stream_image_tag }} Network=host # Environment variables -Environment=OMNIA_ENV=production -Environment=OMNIA_DEBUG=false Environment=PULP_BASE_URL={{ pulp_base_url }} Environment=PULP_USERNAME=admin Environment=PULP_PASSWORD={{ pulp_password }}