Puppet Class: imagecatalog

Defined in:
modules/imagecatalog/manifests/init.pp

Overview

SPDX-License-Identifier: Apache-2.0

Class: imagecatalog

Installs the OCI image catalog.

TODO: For now, this assumes a singly-homed deployment model; we'll install on both deploy hosts but only use eqiad. Soon it'll instead be active-passive behind a service hostname.

Parameters

  • $port: Port for web serving.
  • $data_dir: Path to a directory for the sqlite database. Directory is managed by this module.
  • $kubernetes_clusters: For each cluster to be monitored, its name and the path to a kubeconfig file.
  • $ensure: Whether to run the image catalog. Should be "present" only on the active deployment host.

Parameters:

  • port (Stdlib::Port)
  • data_dir (Stdlib::Unixpath)
  • kubernetes_clusters (Array[Tuple[String, Stdlib::Unixpath]])
  • ensure (Wmflib::Ensure) 


14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'modules/imagecatalog/manifests/init.pp', line 14

class imagecatalog(
    Stdlib::Port $port,
    Stdlib::Unixpath $data_dir,
    Array[Tuple[String, Stdlib::Unixpath]] $kubernetes_clusters,
    Wmflib::Ensure $ensure,
) {
  ensure_packages(['gunicorn', 'python3-imagecatalog'])

  systemd::sysuser { 'imagecatalog':
      # The following is a bit of a historical accident, and thus is harcoded.
      # We used to have this stanza without a uid/gid definition, but added it
      # as we had issues with rsyncing between hosts and permissions/ownership
      # It's hardcoded to what we had on 1 of the deploy hosts to avoid a total
      id          => '494:496',
      description => 'imagecatalog server user',
      home_dir    => '/var/lib/imagecatalog',
      shell       => '/bin/bash',
  }

  file { $data_dir:
      ensure => directory,
      owner  => 'imagecatalog',
      group  => 'imagecatalog',
      mode   => '0770',
  }

  $db_path = "${data_dir}/catalog.sqlite"

  exec { 'create_empty_db_when_missing':
      command => "/usr/bin/imagecatalog --database=${db_path} init",
      creates => $db_path,
      user    => 'imagecatalog',
  }

  systemd::service { 'imagecatalog':
      ensure  => $ensure,
      content => systemd_template('imagecatalog'),
      restart => true,
  }

  profile::auto_restarts::service { 'imagecatalog':
      ensure => $ensure,
  }

  $clusters_flag = $kubernetes_clusters.map |$cluster| {
      $name = $cluster[0]
      $config_path = $cluster[1]
      "${name}:${config_path}"
  }.join(',')

  systemd::timer::job { 'imagecatalog_record':
      ensure      => $ensure,
      description => 'update the image catalog with all images running in prod',
      command     => "/usr/bin/imagecatalog --database=${db_path} --clusters=${clusters_flag} record",
      interval    => {
          start    => 'OnUnitActiveSec',
          interval => '1h',
      },
      user        => 'imagecatalog',
  }

  # TODO: Systemd timer to sync data dir from active to passive hosts
}