Skip to content

Add quadlet timer for foreman recurring task (reports:daily) #252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
archanaserver wants to merge 1 commit into from
Closed

Add quadlet timer for foreman recurring task (reports:daily) #252

archanaserver wants to merge 1 commit into from

Conversation

@archanaserver
Copy link
Contributor

@archanaserver archanaserver commented Oct 15, 2025

This is for the prototype implementation of recurring task support in foremanctl using quadlet-based systemd timers

@archanaserver
Add quadlet timer for foreman recurring task (reports:daily)
4d7737a 
This is for the prototype implementation of recurring task support
in foremanctl using quadlet-based systemd timers
@archanaserver archanaserver mentioned this pull request Oct 15, 2025
Open
@archanaserver archanaserver marked this pull request as ready for review October 30, 2025 08:32
@archanaserver archanaserver requested a review from evgeni October 30, 2025 08:33
@archanaserver archanaserver mentioned this pull request Oct 30, 2025
Closed
evgeni
evgeni reviewed Oct 30, 2025
View reviewed changes
src/roles/foreman/templates/foreman-reports-daily.container.j2
Comment on lines +9 to +10
Volume=/etc/foreman:/etc/foreman:ro
Volume=/var/lib/foreman:/var/lib/foreman
Copy link
Member

@evgeni evgeni Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where do these volumes come from?

@evgeni
Copy link
Member

evgeni commented Oct 30, 2025

Is the general idea that we define one systemd timer per (old) cronjob and that timer launches a temporary container, runs the magic in it, and then finishes?

evgeni
evgeni reviewed Oct 30, 2025
View reviewed changes
src/roles/foreman/templates/foreman-reports-daily.container.j2

[Container]
Image={{ foreman_container_image }}:{{ foreman_container_tag }}
Exec=foreman-rake reports:daily
Copy link
Member

@evgeni evgeni Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will require all the secrets and configs mounted like the normal container does, otherwise it can't access the DB and stuff

ehelms
ehelms reviewed Oct 30, 2025
View reviewed changes
src/roles/foreman/tasks/main.yaml
- name: Deploy Quadlet container and timer for Foreman reports:daily
# when: foreman_recurring_tasks_enabled | default(true)
block:
- name: Create Quadlet container definitions
Copy link
Member

@ehelms ehelms Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd have expected to define this quadlet the same way we do for regular services with containers.podman.podman_container. Is that not possible for timers?

Copy link
Contributor Author

@archanaserver archanaserver Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah so I did this way to start it with templated .container and .timer units to get a working prototype quickly and to control the timer behavior directly. Since I found that containers.podman.podman_container doesn’t create .timer units, I had to template that part anyway.

And plan is to refactor it to define the .container using containers.podman.podman_container, which aligns with how other services are handled in foremanctl. But the .timer will remain a small template for now, since neither podman_container nor podman_generate_systemd currently support generating .timer units and they only handle .container (or .service) definitions.

So question would you prefer that all recurring-task containers follow the same podman_container (state: quadlet) pattern, even if each has its own .timer defined separately? @ehelms @evgeni

Copy link
Member

@evgeni evgeni Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I think I prefer containers.podman.podman_container to define quadlets, just to make it consistent.

But would also like to open up the following discussion: This PR adds a timer for foreman-rake reports:daily and we expect more to come. A quick glance gives me:

foreman:

15 23 * * *     foreman    /usr/sbin/foreman-rake db:sessions:clear 2>&1 | gawk '{ print strftime("[\%Y-\%m-\%d \%H:\%M:\%S]"), $0 }' >>/var/log/foreman/cron.log
0 7 * * *       foreman    /usr/sbin/foreman-rake reports:daily 2>&1 | gawk '{ print strftime("[\%Y-\%m-\%d \%H:\%M:\%S]"), $0 }' >>/var/log/foreman/cron.log
0 5 * * 0       foreman    /usr/sbin/foreman-rake reports:weekly 2>&1 | gawk '{ print strftime("[\%Y-\%m-\%d \%H:\%M:\%S]"), $0 }' >>/var/log/foreman/cron.log
0 3 1 * *       foreman    /usr/sbin/foreman-rake reports:monthly 2>&1 | gawk '{ print strftime("[\%Y-\%m-\%d \%H:\%M:\%S]"), $0 }' >>/var/log/foreman/cron.log
30 7 * * *      foreman    /usr/sbin/foreman-rake reports:expire 2>&1 | gawk '{ print strftime("[\%Y-\%m-\%d \%H:\%M:\%S]"), $0 }' >>/var/log/foreman/cron.log
0 1 * * *      foreman    /usr/sbin/foreman-rake audits:expire 2>&1 | gawk '{ print strftime("[\%Y-\%m-\%d \%H:\%M:\%S]"), $0 }' >>/var/log/foreman/cron.log
*/30 * * * *    foreman    /usr/sbin/foreman-rake ldap:refresh_usergroups 2>&1 | gawk '{ print strftime("[\%Y-\%m-\%d \%H:\%M:\%S]"), $0 }' >>/var/log/foreman/cron.log
0 6 * * 0       foreman    /usr/sbin/foreman-rake notifications:clean 2>&1 | gawk '{ print strftime("[\%Y-\%m-\%d \%H:\%M:\%S]"), $0 }' >>/var/log/foreman/cron.log

katello:

00 22 * * 0	root	foreman-rake katello:delete_orphaned_content RAILS_ENV=production >/dev/null 2>&1
00 18 * * 0     root    foreman-rake katello:refresh_alternate_content_sources >/dev/null 2>&1

foreman-tasks:

45 19 * * *    foreman    /usr/sbin/foreman-rake foreman_tasks:cleanup >>/var/log/foreman/cron.log 2>&1

Now, given they all use foreman-rake <something>, I wonder if we can create a template (container) service, and then use timer units to start different instances of this service, running different subcommands?

Sort of like we do for the different dynflow workers today.

@archanaserver
Copy link
Contributor Author

archanaserver commented Nov 3, 2025

Is the general idea that we define one systemd timer per (old) cronjob and that timer launches a temporary container, runs the magic in it, and then finishes?

Hmm exactly, so with each legacy cron job maps to its own systemd timer that spins up a short-lived container, runs the rake task (like foreman-rake reports:daily), and exits. I believe it’s a simple one-to-one replacement for now, and later we can look into integrating this into foreman-tasks or a more HA-friendly model. But WDYT? @evgeni

@archanaserver archanaserver requested a review from ehelms November 4, 2025 19:48
@evgeni
Copy link
Member

evgeni commented Nov 5, 2025

And yes, I agree, we need a simple replacement now, but long-term should look into moving this to foreman-tasks or similar.

@archanaserver archanaserver mentioned this pull request Nov 7, 2025
Merged
@archanaserver
Copy link
Contributor Author

archanaserver commented Nov 11, 2025

As per our discussion, I’ve opened a new PR #288 addressing this. Since this one served as a PoC, I’ll go ahead and close it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evgeni evgeni evgeni left review comments

@ehelms ehelms Awaiting requested review from ehelms

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@archanaserver @evgeni @ehelms