diff --git a/src/roles/foreman/defaults/main.yaml b/src/roles/foreman/defaults/main.yaml index 05118761..72d23bc1 100644 --- a/src/roles/foreman/defaults/main.yaml +++ b/src/roles/foreman/defaults/main.yaml @@ -49,3 +49,9 @@ foreman_recurring_tasks: - instance: ldap-refresh_usergroups rake: "ldap:refresh_usergroups" schedule: "*-*-* *:00,30:00" + +foremantasks_recurring_tasks_enabled: true +foremantasks_recurring_tasks: + - instance: foreman_tasks-cleanup + rake: "foreman_tasks:cleanup" + schedule: "*-*-* 19:45:00" diff --git a/src/roles/foreman/tasks/main.yaml b/src/roles/foreman/tasks/main.yaml index d2f8c061..cb673844 100644 --- a/src/roles/foreman/tasks/main.yaml +++ b/src/roles/foreman/tasks/main.yaml @@ -210,6 +210,72 @@ loop_control: label: "{{ item.instance }}" +- name: Define templated Quadlet for ForemanTasks recurring rake tasks + when: foremantasks_recurring_tasks_enabled | default(true) + loop: "{{ foremantasks_recurring_tasks }}" + loop_control: + label: "{{ item.instance }}" + containers.podman.podman_container: + name: "foreman-tasks-recurring-{{ item.instance }}" + quadlet_filename: "foreman-tasks-recurring@" + state: quadlet + image: "{{ foreman_container_image }}:{{ foreman_container_tag }}" + sdnotify: false + network: host + hostname: "{{ ansible_facts['fqdn'] }}" + user: foreman + working_dir: /usr/share/foreman + command: "bash -lc 'foreman-rake {{ item.rake }}'" + volume: + - 'foreman-data-run:/var/run/foreman:z' + secrets: + - 'foreman-database-url,type=env,target=DATABASE_URL' + - 'foreman-seed-admin-user,type=env,target=SEED_ADMIN_USER' + - 'foreman-seed-admin-password,type=env,target=SEED_ADMIN_PASSWORD' + - 'foreman-settings-yaml,type=mount,target=/etc/foreman/settings.yaml' + - 'foreman-katello-yaml,type=mount,target=/etc/foreman/plugins/katello.yaml' + - 'foreman-ca-cert,type=mount,target=/etc/foreman/katello-default-ca.crt' + - 'foreman-client-cert,type=mount,target=/etc/foreman/client_cert.pem' + - 'foreman-client-key,type=mount,target=/etc/foreman/client_key.pem' + quadlet_options: + - | + [Install] + WantedBy=default.target foreman.target + - | + [Unit] + PartOf=foreman.target + Requires=foreman.service + After=foreman.service + - | + [Service] + ExecStartPre=/usr/bin/flock -n /run/foreman-tasks-recurring-%i.lock -c /usr/bin/true + TimeoutStartSec=90m + TimeoutStopSec=2m + KillMode=mixed + SyslogIdentifier=foreman-tasks-recurring-%i + +- name: Render timers for ForemanTasks recurring tasks + when: foremantasks_recurring_tasks_enabled | default(true) + ansible.builtin.template: + src: foreman-recurring@.timer.j2 + dest: "/etc/systemd/system/foreman-tasks-recurring@{{ item.instance }}.timer" + mode: "0644" + vars: + timer_unit_prefix: "foreman-tasks-recurring" + loop: "{{ foremantasks_recurring_tasks }}" + loop_control: + label: "{{ item.instance }}" + +- name: Create Quadlet instance links (ForemanTasks) + when: foremantasks_recurring_tasks_enabled | default(true) + ansible.builtin.file: + state: link + src: "/etc/containers/systemd/foreman-tasks-recurring@.container" + dest: "/etc/containers/systemd/foreman-tasks-recurring@{{ item.instance }}.container" + loop: "{{ foremantasks_recurring_tasks }}" + loop_control: + label: "{{ item.instance }}" + - name: Run daemon reload to make Quadlet create the service files ansible.builtin.systemd: daemon_reload: true @@ -266,6 +332,16 @@ loop_control: label: "{{ item.instance }}" +- name: Enable & start ForemanTasks recurring timers + when: foremantasks_recurring_tasks_enabled | default(true) + ansible.builtin.systemd: + name: "foreman-tasks-recurring@{{ item.instance }}.timer" + enabled: true + state: started + loop: "{{ foremantasks_recurring_tasks }}" + loop_control: + label: "{{ item.instance }}" + - name: Wait for Foreman tasks to be ready ansible.builtin.uri: url: '{{ foreman_url }}/api/v2/ping'