add recurring task for foreman_tasks:cleanup

src/roles/foreman/defaults/main.yaml

@@ -49,3 +49,9 @@ foreman_recurring_tasks:
   - instance: ldap-refresh_usergroups
     rake: "ldap:refresh_usergroups"
     schedule: "*-*-* *:00,30:00"
+
+foremantasks_recurring_tasks_enabled: true
+foremantasks_recurring_tasks:
+  - instance: foreman_tasks-cleanup
+    rake: "foreman_tasks:cleanup"
+    schedule: "*-*-* 19:45:00"

src/roles/foreman/tasks/main.yaml

@@ -210,6 +210,72 @@
   loop_control:
     label: "{{ item.instance }}"
 
+- name: Define templated Quadlet for ForemanTasks recurring rake tasks
+  when: foremantasks_recurring_tasks_enabled | default(true)
+  loop: "{{ foremantasks_recurring_tasks }}"
+  loop_control:
+    label: "{{ item.instance }}"
+  containers.podman.podman_container:
+    name: "foreman-tasks-recurring-{{ item.instance }}"
+    quadlet_filename: "foreman-tasks-recurring@"
+    state: quadlet
+    image: "{{ foreman_container_image }}:{{ foreman_container_tag }}"
+    sdnotify: false
+    network: host
+    hostname: "{{ ansible_facts['fqdn'] }}"
+    user: foreman
+    working_dir: /usr/share/foreman
+    command: "bash -lc 'foreman-rake {{ item.rake }}'"
+    volume:
+      - 'foreman-data-run:/var/run/foreman:z'
+    secrets:
+      - 'foreman-database-url,type=env,target=DATABASE_URL'
+      - 'foreman-seed-admin-user,type=env,target=SEED_ADMIN_USER'
+      - 'foreman-seed-admin-password,type=env,target=SEED_ADMIN_PASSWORD'
+      - 'foreman-settings-yaml,type=mount,target=/etc/foreman/settings.yaml'
+      - 'foreman-katello-yaml,type=mount,target=/etc/foreman/plugins/katello.yaml'
+      - 'foreman-ca-cert,type=mount,target=/etc/foreman/katello-default-ca.crt'
+      - 'foreman-client-cert,type=mount,target=/etc/foreman/client_cert.pem'
+      - 'foreman-client-key,type=mount,target=/etc/foreman/client_key.pem'
+    quadlet_options:
+      - |
+        [Install]
+        WantedBy=default.target foreman.target
+      - |
+        [Unit]
+        PartOf=foreman.target
+        Requires=foreman.service
+        After=foreman.service
+      - |
+        [Service]
+        ExecStartPre=/usr/bin/flock -n /run/foreman-tasks-recurring-%i.lock -c /usr/bin/true
+        TimeoutStartSec=90m
+        TimeoutStopSec=2m
+        KillMode=mixed
+        SyslogIdentifier=foreman-tasks-recurring-%i
+
+- name: Render timers for ForemanTasks recurring tasks
+  when: foremantasks_recurring_tasks_enabled | default(true)
+  ansible.builtin.template:
+    src: [email protected]
+    dest: "/etc/systemd/system/foreman-tasks-recurring@{{ item.instance }}.timer"
+    mode: "0644"
+  vars:
+    timer_unit_prefix: "foreman-tasks-recurring"
+  loop: "{{ foremantasks_recurring_tasks }}"
+  loop_control:
+    label: "{{ item.instance }}"
+
+- name: Create Quadlet instance links (ForemanTasks)
+  when: foremantasks_recurring_tasks_enabled | default(true)
+  ansible.builtin.file:
+    state: link
+    src: "/etc/containers/systemd/[email protected]"
+    dest: "/etc/containers/systemd/foreman-tasks-recurring@{{ item.instance }}.container"
+  loop: "{{ foremantasks_recurring_tasks }}"
+  loop_control:
+    label: "{{ item.instance }}"
+
 - name: Run daemon reload to make Quadlet create the service files
   ansible.builtin.systemd:
     daemon_reload: true
@@ -266,6 +332,16 @@
   loop_control:
     label: "{{ item.instance }}"
 
+- name: Enable & start ForemanTasks recurring timers
+  when: foremantasks_recurring_tasks_enabled | default(true)
+  ansible.builtin.systemd:
+    name: "foreman-tasks-recurring@{{ item.instance }}.timer"
+    enabled: true
+    state: started
+  loop: "{{ foremantasks_recurring_tasks }}"
+  loop_control:
+    label: "{{ item.instance }}"
+
 - name: Wait for Foreman tasks to be ready
   ansible.builtin.uri:
     url: '{{ foreman_url }}/api/v2/ping'