Skip to content

Add parameter to ensure all services absent #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
evgeni merged 1 commit into from
Sep 29, 2025
Merged

Add parameter to ensure all services absent #72

evgeni merged 1 commit into from
Sep 29, 2025
+677 −107

Conversation

@ehelms
Copy link
Member

@ehelms ehelms commented Sep 24, 2025

No description provided.

@ehelms ehelms force-pushed the ensure-services-removed branch from ffde2c3 to 03e6436 Compare September 24, 2025 20:44
ekohl
ekohl reviewed Sep 24, 2025
View reviewed changes
manifests/init.pp
#
# $register_as_smartproxy:: Whether to register as a smart proxy
#
# $enable_vulnerability:: Enable vulnerability services
Copy link
Member

@ekohl ekohl Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't there a value to keep this?

Copy link
Member Author

@ehelms ehelms Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has proven to mostly cause confusion in the context of the installer as I added it to have more granular control but not intended to be user facing; however, as noted it presents itself that way and leads to confusion.

@ehelms ehelms force-pushed the ensure-services-removed branch 2 times, most recently from 3c3da76 to e09a0b8 Compare September 25, 2025 13:10
@ehelms
Copy link
Member Author

ehelms commented Sep 25, 2025

There are two elements that cannot be removed right now:

  • Volumes
  • Network

This is largely due to the relationships and requirements on those by each of the services.

@ehelms ehelms force-pushed the ensure-services-removed branch from e09a0b8 to 5284e1a Compare September 25, 2025 14:03
evgeni
evgeni reviewed Sep 26, 2025
View reviewed changes
manifests/init.pp
# $remediations_database_password:: Database password for remediations service
#
class iop (
Enum['present', 'absent'] $ensure = 'present',
Copy link
Member

@evgeni evgeni Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This means we need to update https://github.com/theforeman/foreman_maintain/blob/master/definitions/reports/iop_remediations.rb#L14 and https://github.com/theforeman/foreman_maintain/blob/master/definitions/features/iop.rb#L5-L8
right?

Copy link
Member Author

@ehelms ehelms Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Definitely the former, and probably the latter. Right now this change does not remove the network or volumes as those are proving hard to remove due to dependencies.

Copy link
Member

@evgeni evgeni Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

theforeman/foreman_maintain#1050

@ehelms ehelms force-pushed the ensure-services-removed branch from 5284e1a to eaee9d0 Compare September 26, 2025 13:01
@evgeni
Copy link
Member

evgeni commented Sep 29, 2025
edited
Loading

There are two elements that cannot be removed right now:

  • Volumes
  • Network

This is largely due to the relationships and requirements on those by each of the services.

Maybe a stupid idea, but can we drop the require of the individual containers on their Volumes and Networks and then do smth like

if ($ensure == 'present') {
  Podman::Network <| tag == 'iop' |> ~> Podman::Quadlet <| tag == 'iop' |>
  Podman::Volume <| tag == 'iop' |> ~> Podman::Quadlet <| tag == 'iop' |>
} else {
  Podman::Quadlet <| tag == 'iop' |> -> Podman::Network <| tag == 'iop' |>
  Podman::Quadlet <| tag == 'iop' |> -> Podman::Volume <| tag == 'iop' |>
}

Maybe even -> instead of ~> and add a subscribe? No, wait, subscribe also enforces ordering. Stupid.

@evgeni evgeni merged commit c086f77 into master Sep 29, 2025
9 checks passed
@ekohl ekohl deleted the ensure-services-removed branch September 29, 2025 12:56
@ekohl
Copy link
Member

ekohl commented Sep 29, 2025

There's some merit in not destroying the volume so users can easily switch back and forth, but I'd agree with the network part.

@evgeni
Copy link
Member

evgeni commented Sep 29, 2025

I think the relevant data is in postgres, so it won't be too bad, but I see the point

@evgeni
Copy link
Member

evgeni commented Sep 29, 2025

There are two elements that cannot be removed right now:

  • Volumes
  • Network

This is largely due to the relationships and requirements on those by each of the services.

Maybe a stupid idea, but can we drop the require of the individual containers on their Volumes and Networks and then do smth like

if ($ensure == 'present') {
  Podman::Network <| tag == 'iop' |> ~> Podman::Quadlet <| tag == 'iop' |>
  Podman::Volume <| tag == 'iop' |> ~> Podman::Quadlet <| tag == 'iop' |>
} else {
  Podman::Quadlet <| tag == 'iop' |> -> Podman::Network <| tag == 'iop' |>
  Podman::Quadlet <| tag == 'iop' |> -> Podman::Volume <| tag == 'iop' |>
}

Maybe even -> instead of ~> and add a subscribe? No, wait, subscribe also enforces ordering. Stupid.

So I tried this with networks in #74

@evgeni evgeni added the enhancement New feature or request label Sep 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ekohl ekohl ekohl left review comments

@evgeni evgeni evgeni approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ehelms @evgeni @ekohl