uyuni-project · cbosdo · Nov 21, 2024 · Dec 3, 2024 · Nov 21, 2024
diff --git a/mgradm/cmd/inspect/kubernetes.go b/mgradm/cmd/inspect/kubernetes.go
@@ -47,7 +47,7 @@ func kuberneteInspect(
 	}
 
 	// Get the SCC credentials secret if existing
-	pullSecret, err := kubernetes.GetSCCSecret(namespace, &types.SCCCredentials{}, kubernetes.ServerApp)
+	pullSecret, err := kubernetes.GetRegistrySecret(namespace, &types.SCCCredentials{}, kubernetes.ServerApp)
 	if err != nil {
 		return err
 	}

diff --git a/mgradm/cmd/install/podman/utils.go b/mgradm/cmd/install/podman/utils.go
@@ -6,7 +6,9 @@ package podman
 
 import (
 	"errors"
+	"fmt"
 	"os/exec"
+	"strconv"
 	"strings"
 
 	"github.com/rs/zerolog"
@@ -16,6 +18,7 @@ import (
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/hub"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/podman"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/saline"
+	"github.com/uyuni-project/uyuni-tools/mgradm/shared/templates"
 	adm_utils "github.com/uyuni-project/uyuni-tools/mgradm/shared/utils"
 	"github.com/uyuni-project/uyuni-tools/shared"
 	. "github.com/uyuni-project/uyuni-tools/shared/l10n"
@@ -91,35 +94,23 @@ func installForPodman(
 		return err
 	}
 
-	cnx := shared.NewConnection("podman", shared_podman.ServerContainerName, "")
-	if err := waitForSystemStart(systemd, cnx, preparedImage, flags); err != nil {
-		return utils.Errorf(err, L("cannot wait for system start"))
+	if err := shared_podman.SetupNetwork(false); err != nil {
+		return utils.Errorf(err, L("cannot setup network"))
 	}
 
-	caPassword := flags.Installation.SSL.Password
-	if flags.Installation.SSL.UseExisting() {
-		// We need to have a password for the generated CA, even though it will be thrown away after install
-		caPassword = "dummy"
-	}
+	log.Info().Msg(L("Run setup command in the container"))
 
-	env := map[string]string{
-		"CERT_O":       flags.Installation.SSL.Org,
-		"CERT_OU":      flags.Installation.SSL.OU,
-		"CERT_CITY":    flags.Installation.SSL.City,
-		"CERT_STATE":   flags.Installation.SSL.State,
-		"CERT_COUNTRY": flags.Installation.SSL.Country,
-		"CERT_EMAIL":   flags.Installation.SSL.Email,
-		"CERT_CNAMES":  strings.Join(append([]string{fqdn}, flags.Installation.SSL.Cnames...), ","),
-		"CERT_PASS":    caPassword,
+	if err := runSetup(preparedImage, &flags.ServerFlags, fqdn); err != nil {
+		return err
 	}
 
-	log.Info().Msg(L("Run setup command in the container"))
+	cnx := shared.NewConnection("podman", shared_podman.ServerContainerName, "")
+	if err := waitForSystemStart(systemd, cnx, preparedImage, flags); err != nil {
+		return utils.Errorf(err, L("cannot wait for system start"))
+	}
 
-	if err := adm_utils.RunSetup(cnx, &flags.ServerFlags, fqdn, env); err != nil {
-		if stopErr := systemd.StopService(shared_podman.ServerService); stopErr != nil {
-			log.Error().Msgf(L("Failed to stop service: %v"), stopErr)
-		}
-		return err
+	if err := cnx.CopyCaCertificate(fqdn); err != nil {
+		return utils.Errorf(err, L("failed to add SSL CA certificate to host trusted certificates"))
 	}
 
 	if path, err := exec.LookPath("uyuni-payg-extract-data"); err == nil {
@@ -173,3 +164,139 @@ func installForPodman(
 	}
 	return nil
 }
+
+// runSetup execute the setup.
+func runSetup(image string, flags *adm_utils.ServerFlags, fqdn string) error {
+	localHostValues := []string{
+		"localhost",
+		"127.0.0.1",
+		"::1",
+		fqdn,
+	}
+
+	localDB := utils.Contains(localHostValues, flags.Installation.DB.Host)
+
+	dbHost := flags.Installation.DB.Host
+	reportdbHost := flags.Installation.ReportDB.Host
+
+	if localDB {
+		dbHost = "localhost"
+		if reportdbHost == "" {
+			reportdbHost = "localhost"
+		}
+	}
+
+	caPassword := flags.Installation.SSL.Password
+	if flags.Installation.SSL.UseExisting() {
+		// We need to have a password for the generated CA, even though it will be thrown away after install
+		caPassword = "dummy"
+	}
+
+	// TODO Share the env variables preparation with Kubernetes?
+	env := map[string]string{
+		"UYUNI_FQDN":            fqdn,
+		"MANAGER_USER":          flags.Installation.DB.User,
+		"MANAGER_PASS":          flags.Installation.DB.Password,
+		"ADMIN_USER":            flags.Installation.Admin.Login,
+		"ADMIN_PASS":            flags.Installation.Admin.Password,
+		"MANAGER_ADMIN_EMAIL":   flags.Installation.Email,
+		"MANAGER_MAIL_FROM":     flags.Installation.EmailFrom,
+		"MANAGER_ENABLE_TFTP":   boolToString(flags.Installation.Tftp),
+		"LOCAL_DB":              boolToString(localDB),
+		"MANAGER_DB_NAME":       flags.Installation.DB.Name,
+		"MANAGER_DB_HOST":       dbHost,
+		"MANAGER_DB_PORT":       strconv.Itoa(flags.Installation.DB.Port),
+		"MANAGER_DB_PROTOCOL":   flags.Installation.DB.Protocol,
+		"REPORT_DB_NAME":        flags.Installation.ReportDB.Name,
+		"REPORT_DB_HOST":        reportdbHost,
+		"REPORT_DB_PORT":        strconv.Itoa(flags.Installation.ReportDB.Port),
+		"REPORT_DB_USER":        flags.Installation.ReportDB.User,
+		"REPORT_DB_PASS":        flags.Installation.ReportDB.Password,
+		"EXTERNALDB_ADMIN_USER": flags.Installation.DB.Admin.User,
+		"EXTERNALDB_ADMIN_PASS": flags.Installation.DB.Admin.Password,
+		"EXTERNALDB_PROVIDER":   flags.Installation.DB.Provider,
+		"ISS_PARENT":            flags.Installation.IssParent,
+		"ACTIVATE_SLP":          "N", // Deprecated, will be removed soon
+		"SCC_USER":              flags.Installation.SCC.User,
+		"SCC_PASS":              flags.Installation.SCC.Password,
+		"CERT_O":                flags.Installation.SSL.Org,
+		"CERT_OU":               flags.Installation.SSL.OU,
+		"CERT_CITY":             flags.Installation.SSL.City,
+		"CERT_STATE":            flags.Installation.SSL.State,
+		"CERT_COUNTRY":          flags.Installation.SSL.Country,
+		"CERT_EMAIL":            flags.Installation.SSL.Email,
+		"CERT_CNAMES":           strings.Join(append([]string{fqdn}, flags.Installation.SSL.Cnames...), ","),
+		"CERT_PASS":             caPassword,
+	}
+
+	if flags.Mirror != "" {
+		env["MIRROR_PATH"] = "/mirror"
+	}
+
+	envNames := []string{}
+	envValues := []string{}
+	for key, value := range env {
+		envNames = append(envNames, "-e", key)
+		envValues = append(envValues, fmt.Sprintf("%s=%s", key, value))
+	}
+
+	command := []string{
+		"run",
+		"--rm",
+		"--shm-size=0",
+		"--shm-size-systemd=0",
+		"--name", "uyuni-setup",
+		"--network", shared_podman.UyuniNetwork,
+		"-e", "TZ=" + flags.Installation.TZ,
+	}
+	for _, volume := range utils.ServerVolumeMounts {
+		command = append(command, "-v", fmt.Sprintf("%s:%s:z", volume.Name, volume.MountPath))
+	}
+	command = append(command, envNames...)
+	command = append(command, image)
+
+	script, err := generateSetupScript(&flags.Installation)
+	if err != nil {
+		return err
+	}
+	command = append(command, "/usr/bin/sh", "-c", script)
+
+	if _, err := newRunner("podman", command...).Env(envValues).StdMapping().Exec(); err != nil {
+		return utils.Errorf(err, L("server setup failed"))
+	}
+
+	log.Info().Msgf(L("Server set up, login on https://%[1]s with %[2]s user"), fqdn, flags.Installation.Admin.Login)
+	return nil
+}
+
+var newRunner = utils.NewRunner
+
+// generateSetupScript creates a temporary folder with the setup script to execute in the container.
+// The script exports all the needed environment variables and calls uyuni's mgr-setup.
+func generateSetupScript(flags *adm_utils.InstallationFlags) (string, error) {
+	// TODO Share with kubernetes implementation
+	template := templates.MgrSetupScriptTemplateData{
+		DebugJava:      flags.Debug.Java,
+		OrgName:        flags.Organization,
+		AdminLogin:     "$ADMIN_USER",
+		AdminPassword:  "$ADMIN_PASS",
+		AdminFirstName: flags.Admin.FirstName,
+		AdminLastName:  flags.Admin.LastName,
+		AdminEmail:     flags.Admin.Email,
+		NoSSL:          false,
+	}
+
+	// Prepare the script
+	scriptBuilder := new(strings.Builder)
+	if err := template.Render(scriptBuilder); err != nil {
+		return "", utils.Errorf(err, L("failed to render setup script"))
+	}
+	return scriptBuilder.String(), nil
+}
+
+func boolToString(value bool) string {
+	if value {
+		return "Y"
+	}
+	return "N"
+}
diff --git a/mgradm/cmd/migrate/kubernetes/utils.go b/mgradm/cmd/migrate/kubernetes/utils.go
@@ -60,7 +60,7 @@ func migrateToKubernetes(
 	}
 
 	// Create a secret using SCC credentials if any are provided
-	pullSecret, err := shared_kubernetes.GetSCCSecret(
+	pullSecret, err := shared_kubernetes.GetRegistrySecret(
 		flags.Kubernetes.Uyuni.Namespace, &flags.Installation.SCC, shared_kubernetes.ServerApp,
 	)
 	if err != nil {

diff --git a/mgradm/shared/kubernetes/db.go b/mgradm/shared/kubernetes/db.go
@@ -7,6 +7,9 @@
 package kubernetes
 
 import (
+	"strings"
+
+	"github.com/rs/zerolog"
 	"github.com/uyuni-project/uyuni-tools/shared/kubernetes"
 	. "github.com/uyuni-project/uyuni-tools/shared/l10n"
 	core "k8s.io/api/core/v1"
@@ -19,12 +22,20 @@ const (
 	DBSecret = "db-credentials"
 	// ReportdbSecret is the name of the report database credentials secret.
 	ReportdbSecret = "reportdb-credentials"
+	SCCSecret      = "scc-credentials"
 	secretUsername = "username"
 	secretPassword = "password"
 )
 
-// CreateDBSecret creates a secret containing the DB credentials.
-func CreateDBSecret(namespace string, name string, user string, password string) error {
+// CreateBasicAuthSecret creates a secret of type basic-auth.
+func CreateBasicAuthSecret(namespace string, name string, user string, password string) error {
+	// Check if the secret is already existing
+	out, err := runCmdOutput(zerolog.DebugLevel, "kubectl", "get", "-n", namespace, "secret", name, "-o", "name")
+	if err == nil && strings.TrimSpace(string(out)) != "" {
+		return nil
+	}
+
+	// Create the secret
 	secret := core.Secret{
 		TypeMeta: meta.TypeMeta{APIVersion: "v1", Kind: "Secret"},
 		ObjectMeta: meta.ObjectMeta{
@@ -40,5 +51,5 @@ func CreateDBSecret(namespace string, name string, user string, password string)
 		Type: core.SecretTypeBasicAuth,
 	}
 
-	return kubernetes.Apply([]runtime.Object{&secret}, L("failed to create the database secret"))
+	return kubernetes.Apply([]runtime.Object{&secret}, L("failed to create the secret"))
 }