Adding support for galaxy operator

1. Updating Dockerfile to install required directories in /var/lib/pulp/ 2. Adding skopeo dnf dependency for content signing script 3. Adding readyz.py for galaxy-operator ready check No-Issue
ansible · Feb 8, 2024 · 5e6de40 · 5e6de40
1 parent 1b7dbbb
commit 5e6de40
Show file tree

Hide file tree

Showing 5 changed files with 76 additions and 10 deletions.
diff --git a/Dockerfile.rhel8 b/Dockerfile.rhel8
@@ -22,7 +22,7 @@ COPY requirements/requirements.insights.txt /tmp/requirements.txt
 # NOTE: en_US.UTF-8 locale is provided by glibc-langpack-en
 RUN set -ex; \
     DNF="dnf -y --disableplugin=subscription-manager" && \
-    INSTALL_PKGS="glibc-langpack-en git-core libpq python3.11 python3.11-pip" && \
+    INSTALL_PKGS="glibc-langpack-en git-core libpq python3.11 python3.11-pip skopeo" && \
     INSTALL_PKGS_BUILD="gcc libpq-devel python3.11-devel openldap-devel" && \
     LANG=C ${DNF} install ${INSTALL_PKGS} ${INSTALL_PKGS_BUILD} && \
     python3.11 -m venv "${VIRTUAL_ENV}" && \
@@ -44,20 +44,21 @@ RUN chgrp -R 0 $HOME && \
     chmod -R g=u $HOME
 
 RUN set -ex; \
-    install -dm 0775 -o galaxy /var/lib/pulp/artifact \
-                               /var/lib/pulp/tmp \
-                               /etc/pulp/certs \
+    install -dm 0775 -o galaxy \
+                               /var/lib/pulp/{artifact,assets,media,scripts,tmp} \
+                               /etc/pulp/{certs,keys} \
                                /tmp/ansible && \
     pip3.11 install --no-deps --editable /app && \
     PULP_CONTENT_ORIGIN=x django-admin collectstatic && \
     install -Dm 0644 /app/ansible.cfg /etc/ansible/ansible.cfg && \
     install -Dm 0644 /app/docker/etc/settings.py /etc/pulp/settings.py && \
     install -Dm 0755 /app/docker/entrypoint.sh /entrypoint.sh && \
-    install -Dm 0755 /app/docker/bin/* /usr/local/bin/
+    install -Dm 0755 /app/docker/bin/* /usr/local/bin/ && \
+    install -Dm 0775 /app/galaxy-operator/bin/* /usr/bin/    
 
 USER galaxy
 WORKDIR /app
 VOLUME [ "/var/lib/pulp/artifact", \
          "/var/lib/pulp/tmp", \
          "/tmp/ansible" ]
-ENTRYPOINT [ "/entrypoint.sh" ]
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/docker/bin/start-api b/docker/bin/start-api
@@ -31,4 +31,4 @@ if [[ -n "${GUNICORN_LOGGER_CLASS}" ]]; then
     GUNICORN_OPTIONS+=(--logger-class "${GUNICORN_LOGGER_CLASS}")
 fi
 
-exec "${GUNICORN}" "${GUNICORN_OPTIONS[@]}" "${APP_MODULE}"
+exec "${GUNICORN}" "${GUNICORN_OPTIONS[@]}" "${APP_MODULE}"
diff --git a/docker/bin/start-content-app b/docker/bin/start-content-app
@@ -11,10 +11,9 @@ readonly BIND_PORT="${GUNICORN_PORT:-24816}"
 readonly WORKER_CLASS='aiohttp.GunicornWebWorker'
 readonly APP_MODULE='pulpcore.content:server'
 
-
 exec gunicorn \
   --bind "${BIND_HOST}:${BIND_PORT}" \
   --worker-class "${WORKER_CLASS}" \
   --workers "${GUNICORN_WORKERS}" \
   --access-logfile - \
-  "${APP_MODULE}"
+  "${APP_MODULE}"
diff --git a/docker/bin/start-worker b/docker/bin/start-worker
@@ -3,4 +3,4 @@
 set -o errexit
 set -o nounset
 
-exec pulpcore-worker
+exec pulpcore-worker
diff --git a/galaxy-operator/bin/readyz.py b/galaxy-operator/bin/readyz.py
@@ -0,0 +1,66 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+import requests
+
+from requests.packages.urllib3.util.connection import HAS_IPV6
+
+
+def is_api_healthy(path):
+    """
+    Checks if API is healthy
+    """
+    address = "[::1]" if HAS_IPV6 else "127.0.0.1"
+    url = f"http://{address}:8000{path}"
+    print(f"Readiness probe: checking {url}")
+    response = requests.get(url, allow_redirects=True)
+    data = response.json()
+
+    if not data["database_connection"]["connected"]:
+        print("Readiness probe: database issue")
+        sys.exit(3)
+
+    if os.getenv("REDIS_SERVICE_HOST") and not data["redis_connection"]["connected"]:
+        print("Readiness probe: cache issue")
+        sys.exit(4)
+
+    print("Readiness probe: ready!")
+    sys.exit(0)
+
+
+def is_content_healthy(path):
+    """
+    Checks if Content is healthy
+    """
+    address = "[::1]" if HAS_IPV6 else "127.0.0.1"
+    url = f"http://{address}:24816{path}"
+    print(f"Readiness probe checking {url}")
+    response = requests.head(url)
+    response.raise_for_status()
+
+    print("Readiness probe: ready!")
+    sys.exit(0)
+
+
+"""
+PID 1 value (/proc/1/cmdline) may vary based on the gunicorn install method (RPM vs pip)
+The cmdline value for this PID looks like:
+```
+# pip installation
+gunicorn: master [pulp-{content,api}]
+```
+OR
+```
+# RPM installation
+/usr/bin/python3.9/usr/bin/gunicorn--bind[::]:2481{6,7}pulpcore.app.wsgi:application--namepulp-{api,content}--timeout90--workers2
+```
+"""
+with open("/proc/1/cmdline", "r") as f:
+    cmdline = f.readline()
+
+if "pulp-api" in cmdline:
+    is_api_healthy(sys.argv[1])
+
+elif "pulp-content" in cmdline:
+    is_content_healthy(sys.argv[1])