Merge pull request #3909 from priti-parate/pub/build_stream

update postgres service name and pull image from dockerhub

Author: abhishek-sa1

prepare_oim/roles/deploy_containers/build_stream/tasks/deploy_build_stream.yml

@@ -118,86 +118,147 @@
     mode: "{{ build_stream_dir_mode }}"
 
 # -------------------------------------------------------------------
-# 4) Deploy quadlet using template + restart via handlers
+# 4) Pull container image
 # -------------------------------------------------------------------
-- name: Ensure quadlet directory exists
+- name: Pull omnia_build_stream image from Docker Hub
+  containers.podman.podman_image:
+    name: "{{ build_stream_image_name }}"
+    tag: "{{ build_stream_image_tag }}"
+    state: present
+  register: image_pull_result
+
+- name: Display image pull result
+  ansible.builtin.debug:
+    msg: "{{ build_stream_image_pull_success_msg }}"
+    verbosity: 2
+  when: image_pull_result is succeeded
+
+  # Generate SSL certificates
+- name: Check if SSL certificates already exist
+  ansible.builtin.stat:
+    path: "{{ build_stream_ssl_cert }}"
+  register: ssl_cert_stat
+
+- name: Create SSL certificate directory
   ansible.builtin.file:
-    path: "{{ quadlet_dir }}"
+    path: "{{ build_stream_ssl_dir }}"
     state: directory
     mode: "{{ build_stream_dir_mode }}"
+  when: not ssl_cert_stat.stat.exists
 
-- name: Deploy build_stream quadlet file from template
-  ansible.builtin.template:
-    src: "build_stream.j2"
-    dest: "{{ build_stream_quadlet_path }}"
-    mode: "{{ build_stream_quadlet_file_mode }}"
-  notify:
-    - Reload systemd
-    - Restart build_stream
+- name: Generate self-signed SSL certificate
+  ansible.builtin.command: |
+    openssl req -x509 -newkey rsa:4096 -nodes -days {{ build_stream_ssl_days }}
+    -keyout {{ build_stream_ssl_key }}
+    -out {{ build_stream_ssl_cert }}
+    -subj "/C=US/ST=State/L=City/O=Omnia/CN={{ ansible_hostname }}"
+    -addext "subjectAltName=DNS:{{ ansible_hostname }},DNS:localhost,IP:{{ ansible_default_ipv4.address }}"
+  when: not ssl_cert_stat.stat.exists
+  changed_when: true
 
-- name: Enable and start build_stream service
-  ansible.builtin.systemd_service:
-    name: "{{ build_stream_service }}"
-    enabled: true
-    state: started
+- name: Set permissions on SSL certificates
+  ansible.builtin.file:
+    path: "{{ item }}"
+    mode: "{{ build_stream_ssl_file_mode }}"
+  loop:
+    - "{{ build_stream_ssl_cert }}"
+    - "{{ build_stream_ssl_key }}"
+# -------------------------------------------------------------------
+# 4) Deploy quadlet using template + restart via handlers
+# -------------------------------------------------------------------
+- name: Deploy build_stream container and check deployment status
+  block:
+    - name: Ensure quadlet directory exists
+      ansible.builtin.file:
+        path: "{{ quadlet_dir }}"
+        state: directory
+        mode: "{{ build_stream_dir_mode }}"
 
-# Ensure restart happens before validation
-- name: Apply systemd reload/restart now
-  ansible.builtin.meta: flush_handlers
+    - name: Create Quadlet service file
+      ansible.builtin.template:
+        src: build_stream.j2
+        dest: "{{ build_stream_quadlet_path }}"
+        mode: "{{ build_stream_quadlet_file_mode }}"
+      register: quadlet_out
+      notify:
+        - Reload systemd
 
-- name: Wait until omnia_build_stream container exists and is running
-  containers.podman.podman_container_info:
-    name: "{{ build_stream_container_name }}"
-  register: bs_info
-  retries: "{{ bs_container_wait_retries }}"
-  delay: "{{ bs_container_wait_delay }}"
-  until:
-    - bs_info.containers is defined
-    - bs_info.containers | length > 0
-    - bs_info.containers[0].State is defined
-    - bs_info.containers[0].State.Running | bool
+    - name: Deploy build_stream quadlet file from template
+      ansible.builtin.template:
+        src: "build_stream.j2"
+        dest: "{{ build_stream_quadlet_path }}"
+        mode: "{{ build_stream_quadlet_file_mode }}"
+      notify:
+        - Reload systemd
+        - Restart build_stream
 
-# -------------------------------------------------------------------
-# 5) Validate HTTPS connectivity from inside build_stream
-# -------------------------------------------------------------------
-- name: Build curl command
-  ansible.builtin.set_fact:
-    curl_cmd:
-      - curl
-      - -sS
-      - -o
-      - /dev/null
-      - -w
-      - "%{http_code}\n"
-      - --cacert
-      - "{{ build_stream_pulp_cert_container_path }}"
-      - "{{ pulp_base_url }}/pulp/api/v3/status/"
-  changed_when: false
+    - name: Enable and start build_stream service
+      ansible.builtin.systemd_service:
+        name: "{{ build_stream_service }}"
+        enabled: true
+        state: started
 
-- name: Test HTTPS from build_stream to Pulp (exec)
-  containers.podman.podman_container_exec:
-    name: "{{ build_stream_container_name }}"
-    argv: "{{ curl_cmd }}"
-  register: curl_status
-  changed_when: false
-  failed_when: false
+    # Ensure restart happens before validation
+    - name: Apply systemd reload/restart now
+      ansible.builtin.meta: flush_handlers
+
+    - name: Wait until omnia_build_stream container exists and is running
+      containers.podman.podman_container_info:
+        name: "{{ build_stream_container_name }}"
+      register: bs_info
+      retries: "{{ bs_container_wait_retries }}"
+      delay: "{{ bs_container_wait_delay }}"
+      until:
+        - bs_info.containers is defined
+        - bs_info.containers | length > 0
+        - bs_info.containers[0].State is defined
+        - bs_info.containers[0].State.Running | bool
 
-- name: Fail if HTTPS test is not 200
-  ansible.builtin.fail:
-    msg: "{{ build_stream_https_failure_msg }}"
-  when: (curl_status.stdout | trim) != "200"
+    # -------------------------------------------------------------------
+    # 5) Validate HTTPS connectivity from inside build_stream
+    # -------------------------------------------------------------------
+    - name: Build curl command
+      ansible.builtin.set_fact:
+        curl_cmd:
+          - curl
+          - -sS
+          - -o
+          - /dev/null
+          - -w
+          - "%{http_code}\n"
+          - --cacert
+          - "{{ build_stream_pulp_cert_container_path }}"
+          - "{{ pulp_base_url }}/pulp/api/v3/status/"
+      changed_when: false
 
-# -------------------------------------------------------------------
+    - name: Test HTTPS from build_stream to Pulp
+      containers.podman.podman_container_exec:
+        name: "{{ build_stream_container_name }}"
+        argv: "{{ curl_cmd }}"
+      register: curl_status
+      changed_when: false
+      failed_when: false
+
+    - name: Fail if HTTPS test is not 200
+      ansible.builtin.fail:
+        msg: "{{ build_stream_https_failure_msg }}"
+      when: (curl_status.stdout | trim) != "200"
+# --------------------------------------------------------------------
 # 6) Validate health API endpoint https://localhost:{{ build_stream_port }}/health"
 # -------------------------------------------------------------------
-- name: Wait until omnia_build_stream container exists and is running
-  containers.podman.podman_container_info:
-    name: "{{ build_stream_container_name }}"
-  register: bs_info
-  retries: "{{ bs_container_wait_retries }}"
-  delay: "{{ bs_container_wait_delay }}"
-  until:
-    - bs_info.containers is defined
-    - bs_info.containers | length > 0
-    - bs_info.containers[0].State is defined
-    - bs_info.containers[0].State.Running | bool
+    - name: Wait until omnia_build_stream container exists and is running
+      containers.podman.podman_container_info:
+        name: "{{ build_stream_container_name }}"
+      register: bs_info
+      retries: "{{ bs_container_wait_retries }}"
+      delay: "{{ bs_container_wait_delay }}"
+      until:
+        - bs_info.containers is defined
+        - bs_info.containers | length > 0
+        - bs_info.containers[0].State is defined
+        - bs_info.containers[0].State.Running | bool
+
+  rescue:
+    - name: Build_stream container deployment failed
+      ansible.builtin.fail:
+        msg: "{{ build_stream_container_failure_msg }}"

prepare_oim/roles/deploy_containers/build_stream/vars/main.yml

@@ -77,7 +77,7 @@ build_stream_quadlet_file_mode: "0644"
 # PostgreSQL configuration (from postgres role)
 postgres_user: "{{ hostvars['localhost']['postgres_user'] }}"
 postgres_password: "{{ hostvars['localhost']['postgres_password'] }}"
-postgres_db_name: "build_stream"
+postgres_db_name: "{{ hostvars['localhost']['postgres_db_name'] | default('build_stream_db') }}"
 
 ###############################################################
 ###############################################################
@@ -104,6 +104,15 @@ build_stream_firewall_port: "{{ build_stream_port }}/tcp"
 ###############################################################
 # User messages
 ###############################################################
+build_stream_image_pull_success_msg:
+  - "Successfully pulled image from Docker Hub"
+  - "Image: {{ build_stream_image_name }}:{{ build_stream_image_tag }}"
+
+build_stream_container_failure_msg: |
+  The deployment of the {{ build_stream_container_name }} container has failed. To resolve this issue,
+  please run the utility/oim_cleanup.yml playbook to clean up any existing OIM resources.
+  After the cleanup, you can re-run the original playbook to deploy the {{ build_stream_container_name }} container successfully.
+
 build_stream_pulp_not_ready_msg: |
   Pulp container '{{ pulp_container_name }}' is not ready.
   Exists={{ (pulp_container_info.containers | length) > 0 }},

prepare_oim/roles/deploy_containers/postgres/tasks/deploy_postgres.yml

@@ -15,27 +15,27 @@
 ---
 
 # Check and remove existing postgres container if running
-- name: Check if build_stream_postgres service exists
+- name: Check if omnia_postgres service exists
   ansible.builtin.systemd:
     name: "{{ postgres_container_name }}.service"
   register: postgres_service_status
   failed_when: false
 
-- name: Stop build_stream_postgres service if running
+- name: Stop omnia_postgres service if running
   ansible.builtin.systemd:
     name: "{{ postgres_container_name }}.service"
     state: stopped
     enabled: false
   when: postgres_service_status.status is defined
   failed_when: false
 
-- name: Check if build_stream_postgres container exists
+- name: Check if omnia_postgres container exists
   containers.podman.podman_container_info:
     name: "{{ postgres_container_name }}"
   register: existing_container_info
   failed_when: false
 
-- name: Remove existing build_stream_postgres container
+- name: Remove existing omnia_postgres container
   containers.podman.podman_container:
     name: "{{ postgres_container_name }}"
     state: absent
@@ -60,20 +60,20 @@
     selinux_option: "{{ ':z' if (share_option != 'NFS' or nfs_type | default('') != 'external') else '' }}"
 
 # Create required directories
-- name: Create data directory for build_stream_postgres
+- name: Create data directory for omnia_postgres
   ansible.builtin.file:
     path: "{{ postgres_data_dir }}"
     state: directory
     mode: "{{ postgres_dir_mode }}"
 
-- name: Create log directory for build_stream_postgres
+- name: Create log directory for omnia_postgres
   ansible.builtin.file:
     path: "{{ postgres_log_dir }}"
     state: directory
     mode: "{{ postgres_dir_mode }}"
 
 # Pull container image
-- name: Pull build_stream_postgres image from Docker Hub
+- name: Pull omnia_postgres image from Docker Hub
   containers.podman.podman_image:
     name: "{{ postgres_image }}"
     tag: "{{ postgres_image_tag }}"

prepare_oim/roles/deploy_containers/postgres/tasks/main.yml

@@ -14,7 +14,7 @@
 
 ---
 
-- name: Deploy build_stream_postgres container
+- name: Deploy omnia_postgres container
   ansible.builtin.include_tasks: deploy_postgres.yml
   tags:
     - postgres

prepare_oim/roles/deploy_containers/postgres/templates/postgres.j2

@@ -1,5 +1,19 @@
+# Copyright 2026 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
 # ===============================================================
-# build_stream_postgres Quadlet Service
+# omnia_postgres Quadlet Service
 # PostgreSQL Database for Omnia BuildStream
 # ===============================================================
 [Unit]

prepare_oim/roles/deploy_containers/postgres/vars/main.yml

@@ -15,7 +15,7 @@
 ---
 
 # PostgreSQL Container Configuration
-postgres_container_name: "build_stream_postgres"
+postgres_container_name: "omnia_postgres"
 
 # OIM metadata file path
 oim_metadata_file: "/opt/omnia/.data/oim_metadata.yml"
@@ -29,7 +29,7 @@ postgres_port: 5432
 # Database configuration
 postgres_user: "{{ hostvars['localhost']['postgres_user'] }}"
 postgres_password: "{{ hostvars['localhost']['postgres_password'] }}"
-postgres_db_name: "build_stream"
+postgres_db_name: "{{ hostvars['localhost']['postgres_db_name'] | default('build_stream_db') }}"
 
 # Storage configuration
 postgres_data_dir: "{{ omnia_path }}/postgres/data"

utils/roles/oim_cleanup/oim_container_cleanup/tasks/cleanup_build_stream.yml

@@ -34,7 +34,7 @@
 
 - name: Get omnia_build_stream container files
   ansible.builtin.find:
-    paths: "/etc/containers/systemd/"
+    paths: "{{ quadlet_dir }}"
     patterns: 'omnia_build_stream*'
     file_type: file
   register: found_files