Merge branch 'main' into 167-ion-split-proxy

Author: BrianSipos

.env

@@ -1,10 +1,23 @@
+# Port Services; Uncomment below lines to override default mappings
+#AUTHNZ_PORT=8084
+#AUTHNZ_HTTPS_PORT=8443
+#OPENSEARCH_PORT1=
+#OPENSEARCH_PORT2=
+#OPENSEARCH_DASH_PORT=
+#MQTT_PORT=11883
+
+
+
 DOCKER_CTR_PREFIX=
-DOCKER_IMAGE_PREFIX=
+DOCKER_IMAGE_PREFIX=localhost/
 DOCKER_IMAGE_TAG=latest
 
 ANMS_VERSION=0
 ANMS_GW_FQDN=localhost
 
+# Selects authnz emulation mode, valid options are authnz-emu or cam-gateway
+AUTHNZ_EMU=authnz-emu
+
 CAM_SERVER_URL=
 CAM_ADMIN_USER=amAdmin
 CAM_ADMIN_PASSWORD=
@@ -36,3 +49,4 @@ RENDERER_PORT=8081
 RENDERER_HOST_PORT=${DOCKER_CTR_PREFIX}grafana-image-renderer:${RENDERER_PORT}
 ION_MGR_PORT=8089
 HTTP_PORT:80
+

.github/workflows/build-test.yaml

@@ -8,13 +8,81 @@ on:
     - cron: '0 0 * * 0' # weekly
 
 jobs:
-  checkout-test:
+  podman-checkout-test:
     runs-on: ubuntu-latest
     env:
       DOCKER_BUILDKIT: "1"
-      AUTHNZ_EMU: "1"
+      AUTHNZ_EMU: "authnz-emu"
       ANMS_COMPOSE_OPTS: "-f docker-compose.yml -p anms"
       AGENT_COMPOSE_OPTS: "-f agent-compose.yml -p agents"
+      DOCKER_CMD: "podman"
+      AUTHNZ_PORT: 8084
+      AUTHNZ_HTTPS_PORT: 8443
+    steps:
+      - name: Start Podman API Service
+        run: |
+          systemctl --user start podman.socket
+          systemctl --user enable podman.socket
+          export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock      
+      - name: Versions
+        run: |
+          podman -v
+          podman ps
+          podman compose ls
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Tag name env
+        run: |
+          DOCKER_IMAGE_TAG=$(echo ${{ github.head_ref || github.ref_name }} | sed 's/[^a-zA-Z0-9\-\._]/-/g')
+          echo "DOCKER_IMAGE_TAG=${DOCKER_IMAGE_TAG}" >> $GITHUB_ENV
+      - name: Debug GitHub workspace
+        run: |
+          echo "GITHUB_WORKSPACE=${{ github.workspace }}"
+          ls -al ${{ github.workspace }}
+      - name: Build Main
+        run: podman compose build
+      - name: Build Agents
+        run: podman compose -f agent-compose.yml build
+      - name: Build Volume
+        run: |
+          ./create_volume.sh ./puppet/modules/apl_test/files/anms/tls
+      - name: Start
+        run: |
+          podman compose up -d --force-recreate
+          podman compose -f agent-compose.yml up -d --force-recreate
+          sleep 5
+      - name: Status
+        run: |
+          for BADSTATUS in stopped restarting; do
+            podman compose ${ANMS_COMPOSE_OPTS} ps --services --filter status=${BADSTATUS} | tee -a /tmp/notgood
+          done
+          # Show hints at what may be wrong
+          for SERVNAME in $(cat /tmp/notgood); do
+            podman compose ${ANMS_COMPOSE_OPTS} logs --tail 50 ${SERVNAME}
+          done
+          # Fail if any names are in the file
+          ! grep '[^[:space:]]' /tmp/notgood
+      - name: Test
+        run: |
+          # Checkout the running gateway+backend
+          podman build -t checkout-test checkout-test
+          podman run --network anms -v $PWD:/mnt -e XUNIT_OUTFILE=/mnt/testresults.xml -e CHECKOUT_BASE_URL=http://authnz/ -e SSL_CERT_FILE=/mnt/puppet/modules/apl_test/files/anms/tls/certs/ammos-ca-bundle.crt checkout-test
+      - name: Stop
+        if: always()
+        run: |
+          for OPTS_NAME in ANMS_COMPOSE_OPTS AGENT_COMPOSE_OPTS; do
+            podman compose ${!OPTS_NAME} rm --stop --force
+          done
+  docker-checkout-test:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: "1"
+      AUTHNZ_EMU: "authnz-emu"
+      ANMS_COMPOSE_OPTS: "-f docker-compose.yml -p anms"
+      AGENT_COMPOSE_OPTS: "-f agent-compose.yml -p agents"
+      DOCKER_CMD: "docker"
     steps:
       - name: Versions
         run: |
@@ -29,15 +97,21 @@ jobs:
         run: |
           DOCKER_IMAGE_TAG=$(echo ${{ github.head_ref || github.ref_name }} | sed 's/[^a-zA-Z0-9\-\._]/-/g')
           echo "DOCKER_IMAGE_TAG=${DOCKER_IMAGE_TAG}" >> $GITHUB_ENV
-      - name: Build
+      - name: Debug GitHub workspace
+        run: |
+          echo "GITHUB_WORKSPACE=${{ github.workspace }}"
+          ls -al ${{ github.workspace }}
+      - name: Build Main
+        run: docker compose build
+      - name: Build Agents
+        run: docker compose -f agent-compose.yml build
+      - name: Build Volume
         run: |
-          ./build.sh buildonly
           ./create_volume.sh ./puppet/modules/apl_test/files/anms/tls
       - name: Start
         run: |
-          for OPTS_NAME in ANMS_COMPOSE_OPTS AGENT_COMPOSE_OPTS; do
-            docker compose ${!OPTS_NAME} up --detach --force-recreate
-          done
+          docker compose up -d --force-recreate
+          docker compose -f agent-compose.yml up -d --force-recreate
           sleep 5
       - name: Status
         run: |

.github/workflows/puppet.yaml

@@ -11,21 +11,19 @@ jobs:
   prep:
     name: Download modules
     runs-on: ubuntu-24.04
+    container: quay.io/centos/centos:stream9
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           submodules: false
       - name: Install dependencies
         run: |
-          wget https://apt.puppet.com/puppet-release-focal.deb
-          sudo dpkg -i puppet-release-focal.deb
-          wget https://apt.puppet.com/puppet-tools-release-focal.deb
-          sudo dpkg -i puppet-tools-release-focal.deb
-          sudo apt-get update
-          sudo apt-get install -y puppet-agent puppet-bolt
-          sudo update-alternatives --install /usr/bin/puppet puppet-agent /opt/puppetlabs/bin/puppet 10
-          sudo chmod +t /tmp # workaround ruby need within prep.sh
+          dnf install -y https://yum.puppet.com/puppet7-release-el-9.noarch.rpm
+          dnf install -y https://yum.puppet.com/puppet-tools-release-el-9.noarch.rpm
+          dnf install -y puppet-agent-7.28.0-1.el9 puppet-bolt-3.30.0-1.el9
+          update-alternatives --install /usr/bin/puppet puppet-agent /opt/puppetlabs/bin/puppet 10
+          chmod +t /tmp # workaround ruby need within prep.sh
       - name: Prep project
         run: |
           ./puppet/prep.sh

.gitlab-ci.yml

@@ -331,7 +331,7 @@ deploy:
     - dnf install -y hostname
     - ./build.sh push
     - |
-      dnf install -y https://yum.puppet.com/puppet-release-el-9.noarch.rpm
+      dnf install -y https://yum.puppet.com/puppet7-release-el-9.noarch.rpm
       dnf install -y https://yum.puppet.com/puppet-tools-release-el-9.noarch.rpm
       dnf install -y puppet-agent-7.28.0-1.el9 puppet-bolt-3.30.0-1.el9
       update-alternatives --install /usr/bin/puppet puppet-agent /opt/puppetlabs/bin/puppet 10
@@ -343,10 +343,10 @@ deploy:
       mkdir -p puppet/data/fqdn/
       cat <<EOF >puppet/data/override.yaml
       anms::version: "${ANMS_VERSION}"
-      anms::docker_image_prefix: "${DOCKER_IMAGE_PREFIX}"
-      anms::docker_image_tag: "${DOCKER_IMAGE_TAG}"
-      anms::docker_registry_user: "${DOCKER_REGISTRY_USERNAME}"
-      anms::docker_registry_pass: "${DOCKER_REGISTRY_PASSWORD}"
+      anms::ctr_image_prefix: "${DOCKER_IMAGE_PREFIX}"
+      anms::ctr_image_tag: "${DOCKER_IMAGE_TAG}"
+      anms::ctr_registry_user: "${DOCKER_REGISTRY_USERNAME}"
+      anms::ctr_registry_pass: "${DOCKER_REGISTRY_PASSWORD}"
       anms::tls_server_key: 'puppet:///modules/apl_test/anms/tls/private/ammos-server-key.pem'
       anms::tls_server_cert: 'puppet:///modules/apl_test/anms/tls/certs/ammos-server-cert.pem'
       anms::tls_server_ca: 'puppet:///modules/apl_test/anms/tls/certs/ammos-ca-bundle.crt'