Showroom simplification 01 (#7047)

* Major cleanup of showroom down to 1 var typical deployment

* Cleanup of old showroom code

ansible/roles/showroom/defaults/main.yml

@@ -7,12 +7,9 @@ showroom_deploy: true
 
 showroom_git_repo: https://github.com/tonykay/showroom-poc-2023-06.git
 showroom_git_tag: main
-showroom_antora_playbook: site.yml
-showroom_primary_path: "showroom/"         # this is the URL where the UI is available
-showroom_project_zero: false
-showroom_project_zero_bundle: https://github.com/rhpds/nookbag/releases/download/nookbag-v0.0.3/nookbag-v0.0.3.zip
-
-  # showroom_default_playbook: site.yml   # Default antora playbook to build from TODO: delete this?
+showroom_primary_path: "showroom/"    # this is the postfix to the URL where the UI is available
+showroom_theme: freeform              # zero | rh_developer
+showroom_theme_zero_bundle: https://github.com/rhpds/nookbag/releases/download/nookbag-v0.0.3/nookbag-v0.0.3.zip
 
 showroom_primary_port: 443            # TODO: Validate traefik websecure=8443
 showroom_frontend_service: traefik    # traefik or nginx, others by arrangement (ie extensible)
@@ -29,16 +26,14 @@ showroom_container_compose_template: compose_default_template.j2
 showroom_base_services:
   - traefik_httpd                     # Combines a traefik reverse proxy with httpd as a "pair"
 
-showroom_tab_services:
-  - double_terminal
-  - codeserver
-  - docs
+showroom_tab_services:                # double_terminal | codeserver | docs TODO: validate
+  - single_terminal
 
 showroom_dnf_packages:
   - git
-  - systemd-container
   - podman
   - python-devel
+  - systemd-container
   - unzip
 
 showroom_pip_packages:

ansible/roles/showroom/tasks/20-showroom-dependencies.yml → ansible/roles/showroom/tasks/10-showroom-dependencies.yml

@@ -1,13 +1,13 @@
 ---
-- name: Ensure Linux Package dependencies
+- name: Ensure Linux Package dependencies for Showroom
   ansible.builtin.dnf:
     name: "{{ __showroom_dnf_packages }}"
     state: present
   loop: "{{ showroom_dnf_packages }}"
   loop_control:
     loop_var: __showroom_dnf_packages
 
-- name: Ensure Linux Python dependencies
+- name: Ensure Linux Python dependencies for Showroom
   ansible.builtin.pip:
     name: "{{ __showroom_pip_packages }}"
     state: present
@@ -29,4 +29,4 @@
   loop_control:
     loop_var: __showroom_npm_packages
   tags:
-    - showroom-npm
+    - showroom-antora-npm

ansible/roles/showroom/tasks/20-showroom-user-setup.yml

@@ -0,0 +1,72 @@
+---
+
+# Create the showroom user and working directories
+
+- name: "Create showroom user {{ showroom_user }}"
+  ansible.builtin.user:
+    name: "{{ showroom_user | default('showroom') }}"
+    home: "{{ showroom_user_home_dir }}"
+    uid: "{{ showroom_user_uid }}"
+    password: "{{ common_password | password_hash('sha512') }}"
+
+- name: Setup persistent working directory
+  ansible.builtin.file:
+    path: "{{ __showroom_work_dir }}"
+    state: directory
+    owner: "{{ showroom_user | default('showroom') }}"
+    group: "{{ showroom_user_group | default('showroom') }}"
+  loop: "{{ showroom_work_dirs }}"
+  loop_control:
+    loop_var: __showroom_work_dir
+
+- name: Add passwordless sudo for {{ showroom_user }}
+  ansible.builtin.lineinfile:
+    path: /etc/sudoers
+    regexp: "^{{ showroom_user }}"
+    line: "{{ showroom_user }} ALL=(ALL) NOPASSWD: ALL"
+
+- name: User and system configuration when using traefik
+  when: showroom_frontend_service == "traefik"
+  block:
+
+    # TODO: Move this to 8443 after validation
+    # IE eliminate the entire sysctl task once verified and tested
+
+    - name: Allow users to open ports 80 and up without sudo etc
+      ansible.posix.sysctl:
+        name: net.ipv4.ip_unprivileged_port_start
+        value: 80
+        state: present
+        reload: true
+
+    - name: Create acme.json for LetsEncypt called via traefik with correct permissions
+      ansible.builtin.file:
+        path: "{{ showroom_user_home_dir }}/orchestration/acme.json"
+        state: touch
+        owner: "{{ showroom_user }}"
+        group: "{{ showroom_user_group }}"
+        mode: u=rw,g-rwx,o-rwx
+
+    - name: Add ansible_user to group wheel for machinectl privileges
+      ansible.builtin.user:
+        name: "{{ ansible_user }}"
+        groups: wheel
+        password: "{{ common_password | password_hash('sha512') }}"
+        append: true
+
+    - name: "Start --user {{ showroom_user }} podman.socket for traefik"
+      shell: "loginctl enable-linger $USER; systemctl --user enable podman.socket --now"
+      become: true
+      become_user: "{{ showroom_user }}"
+      become_method: community.general.machinectl
+      vars:
+        ansible_become_pass: "{{ common_password }}"
+      environment:
+        XDG_RUNTIME_DIR: "/run/user/{{ showroom_user_uid }}"
+        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ showroom_user_uid }}/bus"
+
+    - name: "Create a Podman network {{ showroom_podman_network }}"
+      containers.podman.podman_network:
+        name: "{{ showroom_podman_network | default('showroom_network') }}"
+        state: present
+      become_user: "{{ showroom_user }}"

ansible/roles/showroom/tasks/30-showroom-clone-and-inject.yml

@@ -1,5 +1,5 @@
 ---
-- name: Clone and Inject Showroom Tasks
+- name: Clone and Inject Showroom repo and vars
   block:
 
     - name: Clone showroom primary repo - lab content in adoc
@@ -10,7 +10,7 @@
         version: "{{ showroom_git_tag | default('main') }}"
       become_user: "{{ showroom_user }}"
 
-    - name: Setup and inject userdata
+    - name: Setup and inject userdata into showroom repo
       block:
 
         - name: Load AgnosticD User Data
@@ -29,8 +29,4 @@
             dest: "{{ showroom_user_home_dir }}/content/documentation/modules/ROOT/pages/include_vars.adoc"
             owner: "{{ showroom_user }}"
             group: "{{ showroom_user_group }}"
-            mode: '0644'
-          tags:
-            - showroom-var-injection
-  tags:
-    - showroom-clone-and-inject
+            mode: "u=rw,o=r,g=r"

ansible/roles/showroom/tasks/40-showroom-render.yml

@@ -4,7 +4,7 @@
   containers.podman.podman_container:
     name: container
     image: docker.io/antora/antora
-    command: "{{ showroom_antora_playbook | default('site.yml') }}"
+    command: "{{ showroom_theme | default('site') }}-playbook.yml"
     detach: false                               # ensure completion of render before moving on
     volumes:
       - "{{ showroom_user_home_dir }}/content:/antora:Z"
@@ -18,19 +18,13 @@
     var: "{{ r_podman_run_antora }}"
     verbosity: 2
 
-      # TODO: Insert index.html and css injection
-      #   clunky and hardcoded for now, make dynamic
-
-      # TODO: Make this whole showroom_host more robust for multi-cloud use
-      #
-
 - name: Set showroom_host if not defined
   when: showroom_host is not defined
   ansible.builtin.set_fact:
     showroom_host: "{{ groups['bastions'][0] | regex_replace('\\..*$') }}.{{ guid }}{{ subdomain_base_suffix }}"
 
-- name: Showroom UI inject when not using Project Zero
-  when: showroom_project_zero is false
+- name: Showroom UI inject when showroom_theme does not equal string zero
+  when: showroom_theme != "zero"
   block:
 
     - name: Insert showroom index.html and css
@@ -51,13 +45,13 @@
         loop_var: __file
 
 
-- name: Project Zero UI inject when not using Showroom UI
-  when: showroom_project_zero is true
+- name: Project Zero UI inject when showroom_theme equals string zero
+  when: showroom_theme == "zero"
   block:
 
-    - name: Insert nookbag the UI for Project Zero
+    - name: Insert the zero bundle for the Zero theme
       ansible.builtin.unarchive:
-        src: "{{ showroom_project_zero_bundle }}"
+        src: "{{ showroom_theme_zero_bundle }}"
         dest: "{{ showroom_user_home_dir }}/content"
         remote_src: true
         owner: "{{ showroom_user }}"

ansible/roles/showroom/tasks/50-showroom-service.yml

@@ -41,52 +41,6 @@
         group: "{{ showroom_user_group }}"
         mode: "u=rw,g=r,o=r"
 
-- name: Setup showroom host for traefik for showroom_frontend_service
-  when: showroom_frontend_service == "traefik"
-  block:
-
-    # TODO: Move this to 8443 after validation
-    # IE eliminate the entire sysctl task once verified and tested
-
-    - name: Allow users to open ports 80 and up without sudo etc
-      ansible.posix.sysctl:
-        name: net.ipv4.ip_unprivileged_port_start
-        value: 80
-        state: present
-        reload: true
-
-    - name: Create acme.json for LetsEncypt called via traefik with correct permissions
-      ansible.builtin.file:
-        path: "{{ showroom_user_home_dir }}/orchestration/acme.json"
-        state: touch
-        owner: "{{ showroom_user }}"
-        group: "{{ showroom_user_group }}"
-        mode: u=rw,g-rwx,o-rwx
-
-    - name: Add ansible_user to group wheel for machinectl privileges
-      ansible.builtin.user:
-        name: "{{ ansible_user }}"
-        groups: wheel
-        password: "{{ common_password | password_hash('sha512') }}"
-        append: true
-
-    - name: "Start --user {{ showroom_user }} podman.socket for traefik"
-      shell: "loginctl enable-linger $USER; systemctl --user enable podman.socket --now"
-      become: true
-      become_user: "{{ showroom_user }}"
-      become_method: community.general.machinectl
-      vars:
-        ansible_become_pass: "{{ common_password }}"
-      environment:
-        XDG_RUNTIME_DIR: "/run/user/{{ showroom_user_uid }}"
-        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ showroom_user_uid }}/bus"
-
-    - name: "Create a Podman network {{ showroom_podman_network }}"
-      containers.podman.podman_network:
-        name: "{{ showroom_podman_network | default('showroom_network') }}"
-        state: present
-      become_user: "{{ showroom_user }}"
-
 - name: Enable and Start showroom service
   ansible.builtin.service:
     name: showroom.service

ansible/roles/showroom/tasks/60-showroom-verify.yml

@@ -8,9 +8,6 @@
     f_lab_ui_url:
       "https://{{ showroom_host }}:{{ showroom_primary_port }}/{{ showroom_primary_path }}"
 
-      # "https://{{ groups['bastions'][0].split('.',1)[0] }}.{{ guid }}{{
-      # subdomain_base_suffix }}:{{ showroom_primary_port }}/{{ showroom_primary_path }}"
-
 - name: Output showroom view(s) URLs as userinfo and userdata
   agnosticd_user_info:
     msg:

ansible/roles/showroom/tasks/main.yml

@@ -4,13 +4,17 @@
   when: showroom_deploy | default(true) | bool
   block:
 
-    - name: Setup the showroom user and working directories
+    - name: Setup OS dependencies, packages
       ansible.builtin.include_tasks:
-        file: 10-showroom-user-setup.yml
+        file: 10-showroom-dependencies.yml
+      tags:
+        - showroom-dependency-setup
 
-    - name: Setup OS dependencies, packages, user, directory
+    - name: Setup the showroom user and working directories
       ansible.builtin.include_tasks:
-        file: 20-showroom-dependencies.yml
+        file: 20-showroom-user-setup.yml
+      tags:
+        - showroom-user-setup
 
     - name: Clone primary showroom repo and inject externals (vars, html templates)
       ansible.builtin.include_tasks:
@@ -27,7 +31,11 @@
     - name: Create, enable, start showroom systemd service
       ansible.builtin.include_tasks:
         file: 50-showroom-service.yml
+      tags:
+        - showroom-services
 
     - name: Validate showroom service and output view url(s)
       ansible.builtin.include_tasks:
         file: 60-showroom-verify.yml
+      tags:
+        - showroom-verify

ansible/roles/showroom/templates/base_service_traefik_httpd/base_service_traefik_httpd.j2

@@ -22,7 +22,7 @@ showroom:
   hostname: showroom
   restart: always
   volumes:
-{% if showroom_project_zero is true %}
+{% if showroom_theme == "zero" %}
   - "{{ showroom_user_content_dir }}:/usr/local/apache2/htdocs:z,ro"
 {% else %}
   - "{{ showroom_user_content_dir }}/gh-pages:/usr/local/apache2/htdocs:z,ro"