New Role: redfish_vbmc_podman

Add a role to set up RedFish Virtual BMC (sushy-emulator)
as a podman contaner. The role creates a systemd service
so managing start/stop/restart work like any other service.

Assisted-By: Claude (claude-4.5-sonnet)
Signed-off-by: Harald Jensås <hjensas@redhat.com>

Author: hjensas

roles/redfish_vbmc_podman/README.md

@@ -0,0 +1,126 @@
+# redfish_vbmc_podman - ansible role
+
+Role to deploy sushy-emulator (RedFish Virtual BMC) service as a Podman container
+on a target host.
+
+The emulator is configured with the OpenStack driver as the backend. This role
+runs sushy-emulator as a systemd-managed podman container for automatic startup
+and management.
+
+## Requirements
+
+- Podman installed on the target host
+- OpenStack clouds.yaml configuration file accessible on the target host
+- httpd-tools package (for htpasswd generation)
+
+**Note**: The `redfish_vbmc_podman_cloud_config_dir` variable should point to the directory containing `clouds.yaml` on the target host where the container will run. By default, this matches the location where the `controller` role places the clouds.yaml file (`/home/zuul/.hotcloud`).
+
+## Role Variables
+
+### Required Variables
+
+| Variable | Description |
+|----------|-------------|
+| `redfish_vbmc_podman_instances_uuids` | List of OpenStack instance UUIDs to expose via RedFish API |
+
+### Optional Variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `redfish_vbmc_podman_os_cloud` | `default` | OpenStack cloud name from clouds.yaml |
+| `redfish_vbmc_podman_cloud_config_dir` | `/home/zuul/.hotcloud` | Path to directory containing clouds.yaml |
+| `redfish_vbmc_podman_username` | `admin` | RedFish API username |
+| `redfish_vbmc_podman_password` | `password` | RedFish API password |
+| `redfish_vbmc_podman_image` | `quay.io/rhn_gps_hjensas/sushy-tools:dev-1761151453` | Container image to use |
+| `redfish_vbmc_podman_listen_port` | `8000` | Port to expose on the host |
+| `redfish_vbmc_podman_config_dir` | `/etc/sushy-emulator` | Configuration directory on host |
+| `redfish_vbmc_podman_openstack_config_dir` | `/etc/openstack` | OpenStack config mount point in container |
+| `redfish_vbmc_podman_debug` | `true` | Enable debug logging |
+| `redfish_vbmc_podman_vmedia_file_upload` | `true` | Enable file upload for virtual media |
+| `redfish_vbmc_podman_vmedia_delay_eject` | `true` | Delay rebuild on virtual media eject |
+| `redfish_vbmc_podman_ignore_boot_device` | `false` | Ignore boot device instructions |
+
+## Dependencies
+
+None
+
+## Example Playbook
+
+```yaml
+- name: Install RedFish Virtual BMC with Podman
+  hosts: controller-0
+  gather_facts: true
+  strategy: linear
+  pre_tasks:
+    - name: Load stack outputs from file
+      ansible.builtin.include_vars:
+        file: "{{ stack_name }}-outputs.yaml"
+        name: stack_outputs
+      delegate_to: localhost
+
+  roles:
+    - role: redfish_vbmc_podman
+      when:
+        - stack_outputs.sushy_emulator_uuids | default({}) | length > 0
+      vars:
+        redfish_vbmc_podman_instances_uuids: "{{ stack_outputs.sushy_emulator_uuids.values() }}"
+        redfish_vbmc_podman_os_cloud: default
+```
+
+## Testing
+
+After deployment, test the RedFish API:
+
+```bash
+# Test the API endpoint
+curl -u admin:password http://controller-0.example.com:8000/redfish/v1/Systems/
+```
+
+Expected response:
+
+```json
+{
+    "@odata.type": "#ComputerSystemCollection.ComputerSystemCollection",
+    "Name": "Computer System Collection",
+    "Members@odata.count": 2,
+    "Members": [
+        {
+            "@odata.id": "/redfish/v1/Systems/50cd91c3-380a-423d-80c4-8d65002c96ec"
+        },
+        {
+            "@odata.id": "/redfish/v1/Systems/b6e20780-cb52-4491-96ae-2a817944dbd2"
+        }
+    ],
+    "@odata.context": "/redfish/v1/$metadata#ComputerSystemCollection.ComputerSystemCollection",
+    "@odata.id": "/redfish/v1/Systems",
+    "@Redfish.Copyright": "Copyright 2014-2016 Distributed Management Task Force, Inc. (DMTF). For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright."
+}
+```
+
+## Management Commands
+
+Useful commands for managing the sushy-emulator service:
+
+```bash
+# Check container status
+sudo podman ps
+
+# View logs
+sudo podman logs sushy-emulator
+
+# Restart the service
+sudo systemctl restart sushy-emulator
+
+# Check service status
+sudo systemctl status sushy-emulator
+
+# Stop the service
+sudo systemctl stop sushy-emulator
+
+# Start the service
+sudo systemctl start sushy-emulator
+```
+
+## License
+
+Apache License, Version 2.0

roles/redfish_vbmc_podman/defaults/main.yml

@@ -0,0 +1,40 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# OpenStack cloud configuration
+redfish_vbmc_podman_os_cloud: default
+redfish_vbmc_podman_cloud_config_dir: "/home/zuul/.hotcloud"
+
+# Authentication
+redfish_vbmc_podman_username: admin
+redfish_vbmc_podman_password: password
+
+# Instance filtering
+redfish_vbmc_podman_instances_uuids: []
+
+# Container configuration
+redfish_vbmc_podman_image: quay.io/rhn_gps_hjensas/sushy-tools:dev-1761151453
+redfish_vbmc_podman_listen_port: 8000
+
+# Paths
+redfish_vbmc_podman_config_dir: /etc/sushy-emulator
+redfish_vbmc_podman_openstack_config_dir: /etc/openstack
+
+# Sushy-emulator configuration options
+redfish_vbmc_podman_debug: true
+redfish_vbmc_podman_vmedia_file_upload: true
+redfish_vbmc_podman_vmedia_delay_eject: true
+redfish_vbmc_podman_ignore_boot_device: false

roles/redfish_vbmc_podman/handlers/main.yml

@@ -0,0 +1,21 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Restart sushy-emulator service
+  become: true
+  ansible.builtin.systemd_service:
+    name: sushy-emulator
+    state: restarted

roles/redfish_vbmc_podman/tasks/main.yml

@@ -0,0 +1,79 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Install package requirements
+  become: true
+  ansible.builtin.dnf:
+    name:
+      - httpd-tools
+      - podman
+    state: present
+
+- name: Create sushy-emulator configuration directory
+  become: true
+  ansible.builtin.file:
+    path: "{{ redfish_vbmc_podman_config_dir }}"
+    state: directory
+    mode: '0755'
+    owner: root
+    group: root
+
+- name: Generate htpasswd
+  register: _htpasswd
+  ansible.builtin.command:
+    cmd: >-
+     htpasswd -nbB
+       {{ redfish_vbmc_podman_username | quote }}
+       {{ redfish_vbmc_podman_password | quote }}
+  changed_when: false
+
+- name: Create htpasswd file
+  become: true
+  ansible.builtin.copy:
+    content: "{{ _htpasswd.stdout + '\n' }}"
+    dest: "{{ redfish_vbmc_podman_config_dir }}/.htpasswd"
+    mode: '0600'
+    owner: root
+    group: root
+  notify: Restart sushy-emulator service
+
+- name: Create sushy-emulator config file
+  become: true
+  ansible.builtin.template:
+    src: sushy-emulator.conf.j2
+    dest: "{{ redfish_vbmc_podman_config_dir }}/config.conf"
+    mode: '0644'
+    owner: root
+    group: root
+  notify: Restart sushy-emulator service
+
+- name: Deploy systemd service file for sushy-emulator
+  become: true
+  ansible.builtin.template:
+    src: sushy-emulator.service.j2
+    dest: /etc/systemd/system/sushy-emulator.service
+    mode: '0644'
+    owner: root
+    group: root
+  notify: Restart sushy-emulator service
+
+- name: Enable and start sushy-emulator service
+  become: true
+  ansible.builtin.systemd_service:
+    name: sushy-emulator
+    enabled: true
+    state: started
+    daemon_reload: true

roles/redfish_vbmc_podman/templates/sushy-emulator.conf.j2

@@ -0,0 +1,41 @@
+# Sushy-emulator configuration file
+# Generated by Ansible - do not edit manually
+
+# Listen on all local IP interfaces
+SUSHY_EMULATOR_LISTEN_IP = '::'
+
+# Bind to TCP port 8000
+SUSHY_EMULATOR_LISTEN_PORT = 8000
+
+# Serve this SSL certificate to the clients
+SUSHY_EMULATOR_SSL_CERT = None
+
+# If SSL certificate is being served, this is its RSA private key
+SUSHY_EMULATOR_SSL_KEY = None
+
+# If authentication is desired, set this to an htpasswd file.
+SUSHY_EMULATOR_AUTH_FILE = '/etc/sushy-emulator/.htpasswd'
+
+# The OpenStack cloud ID to use. This option enables OpenStack driver.
+SUSHY_EMULATOR_OS_CLOUD = '{{ redfish_vbmc_podman_os_cloud }}'
+
+# If image should created via file upload instead of web-download based image
+# import OpenStack cloud virtual media
+SUSHY_EMULATOR_OS_VMEDIA_IMAGE_FILE_UPLOAD = {{ redfish_vbmc_podman_vmedia_file_upload | bool }}
+
+# When set to true, the instance rebuild on virtual media eject
+# is delayed until the next a RedFish power action.
+SUSHY_EMULATOR_OS_VMEDIA_DELAY_EJECT = {{ redfish_vbmc_podman_vmedia_delay_eject | bool }}
+
+# Instruct the libvirt driver to ignore any instructions to
+# set the boot device. Allowing the UEFI firmware to instead
+# rely on the EFI Boot Manager
+# Note: This sets the legacy boot element to dev="fd"
+# and relies on the floppy not existing, it likely won't work
+# your VM has a floppy drive.
+SUSHY_EMULATOR_IGNORE_BOOT_DEVICE = {{ redfish_vbmc_podman_ignore_boot_device | bool }}
+
+# This list contains the identities of instances that the driver will filter by.
+# It is useful in a tenant environment where only some instances represent
+# virtual baremetal.
+SUSHY_EMULATOR_ALLOWED_INSTANCES = {{ redfish_vbmc_podman_instances_uuids }}

roles/redfish_vbmc_podman/templates/sushy-emulator.service.j2

@@ -0,0 +1,30 @@
+{% set sushy_cmd = '/usr/local/bin/sushy-emulator' -%}
+{% set sushy_args = [] -%}
+{% if redfish_vbmc_podman_debug -%}
+{%   set _ = sushy_args.append('--debug') -%}
+{% endif -%}
+{% set _ = sushy_args.append('--config /etc/sushy-emulator/config.conf') -%}
+[Unit]
+Description=Sushy Emulator - RedFish Virtual BMC
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/usr/bin/podman pull {{ redfish_vbmc_podman_image }}
+ExecStartPre=/usr/bin/podman rm -f sushy-emulator
+ExecStart=/usr/bin/podman run \
+  --name sushy-emulator \
+  --network host \
+  --replace \
+  -v {{ redfish_vbmc_podman_config_dir }}:/etc/sushy-emulator:ro,z \
+  -v {{ redfish_vbmc_podman_cloud_config_dir }}:{{ redfish_vbmc_podman_openstack_config_dir }}:ro,z \
+  {{ redfish_vbmc_podman_image }} \
+  {{ sushy_cmd }} {{ sushy_args | join(' ') }}
+ExecStop=/usr/bin/podman stop -t 10 sushy-emulator
+ExecStopPost=/usr/bin/podman rm -f sushy-emulator
+
+[Install]
+WantedBy=multi-user.target