From 8de72a0f0c28de2b9ead46bb8513eebf58a031dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Tue, 21 Oct 2025 16:11:59 +0200
Subject: [PATCH] Use our postgresql server for IPA-tuura
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 playbooks/groups/ipatuura.yml                 | 22 +++++++++++++++++++
 roles/ipatuura/templates/settings.py.j2       | 17 ++++++++++++++
 .../keycloak/templates/operator-config.yml.j2 |  9 ++++++++
 3 files changed, 48 insertions(+)

diff --git a/playbooks/groups/ipatuura.yml b/playbooks/groups/ipatuura.yml
index 6c46821d1e..4dc2a14fba 100644
--- a/playbooks/groups/ipatuura.yml
+++ b/playbooks/groups/ipatuura.yml
@@ -4,6 +4,28 @@
     myhosts: "ipatuura_stg"
 
 
+- name: Setup the database
+  hosts: db-fas01.stg.rdu3.fedoraproject.org
+  gather_facts: no
+  become: yes
+  become_user: postgres
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - /srv/private/ansible/vars.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+    - name: IPA-tuura DB user
+      community.postgresql.postgresql_user:
+        name: ipatuura
+        password: "{{ (env == 'production') | ternary(ipatuura_db_password_prod, ipatuura_db_password_stg) }}"
+    - name: IPA-tuura database creation
+      community.postgresql.postgresql_db:
+        name: ipatuura
+        owner: ipatuura
+        encoding: UTF-8
+
+
 - name: Make the box be real
   hosts: ipatuura_stg
   user: root
diff --git a/roles/ipatuura/templates/settings.py.j2 b/roles/ipatuura/templates/settings.py.j2
index b84f505e88..2aa1a45dc7 100644
--- a/roles/ipatuura/templates/settings.py.j2
+++ b/roles/ipatuura/templates/settings.py.j2
@@ -1 +1,18 @@
 from root.settings import *
+
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = '{{ ipatuura_django_secret_key }}'
+
+# Database
+# https://docs.djangoproject.com/en/3.0/ref/settings/#databases
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.postgresql",
+        "NAME": "ipatuura",
+        "USER": "ipatuura",
+        "PASSWORD": "{{ (env == 'production') | ternary(ipatuura_db_password_prod, ipatuura_db_password_stg) }}",
+        "HOST": "{{ ipatuura_db_host }}",
+        "PORT": "",
+    }
+}
diff --git a/roles/openshift-apps/keycloak/templates/operator-config.yml.j2 b/roles/openshift-apps/keycloak/templates/operator-config.yml.j2
index 9e7432f6fd..6dd4dbab1b 100644
--- a/roles/openshift-apps/keycloak/templates/operator-config.yml.j2
+++ b/roles/openshift-apps/keycloak/templates/operator-config.yml.j2
@@ -26,3 +26,12 @@ spec:
     ipa:
       secret:
         name: trusted-certs
+  additionalOptions:
+    # Connections to IPA-tuura can take longer than the default 5 seconds
+    - name: spi-connections-http-client--default--socket-timeout-millis
+      value: "60000"
+  # Slow login because of IPA-tuura
+  ingress:
+    annotations:
+      haproxy.router.openshift.io/timeout: 1m
+