diff --git a/defaults/main.yml b/defaults/main.yml index 7059c56..a588eaa 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,9 +2,9 @@ # https://shinyproxy.io/ shinyproxy_install: True shinyproxy_as_docker_service: False -shinyproxy_major_ver: 2 -shinyproxy_minor_ver: 6 -shinyproxy_patch_ver: 0 +shinyproxy_major_ver: 3 +shinyproxy_minor_ver: 0 +shinyproxy_patch_ver: 2 shinyproxy_version: '{{ shinyproxy_major_ver }}.{{ shinyproxy_minor_ver }}.{{ shinyproxy_patch_ver }}' shinyproxy_file_name: 'shinyproxy-{{ shinyproxy_version }}.jar' shinyproxy_url: 'https://www.shinyproxy.io/downloads/{{ shinyproxy_file_name }}' @@ -43,7 +43,7 @@ shinyproxy_same_site_cookie: 'Lax' shinyproxy_log_retention: 10 shinyproxy_default_apps: True # Shinyproxy as docker service -shinyproxy_docker_image: 'openanalytics/shinyproxy:latest' +shinyproxy_docker_image: 'openanalytics/shinyproxy:{{ shinyproxy_version }}' shinyproxy_as_docker_stack_name: 'shinyproxy' shinyproxy_as_docker_service_name: 'shinyproxy' shinyproxy_as_docker_src_dir: /srv/{{ shinyproxy_as_docker_stack_name }}_service diff --git a/tasks/main.yml b/tasks/main.yml index 78102d5..2ad6aa5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,7 @@ --- -- import_tasks: shinyproxy_vm.yml +- name: Shinyproxy as a standalone service + ansible.builtin.import_tasks: shinyproxy_vm.yml when: not shinyproxy_as_docker_service -- import_tasks: shinyproxy_docker_service.yml +- name: Shinyproxy as a container + ansible.builtin.import_tasks: shinyproxy_docker_service.yml when: shinyproxy_as_docker_service diff --git a/tasks/shinyproxy_docker_service.yml b/tasks/shinyproxy_docker_service.yml index b090076..0aee427 100644 --- a/tasks/shinyproxy_docker_service.yml +++ b/tasks/shinyproxy_docker_service.yml @@ -1,91 +1,91 @@ --- -- name: Manage the composition of shinyproxy as a docker (non swarm) service +- name: shinyproxy_docker_service | Manage the composition of shinyproxy as a docker (non swarm) service when: shinyproxy_container_backend == 'docker' tags: ['shinyproxy', 'shinyproxy_docker', 'docker'] block: - - name: Create the directory where the dockerfile and the configuration file will be copied into + - name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into ansible.builtin.file: dest: "{{ shinyproxy_as_docker_src_dir }}" state: directory owner: root group: root - mode: 0750 + mode: "0750" - - name: Install the shinyproxy configuration file when using version 2.x + - name: shinyproxy_docker_service | Install the shinyproxy configuration file when using version 2.x ansible.builtin.template: src: shinyproxy-2-conf.yml.j2 dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml" owner: root group: root - mode: 0400 + mode: "0400" - - name: Install the shinyproxy docker file + - name: shinyproxy_docker_service | Install the shinyproxy docker file ansible.builtin.template: src: Dockerfile.j2 dest: "{{ shinyproxy_as_docker_src_dir }}/Dockerfile" owner: root group: root - mode: 0444 + mode: "0444" - - name: Install the docker compose file + - name: shinyproxy_docker_service | Install the docker compose file ansible.builtin.template: src: shinyproxy-docker-compose.yml.j2 dest: "{{ shinyproxy_as_docker_src_dir }}/docker-compose.yml" owner: root group: root - mode: 0400 + mode: "0400" - - name: Run the docker compose file to start the service + - name: shinyproxy_docker_service | Run the docker compose file to start the service community.docker.docker_compose: project_src: '{{ shinyproxy_as_docker_src_dir }}' build: true -- name: Manage the installation of the shinyproxy configuration of the swarm service +- name: shinyproxy_docker_service | Manage the installation of the shinyproxy configuration of the swarm service when: - shinyproxy_container_backend == 'docker-swarm' - shinyproxy_docker_mount_conf_file tags: ['shinyproxy', 'shinyproxy_swarm', 'docker'] block: - - name: Create the directory where the dockerfile and the configuration file will be copied into + - name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into ansible.builtin.file: dest: "{{ shinyproxy_as_docker_src_dir }}" state: directory owner: root group: root - mode: 0700 + mode: "0700" - - name: Install the shinyproxy configuration file + - name: shinyproxy_docker_service | Install the shinyproxy configuration file ansible.builtin.template: src: shinyproxy-2-conf.yml.j2 dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml" owner: root group: root - mode: 0400 + mode: "0400" -- name: Manage the docker stack +- name: shinyproxy_docker_service | Manage the docker stack when: - docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool - shinyproxy_container_backend == 'docker-swarm' tags: ['shinyproxy', 'shinyproxy_swarm', 'docker'] run_once: true block: - - name: Create the directory where the dockerfile and the configuration file will be copied into + - name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into ansible.builtin.file: dest: "{{ shinyproxy_as_docker_src_dir }}" state: directory owner: root group: root - mode: 0700 + mode: "0700" - - name: Install the docker compose file + - name: shinyproxy_docker_service | Install the docker compose file ansible.builtin.template: src: shinyproxy-docker-compose.yml.j2 dest: "{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml" owner: root group: root - mode: 0400 + mode: "0400" - - name: Start the shinyproxy stack + - name: shinyproxy_docker_service | Start the shinyproxy stack community.docker.docker_stack: name: '{{ shinyproxy_as_docker_stack_name }}' state: present diff --git a/tasks/shinyproxy_vm.yml b/tasks/shinyproxy_vm.yml index 8eae34c..b3a81c1 100644 --- a/tasks/shinyproxy_vm.yml +++ b/tasks/shinyproxy_vm.yml @@ -1,91 +1,120 @@ --- -- block: - - name: Create the shinyproxy user - user: name={{ shinyproxy_user }} home={{ shinyproxy_install_dir }} createhome=yes system=yes shell=/usr/sbin/nologin - - - name: Download the shinyproxy jar - become: True - become_user: '{{ shinyproxy_user }}' - get_url: url={{ shinyproxy_url }} dest={{ shinyproxy_install_dir }} - - - name: Set up a symlink to an unversioned app name - become: True - become_user: '{{ shinyproxy_user }}' - file: src={{ shinyproxy_install_dir }}/{{ shinyproxy_file_name }} dest={{ shinyproxy_install_dir }}/{{ shinyproxy_app_name }} state=link - - - name: Install the shinyproxy configuration file when using version 2.x - template: src=shinyproxy-2-conf.yml.j2 dest={{ shinyproxy_install_dir }}/application.yml owner=root group={{ shinyproxy_user }} mode=0640 - notify: Restart shinyproxy - when: shinyproxy_major_ver == 2 - tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ] - - - name: Install the shinyproxy logrotate configuration - template: src=shinyproxy-logrotate.j2 dest=/etc/logrotate.d/shinyproxy owner=root group=root mode=0444 - tags: [ 'shinyproxy', 'shinyproxy_conf' ] - - - name: Install the upstart init file - template: src=upstart-shinyproxy.conf.j2 dest=/etc/init/shinyproxy.conf owner=root group=root mode=0644 - when: ansible_service_mgr != 'systemd' - +- name: shinyproxy_vm | Shinyproxy as a standalone service when: - ansible_distribution_file_variety == "Debian" - ansible_distribution_major_version < '16' - shinyproxy_install | bool tags: shinyproxy + block: + - name: shinyproxy_vm | Create the shinyproxy user + ansible.builtin.user: + name: "{{ shinyproxy_user }}" + home: "{{ shinyproxy_install_dir }}" + createhome: true + system: true + shell: /usr/sbin/nologin -- block: - - name: Install the shinyproxy deb package - apt: - deb: "https://www.shinyproxy.io/downloads/shinyproxy_{{ shinyproxy_version }}_amd64.deb" - state: present + - name: shinyproxy_vm | Download the shinyproxy jar + become: true + become_user: '{{ shinyproxy_user }}' + ansible.builtin.get_url: + url: "{{ shinyproxy_url }}" + dest: "{{ shinyproxy_install_dir }}" + mode: "0644" + - name: shinyproxy_vm | Set up a symlink to an unversioned app name + become: true + become_user: '{{ shinyproxy_user }}' + ansible.builtin.file: + src: "{{ shinyproxy_install_dir }}/{{ shinyproxy_file_name }}" + dest: "{{ shinyproxy_install_dir }}/{{ shinyproxy_app_name }}" + state: link + + - name: shinyproxy_vm | Install the shinyproxy configuration file when using version 2.x + ansible.builtin.template: + src: shinyproxy-2-conf.yml.j2 + dest: "{{ shinyproxy_install_dir }}/application.yml" + owner: root + group: "{{ shinyproxy_user }}" + mode: "0640" + notify: Restart shinyproxy + when: shinyproxy_major_ver == 2 + tags: ['shinyproxy', 'shinyproxy_conf', 'shinyproxy_images'] + + - name: shinyproxy_vm | Install the shinyproxy logrotate configuration + ansible.builtin.template: + src: shinyproxy-logrotate.j2 + dest: /etc/logrotate.d/shinyproxy + owner: root + group: root + mode: "0444" + tags: ['shinyproxy', 'shinyproxy_conf'] + + - name: shinyproxy_vm | Install the upstart init file + ansible.builtin.template: + src: upstart-shinyproxy.conf.j2 + dest: /etc/init/shinyproxy.conf + owner: root + group: root + mode: "0644" + when: ansible_service_mgr != 'systemd' + +- name: shinyproxy_vm | Manage the deb packages installation when: - ansible_distribution_file_variety == "Debian" - ansible_distribution_major_version >= '16' - shinyproxy_install | bool tags: shinyproxy + block: + - name: shinyproxy_vm | Install the shinyproxy deb package + ansible.builtin.apt: + pkg: "https://www.shinyproxy.io/downloads/shinyproxy_{{ shinyproxy_version }}_amd64.deb" + state: present + cache_valid_time: 1800 -- block: - - name: Install the shinyproxy EL package - yum: - pkg: "https://www.shinyproxy.io/downloads/shinyproxy_{{ shinyproxy_version }}_x86_64.rpm" - state: present - +- name: shinyproxy_vm | Manage the EL packages installation when: - ansible_distribution_file_variety == "RedHat" - shinyproxy_install | bool tags: shinyproxy - -- name: Shinyproxy configuration when using the package block: - - name: Install the shinyproxy configuration file when using version 2.x - template: src=shinyproxy-2-conf.yml.j2 dest=/etc/shinyproxy/application.yml owner=root group={{ shinyproxy_user }} mode=0640 - notify: Restart shinyproxy - when: shinyproxy_major_ver == 2 + - name: shinyproxy_vm | Install the shinyproxy EL package + ansible.builtin.yum: + pkg: "https://www.shinyproxy.io/downloads/shinyproxy_{{ shinyproxy_version }}_x86_64.rpm" + state: present - when: - - ansible_distribution_major_version >= '16' or ansible_distribution_file_variety == "RedHat" - - shinyproxy_install | bool - tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ] - -- block: - - name: Ensure that the shinyproxy service is enabled and running - service: name=shinyproxy state=started enabled=yes - - - name: Create the directory where to install the custom templates, if we want to use them - file: dest={{ shinyproxy_template_path }} state=directory - when: shinyproxy_custom_template | bool - - - name: Create shinyproxy log directory - file: dest={{ shinyproxy_log_dir }} state=directory owner=shinyproxy mode=0750 - - - name: Pull the Docker images for the Shiny apps, when using Docker standalone - docker_image: name={{ item.docker_image }} pull=yes state={{ item.image_state | default('present') }} force=yes - with_items: '{{ shinyproxy_apps }}' - when: - - shinyproxy_apps is defined - - shinyproxy_container_backend == 'docker' - tags: [ 'shinyproxy', 'shinyproxy_images' ] - - when: shinyproxy_install | bool +- name: shinyproxy_vm | Manage the shinyproxy service + when: shinyproxy_install tags: shinyproxy + block: + - name: shinyproxy_vm | Ensure that the shinyproxy service is enabled and running + ansible.builtin.service: + name: shinyproxy + state: started + enabled: true + + - name: shinyproxy_vm | Create the directory where to install the custom templates, if we want to use them + ansible.builtin.file: + dest: "{{ shinyproxy_template_path }}" + state: directory + mode: "0755" + when: shinyproxy_custom_template | bool + + - name: shinyproxy_vm | Create shinyproxy log directory + ansible.builtin.file: + dest: "{{ shinyproxy_log_dir }}" + state: directory + owner: shinyproxy + mode: "0750" + + - name: shinyproxy_vm | Pull the Docker images for the Shiny apps, when using Docker standalone + community.docker.docker_image: + name: "{{ item.docker_image }}" + pull: true + state: "{{ item.image_state | default('present') }}" + force: true + loop: '{{ shinyproxy_apps }}' + when: + - shinyproxy_apps is defined + - shinyproxy_container_backend == 'docker' + tags: ['shinyproxy', 'shinyproxy_images'] diff --git a/templates/shinyproxy-2-conf.yml.j2 b/templates/shinyproxy-2-conf.yml.j2 deleted file mode 100644 index f95a859..0000000 --- a/templates/shinyproxy-2-conf.yml.j2 +++ /dev/null @@ -1,206 +0,0 @@ -server: -{% if shinyproxy_version is version_compare('2.4.0', '>=') %} - forward-headers-strategy: native -{% else %} - useForwardHeaders: true -{% endif %} - servlet.session.timeout: {{ shinyproxy_server_session_timeout }} -{% if shinyproxy_servlet_context_path is defined %} - servlet.context-path: {{ shinyproxy_servlet_context_path }} -{% endif %} - secure-cookies: {{ shinyproxy_server_secure_cookies }} - frame-options: {{ shinyproxy_server_frame_options }} - -proxy: - title: {{ shinyproxy_app_title }} - logo-url: {{ shinyproxy_logo_url }} - landing-page: {{ shinyproxy_landing_page }} - heartbeat-rate: {{ shinyproxy_heartbeat_rate }} - heartbeat-timeout: {{ shinyproxy_heartbeat_timeout }} - container-wait-time: {{ shinyproxy_container_wait_time }} -{% if shinyproxy_version is version_compare('2.6.0', '>=') %} - default-webSocket-reconnection-mode: {{ shinyproxy_default_websocket_reconnection_mode }} - stop-proxies-on-shutdown: {{ shinyproxy_stop_proxies_on_shutdown }} - recover-running-proxies: {{ shinyproxy_recover_running_proxies }} - recover-running-proxies-from-different-config: {{ shinyproxy_recover_running_proxies_from_different_config }} - default-stop-proxy-on-logout: {{ shinyproxy_default_stop_proxy_on_logout }} - default-proxy-max-lifetime: {{ shinyproxy_default_proxy_max_lifetime }} - same-site-cookie: {{ shinyproxy_same_site_cookie }} -{% endif %} -{% if shinyproxy_container_backend == 'docker-swarm' %} - bind-address: 0.0.0.0 -{% else %} - bind-address: {{ shinyproxy_bind_address }} -{% endif %} - port: {{ shinyproxy_http_port }} - hide-navbar: {{ shinyproxy_hide_navbar }} -{% if shinyproxy_custom_template %} - template-path: {{ shinyproxy_template_path }} -{% endif %} - authentication: {{ shinyproxy_authentication }} -{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %} - usage-stats-url: micrometer -{% endif %} - admin-groups: {{ shinyproxy_admin_group }} - container-backend: {{ shinyproxy_container_backend }} -{% if shinyproxy_authentication == 'ldap' %} - # LDAP configuration - ldap: - url: {{ shinyproxy_ldap_server }} -{% if shinyproxy_ldap_user_dn_enabled %} - user-dn-pattern: {{ shinyproxy_ldap_user_dn_pattern }} -{% endif %} -{% if shinyproxy_ldap_user_search_base_enabled %} - user-search-base: {{ shinyproxy_ldap_user_search_base }} -{% endif %} -{% if shinyproxy_ldap_user_search_filter_enabled %} - user-search-filter: {{ shinyproxy_ldap_user_search_filter }} -{% endif %} - group-search-base: {{ shinyproxy_ldap_group_search_base }} - group-search-filter: {{ shinyproxy_ldap_group_search_filter }} - manager-dn: {{ shinyproxy_ldap_admin }} - manager-password: {{ shinyproxy_ldap_admin_pwd }} -{% endif %} -{% if shinyproxy_authentication == 'keycloak' %} - keycloak: - realm: {{ shinyproxy_keycloak_realm }} - auth-server-url: {{ shinyproxy_keycloak_url }} - resource: {{ shinyproxy_keycloak_resource }} - credentials-secret: {{ shinyproxy_keycloak_secret }} - ssl-required: {{ shinyproxy_keycloak_ssl_required }} - name-attribute: {{ shinyproxy_keycloak_name_attribute }} - use-resource-role-mappings: {{ shinyproxy_keycloak_role_mappings }} -{% endif %} -{% if shinyproxy_authentication == 'openid' %} - openid: - auth-url: {{ shinyproxy_oidc_auth_url }} - token-url: {{ shinyproxy_oidc_token_url }} - jwks-url: {{ shinyproxy_oidc_jwks_url }} - logout-url: {{ shinyproxy_oidc_logout_url }} - client-id: {{ shinyproxy_oidc_client_id }} - client-secret: {{ shinyproxy_oidc_client_secret }} - username-attribute: {{ shinyproxy_oidc_username_attribute }} - -{% if shinyproxy_oidc_use_roles_claim %} - roles-claim: {{ shinyproxy_oidc_roles_claim }} -{% endif %} - -{% endif %} - -{% if shinyproxy_container_backend == 'docker' or shinyproxy_container_backend == 'docker-swarm' %} - docker: - container-memory-request: {{ shinyproxy_docker_memory_request }} - container-memory-limit: {{ shinyproxy_docker_memory_limit }} - container-cpu-limit: {{ shinyproxy_docker_cpu_limit }} -{% if not shinyproxy_as_docker_service %} - cert-path: {{ shinyproxy_docker_certs_dir }} - url: {{ shinyproxy_docker_url }} - container-protocol: {{ shinyproxy_docker_protocol }} - privileged: {{ shinyproxy_docker_privileged }} - port-range-start: {{ shinyproxy_docker_port_range_start }} - internal-networking: {{ shinyproxy_docker_internal_networking }} -{% else %} - internal-networking: true -{% endif %} -{% endif %} - specs: -{% if shinyproxy_default_apps %} - - id: 01_hello - display-name: Hello Application - description: Application which demonstrates the basics of a Shiny app - container-cmd: ["R", "-e shinyproxy::run_01_hello()"] - container-image: openanalytics/shinyproxy-demo - - id: 06_tabsets - docker-cmd: ["R", "-e shinyproxy::run_06_tabsets()"] - container-image: openanalytics/shinyproxy-demo -{% endif %} -{% if shinyproxy_apps is defined %} -{% for app in shinyproxy_apps %} - - id: {{ app.name }} - display-name: {{ app.display_name }} - description: {{ app.description }} - {% if app.cmd is defined %}container-cmd: ["R", "-e {{ app.cmd }}"]{% endif %} - - {% if app.full_cmd is defined %}container-cmd: [{{ app.full_cmd }}]{% endif %} - - container-image: {{ app.docker_image }} - container-privileged: {{ app.container_privileged | default('false') }} - container-memory-request: {{ app.container_memory_request | default('256m')}} - container-memory-limit: {{ app.docker_memory | default('2g') }} - container-cpu-request: {{ app.container_cpu_request | default('1') }} - - {% if app.container_cpu_limit is defined %}container-cpu-limit: {{ app.container_cpu_limit }}{% endif %} - -{% if shinyproxy_version is version_compare('2.6.0', '>=') %} - - stop-on-logout: {{ app.stop_on_logout | default('true') }} - max-lifetime: {{ app.max_lifetime | default(shinyproxy_default_proxy_max_lifetime) }} - -{% if app.extra_options is defined %} -{% for opt in app.extra_options %} - {{ opt.key }}: {{ opt.value }} -{% endfor %} -{% endif %} - -{% endif %} - -{% if app.environment is defined %} - container-env: -{% for env in app.environment %} - {{ env.name }}: {{ env.value }} -{% endfor %} -{% endif %} - - {% if app.groups is defined %} - - access-groups: [{{ app.groups }}] - - {% endif %} - - {% if app.port is defined %}port: {{ app.port }}{% endif %} - - {% if app.container_volumes is defined %}container-volumes: [ {% for vol in app.container_volumes %} "{{ vol }}"{% if not loop.last %}, {% endif %}{% endfor %} ]{% endif %} - -{% if shinyproxy_as_docker_service %} - {% if shinyproxy_container_backend == 'docker-swarm' %} - - container-network: {{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_docker_network }} - - {% else %} - - container-network: {{ shinyproxy_docker_network }} - - {% endif %} - {% endif %} - -{% endfor %} -{% endif %} - -security: - basic: - enabled: {{ shinyproxy_basic_auth }} - -{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %} -management: - metrics: - export: - prometheus: - enabled: true -{% endif %} - -{% if shinyproxy_version is version_compare('2.6.0', '>=') %} -spring: - application: - name: "{{ shinyproxy_spring_name }}" - servlet: - multipart: - max-file-size: {{ shinyproxy_max_file_size }} - max-request-size: {{ shinyproxy_max_request_size }} -{% endif %} - -logging: - file: {{ shinyproxy_log_dir }}/shinyproxy.log - #max-size: {{ shinyproxy_max_log_size }} - level: - com.spotify.docker: {{ shinyproxy_docker_loglevel }} - io.undertow: {{ shinyproxy_undertow_loglevel }}