diff --git a/tasks/shinyproxy_docker_stack_service.yml b/tasks/shinyproxy_docker_stack_service.yml index 9aeda59..dfa9d1b 100644 --- a/tasks/shinyproxy_docker_stack_service.yml +++ b/tasks/shinyproxy_docker_stack_service.yml @@ -32,7 +32,7 @@ - name: shinyproxy_docker_stack_service | Install the shinyproxy configuration file ansible.builtin.template: - src: shinyproxy-2-conf.yml.j2 + src: shinyproxy-conf.yml.j2 dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml" owner: root group: root diff --git a/templates/shinyproxy-conf.yml.j2 b/templates/shinyproxy-conf.yml.j2 new file mode 100644 index 0000000..1374e70 --- /dev/null +++ b/templates/shinyproxy-conf.yml.j2 @@ -0,0 +1,206 @@ +server: +{% if shinyproxy_version is version_compare('2.4.0', '>=') %} + forward-headers-strategy: native +{% else %} + useForwardHeaders: true +{% endif %} + servlet.session.timeout: {{ shinyproxy_server_session_timeout }} +{% if shinyproxy_servlet_context_path is defined %} + servlet.context-path: {{ shinyproxy_servlet_context_path }} +{% endif %} + secure-cookies: {{ shinyproxy_server_secure_cookies }} + frame-options: {{ shinyproxy_server_frame_options }} + +proxy: + title: {{ shinyproxy_app_title }} + logo-url: {{ shinyproxy_logo_url }} + landing-page: {{ shinyproxy_landing_page }} + heartbeat-rate: {{ shinyproxy_heartbeat_rate }} + heartbeat-timeout: {{ shinyproxy_heartbeat_timeout }} + container-wait-time: {{ shinyproxy_container_wait_time }} +{% if shinyproxy_version is version_compare('2.6.0', '>=') %} + default-webSocket-reconnection-mode: {{ shinyproxy_default_websocket_reconnection_mode }} + stop-proxies-on-shutdown: {{ shinyproxy_stop_proxies_on_shutdown }} + recover-running-proxies: {{ shinyproxy_recover_running_proxies }} + recover-running-proxies-from-different-config: {{ shinyproxy_recover_running_proxies_from_different_config }} + default-stop-proxy-on-logout: {{ shinyproxy_default_stop_proxy_on_logout }} + default-proxy-max-lifetime: {{ shinyproxy_default_proxy_max_lifetime }} + same-site-cookie: {{ shinyproxy_same_site_cookie }} +{% endif %} +{% if shinyproxy_container_backend == 'docker-swarm' %} + bind-address: 0.0.0.0 +{% else %} + bind-address: {{ shinyproxy_bind_address }} +{% endif %} + port: {{ shinyproxy_http_port }} + hide-navbar: {{ shinyproxy_hide_navbar }} +{% if shinyproxy_custom_template %} + template-path: {{ shinyproxy_template_path }} +{% endif %} + authentication: {{ shinyproxy_authentication }} +{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %} + usage-stats-url: micrometer +{% endif %} + admin-groups: {{ shinyproxy_admin_group }} + container-backend: {{ shinyproxy_container_backend }} +{% if shinyproxy_authentication == 'ldap' %} + # LDAP configuration + ldap: + url: {{ shinyproxy_ldap_server }} +{% if shinyproxy_ldap_user_dn_enabled %} + user-dn-pattern: {{ shinyproxy_ldap_user_dn_pattern }} +{% endif %} +{% if shinyproxy_ldap_user_search_base_enabled %} + user-search-base: {{ shinyproxy_ldap_user_search_base }} +{% endif %} +{% if shinyproxy_ldap_user_search_filter_enabled %} + user-search-filter: {{ shinyproxy_ldap_user_search_filter }} +{% endif %} + group-search-base: {{ shinyproxy_ldap_group_search_base }} + group-search-filter: {{ shinyproxy_ldap_group_search_filter }} + manager-dn: {{ shinyproxy_ldap_admin }} + manager-password: {{ shinyproxy_ldap_admin_pwd }} +{% endif %} +{% if shinyproxy_authentication == 'keycloak' %} + keycloak: + realm: {{ shinyproxy_keycloak_realm }} + auth-server-url: {{ shinyproxy_keycloak_url }} + resource: {{ shinyproxy_keycloak_resource }} + credentials-secret: {{ shinyproxy_keycloak_secret }} + ssl-required: {{ shinyproxy_keycloak_ssl_required }} + name-attribute: {{ shinyproxy_keycloak_name_attribute }} + use-resource-role-mappings: {{ shinyproxy_keycloak_role_mappings }} +{% endif %} +{% if shinyproxy_authentication == 'openid' %} + openid: + auth-url: {{ shinyproxy_oidc_auth_url }} + token-url: {{ shinyproxy_oidc_token_url }} + jwks-url: {{ shinyproxy_oidc_jwks_url }} + logout-url: {{ shinyproxy_oidc_logout_url }} + client-id: {{ shinyproxy_oidc_client_id }} + client-secret: {{ shinyproxy_oidc_client_secret }} + username-attribute: {{ shinyproxy_oidc_username_attribute }} + +{% if shinyproxy_oidc_use_roles_claim %} + roles-claim: {{ shinyproxy_oidc_roles_claim }} +{% endif %} + +{% endif %} + +{% if shinyproxy_container_backend == 'docker' or shinyproxy_container_backend == 'docker-swarm' %} + docker: + container-memory-request: {{ shinyproxy_docker_memory_request }} + container-memory-limit: {{ shinyproxy_docker_memory_limit }} + container-cpu-limit: {{ shinyproxy_docker_cpu_limit }} +{% if not shinyproxy_as_docker_service %} + cert-path: {{ shinyproxy_docker_certs_dir }} + url: {{ shinyproxy_docker_url }} + container-protocol: {{ shinyproxy_docker_protocol }} + privileged: {{ shinyproxy_docker_privileged }} + port-range-start: {{ shinyproxy_docker_port_range_start }} + internal-networking: {{ shinyproxy_docker_internal_networking }} +{% else %} + internal-networking: true +{% endif %} +{% endif %} + specs: +{% if shinyproxy_default_apps %} + - id: 01_hello + display-name: Hello Application + description: Application which demonstrates the basics of a Shiny app + container-cmd: ["R", "-e shinyproxy::run_01_hello()"] + container-image: openanalytics/shinyproxy-demo + - id: 06_tabsets + docker-cmd: ["R", "-e shinyproxy::run_06_tabsets()"] + container-image: openanalytics/shinyproxy-demo +{% endif %} +{% if shinyproxy_apps is defined %} +{% for app in shinyproxy_apps %} + - id: {{ app.name }} + display-name: {{ app.display_name }} + description: {{ app.description }} + {% if app.cmd is defined %}container-cmd: ["R", "-e {{ app.cmd }}"]{% endif %} + + {% if app.full_cmd is defined %}container-cmd: [{{ app.full_cmd }}]{% endif %} + + container-image: {{ app.docker_image }} + container-privileged: {{ app.container_privileged | default('false') }} + container-memory-request: {{ app.container_memory_request | default('256m')}} + container-memory-limit: {{ app.docker_memory | default('2g') }} + container-cpu-request: {{ app.container_cpu_request | default('1') }} + + {% if app.container_cpu_limit is defined %}container-cpu-limit: {{ app.container_cpu_limit }}{% endif %} + +{% if shinyproxy_version is version_compare('2.6.0', '>=') %} + + stop-on-logout: {{ app.stop_on_logout | default('true') }} + max-lifetime: {{ app.max_lifetime | default(shinyproxy_default_proxy_max_lifetime) }} + +{% if app.extra_options is defined %} +{% for opt in app.extra_options %} + {{ opt.key }}: {{ opt.value }} +{% endfor %} +{% endif %} + +{% endif %} + +{% if app.environment is defined %} + container-env: +{% for env in app.environment %} + {{ env.name }}: {{ env.value }} +{% endfor %} +{% endif %} + + {% if app.groups is defined %} + + access-groups: [{{ app.groups }}] + + {% endif %} + + {% if app.port is defined %}port: {{ app.port }}{% endif %} + + {% if app.container_volumes is defined %}container-volumes: [ {% for vol in app.container_volumes %} "{{ vol }}"{% if not loop.last %}, {% endif %}{% endfor %} ]{% endif %} + +{% if shinyproxy_as_docker_service %} + {% if shinyproxy_container_backend == 'docker-swarm' %} + + container-network: {{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_docker_network }} + + {% else %} + + container-network: {{ shinyproxy_docker_network }} + + {% endif %} + {% endif %} + +{% endfor %} +{% endif %} + +security: + basic: + enabled: {{ shinyproxy_basic_auth }} + +{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %} +management: + metrics: + export: + prometheus: + enabled: true +{% endif %} + +{% if shinyproxy_version is version_compare('2.6.0', '>=') %} +spring: + application: + name: "{{ shinyproxy_spring_name }}" + servlet: + multipart: + max-file-size: {{ shinyproxy_max_file_size }} + max-request-size: {{ shinyproxy_max_request_size }} +{% endif %} + +logging: + file: {{ shinyproxy_log_dir }}/shinyproxy.log + #max-size: {{ shinyproxy_max_log_size }} + level: + com.spotify.docker: {{ shinyproxy_docker_loglevel }} + io.undertow: {{ shinyproxy_undertow_loglevel }}