diff --git a/defaults/main.yml b/defaults/main.yml index 87c04a5..8975a4f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -125,3 +125,12 @@ shinyproxy_max_log_size: 20MB # Springboot options shinyproxy_max_file_size: 10MB shinyproxy_max_request_size: "{{ shinyproxy_max_file_size }}" + +# REDIS for shinyproxy +shinyproxy_redis_installation: false +shinyproxy_redis_image: "redis:bookworm" + +# shinyproxy_redis_docker_network:"" +# shinyproxy_redis_service_name: "" +# shinyproxy_redis_user: "" +# shinyproxy_redis_password: "" \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml index 6a08b49..78a2f41 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -13,3 +13,13 @@ name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}" data_src: '{{ shinyproxy_as_docker_src_dir }}/application.yml' state: present + + +- name: Stop the REDIS Swarm stack before creating the secrets + community.docker.docker_swarm_service: + name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_redis_service_name }}" + state: absent +- name: Remove the secret for the REDIS user configuration file + community.docker.docker_secret: + name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_redis_service_name }}_user_config" + state: absent \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 75417ea..0efc211 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -12,3 +12,9 @@ when: - shinyproxy_as_docker_service - shinyproxy_container_backend == 'docker-swarm' +- name: Shiniproxy REDIS service as docker swarm stack + ansible.builtin.import_tasks: shinyproxy_redis_service.yml + when: + - shinyproxy_as_docker_service + - shinyproxy_container_backend == 'docker-swarm' + - shinyproxy_redis_installation diff --git a/tasks/shinyproxy_docker_service.yml b/tasks/shinyproxy_docker_service.yml index b756967..12cd76a 100644 --- a/tasks/shinyproxy_docker_service.yml +++ b/tasks/shinyproxy_docker_service.yml @@ -30,3 +30,4 @@ community.docker.docker_compose: project_src: '{{ shinyproxy_as_docker_src_dir }}' build: true + diff --git a/tasks/shinyproxy_redis_service.yml b/tasks/shinyproxy_redis_service.yml new file mode 100644 index 0000000..29f0b77 --- /dev/null +++ b/tasks/shinyproxy_redis_service.yml @@ -0,0 +1,41 @@ +--- +- name: Manage the installation of the REDIS service + run_once: true + tags: shinyproxy_redis + block: + - name: Create the compose directory for the REDIS Swarm stack + ansible.builtin.file: + dest: "{{ shinyproxy_as_docker_src_dir }}" + state: directory + owner: root + group: root + mode: "0700" + - name: Install the docker compose file of the REDIS Swarm stack + ansible.builtin.template: + src: shinyproxy-redis-docker-compose.yml.j2 + dest: "{{ shinyproxy_as_docker_src_dir }}/shinyproxy-redis-docker-compose.yml" + owner: root + group: root + mode: "0400" + - name: Install the REDIS user configuration file + ansible.builtin.template: + src: shinyproxy-redis-users-config.acl.j2 + dest: "{{ shinyproxy_as_docker_src_dir }}/shinyproxy-redis-users-config.acl" + owner: root + group: root + mode: "0400" + notify: + - Stop the REDIS Swarm stack before creating the secrets + - Remove the secret for the REDIS user configuration file + - Restart shinyproxy + + - name: Flush the handlers so that we can manage the configuration file as a secret + ansible.builtin.meta: flush_handlers + + - name: Start the REDIS Swarm stack + community.docker.docker_stack: + name: "{{ shinyproxy_as_docker_stack_name }}" + state: present + compose: + - "{{ shinyproxy_redis_compose_dir }}/shinyproxy_redis-docker-compose.yml" + diff --git a/templates/shinyproxy-conf.yml.j2 b/templates/shinyproxy-conf.yml.j2 index 48052af..2d76636 100644 --- a/templates/shinyproxy-conf.yml.j2 +++ b/templates/shinyproxy-conf.yml.j2 @@ -208,8 +208,24 @@ spring: multipart: max-file-size: {{ shinyproxy_max_file_size }} max-request-size: {{ shinyproxy_max_request_size }} + + {% if shinyproxy_redis_installation is true %} + session: + store-type: redis + + redis: + host: {{ shinyproxy_redis_service_name | default('redis') }} + port: {{ shinyproxy_redis_port | default(6379) }} + {% if redis_username is defined %} + username: {{ shinyproxy_redis_username }} + {% endif %} + {% if redis_password is defined %} + password: {{ shinyproxy_redis_password }} + {% endif %} + {% endif %} {% endif %} + logging: file: {{ shinyproxy_log_dir }}/shinyproxy.log #max-size: {{ shinyproxy_max_log_size }} diff --git a/templates/shinyproxy-redis-docker-compose.yml.j2 b/templates/shinyproxy-redis-docker-compose.yml.j2 new file mode 100644 index 0000000..55954e5 --- /dev/null +++ b/templates/shinyproxy-redis-docker-compose.yml.j2 @@ -0,0 +1,35 @@ +networks: + haproxy-public: + external: true + {{ shinyproxy_docker_network }}: + external: true + +secrets: + {{ shinyproxy_redis_service_name }}_user_config: + file: ./shinyproxy-redis-users-config.acl + +services: + {{ shinyproxy_redis_service_name }}: + image: {{ shiniproxy_redis_image }} + networks: + - haproxy-public + - {{ shinyproxy_docker_network }} + secrets: + - source: {{ shinyproxy_redis_service_name }}_user_config + target: /usr/local/etc/redis/users.acl + + command: ["redis-server", "--aclfile", "/usr/local/etc/redis/users.acl"] + + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + delay: 5s + window: 120s + placement: + constraints: [node.role == worker] + logging: + driver: "journald" + + diff --git a/templates/shinyproxy-redis-users-config.acl.j2 b/templates/shinyproxy-redis-users-config.acl.j2 new file mode 100644 index 0000000..ac7d8e4 --- /dev/null +++ b/templates/shinyproxy-redis-users-config.acl.j2 @@ -0,0 +1,2 @@ +user default off +user {{ shinyproxy_redis_user }} on >{{ shinyproxy_redis_password }} ~* +@all \ No newline at end of file