From 88b23a2fa9bc9c539aca0f3fb933daae9f3751bc Mon Sep 17 00:00:00 2001 From: Marco Procaccini Date: Mon, 21 Jul 2025 13:06:10 +0200 Subject: [PATCH 1/2] adding redis support for shinyproxy --- defaults/main.yml | 10 +++++++ tasks/main.yml | 6 +++++ tasks/shinyproxy_docker_service.yml | 1 + tasks/shinyproxy_redis_service.yml | 27 +++++++++++++++++++ templates/shinyproxy-conf.yml.j2 | 16 +++++++++++ .../shinyproxy-redis-docker-compose.yml.j2 | 23 ++++++++++++++++ 6 files changed, 83 insertions(+) create mode 100644 tasks/shinyproxy_redis_service.yml create mode 100644 templates/shinyproxy-redis-docker-compose.yml.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 87c04a5..cfaa400 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -125,3 +125,13 @@ shinyproxy_max_log_size: 20MB # Springboot options shinyproxy_max_file_size: 10MB shinyproxy_max_request_size: "{{ shinyproxy_max_file_size }}" + +# REDIS for shinyproxy +shinyproxy_redis_installation: false +shinyproxy_redis_image: "redis:bookworm" +# shinyproxy_redis_compose_dir: "/srv/shinyproxy_redis_stack" +# shinyproxy_redis_docker_stack_name: "" +# shinyproxy_redis_docker_network:"" +# shinyproxy_redis_service_name: "" +# shinyproxy_redis_user: "" +# shinyproxy_redis_password: "" \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 75417ea..429d29a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -9,6 +9,12 @@ - shinyproxy_container_backend == 'docker' - name: Shinyproxy as a Docker Swarm stack ansible.builtin.import_tasks: shinyproxy_docker_stack_service.yml + when: + - shinyproxy_as_docker_service + - shinyproxy_container_backend == 'docker-swarm +- name: Shiniproxy REDIS service as docker swarm stack' + ansible.builtin.import_tasks: shinyproxy_redis_service.yml when: - shinyproxy_as_docker_service - shinyproxy_container_backend == 'docker-swarm' + - shinyproxy_redis_installation diff --git a/tasks/shinyproxy_docker_service.yml b/tasks/shinyproxy_docker_service.yml index b756967..12cd76a 100644 --- a/tasks/shinyproxy_docker_service.yml +++ b/tasks/shinyproxy_docker_service.yml @@ -30,3 +30,4 @@ community.docker.docker_compose: project_src: '{{ shinyproxy_as_docker_src_dir }}' build: true + diff --git a/tasks/shinyproxy_redis_service.yml b/tasks/shinyproxy_redis_service.yml new file mode 100644 index 0000000..649b662 --- /dev/null +++ b/tasks/shinyproxy_redis_service.yml @@ -0,0 +1,27 @@ +--- +- name: Manage the installation of the REDIS service + run_once: true + tags: shinyproxy_redis + block: + - name: Create the compose directory for the REDIS Swarm stack + ansible.builtin.file: + dest: "{{ shinyproxy_redis_compose_dir }}" + state: directory + owner: root + group: root + mode: "0700" + - name: Install the docker compose file of the REDIS Swarm stack + ansible.builtin.template: + src: shinyproxy-redis-docker-compose.yml.j2 + dest: "{{ redis_compose_dir }}/shinyproxy-redis-docker-compose.yml" + owner: root + group: root + mode: "0400" + + - name: Start the REDIS Swarm stack + community.docker.docker_stack: + name: "{{ shinyproxy_redis_docker_stack_name }}" + state: present + compose: + - "{{ shinyproxy_redis_compose_dir }}/shinyproxy-redis-docker-compose.yml" + diff --git a/templates/shinyproxy-conf.yml.j2 b/templates/shinyproxy-conf.yml.j2 index 48052af..2d76636 100644 --- a/templates/shinyproxy-conf.yml.j2 +++ b/templates/shinyproxy-conf.yml.j2 @@ -208,8 +208,24 @@ spring: multipart: max-file-size: {{ shinyproxy_max_file_size }} max-request-size: {{ shinyproxy_max_request_size }} + + {% if shinyproxy_redis_installation is true %} + session: + store-type: redis + + redis: + host: {{ shinyproxy_redis_service_name | default('redis') }} + port: {{ shinyproxy_redis_port | default(6379) }} + {% if redis_username is defined %} + username: {{ shinyproxy_redis_username }} + {% endif %} + {% if redis_password is defined %} + password: {{ shinyproxy_redis_password }} + {% endif %} + {% endif %} {% endif %} + logging: file: {{ shinyproxy_log_dir }}/shinyproxy.log #max-size: {{ shinyproxy_max_log_size }} diff --git a/templates/shinyproxy-redis-docker-compose.yml.j2 b/templates/shinyproxy-redis-docker-compose.yml.j2 new file mode 100644 index 0000000..cb42295 --- /dev/null +++ b/templates/shinyproxy-redis-docker-compose.yml.j2 @@ -0,0 +1,23 @@ +services: + {{ shinyproxy_redis_service_name }}: + image: {{ shiniproxy_redis_image }} + networks: + - haproxy-public + - {{ shinyproxy_redis_docker_network }} + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + delay: 5s + window: 120s + placement: + constraints: [node.role == worker] + logging: + driver: "journald" + +networks: + haproxy-public: + external: true + {{ shinyproxy_redis_docker_network }}: + external: true From 9efcf64b318c5d94aaf4b9509eb96b003347b318 Mon Sep 17 00:00:00 2001 From: Marco Procaccini Date: Mon, 21 Jul 2025 14:53:18 +0200 Subject: [PATCH 2/2] duplicated variables removed, fixed syntax bug in main.yml, added users.acl secret file and its handlers --- defaults/main.yml | 3 +-- handlers/main.yml | 10 ++++++++ tasks/main.yml | 4 ++-- tasks/shinyproxy_redis_service.yml | 22 +++++++++++++---- .../shinyproxy-redis-docker-compose.yml.j2 | 24 ++++++++++++++----- .../shinyproxy-redis-users-config.acl.j2 | 2 ++ 6 files changed, 51 insertions(+), 14 deletions(-) create mode 100644 templates/shinyproxy-redis-users-config.acl.j2 diff --git a/defaults/main.yml b/defaults/main.yml index cfaa400..8975a4f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -129,8 +129,7 @@ shinyproxy_max_request_size: "{{ shinyproxy_max_file_size }}" # REDIS for shinyproxy shinyproxy_redis_installation: false shinyproxy_redis_image: "redis:bookworm" -# shinyproxy_redis_compose_dir: "/srv/shinyproxy_redis_stack" -# shinyproxy_redis_docker_stack_name: "" + # shinyproxy_redis_docker_network:"" # shinyproxy_redis_service_name: "" # shinyproxy_redis_user: "" diff --git a/handlers/main.yml b/handlers/main.yml index 6a08b49..78a2f41 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -13,3 +13,13 @@ name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}" data_src: '{{ shinyproxy_as_docker_src_dir }}/application.yml' state: present + + +- name: Stop the REDIS Swarm stack before creating the secrets + community.docker.docker_swarm_service: + name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_redis_service_name }}" + state: absent +- name: Remove the secret for the REDIS user configuration file + community.docker.docker_secret: + name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_redis_service_name }}_user_config" + state: absent \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 429d29a..0efc211 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -11,8 +11,8 @@ ansible.builtin.import_tasks: shinyproxy_docker_stack_service.yml when: - shinyproxy_as_docker_service - - shinyproxy_container_backend == 'docker-swarm -- name: Shiniproxy REDIS service as docker swarm stack' + - shinyproxy_container_backend == 'docker-swarm' +- name: Shiniproxy REDIS service as docker swarm stack ansible.builtin.import_tasks: shinyproxy_redis_service.yml when: - shinyproxy_as_docker_service diff --git a/tasks/shinyproxy_redis_service.yml b/tasks/shinyproxy_redis_service.yml index 649b662..29f0b77 100644 --- a/tasks/shinyproxy_redis_service.yml +++ b/tasks/shinyproxy_redis_service.yml @@ -5,7 +5,7 @@ block: - name: Create the compose directory for the REDIS Swarm stack ansible.builtin.file: - dest: "{{ shinyproxy_redis_compose_dir }}" + dest: "{{ shinyproxy_as_docker_src_dir }}" state: directory owner: root group: root @@ -13,15 +13,29 @@ - name: Install the docker compose file of the REDIS Swarm stack ansible.builtin.template: src: shinyproxy-redis-docker-compose.yml.j2 - dest: "{{ redis_compose_dir }}/shinyproxy-redis-docker-compose.yml" + dest: "{{ shinyproxy_as_docker_src_dir }}/shinyproxy-redis-docker-compose.yml" owner: root group: root mode: "0400" + - name: Install the REDIS user configuration file + ansible.builtin.template: + src: shinyproxy-redis-users-config.acl.j2 + dest: "{{ shinyproxy_as_docker_src_dir }}/shinyproxy-redis-users-config.acl" + owner: root + group: root + mode: "0400" + notify: + - Stop the REDIS Swarm stack before creating the secrets + - Remove the secret for the REDIS user configuration file + - Restart shinyproxy + + - name: Flush the handlers so that we can manage the configuration file as a secret + ansible.builtin.meta: flush_handlers - name: Start the REDIS Swarm stack community.docker.docker_stack: - name: "{{ shinyproxy_redis_docker_stack_name }}" + name: "{{ shinyproxy_as_docker_stack_name }}" state: present compose: - - "{{ shinyproxy_redis_compose_dir }}/shinyproxy-redis-docker-compose.yml" + - "{{ shinyproxy_redis_compose_dir }}/shinyproxy_redis-docker-compose.yml" diff --git a/templates/shinyproxy-redis-docker-compose.yml.j2 b/templates/shinyproxy-redis-docker-compose.yml.j2 index cb42295..55954e5 100644 --- a/templates/shinyproxy-redis-docker-compose.yml.j2 +++ b/templates/shinyproxy-redis-docker-compose.yml.j2 @@ -1,9 +1,25 @@ +networks: + haproxy-public: + external: true + {{ shinyproxy_docker_network }}: + external: true + +secrets: + {{ shinyproxy_redis_service_name }}_user_config: + file: ./shinyproxy-redis-users-config.acl + services: {{ shinyproxy_redis_service_name }}: image: {{ shiniproxy_redis_image }} networks: - haproxy-public - - {{ shinyproxy_redis_docker_network }} + - {{ shinyproxy_docker_network }} + secrets: + - source: {{ shinyproxy_redis_service_name }}_user_config + target: /usr/local/etc/redis/users.acl + + command: ["redis-server", "--aclfile", "/usr/local/etc/redis/users.acl"] + deploy: mode: replicated replicas: 1 @@ -16,8 +32,4 @@ services: logging: driver: "journald" -networks: - haproxy-public: - external: true - {{ shinyproxy_redis_docker_network }}: - external: true + diff --git a/templates/shinyproxy-redis-users-config.acl.j2 b/templates/shinyproxy-redis-users-config.acl.j2 new file mode 100644 index 0000000..ac7d8e4 --- /dev/null +++ b/templates/shinyproxy-redis-users-config.acl.j2 @@ -0,0 +1,2 @@ +user default off +user {{ shinyproxy_redis_user }} on >{{ shinyproxy_redis_password }} ~* +@all \ No newline at end of file