Merge pull request 'master' (!2) from marco.procaccini/ansible-role-shinyproxy:master into master

Reviewed-on: #2

defaults/main.yml

@@ -125,3 +125,12 @@ shinyproxy_max_log_size: 20MB
 # Springboot options
 shinyproxy_max_file_size: 10MB
 shinyproxy_max_request_size: "{{ shinyproxy_max_file_size }}"
+
+# REDIS for shinyproxy
+shinyproxy_redis_installation: false
+shinyproxy_redis_image: "redis:bookworm"
+
+# shinyproxy_redis_docker_network:""
+# shinyproxy_redis_service_name: ""
+# shinyproxy_redis_user: ""
+# shinyproxy_redis_password: ""

handlers/main.yml

@@ -13,3 +13,13 @@
     name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}"
     data_src: '{{ shinyproxy_as_docker_src_dir }}/application.yml'
     state: present
+  
+  
+- name: Stop the REDIS Swarm stack before creating the secrets
+  community.docker.docker_swarm_service:
+    name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_redis_service_name }}"
+    state: absent
+- name: Remove the secret for the REDIS user configuration file
+  community.docker.docker_secret:
+    name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_redis_service_name }}_user_config"
+    state: absent 

tasks/main.yml

@@ -12,3 +12,9 @@
   when:
     - shinyproxy_as_docker_service
     - shinyproxy_container_backend == 'docker-swarm'
+- name: Shiniproxy REDIS service as docker swarm stack
+  ansible.builtin.import_tasks: shinyproxy_redis_service.yml
+  when:
+    - shinyproxy_as_docker_service
+    - shinyproxy_container_backend == 'docker-swarm'
+    - shinyproxy_redis_installation

tasks/shinyproxy_docker_service.yml

@@ -30,3 +30,4 @@
       community.docker.docker_compose:
         project_src: '{{ shinyproxy_as_docker_src_dir }}'
         build: true
+

tasks/shinyproxy_redis_service.yml

@@ -0,0 +1,41 @@
+---
+- name: Manage the installation of the REDIS service
+  run_once: true
+  tags: shinyproxy_redis
+  block:
+    - name: Create the compose directory for the REDIS Swarm stack
+      ansible.builtin.file:
+        dest: "{{ shinyproxy_as_docker_src_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: "0700"
+    - name: Install the docker compose file of the REDIS Swarm stack
+      ansible.builtin.template:
+        src: shinyproxy-redis-docker-compose.yml.j2
+        dest: "{{ shinyproxy_as_docker_src_dir }}/shinyproxy-redis-docker-compose.yml"
+        owner: root
+        group: root
+        mode: "0400"
+    - name: Install the REDIS user configuration file 
+      ansible.builtin.template:
+        src: shinyproxy-redis-users-config.acl.j2
+        dest: "{{ shinyproxy_as_docker_src_dir }}/shinyproxy-redis-users-config.acl"
+        owner: root
+        group: root
+        mode: "0400"
+      notify: 
+        - Stop the REDIS Swarm stack before creating the secrets
+        - Remove the secret for the REDIS user configuration file
+        - Restart shinyproxy
+        
+    - name: Flush the handlers so that we can manage the configuration file as a secret
+      ansible.builtin.meta: flush_handlers
+
+    - name: Start the REDIS Swarm stack
+      community.docker.docker_stack:
+        name: "{{ shinyproxy_as_docker_stack_name }}"
+        state: present
+        compose:
+          - "{{ shinyproxy_redis_compose_dir }}/shinyproxy_redis-docker-compose.yml"
+

templates/shinyproxy-conf.yml.j2

@@ -208,8 +208,24 @@ spring:
     multipart:
       max-file-size: {{ shinyproxy_max_file_size }}
       max-request-size: {{ shinyproxy_max_request_size }}
+
+  {% if shinyproxy_redis_installation is true %}
+    session:
+    store-type: redis
+
+  redis:
+    host: {{ shinyproxy_redis_service_name | default('redis') }}
+    port: {{ shinyproxy_redis_port | default(6379) }}
+    {% if redis_username is defined %}
+    username: {{ shinyproxy_redis_username }}
+    {% endif %}
+    {% if redis_password is defined %}
+    password: {{ shinyproxy_redis_password }}
+    {% endif %}
+  {% endif %}
 {% endif %}
 
+
 logging:
   file: {{ shinyproxy_log_dir }}/shinyproxy.log
   #max-size: {{ shinyproxy_max_log_size }}

templates/shinyproxy-redis-docker-compose.yml.j2

@@ -0,0 +1,35 @@
+networks:
+  haproxy-public:
+    external: true
+  {{ shinyproxy_docker_network }}:
+    external: true
+
+secrets: 
+  {{ shinyproxy_redis_service_name }}_user_config:
+    file: ./shinyproxy-redis-users-config.acl
+
+services:
+  {{ shinyproxy_redis_service_name }}:
+    image: {{ shiniproxy_redis_image }}
+    networks:
+      - haproxy-public
+      - {{ shinyproxy_docker_network }}
+    secrets: 
+      - source: {{ shinyproxy_redis_service_name }}_user_config
+        target: /usr/local/etc/redis/users.acl
+    
+    command: ["redis-server", "--aclfile", "/usr/local/etc/redis/users.acl"]
+    
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        delay: 5s
+        window: 120s
+      placement:
+        constraints: [node.role == worker]
+    logging:
+      driver: "journald"
+
+

templates/shinyproxy-redis-users-config.acl.j2

@@ -0,0 +1,2 @@
+user default off
+user {{ shinyproxy_redis_user }}  on >{{ shinyproxy_redis_password }} ~* +@all