Import the old role

This commit is contained in:
Andrea Dell'Amico 2020-09-17 19:30:11 +02:00
parent 42823a7548
commit ced8ff4234
9 changed files with 268 additions and 68 deletions

View File

@ -1,31 +1,22 @@
Role Name Role Name
========= =========
A brief description of the role goes here. A role that
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables Role Variables
-------------- --------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. The most important variables are listed below:
``` yaml
users_system_users:
- { login: 'foo', name: "Foo Bar", home: '{{ users_home_dir }}', createhome: 'yes', ssh_key: '{{ foo_ssh_key }}', shell: '/bin/bash', admin: False, log_as_root: False }
```
Dependencies Dependencies
------------ ------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. None
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License License
------- -------
@ -35,4 +26,4 @@ EUPL-1.2
Author Information Author Information
------------------ ------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed). Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>

View File

@ -1,2 +1,58 @@
--- ---
# defaults file for ansible-role-template # https://shinyproxy.io/
shinyproxy_install: False
shinyproxy_major_ver: 2
shinyproxy_minor_ver: 3
shinyproxy_patch_ver: 1
shinyproxy_version: '{{ shinyproxy_major_ver }}.{{ shinyproxy_minor_ver }}.{{ shinyproxy_patch_ver }}'
shinyproxy_file_name: 'shinyproxy-{{ shinyproxy_version }}.jar'
shinyproxy_url: 'https://www.shinyproxy.io/downloads/{{ shinyproxy_file_name }}'
shinyproxy_app_name: shinyproxy.jar
shinyproxy_user: shinyproxy
shinyproxy_landing_page: '/'
shinyproxy_install_dir: /opt/shinyproxy
shinyproxy_log_dir: /var/log/shinyproxy
shinyproxy_bind_address: 127.0.0.1
shinyproxy_http_port: 8080
# For logrotate. In days
shinyproxy_log_retention: 10
shinyproxy_default_apps: True
# docker, docker-swarm, kubernetes
shinyproxy_container_backend: 'docker'
shinyproxy_docker_port: 2375
shinyproxy_docker_host: 'localhost'
shinyproxy_docker_workers:
- 'localhost'
shinyproxy_docker_protocol: http
shinyproxy_docker_certs_dir: /etc/pki/shinyproxy
shinyproxy_docker_url: '{{ shinyproxy_docker_protocol }}://{{ shinyproxy_docker_host }}:{{ shinyproxy_docker_port }}'
shinyproxy_docker_port_range_start: 20000
shinyproxy_docker_cpu_limit: 1
shinyproxy_docker_memory_request: '1g'
shinyproxy_docker_memory_limit: '2g'
shinyproxy_docker_internal_networking: 'false'
shinyproxy_container_wait_time: 600000
shinyproxy_docker_loglevel: 'INFO'
shinyproxy_hide_navbar: 'false'
shinyproxy_custom_template: False
shinyproxy_template_path: '{{ shinyproxy_install_dir }}/web_templates'
shinyproxy_app_title: 'Open Analytics Shiny Proxy'
shinyproxy_logo_url: 'http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png'
shinyproxy_authentication: ldap
shinyproxy_ldap_enabled: False
shinyproxy_basic_auth: 'false'
shinyproxy_admin_group: ''
shinyproxy_ldap_server: 'ldap://ldap.forumsys.com:389/dc=example,dc=com'
shinyproxy_ldap_admin: cn=read-only-admin,dc=example,dc=com
shinyproxy_ldap_admin_pwd: password
shinyproxy_ldap_user_dn_enabled: False
shinyproxy_ldap_user_dn_pattern: 'uid={0}'
shinyproxy_ldap_user_search_base_enabled: True
shinyproxy_ldap_user_search_base: ''
shinyproxy_ldap_user_search_filter_enabled: True
shinyproxy_ldap_user_search_filter: '(uid={0})'
shinyproxy_ldap_group_search_base: ''
shinyproxy_ldap_group_search_filter: '(uniqueMember={0})'
shinyproxy_max_log_size: 20MB

View File

@ -1,2 +1,3 @@
--- ---
# handlers file for ansible-role-template - name: Restart shinyproxy
service: name=shinyproxy state=restarted

View File

@ -1,61 +1,30 @@
galaxy_info: galaxy_info:
author: your name author: Andrea Dell'Amico
description: your description description: Systems Architect
company: ISTI-CNR company: ISTI-CNR
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
# Some suggested licenses: license: EUPL 1.2+
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: EUPL-1.2
min_ansible_version: 2.8 min_ansible_version: 2.8
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit: # To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/ # https://galaxy.ansible.com/api/v1/platforms/
# #
# platforms: platforms:
# - name: Fedora - name: Ubuntu
# versions: versions:
# - all - trusty
# - 25 - bionic
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: [] galaxy_tags:
# List tags for your role here, one per line. A tag is a keyword that describes - R
# and categorizes the role. Users find roles by searching for tags. Be sure to - shinyapp
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: [] dependencies:
# List your role dependencies here, one per line. Be sure to remove the '[]' above, - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-openjdk.git
# if you add dependencies to this list. version: master
name: openjdk
state: latest

View File

@ -1,2 +1,74 @@
--- ---
# tasks file for ansible-role-template - block:
- name: Create the shinyproxy user
user: name={{ shinyproxy_user }} home={{ shinyproxy_install_dir }} createhome=yes system=yes shell=/usr/sbin/nologin
- name: Download the shinyproxy jar
become: True
become_user: '{{ shinyproxy_user }}'
get_url: url={{ shinyproxy_url }} dest={{ shinyproxy_install_dir }}
- name: Set up a symlink to an unversioned app name
become: True
become_user: '{{ shinyproxy_user }}'
file: src={{ shinyproxy_install_dir }}/{{ shinyproxy_file_name }} dest={{ shinyproxy_install_dir }}/{{ shinyproxy_app_name }} state=link
- name: Install the shinyproxy configuration file when using version 2.x
template: src=shinyproxy-2-conf.yml.j2 dest={{ shinyproxy_install_dir }}/application.yml owner=root group={{ shinyproxy_user }} mode=0640
notify: Restart shinyproxy
when: shinyproxy_major_ver == 2
tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ]
- name: Install the shinyproxy logrotate configuration
template: src=shinyproxy-logrotate.j2 dest=/etc/logrotate.d/shinyproxy owner=root group=root mode=0444
tags: [ 'shinyproxy', 'shinyproxy_conf' ]
- name: Install the upstart init file
template: src=upstart-shinyproxy.conf.j2 dest=/etc/init/shinyproxy.conf owner=root group=root mode=0644
when: ansible_service_mgr != 'systemd'
when:
- ansible_distribution_major_version < '16'
- shinyproxy_install | bool
tags: shinyproxy
- block:
- name: Install the shinyproxy deb package
apt:
deb: "https://www.shinyproxy.io/downloads/shinyproxy_{{ shinyproxy_version }}_amd64.deb"
state: present
- name: Install the shinyproxy configuration file when using version 2.x
template: src=shinyproxy-2-conf.yml.j2 dest=/etc/shinyproxy/application.yml owner=root group={{ shinyproxy_user }} mode=0640
notify: Restart shinyproxy
when: shinyproxy_major_ver == 2
tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ]
when:
- ansible_distribution_file_variety == "Debian"
- ansible_distribution_major_version >= '16'
- shinyproxy_install | bool
tags: shinyproxy
- block:
- name: Ensure that the shinyproxy service is enabled and running
service: name=shinyproxy state=started enabled=yes
- name: Create the directory where to install the custom templates, if we want to use them
file: dest={{ shinyproxy_template_path }} state=directory
when: shinyproxy_custom_template | bool
- name: Create shinyproxy log directory
file: dest={{ shinyproxy_log_dir }} state=directory owner=shinyproxy mode=0750
- name: Pull the Docker images for the Shiny apps, when using Docker standalone
docker_image: name={{ item.docker_image }} pull=yes state={{ item.image_state | default('present') }} force=yes
with_items: '{{ shinyproxy_apps }}'
when:
- shinyproxy_apps is defined
- shinyproxy_container_backend == 'docker'
tags: [ 'shinyproxy', 'shinyproxy_images' ]
when: shinyproxy_install | bool
tags: shinyproxy

View File

@ -0,0 +1,78 @@
proxy:
title: {{ shinyproxy_app_title }}
logo-url: {{ shinyproxy_logo_url }}
landing-page: {{ shinyproxy_landing_page }}
heartbeat-rate: 10000
heartbeat-timeout: 60000
container-wait-time: {{ shinyproxy_container_wait_time }}
bind-address: {{ shinyproxy_bind_address }}
port: {{ shinyproxy_http_port }}
hide-navbar: {{ shinyproxy_hide_navbar }}
{% if shinyproxy_custom_template %}
template-path: {{ shinyproxy_template_path }}
{% endif %}
authentication: {{ shinyproxy_authentication }}
admin-groups: {{ shinyproxy_admin_group }}
container-backend: {{ shinyproxy_container_backend }}
{% if shinyproxy_ldap_enabled %}
# LDAP configuration
ldap:
url: {{ shinyproxy_ldap_server }}
{% if shinyproxy_ldap_user_dn_enabled %}
user-dn-pattern: {{ shinyproxy_ldap_user_dn_pattern }}
{% endif %}
{% if shinyproxy_ldap_user_search_base_enabled %}
user-search-base: {{ shinyproxy_ldap_user_search_base }}
{% endif %}
{% if shinyproxy_ldap_user_search_filter_enabled %}
user-search-filter: {{ shinyproxy_ldap_user_search_filter }}
{% endif %}
group-search-base: {{ shinyproxy_ldap_group_search_base }}
group-search-filter: {{ shinyproxy_ldap_group_search_filter }}
manager-dn: {{ shinyproxy_ldap_admin }}
manager-password: {{ shinyproxy_ldap_admin_pwd }}
{% endif %}
docker:
container-memory-request: {{ shinyproxy_docker_memory_request }}
container-memory-limit: {{ shinyproxy_docker_memory_limit }}
container-cpu-limit: {{ shinyproxy_docker_cpu_limit }}
cert-path: {{ shinyproxy_docker_certs_dir }}
url: {{ shinyproxy_docker_url }}
container-protocol: {{ shinyproxy_docker_protocol }}
port-range-start: {{ shinyproxy_docker_port_range_start }}
internal-networking: {{ shinyproxy_docker_internal_networking }}
specs:
{% if shinyproxy_default_apps %}
- id: 01_hello
display-name: Hello Application
description: Application which demonstrates the basics of a Shiny app
container-cmd: ["R", "-e shinyproxy::run_01_hello()"]
container-image: openanalytics/shinyproxy-demo
- id: 06_tabsets
docker-cmd: ["R", "-e shinyproxy::run_06_tabsets()"]
container-image: openanalytics/shinyproxy-demo
{% endif %}
{% if shinyproxy_apps is defined %}
{% for app in shinyproxy_apps %}
- id: {{ app.name }}
display-name: {{ app.display_name }}
description: {{ app.description }}
container-cmd: ["R", "-e {{ app.cmd }}"]
container-image: {{ app.docker_image }}
container-memory: {{ app.docker_memory | default('2g') }}
{% if app.groups is defined %}
groups: {{ app.groups }}
{% endif %}
{% endfor %}
{% endif %}
security:
basic:
enabled: {{ shinyproxy_basic_auth }}
logging:
file: {{ shinyproxy_log_dir }}/shinyproxy.log
#max-size: {{ shinyproxy_max_log_size }}
level:
com.spotify.docker: {{ shinyproxy_docker_loglevel }}

View File

@ -0,0 +1,8 @@
{{ shinyproxy_log_dir }}/shinyproxy.log {
copytruncate
daily
rotate 10
compress
missingok
create 640 {{ shinyproxy_user }} adm
}

View File

@ -0,0 +1,8 @@
#!/bin/bash
/bin/cp -f /var/lib/docker/swarm/certificates/swarm-root-ca.crt {{ shinyproxy_docker_certs_dir }}/ca.pem
/bin/cp -f /var/lib/docker/swarm/certificates/swarm-node.crt {{ shinyproxy_docker_certs_dir }}/cert.pem
/bin/cp -f /var/lib/docker/swarm/certificates/swarm-node.key {{ shinyproxy_docker_certs_dir }}/key.pem
chown shinyproxy {{ shinyproxy_docker_certs_dir }}/key.pem
exit 0

View File

@ -0,0 +1,17 @@
# shinyproxy - springboot based shiny executor
description "shinyproxy service"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 10 5
setuid {{ shinyproxy_user }}
setgid {{ shinyproxy_user }}
script
cd {{ shinyproxy_install_dir }}
exec java -jar ./{{ shinyproxy_app_name }}
end script