Install the config file as secret.

This commit is contained in:
Andrea Dell'Amico 2024-04-08 18:28:36 +02:00
parent 271675d593
commit fbcf52c5f2
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
6 changed files with 96 additions and 84 deletions

View File

@ -1,7 +1,9 @@
---
# https://shinyproxy.io/
shinyproxy_install: True
shinyproxy_as_docker_service: False
# https://github.com/openanalytics/shinyproxy
# https://github.com/openanalytics/shinyproxy-config-examples
shinyproxy_install: true
shinyproxy_as_docker_service: false
shinyproxy_major_ver: 3
shinyproxy_minor_ver: 0
shinyproxy_patch_ver: 2
@ -18,6 +20,7 @@ shinyproxy_conf_dir: '{{ shinyproxy_install_dir }}'
shinyproxy_log_dir: /var/log/shinyproxy
shinyproxy_bind_address: 127.0.0.1
shinyproxy_http_port: 8080
shinyproxy_published_http_port: "{{ shinyproxy_http_port }}"
shinyproxy_docker_http_port_mode: 'ingress'
shinyproxy_heartbeat_rate: 10000
shinyproxy_heartbeat_timeout: 60000
@ -31,7 +34,7 @@ shinyproxy_default_stop_proxy_on_logout: 'true'
shinyproxy_default_proxy_max_lifetime: 60
shinyproxy_undertow_loglevel: 'INFO'
shinyproxy_prometheus_port: 9090
shinyproxy_expose_prometheus: True
shinyproxy_expose_prometheus: true
# 30 minutes
shinyproxy_server_session_timeout: 1800
shinyproxy_server_secure_cookies: 'true'
@ -41,17 +44,17 @@ shinyproxy_server_frame_options: 'sameorigin'
shinyproxy_same_site_cookie: 'Lax'
# For logrotate. In days
shinyproxy_log_retention: 10
shinyproxy_default_apps: True
shinyproxy_default_apps: false
# Shinyproxy as docker service
shinyproxy_docker_image: 'openanalytics/shinyproxy:{{ shinyproxy_version }}'
shinyproxy_as_docker_stack_name: 'shinyproxy'
shinyproxy_as_docker_service_name: 'shinyproxy'
shinyproxy_as_docker_src_dir: /srv/{{ shinyproxy_as_docker_stack_name }}_service
shinyproxy_docker_network: 'shinyproxy'
shinyproxy_docker_swarm_behind_haproxy: True
shinyproxy_docker_swarm_behind_haproxy: true
shinyproxy_docker_swarm_replicas: 1
shinyproxy_docker_mount_conf_file: True
shinyproxy_docker_log_to_journal: True
shinyproxy_docker_mount_conf_file: false
shinyproxy_docker_log_to_journal: true
# Shinyproxy configuration
# docker, docker-swarm, kubernetes
shinyproxy_container_backend: 'docker'
@ -84,11 +87,11 @@ shinyproxy_admin_group: ''
shinyproxy_ldap_server: 'ldap://ldap.forumsys.com:389/dc=example,dc=com'
shinyproxy_ldap_admin: cn=read-only-admin,dc=example,dc=com
shinyproxy_ldap_admin_pwd: password
shinyproxy_ldap_user_dn_enabled: False
shinyproxy_ldap_user_dn_enabled: false
shinyproxy_ldap_user_dn_pattern: 'uid={0}'
shinyproxy_ldap_user_search_base_enabled: True
shinyproxy_ldap_user_search_base_enabled: true
shinyproxy_ldap_user_search_base: ''
shinyproxy_ldap_user_search_filter_enabled: True
shinyproxy_ldap_user_search_filter_enabled: true
shinyproxy_ldap_user_search_filter: '(uid={0})'
shinyproxy_ldap_group_search_base: ''
shinyproxy_ldap_group_search_filter: '(uniqueMember={0})'
@ -109,7 +112,7 @@ shinyproxy_oidc_client_secret: 'use a vault file'
# name, preferred_username, nickname, email
shinyproxy_oidc_username_attribute: 'email'
# See https://www.shinyproxy.io/faq/#authentication-using-openid-does-not-work-because-of-missing-attribute-email-in-attributes-exception
shinyproxy_oidc_use_roles_claim: True
shinyproxy_oidc_use_roles_claim: true
shinyproxy_oidc_roles_claim: 'groups'
shinyproxy_max_log_size: 20MB

View File

@ -1,3 +1,10 @@
---
- name: Restart shinyproxy
service: name=shinyproxy state=restarted
ansible.builtin.service:
name: shinyproxy
state: restarted
- name: Stop the shinyproxy service
community.docker.docker_swarm_service:
name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}"
state: absent

View File

@ -2,6 +2,13 @@
- name: Shinyproxy as a standalone service
ansible.builtin.import_tasks: shinyproxy_vm.yml
when: not shinyproxy_as_docker_service
- name: Shinyproxy as a container
- name: Shinyproxy as a standalone container
ansible.builtin.import_tasks: shinyproxy_docker_service.yml
when: shinyproxy_as_docker_service
when:
- shinyproxy_as_docker_service
- shinyproxy_container_backend == 'docker'
- name: Shinyproxy as a Docker Swarm stack
ansible.builtin.import_tasks: shinyproxy_docker_stack_service.yml
when:
- shinyproxy_as_docker_service
- shinyproxy_container_backend == 'docker-swarm'

View File

@ -1,6 +1,5 @@
---
- name: shinyproxy_docker_service | Manage the composition of shinyproxy as a docker (non swarm) service
when: shinyproxy_container_backend == 'docker'
tags: ['shinyproxy', 'shinyproxy_docker', 'docker']
block:
- name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into
@ -11,14 +10,6 @@
group: root
mode: "0750"
- name: shinyproxy_docker_service | Install the shinyproxy configuration file when using version 2.x
ansible.builtin.template:
src: shinyproxy-2-conf.yml.j2
dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml"
owner: root
group: root
mode: "0400"
- name: shinyproxy_docker_service | Install the shinyproxy docker file
ansible.builtin.template:
src: Dockerfile.j2
@ -39,55 +30,3 @@
community.docker.docker_compose:
project_src: '{{ shinyproxy_as_docker_src_dir }}'
build: true
- name: shinyproxy_docker_service | Manage the installation of the shinyproxy configuration of the swarm service
when:
- shinyproxy_container_backend == 'docker-swarm'
- shinyproxy_docker_mount_conf_file
tags: ['shinyproxy', 'shinyproxy_swarm', 'docker']
block:
- name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into
ansible.builtin.file:
dest: "{{ shinyproxy_as_docker_src_dir }}"
state: directory
owner: root
group: root
mode: "0700"
- name: shinyproxy_docker_service | Install the shinyproxy configuration file
ansible.builtin.template:
src: shinyproxy-2-conf.yml.j2
dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml"
owner: root
group: root
mode: "0400"
- name: shinyproxy_docker_service | Manage the docker stack
when:
- docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool
- shinyproxy_container_backend == 'docker-swarm'
tags: ['shinyproxy', 'shinyproxy_swarm', 'docker']
run_once: true
block:
- name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into
ansible.builtin.file:
dest: "{{ shinyproxy_as_docker_src_dir }}"
state: directory
owner: root
group: root
mode: "0700"
- name: shinyproxy_docker_service | Install the docker compose file
ansible.builtin.template:
src: shinyproxy-docker-compose.yml.j2
dest: "{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml"
owner: root
group: root
mode: "0400"
- name: shinyproxy_docker_service | Start the shinyproxy stack
community.docker.docker_stack:
name: '{{ shinyproxy_as_docker_stack_name }}'
state: present
compose:
- '{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml'

View File

@ -0,0 +1,56 @@
---
- name: shinyproxy_docker_stack_service | Manage the installation of the shinyproxy configuration of the swarm service
tags: ['shinyproxy', 'shinyproxy_swarm', 'docker']
block:
- name: shinyproxy_docker_stack_service | Create the directory where the dockerfile and the configuration file will be copied into
ansible.builtin.file:
dest: "{{ shinyproxy_as_docker_src_dir }}"
state: directory
owner: root
group: root
mode: "0700"
- name: shinyproxy_docker_stack_service | Manage the docker stack
tags: ['shinyproxy', 'shinyproxy_swarm', 'docker']
run_once: true
block:
- name: shinyproxy_docker_stack_service | Create the directory where the dockerfile and the configuration file will be copied into
ansible.builtin.file:
dest: "{{ shinyproxy_as_docker_src_dir }}"
state: directory
owner: root
group: root
mode: "0700"
- name: shinyproxy_docker_stack_service | Install the docker compose file
ansible.builtin.template:
src: shinyproxy-docker-compose.yml.j2
dest: "{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml"
owner: root
group: root
mode: "0400"
- name: shinyproxy_docker_stack_service | Install the shinyproxy configuration file
ansible.builtin.template:
src: shinyproxy-2-conf.yml.j2
dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml"
owner: root
group: root
mode: "0400"
notify: Stop the shinyproxy service
- name: shinyproxy_docker_stack_service | Flush the handlers to stop the shinyproxy service if needed
ansible.builtin.meta: flush_handlers
- name: shinyproxy_docker_stack_service | Create the secret for the application.yml file
community.docker.docker_secret:
name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}_application_yml"
data_src: '{{ shinyproxy_as_docker_src_dir }}/application.yml'
state: present
- name: shinyproxy_docker_stack_service | Start the shinyproxy stack
community.docker.docker_stack:
name: '{{ shinyproxy_as_docker_stack_name }}'
state: present
compose:
- '{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml'

View File

@ -8,9 +8,9 @@ networks:
{{ shinyproxy_docker_network }}:
{% if not shinyproxy_docker_mount_conf_file %}
configs:
shinyproxy_conf:
file: {{ shinyproxy_as_docker_src_dir }}/application.yml
secrets:
{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}_application_yml:
external: true
{% endif %}
services:
shinyproxy:
@ -21,7 +21,7 @@ services:
published: {{ shinyproxy_http_port }}
protocol: tcp
mode: '{{ shinyproxy_docker_http_port_mode }}'
{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %}
{% if shinyproxy_expose_prometheus %}
- target: 9090
published: {{ shinyproxy_prometheus_port }}
protocol: tcp
@ -32,10 +32,10 @@ services:
{% if not shinyproxy_docker_swarm_behind_haproxy %}
ports:
- target: {{ shinyproxy_http_port }}
published: {{ shinyproxy_http_port }}
published: {{ shinyproxy_published_http_port }}
protocol: tcp
mode: 'ingress'
{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %}
{% if shinyproxy_expose_prometheus %}
- target: 9090
published: {{ shinyproxy_prometheus_port }}
protocol: tcp
@ -49,10 +49,10 @@ services:
- {{ shinyproxy_as_docker_src_dir }}/application.yml:{{ shinyproxy_conf_dir }}/application.yml
{% endif %}
{% if not shinyproxy_docker_mount_conf_file %}
configs:
- source: shinyproxy_conf
secrets:
- source: {{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}_application_yml
target: {{ shinyproxy_conf_dir }}/application.yml
mode: 0400
mode: 0444
{% endif %}
networks:
- {{ shinyproxy_docker_network }}