Install the config file as secret.
This commit is contained in:
parent
271675d593
commit
fbcf52c5f2
|
@ -1,7 +1,9 @@
|
|||
---
|
||||
# https://shinyproxy.io/
|
||||
shinyproxy_install: True
|
||||
shinyproxy_as_docker_service: False
|
||||
# https://github.com/openanalytics/shinyproxy
|
||||
# https://github.com/openanalytics/shinyproxy-config-examples
|
||||
shinyproxy_install: true
|
||||
shinyproxy_as_docker_service: false
|
||||
shinyproxy_major_ver: 3
|
||||
shinyproxy_minor_ver: 0
|
||||
shinyproxy_patch_ver: 2
|
||||
|
@ -18,6 +20,7 @@ shinyproxy_conf_dir: '{{ shinyproxy_install_dir }}'
|
|||
shinyproxy_log_dir: /var/log/shinyproxy
|
||||
shinyproxy_bind_address: 127.0.0.1
|
||||
shinyproxy_http_port: 8080
|
||||
shinyproxy_published_http_port: "{{ shinyproxy_http_port }}"
|
||||
shinyproxy_docker_http_port_mode: 'ingress'
|
||||
shinyproxy_heartbeat_rate: 10000
|
||||
shinyproxy_heartbeat_timeout: 60000
|
||||
|
@ -31,7 +34,7 @@ shinyproxy_default_stop_proxy_on_logout: 'true'
|
|||
shinyproxy_default_proxy_max_lifetime: 60
|
||||
shinyproxy_undertow_loglevel: 'INFO'
|
||||
shinyproxy_prometheus_port: 9090
|
||||
shinyproxy_expose_prometheus: True
|
||||
shinyproxy_expose_prometheus: true
|
||||
# 30 minutes
|
||||
shinyproxy_server_session_timeout: 1800
|
||||
shinyproxy_server_secure_cookies: 'true'
|
||||
|
@ -41,17 +44,17 @@ shinyproxy_server_frame_options: 'sameorigin'
|
|||
shinyproxy_same_site_cookie: 'Lax'
|
||||
# For logrotate. In days
|
||||
shinyproxy_log_retention: 10
|
||||
shinyproxy_default_apps: True
|
||||
shinyproxy_default_apps: false
|
||||
# Shinyproxy as docker service
|
||||
shinyproxy_docker_image: 'openanalytics/shinyproxy:{{ shinyproxy_version }}'
|
||||
shinyproxy_as_docker_stack_name: 'shinyproxy'
|
||||
shinyproxy_as_docker_service_name: 'shinyproxy'
|
||||
shinyproxy_as_docker_src_dir: /srv/{{ shinyproxy_as_docker_stack_name }}_service
|
||||
shinyproxy_docker_network: 'shinyproxy'
|
||||
shinyproxy_docker_swarm_behind_haproxy: True
|
||||
shinyproxy_docker_swarm_behind_haproxy: true
|
||||
shinyproxy_docker_swarm_replicas: 1
|
||||
shinyproxy_docker_mount_conf_file: True
|
||||
shinyproxy_docker_log_to_journal: True
|
||||
shinyproxy_docker_mount_conf_file: false
|
||||
shinyproxy_docker_log_to_journal: true
|
||||
# Shinyproxy configuration
|
||||
# docker, docker-swarm, kubernetes
|
||||
shinyproxy_container_backend: 'docker'
|
||||
|
@ -84,11 +87,11 @@ shinyproxy_admin_group: ''
|
|||
shinyproxy_ldap_server: 'ldap://ldap.forumsys.com:389/dc=example,dc=com'
|
||||
shinyproxy_ldap_admin: cn=read-only-admin,dc=example,dc=com
|
||||
shinyproxy_ldap_admin_pwd: password
|
||||
shinyproxy_ldap_user_dn_enabled: False
|
||||
shinyproxy_ldap_user_dn_enabled: false
|
||||
shinyproxy_ldap_user_dn_pattern: 'uid={0}'
|
||||
shinyproxy_ldap_user_search_base_enabled: True
|
||||
shinyproxy_ldap_user_search_base_enabled: true
|
||||
shinyproxy_ldap_user_search_base: ''
|
||||
shinyproxy_ldap_user_search_filter_enabled: True
|
||||
shinyproxy_ldap_user_search_filter_enabled: true
|
||||
shinyproxy_ldap_user_search_filter: '(uid={0})'
|
||||
shinyproxy_ldap_group_search_base: ''
|
||||
shinyproxy_ldap_group_search_filter: '(uniqueMember={0})'
|
||||
|
@ -109,7 +112,7 @@ shinyproxy_oidc_client_secret: 'use a vault file'
|
|||
# name, preferred_username, nickname, email
|
||||
shinyproxy_oidc_username_attribute: 'email'
|
||||
# See https://www.shinyproxy.io/faq/#authentication-using-openid-does-not-work-because-of-missing-attribute-email-in-attributes-exception
|
||||
shinyproxy_oidc_use_roles_claim: True
|
||||
shinyproxy_oidc_use_roles_claim: true
|
||||
shinyproxy_oidc_roles_claim: 'groups'
|
||||
|
||||
shinyproxy_max_log_size: 20MB
|
||||
|
|
|
@ -1,3 +1,10 @@
|
|||
---
|
||||
- name: Restart shinyproxy
|
||||
service: name=shinyproxy state=restarted
|
||||
ansible.builtin.service:
|
||||
name: shinyproxy
|
||||
state: restarted
|
||||
|
||||
- name: Stop the shinyproxy service
|
||||
community.docker.docker_swarm_service:
|
||||
name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}"
|
||||
state: absent
|
||||
|
|
|
@ -2,6 +2,13 @@
|
|||
- name: Shinyproxy as a standalone service
|
||||
ansible.builtin.import_tasks: shinyproxy_vm.yml
|
||||
when: not shinyproxy_as_docker_service
|
||||
- name: Shinyproxy as a container
|
||||
- name: Shinyproxy as a standalone container
|
||||
ansible.builtin.import_tasks: shinyproxy_docker_service.yml
|
||||
when: shinyproxy_as_docker_service
|
||||
when:
|
||||
- shinyproxy_as_docker_service
|
||||
- shinyproxy_container_backend == 'docker'
|
||||
- name: Shinyproxy as a Docker Swarm stack
|
||||
ansible.builtin.import_tasks: shinyproxy_docker_stack_service.yml
|
||||
when:
|
||||
- shinyproxy_as_docker_service
|
||||
- shinyproxy_container_backend == 'docker-swarm'
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
---
|
||||
- name: shinyproxy_docker_service | Manage the composition of shinyproxy as a docker (non swarm) service
|
||||
when: shinyproxy_container_backend == 'docker'
|
||||
tags: ['shinyproxy', 'shinyproxy_docker', 'docker']
|
||||
block:
|
||||
- name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into
|
||||
|
@ -11,14 +10,6 @@
|
|||
group: root
|
||||
mode: "0750"
|
||||
|
||||
- name: shinyproxy_docker_service | Install the shinyproxy configuration file when using version 2.x
|
||||
ansible.builtin.template:
|
||||
src: shinyproxy-2-conf.yml.j2
|
||||
dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0400"
|
||||
|
||||
- name: shinyproxy_docker_service | Install the shinyproxy docker file
|
||||
ansible.builtin.template:
|
||||
src: Dockerfile.j2
|
||||
|
@ -39,55 +30,3 @@
|
|||
community.docker.docker_compose:
|
||||
project_src: '{{ shinyproxy_as_docker_src_dir }}'
|
||||
build: true
|
||||
|
||||
- name: shinyproxy_docker_service | Manage the installation of the shinyproxy configuration of the swarm service
|
||||
when:
|
||||
- shinyproxy_container_backend == 'docker-swarm'
|
||||
- shinyproxy_docker_mount_conf_file
|
||||
tags: ['shinyproxy', 'shinyproxy_swarm', 'docker']
|
||||
block:
|
||||
- name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into
|
||||
ansible.builtin.file:
|
||||
dest: "{{ shinyproxy_as_docker_src_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
|
||||
- name: shinyproxy_docker_service | Install the shinyproxy configuration file
|
||||
ansible.builtin.template:
|
||||
src: shinyproxy-2-conf.yml.j2
|
||||
dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0400"
|
||||
|
||||
- name: shinyproxy_docker_service | Manage the docker stack
|
||||
when:
|
||||
- docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool
|
||||
- shinyproxy_container_backend == 'docker-swarm'
|
||||
tags: ['shinyproxy', 'shinyproxy_swarm', 'docker']
|
||||
run_once: true
|
||||
block:
|
||||
- name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into
|
||||
ansible.builtin.file:
|
||||
dest: "{{ shinyproxy_as_docker_src_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
|
||||
- name: shinyproxy_docker_service | Install the docker compose file
|
||||
ansible.builtin.template:
|
||||
src: shinyproxy-docker-compose.yml.j2
|
||||
dest: "{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0400"
|
||||
|
||||
- name: shinyproxy_docker_service | Start the shinyproxy stack
|
||||
community.docker.docker_stack:
|
||||
name: '{{ shinyproxy_as_docker_stack_name }}'
|
||||
state: present
|
||||
compose:
|
||||
- '{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml'
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
---
|
||||
- name: shinyproxy_docker_stack_service | Manage the installation of the shinyproxy configuration of the swarm service
|
||||
tags: ['shinyproxy', 'shinyproxy_swarm', 'docker']
|
||||
block:
|
||||
- name: shinyproxy_docker_stack_service | Create the directory where the dockerfile and the configuration file will be copied into
|
||||
ansible.builtin.file:
|
||||
dest: "{{ shinyproxy_as_docker_src_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
|
||||
- name: shinyproxy_docker_stack_service | Manage the docker stack
|
||||
tags: ['shinyproxy', 'shinyproxy_swarm', 'docker']
|
||||
run_once: true
|
||||
block:
|
||||
- name: shinyproxy_docker_stack_service | Create the directory where the dockerfile and the configuration file will be copied into
|
||||
ansible.builtin.file:
|
||||
dest: "{{ shinyproxy_as_docker_src_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
|
||||
- name: shinyproxy_docker_stack_service | Install the docker compose file
|
||||
ansible.builtin.template:
|
||||
src: shinyproxy-docker-compose.yml.j2
|
||||
dest: "{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0400"
|
||||
|
||||
- name: shinyproxy_docker_stack_service | Install the shinyproxy configuration file
|
||||
ansible.builtin.template:
|
||||
src: shinyproxy-2-conf.yml.j2
|
||||
dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0400"
|
||||
notify: Stop the shinyproxy service
|
||||
|
||||
- name: shinyproxy_docker_stack_service | Flush the handlers to stop the shinyproxy service if needed
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
- name: shinyproxy_docker_stack_service | Create the secret for the application.yml file
|
||||
community.docker.docker_secret:
|
||||
name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}_application_yml"
|
||||
data_src: '{{ shinyproxy_as_docker_src_dir }}/application.yml'
|
||||
state: present
|
||||
|
||||
- name: shinyproxy_docker_stack_service | Start the shinyproxy stack
|
||||
community.docker.docker_stack:
|
||||
name: '{{ shinyproxy_as_docker_stack_name }}'
|
||||
state: present
|
||||
compose:
|
||||
- '{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml'
|
|
@ -8,9 +8,9 @@ networks:
|
|||
{{ shinyproxy_docker_network }}:
|
||||
|
||||
{% if not shinyproxy_docker_mount_conf_file %}
|
||||
configs:
|
||||
shinyproxy_conf:
|
||||
file: {{ shinyproxy_as_docker_src_dir }}/application.yml
|
||||
secrets:
|
||||
{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}_application_yml:
|
||||
external: true
|
||||
{% endif %}
|
||||
services:
|
||||
shinyproxy:
|
||||
|
@ -21,7 +21,7 @@ services:
|
|||
published: {{ shinyproxy_http_port }}
|
||||
protocol: tcp
|
||||
mode: '{{ shinyproxy_docker_http_port_mode }}'
|
||||
{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %}
|
||||
{% if shinyproxy_expose_prometheus %}
|
||||
- target: 9090
|
||||
published: {{ shinyproxy_prometheus_port }}
|
||||
protocol: tcp
|
||||
|
@ -32,10 +32,10 @@ services:
|
|||
{% if not shinyproxy_docker_swarm_behind_haproxy %}
|
||||
ports:
|
||||
- target: {{ shinyproxy_http_port }}
|
||||
published: {{ shinyproxy_http_port }}
|
||||
published: {{ shinyproxy_published_http_port }}
|
||||
protocol: tcp
|
||||
mode: 'ingress'
|
||||
{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %}
|
||||
{% if shinyproxy_expose_prometheus %}
|
||||
- target: 9090
|
||||
published: {{ shinyproxy_prometheus_port }}
|
||||
protocol: tcp
|
||||
|
@ -49,10 +49,10 @@ services:
|
|||
- {{ shinyproxy_as_docker_src_dir }}/application.yml:{{ shinyproxy_conf_dir }}/application.yml
|
||||
{% endif %}
|
||||
{% if not shinyproxy_docker_mount_conf_file %}
|
||||
configs:
|
||||
- source: shinyproxy_conf
|
||||
secrets:
|
||||
- source: {{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}_application_yml
|
||||
target: {{ shinyproxy_conf_dir }}/application.yml
|
||||
mode: 0400
|
||||
mode: 0444
|
||||
{% endif %}
|
||||
networks:
|
||||
- {{ shinyproxy_docker_network }}
|
||||
|
|
Loading…
Reference in New Issue