Merge branch 'master' of adellam/ansible-roles into master
This commit is contained in:
commit
b5fbcddb56
|
@ -1,19 +1,38 @@
|
|||
---
|
||||
# https://shinyproxy.io/
|
||||
shinyproxy_install: False
|
||||
shinyproxy_version: 1.1.1
|
||||
shinyproxy_major_ver: 2
|
||||
shinyproxy_minor_ver: 3
|
||||
shinyproxy_patch_ver: 0
|
||||
#shinyproxy_version: 1.1.1
|
||||
shinyproxy_version: '{{ shinyproxy_major_ver }}.{{ shinyproxy_minor_ver }}.{{ shinyproxy_patch_ver }}'
|
||||
shinyproxy_file_name: 'shinyproxy-{{ shinyproxy_version }}.jar'
|
||||
shinyproxy_url: 'https://www.shinyproxy.io/downloads/{{ shinyproxy_file_name }}'
|
||||
shinyproxy_app_name: shinyproxy.jar
|
||||
shinyproxy_user: shinyproxy
|
||||
shinyproxy_install_dir: /opt/shinyproxy
|
||||
shinyproxy_log_dir: /var/log/shinyproxy
|
||||
shinyproxy_bind_address: 127.0.0.1
|
||||
shinyproxy_http_port: 8080
|
||||
# For logrotate. In days
|
||||
shinyproxy_log_retention: 10
|
||||
shinyproxy_default_apps: True
|
||||
shinyproxy_docker_url: 'http://localhost:2375'
|
||||
# docker, docker-swarm, kubernetes
|
||||
shinyproxy_container_backend: 'docker'
|
||||
shinyproxy_docker_port: 2375
|
||||
shinyproxy_docker_host: 'localhost'
|
||||
shinyproxy_docker_protocol: http
|
||||
shinyproxy_docker_certs_dir: /etc/pki/shinyproxy
|
||||
shinyproxy_docker_url: '{{ shinyproxy_docker_protocol }}://{{ shinyproxy_docker_host }}:{{ shinyproxy_docker_port }}'
|
||||
shinyproxy_docker_port_range_start: 20000
|
||||
shinyproxy_docker_cpu_limit: 1
|
||||
shinyproxy_docker_memory_request: '1g'
|
||||
shinyproxy_docker_memory_limit: '2g'
|
||||
shinyproxy_container_wait_time: 60000
|
||||
shinyproxy_docker_loglevel: 'INFO'
|
||||
shinyproxy_hide_navbar: 'false'
|
||||
shinyproxy_custom_template: False
|
||||
shinyproxy_template_path: '{{ shinyproxy_install_dir }}/web_templates'
|
||||
|
||||
shinyproxy_app_title: 'Open Analytics Shiny Proxy'
|
||||
shinyproxy_logo_url: 'http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png'
|
||||
|
@ -32,3 +51,5 @@ shinyproxy_ldap_user_search_filter_enabled: True
|
|||
shinyproxy_ldap_user_search_filter: '(uid={0})'
|
||||
shinyproxy_ldap_group_search_base: ''
|
||||
shinyproxy_ldap_group_search_filter: '(uniqueMember={0})'
|
||||
|
||||
shinyproxy_max_log_size: 20MB
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: '../../library/roles/openjdk' }
|
|
@ -13,28 +13,112 @@
|
|||
become_user: '{{ shinyproxy_user }}'
|
||||
file: src={{ shinyproxy_install_dir }}/{{ shinyproxy_file_name }} dest={{ shinyproxy_install_dir }}/{{ shinyproxy_app_name }} state=link
|
||||
|
||||
- name: Install the upstart init file
|
||||
template: src=upstart-shinyproxy.conf.j2 dest=/etc/init/shinyproxy.conf owner=root group=root mode=0644
|
||||
when: is_trusty
|
||||
|
||||
- name: Install the shinyproxy configuration file
|
||||
template: src=shinyproxy-conf.yml.j2 dest={{ shinyproxy_install_dir }}/application.yml owner=root group={{ shinyproxy_user }} mode=0640
|
||||
- name: Install the shinyproxy configuration file when using version 1.x
|
||||
template: src=shinyproxy-1-conf.yml.j2 dest={{ shinyproxy_install_dir }}/application.yml owner=root group={{ shinyproxy_user }} mode=0640
|
||||
notify: Restart shinyproxy
|
||||
when: shinyproxy_major_ver == 1
|
||||
tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ]
|
||||
|
||||
- name: Install the shinyproxy configuration file when using version 2.x
|
||||
template: src=shinyproxy-2-conf.yml.j2 dest={{ shinyproxy_install_dir }}/application.yml owner=root group={{ shinyproxy_user }} mode=0640
|
||||
notify: Restart shinyproxy
|
||||
when: shinyproxy_major_ver == 2
|
||||
tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ]
|
||||
|
||||
- name: Install the shinyproxy logrotate configuration
|
||||
template: src=shinyproxy-logrotate.j2 dest=/etc/logrotate.d/shinyproxy owner=root group=root mode=0444
|
||||
tags: [ 'shinyproxy', 'shinyproxy_conf' ]
|
||||
|
||||
- name: Install the upstart init file
|
||||
template: src=upstart-shinyproxy.conf.j2 dest=/etc/init/shinyproxy.conf owner=root group=root mode=0644
|
||||
when: ansible_service_mgr != 'systemd'
|
||||
|
||||
when:
|
||||
- ansible_distribution_major_version < '16'
|
||||
- shinyproxy_install | bool
|
||||
tags: shinyproxy
|
||||
|
||||
- block:
|
||||
- name: Install the shinyproxy deb package
|
||||
apt:
|
||||
deb: "https://www.shinyproxy.io/downloads/shinyproxy_{{ shinyproxy_version }}_amd64.deb"
|
||||
state: present
|
||||
|
||||
- name: Install the shinyproxy configuration file when using version 2.x
|
||||
template: src=shinyproxy-2-conf.yml.j2 dest=/etc/shinyproxy/application.yml owner=root group={{ shinyproxy_user }} mode=0640
|
||||
notify: Restart shinyproxy
|
||||
when: shinyproxy_major_ver == 2
|
||||
tags: [ 'shinyproxy', 'shinyproxy_conf', 'shinyproxy_images' ]
|
||||
|
||||
when:
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
- ansible_distribution_major_version >= '16'
|
||||
- shinyproxy_install | bool
|
||||
tags: shinyproxy
|
||||
|
||||
- block:
|
||||
- name: Ensure that the shinyproxy service is enabled and running
|
||||
service: name=shinyproxy state=started enabled=yes
|
||||
|
||||
- name: Pull the Docker images of shiny apps
|
||||
- name: Create the directory where to install the custom templates, if we want to use them
|
||||
file: dest={{ shinyproxy_template_path }} state=directory
|
||||
when: shinyproxy_custom_template | bool
|
||||
|
||||
- name: Create shinyproxy log directory
|
||||
file: dest={{ shinyproxy_log_dir }} state=directory owner=shinyproxy mode=0750
|
||||
|
||||
- name: Check if the Docker certs directory exists
|
||||
stat: path=/var/lib/docker/swarm/certificates
|
||||
register: certs_dir
|
||||
|
||||
- name: Create the PKI directory
|
||||
file: dest={{ shinyproxy_docker_certs_dir }} state=directory owner=root group=shinyproxy mode=0750
|
||||
when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool
|
||||
|
||||
- name: Copy the TLS files
|
||||
copy: src=/var/lib/docker/swarm/certificates/{{ item.src }} dest={{ shinyproxy_docker_certs_dir }}/{{ item.dest }} remote_src=yes force=yes
|
||||
with_items:
|
||||
- { src: swarm-root-ca.crt, dest: ca.pem }
|
||||
- { src: swarm-node.crt, dest: cert.pem }
|
||||
- { src: swarm-node.key, dest: key.pem }
|
||||
when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool
|
||||
|
||||
- name: Fix the TLS key file permissions
|
||||
file: dest={{ shinyproxy_docker_certs_dir }}/key.pem owner=shinyproxy group=shinyproxy mode=0640
|
||||
when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool
|
||||
|
||||
- name: Install a script that syncs the docker certificates
|
||||
template: src=sync_docker_certificates.sh.j2 dest=/usr/local/bin/sync_docker_certificates
|
||||
when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool
|
||||
|
||||
- name: Install a cron job that hourly updates the certificates used by shinyproxy to talk with docker
|
||||
cron: name="Fix the docker certificates for shinyproxy" special_time=hourly job="/usr/local/bin/sync_docker_certificates > /var/log/shinyproxy/docker_certs.log 2>&1"
|
||||
when: certs_dir.stat.isdir is defined and certs_dir.stat.isdir | bool
|
||||
|
||||
- name: Pull the Docker images for the Shiny apps, when using Docker standalone
|
||||
docker_image: name={{ item.docker_image }} pull=yes state={{ item.image_state | default('present') }} force=yes
|
||||
with_items: '{{ shinyproxy_apps }}'
|
||||
when: shinyproxy_apps is defined
|
||||
when:
|
||||
- shinyproxy_apps is defined
|
||||
- shinyproxy_container_backend == 'docker'
|
||||
tags: [ 'shinyproxy', 'shinyproxy_images' ]
|
||||
|
||||
when: shinyproxy_install
|
||||
# - name: Pull the Docker images for the Shiny apps, when using Docker Swarm
|
||||
# docker_swarm_service:
|
||||
# name: "{{ item.docker_image | lower }}"
|
||||
# image: '{{ item.docker_image }}'
|
||||
# state: "{{ item.image_state | default('present') }}"
|
||||
# force_update: yes
|
||||
# reservations:
|
||||
# cpus: '{{ shinyproxy_docker_cpu_limit }}'
|
||||
# memory: '{{ shinyproxy_docker_memory_limit }}'
|
||||
# with_items: '{{ shinyproxy_apps }}'
|
||||
# delegate_to: '{{ shinyproxy_docker_host }}'
|
||||
# when:
|
||||
# - shinyproxy_apps is defined
|
||||
# - shinyproxy_container_backend == 'docker-swarm'
|
||||
# tags: [ 'shinyproxy', 'shinyproxy_images' ]
|
||||
|
||||
when: shinyproxy_install | bool
|
||||
tags: shinyproxy
|
||||
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
shiny:
|
||||
proxy:
|
||||
title: {{ shinyproxy_app_title }}
|
||||
logo-url: {{ shinyproxy_logo_url }}
|
||||
landing-page: /
|
||||
heartbeat-rate: 10000
|
||||
heartbeat-timeout: 60000
|
||||
container-wait-time: {{ shinyproxy_container_wait_time }}
|
||||
port: {{ shinyproxy_http_port }}
|
||||
hide-navbar: {{ shinyproxy_hide_navbar }}
|
||||
authentication: {{ shinyproxy_authentication }}
|
||||
admin-groups: {{ shinyproxy_admin_group }}
|
||||
{% if shinyproxy_ldap_enabled %}
|
||||
# LDAP configuration
|
||||
ldap:
|
||||
url: {{ shinyproxy_ldap_server }}
|
||||
{% if shinyproxy_ldap_user_dn_enabled %}
|
||||
user-dn-pattern: {{ shinyproxy_ldap_user_dn_pattern }}
|
||||
{% endif %}
|
||||
{% if shinyproxy_ldap_user_search_base_enabled %}
|
||||
user-search-base: {{ shinyproxy_ldap_user_search_base }}
|
||||
{% endif %}
|
||||
{% if shinyproxy_ldap_user_search_filter_enabled %}
|
||||
user-search-filter: {{ shinyproxy_ldap_user_search_filter }}
|
||||
{% endif %}
|
||||
group-search-base: {{ shinyproxy_ldap_group_search_base }}
|
||||
group-search-filter: {{ shinyproxy_ldap_group_search_filter }}
|
||||
manager-dn: {{ shinyproxy_ldap_admin }}
|
||||
manager-password: {{ shinyproxy_ldap_admin_pwd }}
|
||||
{% endif %}
|
||||
# Docker configuration
|
||||
docker:
|
||||
cert-path: /home/none
|
||||
url: {{ shinyproxy_docker_url }}
|
||||
port-range-start: {{ shinyproxy_docker_port_range_start }}
|
||||
apps:
|
||||
{% if shinyproxy_default_apps %}
|
||||
- name: 01_hello
|
||||
display-name: Hello Application
|
||||
description: Application which demonstrates the basics of a Shiny app
|
||||
docker-cmd: ["R", "-e shinyproxy::run_01_hello()"]
|
||||
docker-image: openanalytics/shinyproxy-demo
|
||||
- name: 06_tabsets
|
||||
docker-cmd: ["R", "-e shinyproxy::run_06_tabsets()"]
|
||||
docker-image: openanalytics/shinyproxy-demo
|
||||
{% endif %}
|
||||
{% if shinyproxy_apps is defined %}
|
||||
{% for app in shinyproxy_apps %}
|
||||
- name: {{ app.name }}
|
||||
display-name: {{ app.display_name }}
|
||||
description: {{ app.description }}
|
||||
docker-cmd: ["R", "-e {{ app.cmd }}"]
|
||||
docker-image: {{ app.docker_image }}
|
||||
docker-memory: {{ app.docker_memory | default('2g') }}
|
||||
{% if app.groups is defined %}
|
||||
groups: {{ app.groups }}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
security:
|
||||
basic:
|
||||
enabled: {{ shinyproxy_basic_auth }}
|
||||
|
||||
logging:
|
||||
file: {{ shinyproxy_log_dir }}/shinyproxy.log
|
||||
|
|
@ -0,0 +1,76 @@
|
|||
proxy:
|
||||
title: {{ shinyproxy_app_title }}
|
||||
logo-url: {{ shinyproxy_logo_url }}
|
||||
landing-page: /
|
||||
heartbeat-rate: 10000
|
||||
heartbeat-timeout: 60000
|
||||
container-wait-time: {{ shinyproxy_container_wait_time }}
|
||||
bind-address: {{ shinyproxy_bind_address }}
|
||||
port: {{ shinyproxy_http_port }}
|
||||
hide-navbar: {{ shinyproxy_hide_navbar }}
|
||||
{% if shinyproxy_custom_template %}
|
||||
template-path: {{ shinyproxy_template_path }}
|
||||
{% endif %}
|
||||
authentication: {{ shinyproxy_authentication }}
|
||||
admin-groups: {{ shinyproxy_admin_group }}
|
||||
{% if shinyproxy_ldap_enabled %}
|
||||
# LDAP configuration
|
||||
ldap:
|
||||
url: {{ shinyproxy_ldap_server }}
|
||||
{% if shinyproxy_ldap_user_dn_enabled %}
|
||||
user-dn-pattern: {{ shinyproxy_ldap_user_dn_pattern }}
|
||||
{% endif %}
|
||||
{% if shinyproxy_ldap_user_search_base_enabled %}
|
||||
user-search-base: {{ shinyproxy_ldap_user_search_base }}
|
||||
{% endif %}
|
||||
{% if shinyproxy_ldap_user_search_filter_enabled %}
|
||||
user-search-filter: {{ shinyproxy_ldap_user_search_filter }}
|
||||
{% endif %}
|
||||
group-search-base: {{ shinyproxy_ldap_group_search_base }}
|
||||
group-search-filter: {{ shinyproxy_ldap_group_search_filter }}
|
||||
manager-dn: {{ shinyproxy_ldap_admin }}
|
||||
manager-password: {{ shinyproxy_ldap_admin_pwd }}
|
||||
{% endif %}
|
||||
docker:
|
||||
container-backend: {{ shinyproxy_container_backend }}
|
||||
container-memory-request: {{ shinyproxy_docker_memory_request }}
|
||||
container-memory-limit: {{ shinyproxy_docker_memory_limit }}
|
||||
container-cpu-limit: {{ shinyproxy_docker_cpu_limit }}
|
||||
cert-path: {{ shinyproxy_docker_certs_dir }}
|
||||
url: {{ shinyproxy_docker_url }}
|
||||
port-range-start: {{ shinyproxy_docker_port_range_start }}
|
||||
specs:
|
||||
{% if shinyproxy_default_apps %}
|
||||
- id: 01_hello
|
||||
display-name: Hello Application
|
||||
description: Application which demonstrates the basics of a Shiny app
|
||||
container-cmd: ["R", "-e shinyproxy::run_01_hello()"]
|
||||
container-image: openanalytics/shinyproxy-demo
|
||||
- id: 06_tabsets
|
||||
docker-cmd: ["R", "-e shinyproxy::run_06_tabsets()"]
|
||||
container-image: openanalytics/shinyproxy-demo
|
||||
{% endif %}
|
||||
{% if shinyproxy_apps is defined %}
|
||||
{% for app in shinyproxy_apps %}
|
||||
- id: {{ app.name }}
|
||||
display-name: {{ app.display_name }}
|
||||
description: {{ app.description }}
|
||||
container-cmd: ["R", "-e {{ app.cmd }}"]
|
||||
container-image: {{ app.docker_image }}
|
||||
container-memory: {{ app.docker_memory | default('2g') }}
|
||||
{% if app.groups is defined %}
|
||||
groups: {{ app.groups }}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
security:
|
||||
basic:
|
||||
enabled: {{ shinyproxy_basic_auth }}
|
||||
|
||||
logging:
|
||||
file: {{ shinyproxy_log_dir }}/shinyproxy.log
|
||||
#max-size: {{ shinyproxy_max_log_size }}
|
||||
level:
|
||||
com.spotify.docker: {{ shinyproxy_docker_loglevel }}
|
|
@ -1,4 +1,4 @@
|
|||
{{ shinyproxy_install_dir }}/shinyproxy.log {
|
||||
{{ shinyproxy_log_dir }}/shinyproxy.log {
|
||||
copytruncate
|
||||
daily
|
||||
rotate 10
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
/bin/cp -f /var/lib/docker/swarm/certificates/swarm-root-ca.crt {{ shinyproxy_docker_certs_dir }}/ca.pem
|
||||
/bin/cp -f /var/lib/docker/swarm/certificates/swarm-node.crt {{ shinyproxy_docker_certs_dir }}/cert.pem
|
||||
/bin/cp -f /var/lib/docker/swarm/certificates/swarm-node.key {{ shinyproxy_docker_certs_dir }}/key.pem
|
||||
chown shinyproxy {{ shinyproxy_docker_certs_dir }}/key.pem
|
||||
|
||||
exit 0
|
Loading…
Reference in New Issue