library/roles/shinyproxy: enhance templates and variables to permit a more complex ldap authentication setup.

shinyproxy/defaults/main.yml

@@ -7,14 +7,23 @@ shinyproxy_app_name: shinyproxy.jar
 shinyproxy_user: shinyproxy
 shinyproxy_install_dir: /opt/shinyproxy
 shinyproxy_http_port: 8080
+# For logrotate. In days
+shinyproxy_log_retention: 10
 
 shinyproxy_app_title: 'Open Analytics Shiny Proxy'
 shinyproxy_logo_url: 'http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png'
 shinyproxy_authentication: ldap
+shinyproxy_ldap_enabled: True
+shinyproxy_basic_auth: 'false'
 shinyproxy_admin_group: ''
 shinyproxy_ldap_server: 'ldap://ldap.forumsys.com:389/dc=example,dc=com'
 shinyproxy_ldap_admin: cn=read-only-admin,dc=example,dc=com
 shinyproxy_ldap_admin_pwd: password
-shinyproxy_user_dn_pattern: 'uid={0}'
+shinyproxy_ldap_user_dn_enabled: False
-shinyproxy_group_search_base: ''
+shinyproxy_ldap_user_dn_pattern: 'uid={0}'
-shinyproxy_group_search_filter: '(uniqueMember={0})'
+shinyproxy_ldap_user_search_base_enabled: True
+shinyproxy_ldap_user_search_base: ''
+shinyproxy_ldap_user_search_filter_enabled: True
+shinyproxy_ldap_user_search_filter: '(uid={0})'
+shinyproxy_ldap_group_search_base: ''
+shinyproxy_ldap_group_search_filter: '(uniqueMember={0})'

shinyproxy/tasks/main.yml

@@ -22,6 +22,10 @@
       notify: Restart shinyproxy
       tags: [ 'shinyproxy', 'shinyproxy_conf' ]
 
+    - name: Install the shinyproxy logrotate configuration
+      template: src=shinyproxy-logrotate.j2 dest=/etc/logrotate.d/shinyproxy owner=root group=root mode=0444
+      tags: [ 'shinyproxy', 'shinyproxy_conf' ]
+
     - name: Ensure that the shinyproxy service is enabled and running
       service: name=shinyproxy state=started enabled=yes
 

shinyproxy/templates/shinyproxy-conf.yml.j2

@@ -8,14 +8,24 @@ shiny:
     port: 8080
     authentication: {{ shinyproxy_authentication }}
     admin-groups: {{ shinyproxy_admin_group }}
+{% if shinyproxy_ldap_enabled %}
     # LDAP configuration
     ldap:
       url: {{ shinyproxy_ldap_server }}
-      user-dn-pattern: {{ shinyproxy_user_dn_pattern }}
+{% if shinyproxy_ldap_user_dn_enabled %}
-      group-search-base: {{ shinyproxy_group_search_base }}
+      user-dn-pattern: {{ shinyproxy_ldap_user_dn_pattern }}
-      group-search-filter: {{ shinyproxy_group_search_filter }}
+{% endif %}
+{% if shinyproxy_ldap_user_search_base_enabled %}
+      user-search-base: {{ shinyproxy_ldap_user_search_base }}
+{% endif %}
+{% if shinyproxy_ldap_user_search_filter_enabled %}
+      user-search-filter: {{ shinyproxy_ldap_user_search_filter }}
+{% endif %}
+      group-search-base: {{ shinyproxy_ldap_group_search_base }}
+      group-search-filter: {{ shinyproxy_ldap_group_search_filter }}
       manager-dn: {{ shinyproxy_ldap_admin }}
       manager-password: {{ shinyproxy_ldap_admin_pwd }}
+{% endif %}
 # Docker configuration
     docker:
       cert-path: /home/none
@@ -34,6 +44,10 @@ shiny:
     docker-image: openanalytics/shinyproxy-demo
     groups: scientists
 
+security:
+  basic:
+    enabled: {{ shinyproxy_basic_auth }}
+    
 logging:
   file:
     shinyproxy.log

shinyproxy/templates/shinyproxy-logrotate.j2

@@ -0,0 +1,8 @@
+{{ shinyproxy_install_dir }}/shinyproxy.log {
+  copytruncate
+  daily
+  rotate 10
+  compress
+  missingok
+  create 640 {{ shinyproxy_user }} adm
+}