diff --git a/.gitignore b/.gitignore index 5c199eb..4225385 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ # ---> Ansible *.retry +/.project diff --git a/README.md b/README.md index ecc2485..f6ab833 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ Role Name ========= -A role that installs ePAS, electronic Personnel Attendance System. +A role that installs ePAS Teleworker a plugin of electronic Personnel Attendance System. Role Variables -------------- @@ -9,55 +9,47 @@ Role Variables The most important variables are listed below: ``` yaml -epas_docker_stack_name: 'epas_prod' -epas_docker_service_server_name: 'epas' -epas_docker_registry: 'docker-registry.services.iit.cnr.it' -epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable' -epas_docker_registry_user: 'epas.user' -epas_docker_registry_pwd: 'use a vault file' -epas_docker_network: 'epas_net' -epas_attachments_node: 'localhost' -epas_attachments_volume: 'epas_attachments_data' -epas_node_constraints: 'node.labels.epas_storage == attachments' -epas_behind_haproxy: True -epas_haproxy_public_net: 'haproxy-public' +epas_teleworker_docker_stack_name: 'epas_teleworker_prod' +epas_teleworker_docker_service_server_name: 'epas-teleworker' +epas_teleworker_docker_registry: 'docker-registry.services.iit.cnr.it' +epas_teleworker_docker_server_image: '{{ epas_teleworker_docker_registry }}/epas/telework-stampings:latest' +epas_teleworker_docker_server_build: './' +epas_teleworker_docker_registry_user: 'epas.user' +#epas_teleworker_docker_registry_pwd: 'use a vault file' +epas_teleworker_docker_network: 'epas_net' +epas_teleworker_attachments_node: 'localhost' +epas_teleworker_node_constraints: 'node.labels.epas_teleworker_storage == attachments' +epas_teleworker_behind_haproxy: True +epas_teleworker_haproxy_public_net: 'haproxy-public' # DB # Set to true if postgresql must be a container too -epas_dockerized_db: False +epas_teleworker_dockerized_db: False # IMPORTANT. Set it to True for the server that is going to host the DB -epas_docker_db_node: False -epas_pg_version: '12' -epas_db_image: 'postgres:{{ epas_pg_version }}-alpine' +epas_teleworker_docker_db_node: False +epas_teleworker_pg_version: '12' +epas_teleworker_db_image: 'postgres:{{ epas_teleworker_pg_version }}-alpine' # The default hostname is the name of the container service -epas_db_host: 'postgres' -epas_db_name: 'epas_prod_db' -epas_db_allowed_hosts: +epas_teleworker_db_host: 'postgres' +epas_teleworker_db_port: '5432' +epas_teleworker_db_name: 'epas_teleworker_prod_db' +epas_teleworker_db_allowed_hosts: - '127.0.0.1' -#epas_db_pwd: 'set it in a vault file' -epas_db_user: 'epas_prod_user' -epas_db_volume: 'epas_prod_pg_data' -epas_db_constraints: '[node.labels.pg_data==epas_db]' -epas_pg_data_volume: 'epas_db_data' -epas_pg_backups_volume: 'epas_db_data' -psql_db_data: '{{ epas_psql_pg_data }}' +epas_teleworker_db_user: 'epas_teleworker_prod_user' +#epas_teleworker_db_pwd: 'set it in a vault file' +epas_teleworker_db_host_auth_method: 'password' +epas_teleworker_db_volume: 'epas_teleworker_prod_pg_data' +epas_teleworker_db_constraints: '[node.labels.epas_teleworker_pg_data==epas_teleworker_db]' +epas_teleworker_pg_data_volume: 'epas_teleworker_db_data' +epas_teleworker_pg_backups_volume: 'epas_teleworker_db_data' +psql_db_data: '{{ epas_teleworker_psql_pg_data }}' # Environment -epas_server_hostname: 'epas.example.com' -## SMTP -epas_smtp_server: 'localhost' -epas_smtp_port: 587 -epas_smtp_channel: 'starttls' -epas_smtp_from: 'epas@cnr.it' -epas_smtp_protocol: 'smtp' -epas_smtp_authentication: True -epas_smtp_user: '' -epas_smtp_password: 'use a vault file' -## LDAP -epas_ldap_login: 'false' -epas_ldap_url: 'ldap://ldap.example.org:389' -epas_ldap_timeout: 1000 -epas_ldap_base_dn: 'ou=People,dc=example,dc=org' -epas_ldap_login_return_uri: '/.' -epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName' +epas_teleworker_server_host: 'epas-teleworker' +epas_teleworker_server_ports: '8080' +epas_teleworker_server_username: 'app.epas' +#epas_teleworker_server_password: 'set it in a vault file' + + + ``` Dependencies @@ -73,4 +65,5 @@ EUPL-1.2 Author Information ------------------ +Giancarlo Panichi, Andrea Dell'Amico, diff --git a/defaults/main.yml b/defaults/main.yml index 030cd61..a9c6880 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,60 +1,39 @@ --- -epas_docker_stack_name: 'epas_prod' -epas_docker_service_server_name: 'epas' -epas_docker_registry: 'docker-registry.services.iit.cnr.it' -epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable' -epas_docker_registry_user: 'epas.user' -epas_docker_registry_pwd: 'use a vault file' -epas_docker_network: 'epas_net' -epas_docker_attachments_node: 'localhost' -epas_attachments_volume: 'epas_attachments_data' -epas_node_constraints: 'node.labels.epas_storage == attachments' -epas_behind_haproxy: True -epas_haproxy_public_net: 'haproxy-public' +epas_teleworker_docker_stack_name: 'epas_teleworker_prod' +epas_teleworker_docker_service_server_name: 'epas-teleworker' +epas_teleworker_docker_registry: 'docker-registry.services.iit.cnr.it' +epas_teleworker_docker_server_image: '{{ epas_teleworker_docker_registry }}/epas/telework-stampings:latest' +epas_teleworker_docker_server_build: './' +epas_teleworker_docker_registry_user: 'epas.user' +#epas_teleworker_docker_registry_pwd: 'use a vault file' +epas_teleworker_docker_network: 'epas_net' +epas_teleworker_attachments_node: 'localhost' +epas_teleworker_node_constraints: 'node.labels.epas_teleworker_storage == attachments' +epas_teleworker_behind_haproxy: True +epas_teleworker_haproxy_public_net: 'haproxy-public' # DB # Set to true if postgresql must be a container too -epas_dockerized_db: False -epas_pg_version: '12' -epas_db_image: 'postgres:{{ epas_pg_version }}-alpine' +epas_teleworker_dockerized_db: False +# IMPORTANT. Set it to True for the server that is going to host the DB +epas_teleworker_docker_db_node: False +epas_teleworker_pg_version: '12' +epas_teleworker_db_image: 'postgres:{{ epas_teleworker_pg_version }}-alpine' # The default hostname is the name of the container service -epas_db_host: 'postgres' -epas_db_name: 'epas_prod_db' -epas_db_allowed_hosts: +epas_teleworker_db_host: 'postgres' +epas_teleworker_db_port: '5432' +epas_teleworker_db_name: 'epas_teleworker_prod_db' +epas_teleworker_db_allowed_hosts: - '127.0.0.1' -#epas_db_pwd: 'set it in a vault file' -epas_db_user: 'epas_prod_user' -epas_docker_db_node: 'localhost' -epas_db_volume: 'epas_prod_pg_data' -epas_db_constraints: '[node.labels.epas_pg_data==epas_db]' -epas_pg_data_volume: 'epas_db_data' -epas_pg_backups_volume: 'epas_db_data' -psql_db_data: '{{ epas_psql_pg_data }}' +epas_teleworker_db_user: 'epas_teleworker_prod_user' +#epas_teleworker_db_pwd: 'set it in a vault file' +epas_teleworker_db_host_auth_method: 'password' +epas_teleworker_db_volume: 'epas_teleworker_prod_pg_data' +epas_teleworker_db_constraints: '[node.labels.epas_teleworker_pg_data==epas_teleworker_db]' +epas_teleworker_pg_data_volume: 'epas_teleworker_db_data' +epas_teleworker_pg_backups_volume: 'epas_teleworker_db_data' +psql_db_data: '{{ epas_teleworker_psql_pg_data }}' # Environment -epas_server_hostname: 'epas.example.com' -epas_flows_enabled: False -epas_attestati_url: 'https://attestativ2.rm.cnr.it' -epas_attestati_user: '' -#epas_attestati_password: 'use a fault' -## SMTP -epas_smtp_server: 'localhost' -epas_smtp_port: 587 -epas_smtp_channel: 'starttls' -epas_smtp_from: 'epas@cnr.it' -epas_smtp_protocol: 'smtp' -epas_smtp_authentication: True -epas_smtp_user: '' -epas_smtp_password: 'use a vault file' -## LDAP -epas_ldap_login: 'false' -epas_ldap_url: 'ldap://ldap.example.org:389' -epas_ldap_timeout: 1000 -epas_ldap_base_dn: 'ou=People,dc=example,dc=org' -epas_ldap_login_return_uri: '/.' -epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName' -epas_ldap_starttls_enabled: 'false' -epas_ldap_authenticated_bind: False -epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org' -#epas_ldap_bind_credentials: 'use a vault file' -epas_ldap_authenticate_user_search_dn: 'o=example,c=org' -epas_log_level: 'INFO' -epas_log_appenders: 'stderr' +epas_teleworker_server_host: 'epas-teleworker' +epas_teleworker_server_ports: '8080' +epas_teleworker_server_username: 'app.epas' +#epas_teleworker_server_password: 'set it in a vault file' diff --git a/meta/main.yml b/meta/main.yml index 1ef3634..c265d6a 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,6 +1,6 @@ galaxy_info: - author: Andrea Dell'Amico - description: Systems Architect + author: Giancarlo Panichi + description: Software Developer company: ISTI-CNR issue_tracker_url: https://support.d4science.org/projects/d4science-operation @@ -21,11 +21,11 @@ galaxy_info: - 7 galaxy_tags: - - epas + - epas-teleworker dependencies: - - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-pgsql-db-management.git + - src: git+https://gitea-s2i2s.isti.cnr.it/ePAS-ISTI/ansible-role-epas-teleworker.git version: master name: pgsql-db-management state: latest - when: not epas_dockerized_db + when: not epas_teleworker_dockerized_db diff --git a/tasks/main.yml b/tasks/main.yml index e2b0371..33a8c6d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,57 +1,50 @@ --- -- name: Manage the installation of the ePAS configuration of the swarm service +- name: Manage the installation of the ePAS Teleworker configuration of the swarm service block: - name: Create the directory where the DB init script is going to be installed - file: dest={{ epas_compose_dir }} state=directory + file: dest={{ epas_teleworker_compose_dir }} state=directory - name: Install the DB initialization script - template: src=pg-create-user-db.sh.j2 dest={{ epas_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555' + template: src=pg-create-user-db.sh.j2 dest={{ epas_teleworker_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555' when: - - epas_dockerized_db - - epas_docker_db_node == ansible_fqdn - tags: [ 'epas', 'epas_swarm', 'epas_db' ] + - epas_teleworker_dockerized_db + - epas_teleworker_docker_db_node == ansible_fqdn + tags: [ 'epas_teleworker', 'epas_teleworker_swarm', 'epas_teleworker_db' ] -- name: Manage the installation of the ePAS configuration of the swarm service +- name: Manage the installation of the ePAS Teleworker configuration of the swarm service block: - - name: Add the label that will be used as a constraint for the attachments volume - docker_node: - hostname: '{{ epas_docker_attachments_node }}' - labels: - epas_storage: 'attachments' - labels_state: 'merge' - - name: Add the label that will be used as a constraint for the postgresql DB docker_node: - hostname: '{{ epas_docker_db_node }}' + hostname: '{{ epas_teleworker_docker_db_node }}' labels: - epas_pg_data: 'epas_db' + epas_teleworker_pg_data: 'epas_teleworker_db' labels_state: 'merge' - when: epas_dockerized_db + when: epas_teleworker_dockerized_db - name: Create the directory where the compose file will be placed - file: dest={{ epas_compose_dir }} state=directory owner=root group=root mode=0750 + file: dest={{ epas_teleworker_compose_dir }} state=directory owner=root group=root mode=0750 - name: Install the docker compose file - template: src=epas-docker-compose.yml.j2 dest={{ epas_compose_dir }}/docker-epas-stack.yml owner=root group=root mode='0400' + template: src=epas-teleworker-docker-compose.yml.j2 dest={{ epas_teleworker_compose_dir }}/docker-epas-teleworker-stack.yml owner=root group=root mode='0400' - name: Login into the IIT registry - shell: docker login -u {{ epas_docker_registry_user }} -p {{ epas_docker_registry_pwd }} {{ epas_docker_registry }} + shell: docker login -u {{ epas_teleworker_docker_registry_user }} -p {{ epas_teleworker_docker_registry_pwd }} {{ epas_teleworker_docker_registry }} - - name: Start the ePAS stack + - name: Start the ePAS Teleworker stack docker_stack: - name: '{{ epas_docker_stack_name }}' + name: '{{ epas_teleworker_docker_stack_name }}' state: present with_registry_auth: True compose: - - '{{ epas_compose_dir }}/docker-epas-stack.yml' + - '{{ epas_teleworker_compose_dir }}/docker-epas-teleworker-stack.yml' - # - name: Connect the ePAS service to the haproxy-public network - # command: docker service update --network-add {{ epas_haproxy_public_net }} {{ item }} --update-delay 30s --update-parallelism 1 + # - name: Connect the ePAS Teleworker service to the haproxy-public network + # command: docker service update --network-add {{ epas_teleworker_haproxy_public_net }} {{ item }} --update-delay 30s --update-parallelism 1 # with_items: - # - '{{ epas_docker_stack_name }}_{{ epas_docker_service_server_name }}' + # - '{{ epas_teleworker_docker_stack_name }}_{{ epas_teleworker_docker_service_server_name }}' # ignore_errors: True - # when: epas_behind_haproxy + # when: epas_teleworker_behind_haproxy when: docker_swarm_manager_node is defined and docker_swarm_manager_node - tags: [ 'epas', 'epas_swarm', 'epas_server' ] + tags: [ 'epas_teleworker', 'epas_teleworker_swarm', 'epas_teleworker_server' ] diff --git a/templates/epas-docker-compose.yml.j2 b/templates/epas-docker-compose.yml.j2 deleted file mode 100644 index ffd3ae7..0000000 --- a/templates/epas-docker-compose.yml.j2 +++ /dev/null @@ -1,126 +0,0 @@ -version: '3.2' - -networks: - {{ epas_haproxy_public_net }}: - external: true - {{ epas_docker_network }}: - -volumes: - {{ epas_attachments_volume }}: -{% if epas_dockerized_db %} - {{ epas_pg_backups_volume }}: - {{ epas_db_volume }}: -{% endif %} - -services: - {{ epas_docker_service_server_name }}: - image: {{ epas_docker_server_image }} - networks: - - {{ epas_docker_network }} - - {{ epas_haproxy_public_net }} - volumes: - - {{ epas_attachments_volume }}:/home/epas/epas/data/attachments - - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro - environment: - - VIRTUAL_HOST={{ epas_server_hostname }} - - PROTOCOL=https # default: http -- (http,https) - # - EPAS_SHIB_LOGIN= # default: false -- (true,false) - - JOBS_ACTIVE=true # default: false -- (true,false) -- Se forzato a true abilita l'esecuzione di tutti i job - # - SKIP_IP_CHECK= # default: false -- (true,false) -- Disabilita il controllo sugli indirizzi ip delle richieste - ######## LOGS ########### - - LOG_LEVEL={{ epas_log_level }} # Opzionale. default: INFO -- (OFF,FATAL,ERROR,WARN,INFO,DEBUG,TRACE,ALL) - - APPENDERS={{ epas_log_appenders }} # Opzionale. default: stdout, stderr -- (stdout, stderr, file, graylog2). Abilita i log sulla console, file e server graylog - # - GRAYLOG_HOST= # Obbligatorio se attivato log sull'appender graylog2. default: null - # - GRAYLOG_PORT= # Opzionale. default: 3514 - # - GRAYLOG_ORIGIN_HOST= # Opzionale. default: valore in VIRTUAL_HOST - ###### Container ######## - # - BACKUP_CRON= # default: disattivato. (utilizzare il format del crontab. Es. 0 0 * * *) - # - CERT_NAME= # default: valore specificato in VIRTUAL_HOST -- Specifica un nome diverso per i file del certificato SSL - - TZ=Europe/Rome - #### Connessione DB #### - - DB_HOST={{ epas_db_host }} # default: indirizzo assegnato al container postgres linkato - - DB_NAME={{ epas_db_name }} # default: epas - - DB_PASS={{ epas_db_pwd }} # default: "non necessaria" - - DB_PORT=5432 # default: 5432 - - DB_USER={{ epas_db_user }} # default: postgres - #### server SMTP #### - - SMTP_HOST={{ epas_smtp_server }} # default: smtp.cnr.it - - SMTP_PORT={{ epas_smtp_port }} # default: 25 se SMTP_CHANNEL è impostato clear o starttls; 465 se impostato su ssl - - SMTP_CHANNEL={{ epas_smtp_channel }} # default: clear -- (clear, ssl ,starttls) - - SMTP_FROM={{ epas_smtp_from }} # default: epas@cnr.it -- Indirizzo utilizzato per il campo mittente delle mail inviate dal sistema - - SMTP_PROTOCOL={{ epas_smtp_protocol}} # default: smtp -- (smtp, smtps) -{% if epas_smtp_authentication %} - - SMTP_USER={{ epas_smtp_user }} # user utilizzato per l'autenticazione sul server smtp (se necessario) - - SMTP_PASS={{ epas_smtp_password }} # password utilizzato per l'autenticazione sul server smtp (se necessaria) -{% endif %} - #### Autenticazione LDAP #### - - LDAP_LOGIN={{ epas_ldap_login }} # default: false. Impostare a true per attivare l'autenticazione tramite LDAP - - LDAP_URL={{ epas_ldap_url }} # url del server LDAP, per esempio ldap://ldap.cnr.it:389 - - LDAP_STARTTLS={{ epas_ldap_starttls_enabled }} # Deve valere true quando è richiesto TLS sulla porta 389. False quando viene usato ldaps sulla 636 - - LDAP_TIMEOUT={{ epas_ldap_timeout }} # default: 1000. Time in millisecondi della connessione LDAP. - - LDAP_DN_BASE={{ epas_ldap_base_dn }} # DN per la ricerca degli utenti su LDAP, per esempio ou=People,dc=iit,dc=cnr,dc=it - - LDAP_LOGIN_RETURN={{ epas_ldap_login_return_uri }} # default: /. Indirizzo relativo di reindirizzamento dopo il login LDAP. - - LDAP_EPPN_ATTRIBUTE_NAME={{ epas_ldap_eppn_attribute_name }} # default: eduPersonPrincipalName. Campo LDAP utilizzato per il mapping con il campo eppn presente in ePAS. -{% if epas_ldap_authenticated_bind %} - - LDAP_BIND_DN={{ epas_ldap_bind_dn }} - - LDAP_BIND_CREDENTIALS={{ epas_ldap_bind_credentials }} - - LDAP_AUTHENTICATE_USER_SEARCH_DN={{ epas_ldap_authenticate_user_search_dn }} -{% endif %} -{% if epas_flows_enabled %} - - FLOWS_ACTIVE=true # defalut: false --(true,false) -- se impostato a true abilita l'utilizzo dei flussi interni a ePAS - - URL_ATTESTATI={{ epas_attestati_url }} # default: https://attestativ2.rm.cnr.it - - URL_USER={{ epas_attestati_user }} - - URL_PASS={{ epas_attestati_password }} -{% endif %} - #### Invio Segnalazioni via email - #- REPORT_TO=${REPORT_TO} # default: epas@iit.cnr.it - #- REPORT_FROM=${REPORT_FROM} # default: segnalazioni@epas.tools.iit.cnr.it - #- REPORT_SUBJECT=${REPORT_SUBJECT} # default: Segnalazione ePAS - deploy: - mode: replicated - replicas: 1 - endpoint_mode: dnsrr - placement: - constraints: - - node.role == worker - - {{ epas_node_constraints }} - restart_policy: - condition: on-failure - delay: 5s - max_attempts: 3 - window: 120s - logging: - driver: 'journald' - -{% if epas_dockerized_db %} - postgres: - image: {{ epas_db_image }} - environment: - POSTGRES_PASSWORD: {{ epas_db_pwd }} - POSTGRES_DB: postgres - POSTGRES_USER: postgres - POSTGRES_PORT: 5432 - PGDATA: /var/lib/postgresql/data/pg_data - networks: - - {{ epas_docker_network }} - volumes: - - {{ epas_pg_data_volume }}:/var/lib/postgresql/data/pg_data - - {{ epas_pg_backups_volume }}:/tmp:ro - - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro - deploy: - mode: replicated - replicas: 1 - endpoint_mode: dnsrr - placement: - constraints: {{ epas_db_constraints }} - restart_policy: - condition: on-failure - delay: 5s - max_attempts: 3 - window: 120s - logging: - driver: 'journald' -{% endif %} - diff --git a/templates/epas-teleworker-docker-compose.yml.j2 b/templates/epas-teleworker-docker-compose.yml.j2 new file mode 100644 index 0000000..1bd61a1 --- /dev/null +++ b/templates/epas-teleworker-docker-compose.yml.j2 @@ -0,0 +1,58 @@ +version: '3.2' + +{% if epas_teleworker_behind_haproxy %} +networks: + {{ epas_teleworker_haproxy_public_net }}: + external: true +{% endif %} + +volumes: +{% if epas_teleworker_dockerized_db %} + {{ epas_teleworker_pg_backups_volume }}: + {{ epas_teleworker_db_volume }}: +{% endif %} + + +services: + {{ epas_teleworker_docker_service_server_name }}: + image: {{ epas_teleworker_docker_server_image }} + networks: + - {{ epas_teleworker_docker_network }} + - {{ epas_teleworker_haproxy_public_net }} + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + environment: + - MICRONAUT_SERVER_HOST={{ epas_teleworker_server_host }} + - MICRONAUT_SERVER_PORT={{ epas_teleworker_server_ports }} + - TELEWORK_USERNAME:{{ epas_teleworker_server_username }} + - TELEWORK_PASSWORD:{{ epas_teleworker_server_password }} + #### Connessione DB #### + - POSTGRESQL_SERVER_HOST={{ epas_teleworker_db_host }} + - POSTGRESQL_SERVER_PORT={{ epas_teleworker_db_port }} + - POSTGRESQL_DATABASE_NAME={{ epas_teleworker_db_name }} + - POSTGRESQL_USERNAME={{ epas_teleworker_db_user }} + - POSTGRESQL_PASSWORD={{ epas_teleworker_db_pwd }} + deploy: + mode: replicated + replicas: 1 + endpoint_mode: dnsrr + placement: + constraints: + - node.role == worker + - {{ epas_teleworker_node_constraints }} + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + window: 120s + logging: + driver: 'journald' + +{% if epas_teleworker_dockerized_db %} + epas-teleworker-postgresql: + extends: + file: postgresql.yml + service: epas-teleworker-postgresql + {% endif %} + diff --git a/templates/pg-create-user-db.sh.j2 b/templates/pg-create-user-db.sh.j2 index e5dd8b8..68fd650 100644 --- a/templates/pg-create-user-db.sh.j2 +++ b/templates/pg-create-user-db.sh.j2 @@ -3,10 +3,10 @@ set -e psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL - CREATE USER {{ epas_db_user }} password '{{ epas_db_pwd }}'; - CREATE DATABASE {{ epas_db_name }} - OWNER {{ epas_db_user }} + CREATE USER {{ epas_teleworker_db_user }} password '{{ epas_teleworker_db_pwd }}'; + CREATE DATABASE {{ epas_teleworker_db_name }} + OWNER {{ epas_teleworker_db_user }} ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8' TEMPLATE template0; - GRANT ALL PRIVILEGES ON DATABASE {{ epas_db_name }} TO {{ epas_db_user }}; + GRANT ALL PRIVILEGES ON DATABASE {{ epas_teleworker_db_name }} TO {{ epas_teleworker_db_user }}; EOSQL diff --git a/templates/postgresql.yml b/templates/postgresql.yml new file mode 100644 index 0000000..d3a8b8f --- /dev/null +++ b/templates/postgresql.yml @@ -0,0 +1,32 @@ +version: '2' +services: + epas-teleworker-postgresql: + image: {{epas_teleworker_db_image}} + environment: + - POSTGRES_DB={{epas_telewoerker_db_name}} + - POSTGRES_USER={{epas_telewoerker_db_user}} + - POSTGRES_PASSWORD={{epas_teleworker_db_pwd}} + - POSTGRES_HOST_AUTH_METHOD={{epas_teleworker_db_host_auth_method}} + - PGDATA=/var/lib/postgresql/data/pg_data + ports: + - 5432:5432 + networks: + - {{ epas_teleworker_docker_network }} + volumes: + - {{ epas_teleworker_pg_data_volume }}:/var/lib/postgresql/data/ + - {{ epas_teleworker_pg_backups_volume }}:/tmp:ro + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + deploy: + mode: replicated + replicas: 1 + endpoint_mode: dnsrr + placement: + constraints: {{ epas_teleworker_db_constraints }} + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + window: 120s + logging: + driver: 'journald' diff --git a/vars/main.yml b/vars/main.yml index 235b2fc..a20b17e 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,5 +1,5 @@ --- -epas_compose_dir: '/srv/epas_stack' +epas_teleworker_compose_dir: '/srv/epas_teleworker_stack' epas_psql_pg_data: - - { db_host: '{{ epas_db_host }}', pgsql_version: '{{ epas_pg_version }}', name: '{{ epas_db_name }}', encoding: 'UTF8', user: '{{ epas_db_user }}', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ epas_db_pwd }}', managedb: True, allowed_hosts: '{{ epas_db_allowed_hosts }}' } + - { db_host: '{{ epas_teleworker_db_host }}', pgsql_version: '{{ epas_teleworker_pg_version }}', name: '{{ epas_teleworker_db_name }}', encoding: 'UTF8', user: '{{ epas_teleworker_db_user }}', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ epas_teleworker_db_pwd }}', managedb: True, allowed_hosts: '{{ epas_teleworker_db_allowed_hosts }}' }