Updated template

2021-12-20 17:50:07 +01:00 · 2021-12-20 17:50:07 +01:00 · 34dcdaa1cc
parent 408d2ba44d
commit 34dcdaa1cc
8 changed files with 174 additions and 156 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 # ---> Ansible
 *.retry

+/.project
--- a/README.md
+++ b/README.md
@ -9,58 +9,70 @@ Role Variables
 The most important variables are listed below:

 ``` yaml
-epasmedmed_docker_stack_name: 'epasmed_prod'
+epasmed_docker_stack_name: 'epasmed_prod'
 epasmed_docker_service_server_name: 'epasmed'
 epasmed_docker_registry: ''
 epasmed_docker_server_image: 'giancarlopanichi/epasmed:latest'
-epasmed_docker_registry_user: 'epasmed.user'
-epasmed_docker_registry_pwd: 'use a vault file'
 epasmed_docker_network: 'epasmed_net'
-epasmed_attachments_node: 'localhost'
-epasmed_attachments_volume: 'epasmed_attachments_data'
-epasmed_node_constraints: 'node.labels.epasmed_storage == attachments'
 epasmed_behind_haproxy: True
 epasmed_haproxy_public_net: 'haproxy-public'
+
 # DB
 # Set to true if postgresql must be a container too
 epasmed_dockerized_db: False
-# IMPORTANT. Set it to True for the server that is going to host the DB
-epasmed_docker_db_node: False
 epasmed_pg_version: '12'
 epasmed_db_image: 'postgres:{{ epasmed_pg_version }}-alpine'
 # The default hostname is the name of the container service
 epasmed_db_host: 'postgres'
 epasmed_db_name: 'epasmed_prod_db'
+epasmed_db_url: 'jdbc:postgresql://epasmed-postgresql:5432/epasmed'
 epasmed_db_allowed_hosts:
  - '127.0.0.1'
+epasmed_db_user: 'epasmed'
 #epasmed_db_pwd: 'set it in a vault file'
-epasmed_db_user: 'epasmed_prod_user'
+epasmed_db_host_auth_method: 'password' #scram-sha-256, md5, password, trust...
+epasmed_docker_db_node: 'localhost'
 epasmed_db_volume: 'epasmed_prod_pg_data'
-epasmed_db_constraints: '[node.labels.pg_data==epasmed_db]'
-epasmed_pg_data_volume: 'epasmed_db_data'
-epasmed_pg_backups_volume: 'epasmed_db_data'
-psql_db_data: '{{ epasmed_psql_pg_data }}'
-# Environment
-epasmed_server_hostname: 'epasmed.example.com'
-## SMTP
-epasmed_smtp_server: 'localhost'
-epasmed_smtp_port: 587
-epasmed_smtp_channel: 'starttls'
-epasmed_smtp_from: 'epasmed@cnr.it'
-epasmed_smtp_protocol: 'smtp'
-epasmed_smtp_authentication: True
-epasmed_smtp_user: ''
-epasmed_smtp_password: 'use a vault file'
-```
-<!-- ## LDAP
-epasmed_ldap_login: 'false'
-epasmed_ldap_url: 'ldap://ldap.example.org:389'
-epasmed_ldap_timeout: 1000
-epasmed_ldap_base_dn: 'ou=People,dc=example,dc=org'
-epasmed_ldap_login_return_uri: '/.'
-epasmed_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
-->
+epasmed_db_constraints: '[node.labels.epasmed_pg_data==epasmed_db]'
+epasmed_pg_data_volume: '~/volumes/jhipster/epasmed/postgresql/'
+epasmed_pg_backups_volume: '~/volumes/jhipster/epasmed/postgresql/'

+# Environment
+epasmed_server_hostname: 'epasmed.isti.cnr.it'
+epasmed_spring_profile_active: 'prod,swagger'
+
+# Mail
+epasmed_spring_mail_host: 'localhost'
+epasmed_spring_mail_port: '25'
+epasmed_spring_mail_username: ''
+epasmed_spring_mail_password: ''
+
+# Metrics
+epasmed_management_metrics_export_prometheus_enabled: 'true'       
+
+# Jhipster
+epasmed_jhipster_sleep: '30'
+#epasmed_jhipster_security_rememberme_key: 'set it in a vault file'
+
+# Logging
+epasmed_logging_level: 'DEBUG'
+
+# Application
+epasmed_application_datasourceepasmed_liquibase_contexts: 'prod, faker'
+epasmed_application_datasourceepasmed_liquibase_changelog: 'classpath:config/liquibase/epasmed/master.xml'
+epasmed_application_datasourceepasmed_liquibase_enabled: 'true'
+epasmed_application_datasourcesistemainformativo_datasource_url: 'jdbc:postgresql://sistemainformativo-dev.isti.cnr.it:5432/sistemainformativo' 
+epasmed_application_datasourcesistemainformativo_datasource_username: 'epasmed'
+epasmed_application_datasourcesistemainformativo_datasource_password: ''
+epasmed_application_datasourceepasrest_resturl: 'https://epas.isti.cnr.it/rest'
+epasmed_application_datasourceepasrest_restusername1: 'isti_registry_manager'
+epasmed_application_datasourceepasrest_restpassword1: ''
+epasmed_application_datasourceepasrest_restusername2: 'isti_person_day_reader'
+epasmed_application_datasourceepasrest_restpassword2: ''
+epasmed_application_datasourceepasrest_restusername3: 'userISTI'
+epasmed_application_datasourceepasrest_restpassword3: ''
+
+```

 Dependencies
 ------------
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,60 +1,56 @@
 ---
-epas_docker_stack_name: 'epas_prod'
-epas_docker_service_server_name: 'epas'
-epas_docker_registry: 'docker-registry.services.iit.cnr.it'
-epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable'
-epas_docker_registry_user: 'epas.user'
-epas_docker_registry_pwd: 'use a vault file'
-epas_docker_network: 'epas_net'
-epas_docker_attachments_node: 'localhost'
-epas_attachments_volume: 'epas_attachments_data'
-epas_node_constraints: 'node.labels.epas_storage == attachments'
-epas_behind_haproxy: True
-epas_haproxy_public_net: 'haproxy-public'
+epasmed_docker_stack_name: 'epasmed_prod'
+epasmed_docker_service_server_name: 'epasmed'
+epasmed_docker_registry: ''
+epasmed_docker_server_image: 'giancarlopanichi/epasmed:latest'
+epasmed_docker_network: 'epasmed_net'
+epasmed_behind_haproxy: True
+epasmed_haproxy_public_net: 'haproxy-public'
 # DB
 # Set to true if postgresql must be a container too
-epas_dockerized_db: False
-epas_pg_version: '12'
-epas_db_image: 'postgres:{{ epas_pg_version }}-alpine'
+epasmed_dockerized_db: False
+epasmed_pg_version: '12'
+epasmed_db_image: 'postgres:{{ epasmed_pg_version }}-alpine'
 # The default hostname is the name of the container service
-epas_db_host: 'postgres'
-epas_db_name: 'epas_prod_db'
-epas_db_allowed_hosts:
+epasmed_db_host: 'postgres'
+epasmed_db_name: 'epasmed_prod_db'
+epasmed_db_url: 'jdbc:postgresql://epasmed-postgresql:5432/epasmed'
+epasmed_db_allowed_hosts:
  - '127.0.0.1'
-#epas_db_pwd: 'set it in a vault file'
-epas_db_user: 'epas_prod_user'
-epas_docker_db_node: 'localhost'
-epas_db_volume: 'epas_prod_pg_data'
-epas_db_constraints: '[node.labels.epas_pg_data==epas_db]'
-epas_pg_data_volume: 'epas_db_data'
-epas_pg_backups_volume: 'epas_db_data'
-psql_db_data: '{{ epas_psql_pg_data }}'
+epasmed_db_user: 'epasmed'
+#epasmed_db_pwd: 'set it in a vault file'
+epasmed_db_host_auth_method: 'password' #scram-sha-256, md5, password, trust...
+epasmed_docker_db_node: 'localhost'
+epasmed_db_volume: 'epasmed_prod_pg_data'
+epasmed_db_constraints: '[node.labels.epasmed_pg_data==epasmed_db]'
+epasmed_pg_data_volume: '~/volumes/jhipster/epasmed/postgresql/'
+epasmed_pg_backups_volume: '~/volumes/jhipster/epasmed/postgresql/'
 # Environment
-epas_server_hostname: 'epas.example.com'
-epas_flows_enabled: False
-epas_attestati_url: 'https://attestativ2.rm.cnr.it'
-epas_attestati_user: ''
-#epas_attestati_password: 'use a fault'
-## SMTP
-epas_smtp_server: 'localhost'
-epas_smtp_port: 587
-epas_smtp_channel: 'starttls'
-epas_smtp_from: 'epas@cnr.it'
-epas_smtp_protocol: 'smtp'
-epas_smtp_authentication: True
-epas_smtp_user: ''
-epas_smtp_password: 'use a vault file'
-## LDAP
-epas_ldap_login: 'false'
-epas_ldap_url: 'ldap://ldap.example.org:389'
-epas_ldap_timeout: 1000
-epas_ldap_base_dn: 'ou=People,dc=example,dc=org'
-epas_ldap_login_return_uri: '/.'
-epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
-epas_ldap_starttls_enabled: 'false'
-epas_ldap_authenticated_bind: False
-epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org'
-#epas_ldap_bind_credentials: 'use a vault file'
-epas_ldap_authenticate_user_search_dn: 'o=example,c=org'
-epas_log_level: 'INFO'
-epas_log_appenders: 'stderr'
+epasmed_server_hostname: 'epasmed.isti.cnr.it'
+epasmed_spring_profile_active: 'prod,swagger'
+# Mail
+epasmed_spring_mail_host: 'localhost'
+epasmed_spring_mail_port: '25'
+epasmed_spring_mail_username: ''
+epasmed_spring_mail_password: ''
+# Metrics
+epasmed_management_metrics_export_prometheus_enabled: 'true'       
+# Jhipster
+epasmed_jhipster_sleep: '30'
+#epasmed_jhipster_security_rememberme_key: 'set it in a vault file'
+# Logging
+epasmed_logging_level: 'DEBUG'
+# Application
+epasmed_application_datasourceepasmed_liquibase_contexts: 'prod, faker'
+epasmed_application_datasourceepasmed_liquibase_changelog: 'classpath:config/liquibase/epasmed/master.xml'
+epasmed_application_datasourceepasmed_liquibase_enabled: 'true'
+epasmed_application_datasourcesistemainformativo_datasource_url: 'jdbc:postgresql://sistemainformativo-dev.isti.cnr.it:5432/sistemainformativo' 
+epasmed_application_datasourcesistemainformativo_datasource_username: 'epasmed'
+epasmed_application_datasourcesistemainformativo_datasource_password: ''
+epasmed_application_datasourceepasrest_resturl: 'https://epas.isti.cnr.it/rest'
+epasmed_application_datasourceepasrest_restusername1: 'isti_registry_manager'
+epasmed_application_datasourceepasrest_restpassword1: ''
+epasmed_application_datasourceepasrest_restusername2: 'isti_person_day_reader'
+epasmed_application_datasourceepasrest_restpassword2: ''
+epasmed_application_datasourceepasrest_restusername3: 'userISTI'
+epasmed_application_datasourceepasrest_restpassword3: ''
--- a/meta/main.yml
+++ b/meta/main.yml
@ -21,7 +21,7 @@ galaxy_info:
        - 7

  galaxy_tags:
-    - epas
+    - epasmed

 dependencies:
  - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-pgsql-db-management.git
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,57 +1,40 @@
 ---
- name: Manage the installation of the ePAS configuration of the swarm service
+- name: Manage the installation of the ePASMed configuration of the swarm service
  block:
    - name: Create the directory where the DB init script is going to be installed
-      file: dest={{ epas_compose_dir }} state=directory
+      file: dest={{ epasmed_compose_dir }} state=directory

    - name: Install the DB initialization script
-      template: src=pg-create-user-db.sh.j2 dest={{ epas_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555'
+      template: src=pg-create-user-db.sh.j2 dest={{ epasmed_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555'

  when:
    - epas_dockerized_db
    - epas_docker_db_node == ansible_fqdn
-  tags: [ 'epas', 'epas_swarm', 'epas_db' ]
+  tags: [ 'epasmed', 'epasmed_swarm', 'epasmed_db' ]

- name: Manage the installation of the ePAS configuration of the swarm service
+- name: Manage the installation of the ePASMed configuration of the swarm service
  block:
-    - name: Add the label that will be used as a constraint for the attachments volume
-      docker_node:
-        hostname: '{{ epas_docker_attachments_node }}'
-        labels:
-          epas_storage: 'attachments'
-        labels_state: 'merge'
-
    - name: Add the label that will be used as a constraint for the postgresql DB
      docker_node:
-        hostname: '{{ epas_docker_db_node }}'
+        hostname: '{{ epasmed_docker_db_node }}'
        labels:
-          epas_pg_data: 'epas_db'
+          epas_pg_data: 'epasmed_db'
        labels_state: 'merge'
-      when: epas_dockerized_db
+      when: epasmed_dockerized_db

    - name: Create the directory where the compose file will be placed
-      file: dest={{ epas_compose_dir }} state=directory owner=root group=root mode=0750
+      file: dest={{ epasmed_compose_dir }} state=directory owner=root group=root mode=0750

    - name: Install the docker compose file
-      template: src=epas-docker-compose.yml.j2 dest={{ epas_compose_dir }}/docker-epas-stack.yml owner=root group=root mode='0400'
+      template: src=epasmed-docker-compose.yml.j2 dest={{ epasmed_compose_dir }}/docker-epasmed-stack.yml owner=root group=root mode='0400'

-    - name: Login into the IIT registry
-      shell: docker login -u {{ epas_docker_registry_user }} -p {{ epas_docker_registry_pwd }} {{ epas_docker_registry }}
-
-    - name: Start the ePAS stack 
+    - name: Start the ePASMed stack 
      docker_stack:
-        name: '{{ epas_docker_stack_name }}'
+        name: '{{ epasmed_docker_stack_name }}'
        state: present
        with_registry_auth: True
        compose:
-          - '{{ epas_compose_dir }}/docker-epas-stack.yml'
-
-    # - name: Connect the ePAS service to the haproxy-public network
-    #   command: docker service update --network-add {{ epas_haproxy_public_net }} {{ item }} --update-delay 30s --update-parallelism 1
-    #   with_items:
-    #     - '{{ epas_docker_stack_name }}_{{ epas_docker_service_server_name }}'
-    #   ignore_errors: True
-    #   when: epas_behind_haproxy
+          - '{{ epasmed_compose_dir }}/docker-epasmed-stack.yml'

  when: docker_swarm_manager_node is defined and docker_swarm_manager_node
-  tags: [ 'epas', 'epas_swarm', 'epas_server' ]
+  tags: [ 'epasmed', 'epasmed_swarm', 'epasmed_server' ]
--- a/templates/epasmed-docker-compose.yml.j2
+++ b/templates/epasmed-docker-compose.yml.j2
@ -6,7 +6,6 @@ networks:
  {{ epasmed_docker_network }}:

 volumes:
-  {{ epasmed_attachments_volume }}:
 {% if epasmed_dockerized_db %}
  {{ epasmed_pg_backups_volume }}:
  {{ epasmed_db_volume }}:
@ -17,17 +16,39 @@ services:
    image: {{ epasmed_docker_server_image }}
    environment:
   	  - _JAVA_OPTIONS=-Xmx512m -Xms256m
-      - SPRING_PROFILES_ACTIVE=prod,swagger
-      - MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED=true
-      - APPLICATION_DATASOURCEEPASMED_DATASOURCE_URL=jdbc:postgresql://epasmed-postgresql:5432/epasmed
-      - JHIPSTER_SLEEP=30 # gives time for other services to boot before the application
+      - SPRING_PROFILES_ACTIVE={{epasmed_spring_profile_active}}
+      - SPRING_MAIL_HOST={{epasmed_spring_mail_host}}
+      - SPRING_MAIL_PORT={{epasmed_spring_mail_port}}
+      - SPRING_MAIL_USERNAME={{epasmed_spring_mail_username}}
+      - SPRING_MAIL_PASSWORD={{epasmed_spring_mail_password}}
+      - MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED={{epasmed_management_metrics_export_prometheus_enabled}}
+      - JHIPSTER_SLEEP={{epasmed_jhipster_sleep}} # gives time for other services to boot before the application
+      - JHIPSTER_SECURITY_REMEMBERME_KEY={{epasmed_jhipster_security_rememberme_key}}
+      - LOGGING_LEVEL_ROOT={{epasmed_logging_level}}
+      - LOGGING_LEVEL_IO_GITHUB_JHIPSTER={{epasmed_logging_level}}
+      - LOGGING_LEVEL_IT_CNR_ISTI_EPASMED={{epasmed_logging_level}}
+      - APPLICATION_DATASOURCEEPASMED_DATASOURCE_URL={{epasmed_db_url}}
+      - APPLICATION_DATASOURCEEPASMED_DATASOURCE_USERNAME={{epasmed_db_user}}
+      - APPLICATION_DATASOURCEEPASMED_DATASOURCE_PASSWORD={{epasmed_db_pwd}}
+      - APPLICATION_DATASOURCEEPASMED_LIQUIBASE_CONTEXTS={{epasmed_application_datasourceepasmed_liquibase_contexts}}
+      - APPLICATION_DATASOURCEEPASMED_LIQUIBASE_CHANGELOG={{epasmed_application_datasourceepasmed_liquibase_changelog}}
+      - APPLICATION_DATASOURCEEPASMED_LIQUIBASE_ENABLED={{epasmed_application_datasourceepasmed_liquibase_enabled}}
+      - APPLICATION_DATASOURCESISTEMAINFORMATIVO_DATASOURCE_URL={{epasmed_application_datasourcesistemainformativo_datasource_url}}
+      - APPLICATION_DATASOURCESISTEMAINFORMATIVO_DATASOURCE_USERNAME={{epasmed_application_datasourcesistemainformativo_datasource_username}}
+      - APPLICATION_DATASOURCESISTEMAINFORMATIVO_DATASOURCE_PASSWORD={{epasmed_application_datasourcesistemainformativo_datasource_password}}
+      - APPLICATION_DATASOURCEEPASREST_RESTURL={{epasmed_application_datasourceepasrest_resturl}}
+      - APPLICATION_DATASOURCEEPASREST_RESTUSERNAME1={{epasmed_application_datasourceepasrest_restusername1}}
+      - APPLICATION_DATASOURCEEPASREST_RESTPASSWORD1={{epasmed_application_datasourceepasrest_restpassword1}}
+      - APPLICATION_DATASOURCEEPASREST_RESTUSERNAME2={{epasmed_application_datasourceepasrest_restusername2}}
+      - APPLICATION_DATASOURCEEPASREST_RESTPASSWORD2={{epasmed_application_datasourceepasrest_restpassword2}}
+      - APPLICATION_DATASOURCEEPASREST_RESTUSERNAME3={{epasmed_application_datasourceepasrest_restusername3}}
+      - APPLICATION_DATASOURCEEPASREST_RESTPASSWORD3={{epasmed_application_datasourceepasrest_restpassword3}}
    ports:
      - 80:80
    networks:
      - {{ epasmed_docker_network }}
      - {{ epasmed_haproxy_public_net }}
    volumes:
-      - {{ epasmed_attachments_volume }}:/home/epasmed/epasmed/data/attachments
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    deploy:
@ -47,35 +68,10 @@ services:
      driver: 'journald'

 {% if epasmed_dockerized_db %}
-  epasmed-postgresql:
-    image: {{ epasmed_db_image }}
-    environment:
-      - POSTGRES_PASSWORD: {{ epasmed_db_pwd }}
-      - POSTGRES_DB: epasmed
-      - POSTGRES_USER: epasmed
-      - POSTGRES_PORT: 5432
-      - POSTGRES_HOST_AUTH_METHOD=trust
-      - PGDATA: /var/lib/postgresql/data/pg_data
-    networks:
-      - {{ epasmed_docker_network }}
-    volumes:
-      - {{ epasmed_pg_data_volume }}:/var/lib/postgresql/data/pg_data
-      - {{ epasmed_pg_backups_volume }}:/tmp:ro
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/timezone:/etc/timezone:ro
-    deploy:
-      mode: replicated
-      replicas: 1
-      endpoint_mode: dnsrr
-      placement:
-        constraints: {{ epasmed_db_constraints }}
-      restart_policy:
-        condition: on-failure
-        delay: 5s
-        max_attempts: 3
-        window: 120s
-    logging:
-      driver: 'journald'
-{% endif %}
+   epasmed-postgresql:
+    extends:
+      file: postgresql.yml
+      service: epasmed-postgresql 
+ {% endif %}

 
--- a/templates/postgresql.yml
+++ b/templates/postgresql.yml
@ -0,0 +1,30 @@
+version: '2'
+services:
+  epasmed-postgresql:
+    image: {{epasmed_db_image}}
+    environment:
+      - POSTGRES_USER={{epasmed_db_user}}
+      - POSTGRES_PASSWORD={{epasmed_db_pwd}}
+      - POSTGRES_HOST_AUTH_METHOD={{epasmed_db_host_auth_method}}
+    ports:
+      - 5432:5432
+    networks:
+      - {{ epasmed_docker_network }}
+    volumes:
+      - {{ epasmed_pg_data_volume }}:/var/lib/postgresql/data/
+      - {{ epasmed_pg_backups_volume }}:/tmp:ro
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+    deploy:
+      mode: replicated
+      replicas: 1
+      endpoint_mode: dnsrr
+      placement:
+        constraints: {{ epasmed_db_constraints }}
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 3
+        window: 120s
+    logging:
+      driver: 'journald'
--- a/templates/prometheus/prometheus.yml
+++ b/templates/prometheus/prometheus.yml
@ -28,4 +28,4 @@ scrape_configs:
    static_configs:
      - targets:
          # On MacOS, replace localhost by host.docker.internal
-          - localhost:8080
+          - localhost:80