ePAS-ISTI
/
ansible-role-epasmed
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updated template

This commit is contained in:
Giancarlo Panichi 2021-12-20 17:50:07 +01:00
parent 408d2ba44d
commit 34dcdaa1cc
8 changed files with 174 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
# ---> Ansible # ---> Ansible
*.retry *.retry
/.project

78
README.md
View File

@ -9,58 +9,70 @@ Role Variables
The most important variables are listed below: The most important variables are listed below:
``` yaml ``` yaml
epasmedmed_docker_stack_name: 'epasmed_prod' epasmed_docker_stack_name: 'epasmed_prod'
epasmed_docker_service_server_name: 'epasmed' epasmed_docker_service_server_name: 'epasmed'
epasmed_docker_registry: '' epasmed_docker_registry: ''
epasmed_docker_server_image: 'giancarlopanichi/epasmed:latest' epasmed_docker_server_image: 'giancarlopanichi/epasmed:latest'
epasmed_docker_registry_user: 'epasmed.user'
epasmed_docker_registry_pwd: 'use a vault file'
epasmed_docker_network: 'epasmed_net' epasmed_docker_network: 'epasmed_net'
epasmed_attachments_node: 'localhost'
epasmed_attachments_volume: 'epasmed_attachments_data'
epasmed_node_constraints: 'node.labels.epasmed_storage == attachments'
epasmed_behind_haproxy: True epasmed_behind_haproxy: True
epasmed_haproxy_public_net: 'haproxy-public' epasmed_haproxy_public_net: 'haproxy-public'
# DB # DB
# Set to true if postgresql must be a container too # Set to true if postgresql must be a container too
epasmed_dockerized_db: False epasmed_dockerized_db: False
# IMPORTANT. Set it to True for the server that is going to host the DB
epasmed_docker_db_node: False
epasmed_pg_version: '12' epasmed_pg_version: '12'
epasmed_db_image: 'postgres:{{ epasmed_pg_version }}-alpine' epasmed_db_image: 'postgres:{{ epasmed_pg_version }}-alpine'
# The default hostname is the name of the container service # The default hostname is the name of the container service
epasmed_db_host: 'postgres' epasmed_db_host: 'postgres'
epasmed_db_name: 'epasmed_prod_db' epasmed_db_name: 'epasmed_prod_db'
epasmed_db_url: 'jdbc:postgresql://epasmed-postgresql:5432/epasmed'
epasmed_db_allowed_hosts: epasmed_db_allowed_hosts:
- '127.0.0.1' - '127.0.0.1'
epasmed_db_user: 'epasmed'
#epasmed_db_pwd: 'set it in a vault file' #epasmed_db_pwd: 'set it in a vault file'
epasmed_db_user: 'epasmed_prod_user' epasmed_db_host_auth_method: 'password' #scram-sha-256, md5, password, trust...
epasmed_docker_db_node: 'localhost'
epasmed_db_volume: 'epasmed_prod_pg_data' epasmed_db_volume: 'epasmed_prod_pg_data'
epasmed_db_constraints: '[node.labels.pg_data==epasmed_db]' epasmed_db_constraints: '[node.labels.epasmed_pg_data==epasmed_db]'
epasmed_pg_data_volume: 'epasmed_db_data' epasmed_pg_data_volume: '~/volumes/jhipster/epasmed/postgresql/'
epasmed_pg_backups_volume: 'epasmed_db_data' epasmed_pg_backups_volume: '~/volumes/jhipster/epasmed/postgresql/'
psql_db_data: '{{ epasmed_psql_pg_data }}'
# Environment
epasmed_server_hostname: 'epasmed.example.com'
## SMTP
epasmed_smtp_server: 'localhost'
epasmed_smtp_port: 587
epasmed_smtp_channel: 'starttls'
epasmed_smtp_from: 'epasmed@cnr.it'
epasmed_smtp_protocol: 'smtp'
epasmed_smtp_authentication: True
epasmed_smtp_user: ''
epasmed_smtp_password: 'use a vault file'
```
<!-- ## LDAP
epasmed_ldap_login: 'false'
epasmed_ldap_url: 'ldap://ldap.example.org:389'
epasmed_ldap_timeout: 1000
epasmed_ldap_base_dn: 'ou=People,dc=example,dc=org'
epasmed_ldap_login_return_uri: '/.'
epasmed_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
-->
# Environment
epasmed_server_hostname: 'epasmed.isti.cnr.it'
epasmed_spring_profile_active: 'prod,swagger'
# Mail
epasmed_spring_mail_host: 'localhost'
epasmed_spring_mail_port: '25'
epasmed_spring_mail_username: ''
epasmed_spring_mail_password: ''
# Metrics
epasmed_management_metrics_export_prometheus_enabled: 'true'
# Jhipster
epasmed_jhipster_sleep: '30'
#epasmed_jhipster_security_rememberme_key: 'set it in a vault file'
# Logging
epasmed_logging_level: 'DEBUG'
# Application
epasmed_application_datasourceepasmed_liquibase_contexts: 'prod, faker'
epasmed_application_datasourceepasmed_liquibase_changelog: 'classpath:config/liquibase/epasmed/master.xml'
epasmed_application_datasourceepasmed_liquibase_enabled: 'true'
epasmed_application_datasourcesistemainformativo_datasource_url: 'jdbc:postgresql://sistemainformativo-dev.isti.cnr.it:5432/sistemainformativo'
epasmed_application_datasourcesistemainformativo_datasource_username: 'epasmed'
epasmed_application_datasourcesistemainformativo_datasource_password: ''
epasmed_application_datasourceepasrest_resturl: 'https://epas.isti.cnr.it/rest'
epasmed_application_datasourceepasrest_restusername1: 'isti_registry_manager'
epasmed_application_datasourceepasrest_restpassword1: ''
epasmed_application_datasourceepasrest_restusername2: 'isti_person_day_reader'
epasmed_application_datasourceepasrest_restpassword2: ''
epasmed_application_datasourceepasrest_restusername3: 'userISTI'
epasmed_application_datasourceepasrest_restpassword3: ''
```
Dependencies Dependencies
------------ ------------

104
defaults/main.yml
View File

@ -1,60 +1,56 @@
--- ---
epas_docker_stack_name: 'epas_prod' epasmed_docker_stack_name: 'epasmed_prod'
epas_docker_service_server_name: 'epas' epasmed_docker_service_server_name: 'epasmed'
epas_docker_registry: 'docker-registry.services.iit.cnr.it' epasmed_docker_registry: ''
epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable' epasmed_docker_server_image: 'giancarlopanichi/epasmed:latest'
epas_docker_registry_user: 'epas.user' epasmed_docker_network: 'epasmed_net'
epas_docker_registry_pwd: 'use a vault file' epasmed_behind_haproxy: True
epas_docker_network: 'epas_net' epasmed_haproxy_public_net: 'haproxy-public'
epas_docker_attachments_node: 'localhost'
epas_attachments_volume: 'epas_attachments_data'
epas_node_constraints: 'node.labels.epas_storage == attachments'
epas_behind_haproxy: True
epas_haproxy_public_net: 'haproxy-public'
# DB # DB
# Set to true if postgresql must be a container too # Set to true if postgresql must be a container too
epas_dockerized_db: False epasmed_dockerized_db: False
epas_pg_version: '12' epasmed_pg_version: '12'
epas_db_image: 'postgres:{{ epas_pg_version }}-alpine' epasmed_db_image: 'postgres:{{ epasmed_pg_version }}-alpine'
# The default hostname is the name of the container service # The default hostname is the name of the container service
epas_db_host: 'postgres' epasmed_db_host: 'postgres'
epas_db_name: 'epas_prod_db' epasmed_db_name: 'epasmed_prod_db'
epas_db_allowed_hosts: epasmed_db_url: 'jdbc:postgresql://epasmed-postgresql:5432/epasmed'
epasmed_db_allowed_hosts:
- '127.0.0.1' - '127.0.0.1'
#epas_db_pwd: 'set it in a vault file' epasmed_db_user: 'epasmed'
epas_db_user: 'epas_prod_user' #epasmed_db_pwd: 'set it in a vault file'
epas_docker_db_node: 'localhost' epasmed_db_host_auth_method: 'password' #scram-sha-256, md5, password, trust...
epas_db_volume: 'epas_prod_pg_data' epasmed_docker_db_node: 'localhost'
epas_db_constraints: '[node.labels.epas_pg_data==epas_db]' epasmed_db_volume: 'epasmed_prod_pg_data'
epas_pg_data_volume: 'epas_db_data' epasmed_db_constraints: '[node.labels.epasmed_pg_data==epasmed_db]'
epas_pg_backups_volume: 'epas_db_data' epasmed_pg_data_volume: '~/volumes/jhipster/epasmed/postgresql/'
psql_db_data: '{{ epas_psql_pg_data }}' epasmed_pg_backups_volume: '~/volumes/jhipster/epasmed/postgresql/'
# Environment # Environment
epas_server_hostname: 'epas.example.com' epasmed_server_hostname: 'epasmed.isti.cnr.it'
epas_flows_enabled: False epasmed_spring_profile_active: 'prod,swagger'
epas_attestati_url: 'https://attestativ2.rm.cnr.it' # Mail
epas_attestati_user: '' epasmed_spring_mail_host: 'localhost'
#epas_attestati_password: 'use a fault' epasmed_spring_mail_port: '25'
## SMTP epasmed_spring_mail_username: ''
epas_smtp_server: 'localhost' epasmed_spring_mail_password: ''
epas_smtp_port: 587 # Metrics
epas_smtp_channel: 'starttls' epasmed_management_metrics_export_prometheus_enabled: 'true'
epas_smtp_from: 'epas@cnr.it' # Jhipster
epas_smtp_protocol: 'smtp' epasmed_jhipster_sleep: '30'
epas_smtp_authentication: True #epasmed_jhipster_security_rememberme_key: 'set it in a vault file'
epas_smtp_user: '' # Logging
epas_smtp_password: 'use a vault file' epasmed_logging_level: 'DEBUG'
## LDAP # Application
epas_ldap_login: 'false' epasmed_application_datasourceepasmed_liquibase_contexts: 'prod, faker'
epas_ldap_url: 'ldap://ldap.example.org:389' epasmed_application_datasourceepasmed_liquibase_changelog: 'classpath:config/liquibase/epasmed/master.xml'
epas_ldap_timeout: 1000 epasmed_application_datasourceepasmed_liquibase_enabled: 'true'
epas_ldap_base_dn: 'ou=People,dc=example,dc=org' epasmed_application_datasourcesistemainformativo_datasource_url: 'jdbc:postgresql://sistemainformativo-dev.isti.cnr.it:5432/sistemainformativo'
epas_ldap_login_return_uri: '/.' epasmed_application_datasourcesistemainformativo_datasource_username: 'epasmed'
epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName' epasmed_application_datasourcesistemainformativo_datasource_password: ''
epas_ldap_starttls_enabled: 'false' epasmed_application_datasourceepasrest_resturl: 'https://epas.isti.cnr.it/rest'
epas_ldap_authenticated_bind: False epasmed_application_datasourceepasrest_restusername1: 'isti_registry_manager'
epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org' epasmed_application_datasourceepasrest_restpassword1: ''
#epas_ldap_bind_credentials: 'use a vault file' epasmed_application_datasourceepasrest_restusername2: 'isti_person_day_reader'
epas_ldap_authenticate_user_search_dn: 'o=example,c=org' epasmed_application_datasourceepasrest_restpassword2: ''
epas_log_level: 'INFO' epasmed_application_datasourceepasrest_restusername3: 'userISTI'
epas_log_appenders: 'stderr' epasmed_application_datasourceepasrest_restpassword3: ''

2
meta/main.yml
View File

@ -21,7 +21,7 @@ galaxy_info:
- 7 - 7
galaxy_tags: galaxy_tags:
- epas - epasmed
dependencies: dependencies:
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-pgsql-db-management.git - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-pgsql-db-management.git

45
tasks/main.yml
View File

@ -1,57 +1,40 @@
--- ---
- name: Manage the installation of the ePAS configuration of the swarm service - name: Manage the installation of the ePASMed configuration of the swarm service
block: block:
- name: Create the directory where the DB init script is going to be installed - name: Create the directory where the DB init script is going to be installed
file: dest={{ epas_compose_dir }} state=directory file: dest={{ epasmed_compose_dir }} state=directory
- name: Install the DB initialization script - name: Install the DB initialization script
template: src=pg-create-user-db.sh.j2 dest={{ epas_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555' template: src=pg-create-user-db.sh.j2 dest={{ epasmed_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555'
when: when:
- epas_dockerized_db - epas_dockerized_db
- epas_docker_db_node == ansible_fqdn - epas_docker_db_node == ansible_fqdn
tags: [ 'epas', 'epas_swarm', 'epas_db' ] tags: [ 'epasmed', 'epasmed_swarm', 'epasmed_db' ]
- name: Manage the installation of the ePAS configuration of the swarm service - name: Manage the installation of the ePASMed configuration of the swarm service
block: block:
- name: Add the label that will be used as a constraint for the attachments volume
docker_node:
hostname: '{{ epas_docker_attachments_node }}'
labels:
epas_storage: 'attachments'
labels_state: 'merge'
- name: Add the label that will be used as a constraint for the postgresql DB - name: Add the label that will be used as a constraint for the postgresql DB
docker_node: docker_node:
hostname: '{{ epas_docker_db_node }}' hostname: '{{ epasmed_docker_db_node }}'
labels: labels:
epas_pg_data: 'epas_db' epas_pg_data: 'epasmed_db'
labels_state: 'merge' labels_state: 'merge'
when: epas_dockerized_db when: epasmed_dockerized_db
- name: Create the directory where the compose file will be placed - name: Create the directory where the compose file will be placed
file: dest={{ epas_compose_dir }} state=directory owner=root group=root mode=0750 file: dest={{ epasmed_compose_dir }} state=directory owner=root group=root mode=0750
- name: Install the docker compose file - name: Install the docker compose file
template: src=epas-docker-compose.yml.j2 dest={{ epas_compose_dir }}/docker-epas-stack.yml owner=root group=root mode='0400' template: src=epasmed-docker-compose.yml.j2 dest={{ epasmed_compose_dir }}/docker-epasmed-stack.yml owner=root group=root mode='0400'
- name: Login into the IIT registry - name: Start the ePASMed stack
shell: docker login -u {{ epas_docker_registry_user }} -p {{ epas_docker_registry_pwd }} {{ epas_docker_registry }}
- name: Start the ePAS stack
docker_stack: docker_stack:
name: '{{ epas_docker_stack_name }}' name: '{{ epasmed_docker_stack_name }}'
state: present state: present
with_registry_auth: True with_registry_auth: True
compose: compose:
- '{{ epas_compose_dir }}/docker-epas-stack.yml' - '{{ epasmed_compose_dir }}/docker-epasmed-stack.yml'
# - name: Connect the ePAS service to the haproxy-public network
# command: docker service update --network-add {{ epas_haproxy_public_net }} {{ item }} --update-delay 30s --update-parallelism 1
# with_items:
# - '{{ epas_docker_stack_name }}_{{ epas_docker_service_server_name }}'
# ignore_errors: True
# when: epas_behind_haproxy
when: docker_swarm_manager_node is defined and docker_swarm_manager_node when: docker_swarm_manager_node is defined and docker_swarm_manager_node
tags: [ 'epas', 'epas_swarm', 'epas_server' ] tags: [ 'epasmed', 'epasmed_swarm', 'epasmed_server' ]

68
templates/epasmed-docker-compose.yml.j2
View File

@ -6,7 +6,6 @@ networks:
{{ epasmed_docker_network }}: {{ epasmed_docker_network }}:
volumes: volumes:
{{ epasmed_attachments_volume }}:
{% if epasmed_dockerized_db %} {% if epasmed_dockerized_db %}
{{ epasmed_pg_backups_volume }}: {{ epasmed_pg_backups_volume }}:
{{ epasmed_db_volume }}: {{ epasmed_db_volume }}:
@ -17,17 +16,39 @@ services:
image: {{ epasmed_docker_server_image }} image: {{ epasmed_docker_server_image }}
environment: environment:
- _JAVA_OPTIONS=-Xmx512m -Xms256m - _JAVA_OPTIONS=-Xmx512m -Xms256m
- SPRING_PROFILES_ACTIVE=prod,swagger - SPRING_PROFILES_ACTIVE={{epasmed_spring_profile_active}}
- MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED=true - SPRING_MAIL_HOST={{epasmed_spring_mail_host}}
- APPLICATION_DATASOURCEEPASMED_DATASOURCE_URL=jdbc:postgresql://epasmed-postgresql:5432/epasmed - SPRING_MAIL_PORT={{epasmed_spring_mail_port}}
- JHIPSTER_SLEEP=30 # gives time for other services to boot before the application - SPRING_MAIL_USERNAME={{epasmed_spring_mail_username}}
- SPRING_MAIL_PASSWORD={{epasmed_spring_mail_password}}
- MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED={{epasmed_management_metrics_export_prometheus_enabled}}
- JHIPSTER_SLEEP={{epasmed_jhipster_sleep}} # gives time for other services to boot before the application
- JHIPSTER_SECURITY_REMEMBERME_KEY={{epasmed_jhipster_security_rememberme_key}}
- LOGGING_LEVEL_ROOT={{epasmed_logging_level}}
- LOGGING_LEVEL_IO_GITHUB_JHIPSTER={{epasmed_logging_level}}
- LOGGING_LEVEL_IT_CNR_ISTI_EPASMED={{epasmed_logging_level}}
- APPLICATION_DATASOURCEEPASMED_DATASOURCE_URL={{epasmed_db_url}}
- APPLICATION_DATASOURCEEPASMED_DATASOURCE_USERNAME={{epasmed_db_user}}
- APPLICATION_DATASOURCEEPASMED_DATASOURCE_PASSWORD={{epasmed_db_pwd}}
- APPLICATION_DATASOURCEEPASMED_LIQUIBASE_CONTEXTS={{epasmed_application_datasourceepasmed_liquibase_contexts}}
- APPLICATION_DATASOURCEEPASMED_LIQUIBASE_CHANGELOG={{epasmed_application_datasourceepasmed_liquibase_changelog}}
- APPLICATION_DATASOURCEEPASMED_LIQUIBASE_ENABLED={{epasmed_application_datasourceepasmed_liquibase_enabled}}
- APPLICATION_DATASOURCESISTEMAINFORMATIVO_DATASOURCE_URL={{epasmed_application_datasourcesistemainformativo_datasource_url}}
- APPLICATION_DATASOURCESISTEMAINFORMATIVO_DATASOURCE_USERNAME={{epasmed_application_datasourcesistemainformativo_datasource_username}}
- APPLICATION_DATASOURCESISTEMAINFORMATIVO_DATASOURCE_PASSWORD={{epasmed_application_datasourcesistemainformativo_datasource_password}}
- APPLICATION_DATASOURCEEPASREST_RESTURL={{epasmed_application_datasourceepasrest_resturl}}
- APPLICATION_DATASOURCEEPASREST_RESTUSERNAME1={{epasmed_application_datasourceepasrest_restusername1}}
- APPLICATION_DATASOURCEEPASREST_RESTPASSWORD1={{epasmed_application_datasourceepasrest_restpassword1}}
- APPLICATION_DATASOURCEEPASREST_RESTUSERNAME2={{epasmed_application_datasourceepasrest_restusername2}}
- APPLICATION_DATASOURCEEPASREST_RESTPASSWORD2={{epasmed_application_datasourceepasrest_restpassword2}}
- APPLICATION_DATASOURCEEPASREST_RESTUSERNAME3={{epasmed_application_datasourceepasrest_restusername3}}
- APPLICATION_DATASOURCEEPASREST_RESTPASSWORD3={{epasmed_application_datasourceepasrest_restpassword3}}
ports: ports:
- 80:80 - 80:80
networks: networks:
- {{ epasmed_docker_network }} - {{ epasmed_docker_network }}
- {{ epasmed_haproxy_public_net }} - {{ epasmed_haproxy_public_net }}
volumes: volumes:
- {{ epasmed_attachments_volume }}:/home/epasmed/epasmed/data/attachments
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
deploy: deploy:
@ -47,35 +68,10 @@ services:
driver: 'journald' driver: 'journald'
{% if epasmed_dockerized_db %} {% if epasmed_dockerized_db %}
epasmed-postgresql: epasmed-postgresql:
image: {{ epasmed_db_image }} extends:
environment: file: postgresql.yml
- POSTGRES_PASSWORD: {{ epasmed_db_pwd }} service: epasmed-postgresql
- POSTGRES_DB: epasmed {% endif %}
- POSTGRES_USER: epasmed
- POSTGRES_PORT: 5432
- POSTGRES_HOST_AUTH_METHOD=trust
- PGDATA: /var/lib/postgresql/data/pg_data
networks:
- {{ epasmed_docker_network }}
volumes:
- {{ epasmed_pg_data_volume }}:/var/lib/postgresql/data/pg_data
- {{ epasmed_pg_backups_volume }}:/tmp:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
deploy:
mode: replicated
replicas: 1
endpoint_mode: dnsrr
placement:
constraints: {{ epasmed_db_constraints }}
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
logging:
driver: 'journald'
{% endif %}

30
templates/postgresql.yml Normal file
View File

@ -0,0 +1,30 @@
version: '2'
services:
epasmed-postgresql:
image: {{epasmed_db_image}}
environment:
- POSTGRES_USER={{epasmed_db_user}}
- POSTGRES_PASSWORD={{epasmed_db_pwd}}
- POSTGRES_HOST_AUTH_METHOD={{epasmed_db_host_auth_method}}
ports:
- 5432:5432
networks:
- {{ epasmed_docker_network }}
volumes:
- {{ epasmed_pg_data_volume }}:/var/lib/postgresql/data/
- {{ epasmed_pg_backups_volume }}:/tmp:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
deploy:
mode: replicated
replicas: 1
endpoint_mode: dnsrr
placement:
constraints: {{ epasmed_db_constraints }}
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
logging:
driver: 'journald'

2
templates/prometheus/prometheus.yml
View File

@ -28,4 +28,4 @@ scrape_configs:
static_configs: static_configs:
- targets: - targets:
# On MacOS, replace localhost by host.docker.internal # On MacOS, replace localhost by host.docker.internal
- localhost:8080 - localhost:80