marco.procaccini
/
ansible-role-shinyproxy
forked from ISTI-ansible-roles/ansible-role-shinyproxy
1
0
Fork 0
Code Pull Requests Activity

duplicated variables removed, fixed syntax bug in main.yml, added users.acl secret file and its handlers

This commit is contained in:
Marco Procaccini 2025-07-21 14:53:18 +02:00
parent 88b23a2fa9
commit 9efcf64b31
6 changed files with 51 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
defaults/main.yml
View File

@ -129,8 +129,7 @@ shinyproxy_max_request_size: "{{ shinyproxy_max_file_size }}"
# REDIS for shinyproxy # REDIS for shinyproxy
shinyproxy_redis_installation: false shinyproxy_redis_installation: false
shinyproxy_redis_image: "redis:bookworm" shinyproxy_redis_image: "redis:bookworm"
# shinyproxy_redis_compose_dir: "/srv/shinyproxy_redis_stack"
# shinyproxy_redis_docker_stack_name: ""
# shinyproxy_redis_docker_network:"" # shinyproxy_redis_docker_network:""
# shinyproxy_redis_service_name: "" # shinyproxy_redis_service_name: ""
# shinyproxy_redis_user: "" # shinyproxy_redis_user: ""

10
handlers/main.yml
View File

@ -13,3 +13,13 @@
name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}" name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}"
data_src: '{{ shinyproxy_as_docker_src_dir }}/application.yml' data_src: '{{ shinyproxy_as_docker_src_dir }}/application.yml'
state: present state: present
- name: Stop the REDIS Swarm stack before creating the secrets
community.docker.docker_swarm_service:
name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_redis_service_name }}"
state: absent
- name: Remove the secret for the REDIS user configuration file
community.docker.docker_secret:
name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_redis_service_name }}_user_config"
state: absent

4
tasks/main.yml
View File

@ -11,8 +11,8 @@
ansible.builtin.import_tasks: shinyproxy_docker_stack_service.yml ansible.builtin.import_tasks: shinyproxy_docker_stack_service.yml
when: when:
- shinyproxy_as_docker_service - shinyproxy_as_docker_service
- shinyproxy_container_backend == 'docker-swarm - shinyproxy_container_backend == 'docker-swarm'
- name: Shiniproxy REDIS service as docker swarm stack' - name: Shiniproxy REDIS service as docker swarm stack
ansible.builtin.import_tasks: shinyproxy_redis_service.yml ansible.builtin.import_tasks: shinyproxy_redis_service.yml
when: when:
- shinyproxy_as_docker_service - shinyproxy_as_docker_service

22
tasks/shinyproxy_redis_service.yml
View File

@ -5,7 +5,7 @@
block: block:
- name: Create the compose directory for the REDIS Swarm stack - name: Create the compose directory for the REDIS Swarm stack
ansible.builtin.file: ansible.builtin.file:
dest: "{{ shinyproxy_redis_compose_dir }}" dest: "{{ shinyproxy_as_docker_src_dir }}"
state: directory state: directory
owner: root owner: root
group: root group: root
@ -13,15 +13,29 @@
- name: Install the docker compose file of the REDIS Swarm stack - name: Install the docker compose file of the REDIS Swarm stack
ansible.builtin.template: ansible.builtin.template:
src: shinyproxy-redis-docker-compose.yml.j2 src: shinyproxy-redis-docker-compose.yml.j2
dest: "{{ redis_compose_dir }}/shinyproxy-redis-docker-compose.yml" dest: "{{ shinyproxy_as_docker_src_dir }}/shinyproxy-redis-docker-compose.yml"
owner: root owner: root
group: root group: root
mode: "0400" mode: "0400"
- name: Install the REDIS user configuration file
ansible.builtin.template:
src: shinyproxy-redis-users-config.acl.j2
dest: "{{ shinyproxy_as_docker_src_dir }}/shinyproxy-redis-users-config.acl"
owner: root
group: root
mode: "0400"
notify:
- Stop the REDIS Swarm stack before creating the secrets
- Remove the secret for the REDIS user configuration file
- Restart shinyproxy
- name: Flush the handlers so that we can manage the configuration file as a secret
ansible.builtin.meta: flush_handlers
- name: Start the REDIS Swarm stack - name: Start the REDIS Swarm stack
community.docker.docker_stack: community.docker.docker_stack:
name: "{{ shinyproxy_redis_docker_stack_name }}" name: "{{ shinyproxy_as_docker_stack_name }}"
state: present state: present
compose: compose:
- "{{ shinyproxy_redis_compose_dir }}/shinyproxy-redis-docker-compose.yml" - "{{ shinyproxy_redis_compose_dir }}/shinyproxy_redis-docker-compose.yml"

24
templates/shinyproxy-redis-docker-compose.yml.j2
View File

@ -1,9 +1,25 @@
networks:
haproxy-public:
external: true
{{ shinyproxy_docker_network }}:
external: true
secrets:
{{ shinyproxy_redis_service_name }}_user_config:
file: ./shinyproxy-redis-users-config.acl
services: services:
{{ shinyproxy_redis_service_name }}: {{ shinyproxy_redis_service_name }}:
image: {{ shiniproxy_redis_image }} image: {{ shiniproxy_redis_image }}
networks: networks:
- haproxy-public - haproxy-public
- {{ shinyproxy_redis_docker_network }} - {{ shinyproxy_docker_network }}
secrets:
- source: {{ shinyproxy_redis_service_name }}_user_config
target: /usr/local/etc/redis/users.acl
command: ["redis-server", "--aclfile", "/usr/local/etc/redis/users.acl"]
deploy: deploy:
mode: replicated mode: replicated
replicas: 1 replicas: 1
@ -16,8 +32,4 @@ services:
logging: logging:
driver: "journald" driver: "journald"
networks:
haproxy-public:
external: true
{{ shinyproxy_redis_docker_network }}:
external: true

2
templates/shinyproxy-redis-users-config.acl.j2 Normal file
View File

@ -0,0 +1,2 @@
user default off
user {{ shinyproxy_redis_user }} on >{{ shinyproxy_redis_password }} ~* +@all