diff --git a/defaults/main.yml b/defaults/main.yml index a588eaa..84f6799 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,7 +1,9 @@ --- # https://shinyproxy.io/ -shinyproxy_install: True -shinyproxy_as_docker_service: False +# https://github.com/openanalytics/shinyproxy +# https://github.com/openanalytics/shinyproxy-config-examples +shinyproxy_install: true +shinyproxy_as_docker_service: false shinyproxy_major_ver: 3 shinyproxy_minor_ver: 0 shinyproxy_patch_ver: 2 @@ -18,6 +20,7 @@ shinyproxy_conf_dir: '{{ shinyproxy_install_dir }}' shinyproxy_log_dir: /var/log/shinyproxy shinyproxy_bind_address: 127.0.0.1 shinyproxy_http_port: 8080 +shinyproxy_published_http_port: "{{ shinyproxy_http_port }}" shinyproxy_docker_http_port_mode: 'ingress' shinyproxy_heartbeat_rate: 10000 shinyproxy_heartbeat_timeout: 60000 @@ -31,7 +34,7 @@ shinyproxy_default_stop_proxy_on_logout: 'true' shinyproxy_default_proxy_max_lifetime: 60 shinyproxy_undertow_loglevel: 'INFO' shinyproxy_prometheus_port: 9090 -shinyproxy_expose_prometheus: True +shinyproxy_expose_prometheus: true # 30 minutes shinyproxy_server_session_timeout: 1800 shinyproxy_server_secure_cookies: 'true' @@ -41,17 +44,17 @@ shinyproxy_server_frame_options: 'sameorigin' shinyproxy_same_site_cookie: 'Lax' # For logrotate. In days shinyproxy_log_retention: 10 -shinyproxy_default_apps: True +shinyproxy_default_apps: false # Shinyproxy as docker service shinyproxy_docker_image: 'openanalytics/shinyproxy:{{ shinyproxy_version }}' shinyproxy_as_docker_stack_name: 'shinyproxy' shinyproxy_as_docker_service_name: 'shinyproxy' shinyproxy_as_docker_src_dir: /srv/{{ shinyproxy_as_docker_stack_name }}_service shinyproxy_docker_network: 'shinyproxy' -shinyproxy_docker_swarm_behind_haproxy: True +shinyproxy_docker_swarm_behind_haproxy: true shinyproxy_docker_swarm_replicas: 1 -shinyproxy_docker_mount_conf_file: True -shinyproxy_docker_log_to_journal: True +shinyproxy_docker_mount_conf_file: false +shinyproxy_docker_log_to_journal: true # Shinyproxy configuration # docker, docker-swarm, kubernetes shinyproxy_container_backend: 'docker' @@ -84,11 +87,11 @@ shinyproxy_admin_group: '' shinyproxy_ldap_server: 'ldap://ldap.forumsys.com:389/dc=example,dc=com' shinyproxy_ldap_admin: cn=read-only-admin,dc=example,dc=com shinyproxy_ldap_admin_pwd: password -shinyproxy_ldap_user_dn_enabled: False +shinyproxy_ldap_user_dn_enabled: false shinyproxy_ldap_user_dn_pattern: 'uid={0}' -shinyproxy_ldap_user_search_base_enabled: True +shinyproxy_ldap_user_search_base_enabled: true shinyproxy_ldap_user_search_base: '' -shinyproxy_ldap_user_search_filter_enabled: True +shinyproxy_ldap_user_search_filter_enabled: true shinyproxy_ldap_user_search_filter: '(uid={0})' shinyproxy_ldap_group_search_base: '' shinyproxy_ldap_group_search_filter: '(uniqueMember={0})' @@ -109,7 +112,7 @@ shinyproxy_oidc_client_secret: 'use a vault file' # name, preferred_username, nickname, email shinyproxy_oidc_username_attribute: 'email' # See https://www.shinyproxy.io/faq/#authentication-using-openid-does-not-work-because-of-missing-attribute-email-in-attributes-exception -shinyproxy_oidc_use_roles_claim: True +shinyproxy_oidc_use_roles_claim: true shinyproxy_oidc_roles_claim: 'groups' shinyproxy_max_log_size: 20MB diff --git a/handlers/main.yml b/handlers/main.yml index 5e3b523..e423ec6 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,3 +1,10 @@ --- - name: Restart shinyproxy - service: name=shinyproxy state=restarted + ansible.builtin.service: + name: shinyproxy + state: restarted + +- name: Stop the shinyproxy service + community.docker.docker_swarm_service: + name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}" + state: absent diff --git a/tasks/main.yml b/tasks/main.yml index 2ad6aa5..75417ea 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,6 +2,13 @@ - name: Shinyproxy as a standalone service ansible.builtin.import_tasks: shinyproxy_vm.yml when: not shinyproxy_as_docker_service -- name: Shinyproxy as a container +- name: Shinyproxy as a standalone container ansible.builtin.import_tasks: shinyproxy_docker_service.yml - when: shinyproxy_as_docker_service + when: + - shinyproxy_as_docker_service + - shinyproxy_container_backend == 'docker' +- name: Shinyproxy as a Docker Swarm stack + ansible.builtin.import_tasks: shinyproxy_docker_stack_service.yml + when: + - shinyproxy_as_docker_service + - shinyproxy_container_backend == 'docker-swarm' diff --git a/tasks/shinyproxy_docker_service.yml b/tasks/shinyproxy_docker_service.yml index 0aee427..b756967 100644 --- a/tasks/shinyproxy_docker_service.yml +++ b/tasks/shinyproxy_docker_service.yml @@ -1,6 +1,5 @@ --- - name: shinyproxy_docker_service | Manage the composition of shinyproxy as a docker (non swarm) service - when: shinyproxy_container_backend == 'docker' tags: ['shinyproxy', 'shinyproxy_docker', 'docker'] block: - name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into @@ -11,14 +10,6 @@ group: root mode: "0750" - - name: shinyproxy_docker_service | Install the shinyproxy configuration file when using version 2.x - ansible.builtin.template: - src: shinyproxy-2-conf.yml.j2 - dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml" - owner: root - group: root - mode: "0400" - - name: shinyproxy_docker_service | Install the shinyproxy docker file ansible.builtin.template: src: Dockerfile.j2 @@ -39,55 +30,3 @@ community.docker.docker_compose: project_src: '{{ shinyproxy_as_docker_src_dir }}' build: true - -- name: shinyproxy_docker_service | Manage the installation of the shinyproxy configuration of the swarm service - when: - - shinyproxy_container_backend == 'docker-swarm' - - shinyproxy_docker_mount_conf_file - tags: ['shinyproxy', 'shinyproxy_swarm', 'docker'] - block: - - name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into - ansible.builtin.file: - dest: "{{ shinyproxy_as_docker_src_dir }}" - state: directory - owner: root - group: root - mode: "0700" - - - name: shinyproxy_docker_service | Install the shinyproxy configuration file - ansible.builtin.template: - src: shinyproxy-2-conf.yml.j2 - dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml" - owner: root - group: root - mode: "0400" - -- name: shinyproxy_docker_service | Manage the docker stack - when: - - docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool - - shinyproxy_container_backend == 'docker-swarm' - tags: ['shinyproxy', 'shinyproxy_swarm', 'docker'] - run_once: true - block: - - name: shinyproxy_docker_service | Create the directory where the dockerfile and the configuration file will be copied into - ansible.builtin.file: - dest: "{{ shinyproxy_as_docker_src_dir }}" - state: directory - owner: root - group: root - mode: "0700" - - - name: shinyproxy_docker_service | Install the docker compose file - ansible.builtin.template: - src: shinyproxy-docker-compose.yml.j2 - dest: "{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml" - owner: root - group: root - mode: "0400" - - - name: shinyproxy_docker_service | Start the shinyproxy stack - community.docker.docker_stack: - name: '{{ shinyproxy_as_docker_stack_name }}' - state: present - compose: - - '{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml' diff --git a/tasks/shinyproxy_docker_stack_service.yml b/tasks/shinyproxy_docker_stack_service.yml new file mode 100644 index 0000000..9aeda59 --- /dev/null +++ b/tasks/shinyproxy_docker_stack_service.yml @@ -0,0 +1,56 @@ +--- +- name: shinyproxy_docker_stack_service | Manage the installation of the shinyproxy configuration of the swarm service + tags: ['shinyproxy', 'shinyproxy_swarm', 'docker'] + block: + - name: shinyproxy_docker_stack_service | Create the directory where the dockerfile and the configuration file will be copied into + ansible.builtin.file: + dest: "{{ shinyproxy_as_docker_src_dir }}" + state: directory + owner: root + group: root + mode: "0700" + +- name: shinyproxy_docker_stack_service | Manage the docker stack + tags: ['shinyproxy', 'shinyproxy_swarm', 'docker'] + run_once: true + block: + - name: shinyproxy_docker_stack_service | Create the directory where the dockerfile and the configuration file will be copied into + ansible.builtin.file: + dest: "{{ shinyproxy_as_docker_src_dir }}" + state: directory + owner: root + group: root + mode: "0700" + + - name: shinyproxy_docker_stack_service | Install the docker compose file + ansible.builtin.template: + src: shinyproxy-docker-compose.yml.j2 + dest: "{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml" + owner: root + group: root + mode: "0400" + + - name: shinyproxy_docker_stack_service | Install the shinyproxy configuration file + ansible.builtin.template: + src: shinyproxy-2-conf.yml.j2 + dest: "{{ shinyproxy_as_docker_src_dir }}/application.yml" + owner: root + group: root + mode: "0400" + notify: Stop the shinyproxy service + + - name: shinyproxy_docker_stack_service | Flush the handlers to stop the shinyproxy service if needed + ansible.builtin.meta: flush_handlers + + - name: shinyproxy_docker_stack_service | Create the secret for the application.yml file + community.docker.docker_secret: + name: "{{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}_application_yml" + data_src: '{{ shinyproxy_as_docker_src_dir }}/application.yml' + state: present + + - name: shinyproxy_docker_stack_service | Start the shinyproxy stack + community.docker.docker_stack: + name: '{{ shinyproxy_as_docker_stack_name }}' + state: present + compose: + - '{{ shinyproxy_as_docker_src_dir }}/docker-shinyproxy-stack.yml' diff --git a/templates/shinyproxy-docker-compose.yml.j2 b/templates/shinyproxy-docker-compose.yml.j2 index 80e1e7b..4e3c0b8 100644 --- a/templates/shinyproxy-docker-compose.yml.j2 +++ b/templates/shinyproxy-docker-compose.yml.j2 @@ -8,9 +8,9 @@ networks: {{ shinyproxy_docker_network }}: {% if not shinyproxy_docker_mount_conf_file %} -configs: - shinyproxy_conf: - file: {{ shinyproxy_as_docker_src_dir }}/application.yml +secrets: + {{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}_application_yml: + external: true {% endif %} services: shinyproxy: @@ -21,7 +21,7 @@ services: published: {{ shinyproxy_http_port }} protocol: tcp mode: '{{ shinyproxy_docker_http_port_mode }}' -{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %} +{% if shinyproxy_expose_prometheus %} - target: 9090 published: {{ shinyproxy_prometheus_port }} protocol: tcp @@ -32,10 +32,10 @@ services: {% if not shinyproxy_docker_swarm_behind_haproxy %} ports: - target: {{ shinyproxy_http_port }} - published: {{ shinyproxy_http_port }} + published: {{ shinyproxy_published_http_port }} protocol: tcp mode: 'ingress' -{% if shinyproxy_expose_prometheus and shinyproxy_version is version_compare('2.5.0', '>=') %} +{% if shinyproxy_expose_prometheus %} - target: 9090 published: {{ shinyproxy_prometheus_port }} protocol: tcp @@ -49,10 +49,10 @@ services: - {{ shinyproxy_as_docker_src_dir }}/application.yml:{{ shinyproxy_conf_dir }}/application.yml {% endif %} {% if not shinyproxy_docker_mount_conf_file %} - configs: - - source: shinyproxy_conf + secrets: + - source: {{ shinyproxy_as_docker_stack_name }}_{{ shinyproxy_as_docker_service_name }}_application_yml target: {{ shinyproxy_conf_dir }}/application.yml - mode: 0400 + mode: 0444 {% endif %} networks: - {{ shinyproxy_docker_network }}