From 34dcdaa1ccd793da415aa8158ad4336f9548f38a Mon Sep 17 00:00:00 2001
From: Giancarlo Panichi <g.panichi@isti.cnr.it>
Date: Mon, 20 Dec 2021 17:50:07 +0100
Subject: [PATCH] Updated template
---
.gitignore | 1 +
README.md | 78 ++++++++++--------
defaults/main.yml | 104 ++++++++++++------------
meta/main.yml | 2 +-
tasks/main.yml | 45 ++++------
templates/epasmed-docker-compose.yml.j2 | 68 ++++++++--------
templates/postgresql.yml | 30 +++++++
templates/prometheus/prometheus.yml | 2 +-
8 files changed, 174 insertions(+), 156 deletions(-)
create mode 100644 templates/postgresql.yml
diff --git a/.gitignore b/.gitignore
index 5c199eb..4225385 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
# ---> Ansible
*.retry
+/.project
diff --git a/README.md b/README.md
index 3667d35..07e515d 100644
--- a/README.md
+++ b/README.md
@@ -9,58 +9,70 @@ Role Variables
The most important variables are listed below:
``` yaml
-epasmedmed_docker_stack_name: 'epasmed_prod'
+epasmed_docker_stack_name: 'epasmed_prod'
epasmed_docker_service_server_name: 'epasmed'
epasmed_docker_registry: ''
epasmed_docker_server_image: 'giancarlopanichi/epasmed:latest'
-epasmed_docker_registry_user: 'epasmed.user'
-epasmed_docker_registry_pwd: 'use a vault file'
epasmed_docker_network: 'epasmed_net'
-epasmed_attachments_node: 'localhost'
-epasmed_attachments_volume: 'epasmed_attachments_data'
-epasmed_node_constraints: 'node.labels.epasmed_storage == attachments'
epasmed_behind_haproxy: True
epasmed_haproxy_public_net: 'haproxy-public'
+
# DB
# Set to true if postgresql must be a container too
epasmed_dockerized_db: False
-# IMPORTANT. Set it to True for the server that is going to host the DB
-epasmed_docker_db_node: False
epasmed_pg_version: '12'
epasmed_db_image: 'postgres:{{ epasmed_pg_version }}-alpine'
# The default hostname is the name of the container service
epasmed_db_host: 'postgres'
epasmed_db_name: 'epasmed_prod_db'
+epasmed_db_url: 'jdbc:postgresql://epasmed-postgresql:5432/epasmed'
epasmed_db_allowed_hosts:
- '127.0.0.1'
+epasmed_db_user: 'epasmed'
#epasmed_db_pwd: 'set it in a vault file'
-epasmed_db_user: 'epasmed_prod_user'
+epasmed_db_host_auth_method: 'password' #scram-sha-256, md5, password, trust...
+epasmed_docker_db_node: 'localhost'
epasmed_db_volume: 'epasmed_prod_pg_data'
-epasmed_db_constraints: '[node.labels.pg_data==epasmed_db]'
-epasmed_pg_data_volume: 'epasmed_db_data'
-epasmed_pg_backups_volume: 'epasmed_db_data'
-psql_db_data: '{{ epasmed_psql_pg_data }}'
-# Environment
-epasmed_server_hostname: 'epasmed.example.com'
-## SMTP
-epasmed_smtp_server: 'localhost'
-epasmed_smtp_port: 587
-epasmed_smtp_channel: 'starttls'
-epasmed_smtp_from: 'epasmed@cnr.it'
-epasmed_smtp_protocol: 'smtp'
-epasmed_smtp_authentication: True
-epasmed_smtp_user: ''
-epasmed_smtp_password: 'use a vault file'
-```
-<!-- ## LDAP
-epasmed_ldap_login: 'false'
-epasmed_ldap_url: 'ldap://ldap.example.org:389'
-epasmed_ldap_timeout: 1000
-epasmed_ldap_base_dn: 'ou=People,dc=example,dc=org'
-epasmed_ldap_login_return_uri: '/.'
-epasmed_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
--->
+epasmed_db_constraints: '[node.labels.epasmed_pg_data==epasmed_db]'
+epasmed_pg_data_volume: '~/volumes/jhipster/epasmed/postgresql/'
+epasmed_pg_backups_volume: '~/volumes/jhipster/epasmed/postgresql/'
+# Environment
+epasmed_server_hostname: 'epasmed.isti.cnr.it'
+epasmed_spring_profile_active: 'prod,swagger'
+
+# Mail
+epasmed_spring_mail_host: 'localhost'
+epasmed_spring_mail_port: '25'
+epasmed_spring_mail_username: ''
+epasmed_spring_mail_password: ''
+
+# Metrics
+epasmed_management_metrics_export_prometheus_enabled: 'true'
+
+# Jhipster
+epasmed_jhipster_sleep: '30'
+#epasmed_jhipster_security_rememberme_key: 'set it in a vault file'
+
+# Logging
+epasmed_logging_level: 'DEBUG'
+
+# Application
+epasmed_application_datasourceepasmed_liquibase_contexts: 'prod, faker'
+epasmed_application_datasourceepasmed_liquibase_changelog: 'classpath:config/liquibase/epasmed/master.xml'
+epasmed_application_datasourceepasmed_liquibase_enabled: 'true'
+epasmed_application_datasourcesistemainformativo_datasource_url: 'jdbc:postgresql://sistemainformativo-dev.isti.cnr.it:5432/sistemainformativo'
+epasmed_application_datasourcesistemainformativo_datasource_username: 'epasmed'
+epasmed_application_datasourcesistemainformativo_datasource_password: ''
+epasmed_application_datasourceepasrest_resturl: 'https://epas.isti.cnr.it/rest'
+epasmed_application_datasourceepasrest_restusername1: 'isti_registry_manager'
+epasmed_application_datasourceepasrest_restpassword1: ''
+epasmed_application_datasourceepasrest_restusername2: 'isti_person_day_reader'
+epasmed_application_datasourceepasrest_restpassword2: ''
+epasmed_application_datasourceepasrest_restusername3: 'userISTI'
+epasmed_application_datasourceepasrest_restpassword3: ''
+
+```
Dependencies
------------
diff --git a/defaults/main.yml b/defaults/main.yml
index 030cd61..da9ec6d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,60 +1,56 @@
---
-epas_docker_stack_name: 'epas_prod'
-epas_docker_service_server_name: 'epas'
-epas_docker_registry: 'docker-registry.services.iit.cnr.it'
-epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable'
-epas_docker_registry_user: 'epas.user'
-epas_docker_registry_pwd: 'use a vault file'
-epas_docker_network: 'epas_net'
-epas_docker_attachments_node: 'localhost'
-epas_attachments_volume: 'epas_attachments_data'
-epas_node_constraints: 'node.labels.epas_storage == attachments'
-epas_behind_haproxy: True
-epas_haproxy_public_net: 'haproxy-public'
+epasmed_docker_stack_name: 'epasmed_prod'
+epasmed_docker_service_server_name: 'epasmed'
+epasmed_docker_registry: ''
+epasmed_docker_server_image: 'giancarlopanichi/epasmed:latest'
+epasmed_docker_network: 'epasmed_net'
+epasmed_behind_haproxy: True
+epasmed_haproxy_public_net: 'haproxy-public'
# DB
# Set to true if postgresql must be a container too
-epas_dockerized_db: False
-epas_pg_version: '12'
-epas_db_image: 'postgres:{{ epas_pg_version }}-alpine'
+epasmed_dockerized_db: False
+epasmed_pg_version: '12'
+epasmed_db_image: 'postgres:{{ epasmed_pg_version }}-alpine'
# The default hostname is the name of the container service
-epas_db_host: 'postgres'
-epas_db_name: 'epas_prod_db'
-epas_db_allowed_hosts:
+epasmed_db_host: 'postgres'
+epasmed_db_name: 'epasmed_prod_db'
+epasmed_db_url: 'jdbc:postgresql://epasmed-postgresql:5432/epasmed'
+epasmed_db_allowed_hosts:
- '127.0.0.1'
-#epas_db_pwd: 'set it in a vault file'
-epas_db_user: 'epas_prod_user'
-epas_docker_db_node: 'localhost'
-epas_db_volume: 'epas_prod_pg_data'
-epas_db_constraints: '[node.labels.epas_pg_data==epas_db]'
-epas_pg_data_volume: 'epas_db_data'
-epas_pg_backups_volume: 'epas_db_data'
-psql_db_data: '{{ epas_psql_pg_data }}'
+epasmed_db_user: 'epasmed'
+#epasmed_db_pwd: 'set it in a vault file'
+epasmed_db_host_auth_method: 'password' #scram-sha-256, md5, password, trust...
+epasmed_docker_db_node: 'localhost'
+epasmed_db_volume: 'epasmed_prod_pg_data'
+epasmed_db_constraints: '[node.labels.epasmed_pg_data==epasmed_db]'
+epasmed_pg_data_volume: '~/volumes/jhipster/epasmed/postgresql/'
+epasmed_pg_backups_volume: '~/volumes/jhipster/epasmed/postgresql/'
# Environment
-epas_server_hostname: 'epas.example.com'
-epas_flows_enabled: False
-epas_attestati_url: 'https://attestativ2.rm.cnr.it'
-epas_attestati_user: ''
-#epas_attestati_password: 'use a fault'
-## SMTP
-epas_smtp_server: 'localhost'
-epas_smtp_port: 587
-epas_smtp_channel: 'starttls'
-epas_smtp_from: 'epas@cnr.it'
-epas_smtp_protocol: 'smtp'
-epas_smtp_authentication: True
-epas_smtp_user: ''
-epas_smtp_password: 'use a vault file'
-## LDAP
-epas_ldap_login: 'false'
-epas_ldap_url: 'ldap://ldap.example.org:389'
-epas_ldap_timeout: 1000
-epas_ldap_base_dn: 'ou=People,dc=example,dc=org'
-epas_ldap_login_return_uri: '/.'
-epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
-epas_ldap_starttls_enabled: 'false'
-epas_ldap_authenticated_bind: False
-epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org'
-#epas_ldap_bind_credentials: 'use a vault file'
-epas_ldap_authenticate_user_search_dn: 'o=example,c=org'
-epas_log_level: 'INFO'
-epas_log_appenders: 'stderr'
+epasmed_server_hostname: 'epasmed.isti.cnr.it'
+epasmed_spring_profile_active: 'prod,swagger'
+# Mail
+epasmed_spring_mail_host: 'localhost'
+epasmed_spring_mail_port: '25'
+epasmed_spring_mail_username: ''
+epasmed_spring_mail_password: ''
+# Metrics
+epasmed_management_metrics_export_prometheus_enabled: 'true'
+# Jhipster
+epasmed_jhipster_sleep: '30'
+#epasmed_jhipster_security_rememberme_key: 'set it in a vault file'
+# Logging
+epasmed_logging_level: 'DEBUG'
+# Application
+epasmed_application_datasourceepasmed_liquibase_contexts: 'prod, faker'
+epasmed_application_datasourceepasmed_liquibase_changelog: 'classpath:config/liquibase/epasmed/master.xml'
+epasmed_application_datasourceepasmed_liquibase_enabled: 'true'
+epasmed_application_datasourcesistemainformativo_datasource_url: 'jdbc:postgresql://sistemainformativo-dev.isti.cnr.it:5432/sistemainformativo'
+epasmed_application_datasourcesistemainformativo_datasource_username: 'epasmed'
+epasmed_application_datasourcesistemainformativo_datasource_password: ''
+epasmed_application_datasourceepasrest_resturl: 'https://epas.isti.cnr.it/rest'
+epasmed_application_datasourceepasrest_restusername1: 'isti_registry_manager'
+epasmed_application_datasourceepasrest_restpassword1: ''
+epasmed_application_datasourceepasrest_restusername2: 'isti_person_day_reader'
+epasmed_application_datasourceepasrest_restpassword2: ''
+epasmed_application_datasourceepasrest_restusername3: 'userISTI'
+epasmed_application_datasourceepasrest_restpassword3: ''
diff --git a/meta/main.yml b/meta/main.yml
index 1ef3634..e0dfa8f 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -21,7 +21,7 @@ galaxy_info:
- 7
galaxy_tags:
- - epas
+ - epasmed
dependencies:
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-pgsql-db-management.git
diff --git a/tasks/main.yml b/tasks/main.yml
index e2b0371..bcf3f4c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,57 +1,40 @@
---
-- name: Manage the installation of the ePAS configuration of the swarm service
+- name: Manage the installation of the ePASMed configuration of the swarm service
block:
- name: Create the directory where the DB init script is going to be installed
- file: dest={{ epas_compose_dir }} state=directory
+ file: dest={{ epasmed_compose_dir }} state=directory
- name: Install the DB initialization script
- template: src=pg-create-user-db.sh.j2 dest={{ epas_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555'
+ template: src=pg-create-user-db.sh.j2 dest={{ epasmed_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555'
when:
- epas_dockerized_db
- epas_docker_db_node == ansible_fqdn
- tags: [ 'epas', 'epas_swarm', 'epas_db' ]
+ tags: [ 'epasmed', 'epasmed_swarm', 'epasmed_db' ]
-- name: Manage the installation of the ePAS configuration of the swarm service
+- name: Manage the installation of the ePASMed configuration of the swarm service
block:
- - name: Add the label that will be used as a constraint for the attachments volume
- docker_node:
- hostname: '{{ epas_docker_attachments_node }}'
- labels:
- epas_storage: 'attachments'
- labels_state: 'merge'
-
- name: Add the label that will be used as a constraint for the postgresql DB
docker_node:
- hostname: '{{ epas_docker_db_node }}'
+ hostname: '{{ epasmed_docker_db_node }}'
labels:
- epas_pg_data: 'epas_db'
+ epas_pg_data: 'epasmed_db'
labels_state: 'merge'
- when: epas_dockerized_db
+ when: epasmed_dockerized_db
- name: Create the directory where the compose file will be placed
- file: dest={{ epas_compose_dir }} state=directory owner=root group=root mode=0750
+ file: dest={{ epasmed_compose_dir }} state=directory owner=root group=root mode=0750
- name: Install the docker compose file
- template: src=epas-docker-compose.yml.j2 dest={{ epas_compose_dir }}/docker-epas-stack.yml owner=root group=root mode='0400'
+ template: src=epasmed-docker-compose.yml.j2 dest={{ epasmed_compose_dir }}/docker-epasmed-stack.yml owner=root group=root mode='0400'
- - name: Login into the IIT registry
- shell: docker login -u {{ epas_docker_registry_user }} -p {{ epas_docker_registry_pwd }} {{ epas_docker_registry }}
-
- - name: Start the ePAS stack
+ - name: Start the ePASMed stack
docker_stack:
- name: '{{ epas_docker_stack_name }}'
+ name: '{{ epasmed_docker_stack_name }}'
state: present
with_registry_auth: True
compose:
- - '{{ epas_compose_dir }}/docker-epas-stack.yml'
-
- # - name: Connect the ePAS service to the haproxy-public network
- # command: docker service update --network-add {{ epas_haproxy_public_net }} {{ item }} --update-delay 30s --update-parallelism 1
- # with_items:
- # - '{{ epas_docker_stack_name }}_{{ epas_docker_service_server_name }}'
- # ignore_errors: True
- # when: epas_behind_haproxy
+ - '{{ epasmed_compose_dir }}/docker-epasmed-stack.yml'
when: docker_swarm_manager_node is defined and docker_swarm_manager_node
- tags: [ 'epas', 'epas_swarm', 'epas_server' ]
+ tags: [ 'epasmed', 'epasmed_swarm', 'epasmed_server' ]
diff --git a/templates/epasmed-docker-compose.yml.j2 b/templates/epasmed-docker-compose.yml.j2
index 5844280..d584a94 100644
--- a/templates/epasmed-docker-compose.yml.j2
+++ b/templates/epasmed-docker-compose.yml.j2
@@ -6,7 +6,6 @@ networks:
{{ epasmed_docker_network }}:
volumes:
- {{ epasmed_attachments_volume }}:
{% if epasmed_dockerized_db %}
{{ epasmed_pg_backups_volume }}:
{{ epasmed_db_volume }}:
@@ -17,17 +16,39 @@ services:
image: {{ epasmed_docker_server_image }}
environment:
- _JAVA_OPTIONS=-Xmx512m -Xms256m
- - SPRING_PROFILES_ACTIVE=prod,swagger
- - MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED=true
- - APPLICATION_DATASOURCEEPASMED_DATASOURCE_URL=jdbc:postgresql://epasmed-postgresql:5432/epasmed
- - JHIPSTER_SLEEP=30 # gives time for other services to boot before the application
+ - SPRING_PROFILES_ACTIVE={{epasmed_spring_profile_active}}
+ - SPRING_MAIL_HOST={{epasmed_spring_mail_host}}
+ - SPRING_MAIL_PORT={{epasmed_spring_mail_port}}
+ - SPRING_MAIL_USERNAME={{epasmed_spring_mail_username}}
+ - SPRING_MAIL_PASSWORD={{epasmed_spring_mail_password}}
+ - MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED={{epasmed_management_metrics_export_prometheus_enabled}}
+ - JHIPSTER_SLEEP={{epasmed_jhipster_sleep}} # gives time for other services to boot before the application
+ - JHIPSTER_SECURITY_REMEMBERME_KEY={{epasmed_jhipster_security_rememberme_key}}
+ - LOGGING_LEVEL_ROOT={{epasmed_logging_level}}
+ - LOGGING_LEVEL_IO_GITHUB_JHIPSTER={{epasmed_logging_level}}
+ - LOGGING_LEVEL_IT_CNR_ISTI_EPASMED={{epasmed_logging_level}}
+ - APPLICATION_DATASOURCEEPASMED_DATASOURCE_URL={{epasmed_db_url}}
+ - APPLICATION_DATASOURCEEPASMED_DATASOURCE_USERNAME={{epasmed_db_user}}
+ - APPLICATION_DATASOURCEEPASMED_DATASOURCE_PASSWORD={{epasmed_db_pwd}}
+ - APPLICATION_DATASOURCEEPASMED_LIQUIBASE_CONTEXTS={{epasmed_application_datasourceepasmed_liquibase_contexts}}
+ - APPLICATION_DATASOURCEEPASMED_LIQUIBASE_CHANGELOG={{epasmed_application_datasourceepasmed_liquibase_changelog}}
+ - APPLICATION_DATASOURCEEPASMED_LIQUIBASE_ENABLED={{epasmed_application_datasourceepasmed_liquibase_enabled}}
+ - APPLICATION_DATASOURCESISTEMAINFORMATIVO_DATASOURCE_URL={{epasmed_application_datasourcesistemainformativo_datasource_url}}
+ - APPLICATION_DATASOURCESISTEMAINFORMATIVO_DATASOURCE_USERNAME={{epasmed_application_datasourcesistemainformativo_datasource_username}}
+ - APPLICATION_DATASOURCESISTEMAINFORMATIVO_DATASOURCE_PASSWORD={{epasmed_application_datasourcesistemainformativo_datasource_password}}
+ - APPLICATION_DATASOURCEEPASREST_RESTURL={{epasmed_application_datasourceepasrest_resturl}}
+ - APPLICATION_DATASOURCEEPASREST_RESTUSERNAME1={{epasmed_application_datasourceepasrest_restusername1}}
+ - APPLICATION_DATASOURCEEPASREST_RESTPASSWORD1={{epasmed_application_datasourceepasrest_restpassword1}}
+ - APPLICATION_DATASOURCEEPASREST_RESTUSERNAME2={{epasmed_application_datasourceepasrest_restusername2}}
+ - APPLICATION_DATASOURCEEPASREST_RESTPASSWORD2={{epasmed_application_datasourceepasrest_restpassword2}}
+ - APPLICATION_DATASOURCEEPASREST_RESTUSERNAME3={{epasmed_application_datasourceepasrest_restusername3}}
+ - APPLICATION_DATASOURCEEPASREST_RESTPASSWORD3={{epasmed_application_datasourceepasrest_restpassword3}}
ports:
- 80:80
networks:
- {{ epasmed_docker_network }}
- {{ epasmed_haproxy_public_net }}
volumes:
- - {{ epasmed_attachments_volume }}:/home/epasmed/epasmed/data/attachments
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
deploy:
@@ -47,35 +68,10 @@ services:
driver: 'journald'
{% if epasmed_dockerized_db %}
- epasmed-postgresql:
- image: {{ epasmed_db_image }}
- environment:
- - POSTGRES_PASSWORD: {{ epasmed_db_pwd }}
- - POSTGRES_DB: epasmed
- - POSTGRES_USER: epasmed
- - POSTGRES_PORT: 5432
- - POSTGRES_HOST_AUTH_METHOD=trust
- - PGDATA: /var/lib/postgresql/data/pg_data
- networks:
- - {{ epasmed_docker_network }}
- volumes:
- - {{ epasmed_pg_data_volume }}:/var/lib/postgresql/data/pg_data
- - {{ epasmed_pg_backups_volume }}:/tmp:ro
- - /etc/localtime:/etc/localtime:ro
- - /etc/timezone:/etc/timezone:ro
- deploy:
- mode: replicated
- replicas: 1
- endpoint_mode: dnsrr
- placement:
- constraints: {{ epasmed_db_constraints }}
- restart_policy:
- condition: on-failure
- delay: 5s
- max_attempts: 3
- window: 120s
- logging:
- driver: 'journald'
-{% endif %}
+ epasmed-postgresql:
+ extends:
+ file: postgresql.yml
+ service: epasmed-postgresql
+ {% endif %}
\ No newline at end of file
diff --git a/templates/postgresql.yml b/templates/postgresql.yml
new file mode 100644
index 0000000..32f3583
--- /dev/null
+++ b/templates/postgresql.yml
@@ -0,0 +1,30 @@
+version: '2'
+services:
+ epasmed-postgresql:
+ image: {{epasmed_db_image}}
+ environment:
+ - POSTGRES_USER={{epasmed_db_user}}
+ - POSTGRES_PASSWORD={{epasmed_db_pwd}}
+ - POSTGRES_HOST_AUTH_METHOD={{epasmed_db_host_auth_method}}
+ ports:
+ - 5432:5432
+ networks:
+ - {{ epasmed_docker_network }}
+ volumes:
+ - {{ epasmed_pg_data_volume }}:/var/lib/postgresql/data/
+ - {{ epasmed_pg_backups_volume }}:/tmp:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/timezone:/etc/timezone:ro
+ deploy:
+ mode: replicated
+ replicas: 1
+ endpoint_mode: dnsrr
+ placement:
+ constraints: {{ epasmed_db_constraints }}
+ restart_policy:
+ condition: on-failure
+ delay: 5s
+ max_attempts: 3
+ window: 120s
+ logging:
+ driver: 'journald'
\ No newline at end of file
diff --git a/templates/prometheus/prometheus.yml b/templates/prometheus/prometheus.yml
index 2da050b..b40911a 100644
--- a/templates/prometheus/prometheus.yml
+++ b/templates/prometheus/prometheus.yml
@@ -28,4 +28,4 @@ scrape_configs:
static_configs:
- targets:
# On MacOS, replace localhost by host.docker.internal
- - localhost:8080
+ - localhost:80