Go to file
Andrea Venturini 165aacd76f Merge pull request 'Add config SSL via files' (#1) from updated-role-with-ssl-via-files into prod
Reviewed-on: #1
2024-11-15 17:37:48 +01:00
ansible-role-erddap First Commit 2024-09-25 20:15:59 +02:00
README.md First commit 2024-06-03 19:22:15 +02:00
main.yaml First commit 2024-06-03 19:22:15 +02:00

README.md

Ansible - Role - ERDDAP

A role that installs the ERDDAP Docker container.
This role will

  • create 2 linux users
  • create some directories for the container files and volumes
  • create the docker compose file
  • configure and customize the ERDDAP configuration files and cotainer entrypoint

Role Variables

In the defaults\main.yaml file you can find all the role variables.
You can find below a description of the main variables or variables group

# This set the directory where will be create the docker compose manifest and all the needed directories.
directory_base: /opt/data00/customdocker/
# This the directory where are the external data files that ERDDAP will read.
directory_external_data: 
  fullpath: "/opt/data00/appdata/"
  create_if_not_exists: true

# If you want to create the yaml of a docker stack (aka customer project name) enable it and set
# the stack name.
stack:
  enable: true
  name: "XXX_dockstackname_XXX"
  # WARNING: do not add trailing /
  directory_relative_path: 'XXX_dockstackname_XXX'
  start_after_configuration: true
# user_list: create the users that the container will use to run and access the data files.
# DO NOT change the user order in the list
user_list:
  - name: 'usr{{ stack.name }}'
    groups:
    uid: 2000
    gid: 2000
  - name: usrtomcat
    groups: 'usr{{ stack.name }}'
    uid: 2001
    gid: 2001
# ERDDAP Specific variables
erddap:
  content_setup_xml_replace_items:
    # bigParentDirectory - Same as volume mounted inside the container
    - regexp: /home/yourName/erddap/
      replace: /erddapData/
    - regexp: http://localhost:8080
      replace: http://XXX_ERDDAP_webDomainOrIPv4_XXX
    - regexp: <baseHttpsUrl></baseHttpsUrl>
      replace: <baseHttpsUrl>https://XXX_ERDDAP_webDomainOrIPv4_XXX</baseHttpsUrl>
    - regexp: your.email@yourInstitution.edu
      replace: asd@asd.com
    - regexp: Your Institution
      replace: XXX_MyInstutionString_XXX
    - regexp: Your Institution's or Group's Url
      replace: https://XXX_MyInstitutionUrl_XXX
    - regexp: <adminIndividualName>Your Name
      replace: <adminIndividualName>XXX_YourName_XXX
    - regexp: <adminPosition>ERDDAP administrator
      replace: <adminPosition>ERDDAP administrator
      # The \+ is for the python regexp - The real default value is <adminPhone>+1 999-999-9999
    - regexp: <adminPhone>\+1 999-999-9999
      replace: <adminPhone>000000000
    - regexp: <adminAddress>123 Main St.
      replace: <adminAddress>XXX_MyAddress_XXX
    - regexp: <adminCity>Some Town
      replace: <adminCity>XXX_YourTown_XXX
    - regexp: <adminStateOrProvince>CA
      replace: <adminStateOrProvince>XXX_State_XXX
    - regexp: <adminPostalCode>99999
      replace: <adminPostalCode>XXX_PostCode_XXX
    - regexp: <adminCountry>USA
      replace: <adminCountry>XXX_Country_XXX
    - regexp: <adminEmail>your.email@yourCompany.com
      replace: <adminEmail>XXX_adminMail_XXX
    - regexp: <flagKeyKey>CHANGE THIS TO YOUR FAVORITE QUOTE
      replace: <flagKeyKey>XXX_MyFlagKey_XXX
  content_setup_xml_replace_email: false
  content_setup_xml_replace_email_items:
    - regexp: <emailFromAddress>your.email@yourCompany.com
      replace: <emailFromAddress>XXX_YourEmail_XXX
    - regexp: <emailUserName>your.email@yourCompany.com
      replace: <emailUserName>XXX_YourEmailUsername_XXX
    - regexp: <emailPassword>yourPassword
      replace: <emailPassword>XXX_YourPassword_XXX
    - regexp: <emailProperties>
      replace: <emailProperties>
    - regexp: <emailSmtpHost>your.smtp.host.edu
      replace: <emailSmtpHost>XXX_YourEmailSmtp_XXX
    - regexp: <emailSmtpPort>25
      replace: <emailSmtpPort>XXX_YourEmailSmtpPort_XXX 
  # This set which content.erddap archive will be deployed. It depends from the ERDDAP version. See the ERDDAP webpage.
  content_archive_data_name: "content.erddap_v214.tar.gz"
  # This is the main ERDDAP data directory
  bigParentDirectory: /erddapData/ 
  # This enable the container SSL endpoint. This is useful if ERDDAP is behind a reverse proxy. Because some web pages doesn't work the comunication from are HTTPS (reverse proxy) <---> HTTP (erddap).  
  # The reverse proxy must not check the certificate expire date and CN.
  tomcatSsl:
    enable: true
    container_certPath: "erddap/data/erddap/ssl/erddap-self.localhost_2122.pfx"
    certType: "PKCS12"
    certPassword: "*********"
container:
  image: axiom/docker-erddap:2.23-jdk17-openjdk
  containername: '{{ stack.name }}-erddap'
  # start_after_configuration - If stack is enabled, this variable is not used.
  start_after_configuration: true
  # container.volume_directory_relative_path_list: do not change the directory order in the list
  volume_directory_relative_path_list:
    - name: '{{ stack.name }}-erddap-docker/volumes/Content'
    - name: '{{ stack.name }}-erddap-docker/volumes/Data'
    - name: '{{ stack.name }}-erddap-docker/volumes/erddapSSLCerts'
    - name: '{{ stack.name }}-erddap-docker/deployfiles'
    - name: '{{ stack.name }}-erddap-docker/deployfiles/erddap-docker'
  http_host_port: 12081
  # https_host_port - Used if erddap.tomcatSsl.enable: true
  https_host_port: 12082