From aa37fa631959202823f71fff39670005be0e7f84 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 22 May 2023 18:54:02 +0200 Subject: [PATCH] inception: remote volumes --- .vscode/settings.json | 3 + README.md | 9 +-- defaults/main.yml | 5 -- meta/main.yml | 13 ++-- tasks/inception.yml | 70 +++++++++---------- .../inception-project-docker-compose.yml.j2 | 31 +++++--- 6 files changed, 67 insertions(+), 64 deletions(-) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..2de2499 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "ansible.python.interpreterPath": "/opt/local/bin/python3.10" +} \ No newline at end of file diff --git a/README.md b/README.md index 6792290..7d8e867 100644 --- a/README.md +++ b/README.md @@ -14,12 +14,8 @@ inception_project_docker_stack_name: 'inception-project' inception_project_docker_service_name: 'inception' inception_project_docker_image: 'inceptionproject/inception:0.17.3' inception_project_docker_network: 'inception_project_net' -inception_project_docker_data_node: 'localhost' -# We need a directory because the confg file goes inside it -inception_project_service_volume: '/srv/inception_project_data' inception_project_service_port: 8080 # IMPORTANT. Set it to True for the server that is going to host the DB -inception_project_service_constraints: 'node.labels.service_data==inception_project' inception_project_behind_haproxy: True inception_project_haproxy_public_net: 'haproxy-public' # Settings @@ -36,15 +32,12 @@ inception_project_server_preauth_users_roles: [] # - { username: 'user', roles: 'ROLE_PROJECT_CREATOR,ROLE_ADMIN' } # DB inception_project_db_as_container: True -inception_project_docker_db_node: 'localhost' -inception_project_db_image: 'mysql:5' +inception_project_db_image: 'mariadb:10.5' inception_project_db_host: 'mysql-server' inception_project_db_port: 3306 inception_project_db_name: 'inception' inception_project_db_user: 'inception_user' #inception_project_db_pwd: 'set it in a vault file' -inception_project_db_volume: 'inception_db_data' -inception_project_db_constraints: 'node.labels.mysql_data==inception_project' inception_project_settings: - 'debug.showExceptionPage=false' diff --git a/defaults/main.yml b/defaults/main.yml index 71a26c5..594c468 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,9 +5,7 @@ inception_project_docker_stack_name: 'inception-project' inception_project_docker_service_name: 'inception' inception_project_docker_image: 'inceptionproject/inception:{{ inception_project_version }}' inception_project_docker_network: 'inception_project_net' -inception_project_docker_data_node: 'localhost' # We need a directory because the confg file goes inside it -inception_project_service_volume: '/srv/inception_project_data' inception_project_service_port: 8080 # IMPORTANT. Set it to True for the server that is going to host the DB inception_project_service_constraints: 'node.labels.service_data==inception_project' @@ -40,15 +38,12 @@ inception_project_server_preauth_users_roles: [] # - { username: 'user', roles: 'ROLE_PROJECT_CREATOR,ROLE_ADMIN' } # DB inception_project_db_as_container: True -inception_project_docker_db_node: 'localhost' inception_project_db_image: 'mariadb:10.5' inception_project_db_host: 'mysql-server' inception_project_db_port: 3306 inception_project_db_name: 'inception' inception_project_db_user: 'inception_user' # inception_project_db_pwd: 'set it in a vault file' -inception_project_db_volume: 'inception_db_data' -inception_project_db_constraints: 'node.labels.mysql_data==inception_project' inception_project_websockets_enabled: 'false' inception_project_websockets_loggedevent_enabled: 'false' diff --git a/meta/main.yml b/meta/main.yml index 7b40f24..b000207 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,14 +1,11 @@ galaxy_info: author: Andrea Dell'Amico - description: Systems Architect + namespace: adellam + description: Role that installs a containerized inception service + role_name: inception company: ISTI-CNR - - issue_tracker_url: https://support.d4science.org/projects/d4science-operation - license: EUPL 1.2+ - - min_ansible_version: 2.8 - + min_ansible_version: "2.9" # To view available platforms and versions (or releases), visit: # https://galaxy.ansible.com/api/v1/platforms/ # @@ -18,7 +15,7 @@ galaxy_info: - bionic - name: EL versions: - - 7 + - "7" galaxy_tags: - inception-project diff --git a/tasks/inception.yml b/tasks/inception.yml index aeda3ee..1fa2d3f 100644 --- a/tasks/inception.yml +++ b/tasks/inception.yml @@ -1,48 +1,48 @@ --- -- name: Manage the installation of the Inception configuration of the swarm service - block: - - name: Create the data directory used by the inception service, and its subdirectories - file: dest={{ inception_project_service_volume }}/{{ item }} state=directory - with_items: - - 'repository/kb' - - 'plugins' - - - name: Install the inception properties file - template: src=settings.properties.j2 dest={{ inception_project_service_volume }}/settings.properties owner=root group=root mode='0444' - - when: inception_project_docker_data_node == ansible_fqdn +- name: Manage the compose directory tags: ['inception_project', 'inception_project_swarm', 'inception_project_service'] - -- name: Manage the installation of the Inception project Docker stack block: - name: Create the directory where the compose file will be installed - file: dest={{ inception_project_compose_dir }} state=directory mode='0750' owner=root group=root + ansible.builtin.file: + dest: "{{ inception_project_compose_dir }}" + state: directory mode='0750' + owner: root + group: root + mode: 0700 +- name: Manage the installation of the Inception configuration of the swarm service + tags: ['inception_project', 'inception_project_swarm', 'inception_project_service'] + block: + - name: Install the inception properties file + ansible.builtin.template: + src: settings.properties.j2 + dest: "{{ inception_project_compose_dir }}/settings.properties" + owner: root + group: root + mode: 0400 + +- name: Manage the installation of the Inception project Docker stack + run_once: true + when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool + tags: ['inception_project', 'inception_project_swarm', 'inception_project_service'] + block: - name: Install the docker compose file - template: src=inception-project-docker-compose.yml.j2 dest={{ inception_project_compose_dir }}/docker-inception-project-stack.yml owner=root group=root mode='0400' + ansible.builtin.template: + src: inception-project-docker-compose.yml.j2 + dest: "{{ inception_project_compose_dir }}/docker-inception-project-stack.yml" + owner: root + group: root + mode: 0400 - - name: Add the label that will be used as a constraint for the inception data volume - docker_node: - hostname: '{{ inception_project_docker_data_node }}' - labels: - service_data: 'inception_project' - labels_state: 'merge' - - - name: Add the label that will be used as a constraint for the MySQL DB - docker_node: - hostname: '{{ inception_project_docker_db_node }}' - labels: - mysql_data: 'inception_project' - labels_state: 'merge' - when: inception_project_db_as_container + - name: Create the secret for the application settings + community.docker.docker_secret: + name: inception_service_config + data_src: "{{ inception_project_compose_dir }}/settings.properties" + state: present - name: Start the Inception project stack - docker_stack: + community.docker.docker_stack: name: inception-project state: present compose: - '{{ inception_project_compose_dir }}/docker-inception-project-stack.yml' - - run_once: true - when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool - tags: ['inception_project', 'inception_project_swarm', 'inception_project_service'] diff --git a/templates/inception-project-docker-compose.yml.j2 b/templates/inception-project-docker-compose.yml.j2 index cf6f90d..5fafe20 100644 --- a/templates/inception-project-docker-compose.yml.j2 +++ b/templates/inception-project-docker-compose.yml.j2 @@ -8,8 +8,22 @@ networks: {{ inception_project_docker_network }}: volumes: - {{ inception_project_db_volume }}: -# {{ inception_project_service_volume }}: + inception_project_db_volume: + driver: local + driver_opts: + type: nfs4 + o: "nfsvers=4,addr=146.48.123.250,rw" + device: ":/nfs/inception_mysql_data" + inception_project_service_volume: + driver: local + driver_opts: + type: nfs4 + o: "nfsvers=4,addr=146.48.123.250,rw" + device: ":/nfs/inception_service_home" + +secrets: + inception_service_config: + external: true services: {{ inception_project_docker_service_name }}: @@ -22,14 +36,17 @@ services: environment: - INCEPTION_DB_DIALECT=org.hibernate.dialect.MariaDB103Dialect - INCEPTION_DB_DRIVER=org.mariadb.jdbc.Driver - - INCEPTION_DB_URL=jdbc:mariadb://{{ inception_project_db_host }}:{{ inception_project_db_port }}/{{ inception_project_db_name }}?useUnicode=true&characterEncoding=UTF-8 + - INCEPTION_DB_URL=jdbc:mariadb://{{ inception_project_docker_stack_name }}_{{ inception_project_db_host }}:{{ inception_project_db_port }}/{{ inception_project_db_name }}?useUnicode=true&characterEncoding=UTF-8 - INCEPTION_DB_USERNAME={{ inception_project_db_user }} - INCEPTION_DB_PASSWORD={{ inception_project_db_pwd }} - VIRTUAL_HOST={{ inception_project_server_endpoint }} - JAVA_OPTS=-Dspring.jpa.properties.hibernate.dialect.storage_engine=innodb volumes: - volumes: - - {{ inception_project_service_volume }}:/export + - inception_project_service_volume:/export + secrets: + - source: inception_service_config + target: /export/settings.properties + mode: 0444 depends_on: - {{ inception_project_db_host }} deploy: @@ -41,7 +58,6 @@ services: placement: constraints: - node.role == worker - - {{ inception_project_service_constraints }} restart_policy: condition: on-failure delay: 5s @@ -55,7 +71,7 @@ services: networks: - {{ inception_project_docker_network }} volumes: - - {{ inception_project_db_volume }}:/var/lib/mysql + - inception_project_db_volume:/var/lib/mysql environment: - MYSQL_RANDOM_ROOT_PASSWORD=yes - MYSQL_DATABASE={{ inception_project_db_name }} @@ -72,7 +88,6 @@ services: placement: constraints: - node.role == worker - - {{ inception_project_db_constraints }} restart_policy: condition: on-failure delay: 5s