inception: remote volumes

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+        "ansible.python.interpreterPath": "/opt/local/bin/python3.10"
+}

README.md

@@ -14,12 +14,8 @@ inception_project_docker_stack_name: 'inception-project'
 inception_project_docker_service_name: 'inception'
 inception_project_docker_image: 'inceptionproject/inception:0.17.3'
 inception_project_docker_network: 'inception_project_net'
-inception_project_docker_data_node: 'localhost'
-# We need a directory because the confg file goes inside it
-inception_project_service_volume: '/srv/inception_project_data'
 inception_project_service_port: 8080
 # IMPORTANT. Set it to True for the server that is going to host the DB
-inception_project_service_constraints: 'node.labels.service_data==inception_project'
 inception_project_behind_haproxy: True
 inception_project_haproxy_public_net: 'haproxy-public'
 # Settings
@@ -36,15 +32,12 @@ inception_project_server_preauth_users_roles: []
 # - { username: 'user', roles: 'ROLE_PROJECT_CREATOR,ROLE_ADMIN' }
 # DB
 inception_project_db_as_container: True
-inception_project_docker_db_node: 'localhost'
+inception_project_db_image: 'mariadb:10.5'
-inception_project_db_image: 'mysql:5'
 inception_project_db_host: 'mysql-server'
 inception_project_db_port: 3306
 inception_project_db_name: 'inception'
 inception_project_db_user: 'inception_user'
 #inception_project_db_pwd: 'set it in a vault file'
-inception_project_db_volume: 'inception_db_data'
-inception_project_db_constraints: 'node.labels.mysql_data==inception_project'
 
 inception_project_settings:
   - 'debug.showExceptionPage=false'

defaults/main.yml

@@ -5,9 +5,7 @@ inception_project_docker_stack_name: 'inception-project'
 inception_project_docker_service_name: 'inception'
 inception_project_docker_image: 'inceptionproject/inception:{{ inception_project_version }}'
 inception_project_docker_network: 'inception_project_net'
-inception_project_docker_data_node: 'localhost'
 # We need a directory because the confg file goes inside it
-inception_project_service_volume: '/srv/inception_project_data'
 inception_project_service_port: 8080
 # IMPORTANT. Set it to True for the server that is going to host the DB
 inception_project_service_constraints: 'node.labels.service_data==inception_project'
@@ -40,15 +38,12 @@ inception_project_server_preauth_users_roles: []
 # - { username: 'user', roles: 'ROLE_PROJECT_CREATOR,ROLE_ADMIN' }
 # DB
 inception_project_db_as_container: True
-inception_project_docker_db_node: 'localhost'
 inception_project_db_image: 'mariadb:10.5'
 inception_project_db_host: 'mysql-server'
 inception_project_db_port: 3306
 inception_project_db_name: 'inception'
 inception_project_db_user: 'inception_user'
 # inception_project_db_pwd: 'set it in a vault file'
-inception_project_db_volume: 'inception_db_data'
-inception_project_db_constraints: 'node.labels.mysql_data==inception_project'
 
 inception_project_websockets_enabled: 'false'
 inception_project_websockets_loggedevent_enabled: 'false'

meta/main.yml

@@ -1,14 +1,11 @@
 galaxy_info:
   author: Andrea Dell'Amico
-  description: Systems Architect
+  namespace: adellam
+  description: Role that installs a containerized inception service
+  role_name: inception
   company: ISTI-CNR
-
-  issue_tracker_url: https://support.d4science.org/projects/d4science-operation
-
   license: EUPL 1.2+
-
+  min_ansible_version: "2.9"
-  min_ansible_version: 2.8
-
   # To view available platforms and versions (or releases), visit:
   # https://galaxy.ansible.com/api/v1/platforms/
   #
@@ -18,7 +15,7 @@ galaxy_info:
         - bionic
     - name: EL
       versions:
-        - 7
+        - "7"
 
   galaxy_tags:
     - inception-project

tasks/inception.yml

@@ -1,48 +1,48 @@
 ---
-- name: Manage the installation of the Inception configuration of the swarm service
+- name: Manage the compose directory
-  block:
-    - name: Create the data directory used by the inception service, and its subdirectories
-      file: dest={{ inception_project_service_volume }}/{{ item }} state=directory
-      with_items:
-        - 'repository/kb'
-        - 'plugins'
-
-    - name: Install the inception properties file
-      template: src=settings.properties.j2 dest={{ inception_project_service_volume }}/settings.properties owner=root group=root mode='0444'
-
-  when: inception_project_docker_data_node == ansible_fqdn
   tags: ['inception_project', 'inception_project_swarm', 'inception_project_service']
-
-- name: Manage the installation of the Inception project Docker stack
   block:
     - name: Create the directory where the compose file will be installed
-      file: dest={{ inception_project_compose_dir }} state=directory mode='0750' owner=root group=root
+      ansible.builtin.file:
+        dest: "{{ inception_project_compose_dir }}"
+        state: directory mode='0750'
+        owner: root
+        group: root
+        mode: 0700
 
+- name: Manage the installation of the Inception configuration of the swarm service
+  tags: ['inception_project', 'inception_project_swarm', 'inception_project_service']
+  block:
+    - name: Install the inception properties file
+      ansible.builtin.template:
+        src: settings.properties.j2
+        dest: "{{ inception_project_compose_dir }}/settings.properties"
+        owner: root
+        group: root
+        mode: 0400
+
+- name: Manage the installation of the Inception project Docker stack
+  run_once: true
+  when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool
+  tags: ['inception_project', 'inception_project_swarm', 'inception_project_service']
+  block:
     - name: Install the docker compose file
-      template: src=inception-project-docker-compose.yml.j2 dest={{ inception_project_compose_dir }}/docker-inception-project-stack.yml owner=root group=root mode='0400'
+      ansible.builtin.template:
+        src: inception-project-docker-compose.yml.j2
+        dest: "{{ inception_project_compose_dir }}/docker-inception-project-stack.yml"
+        owner: root
+        group: root
+        mode: 0400
 
-    - name: Add the label that will be used as a constraint for the inception data volume
+    - name: Create the secret for the application settings
-      docker_node:
+      community.docker.docker_secret:
-        hostname: '{{ inception_project_docker_data_node }}'
+        name: inception_service_config
-        labels:
+        data_src: "{{ inception_project_compose_dir }}/settings.properties"
-          service_data: 'inception_project'
+        state: present
-        labels_state: 'merge'
-
-    - name: Add the label that will be used as a constraint for the MySQL DB
-      docker_node:
-        hostname: '{{ inception_project_docker_db_node }}'
-        labels:
-          mysql_data: 'inception_project'
-        labels_state: 'merge'
-      when: inception_project_db_as_container
 
     - name: Start the Inception project stack
-      docker_stack:
+      community.docker.docker_stack:
         name: inception-project
         state: present
         compose:
           - '{{ inception_project_compose_dir }}/docker-inception-project-stack.yml'
-
-  run_once: true
-  when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool
-  tags: ['inception_project', 'inception_project_swarm', 'inception_project_service']

templates/inception-project-docker-compose.yml.j2

@@ -8,8 +8,22 @@ networks:
   {{ inception_project_docker_network }}:
 
 volumes:
-  {{ inception_project_db_volume }}:
+  inception_project_db_volume:
-#  {{ inception_project_service_volume }}:
+    driver: local
+    driver_opts:
+      type: nfs4
+      o: "nfsvers=4,addr=146.48.123.250,rw"
+      device: ":/nfs/inception_mysql_data"
+  inception_project_service_volume:
+    driver: local
+    driver_opts:
+      type: nfs4
+      o: "nfsvers=4,addr=146.48.123.250,rw"
+      device: ":/nfs/inception_service_home"
+
+secrets:
+  inception_service_config:
+    external: true
 
 services:
   {{ inception_project_docker_service_name }}:
@@ -22,14 +36,17 @@ services:
     environment:
       - INCEPTION_DB_DIALECT=org.hibernate.dialect.MariaDB103Dialect 
       - INCEPTION_DB_DRIVER=org.mariadb.jdbc.Driver
-      - INCEPTION_DB_URL=jdbc:mariadb://{{ inception_project_db_host }}:{{ inception_project_db_port }}/{{ inception_project_db_name }}?useUnicode=true&characterEncoding=UTF-8
+      - INCEPTION_DB_URL=jdbc:mariadb://{{ inception_project_docker_stack_name }}_{{ inception_project_db_host }}:{{ inception_project_db_port }}/{{ inception_project_db_name }}?useUnicode=true&characterEncoding=UTF-8
       - INCEPTION_DB_USERNAME={{ inception_project_db_user }}
       - INCEPTION_DB_PASSWORD={{ inception_project_db_pwd }}
       - VIRTUAL_HOST={{ inception_project_server_endpoint }}
       - JAVA_OPTS=-Dspring.jpa.properties.hibernate.dialect.storage_engine=innodb
     volumes:
-    volumes:
+      - inception_project_service_volume:/export
-      - {{ inception_project_service_volume }}:/export
+    secrets:
+      - source: inception_service_config
+        target: /export/settings.properties
+        mode: 0444
     depends_on:
       - {{ inception_project_db_host }}
     deploy:
@@ -41,7 +58,6 @@ services:
       placement:
         constraints:
           - node.role == worker
-          - {{ inception_project_service_constraints }}
       restart_policy:
         condition: on-failure
         delay: 5s
@@ -55,7 +71,7 @@ services:
     networks:
       - {{ inception_project_docker_network }}
     volumes:
-      - {{ inception_project_db_volume }}:/var/lib/mysql
+      - inception_project_db_volume:/var/lib/mysql
     environment:
       - MYSQL_RANDOM_ROOT_PASSWORD=yes
       - MYSQL_DATABASE={{ inception_project_db_name }}
@@ -72,7 +88,6 @@ services:
       placement:
         constraints:
           - node.role == worker
-          - {{ inception_project_db_constraints }}
       restart_policy:
         condition: on-failure
         delay: 5s