pg and pgadmin config as secrets.

2023-06-03 14:47:47 +02:00 · 2023-06-03 14:47:47 +02:00 · d9f831a340
parent cc4eff77e8
commit d9f831a340
2 changed files with 126 additions and 30 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,56 +1,136 @@
 ---
- name: Manage the installation of the OpenASFA configuration of the swarm service
+- name: Create the compose directory
+  run_once: true
+  when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool
+  tags: ['open_asfa', 'open_asfa_swarm']
  block:
-    - name: Create the directory where the DB init script is going to be installed
-      file: dest={{ open_asfa_compose_dir }} state=directory
+    - name: Create the compose directory
+      ansible.builtin.file:
+        dest: "{{ open_asfa_compose_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: 0700

-    - name: Install the DB initialization script
-      template: src=pg-create-user-db.sh.j2 dest={{ open_asfa_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555'
-
-    - name: Install the pgadmin configuration files
-      template: src={{ item }}.j2 dest={{ open_asfa_compose_dir }}/{{ item }} owner=root group=root mode='0444'
-      loop:
-        - pgadmin_config_local.py
-        - pgadmin_servers.json
-
-  run_once: True
+- name: Manage the configuration of the OpenASFA DB as a container
+  run_once: true
  when:
    - open_asfa_db_docker_host == ansible_fqdn
    - open_asfa_db_as_container
-  tags: [ 'open_asfa', 'open_asfa_swarm', 'open_asfa_db' ]
-
- name: Manage the installation of the OpenASFA configuration of the swarm service
+    - open_asfa_pg_volume_type == "local"
+  tags: ['open_asfa', 'open_asfa_swarm', 'open_asfa_db']
  block:
+    - name: Create the compose directory
+      ansible.builtin.file:
+        dest: "{{ open_asfa_compose_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: 0700
+
+    - name: Install the DB initialization script
+      ansible.builtin.template:
+        src: pg-create-user-db.sh.j2
+        dest: "{{ open_asfa_compose_dir }}/pg-create-user-db.sh"
+        owner: root
+        group: root
+        mode: 0555
+
    - name: Add the label that will be used as a constraint for the PostgreSQL DB
-      docker_node:
+      community.docker.docker_node:
        hostname: '{{ open_asfa_db_docker_host }}'
-        #node.labels.pg_data==asfa_server_test
        labels:
          pg_data_asfa_test: 'asfa_server_test'
          pgadmin_data_asfa_test: 'asfa_server_test'
        labels_state: 'merge'
-      when: open_asfa_db_as_container
+
+- name: Manage the installation of the OpenASFA configuration of the swarm service
+  run_once: true
+  when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool
+  tags: ['open_asfa', 'open_asfa_swarm']
+  block:
+    - name: Add the label that will be used as a constraint for the PostgreSQL Pgadmin
+      community.docker.docker_node:
+        hostname: '{{ open_asfa_db_docker_host }}'
+        labels:
+          pg_data_asfa_test: 'asfa_server_test'
+          pgadmin_data_asfa_test: 'asfa_server_test'
+        labels_state: 'merge'
+      when: open_asfa_pgadmin_volume_type == "local"

    - name: Install the docker compose file for postgresql and pgadmin
-      template: src=open-asfa-db-docker-compose.yml.j2 dest={{ open_asfa_compose_dir }}/docker-open-asfa-stack-db-test.yml owner=root group=root mode='0400'
+      ansible.builtin.template:
+        src: open-asfa-db-docker-compose.yml.j2
+        dest: "{{ open_asfa_compose_dir }}/docker-open-asfa-stack-db-test.yml"
+        owner: root
+        group: root
+        mode: 0400
      when: open_asfa_db_as_container

    - name: Install the docker compose file of Couchbase
-      template: src=open-asfa-couchbase-docker-compose.yml.j2 dest={{ open_asfa_compose_dir }}/docker-open-asfa-stack-couchbase-test.yml owner=root group=root mode='0400'
+      ansible.builtin.template:
+        src: open-asfa-couchbase-docker-compose.yml.j2
+        dest: "{{ open_asfa_compose_dir }}/docker-open-asfa-stack-couchbase-test.yml"
+        owner: root
+        group: root
+        mode: 0400
      when: open_asfa_db_as_container

    - name: Install the docker compose file of the open-asfa service
-      template: src=open-asfa-docker-compose.yml.j2 dest={{ open_asfa_compose_dir }}/docker-open-asfa-stack-test.yml owner=root group=root mode='0400'
+      ansible.builtin.template:
+        src: open-asfa-docker-compose.yml.j2
+        dest: "{{ open_asfa_compose_dir }}/docker-open-asfa-stack-test.yml"
+        owner: root
+        group: root
+        mode: 0400
+
+    - name: Install the DB initialization script
+      ansible.builtin.template:
+        src: pg-create-user-db.sh.j2
+        dest: "{{ open_asfa_compose_dir }}/pg-create-user-db.sh"
+        owner: root
+        group: root
+        mode: 0555
+      when:
+        - open_asfa_db_as_container
+        - open_asfa_pg_volume_type != "local"
+
+    - name: Create the secret for the Postgres initizalization script
+      community.docker.docker_secret:
+        name: open_asfa_test_pg_config
+        data_src: '{{ open_asfa_compose_dir }}/pgadmin_servers.json'
+        state: present
+
+    - name: Install the pgadmin configuration files
+      ansible.builtin.template:
+        src: '{{ open_asfa_pgadmin_config_item }}.j2'
+        dest: '{{ open_asfa_compose_dir }}/{{ open_asfa_pgadmin_config_item }}'
+        owner: root
+        group: root
+        mode: 0444
+      loop:
+        - pgadmin_config_local.py
+        - pgadmin_servers.json
+      loop_control:
+        loop_var: open_asfa_pgadmin_config_item
+
+    - name: Create the secret for the pgadmin config local
+      community.docker.docker_secret:
+        name: open_asfa_test_pgadmin_config
+        data_src: '{{ open_asfa_compose_dir }}/pgadmin_config_local.py'
+        state: present
+
+    - name: Create the secret for the pgadmin config servers
+      community.docker.docker_secret:
+        name: open_asfa_test_pgadmin_servers
+        data_src: '{{ open_asfa_compose_dir }}/pgadmin_servers.json'
+        state: present

    - name: Start the OpenAsfa stack
-      docker_stack:
+      community.docker.docker_stack:
        name: open-asfa-test
        state: present
        compose:
          - '{{ open_asfa_compose_dir }}/docker-open-asfa-stack-db-test.yml'
          - '{{ open_asfa_compose_dir }}/docker-open-asfa-stack-test.yml'
          - '{{ open_asfa_compose_dir }}/docker-open-asfa-stack-couchbase-test.yml'
-
-  run_once: True
-  when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool
-  tags: [ 'open_asfa', 'open_asfa_swarm' ]
--- a/templates/open-asfa-db-docker-compose.yml.j2
+++ b/templates/open-asfa-db-docker-compose.yml.j2
@ -28,6 +28,14 @@ volumes:
      device: "{{ open_asfa_pg_volume_device }}"
  {% endif %}

+secrets:
+  open_asfa_test_pgadmin_config:
+    external: true
+  open_asfa_test_pgadmin_servers:
+    external: true
+  open_asfa_test_pg_config:
+    external: true
+
 services:
  pg:
    image: {{ open_asfa_db_image }}
@ -35,13 +43,16 @@ services:
      - {{ open_asfa_docker_network }}
    volumes:
      - {{ open_asfa_db_volume }}:/var/lib/postgresql/data/pg_data
-      - {{ open_asfa_compose_dir }}/pg-create-user-db.sh:/docker-entrypoint-initdb.d/pg-create-user-db.sh:ro
    environment:
      POSTGRES_PASSWORD: {{ open_asfa_db_pwd }}
      POSTGRES_DB: postgres
      POSTGRES_USER: postgres
      POSTGRES_PORT: {{ open_asfa_db_port }}
      PGDATA: /var/lib/postgresql/data/pg_data
+    secrets:
+      - source: open_asfa_test_pg_config
+        target: /docker-entrypoint-initdb.d/pg-create-user-db.sh
+        mode: 0555
    deploy:
      placement:
  {% if open_asfa_pg_volume_type == "nfs4" %}
@ -65,8 +76,6 @@ services:
 {% endif %}
    volumes:
      - {{ open_asfa_pgadmin_data_vol }}:/var/lib/pgadmin
-      - {{ open_asfa_compose_dir }}/pgadmin_config_local.py:/pgadmin4/config_local.py:ro
-      - {{ open_asfa_compose_dir }}/pgadmin_servers.json:/pgadmin4/servers.json:ro
    environment:
      PGADMIN_DEFAULT_EMAIL: {{ open_asfa_pgadmin_email }}
      PGADMIN_DEFAULT_PASSWORD: {{ open_asfa_pgadmin_default_pwd }}
@ -75,6 +84,13 @@ services:
      PGADMIN_LISTEN_ADDRESS: 0.0.0.0
      PGADMIN_LISTEN_PORT: 5050
      GUNICORN_THREADS: 20
+    secrets:
+      - source: open_asfa_pgadmin_config
+        target: /pgadmin4/config_local.py
+        mode: 0444
+      - source: open_asfa_pgadmin_servers
+        target: /pgadmin4/servers.json
+        mode: 0444
    deploy:
      placement:
  {% if open_asfa_pgadmin_volume_type == "nfs4" %}