Working SBS on test2

SURFscz · Nov 7, 2024 · b1bb3f1 · b1bb3f1
1 parent 669a893
commit b1bb3f1
Show file tree

Hide file tree

Showing 8 changed files with 192 additions and 257 deletions.
diff --git a/provision.yml b/provision.yml
@@ -114,11 +114,12 @@
   tasks:
     - { name: "version", import_tasks: "tasks/versions.yml", tags: ["common"]  }
   roles:
-    - { role: "docker_db",                    tags: ["db", "docker-db"], when: is_dev }
-    - { role: "docker_sbs",                   tags: ["sbs", "docker-sbs"] }
-    - { role: "docker_pyff",                  tags: ["meta", "docker-pyff"] }
-    - { role: "docker_metadata",              tags: ["meta", "docker-metadata"] }
-    - { role: "docker_plsc",                  tags: ["plsc", "docker-plsc"] }
+    - { role: "docker_db",       tags: ["db",    "docker-db"      ], when: is_dev }
+    - { role: "docker_redis",    tags: ["redis", "docker-redis"   ] }
+    - { role: "docker_sbs",      tags: ["sbs",   "docker-sbs"     ] }
+    - { role: "docker_pyff",     tags: ["meta",  "docker-pyff"    ] }
+    - { role: "docker_metadata", tags: ["meta",  "docker-metadata"] }
+    - { role: "docker_plsc",     tags: ["plsc",  "docker-plsc"    ] }
 
 - name: "container_ldap"
   hosts: "container_ldap"

diff --git a/roles/docker_redis/defaults/main.yml b/roles/docker_redis/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+redis_conf_dir: "{{sram_conf_dir}}/redis"
+redis_user: "sram-redis"
diff --git a/roles/docker_redis/tasks/main.yml b/roles/docker_redis/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+- name: "Create Redis user"
+  user:
+    name: "{{ redis_user }}"
+    comment: "User to run SRAM Redis service"
+    shell: "/bin/false"
+    password: "!"
+    home: "{{ redis_conf_dir }}"
+    create_home: false
+    state: "present"
+  register: "result"
+
+- name: "Save redis user uid"
+  set_fact:
+    redis_user_uid: "{{ result.uid }}"
+
+- name: "Create directories"
+  file:
+    path: "{{item.path}}"
+    state: "directory"
+    owner: "root"
+    group: "root"
+    mode: "{{item.mode}}"
+  with_items:
+    - { path: "{{redis_conf_dir}}", mode: "0755" }
+
+- name: "Create redis config"
+  template:
+    src: "redis.conf.j2"
+    dest: "{{ redis_conf_dir }}/redis.conf"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: "Restart redis container"
+
+- name: "Create redis container"
+  docker_container:
+    name: "{{ containers.redis }}"
+    image: "{{ images.redis }}"
+    restart_policy: "always"
+    state: "started"
+    user: "{{ redis_user_uid }}"
+    command: |
+      redis-server /usr/local/etc/redis/redis.conf
+    volumes:
+      - "{{ redis_conf_dir }}:/usr/local/etc/redis"
+    networks:
+      - name: "{{internal_network}}"
diff --git a/roles/docker_sbs/templates/redis.conf.j2 → roles/docker_redis/templates/redis.conf.j2 b/roles/docker_sbs/templates/redis.conf.j2 → roles/docker_redis/templates/redis.conf.j2
diff --git a/roles/docker_sbs/defaults/main.yml b/roles/docker_sbs/defaults/main.yml
@@ -1,5 +1,4 @@
 ---
-redis_conf_dir: "{{sram_conf_dir}}/redis"
 
 sbs_openidc_timeout: 86400
 
@@ -42,8 +41,8 @@ sbs_redis_user: default
 sbs_mail_host: "{{ mail.relay_to }}"
 sbs_mail_port: "{{ mail.relay_port }}"
 
-sbs_file_owner: "root"
-sbs_group: "sram-sbs"
+sbs_user: "sbs"
+sbs_group: "sbs"
 
 sbs_session_lifetime: 1440
 sbs_secret_key_suffix: ""

diff --git a/roles/docker_sbs/tasks/database_init.yml b/roles/docker_sbs/tasks/database_init.yml
@@ -0,0 +1,46 @@
+---
+- name: "Install required packages"
+  apt:
+    state: "latest"
+    name:
+      - "python3-pymysql"
+    install_recommends: false
+
+- name: "Add SBS database"
+  community.mysql.mysql_db:
+    login_host: '{{ sbs_db_host }}'
+    login_port: '3306'
+    login_user: '{{ sbs_db_admin_user }}'
+    login_password: '{{ sbs_db_admin_password }}'
+    name: '{{ sbs_db_name }}'
+    encoding: 'utf8mb4'
+    collation: 'utf8mb4_unicode_ci'
+    ca_cert: "/etc/ssl/vm.scz-vm.net.crt"
+    check_hostname: false
+  notify: "Restart sbs containers"
+
+- name: "Add SBS user"
+  community.mysql.mysql_user:
+    login_host: '{{ sbs_db_host }}'
+    login_port: '3306'
+    login_user: '{{ sbs_db_admin_user }}'
+    login_password: '{{ sbs_db_admin_password }}'
+    name: '{{ item.user }}'
+    host: '%'
+    password: '{{ item.passwd }}'
+    priv: '{{ sbs_db_name }}.*:{{ item.priv }}'
+    ca_cert: "/etc/ssl/vm.scz-vm.net.crt"
+    check_hostname: false
+    column_case_sensitive: "{{ sbs_db_user_column_case_sensitive }}"
+  with_items:
+    - user: "{{ sbs_db_user }}"
+      passwd: "{{ sbs_db_password }}"
+      priv: "SELECT,INSERT,DELETE,UPDATE,TRIGGER"
+    - user: "{{ sbs_migration_user }}"
+      passwd: "{{ sbs_migration_password }}"
+      priv: "ALL"
+    - user: "{{ sbs_dbbackup_user }}"
+      passwd: "{{ sbs_dbbackup_password }}"
+      priv: "SELECT"
+  no_log: "{{sram_ansible_nolog}}"
+  notify: "Restart sbs containers"