ckan (#8), traefik: added ckan.hxl.etica.dev Traefik dinamic file (it…

…s not a Docker container, so is different than usual)

ansible/inventories/etica.dev-extras/traefik/traefik.d/ckan.yml

@@ -0,0 +1,16 @@
+---
+# @see https://docs.traefik.io/providers/file/#configuration-examples
+
+http:
+  routers:
+    ckan:
+      service: "ckan"
+      rule: "Host(`ckan.hxl.etica.dev`)"
+      entrypoints: "web,websecure"
+      tls:
+        certresolver: letsencrypt"
+  services:
+    ckan:
+      loadBalancer:
+        servers:
+          - url: "http://localhost:8080"

ansible/inventories/etica.dev-extras/traefik/traefik.yml

@@ -46,6 +46,9 @@ providers:
   docker:
     endpoint: "unix:///var/run/docker.sock"
     exposedByDefault: true
+  file:
+    directory: "/etc/traefik/traefik.d/"
+    watch: true
 
 certificatesresolvers:
   letsencrypt:

ansible/inventories/etica.dev/hosts.yml

@@ -20,11 +20,19 @@ all:
 
   vars:
 
+    ckan:
+      site_url: https://ckan.hxl.etica.dev
+
     traefik_version: "2.2.0"
     traefik_arch: "linux_amd64"
     # traefik_force_reinstall: yes
     traefik_conf_yml: "{{ playbook_dir }}/../inventories/etica.dev-extras/traefik/traefik.yml"
 
+    traefik_conf_dinamyc_files:
+      - name: "ckan.yml"
+        src: "{{ playbook_dir }}/../inventories/etica.dev-extras/traefik/traefik.d/ckan.yml"
+        state: present
+
     # @see https://github.com/geerlingguy/ansible-role-pip#role-variables
     # By default, geerlingguy.pip will use pip from python 2.7.
     # You can force on your inventory use another pip. On case of

ansible/playbooks/roles/ckan/defaults/main.yml

@@ -4,3 +4,5 @@
 # This is how the package was created https://github.com/ckan/ckan-packaging/blob/master/package.yml
 ckan_package: "python-ckan_2.8-bionic_amd64.deb"
 ckan_package_url: "http://packaging.ckan.org/{{ ckan_package }}"
+
+ckan_force_reinstall: false

ansible/playbooks/roles/ckan/files/production.ini

@@ -0,0 +1,227 @@
+# CKAN - Pylons configuration
+#
+# These are some of the configuration options available for your CKAN
+# instance. Check the documentation in 'doc/configuration.rst' or at the
+# following URL for a description of what they do and the full list of
+# available options:
+#
+# http://docs.ckan.org/en/latest/maintaining/configuration.html
+#
+# The %(here)s variable will be replaced with the parent directory of this file
+#
+
+[DEFAULT]
+
+# WARNING: *THIS SETTING MUST BE SET TO FALSE ON A PRODUCTION ENVIRONMENT*
+debug = false
+
+[server:main]
+use = egg:Paste#http
+host = 0.0.0.0
+port = 5000
+
+[app:main]
+use = egg:ckan
+full_stack = true
+cache_dir = /tmp/%(ckan.site_id)s/
+beaker.session.key = ckan
+
+# This is the secret token that the beaker library uses to hash the cookie sent
+# to the client. `paster make-config` generates a unique value for this each
+# time it generates a config file.
+beaker.session.secret = TT+v4nz7plyM9sRKk9vuUcunY
+
+# `paster make-config` generates a unique value for this each time it generates
+# a config file.
+app_instance_uuid = 8c83d99e-bd95-4665-b2a2-9e1f22eee61c
+
+# repoze.who config
+who.config_file = %(here)s/who.ini
+who.log_level = warning
+who.log_file = %(cache_dir)s/who_log.ini
+# Session timeout (user logged out after period of inactivity, in seconds).
+# Inactive by default, so the session doesn't expire.
+# who.timeout = 86400
+
+## Database Settings
+sqlalchemy.url = postgresql://ckan_default:pass@localhost/ckan_default
+
+#ckan.datastore.write_url = postgresql://ckan_default:pass@localhost/datastore_default
+#ckan.datastore.read_url = postgresql://datastore_default:pass@localhost/datastore_default
+
+# PostgreSQL' full-text search parameters
+ckan.datastore.default_fts_lang = english
+ckan.datastore.default_fts_index_method = gist
+
+
+## Site Settings
+
+ckan.site_url =
+#ckan.use_pylons_response_cleanup_middleware = true
+
+## Authorization Settings
+
+ckan.auth.anon_create_dataset = false
+ckan.auth.create_unowned_dataset = false
+ckan.auth.create_dataset_if_not_in_organization = false
+ckan.auth.user_create_groups = false
+ckan.auth.user_create_organizations = false
+ckan.auth.user_delete_groups = true
+ckan.auth.user_delete_organizations = true
+ckan.auth.create_user_via_api = false
+ckan.auth.create_user_via_web = true
+ckan.auth.roles_that_cascade_to_sub_groups = admin
+
+
+## Search Settings
+
+ckan.site_id = default
+#solr_url = http://127.0.0.1:8983/solr
+
+
+## Redis Settings
+
+# URL to your Redis instance, including the database to be used.
+#ckan.redis.url = redis://localhost:6379/0
+
+
+## CORS Settings
+
+# If cors.origin_allow_all is true, all origins are allowed.
+# If false, the cors.origin_whitelist is used.
+# ckan.cors.origin_allow_all = true
+# cors.origin_whitelist is a space separated list of allowed domains.
+# ckan.cors.origin_whitelist = http://example1.com http://example2.com
+
+
+## Plugins Settings
+
+# Note: Add ``datastore`` to enable the CKAN DataStore
+#       Add ``datapusher`` to enable DataPusher
+#		Add ``resource_proxy`` to enable resorce proxying and get around the
+#		same origin policy
+ckan.plugins = stats text_view image_view recline_view
+
+# Define which views should be created by default
+# (plugins must be loaded in ckan.plugins)
+ckan.views.default_views = image_view text_view recline_view
+
+# Customize which text formats the text_view plugin will show
+#ckan.preview.json_formats = json
+#ckan.preview.xml_formats = xml rdf rdf+xml owl+xml atom rss
+#ckan.preview.text_formats = text plain text/plain
+
+# Customize which image formats the image_view plugin will show
+#ckan.preview.image_formats = png jpeg jpg gif
+
+## Front-End Settings
+
+# Uncomment following configuration to enable using of Bootstrap 2
+#ckan.base_public_folder = public-bs2
+#ckan.base_templates_folder = templates-bs2
+
+ckan.site_title = CKAN
+ckan.site_logo = /base/images/ckan-logo.png
+ckan.site_description =
+ckan.favicon = /base/images/ckan.ico
+ckan.gravatar_default = identicon
+ckan.preview.direct = png jpg gif
+ckan.preview.loadable = html htm rdf+xml owl+xml xml n3 n-triples turtle plain atom csv tsv rss txt json
+ckan.display_timezone = server
+
+# package_hide_extras = for_search_index_only
+#package_edit_return_url = http://another.frontend/dataset/<NAME>
+#package_new_return_url = http://another.frontend/dataset/<NAME>
+#ckan.recaptcha.publickey =
+#ckan.recaptcha.privatekey =
+#licenses_group_url = http://licenses.opendefinition.org/licenses/groups/ckan.json
+# ckan.template_footer_end =
+
+
+## Internationalisation Settings
+ckan.locale_default = en
+ckan.locale_order = en pt_BR ja it cs_CZ ca es fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv
+ckan.locales_offered =
+ckan.locales_filtered_out = en_GB
+
+## Feeds Settings
+
+ckan.feeds.authority_name =
+ckan.feeds.date =
+ckan.feeds.author_name =
+ckan.feeds.author_link =
+
+## Storage Settings
+
+#ckan.storage_path = /var/lib/ckan
+#ckan.max_resource_size = 10
+#ckan.max_image_size = 2
+
+## Datapusher settings
+
+# Make sure you have set up the DataStore
+
+#ckan.datapusher.formats = csv xls xlsx tsv application/csv application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+#ckan.datapusher.url = http://127.0.0.1:8800/
+#ckan.datapusher.assume_task_stale_after = 3600
+
+# Resource Proxy settings
+# Preview size limit, default: 1MB
+#ckan.resource_proxy.max_file_size = 1048576
+# Size of chunks to read/write.
+#ckan.resource_proxy.chunk_size = 4096
+
+## Activity Streams Settings
+
+#ckan.activity_streams_enabled = true
+#ckan.activity_list_limit = 31
+#ckan.activity_streams_email_notifications = true
+#ckan.email_notifications_since = 2 days
+ckan.hide_activity_from_users = %(ckan.site_id)s
+
+
+## Email settings
+
+#email_to = [email protected]
+#error_email_from = [email protected]
+#smtp.server = localhost
+#smtp.starttls = False
+#smtp.user = [email protected]
+#smtp.password = your_password
+#smtp.mail_from =
+
+
+## Logging configuration
+[loggers]
+keys = root, ckan, ckanext
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARNING
+handlers = console
+
+[logger_ckan]
+level = INFO
+handlers = console
+qualname = ckan
+propagate = 0
+
+[logger_ckanext]
+level = DEBUG
+handlers = console
+qualname = ckanext
+propagate = 0
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(asctime)s %(levelname)-5.5s [%(name)s] %(message)s

ansible/playbooks/roles/ckan/tasks/configure.yml

@@ -0,0 +1,28 @@
+---
+# FILE:            playbooks/roles/ckan/tasks/configure.yml
+# LICENSE:         Public Domain
+#
+# TODO: allow user specify the entire file instead of edit item by item
+#
+# SEE:             https://gist.github.com/jeffbr13/08751e42c9355cc44f5d
+
+# - name: Set CKAN Solr server address
+#   lineinfile: 
+#     dest: /etc/ckan/default/production.ini
+#     regexp: solr_url
+#     line: "solr_url=http://127.0.0.1:8983/solr"
+# - name: Set CKAN Solr server address
+#   lineinfile: 
+#     dest: /etc/ckan/default/production.ini
+#     regexp: solr_url
+#     line: "solr_url=http://127.0.0.1:8983/solr"
+
+- name: "/etc/ckan/default/production.ini [app:main] ckan.site_url "
+  ini_file:
+    path: /etc/ckan/default/production.ini
+    section: "app:main"
+    option: "ckan.site_url"
+    value: "{{ ckan.site_url }}"
+    # backup: yes
+  when:
+    - "ckan.site_url is defined"

ansible/playbooks/roles/ckan/tasks/main.yml

@@ -17,14 +17,19 @@
 #   ping:
 #     data: pong
 
-# - name: "Check if {{ traefik_install_base }}traefik exists"
-#   stat:
-#     path: "{{ traefik_install_base }}traefik"
-#   register: stat_result
+- name: "Check if /etc/ckan/default/production.ini exists"
+  stat:
+    path: "/etc/ckan/default/production.ini"
+  register: stat_result
 
-# - debug: var=stat_result
+- debug: var=stat_result
 
 - name: "install.yml"
   include: install.yml
-#   when:
-#     - "(not stat_result.stat.exists) or (traefik_force_reinstall|bool)"
+  when:
+    - "(not stat_result.stat.exists) or (ckan_force_reinstall|bool)"
+
+- name: "configure.yml"
+  include: configure.yml
+  # when:
+  #   - "(not stat_result.stat.exists) or (ckan_force_reinstall|bool)"

ansible/playbooks/roles/traefik/defaults/main.yml

@@ -12,6 +12,9 @@ traefik_install_base: "/usr/local/bin/"
 # traefik_conf_yml: "{{ playbook_dir }}/inventories/etica.dev/traefik/traefik.yml"
 # traefik_systemd_service_template: "" # You can also customize the systemd service template
 
+# @see https://docs.traefik.io/providers/file/#directory
+traefik_conf_dinamyc_files: []
+
 # To force reinstall / update the traefik, please set this to yes
 traefik_force_reinstall: no
 

ansible/playbooks/roles/traefik/tasks/configure.yml

@@ -27,3 +27,22 @@
     # variable_end_string: "]]]"
   notify:
     - reload traefik
+
+- name: "Copy files from [[ traefik_conf_dinamyc_files ]] on /etc/traefik/traefik.d/"
+  copy:
+    src: "{{ item.src }}"
+    dest: "/etc/traefik/traefik.d/{{ item.name }}"
+    mode: 0664
+  with_items: "{{ traefik_conf_dinamyc_files }}"
+  when:
+    - "(traefik_conf_dinamyc_files is defined) and (traefik_conf_dinamyc_files|length > 0)"
+    - "(item.state is not defined) or (item.state != 'absent')"
+
+- name: "Delete files [[ traefik_conf_dinamyc_files ]] /etc/traefik/traefik.d/ if state=absent"
+  file:
+    dest: "/etc/traefik/traefik.d/{{ item.name }}"
+    state: absent
+  with_items: "{{ traefik_conf_dinamyc_files }}"
+  when:
+    - "(traefik_conf_dinamyc_files is defined) and (traefik_conf_dinamyc_files|length > 0)"
+    - "(item.state is defined) and (item.state == 'absent')"

ansible/playbooks/roles/traefik/tasks/install.yml

@@ -15,6 +15,13 @@
     mode: '0755'
   become: yes
 
+- name: "Create /etc/traefik/traefik.d/ it does not exist"
+  file:
+    path: "/etc/traefik/traefik.d/"
+    state: directory
+    mode: '0755'
+  become: yes
+
 - name: "Create /var/log/traefik/ it does not exist"
   file:
     path: "/var/log/traefik/"