From 5689b79f0841b07bc23f3c49d052ae6e4ff28615 Mon Sep 17 00:00:00 2001 From: Emerson Rocha Luiz Date: Sun, 19 Apr 2020 19:31:01 -0300 Subject: [PATCH] ckan (#8), traefik: added ckan.hxl.etica.dev Traefik dinamic file (its not a Docker container, so is different than usual) --- .../traefik/traefik.d/ckan.yml | 16 ++ .../etica.dev-extras/traefik/traefik.yml | 3 + ansible/inventories/etica.dev/hosts.yml | 8 + .../playbooks/roles/ckan/defaults/main.yml | 2 + .../playbooks/roles/ckan/files/production.ini | 227 ++++++++++++++++++ .../playbooks/roles/ckan/tasks/configure.yml | 28 +++ ansible/playbooks/roles/ckan/tasks/main.yml | 19 +- .../playbooks/roles/traefik/defaults/main.yml | 3 + .../roles/traefik/tasks/configure.yml | 19 ++ .../playbooks/roles/traefik/tasks/install.yml | 7 + 10 files changed, 325 insertions(+), 7 deletions(-) create mode 100644 ansible/inventories/etica.dev-extras/traefik/traefik.d/ckan.yml create mode 100644 ansible/playbooks/roles/ckan/files/production.ini create mode 100644 ansible/playbooks/roles/ckan/tasks/configure.yml diff --git a/ansible/inventories/etica.dev-extras/traefik/traefik.d/ckan.yml b/ansible/inventories/etica.dev-extras/traefik/traefik.d/ckan.yml new file mode 100644 index 0000000..5a80c20 --- /dev/null +++ b/ansible/inventories/etica.dev-extras/traefik/traefik.d/ckan.yml @@ -0,0 +1,16 @@ +--- +# @see https://docs.traefik.io/providers/file/#configuration-examples + +http: + routers: + ckan: + service: "ckan" + rule: "Host(`ckan.hxl.etica.dev`)" + entrypoints: "web,websecure" + tls: + certresolver: letsencrypt" + services: + ckan: + loadBalancer: + servers: + - url: "http://localhost:8080" diff --git a/ansible/inventories/etica.dev-extras/traefik/traefik.yml b/ansible/inventories/etica.dev-extras/traefik/traefik.yml index b6e2887..b642e3c 100644 --- a/ansible/inventories/etica.dev-extras/traefik/traefik.yml +++ b/ansible/inventories/etica.dev-extras/traefik/traefik.yml @@ -46,6 +46,9 @@ providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: true + file: + directory: "/etc/traefik/traefik.d/" + watch: true certificatesresolvers: letsencrypt: diff --git a/ansible/inventories/etica.dev/hosts.yml b/ansible/inventories/etica.dev/hosts.yml index e86e1d8..1f8c0b8 100644 --- a/ansible/inventories/etica.dev/hosts.yml +++ b/ansible/inventories/etica.dev/hosts.yml @@ -20,11 +20,19 @@ all: vars: + ckan: + site_url: https://ckan.hxl.etica.dev + traefik_version: "2.2.0" traefik_arch: "linux_amd64" # traefik_force_reinstall: yes traefik_conf_yml: "{{ playbook_dir }}/../inventories/etica.dev-extras/traefik/traefik.yml" + traefik_conf_dinamyc_files: + - name: "ckan.yml" + src: "{{ playbook_dir }}/../inventories/etica.dev-extras/traefik/traefik.d/ckan.yml" + state: present + # @see https://github.com/geerlingguy/ansible-role-pip#role-variables # By default, geerlingguy.pip will use pip from python 2.7. # You can force on your inventory use another pip. On case of diff --git a/ansible/playbooks/roles/ckan/defaults/main.yml b/ansible/playbooks/roles/ckan/defaults/main.yml index ef21dc5..a9a6f5b 100644 --- a/ansible/playbooks/roles/ckan/defaults/main.yml +++ b/ansible/playbooks/roles/ckan/defaults/main.yml @@ -4,3 +4,5 @@ # This is how the package was created https://github.com/ckan/ckan-packaging/blob/master/package.yml ckan_package: "python-ckan_2.8-bionic_amd64.deb" ckan_package_url: "http://packaging.ckan.org/{{ ckan_package }}" + +ckan_force_reinstall: false diff --git a/ansible/playbooks/roles/ckan/files/production.ini b/ansible/playbooks/roles/ckan/files/production.ini new file mode 100644 index 0000000..cb82751 --- /dev/null +++ b/ansible/playbooks/roles/ckan/files/production.ini @@ -0,0 +1,227 @@ +# CKAN - Pylons configuration +# +# These are some of the configuration options available for your CKAN +# instance. Check the documentation in 'doc/configuration.rst' or at the +# following URL for a description of what they do and the full list of +# available options: +# +# http://docs.ckan.org/en/latest/maintaining/configuration.html +# +# The %(here)s variable will be replaced with the parent directory of this file +# + +[DEFAULT] + +# WARNING: *THIS SETTING MUST BE SET TO FALSE ON A PRODUCTION ENVIRONMENT* +debug = false + +[server:main] +use = egg:Paste#http +host = 0.0.0.0 +port = 5000 + +[app:main] +use = egg:ckan +full_stack = true +cache_dir = /tmp/%(ckan.site_id)s/ +beaker.session.key = ckan + +# This is the secret token that the beaker library uses to hash the cookie sent +# to the client. `paster make-config` generates a unique value for this each +# time it generates a config file. +beaker.session.secret = TT+v4nz7plyM9sRKk9vuUcunY + +# `paster make-config` generates a unique value for this each time it generates +# a config file. +app_instance_uuid = 8c83d99e-bd95-4665-b2a2-9e1f22eee61c + +# repoze.who config +who.config_file = %(here)s/who.ini +who.log_level = warning +who.log_file = %(cache_dir)s/who_log.ini +# Session timeout (user logged out after period of inactivity, in seconds). +# Inactive by default, so the session doesn't expire. +# who.timeout = 86400 + +## Database Settings +sqlalchemy.url = postgresql://ckan_default:pass@localhost/ckan_default + +#ckan.datastore.write_url = postgresql://ckan_default:pass@localhost/datastore_default +#ckan.datastore.read_url = postgresql://datastore_default:pass@localhost/datastore_default + +# PostgreSQL' full-text search parameters +ckan.datastore.default_fts_lang = english +ckan.datastore.default_fts_index_method = gist + + +## Site Settings + +ckan.site_url = +#ckan.use_pylons_response_cleanup_middleware = true + +## Authorization Settings + +ckan.auth.anon_create_dataset = false +ckan.auth.create_unowned_dataset = false +ckan.auth.create_dataset_if_not_in_organization = false +ckan.auth.user_create_groups = false +ckan.auth.user_create_organizations = false +ckan.auth.user_delete_groups = true +ckan.auth.user_delete_organizations = true +ckan.auth.create_user_via_api = false +ckan.auth.create_user_via_web = true +ckan.auth.roles_that_cascade_to_sub_groups = admin + + +## Search Settings + +ckan.site_id = default +#solr_url = http://127.0.0.1:8983/solr + + +## Redis Settings + +# URL to your Redis instance, including the database to be used. +#ckan.redis.url = redis://localhost:6379/0 + + +## CORS Settings + +# If cors.origin_allow_all is true, all origins are allowed. +# If false, the cors.origin_whitelist is used. +# ckan.cors.origin_allow_all = true +# cors.origin_whitelist is a space separated list of allowed domains. +# ckan.cors.origin_whitelist = http://example1.com http://example2.com + + +## Plugins Settings + +# Note: Add ``datastore`` to enable the CKAN DataStore +# Add ``datapusher`` to enable DataPusher +# Add ``resource_proxy`` to enable resorce proxying and get around the +# same origin policy +ckan.plugins = stats text_view image_view recline_view + +# Define which views should be created by default +# (plugins must be loaded in ckan.plugins) +ckan.views.default_views = image_view text_view recline_view + +# Customize which text formats the text_view plugin will show +#ckan.preview.json_formats = json +#ckan.preview.xml_formats = xml rdf rdf+xml owl+xml atom rss +#ckan.preview.text_formats = text plain text/plain + +# Customize which image formats the image_view plugin will show +#ckan.preview.image_formats = png jpeg jpg gif + +## Front-End Settings + +# Uncomment following configuration to enable using of Bootstrap 2 +#ckan.base_public_folder = public-bs2 +#ckan.base_templates_folder = templates-bs2 + +ckan.site_title = CKAN +ckan.site_logo = /base/images/ckan-logo.png +ckan.site_description = +ckan.favicon = /base/images/ckan.ico +ckan.gravatar_default = identicon +ckan.preview.direct = png jpg gif +ckan.preview.loadable = html htm rdf+xml owl+xml xml n3 n-triples turtle plain atom csv tsv rss txt json +ckan.display_timezone = server + +# package_hide_extras = for_search_index_only +#package_edit_return_url = http://another.frontend/dataset/ +#package_new_return_url = http://another.frontend/dataset/ +#ckan.recaptcha.publickey = +#ckan.recaptcha.privatekey = +#licenses_group_url = http://licenses.opendefinition.org/licenses/groups/ckan.json +# ckan.template_footer_end = + + +## Internationalisation Settings +ckan.locale_default = en +ckan.locale_order = en pt_BR ja it cs_CZ ca es fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv +ckan.locales_offered = +ckan.locales_filtered_out = en_GB + +## Feeds Settings + +ckan.feeds.authority_name = +ckan.feeds.date = +ckan.feeds.author_name = +ckan.feeds.author_link = + +## Storage Settings + +#ckan.storage_path = /var/lib/ckan +#ckan.max_resource_size = 10 +#ckan.max_image_size = 2 + +## Datapusher settings + +# Make sure you have set up the DataStore + +#ckan.datapusher.formats = csv xls xlsx tsv application/csv application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet +#ckan.datapusher.url = http://127.0.0.1:8800/ +#ckan.datapusher.assume_task_stale_after = 3600 + +# Resource Proxy settings +# Preview size limit, default: 1MB +#ckan.resource_proxy.max_file_size = 1048576 +# Size of chunks to read/write. +#ckan.resource_proxy.chunk_size = 4096 + +## Activity Streams Settings + +#ckan.activity_streams_enabled = true +#ckan.activity_list_limit = 31 +#ckan.activity_streams_email_notifications = true +#ckan.email_notifications_since = 2 days +ckan.hide_activity_from_users = %(ckan.site_id)s + + +## Email settings + +#email_to = errors@example.com +#error_email_from = ckan-errors@example.com +#smtp.server = localhost +#smtp.starttls = False +#smtp.user = username@example.com +#smtp.password = your_password +#smtp.mail_from = + + +## Logging configuration +[loggers] +keys = root, ckan, ckanext + +[handlers] +keys = console + +[formatters] +keys = generic + +[logger_root] +level = WARNING +handlers = console + +[logger_ckan] +level = INFO +handlers = console +qualname = ckan +propagate = 0 + +[logger_ckanext] +level = DEBUG +handlers = console +qualname = ckanext +propagate = 0 + +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic + +[formatter_generic] +format = %(asctime)s %(levelname)-5.5s [%(name)s] %(message)s diff --git a/ansible/playbooks/roles/ckan/tasks/configure.yml b/ansible/playbooks/roles/ckan/tasks/configure.yml new file mode 100644 index 0000000..4d0eed1 --- /dev/null +++ b/ansible/playbooks/roles/ckan/tasks/configure.yml @@ -0,0 +1,28 @@ +--- +# FILE: playbooks/roles/ckan/tasks/configure.yml +# LICENSE: Public Domain +# +# TODO: allow user specify the entire file instead of edit item by item +# +# SEE: https://gist.github.com/jeffbr13/08751e42c9355cc44f5d + +# - name: Set CKAN Solr server address +# lineinfile: +# dest: /etc/ckan/default/production.ini +# regexp: solr_url +# line: "solr_url=http://127.0.0.1:8983/solr" +# - name: Set CKAN Solr server address +# lineinfile: +# dest: /etc/ckan/default/production.ini +# regexp: solr_url +# line: "solr_url=http://127.0.0.1:8983/solr" + +- name: "/etc/ckan/default/production.ini [app:main] ckan.site_url " + ini_file: + path: /etc/ckan/default/production.ini + section: "app:main" + option: "ckan.site_url" + value: "{{ ckan.site_url }}" + # backup: yes + when: + - "ckan.site_url is defined" diff --git a/ansible/playbooks/roles/ckan/tasks/main.yml b/ansible/playbooks/roles/ckan/tasks/main.yml index 8241bf7..cb7fbb7 100644 --- a/ansible/playbooks/roles/ckan/tasks/main.yml +++ b/ansible/playbooks/roles/ckan/tasks/main.yml @@ -17,14 +17,19 @@ # ping: # data: pong -# - name: "Check if {{ traefik_install_base }}traefik exists" -# stat: -# path: "{{ traefik_install_base }}traefik" -# register: stat_result +- name: "Check if /etc/ckan/default/production.ini exists" + stat: + path: "/etc/ckan/default/production.ini" + register: stat_result -# - debug: var=stat_result +- debug: var=stat_result - name: "install.yml" include: install.yml -# when: -# - "(not stat_result.stat.exists) or (traefik_force_reinstall|bool)" + when: + - "(not stat_result.stat.exists) or (ckan_force_reinstall|bool)" + +- name: "configure.yml" + include: configure.yml + # when: + # - "(not stat_result.stat.exists) or (ckan_force_reinstall|bool)" diff --git a/ansible/playbooks/roles/traefik/defaults/main.yml b/ansible/playbooks/roles/traefik/defaults/main.yml index a24196b..9e93764 100644 --- a/ansible/playbooks/roles/traefik/defaults/main.yml +++ b/ansible/playbooks/roles/traefik/defaults/main.yml @@ -12,6 +12,9 @@ traefik_install_base: "/usr/local/bin/" # traefik_conf_yml: "{{ playbook_dir }}/inventories/etica.dev/traefik/traefik.yml" # traefik_systemd_service_template: "" # You can also customize the systemd service template +# @see https://docs.traefik.io/providers/file/#directory +traefik_conf_dinamyc_files: [] + # To force reinstall / update the traefik, please set this to yes traefik_force_reinstall: no diff --git a/ansible/playbooks/roles/traefik/tasks/configure.yml b/ansible/playbooks/roles/traefik/tasks/configure.yml index 16e1fc7..1fbfbf3 100644 --- a/ansible/playbooks/roles/traefik/tasks/configure.yml +++ b/ansible/playbooks/roles/traefik/tasks/configure.yml @@ -27,3 +27,22 @@ # variable_end_string: "]]]" notify: - reload traefik + +- name: "Copy files from [[ traefik_conf_dinamyc_files ]] on /etc/traefik/traefik.d/" + copy: + src: "{{ item.src }}" + dest: "/etc/traefik/traefik.d/{{ item.name }}" + mode: 0664 + with_items: "{{ traefik_conf_dinamyc_files }}" + when: + - "(traefik_conf_dinamyc_files is defined) and (traefik_conf_dinamyc_files|length > 0)" + - "(item.state is not defined) or (item.state != 'absent')" + +- name: "Delete files [[ traefik_conf_dinamyc_files ]] /etc/traefik/traefik.d/ if state=absent" + file: + dest: "/etc/traefik/traefik.d/{{ item.name }}" + state: absent + with_items: "{{ traefik_conf_dinamyc_files }}" + when: + - "(traefik_conf_dinamyc_files is defined) and (traefik_conf_dinamyc_files|length > 0)" + - "(item.state is defined) and (item.state == 'absent')" diff --git a/ansible/playbooks/roles/traefik/tasks/install.yml b/ansible/playbooks/roles/traefik/tasks/install.yml index 138d531..33c1e7d 100644 --- a/ansible/playbooks/roles/traefik/tasks/install.yml +++ b/ansible/playbooks/roles/traefik/tasks/install.yml @@ -15,6 +15,13 @@ mode: '0755' become: yes +- name: "Create /etc/traefik/traefik.d/ it does not exist" + file: + path: "/etc/traefik/traefik.d/" + state: directory + mode: '0755' + become: yes + - name: "Create /var/log/traefik/ it does not exist" file: path: "/var/log/traefik/"