Merge pull request #52 from shantanoo-desai/develop

refactor(influxdbv2, grafana): docker secrets + datasources change

tasks/configure-influxdbv2.yml

@@ -17,18 +17,6 @@
 
 # configure-influxdbv1.yml: Tasks file that generates the settings and Compose service file for InfluxDBv2
 ---
-- name: '(InfluxDBv2) Creating Deployment Specific Directory'
-  ansible.builtin.file:
-    name: "{{ komponist.deploy_dir }}/influxdbv2"
-    state: directory
-    mode: "0755"
-
-- name: '(InfluxDBv2) Generating Environment File for Deployment'
-  ansible.builtin.template:
-    src: config/influxdbv2/influxdbv2.env.j2
-    dest: "{{ komponist.deploy_dir }}/influxdbv2/influxdbv2.env"
-    mode: "0755"
-
 - name: '(InfluxDBv2) Generating Compose Service File for Deployment'
   ansible.builtin.template:
     src: services/docker-compose.influxdbv2.yml.j2

templates/config/grafana/provisioning/datasources/datasources.yml.j2

@@ -1,4 +1,4 @@
-# Komponist - Generate Your Favourite Compose Stack With the Least Effort
+{#- Komponist - Generate Your Favourite Compose Stack With the Least Effort
 #
 # Copyright (C) 2023  Shantanoo "Shan" Desai <[email protected]>
 #
@@ -13,30 +13,32 @@
 #   GNU Affero General Public License for more details.
 #
 #   You should have received a copy of the GNU Affero General Public License
-#   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#   along with this program.  If not, see <https://www.gnu.org/licenses/>.-#}
 
-{{ ansible_managed | comment }}
 
-{# datasources.yml.j2: Jinja2 Template for Grafana Datasources YAML file #}
+{#- datasources.yml.j2: Jinja2 Template for Grafana Datasources YAML file -#}
 
 apiVersion: 1
 
+deleteDataSources:
+
 datasources:
 {% if 'influxdbv1' in komponist.configuration.keys() %}
-  - name: Komponist InfluxDBv1 Datasource
+  - name: Komponist-InfluxDBv1
     type: influxdb
-    database: {{ credentials.influxdbv1.init_database }}
     access: proxy
+    database: {{ credentials.influxdbv1.init_database }}
     user: {{ credentials.influxdbv1.readwrite_user_username }}
     url: http://komponist_influxdbv1:8086
     jsonData:
       httpMode: GET
     secureJsonData:
       password: {{ credentials.influxdbv1.readwrite_user_password }}
+    editable: true
 {% endif %}
 
 {% if 'influxdbv2' in komponist.configuration.keys() %}
-  - name: Komponist InfluxDBv2 Datasource
+  - name: Komponist-InfluxDBv2
     type: influxdb
     access: proxy
     url: http://komponist_influxdbv2:8087
@@ -47,4 +49,5 @@ datasources:
       tlsSkipVerify: true
     secureJsonData:
       token: {{ credentials.influxdbv2.admin_token }}
+    editable: true
 {% endif %}

templates/config/komponist.env.j2

@@ -23,4 +23,11 @@
 # Grafana Admin Credentials
 GRAFANA_ADMIN_USERNAME={{ credentials.grafana.admin_username }}
 GRAFANA_ADMIN_PASSWORD={{ credentials.grafana.admin_password }}
+{% endif %}
+
+{% if 'influxdbv2' in komponist.configuration.keys() %}
+# InfluxDBv2 Admin Credentials
+INFLUXDBV2_ADMIN_USERNAME={{ credentials.influxdbv2.admin_username }}
+INFLUXDBV2_ADMIN_PASSWORD={{ credentials.influxdbv2.admin_password }}
+INFLUXDBV2_ADMIN_TOKEN={{ credentials.influxdbv2.admin_token }}
 {% endif %}

templates/services/docker-compose.grafana.yml.j2

@@ -45,7 +45,7 @@ services:
       - "traefik.http.routers.grafana-service=grafana-svc@file"
     security_opt:
       - "no-new-privileges:true"
-    user: "1000"
+    user: "{{ komponist.uid | default(ansible_user_uid) }}"
     volumes:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro

templates/services/docker-compose.influxdbv2.yml.j2

@@ -27,10 +27,14 @@ services:
     image: docker.io/influxdb:{{ komponist.configuration.influxdbv2.version | default('latest') }}
 {% endif %}
     container_name: komponist_influxdbv2
-    env_file:
-      - ./influxdbv2/influxdbv2.env
     environment:
       - DOCKER_INFLUXDB_INIT_MODE=setup
+      - DOCKER_INFLUXDB_INIT_ORG={{ credentials.influxdbv2.init_org_name }}
+      - DOCKER_INFLUXDB_INIT_BUCKET={{ credentials.influxdbv2.init_bucket }}
+      - DOCKER_INFLUXDB_INIT_RETENTION={{ credentials.influxdbv2.init_bucket_retention }}
+      - DOCKER_INFLUXDB_INIT_USERNAME_FILE=/run/secrets/influxdbv2_admin_username
+      - DOCKER_INFLUXDB_INIT_PASSWORD_FILE=/run/secrets/influxdbv2_admin_password
+      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdbv2_admin_token
 {% if komponist.configuration.influxdbv2.disable_ui | default(false) %}
       - INFLUXD_UI_DISABLED=true
 {% endif %}
@@ -41,8 +45,21 @@ services:
       - "traefik.http.routers.influxdbv2-middlewares=influxdbv2-mw@file"
       - "traefik.http.routers.influxdbv2-service=influxdbv2-svc@file"
 {% endif %}
+    secrets:
+      - influxdbv2_admin_username
+      - influxdbv2_admin_password
+      - influxdbv2_admin_token
     security_opt:
       - "no-new-privileges:true"
+    user: "{{ komponist.uid | default(ansible_user_uid) }}"
     volumes:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
+
+secrets:
+  influxdbv2_admin_username:
+    environment: INFLUXDBV2_ADMIN_USERNAME
+  influxdbv2_admin_password:
+    environment: INFLUXDBV2_ADMIN_PASSWORD
+  influxdbv2_admin_token:
+    environment: INFLUXDBV2_ADMIN_TOKEN

templates/services/docker-compose.mosquitto.yml.j2

@@ -32,7 +32,6 @@ services:
       - mosquitto_conf
       - mosquitto_acl
       - mosquitto_users
-    user: "1000"
     entrypoint: mosquitto -c /mosquitto_conf
     logging:
       options:
@@ -42,6 +41,7 @@ services:
       - "traefik.tcp.services.mosquitto=mosquitto-svc@file"
     security_opt:
       - "no-new-privileges:true"
+    user: "{{ komponist.uid | default(ansible_user_uid) }}"
     volumes:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro

templates/services/docker-compose.nodered.yml.j2

@@ -30,7 +30,6 @@ services:
     container_name: komponist_nodered
     configs:
       - nodered_settings
-    user: "1000"
     entrypoint: node-red -s /nodered_settings
     logging:
       options:
@@ -40,6 +39,7 @@ services:
       - "traefik.http.routers.nodered-service=nodered-svc@file"
     security_opt:
       - "no-new-privileges:true"
+    user: "{{ komponist.uid | default(ansible_user_uid) }}"
     volumes:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro

tests/test_generated_directories.yml

@@ -32,5 +32,6 @@
         success_msg: "PASS: {{ item.item }} exist under {{ komponist.deploy_dir }} directory"
         quiet: false
       loop: "{{ test_deploy_dir_service_state.results | map('ansible.utils.keep_keys', ['item', 'exists', 'isdir', 'mode']) }}"
+      when: "item.item != 'influxdbv2'"
       loop_control:
         label: "{{ item.item }}"

tests/test_generated_files.yml

@@ -50,7 +50,7 @@
 
     - name: Check InfluxDB V1/V2 Generated Files in deploy_dir
       ansible.builtin.include_tasks: "{{ playbook_dir }}/services/test_config_influxdb.yml"
-      with_items: "{{ komponist.configuration.keys() | select('match', 'influxdbv[1-2]') | list }}"
+      with_items: "{{ komponist.configuration.keys() | select('match', 'influxdbv1') | list }}"
 
     - name: Check Mosquitto MQTT Generated Files in deploy_dir
       ansible.builtin.include_tasks: "{{ playbook_dir }}/services/test_config_mosquitto.yml"

vars/config.yml

@@ -28,6 +28,13 @@ komponist:
   #           settings files + docker compose files
   # Acceptable Value: Complete Path to where the directory should exist
   deploy_dir: './deploy'
+  # Parameter: `uid` (OPTIONAL)
+  # Function: Use the user id of the host's user and avoid using `root`
+  #           within containers. This is also useful for containers that use
+  #           Docker Secrets
+  # Acceptable Value: pass value of `id -u` in terminal here
+  # Default Value: the uid of the current user set via `ansible_user_uid` variable
+  # uid: 1000
 
   configuration:
     nodered:
@@ -130,4 +137,4 @@ komponist:
       # Function: Docker Image Version to be pulled from an Image Repository
       # Acceptable Values: string
       # Default Value: 'latest'
-      version: '9.4.7'
+      version: '9.3.11'