From 8ead7328f74d0e1893e1df065526a0a51bed7bc5 Mon Sep 17 00:00:00 2001 From: Shantanoo 'Shan' Desai Date: Tue, 11 Apr 2023 20:01:00 +0200 Subject: [PATCH 1/5] refactor(grafana): make datasources editable - remove the license header + ansible managed header - make datasources editable - use `-` in Datasources name closes #51 Signed-off-by: Shantanoo 'Shan' Desai --- .../provisioning/datasources/datasources.yml.j2 | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/templates/config/grafana/provisioning/datasources/datasources.yml.j2 b/templates/config/grafana/provisioning/datasources/datasources.yml.j2 index ae28751..c112016 100644 --- a/templates/config/grafana/provisioning/datasources/datasources.yml.j2 +++ b/templates/config/grafana/provisioning/datasources/datasources.yml.j2 @@ -1,4 +1,4 @@ -# Komponist - Generate Your Favourite Compose Stack With the Least Effort +{#- Komponist - Generate Your Favourite Compose Stack With the Least Effort # # Copyright (C) 2023 Shantanoo "Shan" Desai # @@ -13,30 +13,32 @@ # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . +# along with this program. If not, see .-#} -{{ ansible_managed | comment }} -{# datasources.yml.j2: Jinja2 Template for Grafana Datasources YAML file #} +{#- datasources.yml.j2: Jinja2 Template for Grafana Datasources YAML file -#} apiVersion: 1 +deleteDataSources: + datasources: {% if 'influxdbv1' in komponist.configuration.keys() %} - - name: Komponist InfluxDBv1 Datasource + - name: Komponist-InfluxDBv1 type: influxdb - database: {{ credentials.influxdbv1.init_database }} access: proxy + database: {{ credentials.influxdbv1.init_database }} user: {{ credentials.influxdbv1.readwrite_user_username }} url: http://komponist_influxdbv1:8086 jsonData: httpMode: GET secureJsonData: password: {{ credentials.influxdbv1.readwrite_user_password }} + editable: true {% endif %} {% if 'influxdbv2' in komponist.configuration.keys() %} - - name: Komponist InfluxDBv2 Datasource + - name: Komponist-InfluxDBv2 type: influxdb access: proxy url: http://komponist_influxdbv2:8087 @@ -47,4 +49,5 @@ datasources: tlsSkipVerify: true secureJsonData: token: {{ credentials.influxdbv2.admin_token }} + editable: true {% endif %} \ No newline at end of file From acce082b3d273215b646de38971f2c0072ddf829 Mon Sep 17 00:00:00 2001 From: Shantanoo 'Shan' Desai Date: Tue, 11 Apr 2023 21:23:06 +0200 Subject: [PATCH 2/5] refactor(influxdbv2): use docker secrets for init closes #48 Signed-off-by: Shantanoo 'Shan' Desai --- tasks/configure-influxdbv2.yml | 12 -------- templates/config/influxdbv2/influxdbv2.env.j2 | 28 ------------------- templates/config/komponist.env.j2 | 7 +++++ .../services/docker-compose.influxdbv2.yml.j2 | 21 ++++++++++++-- 4 files changed, 26 insertions(+), 42 deletions(-) delete mode 100644 templates/config/influxdbv2/influxdbv2.env.j2 diff --git a/tasks/configure-influxdbv2.yml b/tasks/configure-influxdbv2.yml index d2d854b..5b8757d 100644 --- a/tasks/configure-influxdbv2.yml +++ b/tasks/configure-influxdbv2.yml @@ -17,18 +17,6 @@ # configure-influxdbv1.yml: Tasks file that generates the settings and Compose service file for InfluxDBv2 --- -- name: '(InfluxDBv2) Creating Deployment Specific Directory' - ansible.builtin.file: - name: "{{ komponist.deploy_dir }}/influxdbv2" - state: directory - mode: "0755" - -- name: '(InfluxDBv2) Generating Environment File for Deployment' - ansible.builtin.template: - src: config/influxdbv2/influxdbv2.env.j2 - dest: "{{ komponist.deploy_dir }}/influxdbv2/influxdbv2.env" - mode: "0755" - - name: '(InfluxDBv2) Generating Compose Service File for Deployment' ansible.builtin.template: src: services/docker-compose.influxdbv2.yml.j2 diff --git a/templates/config/influxdbv2/influxdbv2.env.j2 b/templates/config/influxdbv2/influxdbv2.env.j2 deleted file mode 100644 index c29ca30..0000000 --- a/templates/config/influxdbv2/influxdbv2.env.j2 +++ /dev/null @@ -1,28 +0,0 @@ -# Komponist - Generate Your Favourite Compose Stack With the Least Effort -# -# Copyright (C) 2023 Shantanoo "Shan" Desai -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published -# by the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . - -{{ ansible_managed | comment }} - -{# influxdbv2.env.j2: Jinja2 Template InfluxDBv2 Environment Variables #} - -DOCKER_INFLUXDB_INIT_ORG={{ credentials.influxdbv2.init_org_name }} -DOCKER_INFLUXDB_INIT_BUCKET={{ credentials.influxdbv2.init_bucket }} -DOCKER_INFLUXDB_INIT_RETENTION={{ credentials.influxdbv2.init_bucket_retention }} - -DOCKER_INFLUXDB_INIT_USERNAME={{ credentials.influxdbv2.admin_username }} -DOCKER_INFLUXDB_INIT_PASSWORD={{ credentials.influxdbv2.admin_password }} -DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ credentials.influxdbv2.admin_token }} \ No newline at end of file diff --git a/templates/config/komponist.env.j2 b/templates/config/komponist.env.j2 index 0a50c8f..9af44ca 100644 --- a/templates/config/komponist.env.j2 +++ b/templates/config/komponist.env.j2 @@ -23,4 +23,11 @@ # Grafana Admin Credentials GRAFANA_ADMIN_USERNAME={{ credentials.grafana.admin_username }} GRAFANA_ADMIN_PASSWORD={{ credentials.grafana.admin_password }} +{% endif %} + +{% if 'influxdbv2' in komponist.configuration.keys() %} +# InfluxDBv2 Admin Credentials +INFLUXDBV2_ADMIN_USERNAME={{ credentials.influxdbv2.admin_username }} +INFLUXDBV2_ADMIN_PASSWORD={{ credentials.influxdbv2.admin_password }} +INFLUXDBV2_ADMIN_TOKEN={{ credentials.influxdbv2.admin_token }} {% endif %} \ No newline at end of file diff --git a/templates/services/docker-compose.influxdbv2.yml.j2 b/templates/services/docker-compose.influxdbv2.yml.j2 index 153e625..536a90f 100644 --- a/templates/services/docker-compose.influxdbv2.yml.j2 +++ b/templates/services/docker-compose.influxdbv2.yml.j2 @@ -27,10 +27,15 @@ services: image: docker.io/influxdb:{{ komponist.configuration.influxdbv2.version | default('latest') }} {% endif %} container_name: komponist_influxdbv2 - env_file: - - ./influxdbv2/influxdbv2.env + user: "1000" environment: - DOCKER_INFLUXDB_INIT_MODE=setup + - DOCKER_INFLUXDB_INIT_ORG={{ credentials.influxdbv2.init_org_name }} + - DOCKER_INFLUXDB_INIT_BUCKET={{ credentials.influxdbv2.init_bucket }} + - DOCKER_INFLUXDB_INIT_RETENTION={{ credentials.influxdbv2.init_bucket_retention }} + - DOCKER_INFLUXDB_INIT_USERNAME_FILE=/run/secrets/influxdbv2_admin_username + - DOCKER_INFLUXDB_INIT_PASSWORD_FILE=/run/secrets/influxdbv2_admin_password + - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdbv2_admin_token {% if komponist.configuration.influxdbv2.disable_ui | default(false) %} - INFLUXD_UI_DISABLED=true {% endif %} @@ -41,8 +46,20 @@ services: - "traefik.http.routers.influxdbv2-middlewares=influxdbv2-mw@file" - "traefik.http.routers.influxdbv2-service=influxdbv2-svc@file" {% endif %} + secrets: + - influxdbv2_admin_username + - influxdbv2_admin_password + - influxdbv2_admin_token security_opt: - "no-new-privileges:true" volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro + +secrets: + influxdbv2_admin_username: + environment: INFLUXDBV2_ADMIN_USERNAME + influxdbv2_admin_password: + environment: INFLUXDBV2_ADMIN_PASSWORD + influxdbv2_admin_token: + environment: INFLUXDBV2_ADMIN_TOKEN \ No newline at end of file From 2cee43e935ed367b141cb2311236f19e2c7af584 Mon Sep 17 00:00:00 2001 From: Shantanoo 'Shan' Desai Date: Tue, 11 Apr 2023 21:41:27 +0200 Subject: [PATCH 3/5] refactor: configure `user` parameter via uid config closes #49 Signed-off-by: Shantanoo 'Shan' Desai --- templates/services/docker-compose.grafana.yml.j2 | 2 +- templates/services/docker-compose.influxdbv2.yml.j2 | 2 +- templates/services/docker-compose.mosquitto.yml.j2 | 2 +- templates/services/docker-compose.nodered.yml.j2 | 2 +- vars/config.yml | 7 +++++++ 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/templates/services/docker-compose.grafana.yml.j2 b/templates/services/docker-compose.grafana.yml.j2 index daf56de..5a9548a 100644 --- a/templates/services/docker-compose.grafana.yml.j2 +++ b/templates/services/docker-compose.grafana.yml.j2 @@ -45,7 +45,7 @@ services: - "traefik.http.routers.grafana-service=grafana-svc@file" security_opt: - "no-new-privileges:true" - user: "1000" + user: "{{ komponist.uid | default(ansible_user_uid) }}" volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro diff --git a/templates/services/docker-compose.influxdbv2.yml.j2 b/templates/services/docker-compose.influxdbv2.yml.j2 index 536a90f..bd2e730 100644 --- a/templates/services/docker-compose.influxdbv2.yml.j2 +++ b/templates/services/docker-compose.influxdbv2.yml.j2 @@ -27,7 +27,6 @@ services: image: docker.io/influxdb:{{ komponist.configuration.influxdbv2.version | default('latest') }} {% endif %} container_name: komponist_influxdbv2 - user: "1000" environment: - DOCKER_INFLUXDB_INIT_MODE=setup - DOCKER_INFLUXDB_INIT_ORG={{ credentials.influxdbv2.init_org_name }} @@ -52,6 +51,7 @@ services: - influxdbv2_admin_token security_opt: - "no-new-privileges:true" + user: "{{ komponist.uid | default(ansible_user_uid) }}" volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro diff --git a/templates/services/docker-compose.mosquitto.yml.j2 b/templates/services/docker-compose.mosquitto.yml.j2 index a0e519d..b09d02b 100644 --- a/templates/services/docker-compose.mosquitto.yml.j2 +++ b/templates/services/docker-compose.mosquitto.yml.j2 @@ -32,7 +32,6 @@ services: - mosquitto_conf - mosquitto_acl - mosquitto_users - user: "1000" entrypoint: mosquitto -c /mosquitto_conf logging: options: @@ -42,6 +41,7 @@ services: - "traefik.tcp.services.mosquitto=mosquitto-svc@file" security_opt: - "no-new-privileges:true" + user: "{{ komponist.uid | default(ansible_user_uid) }}" volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro diff --git a/templates/services/docker-compose.nodered.yml.j2 b/templates/services/docker-compose.nodered.yml.j2 index 4ae5f78..13a8c47 100644 --- a/templates/services/docker-compose.nodered.yml.j2 +++ b/templates/services/docker-compose.nodered.yml.j2 @@ -30,7 +30,6 @@ services: container_name: komponist_nodered configs: - nodered_settings - user: "1000" entrypoint: node-red -s /nodered_settings logging: options: @@ -40,6 +39,7 @@ services: - "traefik.http.routers.nodered-service=nodered-svc@file" security_opt: - "no-new-privileges:true" + user: "{{ komponist.uid | default(ansible_user_uid) }}" volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro diff --git a/vars/config.yml b/vars/config.yml index 70484db..8cdf32e 100644 --- a/vars/config.yml +++ b/vars/config.yml @@ -28,6 +28,13 @@ komponist: # settings files + docker compose files # Acceptable Value: Complete Path to where the directory should exist deploy_dir: './deploy' + # Parameter: `uid` (OPTIONAL) + # Function: Use the user id of the host's user and avoid using `root` + # within containers. This is also useful for containers that use + # Docker Secrets + # Acceptable Value: pass value of `id -u` in terminal here + # Default Value: the uid of the current user set via `ansible_user_uid` variable + # uid: 1000 configuration: nodered: From d0d9bc4501e866dbb575f7736cc91223d6978034 Mon Sep 17 00:00:00 2001 From: Shantanoo 'Shan' Desai Date: Sat, 15 Apr 2023 20:23:56 +0200 Subject: [PATCH 4/5] fix(grafana): revert to v9.3.11 - temporary fix to tackle current regression of datasources problem in grafana mentioned in #50 Signed-off-by: Shantanoo 'Shan' Desai --- vars/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/config.yml b/vars/config.yml index 8cdf32e..65fa566 100644 --- a/vars/config.yml +++ b/vars/config.yml @@ -137,4 +137,4 @@ komponist: # Function: Docker Image Version to be pulled from an Image Repository # Acceptable Values: string # Default Value: 'latest' - version: '9.4.7' + version: '9.3.11' From 73c2657050ade3923974c1f437a3242c2cef820f Mon Sep 17 00:00:00 2001 From: Shantanoo 'Shan' Desai Date: Sat, 15 Apr 2023 20:27:30 +0200 Subject: [PATCH 5/5] refactor(tests): remove checks for influxdbv2 dir with the new changes in influxdbv2's admin credentials injection via docker secrets, remove the checks for the dedicated `influxdbv2` directory relates to #48 Signed-off-by: Shantanoo 'Shan' Desai --- tests/test_generated_directories.yml | 1 + tests/test_generated_files.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/test_generated_directories.yml b/tests/test_generated_directories.yml index 4217eeb..b8b8853 100644 --- a/tests/test_generated_directories.yml +++ b/tests/test_generated_directories.yml @@ -32,5 +32,6 @@ success_msg: "PASS: {{ item.item }} exist under {{ komponist.deploy_dir }} directory" quiet: false loop: "{{ test_deploy_dir_service_state.results | map('ansible.utils.keep_keys', ['item', 'exists', 'isdir', 'mode']) }}" + when: "item.item != 'influxdbv2'" loop_control: label: "{{ item.item }}" diff --git a/tests/test_generated_files.yml b/tests/test_generated_files.yml index 81092ea..82a570e 100644 --- a/tests/test_generated_files.yml +++ b/tests/test_generated_files.yml @@ -50,7 +50,7 @@ - name: Check InfluxDB V1/V2 Generated Files in deploy_dir ansible.builtin.include_tasks: "{{ playbook_dir }}/services/test_config_influxdb.yml" - with_items: "{{ komponist.configuration.keys() | select('match', 'influxdbv[1-2]') | list }}" + with_items: "{{ komponist.configuration.keys() | select('match', 'influxdbv1') | list }}" - name: Check Mosquitto MQTT Generated Files in deploy_dir ansible.builtin.include_tasks: "{{ playbook_dir }}/services/test_config_mosquitto.yml"