From 64d0a63e68842c6c2898aa035c9299e1b5688707 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julien=20Fastr=C3=A9?= Date: Tue, 20 Jan 2026 16:33:32 +0100 Subject: [PATCH] handle traefik_install variables, and set default values for each chill configuration --- defaults/main.yml | 35 ++++++++++++++++++++++- tasks/chill/main.yml | 24 ++++++++-------- tasks/chill/self_signed.yml | 8 +++--- tasks/main.yml | 4 --- templates/compose.yaml | 41 +++++++++++++++++---------- templates/env_file.env | 55 +++++++++++++++++++------------------ 6 files changed, 105 insertions(+), 62 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 02c3903..a3e6afb 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,4 +11,37 @@ chill_image_relatorio: "registry.gitlab.com/champs-libres/public/relatorio-torna traefik_image_traefik: "traefik:v3.2" # to install or not traefik as front-end -traefik_install: true \ No newline at end of file +traefik_install: true + +# default chill config for each environment +default_chill: + chill_environment: main_env + add_postgres: false + chill_image_tag: v0.0.1-beta + host: 'devpms.samusocial.be' + tls_config: self_signed + expose_port: 8010 # can be false, or the port number + chill_config: + trusted_hosts: 'devpms.samusocial.be ' + database_host: '172.17.17.71' + database_port: '5432' + database_name: 'chilldev' + database_user: 'chilldev' + database_version: '15' + # database_password: + mailer_user: '' + mailer_host: 'smtp.example.com' + mailer_port: '25' + notification_host: 'https://devpms.samusocial.be ' + notification_from_email: 'devpms@samusocial.be' + # app_secret: + # admin_password: + mailer_dsn: 'null://null' + mailer_url: 'null://null' + # jwt_passphrase: + # jwt_secret_key: '1234' + # jwt_public_key: '1234' + rabbitmq_user: 'chilldev' + # rabbitmq_password: + editor_server: 'https://collabora.samusocial.be' + ovhcloud_dsn: 'null://null' \ No newline at end of file diff --git a/tasks/chill/main.yml b/tasks/chill/main.yml index 96cfb16..3b968b0 100644 --- a/tasks/chill/main.yml +++ b/tasks/chill/main.yml @@ -1,10 +1,10 @@ -- name: Debug task - ansible.builtin.debug: - var: item +- name: Merge defaults with item + ansible.builtin.set_fact: + chill: "{{ default_chill | combine(item, recursive=True) }}" - name: Create directories to store compose project ansible.builtin.file: - path: "{{ install_dir }}/{{ item['chill_environment'] }}" + path: "{{ install_dir }}/{{ chill['chill_environment'] }}" state: directory mode: '0755' owner: "{{ as_user }}" @@ -12,34 +12,34 @@ - name: Add compose.yml file ansible.builtin.template: src: compose.yaml - dest: "{{ install_dir }}/{{ item['chill_environment'] }}/compose.yaml" + dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/compose.yaml" owner: "{{ as_user }}" mode: '0444' - name: Add application environment file ansible.builtin.template: src: env_file.env - dest: "{{ install_dir }}/{{ item['chill_environment'] }}/env_file.env" + dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/env_file.env" owner: "{{ as_user }}" mode: '0400' - name: Add postgresql environment file if need ansible.builtin.template: src: postgres.env - dest: "{{ install_dir }}/{{ item['chill_environment'] }}/postgres.env" + dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/postgres.env" owner: "{{ as_user }}" mode: '0400' - name: Add rabbitmq environment file ansible.builtin.template: src: rabbitmq.env - dest: "{{ install_dir }}/{{ item['chill_environment'] }}/rabbitmq.env" + dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/rabbitmq.env" owner: "{{ as_user }}" mode: '0400' - name: Create directory for storing configuration ansible.builtin.file: - path: "{{ install_dir }}/{{ item['chill_environment'] }}/config/prod" + path: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod" state: directory owner: "{{ as_user }}" mode: '0400' @@ -47,7 +47,7 @@ - name: Copy configuration files ansible.builtin.template: src: "config/prod/{{ file }}" - dest: "{{ install_dir }}/{{ item['chill_environment'] }}/config/prod/{{ file }}" + dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod/{{ file }}" owner: "{{ as_user }}" mode: '0444' loop: @@ -61,7 +61,7 @@ - name: Create directory for storing data ansible.builtin.file: - path: "{{ doc_storage_dir }}/{{ item['chill_environment'] }}" + path: "{{ doc_storage_dir }}/{{ chill['chill_environment'] }}" owner: "82" group: "82" mode: '0766' @@ -71,6 +71,6 @@ # # - name: Ensure systemd timer for cronjob is up # ansible.builtin.systemd_service: -# name: "chill-cronjob@{{ item['chill_environment'] }}.timer" +# name: "chill-cronjob@{{ chill['chill_environment'] }}.timer" # state: restarted # enabled: true diff --git a/tasks/chill/self_signed.yml b/tasks/chill/self_signed.yml index 288887c..c083138 100644 --- a/tasks/chill/self_signed.yml +++ b/tasks/chill/self_signed.yml @@ -1,18 +1,18 @@ - name: Create directory for storing certificates ansible.builtin.file: - path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}" + path: "/var/traefik/certs/chill/{{ chill['chill_environment'] }}" state: directory owner: "{{ as_user }}" mode: '0400' - name: Create private key community.crypto.openssl_privatekey: - path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}/key.pem" + path: "/var/traefik/certs/chill/{{ chill['chill_environment'] }}/key.pem" - name: Create self signed certificate community.crypto.x509_certificate: - privatekey_path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}/key.pem" - path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}/cert.pem" + privatekey_path: "/var/traefik/certs/chill/{{ chill['chill_environment'] }}/key.pem" + path: "/var/traefik/certs/chill/{{ chill['chill_environment'] }}/cert.pem" provider: selfsigned diff --git a/tasks/main.yml b/tasks/main.yml index 7072ab1..9d525d3 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,10 +13,6 @@ docker_install_compose_plugin: true docker_add_repo: true -- name: Print all available facts - ansible.builtin.debug: - var: ansible_facts - - name: Authenticate against private docker registry community.docker.docker_login: registry_url: "{{ registry_url }}" diff --git a/templates/compose.yaml b/templates/compose.yaml index c8c25db..fa65a1e 100644 --- a/templates/compose.yaml +++ b/templates/compose.yaml @@ -2,42 +2,51 @@ services: frontend: - image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ item.chill_image_tag }} + image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ chill.chill_image_tag }} links: - app:php + + {% if traefik_install %} labels: - "traefik.enable=true" - "traefik.docker.network=traefik" - - "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)" - - "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=websecure" - {%+ if item.tls_config == 'self_signed' +%} - - "traefik.http.routers.frontend-{{ item.chill_environment }}.tls=true" + - "traefik.http.routers.frontend-{{ chill.chill_environment }}.rule=Host(`{{ chill.host }}`)" + - "traefik.http.routers.frontend-{{ chill.chill_environment }}.entrypoints=websecure" + {%+ if chill.tls_config == 'self_signed' +%} + - "traefik.http.routers.frontend-{{ chill.chill_environment }}.tls=true" {%+ endif +%} - {%+ if item.expose_port is not false +%} - - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.rule=PathPrefix(`/`)" - - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.entrypoints=chill{{ item.chill_environment }}" - {%+ if item.tls_config == 'self_signed' +%} - - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.tls=true" + {%+ if chill.expose_port is not false +%} + - "traefik.http.routers.frontend-exp-{{ chill.chill_environment }}.rule=PathPrefix(`/`)" + - "traefik.http.routers.frontend-exp-{{ chill.chill_environment }}.entrypoints=chill{{ chill.chill_environment }}" + {%+ if chill.tls_config == 'self_signed' +%} + - "traefik.http.routers.frontend-exp-{{ chill.chill_environment }}.tls=true" {%+ endif +%} {%+ endif +%} + {% endif %} + networks: + + {% if traefik_install %} - traefik + {% endif %} + - default restart: always app: &defaultApp - image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ item.chill_image_tag }} + image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ chill.chill_image_tag }} env_file: - env_file.env volumes: - './config/prod:/var/www/app/config/packages/prod:ro' - '/var/log/chill:/var/www/app/var/log:rw' - - '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage:rw' + - '{{ doc_storage_dir }}/{{ chill['chill_environment'] }}:/var/storage:rw' links: - redis - relatorio - rabbitmq - {% if item.add_postgres -%} + + {% if chill.add_postgres -%} - database {%- endif %} @@ -71,7 +80,7 @@ services: command: ["bin/console", "chill:cron-job:execute", "-v"] restart: "no" - {% if item.add_postgres %} + {% if chill.add_postgres %} database: image: "{{ database_image }}" @@ -137,6 +146,10 @@ services: restart: always networks: + + {% if traefik_install %} traefik: external: true + {% endif %} + default: \ No newline at end of file diff --git a/templates/env_file.env b/templates/env_file.env index b7992a8..427803e 100644 --- a/templates/env_file.env +++ b/templates/env_file.env @@ -8,39 +8,40 @@ REDIS_PORT=6379 REDIS_URL=redis://redis:6379 RELATORIO_HOST=relatorio RELATORIO_PORT=8888 -TRUSTED_HOSTS={{ item.chill_config.trusted_hosts }} -DATABASE_HOST={{ item.chill_config.database_host }} -DATABASE_PORT={{ item.chill_config.database_port }} -DATABASE_NAME={{ item.chill_config.database_name }} -DATABASE_USER={{ item.chill_config.database_user }} -DATABASE_VERSION={{ item.chill_config.database_version }} +TRUSTED_HOSTS={{ chill.chill_config.trusted_hosts }} +DATABASE_HOST={{ chill.chill_config.database_host }} +DATABASE_PORT={{ chill.chill_config.database_port }} +DATABASE_NAME={{ chill.chill_config.database_name }} +DATABASE_USER={{ chill.chill_config.database_user }} +DATABASE_VERSION={{ chill.chill_config.database_version }} LOCALE=fr MAILER_PROTOCOL=smtp -MAILER_USER={{ item.chill_config.mailer_user }} -MAILER_HOST={{ item.chill_config.mailer_host }} -MAILER_PORT={{ item.chill_config.mailer_port }} -NOTIFICATION_HOST={{ item.chill_config.notification_host }} -NOTIFICATION_FROM_EMAIL={{ item.chill_config.notification_from_email }} +MAILER_USER={{ chill.chill_config.mailer_user }} +MAILER_HOST={{ chill.chill_config.mailer_host }} +MAILER_PORT={{ chill.chill_config.mailer_port }} +NOTIFICATION_HOST={{ chill.chill_config.notification_host }} +NOTIFICATION_FROM_EMAIL={{ chill.chill_config.notification_from_email }} ASYNC_UPLOAD_TEMP_URL_BASE_PATH= ASYNC_UPLOAD_TEMP_URL_CONTAINER= ASYNC_UPLOAD_TEMP_URL_KEY= DEFAULT_CARRIER_CODE=FR -APP_SECRET={{ item.chill_config.app_secret }} -ADMIN_PASSWORD={{ item.chill_config.admin_password }} -{% if item.chill_config.admin_password_1 is defined -%} -ADMIN_PASSWORD_1={{ item.chill_config.admin_password_1 }} +APP_SECRET={{ chill.chill_config.app_secret }} +ADMIN_PASSWORD={{ chill.chill_config.admin_password }} +{% if chill.chill_config.admin_password_1 is defined -%} +ADMIN_PASSWORD_1={{ chill.chill_config.admin_password_1 }} {% endif -%} -{% if item.chill_config.admin_password_2 is defined -%} -ADMIN_PASSWORD_2={{ item.chill_config.admin_password_2 }} +{% if chill.chill_config.admin_password_2 is defined -%} +ADMIN_PASSWORD_2={{ chill.chill_config.admin_password_2 }} {% endif -%} -{% if item.chill_config.admin_password_3 is defined -%} -ADMIN_PASSWORD_3={{ item.chill_config.admin_password_3 }} +{% if chill.chill_config.admin_password_3 is defined -%} +ADMIN_PASSWORD_3={{ chill.chill_config.admin_password_3 }} {% endif -%} -MAILER_DSN={{ item.chill_config.mailer_dsn }} -MAILER_URL={{ item.chill_config.mailer_url }} -JWT_PASSPHRASE={{ item.chill_config.jwt_passphrase }} -JWT_SECRET_KEY={{ item.chill_config.jwt_secret_key }} -JWT_PUBLIC_KEY={{ item.chill_config.jwt_public_key }} -RABBITMQ_URL=amqp://{{ item.chill_config.rabbitmq_user }}:{{ item.chill_config.rabbitmq_password }}@rabbitmq/%2f -DATABASE_URL=postgres://{{ item.chill_config.database_user }}:{{ item.chill_config.database_password }}@{% if item.add_postgres %}database:5432{% else %}{{ item.chill_config.database_host }}{% endif %}/{{ item.chill_config.database_name }}?sslmode=prefer&charset=utf8&serverVersion={{ item.chill_config.database_version }} -EDITOR_SERVER={{ item.chill_config.editor_server }} +MAILER_DSN={{ chill.chill_config.mailer_dsn }} +MAILER_URL={{ chill.chill_config.mailer_url }} +JWT_PASSPHRASE={{ chill.chill_config.jwt_passphrase }} +JWT_SECRET_KEY={{ chill.chill_config.jwt_secret_key }} +JWT_PUBLIC_KEY={{ chill.chill_config.jwt_public_key }} +RABBITMQ_URL=amqp://{{ chill.chill_config.rabbitmq_user }}:{{ chill.chill_config.rabbitmq_password }}@rabbitmq/%2f +DATABASE_URL=postgres://{{ chill.chill_config.database_user }}:{{ chill.chill_config.database_password }}@{% if chill.add_postgres %}database:5432{% else %}{{ chill.chill_config.database_host }}{% endif %}/{{ chill.chill_config.database_name }}?sslmode=prefer&charset=utf8&serverVersion={{ chill.chill_config.database_version }} +EDITOR_SERVER={{ chill.chill_config.editor_server }} +OVHCLOUD_DSN={{ chill.chill_config.ovhcloud_dsn }}