adapt role: the image should not be run as root, but with user with id 82.

Update messenger consumer shell command for preserved environment variables
Replaced `su` with `su -p` in `compose.yaml` to ensure the environment variables of the parent shell are preserved when running the messenger consumer.
2026-05-15 15:15:24 +02:00 · 2026-04-18 01:00:36 +02:00 · 2026-03-13 12:58:11 +01:00 · 2026-01-27 16:21:58 +01:00 · 2026-01-27 16:21:52 +01:00 · 2026-01-27 16:21:34 +01:00
8 changed files with 52 additions and 23 deletions
@@ -13,6 +13,8 @@ traefik_image_traefik: "traefik:v3.2"
 # to install or not traefik as front-end
 traefik_install: true
 docker_secrets: []
 # default chill config for each environment
 default_chill:
  chill_environment: main_env
@@ -21,7 +23,16 @@ default_chill:
  host: 'devpms.samusocial.be'
  tls_config: self_signed
  expose_port: false # can be false, or the port number
  # use rabbitmq as message broker. If not in use, it will be replaced by doctrine
  rabbitmq_install: true
  proxy_ips:
    # 127.0.0.1 is always added
    - 192.168.0.0/16
    - 10.0.0.0/8
    - 172.16.0.0/12
  chill_config:
    # supplementary environment values to set in the in the env file
    supplementary_environment_values: {}
    trusted_hosts: 'devpms.samusocial.be '
    database_host: '172.17.17.71'
    database_port: '5432'
@@ -43,5 +54,5 @@ default_chill:
    # jwt_public_key: '1234'
    rabbitmq_user: 'chilldev'
    # rabbitmq_password:
-    editor_server: 'https://collabora.samusocial.be'
+    editor_server: 'https://collabora.champs-libres.be'
    ovhcloud_dsn: 'null://null'
@@ -36,20 +36,21 @@
    dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/rabbitmq.env"
    owner: "{{ as_user }}"
    mode: '0400'
  when: chill.rabbitmq_install
 - name: Create directory for storing configuration
  ansible.builtin.file:
    path: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod"
    state: directory
-    owner: "{{ as_user }}"
+    owner: "82"
-    mode: '0400'
+    mode: '0500'
 - name: Copy configuration files
  ansible.builtin.template:
    src: "config/prod/{{ file }}"
    dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod/{{ file }}"
-    owner: "{{ as_user }}"
+    owner: "82"
-    mode: '0444'
+    mode: '0400'
  loop:
    - lexik_jwt_authentication.yaml
    - messenger.yaml
@@ -49,7 +49,9 @@ services:
        links:
            - redis
            - relatorio
            {% if chill.rabbitmq_install +%}
            - rabbitmq
            {%+ endif %}
            {% if chill.add_postgres -%}
            - database
@@ -71,7 +73,7 @@ services:
              sleep 3 && bin/console cache:clear &&
              while ! [ -f /tmp/kill_me ];
              do
-              su -s /bin/bash -c 'php -d memory_limit=2G bin/console messenger:consume priority async --limit=20 --time-limit=600 -v' "www-data";
+              php -d memory_limit=2G bin/console messenger:consume priority async --limit=40 --time-limit=600 -v;
              done;
        pre_stop:
            - command:
@@ -137,6 +139,7 @@ services:
 #            rabbitmq:
 #                condition: service_healthy
    {% if chill.rabbitmq_install +%}
    rabbitmq:
        image: "{{ chill_image_rabbitmq }}"
        env_file:
@@ -149,6 +152,7 @@ services:
        networks:
            - default
        restart: always
   {% endif %}
 networks:
@@ -1,7 +1,11 @@
 # this file is managed by ansible. Do not edit it by hand
 framework:
    {% if traefik_install +%}
    trusted_proxies: '127.0.0.1,REMOTE_ADDR{% for ip in traefik_trusted_ips|default([]) %},{{ ip }}{% endfor %}'
    {%+ else %}
    trusted_proxies: '127.0.0.1,{% for ip in chill.proxy_ips %}{{ ip }}{% if not loop.last %},{% endif %}{% endfor %}'
    {%+ endif %}
    trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
 parameters:
@@ -2,6 +2,7 @@
 framework:
    messenger:
        transports:
            {% if chill.rabbitmq_install +%}
            async:
                dsn: '%env(RABBITMQ_URL)%/async'
                options:
@@ -12,5 +13,9 @@ framework:
                        async: ~
                    auto_setup: true
            priority: '%env(RABBITMQ_URL)%/priority'
            {% else +%}
            async: 'doctrine://default'
            priority: 'doctrine://default'
            {% endif +%}
            failed: 'doctrine://default?queue_name=failed'
            sync: 'sync://'
@@ -6,7 +6,7 @@
 #
 parameters:
-  log_prefix: 'test'
+  log_prefix: '{{ chill.chill_environment }}'
 monolog:
  # make a "notifier" channel available
  channels: ['notifier']
@@ -16,6 +16,10 @@ monolog:
      path: "%kernel.logs_dir%/notifier-%log_prefix%.log"
      level: info
      channels: [ 'notifier' ]
    errors_log:
      type: stream
      path: "%kernel.logs_dir%/error-%log_prefix%.log"
      level: error
    privacy_log:
      type: stream
      path: "%kernel.logs_dir%/privacy-%log_prefix%.log"
@@ -25,9 +29,13 @@ monolog:
      type: stream
      path: "%kernel.logs_dir%/default-%log_prefix%.log"
      level: info
-      channels: [ '!event', '!doctrine', '!console', '!chill',]
+      channels: [ '!event', '!doctrine', '!console', '!chill', '!deprecation']
    deprecation_log:
      type: 'null'
      channels: [ 'deprecation' ]
    console:
      type: console
      process_psr_3_messages: false
-      channels: [ '!event', '!doctrine', '!console']
+      level: error
      channels: [ '!event', '!doctrine', '!console', '!deprecation']
      bubble: true
@@ -41,7 +41,12 @@ MAILER_URL={{ chill.chill_config.mailer_url }}
 JWT_PASSPHRASE={{ chill.chill_config.jwt_passphrase }}
 JWT_SECRET_KEY={{ chill.chill_config.jwt_secret_key }}
 JWT_PUBLIC_KEY={{ chill.chill_config.jwt_public_key }}
 {% if chill.rabbitmq_install %}
 RABBITMQ_URL=amqp://{{ chill.chill_config.rabbitmq_user }}:{{ chill.chill_config.rabbitmq_password }}@rabbitmq/%2f
 {% endif %}
 DATABASE_URL=postgres://{{ chill.chill_config.database_user }}:{{ chill.chill_config.database_password }}@{% if chill.add_postgres %}database:5432{% else %}{{ chill.chill_config.database_host }}{% endif %}/{{ chill.chill_config.database_name }}?sslmode=prefer&charset=utf8&serverVersion={{ chill.chill_config.database_version }}
 EDITOR_SERVER={{ chill.chill_config.editor_server }}
 OVHCLOUD_DSN={{ chill.chill_config.ovhcloud_dsn }}
 {% for k, v in chill.chill_config.supplementary_environment_values.items() %}
 {{ k }}="{{ v }}"
 {% endfor %}
@@ -1,26 +1,17 @@
-/var/log/chill/default-*.log {
+/var/log/chill/*.log {
  su php-fpm php-fpm
  rotate 90
  daily
  compress
  missingok
  notifempty
  copytruncate
  rotate 90
 }
 /var/log/chill/privacy-*.log {
  su php-fpm php-fpm
  rotate 180
  daily
  compress
  missingok
  notifempty
 }
 /var/log/chill/notifier-*.log {
  su php-fpm php-fpm
  rotate 800
  daily
  compress
  missingok
  notifempty
 }
Author	SHA1	Message	Date
julienfastre	0dcd51b601	adapt role: the image should not be run as root, but with user with id 82.	2026-05-15 15:15:24 +02:00
julienfastre	8ccb88503a	Update messenger consumer shell command for preserved environment variables Replaced `su` with `su -p` in `compose.yaml` to ensure the environment variables of the parent shell are preserved when running the messenger consumer.	2026-04-18 01:00:36 +02:00
julienfastre	3f99ea7fcd	Add support for supplementary environment values in Chill configuration Introduced `supplementary_environment_values` in Chill defaults and updated `env_file.env` template to dynamically inject custom environment variables. Added placeholder `docker_secrets` for future secrets management.	2026-03-13 12:58:11 +01:00
julienfastre	9904b9a038	Separate deprecation logs into a dedicated handler and adjust console log level to error	2026-01-27 16:21:58 +01:00
julienfastre	93c4534204	Make proxy IP configuration dynamic and expand RabbitMQ settings Added a new `proxy_ips` variable for flexible proxy IP configuration in Chill defaults and updated framework template. Enhanced RabbitMQ integration with a conditional `rabbitmq_install` option.	2026-01-27 16:21:52 +01:00
julienfastre	43a8ccff28	Make RabbitMQ integration optional in Chill configuration Introduced a new `rabbitmq_install` variable to conditionally enable RabbitMQ components in `compose.yaml`, `messenger.yaml`, and `env_file.env`. Updated related Ansible tasks to respect this variable.	2026-01-27 16:21:34 +01:00
julienfastre	38a3d44897	Update monolog configuration to use dynamic log prefix and add error log handler Revised `monolog.yaml` to replace static `log_prefix` with `chill_environment` variable and added a new `errors_log` handler. Expanded exclusion channels in default handler to include `deprecation`.	2026-01-23 08:56:47 +01:00