adapt role: the image should not be run as root, but with user with id 82.

Replaced `su` with `su -p` in `compose.yaml` to ensure the environment variables of the parent shell are preserved when running the messenger consumer.

defaults/main.yml

@@ -13,6 +13,8 @@ traefik_image_traefik: "traefik:v3.2"
 # to install or not traefik as front-end
 traefik_install: true
 
+docker_secrets: []
+
 # default chill config for each environment
 default_chill:
   chill_environment: main_env
@@ -29,6 +31,8 @@ default_chill:
     - 10.0.0.0/8
     - 172.16.0.0/12
   chill_config:
+    # supplementary environment values to set in the in the env file
+    supplementary_environment_values: {}
     trusted_hosts: 'devpms.samusocial.be '
     database_host: '172.17.17.71'
     database_port: '5432'
@@ -50,5 +54,5 @@ default_chill:
     # jwt_public_key: '1234'
     rabbitmq_user: 'chilldev'
     # rabbitmq_password:
-    editor_server: 'https://collabora.samusocial.be'
+    editor_server: 'https://collabora.champs-libres.be'
     ovhcloud_dsn: 'null://null'

tasks/chill/main.yml

@@ -42,15 +42,15 @@
   ansible.builtin.file:
     path: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod"
     state: directory
-    owner: "{{ as_user }}"
-    mode: '0400'
+    owner: "82"
+    mode: '0500'
 
 - name: Copy configuration files
   ansible.builtin.template:
     src: "config/prod/{{ file }}"
     dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod/{{ file }}"
-    owner: "{{ as_user }}"
-    mode: '0444'
+    owner: "82"
+    mode: '0400'
   loop:
     - lexik_jwt_authentication.yaml
     - messenger.yaml

templates/compose.yaml

@@ -73,7 +73,7 @@ services:
               sleep 3 && bin/console cache:clear &&
               while ! [ -f /tmp/kill_me ];
               do
-              su -s /bin/bash -c 'php -d memory_limit=2G bin/console messenger:consume priority async --limit=20 --time-limit=600 -v' "www-data";
+              php -d memory_limit=2G bin/console messenger:consume priority async --limit=40 --time-limit=600 -v;
               done;
         pre_stop:
             - command:

templates/config/prod/messenger.yaml

@@ -18,4 +18,4 @@ framework:
             priority: 'doctrine://default'
             {% endif +%}
             failed: 'doctrine://default?queue_name=failed'
-            sync: 'sync://'
+            sync: 'sync://'

templates/config/prod/monolog.yaml

@@ -29,11 +29,9 @@ monolog:
       type: stream
       path: "%kernel.logs_dir%/default-%log_prefix%.log"
       level: info
-      channels: [ '!event', '!doctrine', '!console', '!chill' ]
+      channels: [ '!event', '!doctrine', '!console', '!chill', '!deprecation']
     deprecation_log:
-      type: stream
-      path: "%kernel.logs_dir%/deprecation-%log_prefix%.log"
-      level: info
+      type: 'null'
       channels: [ 'deprecation' ]
     console:
       type: console

templates/env_file.env

@@ -47,3 +47,6 @@ RABBITMQ_URL=amqp://{{ chill.chill_config.rabbitmq_user }}:{{ chill.chill_config
 DATABASE_URL=postgres://{{ chill.chill_config.database_user }}:{{ chill.chill_config.database_password }}@{% if chill.add_postgres %}database:5432{% else %}{{ chill.chill_config.database_host }}{% endif %}/{{ chill.chill_config.database_name }}?sslmode=prefer&charset=utf8&serverVersion={{ chill.chill_config.database_version }}
 EDITOR_SERVER={{ chill.chill_config.editor_server }}
 OVHCLOUD_DSN={{ chill.chill_config.ovhcloud_dsn }}
+{% for k, v in chill.chill_config.supplementary_environment_values.items() %}
+{{ k }}="{{ v }}"
+{% endfor %}

templates/logrotate/chill

@@ -1,26 +1,17 @@
-/var/log/chill/default-*.log {
+/var/log/chill/*.log {
   su php-fpm php-fpm
-  rotate 90
   daily
   compress
   missingok
   notifempty
+  copytruncate
+  rotate 90
 }
 
 /var/log/chill/privacy-*.log {
-  su php-fpm php-fpm
   rotate 180
-  daily
-  compress
-  missingok
-  notifempty
 }
 
 /var/log/chill/notifier-*.log {
-  su php-fpm php-fpm
   rotate 800
-  daily
-  compress
-  missingok
-  notifempty
-}
+}