Chill-project/ansible-role-chill
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Chill-project/ansible-role-chill:main
Branches Tags
Chill-project/ansible-role-chill:main Chill-project/ansible-role-chill:adaptation-202601
...
compare: Chill-project/ansible-role-chill:655d0cfbcf9f025f94ea06934dcd03d62b38ac55
Branches Tags
Chill-project/ansible-role-chill:adaptation-202601 Chill-project/ansible-role-chill:main

3 Commits
main ... 655d0cfbcf

Author SHA1 Message Date
julienfastre 655d0cfbcf Disable expose_port for chill configuration in defaults/main.yml 2026-01-20 17:07:13 +01:00
julienfastre 64d0a63e68 handle traefik_install variables, and set default values for each chill configuration 2026-01-20 16:33:32 +01:00
julienfastre f545970f05 Make Traefik installation optional via traefik_install variable 2026-01-19 17:55:29 +01:00
6 changed files with 108 additions and 61 deletions
Expand all files Collapse all files
defaults/main.yml
+36
View File
@@ -9,3 +9,39 @@ chill_image_redis: "redis"
chill_image_rabbitmq: "rabbitmq:3-management-alpine" chill_image_rabbitmq: "rabbitmq:3-management-alpine"
chill_image_relatorio: "registry.gitlab.com/champs-libres/public/relatorio-tornado/app:latest" chill_image_relatorio: "registry.gitlab.com/champs-libres/public/relatorio-tornado/app:latest"
traefik_image_traefik: "traefik:v3.2" traefik_image_traefik: "traefik:v3.2"
# to install or not traefik as front-end
traefik_install: true
# default chill config for each environment
default_chill:
chill_environment: main_env
add_postgres: false
chill_image_tag: v0.0.1-beta
host: 'devpms.samusocial.be'
tls_config: self_signed
expose_port: false # can be false, or the port number
chill_config:
trusted_hosts: 'devpms.samusocial.be '
database_host: '172.17.17.71'
database_port: '5432'
database_name: 'chilldev'
database_user: 'chilldev'
database_version: '15'
# database_password:
mailer_user: ''
mailer_host: 'smtp.example.com'
mailer_port: '25'
notification_host: 'https://devpms.samusocial.be '
notification_from_email: 'devpms@samusocial.be'
# app_secret:
# admin_password:
mailer_dsn: 'null://null'
mailer_url: 'null://null'
# jwt_passphrase:
# jwt_secret_key: '1234'
# jwt_public_key: '1234'
rabbitmq_user: 'chilldev'
# rabbitmq_password:
editor_server: 'https://collabora.samusocial.be'
ovhcloud_dsn: 'null://null'
tasks/chill/main.yml
+12 -12
View File
@@ -1,10 +1,10 @@
- name: Debug task - name: Merge defaults with item
ansible.builtin.debug: ansible.builtin.set_fact:
var: item chill: "{{ default_chill | combine(item, recursive=True) }}"
- name: Create directories to store compose project - name: Create directories to store compose project
ansible.builtin.file: ansible.builtin.file:
path: "{{ install_dir }}/{{ item['chill_environment'] }}" path: "{{ install_dir }}/{{ chill['chill_environment'] }}"
state: directory state: directory
mode: '0755' mode: '0755'
owner: "{{ as_user }}" owner: "{{ as_user }}"
@@ -12,34 +12,34 @@
- name: Add compose.yml file - name: Add compose.yml file
ansible.builtin.template: ansible.builtin.template:
src: compose.yaml src: compose.yaml
dest: "{{ install_dir }}/{{ item['chill_environment'] }}/compose.yaml" dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/compose.yaml"
owner: "{{ as_user }}" owner: "{{ as_user }}"
mode: '0444' mode: '0444'
- name: Add application environment file - name: Add application environment file
ansible.builtin.template: ansible.builtin.template:
src: env_file.env src: env_file.env
dest: "{{ install_dir }}/{{ item['chill_environment'] }}/env_file.env" dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/env_file.env"
owner: "{{ as_user }}" owner: "{{ as_user }}"
mode: '0400' mode: '0400'
- name: Add postgresql environment file if need - name: Add postgresql environment file if need
ansible.builtin.template: ansible.builtin.template:
src: postgres.env src: postgres.env
dest: "{{ install_dir }}/{{ item['chill_environment'] }}/postgres.env" dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/postgres.env"
owner: "{{ as_user }}" owner: "{{ as_user }}"
mode: '0400' mode: '0400'
- name: Add rabbitmq environment file - name: Add rabbitmq environment file
ansible.builtin.template: ansible.builtin.template:
src: rabbitmq.env src: rabbitmq.env
dest: "{{ install_dir }}/{{ item['chill_environment'] }}/rabbitmq.env" dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/rabbitmq.env"
owner: "{{ as_user }}" owner: "{{ as_user }}"
mode: '0400' mode: '0400'
- name: Create directory for storing configuration - name: Create directory for storing configuration
ansible.builtin.file: ansible.builtin.file:
path: "{{ install_dir }}/{{ item['chill_environment'] }}/config/prod" path: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod"
state: directory state: directory
owner: "{{ as_user }}" owner: "{{ as_user }}"
mode: '0400' mode: '0400'
@@ -47,7 +47,7 @@
- name: Copy configuration files - name: Copy configuration files
ansible.builtin.template: ansible.builtin.template:
src: "config/prod/{{ file }}" src: "config/prod/{{ file }}"
dest: "{{ install_dir }}/{{ item['chill_environment'] }}/config/prod/{{ file }}" dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod/{{ file }}"
owner: "{{ as_user }}" owner: "{{ as_user }}"
mode: '0444' mode: '0444'
loop: loop:
@@ -61,7 +61,7 @@
- name: Create directory for storing data - name: Create directory for storing data
ansible.builtin.file: ansible.builtin.file:
path: "{{ doc_storage_dir }}/{{ item['chill_environment'] }}" path: "{{ doc_storage_dir }}/{{ chill['chill_environment'] }}"
owner: "82" owner: "82"
group: "82" group: "82"
mode: '0766' mode: '0766'
@@ -71,6 +71,6 @@
# #
# - name: Ensure systemd timer for cronjob is up # - name: Ensure systemd timer for cronjob is up
# ansible.builtin.systemd_service: # ansible.builtin.systemd_service:
# name: "chill-cronjob@{{ item['chill_environment'] }}.timer" # name: "chill-cronjob@{{ chill['chill_environment'] }}.timer"
# state: restarted # state: restarted
# enabled: true # enabled: true
tasks/chill/self_signed.yml
+4 -4
View File
@@ -1,18 +1,18 @@
- name: Create directory for storing certificates - name: Create directory for storing certificates
ansible.builtin.file: ansible.builtin.file:
path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}" path: "/var/traefik/certs/chill/{{ chill['chill_environment'] }}"
state: directory state: directory
owner: "{{ as_user }}" owner: "{{ as_user }}"
mode: '0400' mode: '0400'
- name: Create private key - name: Create private key
community.crypto.openssl_privatekey: community.crypto.openssl_privatekey:
path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}/key.pem" path: "/var/traefik/certs/chill/{{ chill['chill_environment'] }}/key.pem"
- name: Create self signed certificate - name: Create self signed certificate
community.crypto.x509_certificate: community.crypto.x509_certificate:
privatekey_path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}/key.pem" privatekey_path: "/var/traefik/certs/chill/{{ chill['chill_environment'] }}/key.pem"
path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}/cert.pem" path: "/var/traefik/certs/chill/{{ chill['chill_environment'] }}/cert.pem"
provider: selfsigned provider: selfsigned
tasks/main.yml
+1 -4
View File
@@ -13,10 +13,6 @@
docker_install_compose_plugin: true docker_install_compose_plugin: true
docker_add_repo: true docker_add_repo: true
- name: Print all available facts
ansible.builtin.debug:
var: ansible_facts
- name: Authenticate against private docker registry - name: Authenticate against private docker registry
community.docker.docker_login: community.docker.docker_login:
registry_url: "{{ registry_url }}" registry_url: "{{ registry_url }}"
@@ -60,6 +56,7 @@
- name: Install traefik - name: Install traefik
ansible.builtin.include_tasks: traefik.yml ansible.builtin.include_tasks: traefik.yml
when: traefik_install
- name: Install systemd services - name: Install systemd services
ansible.builtin.template: ansible.builtin.template:
templates/compose.yaml
+27 -14
View File
@@ -2,42 +2,51 @@
services: services:
frontend: frontend:
image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ item.chill_image_tag }} image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ chill.chill_image_tag }}
links: links:
- app:php - app:php
{% if traefik_install %}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=traefik" - "traefik.docker.network=traefik"
- "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)" - "traefik.http.routers.frontend-{{ chill.chill_environment }}.rule=Host(`{{ chill.host }}`)"
- "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=websecure" - "traefik.http.routers.frontend-{{ chill.chill_environment }}.entrypoints=websecure"
{%+ if item.tls_config == 'self_signed' +%} {%+ if chill.tls_config == 'self_signed' +%}
- "traefik.http.routers.frontend-{{ item.chill_environment }}.tls=true" - "traefik.http.routers.frontend-{{ chill.chill_environment }}.tls=true"
{%+ endif +%} {%+ endif +%}
{%+ if item.expose_port is not false +%} {%+ if chill.expose_port is not false +%}
- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.rule=PathPrefix(`/`)" - "traefik.http.routers.frontend-exp-{{ chill.chill_environment }}.rule=PathPrefix(`/`)"
- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.entrypoints=chill{{ item.chill_environment }}" - "traefik.http.routers.frontend-exp-{{ chill.chill_environment }}.entrypoints=chill{{ chill.chill_environment }}"
{%+ if item.tls_config == 'self_signed' +%} {%+ if chill.tls_config == 'self_signed' +%}
- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.tls=true" - "traefik.http.routers.frontend-exp-{{ chill.chill_environment }}.tls=true"
{%+ endif +%} {%+ endif +%}
{%+ endif +%} {%+ endif +%}
{% endif %}
networks: networks:
{% if traefik_install %}
- traefik - traefik
{% endif %}
- default - default
restart: always restart: always
app: &defaultApp app: &defaultApp
image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ item.chill_image_tag }} image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ chill.chill_image_tag }}
env_file: env_file:
- env_file.env - env_file.env
volumes: volumes:
- './config/prod:/var/www/app/config/packages/prod:ro' - './config/prod:/var/www/app/config/packages/prod:ro'
- '/var/log/chill:/var/www/app/var/log:rw' - '/var/log/chill:/var/www/app/var/log:rw'
- '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage:rw' - '{{ doc_storage_dir }}/{{ chill['chill_environment'] }}:/var/storage:rw'
links: links:
- redis - redis
- relatorio - relatorio
- rabbitmq - rabbitmq
{% if item.add_postgres -%}
{% if chill.add_postgres -%}
- database - database
{%- endif %} {%- endif %}
@@ -71,7 +80,7 @@ services:
command: ["bin/console", "chill:cron-job:execute", "-v"] command: ["bin/console", "chill:cron-job:execute", "-v"]
restart: "no" restart: "no"
{% if item.add_postgres %} {% if chill.add_postgres %}
database: database:
image: "{{ database_image }}" image: "{{ database_image }}"
@@ -137,6 +146,10 @@ services:
restart: always restart: always
networks: networks:
{% if traefik_install %}
traefik: traefik:
external: true external: true
{% endif %}
default: default:
templates/env_file.env
+28 -27
View File
@@ -8,39 +8,40 @@ REDIS_PORT=6379
REDIS_URL=redis://redis:6379 REDIS_URL=redis://redis:6379
RELATORIO_HOST=relatorio RELATORIO_HOST=relatorio
RELATORIO_PORT=8888 RELATORIO_PORT=8888
TRUSTED_HOSTS={{ item.chill_config.trusted_hosts }} TRUSTED_HOSTS={{ chill.chill_config.trusted_hosts }}
DATABASE_HOST={{ item.chill_config.database_host }} DATABASE_HOST={{ chill.chill_config.database_host }}
DATABASE_PORT={{ item.chill_config.database_port }} DATABASE_PORT={{ chill.chill_config.database_port }}
DATABASE_NAME={{ item.chill_config.database_name }} DATABASE_NAME={{ chill.chill_config.database_name }}
DATABASE_USER={{ item.chill_config.database_user }} DATABASE_USER={{ chill.chill_config.database_user }}
DATABASE_VERSION={{ item.chill_config.database_version }} DATABASE_VERSION={{ chill.chill_config.database_version }}
LOCALE=fr LOCALE=fr
MAILER_PROTOCOL=smtp MAILER_PROTOCOL=smtp
MAILER_USER={{ item.chill_config.mailer_user }} MAILER_USER={{ chill.chill_config.mailer_user }}
MAILER_HOST={{ item.chill_config.mailer_host }} MAILER_HOST={{ chill.chill_config.mailer_host }}
MAILER_PORT={{ item.chill_config.mailer_port }} MAILER_PORT={{ chill.chill_config.mailer_port }}
NOTIFICATION_HOST={{ item.chill_config.notification_host }} NOTIFICATION_HOST={{ chill.chill_config.notification_host }}
NOTIFICATION_FROM_EMAIL={{ item.chill_config.notification_from_email }} NOTIFICATION_FROM_EMAIL={{ chill.chill_config.notification_from_email }}
ASYNC_UPLOAD_TEMP_URL_BASE_PATH= ASYNC_UPLOAD_TEMP_URL_BASE_PATH=
ASYNC_UPLOAD_TEMP_URL_CONTAINER= ASYNC_UPLOAD_TEMP_URL_CONTAINER=
ASYNC_UPLOAD_TEMP_URL_KEY= ASYNC_UPLOAD_TEMP_URL_KEY=
DEFAULT_CARRIER_CODE=FR DEFAULT_CARRIER_CODE=FR
APP_SECRET={{ item.chill_config.app_secret }} APP_SECRET={{ chill.chill_config.app_secret }}
ADMIN_PASSWORD={{ item.chill_config.admin_password }} ADMIN_PASSWORD={{ chill.chill_config.admin_password }}
{% if item.chill_config.admin_password_1 is defined -%} {% if chill.chill_config.admin_password_1 is defined -%}
ADMIN_PASSWORD_1={{ item.chill_config.admin_password_1 }} ADMIN_PASSWORD_1={{ chill.chill_config.admin_password_1 }}
{% endif -%} {% endif -%}
{% if item.chill_config.admin_password_2 is defined -%} {% if chill.chill_config.admin_password_2 is defined -%}
ADMIN_PASSWORD_2={{ item.chill_config.admin_password_2 }} ADMIN_PASSWORD_2={{ chill.chill_config.admin_password_2 }}
{% endif -%} {% endif -%}
{% if item.chill_config.admin_password_3 is defined -%} {% if chill.chill_config.admin_password_3 is defined -%}
ADMIN_PASSWORD_3={{ item.chill_config.admin_password_3 }} ADMIN_PASSWORD_3={{ chill.chill_config.admin_password_3 }}
{% endif -%} {% endif -%}
MAILER_DSN={{ item.chill_config.mailer_dsn }} MAILER_DSN={{ chill.chill_config.mailer_dsn }}
MAILER_URL={{ item.chill_config.mailer_url }} MAILER_URL={{ chill.chill_config.mailer_url }}
JWT_PASSPHRASE={{ item.chill_config.jwt_passphrase }} JWT_PASSPHRASE={{ chill.chill_config.jwt_passphrase }}
JWT_SECRET_KEY={{ item.chill_config.jwt_secret_key }} JWT_SECRET_KEY={{ chill.chill_config.jwt_secret_key }}
JWT_PUBLIC_KEY={{ item.chill_config.jwt_public_key }} JWT_PUBLIC_KEY={{ chill.chill_config.jwt_public_key }}
RABBITMQ_URL=amqp://{{ item.chill_config.rabbitmq_user }}:{{ item.chill_config.rabbitmq_password }}@rabbitmq/%2f RABBITMQ_URL=amqp://{{ chill.chill_config.rabbitmq_user }}:{{ chill.chill_config.rabbitmq_password }}@rabbitmq/%2f
DATABASE_URL=postgres://{{ item.chill_config.database_user }}:{{ item.chill_config.database_password }}@{% if item.add_postgres %}database:5432{% else %}{{ item.chill_config.database_host }}{% endif %}/{{ item.chill_config.database_name }}?sslmode=prefer&charset=utf8&serverVersion={{ item.chill_config.database_version }} DATABASE_URL=postgres://{{ chill.chill_config.database_user }}:{{ chill.chill_config.database_password }}@{% if chill.add_postgres %}database:5432{% else %}{{ chill.chill_config.database_host }}{% endif %}/{{ chill.chill_config.database_name }}?sslmode=prefer&charset=utf8&serverVersion={{ chill.chill_config.database_version }}
EDITOR_SERVER={{ item.chill_config.editor_server }} EDITOR_SERVER={{ chill.chill_config.editor_server }}
OVHCLOUD_DSN={{ chill.chill_config.ovhcloud_dsn }}