summaryrefslogtreecommitdiff
path: root/roles/apps/pigallery2
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2022-07-13 22:07:12 +0200
committerChristian Pointner <equinox@spreadspace.org>2022-07-13 22:07:12 +0200
commit6a485dcc7065f048172e89e405068e6a5c1479b7 (patch)
tree07794f9751fd3689ceef344662adf41b6cf6e397 /roles/apps/pigallery2
parentupdate traffic shaping for ele-router-leslie (diff)
add apps/pigallery2
Diffstat (limited to 'roles/apps/pigallery2')
-rw-r--r--roles/apps/pigallery2/defaults/main.yml20
-rw-r--r--roles/apps/pigallery2/tasks/main.yml79
-rw-r--r--roles/apps/pigallery2/templates/pod-spec.yml.j247
3 files changed, 146 insertions, 0 deletions
diff --git a/roles/apps/pigallery2/defaults/main.yml b/roles/apps/pigallery2/defaults/main.yml
new file mode 100644
index 00000000..3affc3fb
--- /dev/null
+++ b/roles/apps/pigallery2/defaults/main.yml
@@ -0,0 +1,20 @@
+---
+pigallery2_app_uid: "970"
+pigallery2_app_gid: "970"
+
+# pigallery2_base_path: /srv/pigallery2
+
+# pigallery2_zfs:
+# pool: storage
+# name: pigallery2
+# properties:
+# compression: lz4
+
+# pigallery2_instances:
+# example:
+# version: 1.9.3
+# port: 8700
+# hostname: gallery.example.com
+# zfs_properties:
+# quota: 1G
+# images_path: /path/to/images
diff --git a/roles/apps/pigallery2/tasks/main.yml b/roles/apps/pigallery2/tasks/main.yml
new file mode 100644
index 00000000..f3a3acbc
--- /dev/null
+++ b/roles/apps/pigallery2/tasks/main.yml
@@ -0,0 +1,79 @@
+---
+- name: create zfs datasets
+ when: pigallery2_zfs is defined
+ block:
+ - name: create zfs base dataset
+ zfs:
+ name: "{{ pigallery2_zfs.pool }}/{{ pigallery2_zfs.name }}"
+ state: present
+ extra_zfs_properties: "{{ pigallery2_zfs.properties | dehumanize_zfs_properties | default(omit) }}"
+
+ - name: create zfs volumes for instances
+ loop: "{{ pigallery2_instances | dict2items }}"
+ loop_control:
+ label: "{{ item.key }} ({{ (item.value.zfs_properties | default({})).items() | map('join', '=') | join(', ') }})"
+ zfs:
+ name: "{{ pigallery2_zfs.pool }}/{{ pigallery2_zfs.name }}/{{ item.key }}"
+ state: present
+ extra_zfs_properties: "{{ item.value.zfs_properties | dehumanize_zfs_properties | default(omit) }}"
+
+ - name: configure pigallery2 base bath
+ set_fact:
+ pigallery2_base_path: "{{ (zfs_pools[pigallery2_zfs.pool].mountpoint, pigallery2_zfs.name) | path_join }}"
+
+
+- name: add group for pigallery2 app
+ group:
+ name: pigallery2
+ gid: "{{ pigallery2_app_gid }}"
+
+- name: add user for pigallery2 app
+ user:
+ name: pigallery2
+ uid: "{{ pigallery2_app_uid }}"
+ group: pigallery2
+ password: "!"
+
+- name: create instance subdirectories
+ loop: "{{ pigallery2_instances | product(['config', 'db', 'tmp']) | list }}"
+ loop_control:
+ label: "{{ item[0] }}/{{ item[1] }}"
+ file:
+ path: "{{ pigallery2_base_path }}/{{ item[0] }}/{{ item[1] }}"
+ state: directory
+ owner: pigallery2
+ group: pigallery2
+ mode: "700"
+
+
+- name: install pod manifest
+ loop: "{{ pigallery2_instances | dict2items }}"
+ loop_control:
+ label: "{{ item.key }}"
+ vars:
+ kubernetes_standalone_pod:
+ name: "pigallery2-{{ item.key }}"
+ spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+ mode: "0600"
+ include_role:
+ name: kubernetes/standalone/pod
+
+
+- name: configure nginx vhost
+ loop: "{{ pigallery2_instances | dict2items }}"
+ loop_control:
+ label: "{{ item.key }}"
+ vars:
+ nginx_vhost:
+ name: "pigallery2-{{ item.key }}"
+ template: generic-proxy-no-buffering-with-acme
+ acme: true
+ hostnames:
+ - "{{ item.value.hostname }}"
+ locations:
+ '/':
+ proxy_pass: "http://127.0.0.1:{{ item.value.port }}"
+ extra_directives: |-
+ client_max_body_size 0;
+ include_role:
+ name: nginx/vhost
diff --git a/roles/apps/pigallery2/templates/pod-spec.yml.j2 b/roles/apps/pigallery2/templates/pod-spec.yml.j2
new file mode 100644
index 00000000..e0921b3b
--- /dev/null
+++ b/roles/apps/pigallery2/templates/pod-spec.yml.j2
@@ -0,0 +1,47 @@
+securityContext:
+ allowPrivilegeEscalation: false
+containers:
+- name: pigallery2
+ image: "bpatrik/pigallery2:{{ item.value.version }}"
+ securityContext:
+ runAsUser: {{ pigallery2_app_uid }}
+ runAsGroup: {{ pigallery2_app_gid }}
+ resources:
+ limits:
+ memory: "1Gi"
+ volumeMounts:
+ - name: config
+ mountPath: /app/data/config
+ - name: db
+ mountPath: /app/data/db
+ - name: tmp
+ mountPath: /app/data/tmp
+ - name: images
+ mountPath: /app/data/images
+ readOnly: true
+ env:
+ - name: PORT
+ value: "{{ item.value.port }}"
+ - name: NODE_ENV
+ value: production
+ ports:
+ - containerPort: {{ item.value.port }}
+ hostPort: {{ item.value.port }}
+ hostIP: 127.0.0.1
+volumes:
+- name: config
+ hostPath:
+ path: "{{ pigallery2_base_path }}/{{ item.key }}/config/"
+ type: Directory
+- name: db
+ hostPath:
+ path: "{{ pigallery2_base_path }}/{{ item.key }}/db/"
+ type: Directory
+- name: tmp
+ hostPath:
+ path: "{{ pigallery2_base_path }}/{{ item.key }}/tmp/"
+ type: Directory
+- name: images
+ hostPath:
+ path: "{{ item.value.images_path }}"
+ type: Directory