diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2022-07-13 22:07:12 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2022-07-13 22:07:12 +0200 |
| commit | 6a485dcc7065f048172e89e405068e6a5c1479b7 (patch) | |
| tree | 07794f9751fd3689ceef344662adf41b6cf6e397 /roles/apps/pigallery2 | |
| parent | update traffic shaping for ele-router-leslie (diff) | |
add apps/pigallery2
Diffstat (limited to 'roles/apps/pigallery2')
| -rw-r--r-- | roles/apps/pigallery2/defaults/main.yml | 20 | ||||
| -rw-r--r-- | roles/apps/pigallery2/tasks/main.yml | 79 | ||||
| -rw-r--r-- | roles/apps/pigallery2/templates/pod-spec.yml.j2 | 47 |
3 files changed, 146 insertions, 0 deletions
diff --git a/roles/apps/pigallery2/defaults/main.yml b/roles/apps/pigallery2/defaults/main.yml new file mode 100644 index 00000000..3affc3fb --- /dev/null +++ b/roles/apps/pigallery2/defaults/main.yml @@ -0,0 +1,20 @@ +--- +pigallery2_app_uid: "970" +pigallery2_app_gid: "970" + +# pigallery2_base_path: /srv/pigallery2 + +# pigallery2_zfs: +# pool: storage +# name: pigallery2 +# properties: +# compression: lz4 + +# pigallery2_instances: +# example: +# version: 1.9.3 +# port: 8700 +# hostname: gallery.example.com +# zfs_properties: +# quota: 1G +# images_path: /path/to/images diff --git a/roles/apps/pigallery2/tasks/main.yml b/roles/apps/pigallery2/tasks/main.yml new file mode 100644 index 00000000..f3a3acbc --- /dev/null +++ b/roles/apps/pigallery2/tasks/main.yml @@ -0,0 +1,79 @@ +--- +- name: create zfs datasets + when: pigallery2_zfs is defined + block: + - name: create zfs base dataset + zfs: + name: "{{ pigallery2_zfs.pool }}/{{ pigallery2_zfs.name }}" + state: present + extra_zfs_properties: "{{ pigallery2_zfs.properties | dehumanize_zfs_properties | default(omit) }}" + + - name: create zfs volumes for instances + loop: "{{ pigallery2_instances | dict2items }}" + loop_control: + label: "{{ item.key }} ({{ (item.value.zfs_properties | default({})).items() | map('join', '=') | join(', ') }})" + zfs: + name: "{{ pigallery2_zfs.pool }}/{{ pigallery2_zfs.name }}/{{ item.key }}" + state: present + extra_zfs_properties: "{{ item.value.zfs_properties | dehumanize_zfs_properties | default(omit) }}" + + - name: configure pigallery2 base bath + set_fact: + pigallery2_base_path: "{{ (zfs_pools[pigallery2_zfs.pool].mountpoint, pigallery2_zfs.name) | path_join }}" + + +- name: add group for pigallery2 app + group: + name: pigallery2 + gid: "{{ pigallery2_app_gid }}" + +- name: add user for pigallery2 app + user: + name: pigallery2 + uid: "{{ pigallery2_app_uid }}" + group: pigallery2 + password: "!" + +- name: create instance subdirectories + loop: "{{ pigallery2_instances | product(['config', 'db', 'tmp']) | list }}" + loop_control: + label: "{{ item[0] }}/{{ item[1] }}" + file: + path: "{{ pigallery2_base_path }}/{{ item[0] }}/{{ item[1] }}" + state: directory + owner: pigallery2 + group: pigallery2 + mode: "700" + + +- name: install pod manifest + loop: "{{ pigallery2_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + kubernetes_standalone_pod: + name: "pigallery2-{{ item.key }}" + spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" + mode: "0600" + include_role: + name: kubernetes/standalone/pod + + +- name: configure nginx vhost + loop: "{{ pigallery2_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + nginx_vhost: + name: "pigallery2-{{ item.key }}" + template: generic-proxy-no-buffering-with-acme + acme: true + hostnames: + - "{{ item.value.hostname }}" + locations: + '/': + proxy_pass: "http://127.0.0.1:{{ item.value.port }}" + extra_directives: |- + client_max_body_size 0; + include_role: + name: nginx/vhost diff --git a/roles/apps/pigallery2/templates/pod-spec.yml.j2 b/roles/apps/pigallery2/templates/pod-spec.yml.j2 new file mode 100644 index 00000000..e0921b3b --- /dev/null +++ b/roles/apps/pigallery2/templates/pod-spec.yml.j2 @@ -0,0 +1,47 @@ +securityContext: + allowPrivilegeEscalation: false +containers: +- name: pigallery2 + image: "bpatrik/pigallery2:{{ item.value.version }}" + securityContext: + runAsUser: {{ pigallery2_app_uid }} + runAsGroup: {{ pigallery2_app_gid }} + resources: + limits: + memory: "1Gi" + volumeMounts: + - name: config + mountPath: /app/data/config + - name: db + mountPath: /app/data/db + - name: tmp + mountPath: /app/data/tmp + - name: images + mountPath: /app/data/images + readOnly: true + env: + - name: PORT + value: "{{ item.value.port }}" + - name: NODE_ENV + value: production + ports: + - containerPort: {{ item.value.port }} + hostPort: {{ item.value.port }} + hostIP: 127.0.0.1 +volumes: +- name: config + hostPath: + path: "{{ pigallery2_base_path }}/{{ item.key }}/config/" + type: Directory +- name: db + hostPath: + path: "{{ pigallery2_base_path }}/{{ item.key }}/db/" + type: Directory +- name: tmp + hostPath: + path: "{{ pigallery2_base_path }}/{{ item.key }}/tmp/" + type: Directory +- name: images + hostPath: + path: "{{ item.value.images_path }}" + type: Directory |