collabora/code: move to new-style app layout and generic storage config

author: Christian Pointner <equinox@spreadspace.org> 2024-08-25 23:03:52 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2024-08-25 23:03:52 +0200
commit: fa5bacba97c0c9513dcdbb24b5464157184c4ee1 (patch)
tree: 3681bf971131faae1a4a0e9bc515e3df12e055d6 /roles
parent: collabora/code: remove legacy file naming (lool vs cool) (diff)
12 files changed, 122 insertions, 122 deletions
diff --git a/roles/apps/collabora/code/contrib/extract-coolwsdxml.sh b/roles/apps/collabora/code/contrib/extract-coolwsdxml.sh
index 3f1a2f9e..26496ea7 100755
--- a/roles/apps/collabora/code/contrib/extract-coolwsdxml.sh
+++ b/roles/apps/collabora/code/contrib/extract-coolwsdxml.sh
@@ -8,7 +8,7 @@ VERSION="$1"
 
 IMAGE_TAG="$VERSION"
 IMAGE_NAME="collabora/code"
-CONF_D=$(realpath "${BASH_SOURCE%/*}/../templates/config")
+CONF_D=$(realpath "${BASH_SOURCE%/*}/../instance/templates/config")
 CONTAINER_NAME="collabora-code-coolwsd.xml-extractor"
 
 sudo docker rm "$CONTAINER_NAME" > /dev/null 2>&1
diff --git a/roles/apps/collabora/code/defaults/main.yml b/roles/apps/collabora/code/defaults/main.yml
index ef0699c1..d8d8cfcb 100644
--- a/roles/apps/collabora/code/defaults/main.yml
+++ b/roles/apps/collabora/code/defaults/main.yml
@@ -1,22 +1,22 @@
 ---
-collabora_code_base_path: /srv/collabora/code
-
 # collabora_code_instances:
 #   example:
 #     version: 4.0.6.1
 #     port: 8200
 #     hostname: office.example.com
+#     storage:
+#       type: ...
 #     admin:
 #       username: admin
 #       password: S3cret
-#    backend_storages:
-#    - cloud.example.com
-#    macros: # optional (by default allowed=false)
-#      allowed: true
-#      security_level: 1
-#    custom_image:        # optional
-#      from: foo/bar:1.0  # optional
-#      dockerfile: |
-#        USER root
-#        RUN apt-get install ...
-#        USER 101
+#     backend_storages:
+#     - cloud.example.com
+#     macros: # optional (by default allowed=false)
+#       allowed: true
+#       security_level: 1
+#     custom_image:        # optional
+#       from: foo/bar:1.0  # optional
+#       dockerfile: |
+#         USER root
+#         RUN apt-get install ...
+#         USER 101
diff --git a/roles/apps/collabora/code/instance/tasks/custom-image.yml b/roles/apps/collabora/code/instance/tasks/custom-image.yml
new file mode 100644
index 00000000..212fff36
--- /dev/null
+++ b/roles/apps/collabora/code/instance/tasks/custom-image.yml
@@ -0,0 +1,24 @@
+---
+- name: create build directory for custom image
+  file:
+    path: "{{ collabora_code_instance_basepath }}/build"
+    state: directory
+
+- name: generate Dockerfile for custom image
+  copy:
+    content: |
+      FROM {{ collabora_code_instances[collabora_code_instance].custom_image.from | default('collabora/code:' + collabora_code_instances[collabora_code_instance].version) }}
+      {{ collabora_code_instances[collabora_code_instance].custom_image.dockerfile }}
+    dest: "{{ collabora_code_instance_basepath }}/build/Dockerfile"
+  register: collabora_code_custom_image_docker
+
+- name: build custom image
+  docker_image:
+    name: "collabora/code/{{ collabora_code_instance }}:{{ collabora_code_instances[collabora_code_instance].version }}"
+    state: present
+    force_source: "{{ collabora_code_custom_image_docker is changed }}"
+    source: build
+    build:
+      path: "{{ collabora_code_instance_basepath }}/build"
+      network: host
+      pull: yes
diff --git a/roles/apps/collabora/code/instance/tasks/main.yml b/roles/apps/collabora/code/instance/tasks/main.yml
new file mode 100644
index 00000000..eed473a0
--- /dev/null
+++ b/roles/apps/collabora/code/instance/tasks/main.yml
@@ -0,0 +1,54 @@
+---
+- name: prepare storage volume
+  vars:
+    storage_volume: "{{ collabora_code_instances[collabora_code_instance].storage }}"
+  include_role:
+    name: "storage/{{ collabora_code_instances[collabora_code_instance].storage.type }}/volume"
+
+- set_fact:
+    collabora_code_instance_basepath: "{{ storage_volume_mountpoint }}"
+
+- name: create instance config directory
+  file:
+    path: "{{ collabora_code_instance_basepath }}/config"
+    state: directory
+    mode: 0750
+
+- name: generate configuration file
+  template:
+    src: "config/coolwsd.{{ collabora_code_instances[collabora_code_instance].version }}.xml.j2"
+    dest: "{{ collabora_code_instance_basepath }}/config/coolwsd.xml"
+
+- name: build custom image
+  when: "'custom_image' in collabora_code_instances[collabora_code_instance]"
+  include_tasks: custom-image.yml
+
+- name: install pod manifest
+  vars:
+    kubernetes_standalone_pod:
+      name: "collabora-code-{{ collabora_code_instance }}"
+      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+      mode: "0600"
+      config_hash_items:
+      - path: "{{ collabora_code_instance_basepath }}/config/coolwsd.xml"
+        properties:
+        - checksum
+  include_role:
+    name: kubernetes/standalone/pod
+
+- name: render nginx-vhost custom config
+  set_fact:
+    collabora_code_nginx_vhost_custom: "{{ lookup('template', 'nginx-vhost.conf.j2') }}"
+
+- name: configure nginx vhost
+  vars:
+    nginx_vhost:
+      name: "collabora-code-{{ collabora_code_instance }}"
+      template: generic
+      tls:
+        certificate_provider: "{{ acme_client }}"
+      hostnames:
+      - "{{ collabora_code_instances[collabora_code_instance].hostname }}"
+      custom: "{{ collabora_code_nginx_vhost_custom }}"
+  include_role:
+    name: nginx/vhost
diff --git a/roles/apps/collabora/code/templates/config/coolwsd.21.11.1.3.1.xml.j2 b/roles/apps/collabora/code/instance/templates/config/coolwsd.21.11.1.3.1.xml.j2
index 05e9e3fa..2ae58c40 100644
--- a/roles/apps/collabora/code/templates/config/coolwsd.21.11.1.3.1.xml.j2
+++ b/roles/apps/collabora/code/instance/templates/config/coolwsd.21.11.1.3.1.xml.j2
@@ -13,7 +13,7 @@
     <child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
     <mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree>
 
-    <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">{{ item.value.hostname }}</server_name>
+    <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">{{ collabora_code_instances[collabora_code_instance].hostname }}</server_name>
     <file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing cool." type="path" relative="true" default="browser/../"></file_server_root_path>
     <hexify_embedded_urls desc="Enable to protect encoded URLs from getting decoded by intermediate hops. Particularly useful on Azure deployments" type="bool" default="false"></hexify_embedded_urls>
 
@@ -163,8 +163,8 @@
       <seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
       <capabilities desc="Should we require capabilities to isolate processes into chroot jails" type="bool" default="true">true</capabilities>
       <jwt_expiry_secs desc="Time in seconds before the Admin Console's JWT token expires" type="int" default="1800">1800</jwt_expiry_secs>
-      <enable_macros_execution desc="Specifies whether the macro execution is enabled in general. This will enable Basic, Beanshell, Javascript and Python scripts. If it is set to false, the macro_security_level is ignored. If it is set to true, the mentioned entry specified the level of macro security." type="bool" default="false">{{ item.value.macros.allowed | default(false) | ternary('true', 'false') }}</enable_macros_execution>
-      <macro_security_level desc="Level of Macro security. 1 (Medium) Confirmation required before executing macros from untrusted sources. 0 (Low, not recommended) All macros will be executed without confirmation." type="int" default="1">{{ item.value.macros.security_level | default('1') }}</macro_security_level>
+      <enable_macros_execution desc="Specifies whether the macro execution is enabled in general. This will enable Basic, Beanshell, Javascript and Python scripts. If it is set to false, the macro_security_level is ignored. If it is set to true, the mentioned entry specified the level of macro security." type="bool" default="false">{{ collabora_code_instances[collabora_code_instance].macros.allowed | default(false) | ternary('true', 'false') }}</enable_macros_execution>
+      <macro_security_level desc="Level of Macro security. 1 (Medium) Confirmation required before executing macros from untrusted sources. 0 (Low, not recommended) All macros will be executed without confirmation." type="int" default="1">{{ collabora_code_instances[collabora_code_instance].macros.security_level | default('1') }}</macro_security_level>
       <enable_metrics_unauthenticated desc="When enabled, the /cool/getMetrics endpoint will not require authentication." type="bool" default="false">false</enable_metrics_unauthenticated>
     </security>
 
@@ -191,7 +191,7 @@
         <filesystem allow="false" />
         <wopi desc="Allow/deny wopi storage." allow="true">
             <host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
-{% for backend in item.value.backend_storages %}
+{% for backend in collabora_code_instances[collabora_code_instance].backend_storages %}
             <host allow="true">{{ backend }}</host>
 {% endfor %}
             <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
@@ -214,8 +214,8 @@
     <admin_console desc="Web admin console settings.">
         <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
         <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
-        <username desc="The username of the admin console. Ignored if PAM is enabled.">{{ item.value.admin.username }}</username>
-        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password.">{{ item.value.admin.password }}</password>
+        <username desc="The username of the admin console. Ignored if PAM is enabled.">{{ collabora_code_instances[collabora_code_instance].admin.username }}</username>
+        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password.">{{ collabora_code_instances[collabora_code_instance].admin.password }}</password>
     </admin_console>
 
     <monitors desc="Addresses of servers we connect to on start for monitoring">
diff --git a/roles/apps/collabora/code/templates/config/coolwsd.23.05.5.2.1.xml.j2 b/roles/apps/collabora/code/instance/templates/config/coolwsd.23.05.5.2.1.xml.j2
index 4b002328..7fee4ef5 100644
--- a/roles/apps/collabora/code/templates/config/coolwsd.23.05.5.2.1.xml.j2
+++ b/roles/apps/collabora/code/instance/templates/config/coolwsd.23.05.5.2.1.xml.j2
@@ -38,7 +38,7 @@
     <child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
     <mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree>
 
-    <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">{{ item.value.hostname }}</server_name>
+    <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">{{ collabora_code_instances[collabora_code_instance].hostname }}</server_name>
     <file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing cool." type="path" relative="true" default="browser/../"></file_server_root_path>
     <hexify_embedded_urls desc="Enable to protect encoded URLs from getting decoded by intermediate hops. Particularly useful on Azure deployments" type="bool" default="false"></hexify_embedded_urls>
     <experimental_features desc="Enable/Disable experimental features" type="bool" default="true">true</experimental_features>
@@ -194,8 +194,8 @@
       <seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
       <capabilities desc="Should we require capabilities to isolate processes into chroot jails" type="bool" default="true">true</capabilities>
       <jwt_expiry_secs desc="Time in seconds before the Admin Console's JWT token expires" type="int" default="1800">1800</jwt_expiry_secs>
-      <enable_macros_execution desc="Specifies whether the macro execution is enabled in general. This will enable Basic and Python scripts to execute both installed and from documents. If it is set to false, the macro_security_level is ignored. If it is set to true, the mentioned entry specified the level of macro security." type="bool" default="false">{{ item.value.macros.allowed | default(false) | ternary('true', 'false') }}</enable_macros_execution>
-      <macro_security_level desc="Level of Macro security. 1 (Medium) Confirmation required before executing macros from untrusted sources. 0 (Low, not recommended) All macros will be executed without confirmation." type="int" default="1">{{ item.value.macros.security_level | default('1') }}</macro_security_level>
+      <enable_macros_execution desc="Specifies whether the macro execution is enabled in general. This will enable Basic and Python scripts to execute both installed and from documents. If it is set to false, the macro_security_level is ignored. If it is set to true, the mentioned entry specified the level of macro security." type="bool" default="false">{{ collabora_code_instances[collabora_code_instance].macros.allowed | default(false) | ternary('true', 'false') }}</enable_macros_execution>
+      <macro_security_level desc="Level of Macro security. 1 (Medium) Confirmation required before executing macros from untrusted sources. 0 (Low, not recommended) All macros will be executed without confirmation." type="int" default="1">{{ collabora_code_instances[collabora_code_instance].macros.security_level | default('1') }}</macro_security_level>
       <enable_websocket_urp desc="Should we enable URP (UNO remote protocol) communication over the websocket. This allows full control of the Kit child server to anyone with access to the websocket including executing macros without confirmation or running arbitrary shell commands in the jail." type="bool" default="false">false</enable_websocket_urp>
       <enable_metrics_unauthenticated desc="When enabled, the /cool/getMetrics endpoint will not require authentication." type="bool" default="false">false</enable_metrics_unauthenticated>
     </security>
@@ -224,7 +224,7 @@
             </locking>
 
             <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
-{% for backend in item.value.backend_storages %}
+{% for backend in collabora_code_instances[collabora_code_instance].backend_storages %}
                 <group>
                     <host allow="true">https://{{ backend }}:443</host>
                 </group>
@@ -245,8 +245,8 @@
     <admin_console desc="Web admin console settings.">
         <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
         <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
-        <username desc="The username of the admin console. Ignored if PAM is enabled.">{{ item.value.admin.username }}</username>
-        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password.">{{ item.value.admin.password }}</password>
+        <username desc="The username of the admin console. Ignored if PAM is enabled.">{{ collabora_code_instances[collabora_code_instance].admin.username }}</username>
+        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password.">{{ collabora_code_instances[collabora_code_instance].admin.password }}</password>
         <logging desc="Log admin activities irrespective of logging.level">
             <admin_login desc="log when an admin logged into the console" type="bool" default="true">true</admin_login>
             <metrics_fetch desc="log when metrics endpoint is accessed and metrics endpoint authentication is enabled" type="bool" default="true">true</metrics_fetch>
diff --git a/roles/apps/collabora/code/templates/config/coolwsd.23.05.6.4.1.xml.j2 b/roles/apps/collabora/code/instance/templates/config/coolwsd.23.05.6.4.1.xml.j2
index 4d4ac71c..1f39df35 100644
--- a/roles/apps/collabora/code/templates/config/coolwsd.23.05.6.4.1.xml.j2
+++ b/roles/apps/collabora/code/instance/templates/config/coolwsd.23.05.6.4.1.xml.j2
@@ -38,7 +38,7 @@
     <child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
     <mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree>
 
-    <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">{{ item.value.hostname }}</server_name>
+    <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">{{ collabora_code_instances[collabora_code_instance].hostname }}</server_name>
     <file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing cool." type="path" relative="true" default="browser/../"></file_server_root_path>
     <hexify_embedded_urls desc="Enable to protect encoded URLs from getting decoded by intermediate hops. Particularly useful on Azure deployments" type="bool" default="false"></hexify_embedded_urls>
     <experimental_features desc="Enable/Disable experimental features" type="bool" default="true">true</experimental_features>
@@ -209,8 +209,8 @@
       <seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
       <capabilities desc="Should we require capabilities to isolate processes into chroot jails" type="bool" default="true">true</capabilities>
       <jwt_expiry_secs desc="Time in seconds before the Admin Console's JWT token expires" type="int" default="1800">1800</jwt_expiry_secs>
-      <enable_macros_execution desc="Specifies whether the macro execution is enabled in general. This will enable Basic and Python scripts to execute both installed and from documents. If it is set to false, the macro_security_level is ignored. If it is set to true, the mentioned entry specified the level of macro security." type="bool" default="false">{{ item.value.macros.allowed | default(false) | ternary('true', 'false') }}</enable_macros_execution>
-      <macro_security_level desc="Level of Macro security. 1 (Medium) Confirmation required before executing macros from untrusted sources. 0 (Low, not recommended) All macros will be executed without confirmation." type="int" default="1">{{ item.value.macros.security_level | default('1') }}</macro_security_level>
+      <enable_macros_execution desc="Specifies whether the macro execution is enabled in general. This will enable Basic and Python scripts to execute both installed and from documents. If it is set to false, the macro_security_level is ignored. If it is set to true, the mentioned entry specified the level of macro security." type="bool" default="false">{{ collabora_code_instances[collabora_code_instance].macros.allowed | default(false) | ternary('true', 'false') }}</enable_macros_execution>
+      <macro_security_level desc="Level of Macro security. 1 (Medium) Confirmation required before executing macros from untrusted sources. 0 (Low, not recommended) All macros will be executed without confirmation." type="int" default="1">{{ collabora_code_instances[collabora_code_instance].macros.security_level | default('1') }}</macro_security_level>
       <enable_websocket_urp desc="Should we enable URP (UNO remote protocol) communication over the websocket. This allows full control of the Kit child server to anyone with access to the websocket including executing macros without confirmation or running arbitrary shell commands in the jail." type="bool" default="false">false</enable_websocket_urp>
       <enable_metrics_unauthenticated desc="When enabled, the /cool/getMetrics endpoint will not require authentication." type="bool" default="false">false</enable_metrics_unauthenticated>
     </security>
@@ -239,7 +239,7 @@
             </locking>
 
             <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
-{% for backend in item.value.backend_storages %}
+{% for backend in collabora_code_instances[collabora_code_instance].backend_storages %}
                 <group>
                     <host allow="true">https://{{ backend }}:443</host>
                 </group>
@@ -260,8 +260,8 @@
     <admin_console desc="Web admin console settings.">
         <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
         <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
-        <username desc="The username of the admin console. Ignored if PAM is enabled.">{{ item.value.admin.username }}</username>
-        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password.">{{ item.value.admin.password }}</password>
+        <username desc="The username of the admin console. Ignored if PAM is enabled.">{{ collabora_code_instances[collabora_code_instance].admin.username }}</username>
+        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password.">{{ collabora_code_instances[collabora_code_instance].admin.password }}</password>
         <logging desc="Log admin activities irrespective of logging.level">
             <admin_login desc="log when an admin logged into the console" type="bool" default="true">true</admin_login>
             <metrics_fetch desc="log when metrics endpoint is accessed and metrics endpoint authentication is enabled" type="bool" default="true">true</metrics_fetch>
diff --git a/roles/apps/collabora/code/templates/nginx-vhost.conf.j2 b/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2
index c8a512b0..d661427f 100644
--- a/roles/apps/collabora/code/templates/nginx-vhost.conf.j2
+++ b/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2
@@ -6,7 +6,7 @@ location ^~ /browser {
     include snippets/proxy-forward-headers.conf;
 
     proxy_set_header Host $http_host;
-    proxy_pass http://127.0.0.1:{{ item.value.port }};
+    proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
 
     proxy_redirect http://$host/ https://$host/;
     proxy_redirect http://$host:9980/ https://$host/;
@@ -18,7 +18,7 @@ location ^~ /hosting/discovery {
     include snippets/proxy-forward-headers.conf;
 
     proxy_set_header Host $http_host;
-    proxy_pass http://127.0.0.1:{{ item.value.port }};
+    proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
 
     proxy_redirect http://$host/ https://$host/;
     proxy_redirect http://$host:9980/ https://$host/;
@@ -30,7 +30,7 @@ location ^~ /hosting/capabilities {
     include snippets/proxy-forward-headers.conf;
 
     proxy_set_header Host $http_host;
-    proxy_pass http://127.0.0.1:{{ item.value.port }};
+    proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
 
     proxy_redirect http://$host/ https://$host/;
     proxy_redirect http://$host:9980/ https://$host/;
@@ -47,7 +47,7 @@ location ~ ^/cool/(.*)/ws$ {
     proxy_read_timeout 36000s;
 
     proxy_set_header Host $http_host;
-    proxy_pass http://127.0.0.1:{{ item.value.port }};
+    proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
 
     proxy_redirect http://$host/ https://$host/;
     proxy_redirect http://$host:9980/ https://$host/;
@@ -59,7 +59,7 @@ location ~ ^/(c|l)ool {
     include snippets/proxy-forward-headers.conf;
 
     proxy_set_header Host $http_host;
-    proxy_pass http://127.0.0.1:{{ item.value.port }};
+    proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
 
     proxy_redirect http://$host/ https://$host/;
     proxy_redirect http://$host:9980/ https://$host/;
@@ -76,7 +76,7 @@ location ^~ /cool/adminws {
     proxy_read_timeout 36000s;
 
     proxy_set_header Host $http_host;
-    proxy_pass http://127.0.0.1:{{ item.value.port }};
+    proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
 
     proxy_redirect http://$host/ https://$host/;
     proxy_redirect http://$host:9980/ https://$host/;
diff --git a/roles/apps/collabora/code/templates/pod-spec.yml.j2 b/roles/apps/collabora/code/instance/templates/pod-spec.yml.j2
index 8fa335e1..559ac272 100644
--- a/roles/apps/collabora/code/templates/pod-spec.yml.j2
+++ b/roles/apps/collabora/code/instance/templates/pod-spec.yml.j2
@@ -1,6 +1,6 @@
 containers:
 - name: collabora-code
-  image: "collabora/code{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}"
+  image: "collabora/code{% if 'custom_image' in collabora_code_instances[collabora_code_instance] %}/{{ collabora_code_instance }}{% endif %}:{{ collabora_code_instances[collabora_code_instance].version }}"
   resources:
     limits:
       memory: "4Gi"
@@ -16,10 +16,10 @@ containers:
     readOnly: true
   ports:
   - containerPort: 9980
-    hostPort: {{ item.value.port }}
+    hostPort: {{ collabora_code_instances[collabora_code_instance].port }}
     hostIP: 127.0.0.1
 volumes:
 - name: config
   hostPath:
-    path: "{{ collabora_code_base_path }}/{{ item.key }}/config/"
+    path: "{{ collabora_code_instance_basepath }}/config/"
     type: Directory
diff --git a/roles/apps/collabora/code/tasks/custom-image.yml b/roles/apps/collabora/code/tasks/custom-image.yml
deleted file mode 100644
index 84f6b1ae..00000000
--- a/roles/apps/collabora/code/tasks/custom-image.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-- name: create build directory for custom image
-  file:
-    path: "{{ collabora_code_base_path }}/{{ item.key }}/build"
-    state: directory
-
-- name: generate Dockerfile for custom image
-  copy:
-    content: |
-      FROM {{ item.value.custom_image.from | default('collabora/code:' + item.value.version) }}
-      {{ item.value.custom_image.dockerfile }}
-    dest: "{{ collabora_code_base_path }}/{{ item.key }}/build/Dockerfile"
-  register: collabora_code_custom_image_docker
-
-- name: build custom image
-  docker_image:
-    name: "collabora/code/{{ item.key }}:{{ item.value.version }}"
-    state: present
-    force_source: "{{ collabora_code_custom_image_docker is changed }}"
-    source: build
-    build:
-      path: "{{ collabora_code_base_path }}/{{ item.key }}/build"
-      network: host
-      pull: yes
diff --git a/roles/apps/collabora/code/tasks/main.yml b/roles/apps/collabora/code/tasks/main.yml
index 19f9b816..11b3fee4 100644
--- a/roles/apps/collabora/code/tasks/main.yml
+++ b/roles/apps/collabora/code/tasks/main.yml
@@ -1,44 +1,7 @@
 ---
-- name: create collabora-code config subdirectory
+- name: instance specific tasks
   loop: "{{ collabora_code_instances | list }}"
-  file:
-    path: "{{ collabora_code_base_path }}/{{ item }}/config"
-    state: directory
-    mode: 0750
-
-- name: generate configuration file
-  loop: "{{ collabora_code_instances | dict2items }}"
   loop_control:
-    label: "{{ item.key }}"
-  template:
-    src: "config/coolwsd.{{ item.value.version }}.xml.j2"
-    dest: "{{ collabora_code_base_path }}/{{ item.key }}/config/coolwsd.xml"
-
-- name: build custom image
-  loop: "{{ collabora_code_instances | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  when: "'custom_image' in item.value"
-  include_tasks: custom-image.yml
-
-- name: install pod manifest
-  loop: "{{ collabora_code_instances | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  vars:
-    kubernetes_standalone_pod:
-      name: "collabora-code-{{ item.key }}"
-      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
-      mode: "0600"
-      config_hash_items:
-      - path: "{{ collabora_code_base_path }}/{{ item.key }}/config/coolwsd.xml"
-        properties:
-        - checksum
+    loop_var: collabora_code_instance
   include_role:
-    name: kubernetes/standalone/pod
-
-- name: install nginx vhost config
-  loop: "{{ collabora_code_instances | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  include_tasks: nginx-vhost.yml
+    name: apps/collabora/code/instance
diff --git a/roles/apps/collabora/code/tasks/nginx-vhost.yml b/roles/apps/collabora/code/tasks/nginx-vhost.yml
deleted file mode 100644
index afd8f1e0..00000000
--- a/roles/apps/collabora/code/tasks/nginx-vhost.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-- name: render nginx-vhost custom config
-  set_fact:
-    collabora_code_nginx_vhost_custom: "{{ lookup('template', 'nginx-vhost.conf.j2') }}"
-
-- name: configure nginx vhost
-  vars:
-    nginx_vhost:
-      name: "collabora-code-{{ item.key }}"
-      template: generic
-      tls:
-        certificate_provider: "{{ acme_client }}"
-      hostnames:
-      - "{{ item.value.hostname }}"
-      custom: "{{ collabora_code_nginx_vhost_custom }}"
-  include_role:
-    name: nginx/vhost
author	Christian Pointner <equinox@spreadspace.org>	2024-08-25 23:03:52 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2024-08-25 23:03:52 +0200
commit	fa5bacba97c0c9513dcdbb24b5464157184c4ee1 (patch)
tree	3681bf971131faae1a4a0e9bc515e3df12e055d6 /roles
parent	collabora/code: remove legacy file naming (lool vs cool) (diff)