From c633dbb33d1eec0dd8f4284456e0d574fb836eae Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 30 Jun 2020 16:30:57 +0200
Subject: apps/etherpad-lite: migrate to new standalone pod role

---
 roles/apps/etherpad-lite/tasks/main.yml            | 23 +++++----
 .../templates/pod-spec-with-mariadb.yml.j2         | 49 ++++++++++++++++++++
 .../templates/pod-with-mariadb.yml.j2              | 54 ----------------------
 3 files changed, 63 insertions(+), 63 deletions(-)
 create mode 100644 roles/apps/etherpad-lite/templates/pod-spec-with-mariadb.yml.j2
 delete mode 100644 roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2

(limited to 'roles/apps/etherpad-lite')

diff --git a/roles/apps/etherpad-lite/tasks/main.yml b/roles/apps/etherpad-lite/tasks/main.yml
index 0beeb1e1..416ab7ff 100644
--- a/roles/apps/etherpad-lite/tasks/main.yml
+++ b/roles/apps/etherpad-lite/tasks/main.yml
@@ -92,24 +92,29 @@
     owner: "{{ etherpad_lite_app_uid }}"
     group: "{{ etherpad_lite_app_gid }}"
 
-
-- name: generate pod manifests
+- name: install pod manifest
   loop: "{{ etherpad_lite_instances | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
-  template:
-    src: "pod-with-{{ item.value.database.type }}.yml.j2"
-    dest: "/etc/kubernetes/manifests/etherpad-lite-{{ item.key }}.yml"
-    mode: 0600
-
+  vars:
+    kubernetes_standalone_pod:
+      name: "etherpad-lite-{{ item.key }}"
+      spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}"
+      mode: 0600
+      config_hash_items:
+      - path: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/settings.json"
+        properties:
+        - checksum
+  include_role:
+    name: kubernetes/standalone/pod
 
 - name: configure nginx vhost
   loop: "{{ etherpad_lite_instances | dict2items }}"
-  include_role:
-    name: nginx/vhost
   vars:
     nginx_vhost:
       name: "etherpad-lite-{{ item.key }}"
       content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}"
       acme: true
       hostnames: "{{ item.value.hostnames }}"
+  include_role:
+    name: nginx/vhost
diff --git a/roles/apps/etherpad-lite/templates/pod-spec-with-mariadb.yml.j2 b/roles/apps/etherpad-lite/templates/pod-spec-with-mariadb.yml.j2
new file mode 100644
index 00000000..f608d6ab
--- /dev/null
+++ b/roles/apps/etherpad-lite/templates/pod-spec-with-mariadb.yml.j2
@@ -0,0 +1,49 @@
+securityContext:
+  allowPrivilegeEscalation: false
+containers:
+- name: etherpad-lite
+  image: spreadspace/etherpad-lite:{{ item.value.version }}
+  # securityContext:
+  #   runAsUser: {{ etherpad_lite_app_uid }}
+  #   runAsGroup: {{ etherpad_lite_app_gid }}
+  resources:
+    limits:
+      memory: "4Gi"
+  volumeMounts:
+  - name: config
+    mountPath: /opt/etherpad-lite/settings.json
+    subPath: settings.json
+    readOnly: true
+  ports:
+  - containerPort: 9001
+    hostPort: {{ item.value.port }}
+    hostIP: 127.0.0.1
+- name: database
+  image: "mariadb:{{ item.value.database.version }}"
+  securityContext:
+    runAsUser: {{ etherpad_lite_db_uid }}
+    runAsGroup: {{ etherpad_lite_db_gid }}
+  resources:
+    limits:
+      memory: "4Gi"
+  env:
+  - name: MYSQL_RANDOM_ROOT_PASSWORD
+    value: "true"
+  - name: MYSQL_DATABASE
+    value: etherpad-lite
+  - name: MYSQL_USER
+    value: etherpad-lite
+  - name: MYSQL_PASSWORD
+    value: "{{ item.value.database.password }}"
+  volumeMounts:
+  - name: database
+    mountPath: /var/lib/mysql
+volumes:
+- name: config
+  hostPath:
+    path: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/"
+    type: Directory
+- name: database
+  hostPath:
+    path: "{{ etherpad_lite_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
+    type: Directory
diff --git a/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2 b/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2
deleted file mode 100644
index 9391290f..00000000
--- a/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "etherpad-lite-{{ item.key }}"
-spec:
-  securityContext:
-    allowPrivilegeEscalation: false
-  containers:
-  - name: etherpad-lite
-    image: spreadspace/etherpad-lite:{{ item.value.version }}
-    # securityContext:
-    #   runAsUser: {{ etherpad_lite_app_uid }}
-    #   runAsGroup: {{ etherpad_lite_app_gid }}
-    resources:
-      limits:
-        memory: "4Gi"
-    volumeMounts:
-    - name: config
-      mountPath: /opt/etherpad-lite/settings.json
-      subPath: settings.json
-      readOnly: true
-    ports:
-    - containerPort: 9001
-      hostPort: {{ item.value.port }}
-      hostIP: 127.0.0.1
-  - name: database
-    image: "mariadb:{{ item.value.database.version }}"
-    securityContext:
-      runAsUser: {{ etherpad_lite_db_uid }}
-      runAsGroup: {{ etherpad_lite_db_gid }}
-    resources:
-      limits:
-        memory: "4Gi"
-    env:
-    - name: MYSQL_RANDOM_ROOT_PASSWORD
-      value: "true"
-    - name: MYSQL_DATABASE
-      value: etherpad-lite
-    - name: MYSQL_USER
-      value: etherpad-lite
-    - name: MYSQL_PASSWORD
-      value: "{{ item.value.database.password }}"
-    volumeMounts:
-    - name: database
-      mountPath: /var/lib/mysql
-  volumes:
-  - name: config
-    hostPath:
-      path: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/"
-      type: Directory
-  - name: database
-    hostPath:
-      path: "{{ etherpad_lite_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
-      type: Directory
-- 
cgit v1.2.3


From 6025dcf6f3dd7df02284dd6b3a37dd186879196c Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 30 Jun 2020 21:46:04 +0200
Subject: fix pod manifest permissions

---
 roles/apps/collabora/code/tasks/main.yml          | 2 +-
 roles/apps/coturn/tasks/main.yml                  | 2 +-
 roles/apps/etherpad-lite/tasks/main.yml           | 2 +-
 roles/apps/jitsi/meet/tasks/main.yml              | 2 +-
 roles/apps/nextcloud/tasks/main.yml               | 2 +-
 roles/kubernetes/standalone/pod/defaults/main.yml | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'roles/apps/etherpad-lite')

diff --git a/roles/apps/collabora/code/tasks/main.yml b/roles/apps/collabora/code/tasks/main.yml
index 6b41bf5a..74f3240a 100644
--- a/roles/apps/collabora/code/tasks/main.yml
+++ b/roles/apps/collabora/code/tasks/main.yml
@@ -29,7 +29,7 @@
     kubernetes_standalone_pod:
       name: "collabora-code-{{ item.key }}"
       spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
-      mode: 0600
+      mode: "0600"
       config_hash_items:
       - path: "{{ collabora_code_base_path }}/{{ item.key }}/config/loolwsd.xml"
         properties:
diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml
index 9971b428..176be664 100644
--- a/roles/apps/coturn/tasks/main.yml
+++ b/roles/apps/coturn/tasks/main.yml
@@ -73,7 +73,7 @@
     kubernetes_standalone_pod:
       name: "coturn-{{ coturn_realm }}"
       spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
-      mode: 0600
+      mode: "0600"
       config_hash_items:
       - path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/turnserver.conf"
         properties:
diff --git a/roles/apps/etherpad-lite/tasks/main.yml b/roles/apps/etherpad-lite/tasks/main.yml
index 416ab7ff..105b89d9 100644
--- a/roles/apps/etherpad-lite/tasks/main.yml
+++ b/roles/apps/etherpad-lite/tasks/main.yml
@@ -100,7 +100,7 @@
     kubernetes_standalone_pod:
       name: "etherpad-lite-{{ item.key }}"
       spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}"
-      mode: 0600
+      mode: "0600"
       config_hash_items:
       - path: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/settings.json"
         properties:
diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml
index f5bcbd21..16e05ced 100644
--- a/roles/apps/jitsi/meet/tasks/main.yml
+++ b/roles/apps/jitsi/meet/tasks/main.yml
@@ -22,7 +22,7 @@
     kubernetes_standalone_pod:
       name: "jitsi-meet-{{ jitsi_meet_inst_name }}"
       spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
-      mode: 0600
+      mode: "0600"
       config_hash_items:
       - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh"
         properties:
diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml
index d2ed558a..325fa15d 100644
--- a/roles/apps/nextcloud/tasks/main.yml
+++ b/roles/apps/nextcloud/tasks/main.yml
@@ -110,7 +110,7 @@
     kubernetes_standalone_pod:
       name: "nextcloud-{{ item.key }}"
       spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}"
-      mode: 0600
+      mode: "0600"
       config_hash_items:
       - path: "{{ nextcloud_base_path }}/{{ item.key }}/config/apache-site.conf"
         properties:
diff --git a/roles/kubernetes/standalone/pod/defaults/main.yml b/roles/kubernetes/standalone/pod/defaults/main.yml
index c20d37cf..2eae33a3 100644
--- a/roles/kubernetes/standalone/pod/defaults/main.yml
+++ b/roles/kubernetes/standalone/pod/defaults/main.yml
@@ -13,7 +13,7 @@
 #       - /bin/bash
 #       - -c
 #       - "sleep inf"
-#   mode: 0600
+#   mode: "0600"
 #   config_hash_items:
 #   - path: /path/to/configfile
 #     properties:
-- 
cgit v1.2.3