blob: b0470a5ba80ca35a1189910dded6b8b38b35ca36 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
---
- name: prepare storage volume
vars:
storage_volume: "{{ collabora_code_instances[collabora_code_instance].storage }}"
include_role:
name: "storage/{{ collabora_code_instances[collabora_code_instance].storage.type }}/volume"
- set_fact:
collabora_code_instance_basepath: "{{ storage_volume_mountpoint }}"
- name: create instance config directory
file:
path: "{{ collabora_code_instance_basepath }}/config"
state: directory
mode: 0750
- name: generate configuration file
template:
src: "config/coolwsd.{{ collabora_code_instances[collabora_code_instance].version }}.xml.j2"
dest: "{{ collabora_code_instance_basepath }}/config/coolwsd.xml"
- name: generate/install TLS certificates for publishment
vars:
x509_certificate_name: "collabora-code-{{ collabora_code_instance }}_publish"
x509_certificate_hostnames: []
x509_certificate_config:
ca: "{{ collabora_code_instances[collabora_code_instance].publish.zone.certificate_ca_config }}"
cert:
common_name: "collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}"
extended_key_usage:
- serverAuth
extended_key_usage_critical: yes
create_subject_key_identifier: yes
not_after: +100w
x509_certificate_renewal:
install:
- dest: "{{ collabora_code_instance_basepath }}/config/ca-chain.cert.pem"
src:
- ca_cert
mode: "0400"
owner: 100
- dest: "{{ collabora_code_instance_basepath }}/config/cert.pem"
src:
- cert
mode: "0400"
owner: 100
- dest: "{{ collabora_code_instance_basepath }}/config/key.pem"
src:
- key
owner: 100
mode: "0400"
include_role:
name: "x509/{{ collabora_code_instances[collabora_code_instance].publish.zone.certificate_provider }}/cert"
- name: build custom image
when: "'custom_image' in collabora_code_instances[collabora_code_instance]"
include_tasks: custom-image.yml
- name: install pod manifest
vars:
kubernetes_standalone_pod:
name: "collabora-code-{{ collabora_code_instance }}"
spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
mode: "0600"
config_hash_items:
- path: "{{ collabora_code_instance_basepath }}/config/coolwsd.xml"
properties:
- checksum
include_role:
name: kubernetes/standalone/pod
- name: render nginx-vhost custom config
set_fact:
collabora_code_nginx_vhost_custom: "{{ lookup('template', 'nginx-vhost.conf.j2') }}"
- name: configure nginx vhost for publishment
vars:
nginx_vhost__yaml: |
name: "collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}"
template: generic
{% if 'tls' in collabora_code_instances[collabora_code_instance].publish %}
tls:
{{ collabora_code_instances[collabora_code_instance].publish.tls | to_nice_yaml(indent=2) | indent(2) }}
{% endif %}
hostnames:
{% for hostname in collabora_code_instances[collabora_code_instance].publish.hostnames %}
- {{ hostname }}
{% endfor %}
custom: |
{{ collabora_code_nginx_vhost_custom | indent(2) }}
nginx_vhost: "{{ nginx_vhost__yaml | from_yaml }}"
include_role:
name: nginx/vhost
apply:
delegate_to: "{{ collabora_code_instances[collabora_code_instance].publish.zone.publisher }}"
|
