roles/apps/pigallery2/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

---
- name: create zfs datasets
  when: pigallery2_zfs is defined
  block:
  - name: create zfs base dataset
    zfs:
      name: "{{ pigallery2_zfs.pool }}/{{ pigallery2_zfs.name }}"
      state: present
      extra_zfs_properties: "{{ pigallery2_zfs.properties | dehumanize_zfs_properties | default(omit) }}"

  - name: create zfs volumes for instances
    loop: "{{ pigallery2_instances | dict2items }}"
    loop_control:
      label: "{{ item.key }} ({{ (item.value.zfs_properties | default({})).items() | map('join', '=') | join(', ') }})"
    zfs:
      name: "{{ pigallery2_zfs.pool }}/{{ pigallery2_zfs.name }}/{{ item.key }}"
      state: present
      extra_zfs_properties: "{{ item.value.zfs_properties | dehumanize_zfs_properties | default(omit) }}"

  - name: configure pigallery2 base bath
    set_fact:
      pigallery2_base_path: "{{ (zfs_pools[pigallery2_zfs.pool].mountpoint, pigallery2_zfs.name) | path_join }}"


- name: add group for pigallery2 app
  group:
    name: pigallery2
    gid: "{{ pigallery2_app_gid }}"

- name: add user for pigallery2 app
  user:
    name: pigallery2
    uid: "{{ pigallery2_app_uid }}"
    group: pigallery2
    password: "!"

- name: create instance subdirectories
  loop: "{{ pigallery2_instances | product(['config', 'db', 'tmp']) | list }}"
  loop_control:
    label: "{{ item[0] }}/{{ item[1] }}"
  file:
    path: "{{ pigallery2_base_path }}/{{ item[0] }}/{{ item[1] }}"
    state: directory
    owner: pigallery2
    group: pigallery2
    mode: "700"


- name: install pod manifest
  loop: "{{ pigallery2_instances | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  vars:
    kubernetes_standalone_pod:
      name: "pigallery2-{{ item.key }}"
      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
      mode: "0600"
  include_role:
    name: kubernetes/standalone/pod


- name: configure nginx vhost
  loop: "{{ pigallery2_instances | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  vars:
    nginx_vhost:
      name: "pigallery2-{{ item.key }}"
      template: generic
      tls:
        certificate_provider: "{{ acme_client }}"
      hostnames:
      - "{{ item.value.hostname }}"
      locations:
        '/':
          proxy_pass: "http://127.0.0.1:{{ item.value.port }}"
          extra_directives: |-
            client_max_body_size 0;
  include_role:
    name: nginx/vhost