Skip to content

Commit

Permalink
Add non privileged user
Browse files Browse the repository at this point in the history
  • Loading branch information
@antarcticrainforest
antarcticrainforest committed Oct 26, 2023
1 parent ad3eec0 commit 96e7c86
Show file tree
Hide file tree
Showing 12 changed files with 240 additions and 124 deletions.
21 changes: 20 additions & 1 deletion assets/share/freva/deployment/config/inventory.toml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# This is the "defaut" freva deployment configuration file.
# This is the "default" freva deployment configuration file.
#
# - The files syntax follows the `toml` markup language (https://toml.io)
# - Comments begin with the "#" character
Expand Down Expand Up @@ -95,6 +95,10 @@ ansible_become_user = "root"
##(Useful for a truely fresh start) (default: False)
wipe = false

## Set the path where the permanent database data should be stored. By default
## this is set to /opt/freva/<project_name>/db_service
data_path = "/opt/freva"

## In case you want to set a custom path to a ansible playbook,
## you can do this here, by default the deployment will use the playbook
## located in the user config directory.
Expand Down Expand Up @@ -126,6 +130,11 @@ ansible_become_user = "root"
##Indicate whether or not to empty any pre-existing folders/docker volumes.
##(Useful for a truely fresh start) (default: False)
wipe = false

## Set the path where the permanent databrowsr data should be stored.
## By default this is set to /opt/freva
data_path = "/opt/freva"

## In case you want to set a custom path to a ansible playbook,
## you can do this here, by default the deployment will use the playbook
## located in the user config directory.
Expand Down Expand Up @@ -216,6 +225,10 @@ project_website = "www.freva.dkrz.de"
##If you need a different user name you can set it here:
#ansible_user = "username"

## Set the path where the permanent web data should be stored. By default
## this is set to /opt/freva
data_path = "/opt/freva"

##Set html colors
main_color = "Tomato"
border_color = "#6c2e1f"
Expand Down Expand Up @@ -319,3 +332,9 @@ web_playbook = ""

## Set the become (sudo) user name to change to for installing the services
ansible_become_user = "root"

# Deploy a http reverse proxy. Turn off the deployment (set to false) of an
# reverse proxy doesn't the user that deploys the web doesn't have access to
# port 80 and 443 in this case you will have to deploy the reverse proxy
# yourself.
deploy_web_server = true
28 changes: 14 additions & 14 deletions assets/share/freva/deployment/playbooks/databrowser-server-playbook.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,17 @@
vars:
ansible_python_interpreter: "{{ databrowser_ansible_python_interpreter }}"
databrowser_name: "{{project_name}}-databrowser"
compose_file: /opt/freva/compose_services/{{databrowser_name}}-compose.yml
compose_file: '{{databrowser_data_path}}/compose_services/{{databrowser_name}}-compose.yml'
solr_name: "{{project_name}}-solr"
mongo_name: "{{project_name}}-mongo"
solr_volumes:
- /opt/freva/{{project_name}}/solr_service:/var/solr/data:z
- /opt/freva/freva-service-config/solr/managed-schema.xml:/opt/solr/managed-schema.xml:z
- /opt/freva/freva-service-config/solr/create_cores.sh:/docker-entrypoint-initdb.d/create_cores.sh:z
- /opt/freva/freva-service-config/solr/synonyms.txt:/opt/solr/synonyms.txt:z
- /opt/freva/freva-service-config/solr/daily_backup.sh:/usr/local/bin/daily_backup:z
- '{{databrowser_data_path}}/{{project_name}}/solr_service:/var/solr/data:z'
- '{{databrowser_data_path}}/freva-service-config/solr/managed-schema.xml:/opt/solr/managed-schema.xml:z'
- '{{databrowser_data_path}}/freva-service-config/solr/create_cores.sh:/docker-entrypoint-initdb.d/create_cores.sh:z'
- '{{databrowser_data_path}}/freva-service-config/solr/synonyms.txt:/opt/solr/synonyms.txt:z'
- '{{databrowser_data_path}}/freva-service-config/solr/daily_backup.sh:/usr/local/bin/daily_backup:z'
mongo_volumes:
- /opt/freva/{{project_name}}/databrowser/stats:/data/db:z
- '{{databrowser_data_path}}/{{project_name}}/databrowser/stats:/data/db:z'
ansible_become_user: "{{ databrowser_ansible_become_user | default('root') }}"
use_become: "{{ databrowser_ansible_become_user is defined and databrowser_ansible_become_user != '' }}"
tasks:
Expand Down Expand Up @@ -58,41 +58,41 @@
file:
state: absent
force: true
path: /opt/freva/freva-service-config/
path: '{{databrowser_data_path}}/freva-service-config/'
become: "{{use_become}}"
- name: Cleaning existing directory structure
file:
path: "{item}"
state: absent
with_items:
- "/opt/freva/{{ project_name }}/solr_service"
- "/opt/freva/{{ project_name }}/databrowser"
- "{{databrowser_data_path}}/{{ project_name }}/solr_service"
- "{{databrowser_data_path}}/{{ project_name }}/databrowser"
when: databrowser_wipe == true
become: "{{use_become}}"
- name: Creating solr directory structure
file:
path: /opt/freva/{{ project_name }}/solr_service
path: '{{databrowser_data_path}}/{{ project_name }}/solr_service'
state: directory
owner: 8983
group: 8983
recurse: true
become: "{{use_become}}"
- name: Creating compose directory structure
file:
path: /opt/freva/compose_services
path: '{{databrowser_data_path}}/compose_services'
state: directory
recurse: true
become: "{{use_become}}"
- name: Creating directory structure
file:
path: /opt/freva/{{ project_name }}/databrowser
path: '{{databrowser_data_path}}/{{ project_name }}/databrowser'
state: directory
recurse: true
become: "{{use_become}}"
- name: Getting additional configurations
git:
repo: https://github.com/FREVA-CLINT/freva-service-config.git
dest: /opt/freva/freva-service-config
dest: '{{databrowser_data_path}}/freva-service-config'
update: true
become: "{{use_become}}"
- name: Copy systemd files
Expand Down
36 changes: 18 additions & 18 deletions assets/share/freva/deployment/playbooks/db-server-playbook.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@

vars:
ansible_python_interpreter: "{{ db_ansible_python_interpreter }}"
compose_file: /opt/freva/compose_services/{{db_name}}-compose.yml
compose_file: '{{db_data_path}}/compose_services/{{db_name}}-compose.yml'
db_volumes:
- /opt/freva/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z
- /opt/freva/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z
- /opt/freva/{{project_name}}/db_service:/var/lib/mysql:z
- '{{db_data_path}}/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z'
- '{{db_data_path}}/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z'
- '{{db_data_path}}/{{project_name}}/db_service:/var/lib/mysql:z'
docker_cmd: >
--network {{ project_name }} -v
/opt/freva/{{project_name}}/db_service:/var/lib/mysql:z
{{db_data_path}}/{{project_name}}/db_service:/var/lib/mysql:z
-e HOST={{ db_host }}
-e NUM_BACKUPS=7
-e PROJECT={{ project_name }}
Expand All @@ -19,15 +19,15 @@
-e MYSQL_DATABASE={{db}}
-e BACKUP_DIR=/var/lib/mysql/backup
-p {{ db_port }}:3306
-v /opt/freva/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z
-v /opt/freva/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z
-v '{{db_data_path}}/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z'
-v '{{db_data_path}}/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z'
--rm
--name {{db_name}}
-e MYSQL_ROOT_PASSWORD={{ root_passwd }}
-t docker.io/mariadb:latest
skip_tables_cmd: >
--network {{ project_name }} -v
/opt/freva/{{project_name}}/db_service:/var/lib/mysql:z
'{{db_data_path}}/{{project_name}}/db_service:/var/lib/mysql:z'
-e HOST={{ db_host }}
-e NUM_BACKUPS=7
-e PROJECT={{ project_name }}
Expand All @@ -38,8 +38,8 @@
-p {{ db_port }}:3306
-e MYSQL_ROOT_PASSWORD={{ root_passwd }}
--name {{db_name}}
-v /opt/freva/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z
-v /opt/freva/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z
-v '{{db_data_path}}/freva-service-config/mysql/create_tables.sql:/docker-entrypoint-initdb.d/002_create_tables.sql:z'
-v '{{db_data_path}}/freva-service-config/mysql/daily_backup.sh:/usr/local/bin/daily_backup:z'
-v /tmp/reset_root_pw.sh:/tmp/reset_root_pw.sh:z
-t docker.io/mariadb:latest mariadbd-safe --skip-grant-tables
continer_name: "{{ db_name }}"
Expand Down Expand Up @@ -74,7 +74,7 @@
file:
state: absent
force: true
path: "/opt/freva/freva-service-config/"
path: "{{db_data_path}}/freva-service-config/"
become: "{{use_become}}"
- name: Pulling container
become: "{{use_become}}"
Expand All @@ -86,13 +86,13 @@
become: "{{use_become}}"
- name: Cleaning existing directory structure
file:
path: /opt/freva/{{ project_name }}/db_service
path: '{{db_data_path}}/{{ project_name }}/db_service'
state: absent
become: "{{use_become}}"
when: db_wipe == true
- name: Creating directory structure
file:
path: /opt/freva/{{ project_name }}/db_service
path: '{{db_data_path}}/{{ project_name }}/db_service'
state: directory
recurse: true
group: 999
Expand All @@ -113,7 +113,7 @@
become: "{{use_become}}"
git:
repo: https://github.com/FREVA-CLINT/freva-service-config.git
dest: /opt/freva/freva-service-config
dest: '{{db_data_path}}/freva-service-config'
update: true
- name: Preparing the root password reset I
become: "{{use_become}}"
Expand All @@ -129,22 +129,22 @@
- pause: seconds=2
- name: Resetting the root password
become: "{{use_become}}"
shell: /tmp/docker-or-podman exec -it {{db_name}} bash /tmp/reset_root_pw.sh
shell: /tmp/docker-or-podman exec {{db_name}} bash /tmp/reset_root_pw.sh
- name: Deleting temp. container
become: "{{use_become}}"
shell: |
/tmp/docker-or-podman rm -f {{db_name}}
- name: Creating compose directory structure
file:
path: /opt/freva/compose_services
path: '{{db_data_path}}/compose_services'
state: directory
recurse: true
become: "{{use_become}}"
- name: Creating compose file
become: "{{use_become}}"
template:
src: "{{ asset_dir }}/playbooks/db-server-compose-template.yml"
dest: "/opt/freva/compose_services/{{db_name}}-compose.yml"
dest: "{{db_data_path}}/compose_services/{{db_name}}-compose.yml"
- name: Creating system services
become: "{{use_become}}"
shell: |
Expand All @@ -158,7 +158,7 @@
- name: Creating potentially missing tables
become: "{{use_become}}"
shell: |
/tmp/docker-or-podman exec -it {{db_name}} /bin/sh -c 'mariadb -u root -p{{root_passwd}} {{db}} < /docker-entrypoint-initdb.d/002_create_tables.sql'
/tmp/docker-or-podman exec {{db_name}} /bin/sh -c 'mariadb -u root -p{{root_passwd}} {{db}} < /docker-entrypoint-initdb.d/002_create_tables.sql'
- name: Deleting auxillary files
become: "{{use_become}}"
file:
Expand Down
6 changes: 3 additions & 3 deletions assets/share/freva/deployment/playbooks/server-map-playbook.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
vars:
docker_cmd: >
run
-v /opt/freva/server-map:/var/freva/:z
-v '{{data_path}}:/var/freva/:z'
--dns 8.8.8.8
-p {{ port }}:5008
--name freva-map
Expand Down Expand Up @@ -33,7 +33,7 @@
when: wipe == true
- name: Cleaning existing directory structure
file:
path: /opt/freva/server-map
path: '{{data_path}}'
state: absent
when: wipe == true
- name: Copy systemd files
Expand All @@ -45,7 +45,7 @@
copy: src="{{ asset_dir }}/servers" dest=/tmp
- name: Creating directory structure
file:
path: /opt/freva/server-map
path: '{{data_path}}'
state: directory
owner: 9999
group: 9999
Expand Down
18 changes: 9 additions & 9 deletions assets/share/freva/deployment/playbooks/solr-server-playbook.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@
-e NUM_BACKUPS=7
-e SOLR_HEAP={{solr_mem}}
--rm
-v /opt/freva/{{project_name}}/solr_service:/var/solr/data:z
-v /opt/freva/freva-service-config/solr/managed-schema.xml:/opt/solr/managed-schema.xml:z
-v /opt/freva/freva-service-config/solr/create_cores.sh:/docker-entrypoint-initdb.d/create_cores.sh:z
-v /opt/freva/freva-service-config/solr/synonyms.txt:/opt/solr/synonyms.txt:z
-v /opt/freva/freva-service-config/solr/daily_backup.sh:/usr/local/bin/daily_backup:z
-v '{{solr_data_path}}/{{project_name}}/solr_service:/var/solr/data:z'
-v '{{solr_data_path}}/freva-service-config/solr/managed-schema.xml:/opt/solr/managed-schema.xml:z'
-v '{{solr_data_path}}/freva-service-config/solr/create_cores.sh:/docker-entrypoint-initdb.d/create_cores.sh:z'
-v '{{solr_data_path}}/freva-service-config/solr/synonyms.txt:/opt/solr/synonyms.txt:z'
-v '{{solr_data_path}}/freva-service-config/solr/daily_backup.sh:/usr/local/bin/daily_backup:z'
-p {{ solr_port }}:8983 -t
--name {{solr_name}}
-t solr:latest
Expand Down Expand Up @@ -47,7 +47,7 @@
file:
state: absent
force: true
path: "/opt/freva/freva-service-config/"
path: "{{solr_data_path}}/freva-service-config/"
become: "{{use_become}}"
- name: Creating docker network
shell: >
Expand All @@ -57,13 +57,13 @@
become: "{{use_become}}"
- name: Cleaning existing directory structure
file:
path: /opt/freva/{{ project_name }}/solr_service
path: '{{solr_data_path}}/{{ project_name }}/solr_service'
state: absent
when: solr_wipe == true
become: "{{use_become}}"
- name: Creating directory structure
file:
path: /opt/freva/{{ project_name }}/solr_service
path: '{{solr_data_path}}/{{ project_name }}/solr_service'
state: directory
owner: 8983
group: 8983
Expand All @@ -72,7 +72,7 @@
- name: Getting additional configurations
git:
repo: https://github.com/FREVA-CLINT/freva-service-config.git
dest: /opt/freva/freva-service-config
dest: '{{solr_data_path}}/freva-service-config'
update: true
become: "{{use_become}}"
- name: Copy systemd files
Expand Down
Loading

0 comments on commit 96e7c86

Please sign in to comment.