Development: Add support for Redis configuration

examples/multi-node-production-icl/playbooks/artemis-cluster-broker.yml

@@ -6,21 +6,9 @@
   roles:
     - role: ls1intum.artemis.broker
 
-    - role: ls1intum.artemis.proxy
-      vars:
-        proxy_forward_ssh: false
-        proxy_generate_dh_param: "{{ broker.proxy.generate_dh_param }}"
-        servers:
-          - name: "_"
-            ssl_certificate_path: "{{ broker.proxy.ssl_certificate_path }}"
-            ssl_certificate_key_path:  "{{ broker.proxy.ssl_certificate_key_path }}"
-            default_server: true
-        proxy_target_port: 8761
-
     - role: ls1intum.artemis.firewall
       tags: firewall
       vars:
-        firewall_hostgroup: broker
         # Management Networks - used to allow SSH / HTTP access to Hosts and services
         management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
         management_network_ipv6: "{{ firewall_management_network_ipv6 }}"

examples/multi-node-production-icl/playbooks/artemis-cluster-registry.yml

@@ -21,7 +21,7 @@
     - role: ls1intum.artemis.firewall
       tags: firewall
       vars:
-        firewall_hostgroup: broker
+        firewall_hostgroup: registry
         # Management Networks - used to allow SSH / HTTP access to Hosts and services
         management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
         management_network_ipv6: "{{ firewall_management_network_ipv6 }}"

roles/artemis/defaults/main.yml

@@ -247,9 +247,17 @@ hazelcast_address: "{% if is_multinode_install is defined and is_multinode_insta
 artemis_eureka_urls: "{% if registry.url is defined and registry.url is not none %}http://admin:${jhipster.registry.password}@{{ registry.url }}:8761/eureka/{% endif %}"
 artemis_eureka_instance_id: "{{ node_id }}"
 
+artemis_redis_client_name: "{% if artemis_redis_client_name is defined %}{{ artemis_redis_client_name }}{% else %}{{ artemis_eureka_instance_id }}{% endif %}"
+
 node_short_name: unnamed-artemis-node
 node_display_name: Unnamed Artemis Node
 
+#redis:
+#  host:
+#  port:
+#  username:
+#  password:
+
 ##############################################################################
 # Iris Configuration
 ##############################################################################

roles/artemis/tasks/artemis_configuration.yml

@@ -123,7 +123,7 @@
     state: stopped
   failed_when: false    # e.g. if file exists but service does not
   changed_when: true    # e.g. if service was already stopped
-  when: (config.changed or permissions.changed or service.changed or ssh_key.changed or artemis_force_restart) and not artemis_force_no_restart # noqa 503
+  when: (config.changed or permissions.changed or service.changed or artemis_force_restart) and not artemis_force_no_restart # noqa 503
   notify: restart artemis
   throttle: 1
 

roles/artemis/tasks/deploy_artemis.yml

@@ -15,4 +15,5 @@
     - version_control.localvc is defined and version_control.localvc is not none
     - version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0
     - not (only_update_artemis_config | bool)
+    - contionous_integration.localci is defined and contionous_integration.localci is not none and contionous_integration.localci.is_core_node is defined and contionous_integration.localci.is_core_node
 

roles/artemis/tasks/docker_deploy_artemis.yml

@@ -8,23 +8,14 @@
 - name: Create artemis data directory
   become: true
   file:
-    path: "{{ artemis_working_directory }}/data"
-    state: directory
-    mode: '0770'
-
-- name: Create artemis database directory
-  become: true
-  file:
-    path: "{{ artemis_working_directory }}/data/database"
-    state: directory
-    mode: '0770'
-
-- name: Create artemis data/artemis directory
-  become: true
-  file:
-    path: "{{ artemis_working_directory }}/data/artemis"
+    path: "{{ artemis_working_directory }}/{{ item }}"
     state: directory
     mode: '0770'
+  loop:
+    - "data"
+    - "data/database"
+    - "data/artemis"
+    - "data/redis"
 
 - name: Set permissions for artemis directory
   become: true

roles/artemis/templates/application-prod.yml.j2

@@ -32,6 +32,17 @@ spring:
       addresses: "{{ broker.url }}:61613"
 {% endif %}
 {% endif %}
+
+{% if redis is defined and redis is not none %}
+  data:
+    redis:
+      host: {{ redis.host }}
+      port: {{ redis.port}}
+      username: {{ redis.username}}
+      password: {{ redis.password }}
+      client-name: {{ artemis_redis_client_name }}
+{% endif %}
+
 {% if is_multinode_install and hazelcast_address is defined %}
   hazelcast:
     interface: "{{ hazelcast_address }}"

roles/artemis/templates/artemis.env.j2

@@ -1,6 +1,7 @@
 SPRING_PROFILES_ACTIVE: '{{ artemis_spring_profiles }}'
 _JAVA_OPTIONS: '-Xmx3g -Xms1g'
 
+{% if artemis_computed_is_core_node %}
 SPRING_DATASOURCE_TYPE='com.zaxxer.hikari.HikariDataSource'
 SPRING_DATASOURCE_URL='jdbc:{{ artemis_database_type }}://{{ artemis_database_host }}:{{ artemis_database_port }}/{{ artemis_database_dbname }}?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf8&allowPublicKeyRetrieval=true&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC'
 SPRING_DATASOURCE_USERNAME='{{ artemis_database_username }}'
@@ -22,6 +23,15 @@ SPRING_WEBSOCKET_BROKER_USERNAME='{{ broker.username }}'
 SPRING_WEBSOCKET_BROKER_PASSWORD='{{ broker.password }}'
 SPRING_WEBSOCKET_BROKER_ADDRESSES='{{ broker.url }}:61613'
 {% endif %}
+{% endif %}
+
+{% if redis is defined and redis is not none %}
+SPRING_DATA_REDIS_HOST='{{ redis.host }}'
+SPRING_DATA_REDIS_PORT='{{ redis.port}}'
+SPRING_DATA_REDIS_USERNAME='{{ redis.username}}'
+SPRING_DATA_REDIS_PASSWORD='{{ redis.password }}'
+SPRING_DATA_REDIS_CLIENTNAME='{{ artemis_redis_client_name }}'
+{% endif %}
 {% if is_multinode_install and hazelcast_address is defined %}
 SPRING_HAZELCAST_INTERFACE='{{ hazelcast_address }}'
 {% endif %}

roles/artemis/templates/docker.env.j2

@@ -15,6 +15,11 @@ ARTEMIS_DATA_EXPORT_MOUNT='{{ artemis_working_directory }}/data-exports'
 DATABASE_ENV_FILE='{{ artemis_working_directory }}/database.env'
 DATABASE_VOLUME_MOUNT='{{ artemis_working_directory }}/data/database'
 
+{% if redis is defined and redis is not none %}
+REDIS_DATA_VOLUME='{{ artemis_working_directory }}/data/redis'
+REDIS_PASSWORD='{{ redis.password }}'
+{% endif %}
+
 # Broker & Registry vars
 {% if is_multinode_install %}
 REGISTRY_PASSWORD='{{ artemis_jhipster_registry_password }}'

roles/artemis/templates/node.env.j2

@@ -2,5 +2,8 @@ SPRING_PROFILES_ACTIVE='{{ artemis_spring_profiles }}{% if docker_node_id == 1 %
 EUREKA_INSTANCE_INSTANCEID='Artemis:{{ docker_node_id }}'
 EUREKA_INSTANCE_HOSTNAME='artemis-app-node-{{ docker_node_id }}'
 SPRING_HAZELCAST_INTERFACE='artemis-app-node-{{ docker_node_id }}'
+{% if redis is defined and redis is not none %}
+SPRING_DATA_REDIS_CLIENTNAME='{{ artemis_redis_client_name }}'
+{% endif %}
 ARTEMIS_CONTINUOUSINTEGRATION_BUILDAGENT_SHORTNAME='artemis-node-{{ docker_node_id }}'
 ARTEMIS_CONTINUOUSINTEGRATION_BUILDAGENT_DISPLAYNAME='Artemis Node {{ docker_node_id }}'

roles/firewall/README.md

@@ -23,16 +23,16 @@ monitoring_host_ipv6: "2a09:80c0:89:1::32"
 You have to configure a special varaible to select the firewall rule set which is applied:
 
 ```
-firewall_hostgroup:  # Can be 'broker', 'nodes', 'proxy' or left blank for default rules
+firewall_hostgroup:  # Can be 'registry', 'nodes', 'proxy' or left blank for default rules
 ```
 
 ## Example usage:
 
-Example playbook for a broker:
+Example playbook for a registry:
 
 ```
     - role: ls1intum.artemis.firewall
       tags: firewall
       vars:
-        firewall_hostgroup: broker
+        firewall_hostgroup: registry
 ```

roles/firewall/defaults/main.yml

@@ -1,6 +1,6 @@
 wireguard_port: 51820
 
-firewall_hostgroup:  # Can be 'broker', 'nodes', 'proxy' or left blank for default rules
+firewall_hostgroup: default # Can be 'registry', 'nodes', 'proxy' or left blank for default rules
 
 # Management Networks - used to allow SSH / HTTP access to Hosts and services
 management_network_ipv4: "172.24.152.0/24"

roles/firewall/tasks/deprecations.yml

@@ -0,0 +1,9 @@
+- name: Display deprecation notice
+  debug:
+    msg: "DEPRECATION NOTICE: Please use 'firewall_hostgroup: registry' instead of 'firewall_hostgroup: broker'."
+  when: firewall_hostgroup == 'broker'
+
+- name: Set default values for deprecated variables
+  set_fact:
+    firewall_hostgroup: "registry"
+  when: firewall_hostgroup == 'broker'

roles/firewall/tasks/main.yml

@@ -1,3 +1,5 @@
+- include_tasks: deprecations.yml
+
 - name: Install iptables-persistent
   become: true
   apt:

roles/redis/README.md

@@ -0,0 +1,19 @@
+Redis
+=========
+
+This role installes Redis in a docker container and configures it for the use with artemis.
+
+Please install docker before continuing with this role.
+
+Role Variables
+--------------
+
+Default variables can be found in the `defaults/main.yml` file.
+
+You have to configure the follwoing varaibles in your ansible `group_vars`:
+
+```
+redis:
+  user: artemis # Also used by the artemis role
+  password: #FIXME # Also used by the artemis role
+```

roles/redis/defaults/main.yml

@@ -0,0 +1,5 @@
+redis:
+  user: artemis
+  password: #FIXME
+  working_directory: /opt/redis
+  version: 6.2.6-v18

roles/redis/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: restart redis
+  become: true
+  community.docker.docker_compose_v2:
+    project_src: "{{ redis.working_directory }}"
+    state: present

roles/redis/tasks/main.yml

@@ -0,0 +1,27 @@
+
+- name: Check if redis.password is set
+  fail:
+    msg: "No redis password is configured!"
+  when:
+    - redis.password is undefined or redis.password is none
+
+- name: Create working directory
+  become: true
+  file:
+    path: "{{ redis.working_directory }}"
+    state: directory
+    mode: '0775'
+  notify: restart redis
+
+- name: Copy configuration file
+  become: true
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ redis.working_directory }}/{{ item.dest }}"
+    mode: '0600'
+  notify: restart redis
+  with_items:
+    - src: redis.conf.j2
+      dest: "redis.conf"
+    - src: docker-compose.yml.j2
+      dest: "docker-compose.yml"

roles/redis/templates/docker-compose.yml.j2

@@ -0,0 +1,24 @@
+{{ ansible_managed | comment }}
+
+services:
+  redis:
+    image: redis/redis-stack-server:latest
+    restart: always
+    ports:
+      - "6379:6379"
+    volumes:
+      - ./redis.conf:/usr/local/etc/redis/redis.conf
+      - ./redis-data:/data
+    command: [
+      "redis-server",
+      "/usr/local/etc/redis/redis.conf",
+      "--requirepass {{ redis.password }}",
+      "--user {{ redis.user }} on >{{ redis.password }} +@all &* ~*",
+      "--user default off nopass nocommands",
+      "--protected-mode no"
+    ]
+    healthcheck:
+      test: ["CMD", "redis-cli", "-a", "{{ redis.password }}", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 3

roles/redis/templates/redis.conf.j2

@@ -0,0 +1,3 @@
+{{ ansible_managed | comment }}
+
+notify-keyspace-events lshKE