refactor molecule

.gitignore

@@ -1,6 +1,6 @@
 # ---> Ansible
 *.retry
-filter/plugins/
+plugins
 library
 
 # ---> Python

defaults/main.yml

@@ -5,7 +5,7 @@ freshrss_service_directory: /var/lib/docker/services/freshrss
 freshrss_container_name: freshrss
 freshrss_image: "xoxys/freshrss:{{ freshrss_version }}"
 freshrss_restart_policy: on-failure
-freshrss_exposed_port: 61000
+freshrss_exposed_port: 80
 freshrss_exposed_ip: 127.0.0.1
 freshrss_extra_hosts: []
 
@@ -85,10 +85,3 @@ freshrss_db_password: secure
 freshrss_db_ssl_mode: disable
 # @var freshrss_db_ssl_mode:description: This variable is only supported for `pgsql` DB type.
 freshrss_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
-
-freshrss_iptables_enabled: False
-freshrss_open_ports:
-  - name: allow_freshrss_web
-    rules: |
-      -A INPUT -m state --state NEW -p tcp --dport {{ freshrss_exposed_port }} -j ACCEPT
-    state: present

molecule/default/molecule.yml

@@ -20,3 +20,5 @@ verifier:
   name: testinfra
   lint:
     name: flake8
+    options:
+      max-line-length: 120

molecule/default/playbook.yml

@@ -1,8 +1,20 @@
 ---
-- name: Converge
+- name: Converge (Stage 1)
+  hosts: all
+  vars:
+    dockerengine_packages_extra:
+      - epel-release
+      - python2-pip
+
+  roles:
+    - role: xoxys.docker-engine
+
+- name: Converge (Stage 2)
   hosts: all
   vars:
     postgres_repository_enabled: True
+    postgres_connection_addresses:
+      - "{{ ansible_docker0.ipv4.address }}"
     postgres_users:
       - name: "pgfreshrss"
         password: "secure"
@@ -10,11 +22,16 @@
         db: "freshrss"
     postgres_dbs:
       - name: "freshrss"
-    dockerengine_packages_extra:
+    postgres_hba_entries_extra:
-      - epel-release
+      - contype: host
-      - python2-pip
+        databases:
+          - all
+        users:
+          - all
+        address: "172.18.0.0/16"
+        auth_method: md5
+    freshrss_db_server: "{{ ansible_docker0.ipv4.address }}"
 
   roles:
     - role: xoxys.postgres
-    - role: xoxys.docker-engine
     - role: xoxys.freshrss_docker

molecule/default/tests/test_default.py

@@ -17,4 +17,12 @@ def test_freshrss_running(host):
 
 def test_freshrss_socket(host):
     # Verify the socket is listening for HTTP traffic
-    assert host.socket("tcp://127.0.0.1:61000").is_listening
+    assert host.socket("tcp://127.0.0.1:80").is_listening
+
+
+def test_freshrss_conn_error(host):
+    code = int(host.run("curl -s -w '%{http_code}' http://localhost/ -o /dev/null").stdout)
+    body = host.run("curl -sX GET http://localhost/").stdout
+
+    assert code == 200
+    assert "FreshRSS" in body

tasks/setup.yml

@@ -16,17 +16,5 @@
         dest: "/etc/systemd/system/freshrss.service"
         mode: 0644
       notify: __freshrss_restart
-
-    - name: Open ports in iptables
-      iptables_raw:
-        name: "{{ item.name }}"
-        rules: "{{ item.rules }}"
-        state: "{{ item.state }}"
-        weight: "{{ item.weight | default(omit) }}"
-        table: "{{ item.table | default(omit) }}"
-      loop: "{{ freshrss_open_ports }}"
-      loop_control:
-        label: "{{ item.name }}"
-      when: freshrss_iptables_enabled | bool
   become: True
   become_user: root

templates/services/freshrss-compose.yml.j2

@@ -69,8 +69,12 @@ services:
       - FRESHRSS_CURLOPT_PROXYUSERPWD={{ freshrss_curlopt_proxyuserpwd }}
       {% endif %}
       - FRESHRSS_DB_TYPE=pgsql
-      - FRESHRSS_DB_HOST={{ freshrss_db_server }}{% if ttrss_db_type == "pgsql" %};sslmode={{ freshrss_db_ssl_mode }}{% endif %}
+      {% if ttrss_db_type == "pgsql" %}
-      - FRESHRSS_db_SSL_ROOTCERT={{ freshrss_db_ssl_rootcert }}
+      - FRESHRSS_DB_HOST={{ freshrss_db_server }};sslmode={{ freshrss_db_ssl_mode }}
+      {% else %}
+      - FRESHRSS_DB_HOST={{ freshrss_db_server }}
+      {% endif %}
+      - FRESHRSS_DB_SSL_ROOTCERT={{ freshrss_db_ssl_rootcert }}
       - FRESHRSS_DB_PORT={{ freshrss_db_port }}
       - FRESHRSS_DB_USER={{ freshrss_db_user }}
       - FRESHRSS_DB_PASSWORD={{ freshrss_db_password }}