From 31924d6a29048be5c5e40d57a8b84ba825776dc3 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Wed, 17 Jun 2020 22:32:10 +0200 Subject: [PATCH 1/2] remove systemd and use native docker-compose --- defaults/main.yml | 63 ++++++++++++++----- handlers/main.yml | 9 --- molecule/centos7/converge.yml | 40 +++--------- molecule/centos7/requirements.yml | 12 +--- molecule/centos7/tests/test_default.py | 6 +- tasks/main.yml | 2 - tasks/post.yml | 10 --- tasks/prepare.yml | 8 --- tasks/setup.yml | 26 +++++--- .../etc/systemd/system/freshrss.service.j2 | 22 ------- templates/services/freshrss-compose.yml.j2 | 52 ++++++++++----- 11 files changed, 116 insertions(+), 134 deletions(-) delete mode 100644 handlers/main.yml delete mode 100644 tasks/post.yml delete mode 100644 tasks/prepare.yml delete mode 100644 templates/etc/systemd/system/freshrss.service.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 7b51a02..2ae106f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,12 +1,52 @@ --- freshrss_version: latest -freshrss_service_directory: /var/lib/docker/services/freshrss - -freshrss_container_name: freshrss freshrss_image: "xoxys/freshrss:{{ freshrss_version }}" -freshrss_restart_policy: on-failure -freshrss_exposed_port: 80 -freshrss_exposed_ip: 127.0.0.1 +# @var freshrss_base_url:description: > +# Specify address of the freshrss instance, used when building absolute urls, e.g. for websub. +# @end +freshrss_base_url: "http://localhost/" + +freshrss_service_directory: /var/lib/docker/services/freshrss +freshrss_container_name: freshrss +freshrss_restart_policy: always +freshrss_service_stopped: False + +# @var freshrss_networks:example: > +# freshrss_networks: +# - name: default +# # optional network driver, defaults to 'bride' +# driver: host +# @end +freshrss_networks: + - name: default + +freshrss_networks_applied: + - default + +# @var freshrss_volumes:description: > Define required docker volumes. +# @end +# @var freshrss_volumes:example: > +# freshrss_volumes: +# # Instead of the name you could specify a path on the container host system, +# # but you also have to enable bind mount for this volume +# - name: data +# # target location inside the container +# dest: /var/www/app/data +# # enable bind mount, if false volume will be configured as named volume +# # keep in mind you MUST set bind in any case +# bind: True +# @end +freshrss_volumes: + - name: data + dest: /var/www/app/data + bind: False + - name: extensions + dest: /var/www/app/extensions + bind: False + +freshrss_exposed_ports: + - "127.0.0.1:8080:8080" + freshrss_extra_hosts: [] # @var freshrss_memory_limit: $ "_unset_" @@ -36,11 +76,6 @@ freshrss_default_password: "freshrss" # @end # @var freshrss_salt: $ "_unset_" -# @var freshrss_base_url:description: > -# Specify address of the freshrss instance, used when building -# absolute urls, e.g. for websub. -# @end -freshrss_base_url: "http://localhost/" freshrss_language: "en" freshrss_title: "FreshRSS" # @var freshrss_meta_description: $ "_unset_" @@ -74,16 +109,14 @@ freshrss_limits_max_registrations: "1" freshrss_extensions_enabled: - "Tumblr-GDPR" -freshrss_db_type: pgsql +freshrss_db_type: sqlite freshrss_db_server: localhost freshrss_db_port: 5432 freshrss_db_name: freshrss -freshrss_db_user: pgfreshrss +freshrss_db_user: freshrss freshrss_db_password: secure # @var freshrss_db_ssl_mode:description: This variable is only supported for `pgsql` DB type. freshrss_db_ssl_mode: disable # @var freshrss_db_ssl_mode:description: This variable is only supported for `pgsql` DB type. freshrss_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt - -freshrss_docker_compose_bin: /usr/local/bin/docker-compose diff --git a/handlers/main.yml b/handlers/main.yml deleted file mode 100644 index 24ce3e4..0000000 --- a/handlers/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Restart container - systemd: - state: restarted - daemon_reload: yes - name: freshrss - listen: __freshrss_restart - become: True - become_user: root diff --git a/molecule/centos7/converge.yml b/molecule/centos7/converge.yml index a767f6c..e8b7161 100644 --- a/molecule/centos7/converge.yml +++ b/molecule/centos7/converge.yml @@ -1,33 +1,11 @@ --- -- name: Converge (Stage 1) - hosts: all - roles: - - role: xoxys.python3 - - role: xoxys.docker_engine + - name: Converge + hosts: all + vars: + dockerengine_packages_extra: + - epel-release + - python-pip -- name: Converge (Stage 2) - hosts: all - vars: - postgres_repository_enabled: True - postgres_connection_addresses: - - "{{ ansible_docker0.ipv4.address }}" - postgres_users: - - name: "pgfreshrss" - password: "secure" - priv: ALL - db: "freshrss" - postgres_dbs: - - name: "freshrss" - postgres_hba_entries_extra: - - contype: host - databases: - - all - users: - - all - address: "172.18.0.0/16" - auth_method: md5 - freshrss_db_server: "{{ ansible_docker0.ipv4.address }}" - - roles: - - role: xoxys.postgres - - role: xoxys.freshrss_docker + roles: + - role: xoxys.docker_engine + - role: xoxys.freshrss_docker diff --git a/molecule/centos7/requirements.yml b/molecule/centos7/requirements.yml index 4c0386e..8cc34d3 100644 --- a/molecule/centos7/requirements.yml +++ b/molecule/centos7/requirements.yml @@ -1,15 +1,5 @@ --- -- src: https://gitea.rknet.org/ansible/xoxys.python3.git - name: xoxys.python3 - scm: git - version: master - - src: https://gitea.rknet.org/ansible/xoxys.docker_engine.git name: xoxys.docker_engine scm: git - version: master - -- src: https://gitea.rknet.org/ansible/xoxys.postgres.git - name: xoxys.postgres - scm: git - version: master + version: refactoring diff --git a/molecule/centos7/tests/test_default.py b/molecule/centos7/tests/test_default.py index 91499e6..080b288 100644 --- a/molecule/centos7/tests/test_default.py +++ b/molecule/centos7/tests/test_default.py @@ -17,12 +17,12 @@ def test_freshrss_running(host): def test_freshrss_socket(host): # Verify the socket is listening for HTTP traffic - assert host.socket("tcp://127.0.0.1:80").is_listening + assert host.socket("tcp://127.0.0.1:8080").is_listening def test_freshrss_conn_error(host): - code = int(host.run("curl -s -w '%{http_code}' http://localhost/ -o /dev/null").stdout) - body = host.run("curl -sX GET http://localhost/").stdout + code = int(host.run("curl -s -w '%{http_code}' http://127.0.0.1:8080/ -o /dev/null").stdout) + body = host.run("curl -sX GET http://127.0.0.1:8080/").stdout assert code == 200 assert "FreshRSS" in body diff --git a/tasks/main.yml b/tasks/main.yml index 504dbc7..1f69f7a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,2 @@ --- -- include_tasks: prepare.yml - include_tasks: setup.yml -- include_tasks: post.yml diff --git a/tasks/post.yml b/tasks/post.yml deleted file mode 100644 index d3f8d6d..0000000 --- a/tasks/post.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- block: - - name: Ensure freshrss service is up and running - systemd: - state: started - daemon_reload: yes - enabled: yes - name: freshrss - become: True - become_user: root diff --git a/tasks/prepare.yml b/tasks/prepare.yml deleted file mode 100644 index ba987ac..0000000 --- a/tasks/prepare.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Ensure service directory exists - file: - path: "{{ freshrss_service_directory }}" - state: directory - mode: 0755 - become: True - become_user: root diff --git a/tasks/setup.yml b/tasks/setup.yml index 86b2c83..72ffab8 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,20 +1,28 @@ --- - block: + - name: Ensure service directory exists + file: + path: "{{ freshrss_service_directory }}" + state: directory + mode: 0755 + - name: Deploy compose file to '{{ freshrss_service_directory }}' template: src: "services/freshrss-compose.yml.j2" dest: "{{ freshrss_service_directory }}/docker-compose.yml" owner: root group: root - mode: 0644 - validate: "{{ freshrss_docker_compose_bin }} -f %s config -q" - notify: __freshrss_restart + mode: 0640 + validate: "docker-compose -f %s config -q" - - name: Create systemd unit files - template: - src: "etc/systemd/system/freshrss.service.j2" - dest: "/etc/systemd/system/freshrss.service" - mode: 0644 - notify: __freshrss_restart + - name: Ensure service is up and running + docker_compose: + project_src: "{{ freshrss_service_directory }}" + pull: yes + remove_orphans: yes + stopped: "{{ freshrss_service_stopped }}" + state: present + # temp. disable changes; breaks idempotency for whatever reason + changed_when: False become: True become_user: root diff --git a/templates/etc/systemd/system/freshrss.service.j2 b/templates/etc/systemd/system/freshrss.service.j2 deleted file mode 100644 index 3541f15..0000000 --- a/templates/etc/systemd/system/freshrss.service.j2 +++ /dev/null @@ -1,22 +0,0 @@ -#jinja2:lstrip_blocks: True -{{ ansible_managed | comment }} -[Unit] -Description=FreshRSS feed aggregator -Requires=docker.service network-online.target -After=docker.service network-online.target - -[Service] -WorkingDirectory={{ freshrss_service_directory }} -Type=simple -TimeoutStartSec=15min -Restart={{ freshrss_restart_policy }} - -ExecStartPre={{ freshrss_docker_compose_bin }} pull --quiet --ignore-pull-failures -ExecStart={{ freshrss_docker_compose_bin }} up --remove-orphans - -ExecStop={{ freshrss_docker_compose_bin }} down --remove-orphans - -ExecReload={{ freshrss_docker_compose_bin }} pull --quiet --ignore-pull-failures - -[Install] -WantedBy=multi-user.target diff --git a/templates/services/freshrss-compose.yml.j2 b/templates/services/freshrss-compose.yml.j2 index 306824a..1fdcec4 100644 --- a/templates/services/freshrss-compose.yml.j2 +++ b/templates/services/freshrss-compose.yml.j2 @@ -1,22 +1,35 @@ #jinja2:lstrip_blocks: True {{ ansible_managed | comment }} -version: '2.1' +version: '2.4' services: freshrss: container_name: {{ freshrss_container_name }} image: {{ freshrss_image }} - restart: unless-stopped + restart: {{ freshrss_restart_policy }} + {% if freshrss_exposed_ports | default([]) %} ports: - - {{ freshrss_exposed_ip + ':' if freshrss_exposed_ip is defined else '' }}{{ freshrss_exposed_port }}:8080 + {% for port in freshrss_exposed_ports %} + - {{ port | quote }} + {% endfor %} + {% endif %} + {% if freshrss_volumes | default([]) %} volumes: - - extensions:/var/www/app/extensions - - data:/var/www/app/data + {% for volume in freshrss_volumes %} + - "{{ volume.name }}:{{ volume.dest }}" + {% endfor %} + {% endif %} + {% if freshrss_networks_applied | default([]) %} + networks: + {% for network in freshrss_networks_applied %} + - {{ network }} + {% endfor %} + {% endif %} {% if freshrss_extra_hosts | default([]) %} extra_hosts: - {% for host in freshrss_extra_hosts %} - - {{ '"' + host + '"' }} - {% endfor %} + {% for host in freshrss_extra_hosts %} + - {{ host | quote }} + {% endfor %} {% endif %} environment: - FRESHRSS_ENVIRONMENT=production @@ -68,18 +81,20 @@ services: {% if freshrss_curlopt_proxyuserpwd is defined and freshrss_curlopt_proxyuserpwd %} - FRESHRSS_CURLOPT_PROXYUSERPWD={{ freshrss_curlopt_proxyuserpwd }} {% endif %} - - FRESHRSS_DB_TYPE=pgsql + - FRESHRSS_DB_TYPE={{ freshrss_db_type }} + {% if freshrss_db_type != "sqlite" %} {% if freshrss_db_type == "pgsql" %} - FRESHRSS_DB_HOST={{ freshrss_db_server }};sslmode={{ freshrss_db_ssl_mode }} + - FRESHRSS_POSTGRES_SSL_ROOTCERT={{ freshrss_db_ssl_rootcert }} {% else %} - FRESHRSS_DB_HOST={{ freshrss_db_server }} {% endif %} - - FRESHRSS_POSTGRES_SSL_ROOTCERT={{ freshrss_db_ssl_rootcert }} - FRESHRSS_DB_PORT={{ freshrss_db_port }} - FRESHRSS_DB_USER={{ freshrss_db_user }} - FRESHRSS_DB_PASSWORD={{ freshrss_db_password }} - FRESHRSS_DB_BASE={{ freshrss_db_name }} - FRESHRSS_DB_PREFIX=freshrss_ + {% endif %} - FRESHRSS_EXTENSIONS_ENABLED={{ freshrss_extensions_enabled | join(',') }} {% if freshrss_memory_limit is defined %} mem_limit: {{ freshrss_memory_limit }} @@ -115,9 +130,18 @@ services: {% if freshrss_pids_limit is defined %} pids_limit: {{ freshrss_pids_limit }} {% endif %} +{% if freshrss_volumes | default([]) | rejectattr("bind") | list | length > 0 %} volumes: - extensions: - driver: local - data: - driver: local + {% for volume in freshrss_volumes | rejectattr("bind") %} + {{ volume.name }}: + {% endfor %} +{% endif %} +{% if freshrss_networks | default([]) | length > 0 %} + +networks: + {% for network in freshrss_networks %} + {{ network.name }}: + driver: {{ network.backend | default("bridge") }} + {% endfor %} +{% endif %} -- 2.45.2 From 479ab62145b09b548fb124a89413458aeb23682b Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Thu, 18 Jun 2020 22:16:16 +0200 Subject: [PATCH 2/2] use bool values instead of strings --- defaults/main.yml | 16 ++++++++-------- templates/services/freshrss-compose.yml.j2 | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 2ae106f..4b7fa66 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -79,15 +79,15 @@ freshrss_default_password: "freshrss" freshrss_language: "en" freshrss_title: "FreshRSS" # @var freshrss_meta_description: $ "_unset_" -freshrss_allow_anonymous: "false" -freshrss_allow_anonymous_refresh: "false" +freshrss_allow_anonymous: False +freshrss_allow_anonymous_refresh: False freshrss_auth_type: "form" -freshrss_api_enabled: "false" -freshrss_unsafe_autologin_enabled: "false" -freshrss_simplepie_syslog_enabled: "true" -freshrss_pubsubhubbub_enabled: "false" -freshrss_allow_robots: "false" -freshrss_allow_referrer: "false" +freshrss_api_enabled: False +freshrss_unsafe_autologin_enabled: False +freshrss_simplepie_syslog_enabled: True +freshrss_pubsubhubbub_enabled: False +freshrss_allow_robots: False +freshrss_allow_referrer: False freshrss_limits_cookie_duration: "2592000" freshrss_limits_cache_duration: "800" freshrss_limits_timeout: "15" diff --git a/templates/services/freshrss-compose.yml.j2 b/templates/services/freshrss-compose.yml.j2 index 1fdcec4..19d98c8 100644 --- a/templates/services/freshrss-compose.yml.j2 +++ b/templates/services/freshrss-compose.yml.j2 @@ -44,15 +44,15 @@ services: {% endif %} - FRESHRSS_DEFAULT_USER={{ freshrss_default_user }} - FRESHRSS_DEFAULT_PASSWORD={{ freshrss_default_password }} - - FRESHRSS_ALLOW_ANONYMOUS={{ freshrss_allow_anonymous }} - - FRESHRSS_ALLOW_ANONYMOUS_REFRESH={{ freshrss_allow_anonymous_refresh }} + - FRESHRSS_ALLOW_ANONYMOUS={{ freshrss_allow_anonymous | bool | lower }} + - FRESHRSS_ALLOW_ANONYMOUS_REFRESH={{ freshrss_allow_anonymous_refresh | bool | lower }} - FRESHRSS_AUTH_TYPE={{ freshrss_auth_type }} - - FRESHRSS_API_ENABLED={{ freshrss_api_enabled }} - - FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED={{ freshrss_unsafe_autologin_enabled }} - - FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED={{ freshrss_simplepie_syslog_enabled }} - - FRESHRSS_PUBSUBHUBBUB_ENABLED={{ freshrss_pubsubhubbub_enabled }} - - FRESHRSS_ALLOW_ROBOTS={{ freshrss_allow_robots }} - - FRESHRSS_ALLOW_REFERRER={{ freshrss_allow_referrer }} + - FRESHRSS_API_ENABLED={{ freshrss_api_enabled | bool | lower }} + - FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED={{ freshrss_unsafe_autologin_enabled | bool | lower }} + - FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED={{ freshrss_simplepie_syslog_enabled | bool | lower }} + - FRESHRSS_PUBSUBHUBBUB_ENABLED={{ freshrss_pubsubhubbub_enabled | bool | lower }} + - FRESHRSS_ALLOW_ROBOTS={{ freshrss_allow_robots | bool | lower }} + - FRESHRSS_ALLOW_REFERRER={{ freshrss_allow_referrer | bool | lower }} - FRESHRSS_LIMITS_COOKIE_DURATION={{ freshrss_limits_cookie_duration }} - FRESHRSS_LIMITS_CACHE_DURATION={{ freshrss_limits_cache_duration }} - FRESHRSS_LIMITS_TIMEOUT={{ freshrss_limits_timeout }} -- 2.45.2