From 3fb47b587d1f7e5157fd82be756b98e10aa91483 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Thu, 3 Nov 2022 22:02:47 +0100 Subject: [PATCH] Fix issues with cloud service --- .../pod-cloud.template/admin.password.j2 | 1 + .../.config/pod-cloud.template/admin.user.j2 | 1 + .../pod-cloud.template/database.name.j2 | 1 + .../pod-cloud.template/database.password.j2 | 1 + .../pod-cloud.template/database.user.j2 | 1 + .../user/container-cloud-cron.service.j2 | 17 +++++-- .../user/container-cloud-cron.timer.j2 | 11 ----- .../user/container-cloud-nextcloud.service.j2 | 21 +++++++++ .../.config/systemd/user/pod-cloud.service.j2 | 4 +- .../service-deploy/service.d/cloud.yml | 46 ++++++++++++++++--- 10 files changed, 81 insertions(+), 23 deletions(-) create mode 100644 playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.password.j2 create mode 100644 playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.user.j2 create mode 100644 playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.name.j2 create mode 100644 playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.password.j2 create mode 100644 playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.user.j2 delete mode 100644 playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.timer.j2 diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.password.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.password.j2 new file mode 100644 index 0000000..1a9a3cf --- /dev/null +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.password.j2 @@ -0,0 +1 @@ +{{ services[service_name].admin_password }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.user.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.user.j2 new file mode 100644 index 0000000..12cfa4e --- /dev/null +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.user.j2 @@ -0,0 +1 @@ +{{ services[service_name].admin_user }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.name.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.name.j2 new file mode 100644 index 0000000..b7f793c --- /dev/null +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.name.j2 @@ -0,0 +1 @@ +{{ services[service_name].database_name }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.password.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.password.j2 new file mode 100644 index 0000000..7df230a --- /dev/null +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.password.j2 @@ -0,0 +1 @@ +{{ services[service_name].database_password }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.user.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.user.j2 new file mode 100644 index 0000000..40c0a3f --- /dev/null +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.user.j2 @@ -0,0 +1 @@ +{{ services[service_name].database_user }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.service.j2 index 2195ceb..7a28c30 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.service.j2 +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.service.j2 @@ -1,10 +1,15 @@ [Unit] Description=Podman container-cloud-cron.service Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +BindsTo=pod-cloud.service +After=pod-cloud.service OnFailure=status-mail@%n.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/container-cloud-cron.pid %t/container-cloud-cron.ctr-id ExecStart=/usr/bin/podman run \ @@ -13,13 +18,19 @@ ExecStart=/usr/bin/podman run \ --cgroups=no-conmon \ --pod-id-file %t/pod-cloud.pod-id \ --replace \ + --label "io.containers.autoupdate=image" \ + -dt \ --add-host=pod-database:{{ services['database'].address }} \ -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ --name=pod-cloud-cron \ - --user=www-data \ docker.io/library/nextcloud:{{ versions.cloud.nextcloud }} \ - php -f /var/www/html/cron.php + /cron.sh +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-cron.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-cron.ctr-id -Type=oneshot +PIDFile=%t/container-cloud-cron.pid +Type=forking + +[Install] +WantedBy=multi-user.target default.target diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.timer.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.timer.j2 deleted file mode 100644 index e8a6824..0000000 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.timer.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Run nextcloud cron job -BindsTo=pod-cloud.service -After=pod-cloud.service - -[Timer] -OnActiveSec=5min -OnUnitActiveSec=5min - -[Install] -WantedBy=pod-cloud.service diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nextcloud.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nextcloud.service.j2 index c86bbd3..f52536a 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nextcloud.service.j2 +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nextcloud.service.j2 @@ -24,6 +24,27 @@ ExecStart=/usr/bin/podman run \ -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ + -v ./.config/pod-cloud/database.name:/run/secrets/database.name:ro \ + -v ./.config/pod-cloud/database.user:/run/secrets/database.user:ro \ + -v ./.config/pod-cloud/database.password:/run/secrets/database.password:ro \ + -v ./.config/pod-cloud/admin.user:/run/secrets/admin.user:ro \ + -v ./.config/pod-cloud/admin.password:/run/secrets/admin.password:ro \ + -e POSTGRES_HOST=pod-database:5432 \ + -e POSTGRES_DB_FILE=/run/secrets/database.name \ + -e POSTGRES_USER_FILE=/run/secrets/database.user \ + -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \ + -e NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/admin.user \ + -e NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin.password \ + -e NEXTCLOUD_TRUSTED_DOMAINS="{{ services[service_name].domain }}" \ + -e OVERWRITEPROTOCOL="https" \ + -e SMTP_HOST="{{ services[service_name].smtp_host }}" \ + -e SMTP_SECURE="ssl" \ + -e SMTP_PORT=465 \ + -e SMTP_AUTHTYPE="PLAIN" \ + -e SMTP_NAME="{{ services[service_name].smtp_name }}" \ + -e SMTP_PASSWORD="{{ services[service_name].smtp_password }}" \ + -e MAIL_FROM_ADDRESS="cloud" \ + -e MAIL_DOMAIN="{{ services[service_name].domain }}" \ --name=pod-cloud-nextcloud \ docker.io/library/nextcloud:{{ versions.cloud.nextcloud }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nextcloud.ctr-id -t 10 diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/pod-cloud.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/pod-cloud.service.j2 index 6bc6c2e..95fa260 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/pod-cloud.service.j2 +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/pod-cloud.service.j2 @@ -3,8 +3,8 @@ Description=Podman pod-cloud.service Documentation=man:podman-generate-systemd(1) Wants=network.target After=network-online.target -Requires=container-cloud-nginx.service container-cloud-nextcloud.service -Before=container-cloud-nginx.service container-cloud-nextcloud.service +Requires=container-cloud-nginx.service container-cloud-nextcloud.service container-cloud-cron.service +Before=container-cloud-nginx.service container-cloud-nextcloud.service container-cloud-cron.service OnFailure=status-mail@%n.service [Service] diff --git a/playbooks/tasks/services/c-deploy/service-deploy/service.d/cloud.yml b/playbooks/tasks/services/c-deploy/service-deploy/service.d/cloud.yml index 222fdb8..7048cf1 100644 --- a/playbooks/tasks/services/c-deploy/service-deploy/service.d/cloud.yml +++ b/playbooks/tasks/services/c-deploy/service-deploy/service.d/cloud.yml @@ -1,16 +1,48 @@ - block: - - name: Enable container-cloud-cron timer - systemd: - name: container-cloud-cron.timer - enabled: yes - scope: user - register: container_cloud_cron_timer + - name: Copy database name file + template: + src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.name.j2" + dest: "{{ service_home }}/.config/{{ service_user_name }}/database.name" + mode: 0600 + register: database_name_file + + - name: Copy database user file + template: + src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.user.j2" + dest: "{{ service_home }}/.config/{{ service_user_name }}/database.user" + mode: 0600 + register: database_user_file + + - name: Copy database password file + template: + src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.password.j2" + dest: "{{ service_home }}/.config/{{ service_user_name }}/database.password" + mode: 0600 + register: database_password_file + + - name: Copy admin user file + template: + src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/admin.user.j2" + dest: "{{ service_home }}/.config/{{ service_user_name }}/admin.user" + mode: 0600 + register: admin_user_file + + - name: Copy admin password file + template: + src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/admin.password.j2" + dest: "{{ service_home }}/.config/{{ service_user_name }}/admin.password" + mode: 0600 + register: admin_password_file - name: Record changes set_fact: service_changed: true when: - container_cloud_cron_timer is changed + database_name_file is changed or + database_user_file is changed or + database_password_file is changed or + admin_user_file is changed or + admin_password_file is changed become_user: "{{ service_user_name }}"