From abfbc2fc5bfab1420005ee97dc26ea8120874a4f Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Fri, 18 Aug 2023 13:01:36 +0200 Subject: [PATCH] Compatibility with new podman on bookworm --- .../services/deploy/cloud/tasks/main.yml | 10 ++- .../services/deploy/cloud/templates/hosts | 9 +++ .../systemd/container-cloud-cron.service | 3 +- .../systemd/container-cloud-nextcloud.service | 3 +- .../cloud/templates/systemd/pod-cloud.service | 7 +- .../roles/services/deploy/git/tasks/main.yml | 10 ++- .../roles/services/deploy/git/templates/hosts | 9 +++ .../systemd/container-git-gitea.service | 73 +++++++++---------- .../git/templates/systemd/pod-git.service | 7 +- .../services/deploy/notes/tasks/main.yml | 10 ++- .../services/deploy/notes/templates/hosts | 9 +++ .../systemd/container-notes-chown.service | 22 +++--- .../systemd/container-notes-joplin.service | 61 ++++++++-------- .../notes/templates/systemd/pod-notes.service | 7 +- .../services/deploy/rproxy/tasks/main.yml | 14 ++-- .../services/deploy/rproxy/templates/hosts | 11 +++ .../systemd/container-rproxy-certbot.service | 22 +++--- .../systemd/container-rproxy-nginx.service | 41 +++++------ .../templates/systemd/pod-rproxy.service | 7 +- .../services/deploy/rproxy/vars/nginx.yml | 13 ---- 20 files changed, 208 insertions(+), 140 deletions(-) create mode 100644 playbooks/roles/services/deploy/cloud/templates/hosts create mode 100644 playbooks/roles/services/deploy/git/templates/hosts create mode 100644 playbooks/roles/services/deploy/notes/templates/hosts create mode 100644 playbooks/roles/services/deploy/rproxy/templates/hosts delete mode 100644 playbooks/roles/services/deploy/rproxy/vars/nginx.yml diff --git a/playbooks/roles/services/deploy/cloud/tasks/main.yml b/playbooks/roles/services/deploy/cloud/tasks/main.yml index 74e258d..5bdb9e9 100644 --- a/playbooks/roles/services/deploy/cloud/tasks/main.yml +++ b/playbooks/roles/services/deploy/cloud/tasks/main.yml @@ -6,6 +6,13 @@ - block: + - name: "{{ services_service_name }} : configure hosts file" + ansible.builtin.template: + src: "hosts" + dest: "{{ services_service_user_home }}/.config/service/hosts" + mode: 0644 + register: services_deploy_cloud_hosts_file + - name: "configure nginx" ansible.builtin.copy: src: "./config/nginx.conf" @@ -65,7 +72,8 @@ state: "restarted" scope: "user" when: - (services_deploy_cloud_config_files.changed or + (services_deploy_cloud_hosts_file.changed or + services_deploy_cloud_config_files.changed or services_deploy_cloud_nextcloud_files.changed or services_deploy_cloud_systemd_files.changed) and services_deploy_cloud_service_active_state.stdout == "active" diff --git a/playbooks/roles/services/deploy/cloud/templates/hosts b/playbooks/roles/services/deploy/cloud/templates/hosts new file mode 100644 index 0000000..b44bfce --- /dev/null +++ b/playbooks/roles/services/deploy/cloud/templates/hosts @@ -0,0 +1,9 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +127.0.1.1 cloud + +{{ services_all_services['database'].inet6_address }} pod-database +{{ services_all_services['database'].inet_address }} pod-database diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-cron.service b/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-cron.service index bf43c58..c4e56a3 100644 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-cron.service +++ b/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-cron.service @@ -22,9 +22,8 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ --log-driver=journald \ -dt \ - --add-host=pod-database:{{ services_all_services['database'].inet_address }} \ - --add-host=pod-database:{{ services_all_services['database'].inet6_address }} \ -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ + -v ./.config/service/hosts:/etc/hosts:ro \ -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ -v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \ diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service b/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service index 199f5be..a7e81d9 100644 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service +++ b/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service @@ -22,9 +22,8 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ --log-driver=journald \ -dt \ - --add-host=pod-database:{{ services_all_services['database'].inet_address }} \ - --add-host=pod-database:{{ services_all_services['database'].inet6_address }} \ -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ + -v ./.config/service/hosts:/etc/hosts:ro \ -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ -v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \ diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service b/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service index 975f612..7357842 100644 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service +++ b/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service @@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace +ExecStartPre=/usr/bin/podman pod create \ + --infra-conmon-pidfile %t/pod-cloud.pid \ + --pod-id-file %t/pod-cloud.pod-id \ + --name=cloud \ + --network=none \ + --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile' ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud diff --git a/playbooks/roles/services/deploy/git/tasks/main.yml b/playbooks/roles/services/deploy/git/tasks/main.yml index a59c89e..9fadc2c 100644 --- a/playbooks/roles/services/deploy/git/tasks/main.yml +++ b/playbooks/roles/services/deploy/git/tasks/main.yml @@ -6,6 +6,13 @@ - block: + - name: "{{ services_service_name }} : configure hosts file" + ansible.builtin.template: + src: "hosts" + dest: "{{ services_service_user_home }}/.config/service/hosts" + mode: 0644 + register: services_deploy_git_hosts_file + - name: "configure systemd service" ansible.builtin.template: src: "./systemd/{{ item }}" @@ -43,7 +50,8 @@ state: "restarted" scope: "user" when: - services_deploy_git_systemd_files.changed and + (services_deploy_git_hosts_file.changed or + services_deploy_git_systemd_files.changed) and services_deploy_git_service_active_state.stdout == "active" become_user: "{{ services_service_user_name }}" diff --git a/playbooks/roles/services/deploy/git/templates/hosts b/playbooks/roles/services/deploy/git/templates/hosts new file mode 100644 index 0000000..0961cb2 --- /dev/null +++ b/playbooks/roles/services/deploy/git/templates/hosts @@ -0,0 +1,9 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +127.0.1.1 git + +{{ services_all_services['database'].inet6_address }} pod-database +{{ services_all_services['database'].inet_address }} pod-database diff --git a/playbooks/roles/services/deploy/git/templates/systemd/container-git-gitea.service b/playbooks/roles/services/deploy/git/templates/systemd/container-git-gitea.service index ce9a567..80df48d 100644 --- a/playbooks/roles/services/deploy/git/templates/systemd/container-git-gitea.service +++ b/playbooks/roles/services/deploy/git/templates/systemd/container-git-gitea.service @@ -13,43 +13,42 @@ Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/container-git-gitea.pid %t/container-git-gitea.ctr-id ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/container-git-gitea.pid \ - --cidfile %t/container-git-gitea.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-git.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - --add-host=pod-database:{{ services_all_services['database'].inet_address }} \ - --add-host=pod-database:{{ services_all_services['database'].inet6_address }} \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/pod-git/data/_data:/data \ - -v /etc/timezone:/etc/timezone:ro \ - -v /etc/localtime:/etc/localtime:ro \ - -e USER_UID="1000" \ - -e USER_GID="1000" \ - -e GITEA__database__DB_TYPE="postgres" \ - -e GITEA__database__HOST="pod-database:5432" \ - -e GITEA__database__NAME="{{ services[services_service_name].database.name }}" \ - -e GITEA__database__USER="{{ services[services_service_name].database.user }}" \ - -e GITEA__database__PASSWD="{{ services[services_service_name].database.password }}" \ - -e GITEA__server__DOMAIN="{{ services[services_service_name].domain }}" \ - -e GITEA__server__SSH_DOMAIN="{{ services[services_service_name].domain }}" \ - -e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \ - -e GITEA__server__START_SSH_SERVER="true" \ - -e GITEA__server__SSH_PORT="{{ services[services_service_name].ssh_port }}" \ - -e GITEA__server__SSH_LISTEN_PORT="{{ services[services_service_name].ssh_port }}" \ - -e GITEA__mailer__ENABLED="true" \ - -e GITEA__mailer__FROM="Gitea " \ - -e GITEA__mailer__MAILER_TYPE="smtp" \ - -e GITEA__mailer__HOST="{{ services[services_service_name].smtp.host }}" \ - -e GITEA__mailer__USER="{{ services[services_service_name].smtp.user }}" \ - -e GITEA__mailer__PASSWD="{{ services[services_service_name].smtp.password }}" \ - -e GITEA__service__DISABLE_REGISTRATION="true" \ - -e GITEA__service__ENABLE_NOTIFY_MAIL="true" \ - --name=pod-git-gitea \ - docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }} + --conmon-pidfile %t/container-git-gitea.pid \ + --cidfile %t/container-git-gitea.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-git.pod-id \ + --replace \ + --label "io.containers.autoupdate=image" \ + --log-driver=journald \ + -dt \ + -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ + -v ./.config/service/hosts:/etc/hosts:ro \ + -v {{ services_data_directory }}/pod-git/data/_data:/data \ + -v /etc/timezone:/etc/timezone:ro \ + -v /etc/localtime:/etc/localtime:ro \ + -e USER_UID="1000" \ + -e USER_GID="1000" \ + -e GITEA__database__DB_TYPE="postgres" \ + -e GITEA__database__HOST="pod-database:5432" \ + -e GITEA__database__NAME="{{ services[services_service_name].database.name }}" \ + -e GITEA__database__USER="{{ services[services_service_name].database.user }}" \ + -e GITEA__database__PASSWD="{{ services[services_service_name].database.password }}" \ + -e GITEA__server__DOMAIN="{{ services[services_service_name].domain }}" \ + -e GITEA__server__SSH_DOMAIN="{{ services[services_service_name].domain }}" \ + -e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \ + -e GITEA__server__START_SSH_SERVER="true" \ + -e GITEA__server__SSH_PORT="{{ services[services_service_name].ssh_port }}" \ + -e GITEA__server__SSH_LISTEN_PORT="{{ services[services_service_name].ssh_port }}" \ + -e GITEA__mailer__ENABLED="true" \ + -e GITEA__mailer__FROM="Gitea " \ + -e GITEA__mailer__MAILER_TYPE="smtp" \ + -e GITEA__mailer__HOST="{{ services[services_service_name].smtp.host }}" \ + -e GITEA__mailer__USER="{{ services[services_service_name].smtp.user }}" \ + -e GITEA__mailer__PASSWD="{{ services[services_service_name].smtp.password }}" \ + -e GITEA__service__DISABLE_REGISTRATION="true" \ + -e GITEA__service__ENABLE_NOTIFY_MAIL="true" \ + --name=pod-git-gitea \ + docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-git-gitea.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-git-gitea.ctr-id PIDFile=%t/container-git-gitea.pid diff --git a/playbooks/roles/services/deploy/git/templates/systemd/pod-git.service b/playbooks/roles/services/deploy/git/templates/systemd/pod-git.service index c36f963..a407e73 100644 --- a/playbooks/roles/services/deploy/git/templates/systemd/pod-git.service +++ b/playbooks/roles/services/deploy/git/templates/systemd/pod-git.service @@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace +ExecStartPre=/usr/bin/podman pod create \ + --infra-conmon-pidfile %t/pod-git.pid \ + --pod-id-file %t/pod-git.pod-id \ + --name=git \ + --network=none \ + --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile' ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git diff --git a/playbooks/roles/services/deploy/notes/tasks/main.yml b/playbooks/roles/services/deploy/notes/tasks/main.yml index 354925c..e024ffc 100644 --- a/playbooks/roles/services/deploy/notes/tasks/main.yml +++ b/playbooks/roles/services/deploy/notes/tasks/main.yml @@ -6,6 +6,13 @@ - block: + - name: "{{ services_service_name }} : configure hosts file" + ansible.builtin.template: + src: "hosts" + dest: "{{ services_service_user_home }}/.config/service/hosts" + mode: 0644 + register: services_deploy_notes_hosts_file + - name: "configure systemd service" ansible.builtin.template: src: "./systemd/{{ item }}" @@ -44,7 +51,8 @@ state: "restarted" scope: "user" when: - services_deploy_notes_systemd_files.changed and + (services_deploy_notes_hosts_file.changed or + services_deploy_notes_systemd_files.changed) and services_deploy_notes_service_active_state.stdout == "active" become_user: "{{ services_service_user_name }}" diff --git a/playbooks/roles/services/deploy/notes/templates/hosts b/playbooks/roles/services/deploy/notes/templates/hosts new file mode 100644 index 0000000..607b27e --- /dev/null +++ b/playbooks/roles/services/deploy/notes/templates/hosts @@ -0,0 +1,9 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +127.0.1.1 notes + +{{ services_all_services['database'].inet6_address }} pod-database +{{ services_all_services['database'].inet_address }} pod-database diff --git a/playbooks/roles/services/deploy/notes/templates/systemd/container-notes-chown.service b/playbooks/roles/services/deploy/notes/templates/systemd/container-notes-chown.service index c403b92..f1811af 100644 --- a/playbooks/roles/services/deploy/notes/templates/systemd/container-notes-chown.service +++ b/playbooks/roles/services/deploy/notes/templates/systemd/container-notes-chown.service @@ -10,17 +10,17 @@ Environment=PODMAN_SYSTEMD_UNIT=%n TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/container-notes-chown.pid %t/container-notes-chown.ctr-id ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/container-notes-chown.pid \ - --cidfile %t/container-notes-chown.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-notes.pod-id \ - --replace \ - -v {{ services_data_directory }}/pod-notes/data/_data:/data \ - --user=0 \ - --entrypoint="/bin/bash" \ - --name=pod-notes-chown \ - docker.io/joplin/server:{{ services_service_deploy_versions.joplin }} \ - -c "chown -R joplin:joplin /data" + --conmon-pidfile %t/container-notes-chown.pid \ + --cidfile %t/container-notes-chown.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-notes.pod-id \ + --replace \ + -v {{ services_data_directory }}/pod-notes/data/_data:/data \ + --user=0 \ + --entrypoint="/bin/bash" \ + --name=pod-notes-chown \ + docker.io/joplin/server:{{ services_service_deploy_versions.joplin }} \ + -c "chown -R joplin:joplin /data" ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-notes-chown.ctr-id Type=oneshot diff --git a/playbooks/roles/services/deploy/notes/templates/systemd/container-notes-joplin.service b/playbooks/roles/services/deploy/notes/templates/systemd/container-notes-joplin.service index 95dab26..4483a75 100644 --- a/playbooks/roles/services/deploy/notes/templates/systemd/container-notes-joplin.service +++ b/playbooks/roles/services/deploy/notes/templates/systemd/container-notes-joplin.service @@ -14,37 +14,36 @@ Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/container-notes-joplin.pid %t/container-notes-joplin.ctr-id ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/container-notes-joplin.pid \ - --cidfile %t/container-notes-joplin.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-notes.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - --add-host=pod-database:{{ services_all_services['database'].inet_address }} \ - --add-host=pod-database:{{ services_all_services['database'].inet6_address }} \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/pod-notes/data/_data:/data \ - -e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \ - -e APP_PORT="22300" \ - -e DB_CLIENT="pg" \ - -e POSTGRES_PASSWORD="{{ services[services_service_name].database.password }}" \ - -e POSTGRES_DATABASE="{{ services[services_service_name].database.name }}" \ - -e POSTGRES_USER="{{ services[services_service_name].database.user }}" \ - -e POSTGRES_PORT="5432" \ - -e POSTGRES_HOST="pod-database" \ - -e MAILER_ENABLED="true" \ - -e MAILER_HOST="{{ services[services_service_name].smtp.host }}" \ - -e MAILER_PORT=465 \ - -e MAILER_SECURITY="tls" \ - -e MAILER_AUTH_USER="{{ services[services_service_name].smtp.user }}" \ - -e MAILER_AUTH_PASSWORD="{{ services[services_service_name].smtp.password }}" \ - -e MAILER_NOREPLY_NAME="Joplin" \ - -e MAILER_NOREPLY_EMAIL="noreply@{{ services[services_service_name].domain }}" \ - -e STORAGE_DRIVER="Type=Filesystem; Path=/data" \ - --name=pod-notes-joplin \ - docker.io/joplin/server:{{ services_service_deploy_versions.joplin }} + --conmon-pidfile %t/container-notes-joplin.pid \ + --cidfile %t/container-notes-joplin.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-notes.pod-id \ + --replace \ + --label "io.containers.autoupdate=image" \ + --log-driver=journald \ + -dt \ + -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ + -v ./.config/service/hosts:/etc/hosts:ro \ + -v {{ services_data_directory }}/pod-notes/data/_data:/data \ + -e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \ + -e APP_PORT="22300" \ + -e DB_CLIENT="pg" \ + -e POSTGRES_PASSWORD="{{ services[services_service_name].database.password }}" \ + -e POSTGRES_DATABASE="{{ services[services_service_name].database.name }}" \ + -e POSTGRES_USER="{{ services[services_service_name].database.user }}" \ + -e POSTGRES_PORT="5432" \ + -e POSTGRES_HOST="pod-database" \ + -e MAILER_ENABLED="true" \ + -e MAILER_HOST="{{ services[services_service_name].smtp.host }}" \ + -e MAILER_PORT=465 \ + -e MAILER_SECURITY="tls" \ + -e MAILER_AUTH_USER="{{ services[services_service_name].smtp.user }}" \ + -e MAILER_AUTH_PASSWORD="{{ services[services_service_name].smtp.password }}" \ + -e MAILER_NOREPLY_NAME="Joplin" \ + -e MAILER_NOREPLY_EMAIL="noreply@{{ services[services_service_name].domain }}" \ + -e STORAGE_DRIVER="Type=Filesystem; Path=/data" \ + --name=pod-notes-joplin \ + docker.io/joplin/server:{{ services_service_deploy_versions.joplin }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-notes-joplin.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-notes-joplin.ctr-id PIDFile=%t/container-notes-joplin.pid diff --git a/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service b/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service index 603401c..873c061 100644 --- a/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service +++ b/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service @@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace +ExecStartPre=/usr/bin/podman pod create \ + --infra-conmon-pidfile %t/pod-notes.pid \ + --pod-id-file %t/pod-notes.pod-id \ + --name=notes \ + --network=none \ + --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile' ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes diff --git a/playbooks/roles/services/deploy/rproxy/tasks/main.yml b/playbooks/roles/services/deploy/rproxy/tasks/main.yml index c4e6ab9..4372372 100644 --- a/playbooks/roles/services/deploy/rproxy/tasks/main.yml +++ b/playbooks/roles/services/deploy/rproxy/tasks/main.yml @@ -4,12 +4,15 @@ name: "services/include" vars_from: "user" -- name: "{{ services_service_name }} : set the rproxy variables" - ansible.builtin.include_vars: - file: "nginx.yml" - - block: + - name: "{{ services_service_name }} : configure hosts file" + ansible.builtin.template: + src: "hosts" + dest: "{{ services_service_user_home }}/.config/service/hosts" + mode: 0644 + register: services_deploy_rproxy_hosts_file + - name: "{{ services_service_name }} : create nginx conf.d" ansible.builtin.file: path: "{{ services_service_user_home }}/.config/service/nginx-conf.d" @@ -93,7 +96,8 @@ state: "restarted" scope: "user" when: - (services_deploy_rproxy_generic_config.changed or + (services_deploy_rproxy_hosts_file.changed or + services_deploy_rproxy_generic_config.changed or services_deploy_rproxy_stream_config.changed or services_deploy_rproxy_subdomain_config_files.changed or services_deploy_rproxy_systemd_files.changed or diff --git a/playbooks/roles/services/deploy/rproxy/templates/hosts b/playbooks/roles/services/deploy/rproxy/templates/hosts new file mode 100644 index 0000000..75511c8 --- /dev/null +++ b/playbooks/roles/services/deploy/rproxy/templates/hosts @@ -0,0 +1,11 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +127.0.1.1 {{ services_service_name }} +{% for service in ( services_all_services | dict2items ) %} + +{{ service.value.inet6_address }} pod-{{ service.key }} +{{ service.value.inet_address }} pod-{{ service.key }} +{% endfor %} diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service index e3b318c..8276108 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service @@ -9,16 +9,16 @@ TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-certbot.pid %t/container-{{ services_service_name }}-certbot.ctr-id ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \ - --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ - --replace \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \ - -v var-lib-letsencrypt:/var/lib/letsencrypt \ - -v var-www-html:/var/www/html \ - --name=pod-{{ services_service_name }}-certbot \ - docker.io/certbot/certbot --non-interactive renew + --conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \ + --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ + --replace \ + -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \ + -v var-lib-letsencrypt:/var/lib/letsencrypt \ + -v var-www-html:/var/www/html \ + --name=pod-{{ services_service_name }}-certbot \ + docker.io/certbot/certbot --non-interactive renew ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id Type=oneshot diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service index 027f1bf..aa7bc05 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service @@ -14,27 +14,26 @@ TimeoutStopSec=70 ExecStartPre=/usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\'' {{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf' ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-nginx.pid %t/container-{{ services_service_name }}-nginx.ctr-id ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \ - --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - {{ services_rproxy_nginx_add_inet_hosts }} \ - {{ services_rproxy_nginx_add_inet6_hosts }} \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v %t/resolver.conf:/etc/nginx/resolver.conf:ro \ - -v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \ - -v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \ - -v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \ - -v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ - -v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \ - -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \ - -v var-www-html:/var/www/html \ - --name=pod-{{ services_service_name }}-nginx \ - docker.io/library/nginx:{{ services_service_deploy_versions.nginx }} + --conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \ + --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ + --replace \ + --label "io.containers.autoupdate=image" \ + --log-driver=journald \ + -dt \ + -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ + -v ./.config/service/hosts:/etc/hosts:ro \ + -v %t/resolver.conf:/etc/nginx/resolver.conf:ro \ + -v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \ + -v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \ + -v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \ + -v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ + -v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \ + -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \ + -v var-www-html:/var/www/html \ + --name=pod-{{ services_service_name }}-nginx \ + docker.io/library/nginx:{{ services_service_deploy_versions.nginx }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id PIDFile=%t/container-{{ services_service_name }}-nginx.pid diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service index d6c0c98..90efa41 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service @@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ services_service_name }}.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace +ExecStartPre=/usr/bin/podman pod create \ + --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid \ + --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ + --name={{ services_service_name }} \ + --network=none \ + --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile' ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-{{ services_service_name }} diff --git a/playbooks/roles/services/deploy/rproxy/vars/nginx.yml b/playbooks/roles/services/deploy/rproxy/vars/nginx.yml deleted file mode 100644 index 08d406e..0000000 --- a/playbooks/roles/services/deploy/rproxy/vars/nginx.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -services_rproxy_nginx_add_inet_hosts: "\ - {% set add_host_list = [] %}\ - {% for service in ( services_all_services | dict2items ) %}\ - {{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet_address) }}\ - {% endfor %}\ - {{ add_host_list | join(' ') }}" -services_rproxy_nginx_add_inet6_hosts: "\ - {% set add_host_list = [] %}\ - {% for service in ( services_all_services | dict2items ) %}\ - {{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet6_address) }}\ - {% endfor %}\ - {{ add_host_list | join(' ') }}"