Robert Helewka
042df52bca
- Updated user addition tasks across multiple playbooks (mcp_switchboard, mcpo, neo4j, neo4j_mcp, openwebui, postgresql, rabbitmq, searxng, smtp4dev) to replace references to ansible_user and remote_user with keeper_user. - Modified PostgreSQL deployment to create directories and manage files under keeper_user's home. - Enhanced documentation to clarify account taxonomy and usage of keeper_user in playbooks. - Introduced new deployment for Agent S, including environment setup, desktop environment installation, XRDP configuration, and accessibility support. - Added staging playbook for preparing release tarballs from local repositories. - Created templates for XRDP configuration and environment activation scripts. - Removed obsolete sunwait documentation.
155 lines
5.0 KiB
YAML
155 lines
5.0 KiB
YAML
---
|
|
# -----------------------------------------------------------------------------
|
|
# Casdoor Deployment Playbook
|
|
# -----------------------------------------------------------------------------
|
|
# Deploys Casdoor SSO Docker container
|
|
# Host: titania.incus (Incus container)
|
|
# Endpoint: id.ouranos.helu.ca via HAProxy on Titania
|
|
#
|
|
# Prerequisites:
|
|
# - postgresql_ssl must be deployed first (provides the database)
|
|
# - Docker must be installed
|
|
# - Alloy must be configured for syslog
|
|
#
|
|
# Secrets are fetched from Ansible Vault via group_vars/all/vault.yml
|
|
# -----------------------------------------------------------------------------
|
|
|
|
- name: Deploy Casdoor
|
|
hosts: ubuntu
|
|
tasks:
|
|
- name: Check if host has casdoor service
|
|
ansible.builtin.set_fact:
|
|
has_casdoor_service: "{{ 'casdoor' in services | default([]) }}"
|
|
|
|
- name: Skip hosts without casdoor service
|
|
ansible.builtin.meta: end_host
|
|
when: not has_casdoor_service
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Create User and Group (system-assigned UID/GID)
|
|
# -------------------------------------------------------------------------
|
|
|
|
- name: Create casdoor group
|
|
become: true
|
|
ansible.builtin.group:
|
|
name: "{{ casdoor_group }}"
|
|
system: true
|
|
|
|
- name: Create casdoor user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{ casdoor_user }}"
|
|
comment: "Casdoor service account"
|
|
group: "{{ casdoor_group }}"
|
|
system: true
|
|
create_home: false
|
|
shell: /usr/sbin/nologin
|
|
|
|
- name: Add keeper_user to casdoor group
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{ keeper_user }}"
|
|
groups: "{{ casdoor_group }}"
|
|
append: true
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Query uid/gid for Docker container user
|
|
# -------------------------------------------------------------------------
|
|
|
|
- name: Get casdoor user uid
|
|
ansible.builtin.shell: |
|
|
getent passwd {{ casdoor_user }} | cut -d: -f3
|
|
register: casdoor_uid_result
|
|
changed_when: false
|
|
|
|
- name: Get casdoor group gid
|
|
ansible.builtin.shell: |
|
|
getent group {{ casdoor_group }} | cut -d: -f3
|
|
register: casdoor_gid_result
|
|
changed_when: false
|
|
|
|
- name: Set uid/gid facts
|
|
ansible.builtin.set_fact:
|
|
casdoor_uid: "{{ casdoor_uid_result.stdout }}"
|
|
casdoor_gid: "{{ casdoor_gid_result.stdout }}"
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Create Directories
|
|
# -------------------------------------------------------------------------
|
|
|
|
- name: Create casdoor base directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ casdoor_directory }}"
|
|
owner: "{{ casdoor_user }}"
|
|
group: "{{ casdoor_group }}"
|
|
state: directory
|
|
mode: '0750'
|
|
|
|
- name: Create casdoor conf directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ casdoor_directory }}/conf"
|
|
owner: "{{ casdoor_user }}"
|
|
group: "{{ casdoor_group }}"
|
|
state: directory
|
|
mode: '0750'
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Template Configuration Files
|
|
# -------------------------------------------------------------------------
|
|
|
|
- name: Template docker-compose.yml
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: docker-compose.yml.j2
|
|
dest: "{{ casdoor_directory }}/docker-compose.yml"
|
|
owner: "{{ casdoor_user }}"
|
|
group: "{{ casdoor_group }}"
|
|
mode: '0640'
|
|
notify: restart casdoor
|
|
|
|
- name: Template app.conf
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: app.conf.j2
|
|
dest: "{{ casdoor_directory }}/conf/app.conf"
|
|
owner: "{{ casdoor_user }}"
|
|
group: "{{ casdoor_group }}"
|
|
mode: '0640'
|
|
notify: restart casdoor
|
|
|
|
- name: Template init_data.json
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: init_data.json.j2
|
|
dest: "{{ casdoor_directory }}/conf/init_data.json"
|
|
owner: "{{ casdoor_user }}"
|
|
group: "{{ casdoor_group }}"
|
|
mode: '0640'
|
|
notify: restart casdoor
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Reset SSH Connection (apply group changes)
|
|
# -------------------------------------------------------------------------
|
|
|
|
- name: Reset SSH connection to apply group changes
|
|
ansible.builtin.meta: reset_connection
|
|
|
|
# -------------------------------------------------------------------------
|
|
# Start Services
|
|
# -------------------------------------------------------------------------
|
|
|
|
- name: Start Casdoor service
|
|
become: true
|
|
community.docker.docker_compose_v2:
|
|
project_src: "{{ casdoor_directory }}"
|
|
state: present
|
|
pull: always
|
|
|
|
handlers:
|
|
- name: restart casdoor
|
|
become: true
|
|
community.docker.docker_compose_v2:
|
|
project_src: "{{ casdoor_directory }}"
|
|
state: restarted |