Skip to content
Snippets Groups Projects
Commit 887d1eed authored by McConahy, Renee Margaret's avatar McConahy, Renee Margaret
Browse files

Refactor Web front-end.

This moves most of the code into a standalone (at least in principle)
"http_frontend" role and invokes it from the main LOCKSS role.
parent 8d25b91d
No related branches found
No related tags found
No related merge requests found
Showing
with 95 additions and 127 deletions
......@@ -32,6 +32,7 @@ This project provides Ansible roles and an example playbook for configuring
* `lockss_ui_user` (default in `roles/lockss/defaults/main.yml`)
* `lockss_data_dir` (default in `roles/lockss/defaults/main.yml`)
* `lockss_configure_firewall` (default: true)
* `lockss_frontend_port` (default in `roles/lockss/defaults/main.yml`)
## Ports
These are the ports (all TCP) listened on by the various LOCKSS containers:
......@@ -46,6 +47,8 @@ These are the ports (all TCP) listened on by the various LOCKSS containers:
* pywb: 8080 ([Pywb](<https://pypi.org/project/pywb/>) Web console)
* solr: 8983 (Solr Web console)
The LOCKSS front-end (written by us) listens on port 80 by default.
## Running with Vagrant
The included Vagrantfile will configure and run the example playbook against the
machines defined in `vagrant-machines.yml`, currently Ubuntu 18.04 and CentOS 7.
......
......@@ -26,7 +26,6 @@
- minimum_memory
- system-tweaks-nepeta
- lockss
- lockss-config-frontend
tasks:
- debug:
msg: "Web front-end: http://{{ hostname }}/"
......
# HTTP frontend
## Role variables
### Required variables
* `http_frontend_backends`: An array of dictionaries, each of which has a
`memo` key (rendered as a title on the index page), a `name` key (used in the
URL path), and a `port` key.
* `http_frontend_hostname`
### Optional variables
* `http_frontend_name`: The name used for the Docker image and stack. (Default in `defaults/main.yml`.)
* `http_frontend_port`: The port on which the service will listen. (Default in
`defaults/main.yml`.)
* `http_frontend_index_title`: Give the index page a title.
---
http_frontend_name: frontend
http_frontend_port: 80
---
- name: Add ferm rule.
template:
dest: /etc/ferm.d/11-in-lockss-frontend.ferm
src: 11-in-lockss-frontend.ferm.j2
validate: ferm -n %s
- service:
name: ferm
state: restarted
# FIXME: None of this is idempotent.
- name: Create temporary directory.
tempfile:
state: directory
register: tmpdir
- name: Install configuration file.
- name: Copy httpd configuration file.
template:
dest: "{{ tmpdir.path }}/httpd-frontend.conf"
src: httpd-frontend.conf.j2
......@@ -23,7 +15,7 @@
mode: 0644
when: tmpdir.path is defined
- name: Install landing page.
- name: Copy landing page.
template:
dest: "{{ tmpdir.path }}/index.html"
src: index.html.j2
......@@ -31,7 +23,7 @@
mode: 0644
when: tmpdir.path is defined
- name: Install Dockerfile.
- name: Copy Dockerfile.
copy:
dest: "{{ tmpdir.path }}/Dockerfile"
src: Dockerfile
......@@ -57,7 +49,7 @@
- name: Build Docker image.
docker_image:
name: lockss-config-frontend
name: "{{ http_frontend_name }}"
source: build
build:
path: "{{ tmpdir.path }}"
......@@ -68,18 +60,14 @@
vars:
ansible_python_interpreter: python3
docker_stack:
name: lockss-config-frontend
name: "{{ http_frontend_name }}"
state: present
resolve_image: never
compose:
- version: "3.7"
services:
frontend:
image: lockss-config-frontend
ports:
- published: "{{ lockss_frontend_port }}"
target: 80
mode: host
image: "{{ http_frontend_name }}"
configs:
- source: httpd_frontend_config
target: /usr/local/apache2/conf/conf.d/frontend.conf
......
......@@ -5,8 +5,8 @@ ProxyRequests off
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on
{% for b in lockss_frontend_backends %}
ProxyPass /{{ b.name }}/ http://{{ lockss_hostname }}:{{ b.port }}/
{% for b in http_frontend_backends %}
ProxyPass /{{ b.name }}/ http://{{ http_frontend_hostname }}:{{ b.port }}/
RewriteRule ^/{{ b.name }}$ /{{ b.name }}/ [R]
{% endfor %}
......@@ -14,7 +14,7 @@ LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
Include conf/extra/proxy-html.conf
{% for b in lockss_frontend_backends %}
{% for b in http_frontend_backends %}
<Location /{{ b.name }}/>
ProxyPassReverse /
ProxyPassReverseCookiePath / /{{ b.name }}/
......@@ -25,8 +25,8 @@ Include conf/extra/proxy-html.conf
<Location />
ProxyHTMLEnable On
{% for b in lockss_frontend_backends %}
ProxyHTMLURLMap http://{{ lockss_hostname }}:{{ b.port }} /{{ b.name }}
{% for b in http_frontend_backends %}
ProxyHTMLURLMap http://{{ http_frontend_hostname }}:{{ b.port }} /{{ b.name }}
{% endfor %}
RequestHeader unset Accept-Encoding
</Location>
......@@ -3,7 +3,9 @@
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>LOCKSS</title>
{% if http_frontend_index_title is defined %}
<title>{{ http_frontend_index_title }}</title>
{% endif %}
<style type="text/css">
li {
margin-bottom: 0.5rem;
......@@ -15,10 +17,12 @@
</style>
</head>
<body>
<h1>LOCKSS</h1>
{% if http_frontend_index_title is defined %}
<h1>{{ http_frontend_index_title }}</h1>
{% endif %}
<h2>Components available from this interface</h2>
<ul class="main_nav">
{% for b in lockss_frontend_backends %}
{% for b in http_frontend_backends %}
<li><a href="./{{ b.name }}">{{ b.memo }}</a></li>
{% endfor %}
</ul>
......
---
lockss_frontend_port: 80
---
- name: Place configuration file.
copy:
dest: /root/ingress.conf
owner: root
mode: 0644
content: |
server {
listen 80;
location /config/ {
sub_filter
"{{ lockss_hostname }}:24621"
"{{ lockss_hostname }}/config";
sub_filter
"{{ lockss_hostname }}:24621"
"{{ lockss_hostname }}/config";
sub_filter_once off;
proxy_pass http://127.0.0.1:24621/;
proxy_set_header Accept-Encoding "";
}
}
- name: Add ferm rule.
copy:
dest: /etc/ferm.d/11-in-lockss-frontend.ferm
content: |
@def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
domain (ip ip6) table filter chain INPUT
saddr $MGMT_NET proto tcp dport 80 ACCEPT;
validate: ferm -n %s
- service:
name: ferm
state: restarted
- name: Remove nginx Docker container.
command:
cmd: docker rm -f nginx
ignore_errors: true
- name: Create nginx Docker container.
command:
cmd: docker run -d --rm
--name nginx
-p 80:80
--network host
-v /root/ingress.conf:/etc/nginx/conf.d/default.conf
nginx
@def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
domain (ip ip6) table filter chain INPUT
saddr $MGMT_NET proto tcp dport {{ lockss_frontend_port }} ACCEPT;
---
lockss_frontend_backends:
- name: config
memo: Configuration service
port: 24621
- name: api/config
memo: Configuration service API
port: 24620
- name: crawler
memo: Cralwer service
port: 24631
- name: api/crawler
memo: Crawler service API
port: 24630
- name: metadata-extraction
memo: Metadata extraction
port: 24641
- name: api/metadata-extraction
memo: Metadata extraction API
port: 24640
- name: metadata-query
memo: Metadata query
port: 24651
- name: api/metadata-query
memo: Metadata query API
port: 24650
- name: api/repo
memo: Repository API
port: 24610
- name: pywb
memo: Python Wayback Machine
port: 8080
- name: solr
memo: Solr console
port: 8983
......@@ -6,4 +6,5 @@ lockss_data_dir: /var/lib/lockss
lockss_ui_user: admin
lockss_network_ips: []
lockss_admin_ips: []
lockss_frontend_port: 80
lockss_props_url: http://props.lockss.org:8001/demo/lockss.xml
......@@ -267,3 +267,13 @@
become: true
become_user: lockss
when: not ansible_check_mode
- name: Configure a Web front-end.
include_role:
name: http_frontend
vars:
http_frontend_name: lockss-config-frontend
http_frontend_index_title: LOCKSS
http_frontend_backends: "{{ lockss_frontend_backends }}"
http_frontend_port: "{{ lockss_frontend_port }}"
http_frontend_hostname: "{{ lockss_hostname }}"
@def $LOCKSS_NET = ({{ lockss_network_ips | join(" ") }});
@def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
@def $LOCKSS_CONFIG_PORTS = (
24640 24641 # metadata-extraction-service
5432 # postgres
24650 24651 # metadata-service
24610 # repository-service
24620 24621 # configuration-service
9729 24630 24631 24680 # poller
8080 # pywb
8983 # solr
24640 24641 # metadata-extraction-service
5432 # postgres
24650 24651 # metadata-service
24610 # repository-service
24620 24621 # configuration-service
9729 24630 24631 24680 # poller
8080 # pywb
8983 # solr
{{ lockss_frontend_port }} # lockss-config-frontend
);
@def $LOCKSS_NET_PORTS = (
9729 # poller
......
---
lockss_git_url: https://github.com/lockss/lockss-installer
lockss_frontend_backends:
- name: config
memo: Configuration service
port: 24621
- name: api/config
memo: Configuration service API
port: 24620
- name: crawler
memo: Cralwer service
port: 24631
- name: api/crawler
memo: Crawler service API
port: 24630
- name: metadata-extraction
memo: Metadata extraction
port: 24641
- name: api/metadata-extraction
memo: Metadata extraction API
port: 24640
- name: metadata-query
memo: Metadata query
port: 24651
- name: api/metadata-query
memo: Metadata query API
port: 24650
- name: api/repo
memo: Repository API
port: 24610
- name: pywb
memo: Python Wayback Machine
port: 8080
- name: solr
memo: Solr console
port: 8983
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment