Refactor Web front-end.

This moves most of the code into a standalone (at least in principle) "http_frontend" role and invokes it from the main LOCKSS role.

Refactor Web front-end.
887d1eed · McConahy, Renee Margaret · 8d25b91d · 887d1eed · 887d1eed · 887d1eed
Commit 887d1eed authored 5 years ago by McConahy, Renee Margaret
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ This project provides Ansible roles and an example playbook for configuring
 * `lockss_ui_user` (default in `roles/lockss/defaults/main.yml`)
 * `lockss_data_dir` (default in `roles/lockss/defaults/main.yml`)
 * `lockss_configure_firewall` (default: true)
+* `lockss_frontend_port` (default in `roles/lockss/defaults/main.yml`)
 ## Ports
 These are the ports (all TCP) listened on by the various LOCKSS containers:
@@ -46,6 +47,8 @@ These are the ports (all TCP) listened on by the various LOCKSS containers:
 * pywb: 8080 ([Pywb](<https://pypi.org/project/pywb/>) Web console)
 * solr: 8983 (Solr Web console)
+The LOCKSS front-end (written by us) listens on port 80 by default.
 ## Running with Vagrant
 The included Vagrantfile will configure and run the example playbook against the
 machines defined in `vagrant-machines.yml`, currently Ubuntu 18.04 and CentOS 7.

--- a/dev.playbook.yml
+++ b/dev.playbook.yml
@@ -26,7 +26,6 @@
    - minimum_memory
    - system-tweaks-nepeta
    - lockss
-    - lockss-config-frontend
  tasks:
    - debug:
        msg: "Web front-end: http://{{ hostname }}/"

--- a/roles/http_frontend/README.md
+++ b/roles/http_frontend/README.md
+# HTTP frontend
+## Role variables
+### Required variables
+* `http_frontend_backends`: An array of dictionaries, each of which has a
+  `memo` key (rendered as a title on the index page), a `name` key (used in the
+  URL path), and a `port` key.
+* `http_frontend_hostname`
+### Optional variables
+* `http_frontend_name`: The name used for the Docker image and stack. (Default in `defaults/main.yml`.)
+* `http_frontend_port`: The port on which the service will listen. (Default in
+  `defaults/main.yml`.)
+* `http_frontend_index_title`: Give the index page a title.
--- a/roles/http_frontend/defaults/main.yml
+++ b/roles/http_frontend/defaults/main.yml
+---
+http_frontend_name: frontend
+http_frontend_port: 80
--- a/roles/lockss-config-frontend/files/Dockerfile
+++ b/roles/lockss-config-frontend/files/Dockerfile
--- a/roles/lockss-config-frontend/tasks/main.yml
+++ b/roles/lockss-config-frontend/tasks/main.yml
 ---
- name: Add ferm rule.
+# FIXME: None of this is idempotent.
-  template:
-    dest: /etc/ferm.d/11-in-lockss-frontend.ferm
-    src: 11-in-lockss-frontend.ferm.j2
-    validate: ferm -n %s
- service:
-    name: ferm
-    state: restarted
 - name: Create temporary directory.
  tempfile:
    state: directory
  register: tmpdir
- name: Install configuration file.
+- name: Copy httpd configuration file.
  template:
    dest: "{{ tmpdir.path }}/httpd-frontend.conf"
    src: httpd-frontend.conf.j2
@@ -23,7 +15,7 @@
    mode: 0644
  when: tmpdir.path is defined
- name: Install landing page.
+- name: Copy landing page.
  template:
    dest: "{{ tmpdir.path }}/index.html"
    src: index.html.j2
@@ -31,7 +23,7 @@
    mode: 0644
  when: tmpdir.path is defined
- name: Install Dockerfile.
+- name: Copy Dockerfile.
  copy:
    dest: "{{ tmpdir.path }}/Dockerfile"
    src: Dockerfile
@@ -57,7 +49,7 @@
 - name: Build Docker image.
  docker_image:
-    name: lockss-config-frontend
+    name: "{{ http_frontend_name }}"
    source: build
    build:
      path: "{{ tmpdir.path }}"
@@ -68,18 +60,14 @@
  vars:
    ansible_python_interpreter: python3
  docker_stack:
-    name: lockss-config-frontend
+    name: "{{ http_frontend_name }}"
    state: present
    resolve_image: never
    compose:
      - version: "3.7"
        services:
          frontend:
-            image: lockss-config-frontend
+            image: "{{ http_frontend_name }}"
-            ports:
-              - published: "{{ lockss_frontend_port }}"
-                target: 80
-                mode: host
            configs:
              - source: httpd_frontend_config
                target: /usr/local/apache2/conf/conf.d/frontend.conf

--- a/roles/lockss-config-frontend/templates/httpd-frontend.conf.j2
+++ b/roles/lockss-config-frontend/templates/httpd-frontend.conf.j2
@@ -5,8 +5,8 @@ ProxyRequests off
 LoadModule rewrite_module modules/mod_rewrite.so
 RewriteEngine on
-{% for b in lockss_frontend_backends %}
+{% for b in http_frontend_backends %}
-ProxyPass /{{ b.name }}/ http://{{ lockss_hostname }}:{{ b.port }}/
+ProxyPass /{{ b.name }}/ http://{{ http_frontend_hostname }}:{{ b.port }}/
 RewriteRule ^/{{ b.name }}$ /{{ b.name }}/ [R]
 {% endfor %}
@@ -14,7 +14,7 @@ LoadModule proxy_html_module modules/mod_proxy_html.so
 LoadModule xml2enc_module modules/mod_xml2enc.so
 Include conf/extra/proxy-html.conf
-{% for b in lockss_frontend_backends %}
+{% for b in http_frontend_backends %}
 <Location /{{ b.name }}/>
    ProxyPassReverse /
    ProxyPassReverseCookiePath / /{{ b.name }}/
@@ -25,8 +25,8 @@ Include conf/extra/proxy-html.conf
 <Location />
    ProxyHTMLEnable On
-{% for b in lockss_frontend_backends %}
+{% for b in http_frontend_backends %}
-    ProxyHTMLURLMap http://{{ lockss_hostname }}:{{ b.port }} /{{ b.name }}
+    ProxyHTMLURLMap http://{{ http_frontend_hostname }}:{{ b.port }} /{{ b.name }}
 {% endfor %}
    RequestHeader unset Accept-Encoding
 </Location>
--- a/roles/lockss-config-frontend/templates/index.html.j2
+++ b/roles/lockss-config-frontend/templates/index.html.j2
@@ -3,7 +3,9 @@
  <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>LOCKSS</title>
+{% if http_frontend_index_title is defined %}
+    <title>{{ http_frontend_index_title }}</title>
+{% endif %}
    <style type="text/css">
      li {
        margin-bottom: 0.5rem;
@@ -15,10 +17,12 @@
    </style>
  </head>
  <body>
-    <h1>LOCKSS</h1>
+{% if http_frontend_index_title is defined %}
+    <h1>{{ http_frontend_index_title }}</h1>
+{% endif %}
    <h2>Components available from this interface</h2>
    <ul class="main_nav">
-{% for b in lockss_frontend_backends %}
+{% for b in http_frontend_backends %}
      <li><a href="./{{ b.name }}">{{ b.memo }}</a></li>
 {% endfor %}
    </ul>

--- a/roles/lockss-config-frontend/defaults/main.yml
+++ b/roles/lockss-config-frontend/defaults/main.yml
---
-lockss_frontend_port: 80
--- a/roles/lockss-config-frontend/tasks/main.yml-v_nginx
+++ b/roles/lockss-config-frontend/tasks/main.yml-v_nginx
---
- name: Place configuration file.
-  copy:
-    dest: /root/ingress.conf
-    owner: root
-    mode: 0644
-    content: |
-      server {
-          listen 80;
-          location /config/ {
-              sub_filter
-                  "{{ lockss_hostname }}:24621"
-                  "{{ lockss_hostname }}/config";
-              sub_filter
-                  "{{ lockss_hostname }}:24621"
-                  "{{ lockss_hostname }}/config";
-              sub_filter_once off;
-              proxy_pass http://127.0.0.1:24621/;
-              proxy_set_header Accept-Encoding "";
-          }
-      }
- name: Add ferm rule.
-  copy:
-    dest: /etc/ferm.d/11-in-lockss-frontend.ferm
-    content: |
-      @def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
-      domain (ip ip6) table filter chain INPUT
-          saddr $MGMT_NET proto tcp dport 80 ACCEPT;
-    validate: ferm -n %s
- service:
-    name: ferm
-    state: restarted
- name: Remove nginx Docker container.
-  command:
-    cmd: docker rm -f nginx
-  ignore_errors: true
- name: Create nginx Docker container.
-  command:
-    cmd: docker run -d --rm
-         --name nginx
-         -p 80:80
-         --network host
-         -v /root/ingress.conf:/etc/nginx/conf.d/default.conf
-         nginx
--- a/roles/lockss-config-frontend/templates/11-in-lockss-frontend.ferm.j2
+++ b/roles/lockss-config-frontend/templates/11-in-lockss-frontend.ferm.j2
-@def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
-domain (ip ip6) table filter chain INPUT
-    saddr $MGMT_NET proto tcp dport {{ lockss_frontend_port }} ACCEPT;
--- a/roles/lockss-config-frontend/vars/main.yml
+++ b/roles/lockss-config-frontend/vars/main.yml
---
-lockss_frontend_backends:
-  - name: config
-    memo: Configuration service
-    port: 24621
-  - name: api/config
-    memo: Configuration service API
-    port: 24620
-  - name: crawler
-    memo: Cralwer service
-    port: 24631
-  - name: api/crawler
-    memo: Crawler service API
-    port: 24630
-  - name: metadata-extraction
-    memo: Metadata extraction
-    port: 24641
-  - name: api/metadata-extraction
-    memo: Metadata extraction API
-    port: 24640
-  - name: metadata-query
-    memo: Metadata query
-    port: 24651
-  - name: api/metadata-query
-    memo: Metadata query API
-    port: 24650
-  - name: api/repo
-    memo: Repository API
-    port: 24610
-  - name: pywb
-    memo: Python Wayback Machine
-    port: 8080
-  - name: solr
-    memo: Solr console
-    port: 8983
--- a/roles/lockss/defaults/main.yml
+++ b/roles/lockss/defaults/main.yml
@@ -6,4 +6,5 @@ lockss_data_dir: /var/lib/lockss
 lockss_ui_user: admin
 lockss_network_ips: []
 lockss_admin_ips: []
+lockss_frontend_port: 80
 lockss_props_url: http://props.lockss.org:8001/demo/lockss.xml
--- a/roles/lockss/tasks/main.yml
+++ b/roles/lockss/tasks/main.yml
@@ -267,3 +267,13 @@
  become: true
  become_user: lockss
  when: not ansible_check_mode
+- name: Configure a Web front-end.
+  include_role:
+    name: http_frontend
+  vars:
+    http_frontend_name: lockss-config-frontend
+    http_frontend_index_title: LOCKSS
+    http_frontend_backends: "{{ lockss_frontend_backends }}"
+    http_frontend_port: "{{ lockss_frontend_port }}"
+    http_frontend_hostname: "{{ lockss_hostname }}"
--- a/roles/lockss/templates/ferm/10-in-lockss.ferm.j2
+++ b/roles/lockss/templates/ferm/10-in-lockss.ferm.j2
 @def $LOCKSS_NET = ({{ lockss_network_ips | join(" ") }});
 @def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
 @def $LOCKSS_CONFIG_PORTS = (
-    24640 24641               # metadata-extraction-service
+    24640 24641                   # metadata-extraction-service
-    5432                      # postgres
+    5432                          # postgres
-    24650 24651               # metadata-service
+    24650 24651                   # metadata-service
-    24610                     # repository-service
+    24610                         # repository-service
-    24620 24621               # configuration-service
+    24620 24621                   # configuration-service
-    9729 24630 24631 24680    # poller
+    9729 24630 24631 24680        # poller
-    8080                      # pywb
+    8080                          # pywb
-    8983                      # solr
+    8983                          # solr
+    {{ lockss_frontend_port }}    # lockss-config-frontend
 );
 @def $LOCKSS_NET_PORTS = (
    9729    # poller

--- a/roles/lockss/vars/main.yml
+++ b/roles/lockss/vars/main.yml
 ---
 lockss_git_url: https://github.com/lockss/lockss-installer
+lockss_frontend_backends:
+  - name: config
+    memo: Configuration service
+    port: 24621
+  - name: api/config
+    memo: Configuration service API
+    port: 24620
+  - name: crawler
+    memo: Cralwer service
+    port: 24631
+  - name: api/crawler
+    memo: Crawler service API
+    port: 24630
+  - name: metadata-extraction
+    memo: Metadata extraction
+    port: 24641
+  - name: api/metadata-extraction
+    memo: Metadata extraction API
+    port: 24640
+  - name: metadata-query
+    memo: Metadata query
+    port: 24651
+  - name: api/metadata-query
+    memo: Metadata query API
+    port: 24650
+  - name: api/repo
+    memo: Repository API
+    port: 24610
+  - name: pywb
+    memo: Python Wayback Machine
+    port: 8080
+  - name: solr
+    memo: Solr console
+    port: 8983