Replace crude Web front-end with a Docker service.

8d25b91d · McConahy, Renee Margaret · dd8fc43d · 8d25b91d · 8d25b91d · 8d25b91d
Commit 8d25b91d authored 5 years ago by McConahy, Renee Margaret
--- a/roles/lockss-config-frontend/files/Dockerfile
+++ b/roles/lockss-config-frontend/files/Dockerfile
+FROM httpd:2.4
+
+RUN mkdir conf/conf.d \
+    && echo "IncludeOptional conf/conf.d/*" >>/usr/local/apache2/conf/httpd.conf
--- a/roles/lockss-config-frontend/tasks/main.yml
+++ b/roles/lockss-config-frontend/tasks/main.yml
 ---

+- name: Add ferm rule.
+  template:
+    dest: /etc/ferm.d/11-in-lockss-frontend.ferm
+    src: 11-in-lockss-frontend.ferm.j2
+    validate: ferm -n %s
+
+- service:
+    name: ferm
+    state: restarted
+
+- name: Create temporary directory.
+  tempfile:
+    state: directory
+  register: tmpdir
+
 - name: Install configuration file.
  template:
-    dest: /root/ingress-httpd.conf
-    src: httpd.conf.j2
+    dest: "{{ tmpdir.path }}/httpd-frontend.conf"
+    src: httpd-frontend.conf.j2
    owner: root
    mode: 0644
+  when: tmpdir.path is defined

 - name: Install landing page.
  template:
-    dest: /root/ingress-index.html
+    dest: "{{ tmpdir.path }}/index.html"
    src: index.html.j2
    owner: root
    mode: 0644
+  when: tmpdir.path is defined

- name: Add ferm rule.
-  template:
-    dest: /etc/ferm.d/11-in-lockss-frontend.ferm
-    src: 11-in-lockss-frontend.ferm.j2
-    validate: ferm -n %s
+- name: Install Dockerfile.
+  copy:
+    dest: "{{ tmpdir.path }}/Dockerfile"
+    src: Dockerfile
+    owner: root
+    mode: 0644
+  when: tmpdir.path is defined

- service:
-    name: ferm
-    state: restarted
+- name: Install python3-jsondiff (Ubuntu).
+  package:
+    name: python3-jsondiff=1.*
+    state: present
+  when: ansible_distribution == "Ubuntu"
+
+- name: Install needed Python libraries (CentOS).
+  vars:
+    ansible_python_interpreter: python3
+  pip:
+    name:
+      - jsondiff>=1.0,<2.0
+      - pyyaml>=5.0,<6.0
+    state: present
+  when: ansible_distribution == "CentOS"
+
+- name: Build Docker image.
+  docker_image:
+    name: lockss-config-frontend
+    source: build
+    build:
+      path: "{{ tmpdir.path }}"
+      pull: yes
+  when: tmpdir.path is defined
+
+- name: Deploy stack.
+  vars:
+    ansible_python_interpreter: python3
+  docker_stack:
+    name: lockss-config-frontend
+    state: present
+    resolve_image: never
+    compose:
+      - version: "3.7"
+        services:
+          frontend:
+            image: lockss-config-frontend
+            ports:
+              - published: "{{ lockss_frontend_port }}"
+                target: 80
+                mode: host
+            configs:
+              - source: httpd_frontend_config
+                target: /usr/local/apache2/conf/conf.d/frontend.conf
+              - source: index
+                target: /usr/local/apache2/htdocs/index.html
+
+        configs:
+          httpd_frontend_config:
+            file: "{{ tmpdir.path }}/httpd-frontend.conf"
+          index:
+            file: "{{ tmpdir.path }}/index.html"
+
+        networks:
+          default:
+            external:
+              name: host
+  when: tmpdir.path is defined

- name: Remove ingress Docker container.
-  command:
-    cmd: docker rm -f apache
-  ignore_errors: true
-
- name: Create ingress Docker container.
-  command:
-    cmd: docker run -d --rm
-         --name apache
-         -p 80:80
-         --network host
-         -v /root/ingress-httpd.conf:/usr/local/apache2/conf/httpd.conf
-         -v /root/ingress-index.html:/usr/local/apache2/htdocs/index.html
-         httpd:2.4
+- name: Remove temporary directory.
+  file:
+    path: "{{ tmpdir.path }}"
+    state: absent
+  when: tmpdir.path is defined
--- a/roles/lockss-config-frontend/templates/httpd-frontend.conf.j2
+++ b/roles/lockss-config-frontend/templates/httpd-frontend.conf.j2
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+ProxyRequests off
+
+LoadModule rewrite_module modules/mod_rewrite.so
+RewriteEngine on
+
+{% for b in lockss_frontend_backends %}
+ProxyPass /{{ b.name }}/ http://{{ lockss_hostname }}:{{ b.port }}/
+RewriteRule ^/{{ b.name }}$ /{{ b.name }}/ [R]
+{% endfor %}
+
+LoadModule proxy_html_module modules/mod_proxy_html.so
+LoadModule xml2enc_module modules/mod_xml2enc.so
+Include conf/extra/proxy-html.conf
+
+{% for b in lockss_frontend_backends %}
+<Location /{{ b.name }}/>
+    ProxyPassReverse /
+    ProxyPassReverseCookiePath / /{{ b.name }}/
+
+    ProxyHTMLURLMap / /{{ b.name }}/
+</Location>
+{% endfor %}
+
+<Location />
+    ProxyHTMLEnable On
+{% for b in lockss_frontend_backends %}
+    ProxyHTMLURLMap http://{{ lockss_hostname }}:{{ b.port }} /{{ b.name }}
+{% endfor %}
+    RequestHeader unset Accept-Encoding
+</Location>
--- a/roles/lockss-config-frontend/templates/httpd.conf.j2
+++ b/roles/lockss-config-frontend/templates/httpd.conf.j2
-ServerRoot "/usr/local/apache2"
-Listen {{ lockss_frontend_port }}
-LoadModule mpm_event_module modules/mod_mpm_event.so
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_core_module modules/mod_authn_core.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_core_module modules/mod_authz_core.so
-LoadModule access_compat_module modules/mod_access_compat.so
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule reqtimeout_module modules/mod_reqtimeout.so
-LoadModule filter_module modules/mod_filter.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule env_module modules/mod_env.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule version_module modules/mod_version.so
-LoadModule unixd_module modules/mod_unixd.so
-LoadModule status_module modules/mod_status.so
-LoadModule autoindex_module modules/mod_autoindex.so
-<IfModule !mpm_prefork_module>
-</IfModule>
-<IfModule mpm_prefork_module>
-</IfModule>
-LoadModule dir_module modules/mod_dir.so
-LoadModule alias_module modules/mod_alias.so
-<IfModule unixd_module>
-User daemon
-Group daemon
-</IfModule>
-ServerAdmin you@example.com
-<Directory />
-    AllowOverride none
-    Require all denied
-</Directory>
-DocumentRoot "/usr/local/apache2/htdocs"
-<Directory "/usr/local/apache2/htdocs">
-    Options Indexes FollowSymLinks
-    AllowOverride None
-    Require all granted
-</Directory>
-<IfModule dir_module>
-    DirectoryIndex index.html
-</IfModule>
-<Files ".ht*">
-    Require all denied
-</Files>
-ErrorLog /proc/self/fd/2
-LogLevel warn
-<IfModule log_config_module>
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %b" common
-    <IfModule logio_module>
-      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-    </IfModule>
-    CustomLog /proc/self/fd/1 common
-</IfModule>
-<IfModule alias_module>
-    ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
-</IfModule>
-<IfModule cgid_module>
-</IfModule>
-<Directory "/usr/local/apache2/cgi-bin">
-    AllowOverride None
-    Options None
-    Require all granted
-</Directory>
-<IfModule headers_module>
-    RequestHeader unset Proxy early
-</IfModule>
-<IfModule mime_module>
-    TypesConfig conf/mime.types
-    AddType application/x-compress .Z
-    AddType application/x-gzip .gz .tgz
-</IfModule>
-<IfModule proxy_html_module>
-Include conf/extra/proxy-html.conf
-</IfModule>
-<IfModule ssl_module>
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-</IfModule>
-
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-ProxyRequests off
-
-LoadModule rewrite_module modules/mod_rewrite.so
-RewriteEngine on
-
-{% for b in lockss_frontend_backends %}
-ProxyPass /{{ b.name }}/ http://{{ lockss_hostname }}:{{ b.port }}/
-RewriteRule ^/{{ b.name }}$ /{{ b.name }}/ [R]
-{% endfor %}
-
-LoadModule proxy_html_module modules/mod_proxy_html.so
-LoadModule xml2enc_module modules/mod_xml2enc.so
-Include conf/extra/proxy-html.conf
-
-{% for b in lockss_frontend_backends %}
-<Location /{{ b.name }}/>
-    ProxyPassReverse /
-    ProxyPassReverseCookiePath / /{{ b.name }}/
-
-    ProxyHTMLURLMap / /{{ b.name }}/
-</Location>
-{% endfor %}
-
-<Location />
-    ProxyHTMLEnable On
-{% for b in lockss_frontend_backends %}
-    ProxyHTMLURLMap http://{{ lockss_hostname }}:{{ b.port }} /{{ b.name }}
-{% endfor %}
-    RequestHeader unset Accept-Encoding
-</Location>
--- a/roles/lockss-config-frontend/templates/index.html.j2
+++ b/roles/lockss-config-frontend/templates/index.html.j2
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>LOCKSS</title>
+    <style type="text/css">
+      li {
+        margin-bottom: 0.5rem;
+      }
+
+      a:visited {
+        color: blue;
+      }
+    </style>
+  </head>
+  <body>
+    <h1>LOCKSS</h1>
+    <h2>Components available from this interface</h2>
+    <ul class="main_nav">
+{% for b in lockss_frontend_backends %}
+      <li><a href="./{{ b.name }}">{{ b.memo }}</a></li>
+{% endfor %}
+    </ul>
+  </body>
+</html>