From 364fdd5ac53729df30425a2e22423964af5f6bad Mon Sep 17 00:00:00 2001 From: Lukas Lihotzki Date: Tue, 12 Nov 2024 11:55:26 +0100 Subject: [PATCH] feat(famedly_sync): add role --- roles/famedly_sync/README.md | 14 +++++ roles/famedly_sync/defaults/main.yml | 30 ++++++++++ roles/famedly_sync/handlers/main.yml | 8 +++ roles/famedly_sync/tasks/main.yml | 55 +++++++++++++++++++ .../templates/famedly-sync.service.j2 | 6 ++ .../templates/famedly-sync.timer.j2 | 9 +++ 6 files changed, 122 insertions(+) create mode 100644 roles/famedly_sync/README.md create mode 100644 roles/famedly_sync/defaults/main.yml create mode 100644 roles/famedly_sync/handlers/main.yml create mode 100644 roles/famedly_sync/tasks/main.yml create mode 100644 roles/famedly_sync/templates/famedly-sync.service.j2 create mode 100644 roles/famedly_sync/templates/famedly-sync.timer.j2 diff --git a/roles/famedly_sync/README.md b/roles/famedly_sync/README.md new file mode 100644 index 0000000..7854ff5 --- /dev/null +++ b/roles/famedly_sync/README.md @@ -0,0 +1,14 @@ +# `famedly.base.famedly_sync` ansible role for `famedly-sync` + +## Description + +Deploys [`famedly/famedly-sync`](https://github.com/famedly/famedly-sync) in a +docker container. + +## Requirements + +The role needs to be run as root. + +## Usage + +- `famedly_sync_config`: dictionary that contains `famedly-sync` configuration diff --git a/roles/famedly_sync/defaults/main.yml b/roles/famedly_sync/defaults/main.yml new file mode 100644 index 0000000..aed88ed --- /dev/null +++ b/roles/famedly_sync/defaults/main.yml @@ -0,0 +1,30 @@ +famedly_sync_path: /opt/famedly-sync + +famedly_sync_container_image_force_pull: "{{ famedly_sync_container_image_tag is defined }}" + +famedly_sync_version: "0.6.0" + +famedly_sync_container_image_reference: >- + {{ + famedly_sync_container_image_repository + + ':' + + famedly_sync_container_image_tag | default('v' + famedly_sync_version) + }} +famedly_sync_container_image_repository: >- + {{ + ( + container_registries[famedly_sync_container_image_registry] + | default(famedly_sync_container_image_registry) + ) + + '/' + + famedly_sync_container_image_namespace | default('') + + famedly_sync_container_image_name + }} +famedly_sync_container_image_registry: "docker-oss.nexus.famedly.de" +famedly_sync_container_image_name: "famedly-sync-agent" + +famedly_sync_docker_networks: + - name: host + +famedly_sync_docker_volumes: + - "{{ famedly_sync_path }}:/opt/famedly-sync:rw" diff --git a/roles/famedly_sync/handlers/main.yml b/roles/famedly_sync/handlers/main.yml new file mode 100644 index 0000000..67aa65b --- /dev/null +++ b/roles/famedly_sync/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: Restart famedly-sync.timer + listen: "restart famedly-sync.timer" + become: true + ansible.builtin.systemd: + daemon_reload: true + name: famedly-sync.timer + state: restarted diff --git a/roles/famedly_sync/tasks/main.yml b/roles/famedly_sync/tasks/main.yml new file mode 100644 index 0000000..c6c45f0 --- /dev/null +++ b/roles/famedly_sync/tasks/main.yml @@ -0,0 +1,55 @@ +--- + +- name: "Assert config is defined" + ansible.builtin.assert: + that: "famedly_sync_config is defined" + fail_msg: "famedly_sync_config needs to be defined per host" + +- name: "Create volume path" + ansible.builtin.file: + path: "{{ item }}" + state: "directory" + mode: "0700" + loop: + - "{{ famedly_sync_path }}" + +- name: "Ensure container image is present locally" + community.docker.docker_image: + name: "{{ famedly_sync_container_image_reference }}" + source: "pull" + state: "present" + force_source: "{{ famedly_sync_container_image_force_pull }}" + +- name: "Ensure container is present" + community.docker.docker_container: + name: famedly-sync + image: "{{ famedly_sync_container_image_reference }}" + state: "present" + volumes: "{{ famedly_sync_docker_volumes }}" + labels: "{{ famedly_sync_docker_labels | default(omit, True) }}" + networks: "{{ famedly_sync_docker_networks }}" + +- name: "Deploy config" + ansible.builtin.copy: + # famedly_sync_config is defined, because the assertion passed + content: "{{ famedly_sync_config | to_nice_yaml(indent=2) }}" # noqa: jinja[invalid] + dest: "{{ famedly_sync_path }}/config.yaml" + mode: "0400" + +- name: "Install systemd units" + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "/etc/systemd/system/{{ item }}" + owner: root + group: root + mode: "0644" + notify: "restart famedly-sync.timer" + loop: + - famedly-sync.service + - famedly-sync.timer + +- name: "Enable famedly-sync.timer" + ansible.builtin.systemd: + name: famedly-sync.timer + state: started + enabled: true diff --git a/roles/famedly_sync/templates/famedly-sync.service.j2 b/roles/famedly_sync/templates/famedly-sync.service.j2 new file mode 100644 index 0000000..f9263eb --- /dev/null +++ b/roles/famedly_sync/templates/famedly-sync.service.j2 @@ -0,0 +1,6 @@ +[Unit] +Description=Sync users from LDAP to Zitadel + +[Service] +Type=oneshot +ExecStart=/usr/bin/docker start -a famedly-sync diff --git a/roles/famedly_sync/templates/famedly-sync.timer.j2 b/roles/famedly_sync/templates/famedly-sync.timer.j2 new file mode 100644 index 0000000..e05fad9 --- /dev/null +++ b/roles/famedly_sync/templates/famedly-sync.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Sync users from LDAP to Zitadel regularly + +[Timer] +OnBootSec=15min +OnUnitActiveSec=15min + +[Install] +WantedBy=timers.target