From 2c02f0d5cb2796f624fe3a4d6db16701e062d6b7 Mon Sep 17 00:00:00 2001 From: phil Date: Wed, 14 Dec 2022 17:17:59 +0100 Subject: [PATCH] Konfiguriere Minion Job Queue --- defaults/main.yml | 5 +++++ tasks/database.yml | 18 ++++++++++++++---- tasks/lstu.yml | 17 +++++++++++++++-- templates/lstu-minion.service | 21 +++++++++++++++++++++ templates/monit.j2 | 4 ++++ 5 files changed, 59 insertions(+), 6 deletions(-) create mode 100644 templates/lstu-minion.service diff --git a/defaults/main.yml b/defaults/main.yml index f252fa3..9144206 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,3 +13,8 @@ lstu: path: /var/www/lstu contact: 'admin[at]systemausfall.org' +minion_service: lstu-minion +minion_workers: 1 +minion_db: lstu-minion +minion_db_user: lstu-minion +minion_db_password: "{{ lookup('password', '/tmp/lstu_minion_db_pw length=42 chars=ascii_letters,digits') }}" diff --git a/tasks/database.yml b/tasks/database.yml index d980f77..1c353cc 100644 --- a/tasks/database.yml +++ b/tasks/database.yml @@ -1,18 +1,28 @@ --- - name: "database | Erstelle Datenbank" ansible.builtin.mysql_db: - name: "{{ lstu_db }}" + name: "{{ item }}" state: present login_unix_socket: "{{ mysql_socket }}" login_user: root + loop: + - "{{ lstu_db }}" + - "{{ minion_db }}" - name: "database | Erstelle Benuzter" ansible.builtin.mysql_user: - name: "{{ lstu_db_user }}" - password: "{{ lstu_db_password }}" + name: "{{ item.user }}" + password: "{{ item.password }}" host: "{{ inventory_hostname }}" - priv: "{{ lstu_db }}.*:ALL" + priv: "{{ item.database }}.*:ALL" update_password: on_create state: present login_unix_socket: "{{ mysql_socket }}" login_user: root + loop: + - user: "{{ lstu_db_user }}" + password: "{{ lstu_db_password }}" + database: "{{ lstu_db }}" + - user: "{{ minion_db_user }}" + password: "{{ minion_db_password }}" + database: "{{ minion_db }}" diff --git a/tasks/lstu.yml b/tasks/lstu.yml index 0722323..e0c0672 100644 --- a/tasks/lstu.yml +++ b/tasks/lstu.yml @@ -10,7 +10,7 @@ path: "{{ lstu.path }}" state: directory owner: "{{ lstu_user }}" - group: "{{ lstu_user }}" + group: "{{ lstu_user }}" mode: 0755 recurse: true @@ -44,7 +44,6 @@ group: "{{ lstu_user }}" recurse: true - - name: "lstu | edit config" ansible.builtin.lineinfile: path="{{ lstu.path }}/lstu.conf" @@ -87,6 +86,20 @@ mode: 0644 notify: restart lstu +- name: "lstu | Kopiere systemd-Unit für minion-Worker" + ansible.builtin.template: + src: lstu-minion.service + dest: "/etc/systemd/system/{{ minion_service }}@.service" + mode: 0644 + +- name: lstu | Starte minion-Worker + ansible.builtin.systemd: + name: "{{ minion_service }}@{{ item }}" + enabled: true + state: restarted + daemon_reload: true + loop: "{{ range(0, minion_workers ) | list }}" + - name: "lstu | Prüfe Theme-Verzeichnis" ansible.builtin.stat: path: "{{ lstu.path }}/themes/{{ lstu_theme }}" diff --git a/templates/lstu-minion.service b/templates/lstu-minion.service new file mode 100644 index 0000000..68264c1 --- /dev/null +++ b/templates/lstu-minion.service @@ -0,0 +1,21 @@ +[Unit] +Description=Shortened URLs service job queue +Documentation=https://framagit.org/fiat-tux/hat-softwares/lstu + +[Service] +Type=simple +User={{ lstu_user }} +WorkingDirectory={{ lstu.path }} +ExecStart=/usr/bin/carton exec script/application minion worker + +# Hardening +CapabilityBoundingSet= +PrivateMounts=true +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectSystem=strict +ReadWritePaths=-{{ lstu.path }} + +[Install] +WantedBy=multi-user.target diff --git a/templates/monit.j2 b/templates/monit.j2 index 3b1003b..794e9f5 100644 --- a/templates/monit.j2 +++ b/templates/monit.j2 @@ -2,3 +2,7 @@ check process lstu with pidfile {{ lstu.path }}/script/hypnotoad.pid start program = "/bin/systemctl start {{ lstu_service }}" stop program = "/bin/systemctl stop {{ lstu_service }}" if failed host {{ ansible_default_ipv4.address }} port 8080 with timeout 15 seconds for 3 times within 4 cycles then restart + +check process lstu-minion matching "perl script/application minion worker" + start program = "/bin/systemctl start {{ minion_service }}" + stop program = "/bin/systemctl stop {{ minion_service }}"