Commit bee368d4 authored by Eric Pellegrini's avatar Eric Pellegrini

updated mysql and load balancer roles

parent d57a2445
......@@ -295,6 +295,8 @@ ntp:
mysql:
localhost: False
bind_server: jhub-haproxy
databases:
......@@ -310,7 +312,13 @@ mysql:
# haproxy
#############################################
haproxy:
#############################################
# load_balancer
#############################################
load_balancer:
proxy_server: haproxy_server
pem_file: /etc/ssl/certs/star.ill.fr.pem
......@@ -324,6 +332,8 @@ jupyterhub:
proxy_authentication_token: "{{ vault_proxy_authentication_token }}"
proxy_server: "{{ load_balancer['proxy_server'] }}"
admin_users:
- caunt
- hall
......@@ -340,10 +350,9 @@ jupyterhub:
description: "VISA jupyterhub"
port: 8080
load_balancer: jhub-haproxy
mysql:
bind_server: "{{ mysql.bind_server }}"
database: "{{ mysql.databases.0 }}"
user: "{{ mysql.users.0.name }}"
password: "{{ mysql.users.0.password }}"
bind_server: "{{ mysql['bind_server'] }}"
database: "{{ mysql['databases'][0] }}"
user: "{{ mysql['users'][0]['name'] }}"
password: "{{ mysql['users'][0]['password'] }}"
......@@ -11,6 +11,7 @@
name: roles/haproxy
vars:
temp: "{{ groups['jhub_servers'] | map('extract',hostvars,['ansible_default_ipv4','address']) | list }}"
balanced_servers: "{{ temp | map('string_postfix',':'+(jupyterhub.keycloak.port | string)) | list }}"
pem_file: "{{ haproxy.pem_file }}"
balanced_servers: "{{ temp | map('string_postfix',':'+(jupyterhub['keycloak']['port'] | string)) | list }}"
proxy_server: "{{ hostvars[load_balancer['proxy_server']]['ansible_default_ipv4']['address'] }}"
pem_file: "{{ load_balancer['pem_file'] }}"
......@@ -10,19 +10,19 @@
- import_role:
name: roles/jupyterhub
vars:
conda_install_dir: "{{ ansible_env.HOME }}/conda"
admin_users: "{{ jupyterhub.admin_users }}"
keycloak_url: "{{ jupyterhub.keycloak.url }}"
keycloak_admin: "{{ jupyterhub.keycloak.admin }}"
keycloak_admin_password: "{{ jupyterhub.keycloak.password }}"
keycloak_realm_name: "{{ jupyterhub.keycloak.realm_name }}"
keycloak_port: "{{ jupyterhub.keycloak.port }}"
keycloak_description: "{{ jupyterhub.keycloak.description }}"
load_balancer: "{{ hostvars[jupyterhub.load_balancer]['ansible_default_ipv4']['address'] }}"
mysql_user: "{{ jupyterhub.mysql.user }}"
mysql_password: "{{ jupyterhub.mysql.password }}"
mysql_database: "{{ jupyterhub.mysql.database }}"
mysql_bind_server: "{{ hostvars[jupyterhub.mysql.bind_server]['ansible_default_ipv4']['address'] }}"
cookie_secret: "{{ jupyterhub.cookie_secret }}"
proxy_authentication_token: "{{ jupyterhub.proxy_authentication_token }}"
admin_users: "{{ jupyterhub['admin_users'] }}"
conda_install_dir: "{{ ansible_env['HOME'] }}/conda"
cookie_secret: "{{ jupyterhub['cookie_secret'] }}"
keycloak_url: "{{ jupyterhub['keycloak']['url'] }}"
keycloak_admin: "{{ jupyterhub['keycloak']['admin'] }}"
keycloak_admin_password: "{{ jupyterhub['keycloak']['password'] }}"
keycloak_realm_name: "{{ jupyterhub['keycloak']['realm_name'] }}"
keycloak_port: "{{ jupyterhub['keycloak']['port'] }}"
keycloak_description: "{{ jupyterhub['keycloak']['description'] }}"
mysql_user: "{{ jupyterhub['mysql']['user'] }}"
mysql_password: "{{ jupyterhub['mysql']['password'] }}"
mysql_database: "{{ jupyterhub['mysql']['database'] }}"
mysql_bind_server: "{{ '127.0.0.1' if mysql['localhost'] else hostvars[jupyterhub['mysql']['bind_server']]['ansible_default_ipv4']['address'] }}"
proxy_server: "{{ hostvars[jupyterhub.proxy_server]['ansible_default_ipv4']['address'] }}"
proxy_authentication_token: "{{ jupyterhub['proxy_authentication_token'] }}"
......@@ -10,7 +10,7 @@
- import_role:
name: roles/mysql
vars:
bind_address: "{{ hostvars[mysql.bind_server]['ansible_default_ipv4']['address'] }}"
databases: "{{ mysql.databases }}"
users: "{{ mysql.users }}"
bind_address: "{{ '127.0.0.1' if mysql['localhost'] else hostvars[mysql['bind_server']]['ansible_default_ipv4']['address'] }}"
databases: "{{ mysql['databases'] }}"
users: "{{ mysql['users'] }}"
......@@ -33,8 +33,8 @@ defaults
errorfile 504 /etc/haproxy/errors/504.http
frontend ft_http
bind {{ ansible_default_ipv4.address }}:80
bind {{ ansible_default_ipv4.address }}:443 ssl crt {{ pem_file }}
bind {{ proxy_server }}:80
bind {{ proxy_server }}:443 ssl crt {{ pem_file }}
mode http
default_backend bk_http
......
......@@ -55,7 +55,9 @@
src: jupyterhub_config.py.j2
dest: "{{ conda_envs_dir }}/visa-jupyter/etc/jupyter/jupyterhub_config.py"
force: True
vars:
jupyterhub_server_ip: "{{ ansible_default_ipv4.address }}"
- name: remove jupyterhub cookie and database file if necessary
file:
path: "/tmp/jupyterhub/{{ item }}"
......
......@@ -121,10 +121,10 @@ for var in ("PYTHONHOME", "PYTHONPATH"):
# Use the sudo spawner for launching the server under a user name different than root
c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner'
c.JupyterHub.ip = "{{ ansible_default_ipv4.address}}"
c.JupyterHub.ip = "{{ ansible_host }}"
c.JupyterHub.port = {{ keycloak_port }}
{% if (mysql is defined) %}
{% if mysql_user is defined %}
c.JupyterHub.db_url = 'mysql+mysqlconnector://{}:{}@{}/{}{}'.format("{{ mysql_user }}","{{ mysql_password }}","{{ mysql_bind_server }}","{{ mysql_database }}","")
{% else %}
database = os.path.join(os.path.expanduser("~"),"jupyterhub.sqlite")
......@@ -141,8 +141,8 @@ c.JupyterHub.authenticator_class = KeycloakOAuthenticator
c.OAuthenticator.client_id = "{{ client_id }}"
c.OAuthenticator.client_secret = "{{ client_secret }}"
{% if (load_balancer is defined) %}
c.OAuthenticator.oauth_callback_url = "http://%s/hub/oauth_callback" % "{{ load_balancer }}"
{% if (proxy_server is defined) %}
c.OAuthenticator.oauth_callback_url = "http://%s/hub/oauth_callback" % "{{ proxy_server }}"
{% else %}
c.OAuthenticator.oauth_callback_url = "http://%s:%s/hub/oauth_callback" % (c.JupyterHub.ip,c.JupyterHub.port)
{% endif %}
......
......@@ -40,7 +40,7 @@ skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
{% if (bind_address is defined) %}
{% if bind_address is defined %}
bind-address = {{ bind_address }}
{% else %}
bind-address = 127.0.0.1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment