If you are using GitLab outside of the ILL, then you will need to use HTTPS and not SSH for clone/push/pull operations. If you are using the VPN, then SSH will work normally.

Commit bee368d4 authored by Eric Pellegrini's avatar Eric Pellegrini

updated mysql and load balancer roles

parent d57a2445
...@@ -295,6 +295,8 @@ ntp: ...@@ -295,6 +295,8 @@ ntp:
mysql: mysql:
localhost: False
bind_server: jhub-haproxy bind_server: jhub-haproxy
databases: databases:
...@@ -310,7 +312,13 @@ mysql: ...@@ -310,7 +312,13 @@ mysql:
# haproxy # haproxy
############################################# #############################################
haproxy: #############################################
# load_balancer
#############################################
load_balancer:
proxy_server: haproxy_server
pem_file: /etc/ssl/certs/star.ill.fr.pem pem_file: /etc/ssl/certs/star.ill.fr.pem
...@@ -324,6 +332,8 @@ jupyterhub: ...@@ -324,6 +332,8 @@ jupyterhub:
proxy_authentication_token: "{{ vault_proxy_authentication_token }}" proxy_authentication_token: "{{ vault_proxy_authentication_token }}"
proxy_server: "{{ load_balancer['proxy_server'] }}"
admin_users: admin_users:
- caunt - caunt
- hall - hall
...@@ -340,10 +350,9 @@ jupyterhub: ...@@ -340,10 +350,9 @@ jupyterhub:
description: "VISA jupyterhub" description: "VISA jupyterhub"
port: 8080 port: 8080
load_balancer: jhub-haproxy
mysql: mysql:
bind_server: "{{ mysql.bind_server }}" bind_server: "{{ mysql['bind_server'] }}"
database: "{{ mysql.databases.0 }}" database: "{{ mysql['databases'][0] }}"
user: "{{ mysql.users.0.name }}" user: "{{ mysql['users'][0]['name'] }}"
password: "{{ mysql.users.0.password }}" password: "{{ mysql['users'][0]['password'] }}"
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
name: roles/haproxy name: roles/haproxy
vars: vars:
temp: "{{ groups['jhub_servers'] | map('extract',hostvars,['ansible_default_ipv4','address']) | list }}" temp: "{{ groups['jhub_servers'] | map('extract',hostvars,['ansible_default_ipv4','address']) | list }}"
balanced_servers: "{{ temp | map('string_postfix',':'+(jupyterhub.keycloak.port | string)) | list }}" balanced_servers: "{{ temp | map('string_postfix',':'+(jupyterhub['keycloak']['port'] | string)) | list }}"
pem_file: "{{ haproxy.pem_file }}" proxy_server: "{{ hostvars[load_balancer['proxy_server']]['ansible_default_ipv4']['address'] }}"
pem_file: "{{ load_balancer['pem_file'] }}"
...@@ -10,19 +10,19 @@ ...@@ -10,19 +10,19 @@
- import_role: - import_role:
name: roles/jupyterhub name: roles/jupyterhub
vars: vars:
conda_install_dir: "{{ ansible_env.HOME }}/conda" admin_users: "{{ jupyterhub['admin_users'] }}"
admin_users: "{{ jupyterhub.admin_users }}" conda_install_dir: "{{ ansible_env['HOME'] }}/conda"
keycloak_url: "{{ jupyterhub.keycloak.url }}" cookie_secret: "{{ jupyterhub['cookie_secret'] }}"
keycloak_admin: "{{ jupyterhub.keycloak.admin }}" keycloak_url: "{{ jupyterhub['keycloak']['url'] }}"
keycloak_admin_password: "{{ jupyterhub.keycloak.password }}" keycloak_admin: "{{ jupyterhub['keycloak']['admin'] }}"
keycloak_realm_name: "{{ jupyterhub.keycloak.realm_name }}" keycloak_admin_password: "{{ jupyterhub['keycloak']['password'] }}"
keycloak_port: "{{ jupyterhub.keycloak.port }}" keycloak_realm_name: "{{ jupyterhub['keycloak']['realm_name'] }}"
keycloak_description: "{{ jupyterhub.keycloak.description }}" keycloak_port: "{{ jupyterhub['keycloak']['port'] }}"
load_balancer: "{{ hostvars[jupyterhub.load_balancer]['ansible_default_ipv4']['address'] }}" keycloak_description: "{{ jupyterhub['keycloak']['description'] }}"
mysql_user: "{{ jupyterhub.mysql.user }}" mysql_user: "{{ jupyterhub['mysql']['user'] }}"
mysql_password: "{{ jupyterhub.mysql.password }}" mysql_password: "{{ jupyterhub['mysql']['password'] }}"
mysql_database: "{{ jupyterhub.mysql.database }}" mysql_database: "{{ jupyterhub['mysql']['database'] }}"
mysql_bind_server: "{{ hostvars[jupyterhub.mysql.bind_server]['ansible_default_ipv4']['address'] }}" mysql_bind_server: "{{ '127.0.0.1' if mysql['localhost'] else hostvars[jupyterhub['mysql']['bind_server']]['ansible_default_ipv4']['address'] }}"
cookie_secret: "{{ jupyterhub.cookie_secret }}" proxy_server: "{{ hostvars[jupyterhub.proxy_server]['ansible_default_ipv4']['address'] }}"
proxy_authentication_token: "{{ jupyterhub.proxy_authentication_token }}" proxy_authentication_token: "{{ jupyterhub['proxy_authentication_token'] }}"
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
- import_role: - import_role:
name: roles/mysql name: roles/mysql
vars: vars:
bind_address: "{{ hostvars[mysql.bind_server]['ansible_default_ipv4']['address'] }}" bind_address: "{{ '127.0.0.1' if mysql['localhost'] else hostvars[mysql['bind_server']]['ansible_default_ipv4']['address'] }}"
databases: "{{ mysql.databases }}" databases: "{{ mysql['databases'] }}"
users: "{{ mysql.users }}" users: "{{ mysql['users'] }}"
...@@ -33,8 +33,8 @@ defaults ...@@ -33,8 +33,8 @@ defaults
errorfile 504 /etc/haproxy/errors/504.http errorfile 504 /etc/haproxy/errors/504.http
frontend ft_http frontend ft_http
bind {{ ansible_default_ipv4.address }}:80 bind {{ proxy_server }}:80
bind {{ ansible_default_ipv4.address }}:443 ssl crt {{ pem_file }} bind {{ proxy_server }}:443 ssl crt {{ pem_file }}
mode http mode http
default_backend bk_http default_backend bk_http
......
...@@ -55,7 +55,9 @@ ...@@ -55,7 +55,9 @@
src: jupyterhub_config.py.j2 src: jupyterhub_config.py.j2
dest: "{{ conda_envs_dir }}/visa-jupyter/etc/jupyter/jupyterhub_config.py" dest: "{{ conda_envs_dir }}/visa-jupyter/etc/jupyter/jupyterhub_config.py"
force: True force: True
vars:
jupyterhub_server_ip: "{{ ansible_default_ipv4.address }}"
- name: remove jupyterhub cookie and database file if necessary - name: remove jupyterhub cookie and database file if necessary
file: file:
path: "/tmp/jupyterhub/{{ item }}" path: "/tmp/jupyterhub/{{ item }}"
......
...@@ -121,10 +121,10 @@ for var in ("PYTHONHOME", "PYTHONPATH"): ...@@ -121,10 +121,10 @@ for var in ("PYTHONHOME", "PYTHONPATH"):
# Use the sudo spawner for launching the server under a user name different than root # Use the sudo spawner for launching the server under a user name different than root
c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner' c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner'
c.JupyterHub.ip = "{{ ansible_default_ipv4.address}}" c.JupyterHub.ip = "{{ ansible_host }}"
c.JupyterHub.port = {{ keycloak_port }} c.JupyterHub.port = {{ keycloak_port }}
{% if (mysql is defined) %} {% if mysql_user is defined %}
c.JupyterHub.db_url = 'mysql+mysqlconnector://{}:{}@{}/{}{}'.format("{{ mysql_user }}","{{ mysql_password }}","{{ mysql_bind_server }}","{{ mysql_database }}","") c.JupyterHub.db_url = 'mysql+mysqlconnector://{}:{}@{}/{}{}'.format("{{ mysql_user }}","{{ mysql_password }}","{{ mysql_bind_server }}","{{ mysql_database }}","")
{% else %} {% else %}
database = os.path.join(os.path.expanduser("~"),"jupyterhub.sqlite") database = os.path.join(os.path.expanduser("~"),"jupyterhub.sqlite")
...@@ -141,8 +141,8 @@ c.JupyterHub.authenticator_class = KeycloakOAuthenticator ...@@ -141,8 +141,8 @@ c.JupyterHub.authenticator_class = KeycloakOAuthenticator
c.OAuthenticator.client_id = "{{ client_id }}" c.OAuthenticator.client_id = "{{ client_id }}"
c.OAuthenticator.client_secret = "{{ client_secret }}" c.OAuthenticator.client_secret = "{{ client_secret }}"
{% if (load_balancer is defined) %} {% if (proxy_server is defined) %}
c.OAuthenticator.oauth_callback_url = "http://%s/hub/oauth_callback" % "{{ load_balancer }}" c.OAuthenticator.oauth_callback_url = "http://%s/hub/oauth_callback" % "{{ proxy_server }}"
{% else %} {% else %}
c.OAuthenticator.oauth_callback_url = "http://%s:%s/hub/oauth_callback" % (c.JupyterHub.ip,c.JupyterHub.port) c.OAuthenticator.oauth_callback_url = "http://%s:%s/hub/oauth_callback" % (c.JupyterHub.ip,c.JupyterHub.port)
{% endif %} {% endif %}
......
...@@ -40,7 +40,7 @@ skip-external-locking ...@@ -40,7 +40,7 @@ skip-external-locking
# #
# Instead of skip-networking the default is now to listen only on # Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure. # localhost which is more compatible and is not less secure.
{% if (bind_address is defined) %} {% if bind_address is defined %}
bind-address = {{ bind_address }} bind-address = {{ bind_address }}
{% else %} {% else %}
bind-address = 127.0.0.1 bind-address = 127.0.0.1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment