Add EL distro support and ssl configuration for DB connection

This adds variables to pass the role for EL distros. While skyline_galera_use_ssl was added to role defaults, it was actually never used in template, which leads to the role failure when TLS is required by MariaDB. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/859446 Change-Id: I5633d906b0fe8f2c71384afde60b2c62b8e8e98b
2024-03-11 10:31:20 +01:00 · 2024-03-11 10:31:20 +01:00 · 4287079a5a
commit 4287079a5a
parent f7ee91f5bf
5 changed files with 43 additions and 3 deletions
--- a/tasks/skyline_post_install.yml
+++ b/tasks/skyline_post_install.yml
@ -68,9 +68,17 @@
 - name: Create nginx config
  template:
    src: "nginx.conf.j2"
-    dest: "/etc/nginx/sites-enabled/skyline.conf"
+    dest: "/etc/nginx/sites-available/skyline.conf"
    owner: "root"
    group: "root"
    mode: "0644"
  notify:
-    - Restart skyline services
+    - Restart web server
+
+- name: Enable skyline site
+  file:
+    src: "/etc/nginx/sites-available/skyline.conf"
+    dest: "{{ skyline_nginx_vhost_enable_path }}/skyline.conf"
+    state: "link"
+  notify:
+    - Restart web server
--- a/tasks/skyline_pre_install.yml
+++ b/tasks/skyline_pre_install.yml
@ -47,3 +47,6 @@
      mode: "0700"
    - path: "{{ skyline_system_user_home }}"
    - path: "/var/log/skyline"
+    - path: "/etc/nginx/sites-available"
+      owner: root
+      group: root
--- a/templates/skyline.yaml.j2
+++ b/templates/skyline.yaml.j2
@ -2,7 +2,7 @@ default:
  access_token_expire: 3600
  access_token_renew: 1800
  cors_allow_origins: []
-  database_url: mysql://{{ skyline_galera_user }}:{{ skyline_galera_password }}@{{ skyline_galera_address }}/{{ skyline_galera_database }}
+  database_url: mysql://{{ skyline_galera_user }}:{{ skyline_galera_password }}@{{ skyline_galera_address }}/{{ skyline_galera_database }}?charset=utf8{% if skyline_galera_use_ssl | bool %}&ssl_verify_cert=true{% if skyline_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ skyline_galera_ssl_ca_cert }}{% endif %}{% endif +%}
  debug: {{ skyline_debug }}
  log_dir: /var/log/skyline
  prometheus_basic_auth_password: "{{ skyline_prometheus_basic_auth_password }}"
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -23,5 +23,6 @@ skyline_distro_packages:
 - nginx

 skyline_system_service_name: nginx
+skyline_nginx_vhost_enable_path: /etc/nginx/sites-enabled

 skyline_devel_distro_packages: []
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -0,0 +1,28 @@
+---
+# Copyright 2024, Cleura AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+## APT Cache options
+cache_timeout: 600
+
+# Common apt packages
+skyline_distro_packages:
+ - git
+ - nginx
+
+skyline_system_service_name: nginx
+skyline_nginx_vhost_enable_path: /etc/nginx/conf.d
+
+skyline_devel_distro_packages: []