diff --git a/CHANGELOG.md b/CHANGELOG.md index fac1c60..941f165 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,4 +2,8 @@ ## 1.0.0 -* Initial Release \ No newline at end of file +* Initial Release + +## 1.1.0 + +* Removed 'enbewe.uffd.build' role in favor of proper image build diff --git a/README.md b/README.md index 313ac75..1606537 100644 --- a/README.md +++ b/README.md @@ -2,31 +2,10 @@ Collecion to deploy [uffd (**U**ser**F**erwaltungs**F**ronten**d**)](https://git.cccv.de/uffd/uffd) as OAuth/OIDC authentication service. ## Playbooks -### enbewe.uffd.build -Deploys the role `enbewe.uffd.build` to all hosts of the `uffd` group. - ### enbewe.uffd.deploy Deploys the role `enbewe.uffd.uffd` to all hosts of the `uffd` group. ## Roles -### enbewe.uffd.build -Creates the current image of uffd. The image is tagged with the current timestamp as well as 'latest'. -This role could probably replaced by some build- and publishing job. - -#### Optional Variables - -**build_uffd_tempdir** *(Default: '/tmp/podman-uffd-build')* -Path to use for building the uffd OCI container in. This path will be created as needed and removed again afterwards. - -**build_uffd_debian_version** *(Default: 'bullseye')* -The debian version name to use for the uffd container. - -**build_uffd_force_rebuild** *(Default: false)* -Flag to force the reduilding of the uffd container even if it already exists. - -**build_uffd_tag_latest** *(Default: true)* -Flag to disable tagging the built image as `latest`. - ### enbewe.uffd.uffd Deploys uffd through a podman container. Additionally deploys an nginx container as a HTTP server for static files as well as uWSGI proxy. diff --git a/galaxy.yml b/galaxy.yml index 4519466..bfd4286 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'enbewe' name: 'uffd' # The version of the collection. Must be compatible with semantic versioning -version: '1.0.0' +version: '1.1.0' # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' diff --git a/playbooks/build.yml b/playbooks/build.yml deleted file mode 100644 index b63f341..0000000 --- a/playbooks/build.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: 'Build local uffd image' - hosts: 'uffd' - roles: - - 'enbewe.uffd.build' diff --git a/roles/build/defaults/main.yml b/roles/build/defaults/main.yml deleted file mode 100644 index 92b1a4f..0000000 --- a/roles/build/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -build_uffd_tempdir: '/tmp/podman-uffd-build' -# We build with Debian bullseye, even though bookworm is out. -# uffd throws some errors with bookworm python, so some programs fail -build_uffd_debian_version: 'bullseye' -build_uffd_force_rebuild: false -build_uffd_tag_latest: true -build_uffd_package_name: '{{ lookup("ansible.builtin.fileglob", "uffd_*.deb") | basename }}' diff --git a/roles/build/files/cccv-archive-key.asc b/roles/build/files/cccv-archive-key.asc deleted file mode 100644 index 1dc3423..0000000 --- a/roles/build/files/cccv-archive-key.asc +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBGEXIFwBDADRhAYP8td+AVcnbMkswu3SaF1FzqVldwQSHA0tVXpAw7wUtE9s -QEnbLE3cD//SEMQGzwr8LsMpnuWImcS5nk9gIc5p9M076tgyAeS4NFzbvaIpOZJL -V0VK2Q+o6fyaAriY5lb88pU3cR6uTJInwR5MgEki7RLCIjOPW/Nzvw8LdBhgtbJv -jW04IPI1gAiqSfPCjXY8z81JOSLhsk1ED8zrJ/kTWm4yIBbVLMhFu7Snz9UbbF2n -40dA9VydoxlVdjzH+AM7+Ga8FTYu4UivGO+5WFp+iWcoXLqmECSvW+H+Evy8ES9M -7QIkgGTXWsL3YrjrxcwOAu/dXhQVV9woDXWWQRwILNG2poSLUjmVuXMPKnofJpMO -34+n3dvaiPTp31YxTWhOSXdbO3e6Abpd+PKoXqaRy/HrulBuBRf+5/edDKLNVUC/ -tPqs61AL9cw6Jxx1vFdmmZm6RWK2CgVWPc9e3GPGfbZYuUBgOphhkJ+3yXRcc1sN -VRyc3Ve87OG6GiUAEQEAAbQgcGFja2FnZXMuY2Njdi5kZSA8aW5mcmFAY2Njdi5k -ZT6JAdQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRVPlzDYknN -/1ubu7WpKBpvpuSJcQUCZPjPbAUJDUdK5QAKCRCpKBpvpuSJcVuFC/45TV/8Dvt8 -VTS2yoFUjpy0las7qm0fPNkazSVpMhQkxcEz/LysEr5sbc0jZIQZ1zD+rm0RfahM -g7vytTs/xqplgmIXOEPub6CPr+G1ZHgU5pHAc2DqFUR4z3pp37RNtFuhi0TyK0Pp -qVJgAg6/Hf9dkEIwI5orUTTDWhAvxz7wo7/3tb4fqkrWk/Fp0qM8kMEjYyh9/PSb -V4HfhJauXxzBx8T/Wc7TveGyRGVMYH29bK0SssDDvzGJD3Mxd/dXV4JYTk8sw//k -zQwN3lZ7SfsZR5rddRr/BpghdR1k451FdCj9iWF3v3p1TwN93AL6TQ6AF2aFykkB -1JWxockDlGrlRkk+0WiEOYvDUaBo3ppz4QhrO8TFrluGyifv2BNSFMKHdhkvF2IE -DRQles45+CmhgPxVw7qc69pLsXRxN/0BE5P6wNl8DGnk2ZYDlYW/vcosHYbeeRCp -OUpsKF6OSHXjCfMObuG6wYulFhMqrDHtLiD0e6fxWjATqoj+F6TX7Te5AY0EYRcg -XAEMAKNhLd8nN2AYPdqn/9OfTzXOFEoHMGFKVH9E9LRFEp7SXI0Phr+2gPsBEP13 -In0dGbvABRvywtTRih+3Jg/5QxyEDcVB0bbWK44XZLmShm9TYmJSqrW8sgOh2Nqi -2LcGroWg2crrd6t+HDmXFZVtiBRy/5Y7s5mqTM/byEvMnReczeTSlwmJHNLTOmME -tganIwmQxfbit99gxjjoz/sGqVxf59/Ytq8P6J+3LMt9ApmPFgK6wB0BAtTJGaOJ -rgSIVdNQ082laXQlHXKMguVKk8ivErzwsCs7ukxSVhIvfwgbM7WZfdM7l6h1ZhDr -mBBGGj+9Ag0mPHF3ycrh9fW43r8KYONbzQq0xtsE+WeOKPaFhMQ/dwv6d4Sn0gTV -crV++l6ut1DLlGHCZtSsB0z1LBUu4jMvpHwVfCeqZ4f5Al27oUhjTh3eoe184+VG -/M3nkh9C1wyvLBFo69AS+9VQSwnsWu/CXnWrzPZeX0KmbezNeNvwCbYgXIrEEWhy -XJgYLQARAQABiQG8BBgBCAAmAhsMFiEEVT5cw2JJzf9bm7u1qSgab6bkiXEFAmT4 -z18FCQ1HSukACgkQqSgab6bkiXFVagv+LFrGoHKm4woVvlWHWfanok/YsPyGFsvL -Ogz6U0nhRB5f3wSq9kl0t1esdyNsFGfz+E0fCzyAyML6dBzKv9uHp2+TtcdKLTQ1 -kSo/JdbMsva+/e8Y9OHmmv7pAFatLln7XXwa2cPiFRg0VkOQgByR1yEiGAyMIYL8 -VLAqdE6fywGLXE5k91+XZCFqKu90+XrtiJo2xy4RQ8C5u2WQWI0k5V/oGgTxOh/J -uhXzmU1Goeie4ukjZYdzwZjzzm2vY9LWfZRaRtkJ0itxNezYCtWEOKHvto5PqtT4 -thSsNuC9qQruh3itVykI7lZ9yxkOyuzqjFGKQDNcUlvnZHqdoKuW121/cgMXbAvz -HWHdY4cbc74obm8V8Gx4dX/GNFL868twzMVoBoEgQVA1PURz5Xu73RvWcBpOpYj0 -GP3nLdP3s2J9rAhrzS6K+MIHeEUnPi1MavRd4bROpnbJ32yvkSGWR55mWCpdCepj -JRWMzY9EoBOHB1PubZuzUNIUQeui1vyX -=uRc5 ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/roles/build/files/entrypoint.sh b/roles/build/files/entrypoint.sh deleted file mode 100644 index 6266dfa..0000000 --- a/roles/build/files/entrypoint.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -echo "Copying static files ..." -cp -r /usr/share/uffd/uffd/static /var/www/uffd - -db_ready="false" -count=0 -while [ $count -lt 4 ] && [ "$db_ready" != "true" ] ;do - if uffd-admin db current >> /dev/null 2>&1 ;then - db_ready="true" - else - echo "Waiting for db to become ready..." - ((duration=2**$count)) - sleep $duration - ((count=$count+1)) - fi -done - -if [ "$db_ready" == "true" ] ;then - echo "Running datbase migrations ..." - uffd-admin db upgrade - - if [ -n "$UFFD_INITIAL_ADMIN_PW" ] && [ "$(uffd-admin user list)" == "" ]; then - echo "Creating groups and roles for initial admin user ..." - if ! uffd-admin group show 'uffd_admin' >> /dev/null 2>&1 ;then - uffd-admin group create 'uffd_admin' - fi - if ! uffd-admin group show 'uffd_access' >> /dev/null 2>&1 ;then - uffd-admin group create 'uffd_access' - fi - if ! uffd-admin role show 'uffd_admin' >> /dev/null 2>&1 ;then - uffd-admin role create 'uffd_admin' --add-group 'uffd_admin' --add-group 'uffd_access' - fi - if [ -z "$UFFD_INITIAL_ADMIN_USER" ] ;then - UFFD_INITIAL_ADMIN_USER='uffd_admin' - fi - if [ -z "$UFFD_INITIAL_ADMIN_MAIL" ] ;then - UFFD_INITIAL_ADMIN_MAIL='uffd_admin@localhost' - fi - echo "Creating initial admin user ..." - uffd-admin user create "$UFFD_INITIAL_ADMIN_USER" --password "$UFFD_INITIAL_ADMIN_PW" --mail "$UFFD_INITIAL_ADMIN_MAIL" --add-role 'uffd_admin' - fi -else - echo "WARNING: Database is not ready yet, skipping migration and initialization" -fi - -echo "Starting server ..." -runuser --preserve-environment -u uffd -- \ - uwsgi --ini /etc/uwsgi/apps-enabled/uffd.ini --socket 0.0.0.0:3031 --master --stats 0.0.0.0:9191 diff --git a/roles/build/files/uffd_2.3.1+git20241021T122809-98fe5690_all.deb b/roles/build/files/uffd_2.3.1+git20241021T122809-98fe5690_all.deb deleted file mode 100644 index 422f62e..0000000 Binary files a/roles/build/files/uffd_2.3.1+git20241021T122809-98fe5690_all.deb and /dev/null differ diff --git a/roles/build/tasks/main.yml b/roles/build/tasks/main.yml deleted file mode 100644 index 5c991c3..0000000 --- a/roles/build/tasks/main.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -- name: 'Install required software' - become: true - ansible.builtin.apt: - name: 'podman' - state: 'present' - -# Build image to run uffd in -- name: 'Create temporary build directory' - become: true - ansible.builtin.file: - path: '{{ build_uffd_tempdir }}' - state: 'directory' - mode: 'u=rwx,g=rx,o=rx' - -- name: 'Copy static files for image' - become: true - ansible.builtin.copy: - src: '{{ item.file }}' - dest: '{{ build_uffd_tempdir }}/{{ item.file }}' - owner: 'root' - group: 'root' - mode: '{{ item.mode }}' - loop: - - file: 'cccv-archive-key.asc' - mode: 'u=rw,g=r,o=r' - - file: 'entrypoint.sh' - mode: 'u=rwx,g=rx,o=rx' - - file: '{{ build_uffd_package_name }}' - mode: 'u=rw,g=r,o=r' - -- name: 'Copy templates for image' - become: true - ansible.builtin.template: - src: '{{ item.file }}' - dest: '{{ build_uffd_tempdir }}/{{ item.file }}' - owner: 'root' - group: 'root' - mode: '{{ item.mode }}' - loop: - - file: 'cccv-archive.list' - mode: 'u=rw,g=r,o=r' - - file: 'Containerfile' - mode: 'u=rw,g=r,o=r' - -- name: 'Create recent uffd image' - become: true - containers.podman.podman_image: - build: - cache: false - force_rm: true - rm: true - pull: false - push: false - force: '{{ build_uffd_force_rebuild }}' - name: 'uffd' - path: '{{ build_uffd_tempdir }}' - tag: '{{ ansible_date_time.iso8601_basic_short }}' - register: 'created_image_data' - -- name: 'Tag image as latest' - when: 'build_uffd_tag_latest' - become: true - containers.podman.podman_tag: - image: '{{ created_image_data.image[0].NamesHistory[0] }}' - target_names: - - 'uffd:latest' - register: 'created_image_data' - -- name: 'Cleanup temporary build directory' - become: true - ansible.builtin.file: - state: 'absent' - path: '{{ build_uffd_tempdir }}' diff --git a/roles/build/templates/Containerfile b/roles/build/templates/Containerfile deleted file mode 100644 index 2104ded..0000000 --- a/roles/build/templates/Containerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM docker.io/library/debian:{{ build_uffd_debian_version }}-slim -# Disable interactivity for debconf -ENV DEBIAN_FRONTEND=noninteractive -# Configure uwsgi parameters for running uffd as an app in there -ENV UWSGI_DEB_CONFNAMESPACE="app" -ENV UWSGI_DEB_CONFNAME="uffd" -# Prepare the package sources and install needed software -RUN apt-get -qq update && \ - apt-get -qq dist-upgrade && \ - apt-get -qq install ca-certificates -# Place the pacakge sources data in the image to download uffd -COPY cccv-archive-key.asc /etc/apt/trusted.gpg.d/ -COPY cccv-archive.list /etc/apt/sources.list.d/ -COPY {{ build_uffd_package_name }} /tmp/ - -# Install uffd from (new) package sources -RUN apt-get -qq update && \ - apt-get -qq install --no-install-recommends /tmp/{{ build_uffd_package_name }} && \ -# Create a "new" config from the inital config without the preset secret key - cat /etc/uffd/uffd.cfg | grep -v "SECRET_KEY=" > /etc/uffd/uffd.cfg.tmp && \ - mv /etc/uffd/uffd.cfg.tmp /etc/uffd/uffd.cfg && \ -# Create the needed paths for the app - mkdir --parents /var/www/uffd && \ - mkdir -p /run/uwsgi/app/uffd && \ - chown root:uffd /var/www/uffd - -COPY entrypoint.sh /entrypoint.sh - -USER uffd -USER root - -# Uffd application is exposed on port 3031 -EXPOSE 3031/tcp -# Statistics are exposed on port 9191 -EXPOSE 9191/tcp - -CMD bash /entrypoint.sh - -LABEL project="https://git.cccv.de/uffd/uffd" diff --git a/roles/build/templates/cccv-archive.list b/roles/build/templates/cccv-archive.list deleted file mode 100644 index f1acd9a..0000000 --- a/roles/build/templates/cccv-archive.list +++ /dev/null @@ -1 +0,0 @@ -deb [signed-by=/etc/apt/trusted.gpg.d/cccv-archive-key.asc] https://packages.cccv.de/uffd {{ build_uffd_debian_version }} main