commit 9cacca7e1808aca56bc293049b524d31acdd0d12
parent 8070db49ac9c6865f6d22775834013d6feb6d989
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 21 Feb 2021 16:26:25 +0100
parent 8070db49ac9c6865f6d22775834013d6feb6d989
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 21 Feb 2021 16:26:25 +0100
roles/influxdb: add nginx options, add systemd.service override
5 files changed, 91 insertions(+), 2 deletions(-)
diff --git a/roles/influxdb/files/service-override.conf b/roles/influxdb/files/service-override.conf @@ -0,0 +1,6 @@ +# +# !!! This file is managed by Ansible !!! +# + +[Service] +ExecStartPost=/bin/sh -c 'until nc -z 127.0.0.1 8086; do sleep 0.2; done'+ \ No newline at end of file
diff --git a/roles/influxdb/tasks/checks.yml b/roles/influxdb/tasks/checks.yml @@ -1,11 +1,30 @@ --- +- fail: msg="Nginx role has to be enabled when using nginx options!" + when: + - services.influxdb.nginx.enable is true + - services.nginx.enable is false + - fail: msg="Option 'services.influxdb.nginx.domain' has to be set when using nginx!" when: - services.influxdb.nginx.enable is defined - services.influxdb.nginx.enable is true - services.influxdb.nginx.domain is not defined +- fail: msg="Option 'services.influxdb.nginx.enableBasicAuth' has to be set when using nginx!" + when: + - services.influxdb.nginx.enable is defined + - services.influxdb.nginx.enable is true + - services.influxdb.nginx.enableBasicAuth is not defined + +- fail: msg="Option 'services.influxdb.nginx.basicAuthFileContent' has to be set when using option 'services.influxdb.nginx.enableBasicAuth'!" + when: + - services.influxdb.nginx.enable is defined + - services.influxdb.nginx.enable is true + - services.influxdb.nginx.enableBasicAuth is defined + - services.influxdb.nginx.enableBasicAuth is true + - services.influxdb.nginx.basicAuthFileContent is not defined + - fail: msg="Option 'services.influxdb.nginx.sslOnly' has to be set when using nginx!" when: - services.influxdb.nginx.enable is defined
diff --git a/roles/influxdb/tasks/install.yml b/roles/influxdb/tasks/install.yml @@ -19,3 +19,18 @@ when: - ansible_distribution == "Archlinux" +- name: "Create directory: /etc/systemd/system/influxdb.service.d" + file: + state: directory + dest: /etc/systemd/system/influxdb.service.d + mode: 0755 + when: + - ansible_service_mgr == "systemd" + +- name: Create systemd.service override for influxdb + copy: + src: service-override.conf + dest: /etc/systemd/system/influxdb.service.d/override.conf + mode: 0755 + when: + - ansible_service_mgr == "systemd"
diff --git a/roles/influxdb/tasks/nginx.yml b/roles/influxdb/tasks/nginx.yml @@ -1,5 +1,15 @@ --- +- name: "Create file: /etc/nginx/passwd/influxdb" + copy: + content: "{{ services.influxdb.nginx.basicAuthFileContent }}" + dest: /etc/nginx/passwd/influxdb + mode: 0600 + owner: nginx + group: nginx + when: + - services.influxdb.nginx.basicAuthFileContent is defined + - name: "[nginx] Create vhost" template: src: nginx-vhost.conf.j2
diff --git a/roles/influxdb/templates/nginx-vhost.conf.j2 b/roles/influxdb/templates/nginx-vhost.conf.j2 @@ -10,7 +10,26 @@ server { server_name {{ services.influxdb.nginx.domain }}; location / { - proxy_pass http://localhost:8086/; + {% if services.influxdb.nginx.enableBasicAuth is true %} + auth_basic 'Needs Autherization'; + auth_basic_user_file /etc/nginx/passwd/influxdb; + {% endif %} + + proxy_pass http://127.0.0.1:8086/; + proxy_redirect default; + proxy_http_version 1.1; + proxy_set_header Connection ''; + proxy_set_header Authorization ''; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_max_temp_file_size 0; + proxy_connect_timeout 240; + proxy_send_timeout 240; + proxy_read_timeout 240; + expires -1; + add_header Cache-Control private; } } @@ -27,7 +46,26 @@ server { server_name {{ services.influxdb.nginx.domain }}; location / { - proxy_pass http://localhost:8086/; + {% if services.influxdb.nginx.enableBasicAuth is true %} + auth_basic 'Needs Autherization'; + auth_basic_user_file /etc/nginx/passwd/influxdb; + {% endif %} + + proxy_pass http://127.0.0.1:8086/; + proxy_redirect default; + proxy_http_version 1.1; + proxy_set_header Connection ''; + proxy_set_header Authorization ''; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_max_temp_file_size 0; + proxy_connect_timeout 240; + proxy_send_timeout 240; + proxy_read_timeout 240; + expires -1; + add_header Cache-Control private; } } {% endif %}