From d2fa510f82c2bc64fead53bba14deef72c771b81 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 13 Feb 2023 18:59:18 +0000 Subject: [PATCH] Add podman_site resource --- cookbooks/podman/attributes/default.rb | 1 + cookbooks/podman/metadata.rb | 1 + cookbooks/podman/recipes/apache.rb | 23 +++++ cookbooks/podman/resources/site.rb | 91 +++++++++++++++++++ cookbooks/podman/templates/default/apache.erb | 52 +++++++++++ 5 files changed, 168 insertions(+) create mode 100644 cookbooks/podman/attributes/default.rb create mode 100644 cookbooks/podman/recipes/apache.rb create mode 100644 cookbooks/podman/resources/site.rb create mode 100644 cookbooks/podman/templates/default/apache.erb diff --git a/cookbooks/podman/attributes/default.rb b/cookbooks/podman/attributes/default.rb new file mode 100644 index 000000000..0d4f407c4 --- /dev/null +++ b/cookbooks/podman/attributes/default.rb @@ -0,0 +1 @@ +default[:podman][:ports] = {} diff --git a/cookbooks/podman/metadata.rb b/cookbooks/podman/metadata.rb index e1039e85d..d44ad30bd 100644 --- a/cookbooks/podman/metadata.rb +++ b/cookbooks/podman/metadata.rb @@ -6,4 +6,5 @@ description "Installs and configures podman" version "1.0.0" supports "ubuntu" +depends "apache" depends "systemd" diff --git a/cookbooks/podman/recipes/apache.rb b/cookbooks/podman/recipes/apache.rb new file mode 100644 index 000000000..b63bfe4a8 --- /dev/null +++ b/cookbooks/podman/recipes/apache.rb @@ -0,0 +1,23 @@ +# +# Cookbook:: podman +# Recipe:: apache +# +# Copyright:: 2023, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "podman" +include_recipe "apache" + +apache_module "proxy_http" diff --git a/cookbooks/podman/resources/site.rb b/cookbooks/podman/resources/site.rb new file mode 100644 index 000000000..e0b0f8ce2 --- /dev/null +++ b/cookbooks/podman/resources/site.rb @@ -0,0 +1,91 @@ +# +# Cookbook:: podman +# Resource:: podman_site +# +# Copyright:: 2023, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "yaml" + +unified_mode true + +default_action :create + +property :site, String, :name_property => true +property :image, String, :required => true +property :port, Integer, :default => 8080 +property :aliases, :kind_of => Array, :default => [] + +action :create do + podman_service new_resource.site do + description "Container service for #{new_resource.site}" + image new_resource.image + ports external_port => new_resource.port + end + + ssl_certificate new_resource.site do + domains Array(new_resource.site) + new_resource.aliases + end + + apache_site new_resource.site do + cookbook "podman" + template "apache.erb" + variables :port => external_port, :aliases => new_resource.aliases + end +end + +action :delete do + apache_site new_resource.site do + action [:disable, :delete] + end + + podman_service new_resource.site do + action :delete + end + + node.rm_normal(:podman, :ports, new_resource.site) +end + +action_class do + def ports_file + "#{Chef::Config[:file_cache_path]}/podman-ports.yml" + end + + def ports + @ports ||= if ::File.exist?(ports_file) + YAML.safe_load(::File.read(ports_file)) + else + {} + end + end + + def external_port + unless ports.include?(new_resource.site) + port = 40000 + + port += 1 while ports.values.include?(port) + + ports[new_resource.site] = port + + ::File.write(ports_file, YAML.dump(ports)) + end + + ports[new_resource.site] + end +end + +def after_created + notifies :reload, "service[apache2]" +end diff --git a/cookbooks/podman/templates/default/apache.erb b/cookbooks/podman/templates/default/apache.erb new file mode 100644 index 000000000..3c1f510c2 --- /dev/null +++ b/cookbooks/podman/templates/default/apache.erb @@ -0,0 +1,52 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + +<% unless @aliases.empty? -%> + + + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + RedirectPermanent / https://<%= @name %>/ + +<% end -%> + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set X-Forwarded-Port "443" + + ProxyPass / http://localhost:<%= @port %>/ + ProxyPreserveHost on + -- 2.45.1