add cockroachdb support

2020-11-13 20:38:26 +01:00
3 changed files with 65 additions and 9 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -4,9 +4,16 @@ osp_git_commit: '0.7.9'
 osp_worker_start_port: 5000
 osp_worker_count: "{{ ansible_processor_nproc }}"

+osp_http_user: "http"
+osp_http_group: "http"
 osp_http_path: "/srv/http"

+osp_db_name: osp
+osp_db_user: osp
 osp_db_location: 'sqlite:///db/database.db'
+osp_db_type: "sqlite"
+#osp_db_type: "cockroachdb"
+osp_db_location_cockroachdb: "postgresql://{{ osp_db_user }}@localhost:26257/{{ osp_db_name }}?sslmode=require&sslrootcert=/etc/cockroach/ca.crt&sslcert=/etc/cockroach/client.{{ osp_db_user }}.crt&sslkey=/etc/cockroach/client.{{ osp_db_user }}.key"
 osp_secret_key: "{{ lookup('password', 'credentials/'+inventory_hostname+'/osp_secret_key length=8 chars=digits') }}"
 osp_password_salt: "{{ lookup('password', 'credentials/'+inventory_hostname+'/osp_password_salt length=8 chars=digits') }}"
 osp_allow_registration: yes
--- a/tasks/db_cockroachdb.yml
+++ b/tasks/db_cockroachdb.yml
@ -0,0 +1,46 @@
+- name: Install dependencies
+  package:
+    name: postgresql-libs
+
+- name: Install python cockroach requirements
+  pip:
+    virtualenv: /opt/osp-venv
+    name:
+      - sqlalchemy-cockroachdb
+
+- name: Create user
+  become: yes
+  command:
+    argv:
+      - cockroach
+      - sql
+      - --certs-dir=/etc/cockroach
+      - -e
+      - "CREATE DATABASE IF NOT EXISTS {{ osp_db_name }}; CREATE USER IF NOT EXISTS {{ osp_db_user}}; GRANT ALL ON DATABASE {{osp_db_name}} TO {{ osp_db_user }};"
+
+- name: Create client certs
+  become: yes
+  command:
+    argv:
+      - cockroach
+      - cert
+      - create-client
+      - "{{ osp_db_user }}"
+      - --certs-dir=/etc/cockroach
+      - --ca-key=/etc/cockroach/ca.key
+    creates: "/etc/cockroach/client.{{ osp_db_user }}.key"
+
+- name: check permission of certs
+  become: yes
+  file:
+    path: "/etc/cockroach/client.{{ osp_db_user }}.{{ item }}"
+    mode: "u=rwx,g=,o="
+    owner: "{{ osp_http_user }}"
+  loop:
+  - key
+  - crt
+
+- name: Set DB location
+  when: osp_db_location != "///db/database.db"
+  set_fact:
+    osp_db_location: "{{ osp_db_location_cockroachdb }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -95,8 +95,8 @@
 - name: Create www directory
  file:
    path: "{{osp_http_path }}/{{item}}"
-    owner: http
-    group: http
+    owner: "{{ osp_http_user }}"
+    group: "{{ osp_http_group }}"
    state: directory
  loop:
    - .
@ -112,7 +112,10 @@
    name: nginx
    state: started
    enabled: yes
-    
+
+- name: Database
+  include_tasks: db_cockroachdb.yml
+  when: osp_db_type == "cockroachdb"

 - name: Clone OSP repository
  git:
@ -128,15 +131,15 @@
 - name: Create cache directory
  file:
    path: /var/cache/osp
-    owner: http
-    group: http
+    owner: "{{ osp_http_user }}"
+    group: "{{ osp_http_group }}"
    state: directory

 - name: Create logging directory
  file:
    path: /var/log/osp
-    owner: http
-    group: http
+    owner: "{{ osp_http_user }}"
+    group: "{{ osp_http_group }}"
    state: directory

 - name: Configure osp
@ -155,8 +158,8 @@
 - name: Permissions for database
  file:
    path: "/opt/osp/{{ item }}"
-    owner: http
-    group: http
+    owner: "{{ osp_http_user }}"
+    group: "{{ osp_http_group }}"
    recurse: yes
  loop:
    - db