Add ansible-playbook example (#25)

danilapog · web-flow · commit a9ac7c40ff2b · 2022-10-18T17:42:13.000+03:00
* Add ansible proxy description

* Fix spaces typo

* Add proxy to upstream

* Add some descriptions

* Small fix

* Small fix

* Add molecule tests

* Add molecule tests folder

* Readme small changes

* Add extra-vars for correct testing

* Add test action

* Refactoring code

* Fix upper case syntax error

* Remove nginx install from prepare stage

* Refactoring code

* Fix typo

* Add tests status bage

* Add status bage

* Set remove default vhost

* Change nginx package name

* Move description in separate file

* Change the installation order of roles

* Add ds_port variable

* Remove centos tests

* Refactoring tests

* Add preinstall nginx-extras

* Fix typo

* Enable centos tests

* Refactoring code

* Fix centos tests

* Add task for check dirs

* Add debug

* Refactoring

* Fix centos port settup

* Enable another distributions

* Update playbook nginx config

* Remove extra configs

* Refactoring molecule test

* Refacoring testing virtual path

* Change ci-tests triggers

* Fix useless changes

* Refactoring

* Refactoring ansible proxy config

* Some readme changes

* Set 1 file convegre

* Remove overhead converge file

* Remove file

* Fix typo

* Fix spaces

* Change port number

* Refactoring code

* Fix typo

* Refactoring readme

* Refactor: refactoring readme file
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,52 @@
+---
+name: Test
+'on':
+  push: 
+    branches: 
+      - 'feature/*'
+      - 'butfix/*'
+      - 'master'
+
+defaults:
+  run:
+    working-directory: 'document-server-proxy/tests/nginx'
+
+jobs:
+
+  molecule:
+    name: Molecule test on
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        distro:
+          - centos7
+          - centos8
+          - debian9
+          - debian10
+          - debian11
+          - ubuntu1604
+          - ubuntu1804
+          - ubuntu2004
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+        with:
+          path: 'document-server-proxy'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install ansible molecule[lint,docker] docker yamllint ansible-lint
+
+      - name: Run Molecule tests.
+        run: molecule test
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_NO_LOG: 'false'
+          MOLECULE_DISTRO: ${{ matrix.distro }}
diff --git a/README.md b/README.md
@@ -1,5 +1,6 @@
 # ONLYOFFICE Document Server example configurations for proxy
 
+[![Config Test](https://github.com/ONLYOFFICE/document-server-proxy/actions/workflows/ci.yml/badge.svg)](https://github.com/ONLYOFFICE/document-server-proxy/actions/workflows/ci.yml)
 [![Build Status](https://travis-ci.org/ONLYOFFICE/document-server-proxy.svg?branch=master)](https://travis-ci.org/ONLYOFFICE/document-server-proxy)
 
 This reposotory contains the configuration files for the web-servers to proxy traffic to the ONLYOFFICE DocumentServer.
diff --git a/nginx/ansible/README.md b/nginx/ansible/README.md
@@ -0,0 +1,29 @@
+## Virtual path ansible-playbook
+
+To install a DocumentServer into a virtual directory behind nginx proxy with Ansible, you need to follow a few steps:  
+
+### Step 1 
+
+Install Ansible if it is not already installed, installation instructions can be found [here](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
+
+### Step 2 
+
+Clone this repository on your local machine with the command: 
+
+```bash
+git clone https://github.com/ONLYOFFICE/document-server-proxy.git
+```
+
+### Step 3 
+
+Navigate to the cloned repository to the `document-server-proxy/nginx/ansible` directory.
+
+### Step 4 
+
+Make your [ansible inventory file](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html) and execute the ansible playbook with the command:
+
+```bash 
+ansible-playbook -i <inventory_file_name> virtual-path-playbook.yaml
+```
+
+Note: Inside the `virtual-path-playbook.yaml` you can also override the port variable on which the DocumentServer will be run. `9378` is used by default.
diff --git a/nginx/ansible/virtual-path-playbook.yaml b/nginx/ansible/virtual-path-playbook.yaml
@@ -0,0 +1,83 @@
+- hosts: all
+
+  vars:
+    nginx_package_name: "nginx"
+    ds_port: 9378
+
+    nginx_vhosts:
+      - listen: "80 default_server"
+        server_name: “”
+        server_tokens: "off"
+        template: "{{ nginx_vhost_template }}"
+        filename: "onlyoffice.conf"
+        extra_parameters: |
+          location /ds_path/ {
+              proxy_set_header Upgrade $http_upgrade;
+              proxy_set_header Connection $proxy_connection;
+              proxy_set_header X-Forwarded-Host $the_host/ds_path;
+              proxy_set_header X-Forwarded-Proto $the_scheme;
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
+
+              proxy_pass http://localhost:{{ ds_port }}/;
+              proxy_http_version 1.1;
+          }
+
+    postgresql_global_config_options:
+      - option: listen_addresses
+        value: "*"
+      - option: unix_socket_directories
+        value: '{{ postgresql_unix_socket_directories | join(",") }}'
+      - option: log_directory
+        value: 'log'
+
+    postgresql_hba_entries:
+      - type: local
+        database: all
+        user: postgres
+        auth_method: peer
+      - type: local
+        database: all
+        user: all
+        auth_method: peer 
+      - type: host
+        database: all
+        user: all
+        address: 127.0.0.1/32
+        auth_method: md5
+      - type: host
+        database: all
+        user: all
+        address: ::1/128
+        auth_method: md5
+      - type: host
+        database: all
+        user: all
+        address: 0.0.0.0/0
+        auth_method: md5
+
+    postgresql_databases:
+      - name: "{{ db_server_name }}"
+
+    postgresql_users:
+      - name: "{{ db_server_user }}"
+        password: "{{ db_server_pass }}"
+
+    rabbitmq_users:
+      - name: "{{ rabbitmq_server_user }}"
+        password: "{{ rabbitmq_server_pass }}"
+        vhost: "{{ rabbitmq_server_vpath }}"
+        configure_priv: .*
+        read_priv: .*
+        write_priv: .*
+        tags: administrator
+
+    rabbitmq_users_remove: []
+
+    redis_bind_interface: 0.0.0.0
+
+  roles:
+    - geerlingguy.postgresql
+    - onlyoffice.rabbitmq
+    - geerlingguy.redis
+    - onlyoffice.documentserver
+    - geerlingguy.nginx
diff --git a/tests/nginx/molecule/default/molecule.yml b/tests/nginx/molecule/default/molecule.yml
@@ -0,0 +1,35 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: "${MOLECULE_DISTRO:-ubuntu2004}"
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  options:
+    extra-vars: "{'nginx_vhost_path': /etc/nginx/conf.d}"
+  env:
+    PROTO: ${MOLECULE_PROTO:-http}
+    MOLECULE_NO_LOG: ${MOLECULE_NO_LOG:-true}
+    VIRTUAL_PATH: ${VIRTUAL_PATH:-ds_path}
+  playbooks:
+    converge: ../../../../nginx/ansible/virtual-path-playbook.yaml
+verifier:
+  name: ansible
+scenario:
+  test_sequence:
+     - destroy
+     - dependency
+     - syntax
+     - create
+     - prepare
+     - converge
+     - verify
+     - destroy
diff --git a/tests/nginx/molecule/default/prepare.yml b/tests/nginx/molecule/default/prepare.yml
@@ -0,0 +1,51 @@
+---
+- name: Prepare
+  hosts: all
+  become: true
+  vars: 
+    os_environment: 
+      - key: DS_PORT
+        value: 9378
+
+  tasks:
+    - name: Install PostgreSQL Python libraries.
+      apt:
+        update_cache: yes
+        pkg:
+          - python3-psycopg2
+          - gnupg
+        state: present
+      when: ansible_os_family == "Debian"
+      changed_when: false
+      failed_when: false
+
+    - name: Set up ds server port
+      ansible.builtin.debconf:
+        name: onlyoffice-documentserver
+        question: onlyoffice/ds-port
+        value: 9378
+        vtype: string
+      become: yes
+      when: ansible_os_family == "Debian"
+
+    - name: Set ds server custom port
+      ansible.builtin.lineinfile:
+        dest: "/etc/environment"
+        state: present
+        regexp: "^{{ item.key }}="
+        line: "{{ item.key }}={{ item.value }}"
+      become: yes
+      with_items: "{{ os_environment }}"
+      when: ansible_os_family == "RedHat"
+
+    - name: Install nginx
+      apt: 
+        name: nginx-extras
+      when: ansible_os_family == "Debian"
+
+    - name: restart-nginx
+      ansible.builtin.service:
+        name: "nginx"
+        state: restarted
+      become: yes
+      when: ansible_os_family == "Debian" 
diff --git a/tests/nginx/molecule/default/requirements.yml b/tests/nginx/molecule/default/requirements.yml
@@ -0,0 +1,7 @@
+---
+roles:
+- src: geerlingguy.nginx
+- src: geerlingguy.redis
+- src: geerlingguy.postgresql
+- src: onlyoffice.rabbitmq
+- src: onlyoffice.documentserver
diff --git a/tests/nginx/molecule/default/verify.yml b/tests/nginx/molecule/default/verify.yml
@@ -0,0 +1,15 @@
+---
+- hosts: all
+  remote_user: root
+  become: true
+  vars:
+    virtual_path: "{{ lookup('env', 'VIRTUAL_PATH') }}"
+    proto: "{{ lookup('env', 'PROTO') }}"
+  tasks:
+    - name: "Get health check status on {{ proto }}://localhost/{{ virtual_path }}/healthcheck/"        
+      uri: 
+        url: "{{ proto }}://localhost/{{ virtual_path }}/healthcheck/"
+        return_content: yes
+        validate_certs: no
+      register: healthcheck
+      failed_when: "'true' not in healthcheck.content"
