feat(snipe-it): add role for deploying snipe-it

2024-11-10 05:54:14 +00:00 · 2021-06-07 08:58:04 +02:00 · 2021-06-07 08:58:04 +02:00 · 95e28f7b9c
commit 95e28f7b9c
parent a5ed37ce3f
4 changed files with 182 additions and 0 deletions
--- a/roles/snipe-it/README.md
+++ b/roles/snipe-it/README.md
@ -0,0 +1,30 @@
+# `famedly.internal.snipe-it` ansible role
+
+Deploys [snipe-it](https://snipeitapp.com/) in a
+[docker container](https://snipe-it.readme.io/docs/docker)
+and optionally a maria-db instance for storage.
+
+## Requirements
+
+- docker
+
+## Role Variables
+
+|| Name                                 || Default value || Description                                 ||
+| `snipe_it_config_app_key`             | `~`             | Laraval app key                              |
+| `snipe_it_config_app_url`             | `~`             | URL where snipeit runs                       |
+| `snipe_it_config_app_trusted_proxies` | `~`             | Where your reverse proxies run               |
+| `snipe_it_config_db_username`         | `"snipe-it"`    | Username for the mariaDB                     |
+| `snipe_it_config_db_password`         | `~`             | Password for the mariaDB                     |
+| `snipe_it_config_db_host`             | `"snipeit-db"`  | Hostname of the mariaDB[¹]                   |
+| `snipe_it_builtin_database_enable`    | `True`          | If the role should deploy a mariadb instance |
+
+¹ Used as the container name for the built-in maria DB
+
+## License
+
+AGPL-3.0-only
+
+## Author Information
+
+- Johanna Dorothea Reichmann <j.reichmann@famedly.com>
--- a/roles/snipe-it/defaults/main.yml
+++ b/roles/snipe-it/defaults/main.yml
@ -0,0 +1,47 @@
+---
+
+snipe_it_user: "snipe-it"
+snipe_it_version: 5.1.5
+snipe_it_base_path: "/opt/snipe-it"
+snipe_it_data_path: "{{ snipe_it_base_path }}/data"
+snipe_it_keys_path: "{{ snipe_it_base_path }}/keys"
+snipe_it_dumps_path: "{{ snipe_it_base_path }}/dumps"
+snipe_it_config_file: "{{ snipe_it_base_path }}/env"
+
+# built-in maria db config
+snipe_it_builtin_database_enable: true
+snipe_it_builtin_database_version: "10.6"
+# generate a strong password based on the app key
+snipe_it_builtin_database_root_pass: "{{ snipe_it_config_app_key | password_hash('sha512', 'snipeit.db.root') | to_uuid }}"
+snipe_it_builtin_database_labels: {}
+snipe_it_builtin_database_ports: []
+snipe_it_builtin_database_data_path: "{{ snipe_it_base_path }}/mariadb"
+snipe_it_config: {}
+
+# app configuration
+snipe_it_config_app_key: ~
+snipe_it_config_app_url: ~
+snipe_it_config_app_user: "{{ snipe_it_user }}"
+snipe_it_config_app_timezone: 'Europe/London'
+snipe_it_config_app_locale: en
+snipe_it_config_app_trusted_proxies: ~
+snipe_it_config_db_connection: mysql
+snipe_it_config_db_host: snipe-mysql
+snipe_it_config_db_database: snipe-it
+snipe_it_config_db_username: snipe-it
+snipe_it_config_db_password: ~
+snipe_it_config_db_prefix: ~
+snipe_it_config_db_dump_path: /usr/bin
+snipe_it_config_db_socket: ~
+snipe_it_config_db_port: ~
+
+# container configuration
+snipe_it_container_name: "snipe-it"
+snipe_it_container_image: "docker.io/snipe/snipe-it"
+snipe_it_container_image_tag: ~
+snipe_it_container_image_ref: "{{ snipe_it_container_image }}:{{ snipe_it_container_image_tag | default('v' + snipe_it_version, True) }}"
+snipe_it_container_env: {}
+snipe_it_container_labels: {}
+snipe_it_container_ports:
+  - 80:80
+snipe_it_container_volumes: []
--- a/roles/snipe-it/tasks/main.yml
+++ b/roles/snipe-it/tasks/main.yml
@ -0,0 +1,63 @@
+---
+
+- name: Ensure user for snipe-it is created
+  user:
+    name: "{{ snipe_it_user }}"
+    state: present
+    system: yes
+  register: snipe_it_user_res
+
+- name: Ensure directories are created
+  file:
+    path: "{{ item.path }}"
+    mode: "{{ item.mode | default('0750') }}"
+    state: directory
+  when: item.only is undefined or item.only == True
+  loop:
+    - path: "{{ snipe_it_base_path }}"
+    - path: "{{ snipe_it_data_path }}"
+    - path: "{{ snipe_it_keys_path }}"
+    - path: "{{ snipe_it_dumps_path }}"
+    - path: "{{ snipe_it_builtin_database_data_path }}"
+      only: "{{ snipe_it_builtin_database_enable|bool }}"
+
+- name: Template laravel env
+  copy:
+    dest: "{{ snipe_it_config_file }}"
+    content: |
+      {% for kv in snipe_it_config_merged|combine(snipe_it_container_env)|dict2items %}
+      {{ kv.key }}="{{ kv.value }}"
+      {% endfor %}
+
+- name: Ensure built-in MariaDB for snipe-it is started
+  docker_container:
+    name: "{{ snipe_it_config_db_host | default('snipe-mysql', True) }}"
+    image: "docker.io/mariadb:{{ snipe_it_builtin_database_version }}"
+    volumes: ["{{ snipe_it_builtin_database_data_path }}:/var/lib/mysql:z"]
+    ports: "{{ snipe_it_builtin_database_ports }}"
+    labels: "{{ snipe_it_builtin_database_labels }}"
+    env:
+      MARIADB_ROOT_PASSWORD: "{{ snipe_it_builtin_database_root_pass }}"
+      MARIADB_DATABASE: "{{ snipe_it_config_db_database }}"
+      MARIADB_USER: "{{ snipe_it_config_db_username }}"
+      MARIADB_PASSWORD: "{{ snipe_it_config_db_password }}"
+      MARIADB_ROOT_HOST: '%'
+    restart_policy: unless-stopped
+    state: started
+  register: snipe_mysql_container
+  when: snipe_it_builtin_database_enable|bool
+
+- name: Ensure snipe-it container is started
+  docker_container:
+    image: "{{ snipe_it_container_image_ref }}"
+    name: "{{ snipe_it_container_name }}"
+#    user: "{{ snipe_it_user_res.uid }}:{{ snipe_it_user_res.group }}"
+    volumes: "{{ snipe_it_container_volumes_merged }}"
+    ports: "{{ snipe_it_container_ports }}"
+    env: "{{ snipe_it_config_merged | combine(snipe_it_container_env, recursive=True) }}"
+    labels: "{{ snipe_it_container_labels_merged }}"
+    etc_hosts:
+      snipe-mysql: "{{ snipe_mysql_container.container.NetworkSettings.Networks.bridge.IPAddress }}"
+    restart_policy: unless-stopped
+    state: started
+    pull: yes
--- a/roles/snipe-it/vars/main.yml
+++ b/roles/snipe-it/vars/main.yml
@ -0,0 +1,42 @@
+---
+
+snipe_it_container_labels_merged: "{{ snipe_it_container_labels_base | combine(snipe_it_container_labels) }}"
+snipe_it_container_labels_base:
+  version: "{{ snipe_it_container_image_tag | default(snipe_it_version, true) }}"
+
+snipe_it_container_volumes_merged: "{{ snipe_it_container_volumes_base + snipe_it_container_volumes }}"
+snipe_it_container_volumes_base:
+  - "{{ snipe_it_data_path }}:/var/lib/snipeit/data:z"
+  - "{{ snipe_it_keys_path }}:/var/lib/snipeit/keys:z"
+  - "{{ snipe_it_dumps_path }}:/var/lib/snipeit/dumps:z"
+  - "{{ snipe_it_config_file }}:/var/www/html/.env:z"
+
+snipe_it_config_merged: "{{ snipe_it_config_base | combine(snipe_it_optional_config_yaml | from_yaml) | combine(snipe_it_config) }}"
+snipe_it_optional_config_yaml: |
+  {% if snipe_it_config_db_port %}
+  DB_PORT: "{{ snipe_it_config_db_port }}"
+  {% endif %}
+  {% if snipe_it_config_db_socket %}
+  DB_SOCKET: "{{ snipe_it_config_db_socket }}"
+  {% endif %}
+  {% if snipe_it_config_db_prefix %}
+  DB_PREFIX: "{{ snipe_it_config_db_prefix }}"
+  {% endif %}
+  {% if snipe_it_config_db_host %}
+  DB_HOST: "{{ snipe_it_config_db_host }}"
+  {% endif %}
+snipe_it_config_base:
+  APP_ENV: production
+  APP_DEBUG: "false"
+  APP_USER: "{{ snipe_it_config_app_user }}"
+  APP_KEY: "{{ snipe_it_config_app_key }}"
+  APP_URL: "{{ snipe_it_config_app_url }}"
+  APP_TIMEZONE: "{{ snipe_it_config_app_timezone }}"
+  APP_LOCALE: "{{ snipe_it_config_app_locale }}"
+  APP_TRUSTED_PROXIES: "{{ snipe_it_config_app_trusted_proxies }}"
+  DB_CONNECTION: "{{ snipe_it_config_db_connection }}"
+  DB_DATABASE: "{{ snipe_it_config_db_database }}"
+  DB_USERNAME: "{{ snipe_it_config_db_username }}"
+  DB_PASSWORD: "{{ snipe_it_config_db_password }}"
+  DB_DUMP_PATH: "{{ snipe_it_config_db_dump_path }}"
+  IMAGE_LIB: gd