Mirrors/ansible-collection-famedly-services

mirror of https://github.com/famedly/ansible-collection-services synced 2024-11-10 05:54:14 +00:00

History

Lars Kaiser 7b7a813db9 fix(zammad): compare networks strictly		2022-04-27 14:38:15 +02:00
..
defaults	fix(zammad): CSRF token validation failed	2022-04-27 14:23:50 +02:00
files	feat(zammad): add zammad-dockerized role	2021-08-10 09:22:40 +02:00
handlers	feat(zammad): add zammad-dockerized role	2021-08-10 09:22:40 +02:00
tasks	fix(zammad): compare networks strictly	2022-04-27 14:38:15 +02:00
templates	feat(zammad): add zammad-dockerized role	2021-08-10 09:22:40 +02:00
vars	feat(zammad): add zammad-dockerized role	2021-08-10 09:22:40 +02:00
README.md	feat(zammad): add zammad-dockerized role	2021-08-10 09:22:40 +02:00

README.md

Zammad-dockerized ansible role

This role is used to deploy the (experimental) version of zammad in docker containers. The official repo uses docker-compose, the role skips docker-compose and interfaces with the docker daemon directly. It does pretty much the same thing docker-compose would do.

Usage

Just execute the role as root (become: yes) and set at least these variables:

zammad_postgres_passwd: "super_secret_password"
zammad_host_network: "bridge" (Name of your hosts docker network, usually "bridge")

After running the role (which will take some time) you can access the Zammad-WebUi via port 8080 on the zammad-nginx container. You may also use a reverse proxy or something similar. traefik for example.

Containers

All containers are defined in zammad_containers by default these containers exist:

zammad-postgresql
zammad-memcached
zammad-elasticsearch
zammad-websocket
zammad-railsserver
zammad-scheduler
zammad-backup
zammad-init
zammad-nginx

They are created/started in the same order as they are listed here. By default, all containers are added to the zammad docker-network.

Additional configuration

Container labels

You can modify the container labels with zammad_labels.[container_name]. For Example:

zammad_labels:
  nginx:
    traefik.enable: "true"
    ...

Host network

You may allow certain containers access to you hosts default network:

zammad_allow_host_nework:
  scheduler: yes
  railsserver: yes

You have to set zammad_host_network accordingly:

zammad_host_network:
  name: "bridge"

Add containers to the host network

Only containers in the zammad_allow_host_nework list are added to the host-network. Set it up like this:

zammad_allow_host_nework:
  scheduler: yes
  railsserver: yes

Zammad internal network

You can customize the internal network with zammad_network, these are the defaults:

zammad_network:
  name: "zammad"

http(s) port

The port can be set using zammad_config_port, default is 8080

Zammad user

The role creates a system use under which all zammad containers run. You can change the username with zammad_user

Zammad paths

The following paths are used, these are the defaults:

zammad_base_path: /opt/zammad
zammad_command_dir: /usr/bin/

`zammad-docker` command

This is a small command line utility that runs sudo docker $1 for all zammad-containers. You can disable this tool by setting zammad_enable_command to no.

Postgres

Set the postgres user and password, you should use something like the ansible-vault for passwords:

zammad_postgres_user: "zammad" (by default same as zammad_user)
zammad_postgres_passwd: "super_secret_password"

Faked `/etc/passwd`

For security reasons the postgres container is not run as root (unless you run everything as root see Zammad user). Postgres requires access to etc/passwd (see https://hub.docker.com/_/postgres/). As it's unsecure to map the hosts passwd-file into the container, a fake /etc/passwd is created. This file only contains the necessary information for postgres to work.