feat(infra): Improve StorageBox mounting reliability and directory management
Refactor StorageBox mount logic for greater stability and consistent remounts by utilizing shell commands. Enable `user_allow_other` for davfs2 mounts in `/etc/fuse.conf` and `fstab`, ensuring non-root container access to mounted files. Standardize SWAG configuration directory provisioning to include specific subdirectories for DNS, proxy, and Certbot files. Streamline local `/opt/iklimco` directory creation on app and db nodes, removing obsolete paths and consolidating relevant service directories.
This commit is contained in:
parent
6f9d0d1588
commit
3641f1a87e
@ -8,10 +8,16 @@ storagebox_managed_directories:
|
|||||||
mode: "0777"
|
mode: "0777"
|
||||||
- path: "{{ storagebox_mount_point }}/ssl"
|
- path: "{{ storagebox_mount_point }}/ssl"
|
||||||
mode: "0777"
|
mode: "0777"
|
||||||
- path: "{{ storagebox_mount_point }}/swag/config"
|
- path: "{{ storagebox_mount_point }}/swag"
|
||||||
|
mode: "0777"
|
||||||
|
- path: "{{ storagebox_mount_point }}/swag/dns-conf"
|
||||||
mode: "0777"
|
mode: "0777"
|
||||||
- path: "{{ storagebox_mount_point }}/swag/site-confs"
|
- path: "{{ storagebox_mount_point }}/swag/site-confs"
|
||||||
mode: "0777"
|
mode: "0777"
|
||||||
|
- path: "{{ storagebox_mount_point }}/swag/proxy-confs"
|
||||||
|
mode: "0777"
|
||||||
|
- path: "{{ storagebox_mount_point }}/swag/certbot"
|
||||||
|
mode: "0777"
|
||||||
- path: "{{ storagebox_managed_directories_grafana_path | default(storagebox_mount_point ~ '/grafana/data') }}"
|
- path: "{{ storagebox_managed_directories_grafana_path | default(storagebox_mount_point ~ '/grafana/data') }}"
|
||||||
mode: "0777"
|
mode: "0777"
|
||||||
- path: "{{ storagebox_mount_point }}/precipitation/images"
|
- path: "{{ storagebox_mount_point }}/precipitation/images"
|
||||||
|
|||||||
@ -5,29 +5,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
|
||||||
- name: Create app specific directories
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: directory
|
|
||||||
mode: '0755'
|
|
||||||
loop:
|
|
||||||
- /opt/iklimco/ssl
|
|
||||||
- /opt/iklimco/init
|
|
||||||
- /opt/iklimco/init/postgresql
|
|
||||||
- /opt/iklimco/init/mongodb
|
|
||||||
- /opt/iklimco/stacks
|
|
||||||
- /opt/iklimco/vault/data
|
|
||||||
when: inventory_hostname in groups['app']
|
|
||||||
|
|
||||||
- name: Set vault data directory ownership (vault container runs as uid 100)
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /opt/iklimco/vault/data
|
|
||||||
state: directory
|
|
||||||
owner: '100'
|
|
||||||
group: '100'
|
|
||||||
mode: '0750'
|
|
||||||
when: inventory_hostname in groups['app']
|
|
||||||
|
|
||||||
- name: Create db specific directories
|
- name: Create db specific directories
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
@ -37,3 +14,12 @@
|
|||||||
- /opt/iklimco/db
|
- /opt/iklimco/db
|
||||||
- /opt/iklimco/backup
|
- /opt/iklimco/backup
|
||||||
when: inventory_hostname in groups['db']
|
when: inventory_hostname in groups['db']
|
||||||
|
|
||||||
|
- name: Create service node directories
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
loop:
|
||||||
|
- /opt/iklimco/ssl
|
||||||
|
when: inventory_hostname in groups['app']
|
||||||
|
|||||||
@ -2,9 +2,3 @@
|
|||||||
- name: Reload systemd
|
- name: Reload systemd
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
|
|
||||||
- name: Remount storagebox
|
|
||||||
ansible.builtin.shell: |
|
|
||||||
umount {{ storagebox_mount_point }} || true
|
|
||||||
mount {{ storagebox_mount_point }}
|
|
||||||
listen: "refresh storagebox mount"
|
|
||||||
|
|||||||
@ -4,6 +4,15 @@
|
|||||||
name: davfs2
|
name: davfs2
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Enable user_allow_other in /etc/fuse.conf
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/fuse.conf
|
||||||
|
regexp: '^#?\s*user_allow_other'
|
||||||
|
line: 'user_allow_other'
|
||||||
|
state: present
|
||||||
|
create: yes
|
||||||
|
register: fuse_conf
|
||||||
|
|
||||||
- name: Configure davfs2 secrets
|
- name: Configure davfs2 secrets
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/davfs2/secrets
|
path: /etc/davfs2/secrets
|
||||||
@ -22,28 +31,32 @@
|
|||||||
- name: Add fstab entry for StorageBox
|
- name: Add fstab entry for StorageBox
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/fstab
|
path: /etc/fstab
|
||||||
line: "{{ storagebox_url }} {{ storagebox_mount_point }} davfs _netdev,auto,user,rw,uid={{ storagebox_uid | default('root') }},gid={{ storagebox_gid | default('root') }}{% if storagebox_dir_mode is defined %},dir_mode={{ storagebox_dir_mode }}{% endif %}{% if storagebox_file_mode is defined %},file_mode={{ storagebox_file_mode }}{% endif %} 0 0"
|
line: "{{ storagebox_url }} {{ storagebox_mount_point }} davfs _netdev,auto,user,rw,uid={{ storagebox_uid | default('root') }},gid={{ storagebox_gid | default('root') }}{% if storagebox_dir_mode is defined %},dir_mode={{ storagebox_dir_mode }}{% endif %}{% if storagebox_file_mode is defined %},file_mode={{ storagebox_file_mode }}{% endif %},allow_other 0 0"
|
||||||
regexp: "^{{ storagebox_url | regex_escape() }}"
|
regexp: "^{{ storagebox_url | regex_escape() }}"
|
||||||
state: present
|
state: present
|
||||||
notify:
|
register: fstab_entry
|
||||||
- Reload systemd
|
|
||||||
- refresh storagebox mount
|
- name: Remove stale davfs2 PID file
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
mountpoint -q {{ storagebox_mount_point }} && exit 0
|
||||||
|
rm -f /var/run/mount.davfs/mnt-storagebox.pid
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Remount StorageBox to apply updated options
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
if mountpoint -q {{ storagebox_mount_point }}; then
|
||||||
|
umount -l {{ storagebox_mount_point }} || true
|
||||||
|
sleep 3
|
||||||
|
fi
|
||||||
|
rm -f /var/run/mount.davfs/mnt-storagebox.pid 2>/dev/null || true
|
||||||
|
mount {{ storagebox_mount_point }}
|
||||||
|
when: fuse_conf.changed or fstab_entry.changed
|
||||||
|
|
||||||
- name: Mount StorageBox
|
- name: Mount StorageBox
|
||||||
ansible.builtin.mount:
|
ansible.builtin.shell: |
|
||||||
path: "{{ storagebox_mount_point }}"
|
mountpoint -q {{ storagebox_mount_point }} && exit 0
|
||||||
src: "{{ storagebox_url }}"
|
mount {{ storagebox_mount_point }}
|
||||||
fstype: davfs
|
changed_when: false
|
||||||
opts: "_netdev,auto,user,rw,uid={{ storagebox_uid | default('root') }},gid={{ storagebox_gid | default('root') }}{% if storagebox_dir_mode is defined %},dir_mode={{ storagebox_dir_mode }}{% endif %}{% if storagebox_file_mode is defined %},file_mode={{ storagebox_file_mode }}{% endif %}"
|
|
||||||
state: mounted
|
|
||||||
notify:
|
|
||||||
- refresh storagebox mount
|
|
||||||
|
|
||||||
- name: Write mount marker
|
|
||||||
ansible.builtin.copy:
|
|
||||||
content: "mounted by ansible"
|
|
||||||
dest: "{{ storagebox_mount_point }}/.mounted_marker"
|
|
||||||
mode: '0644'
|
|
||||||
|
|
||||||
- name: Create managed StorageBox directories
|
- name: Create managed StorageBox directories
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
@ -53,4 +66,3 @@
|
|||||||
group: "{{ item.group | default(omit) }}"
|
group: "{{ item.group | default(omit) }}"
|
||||||
mode: "{{ item.mode | default('0755') }}"
|
mode: "{{ item.mode | default('0755') }}"
|
||||||
loop: "{{ storagebox_managed_directories | default([]) }}"
|
loop: "{{ storagebox_managed_directories | default([]) }}"
|
||||||
notify: "refresh storagebox mount"
|
|
||||||
|
|||||||
@ -3,7 +3,25 @@ storagebox_user: "{{ storagebox_account }}-sub4"
|
|||||||
storagebox_url: "https://{{ storagebox_user }}.your-storagebox.de/"
|
storagebox_url: "https://{{ storagebox_user }}.your-storagebox.de/"
|
||||||
storagebox_mount_point: "/mnt/storagebox"
|
storagebox_mount_point: "/mnt/storagebox"
|
||||||
storagebox_password: "{{ vault_storagebox_password }}"
|
storagebox_password: "{{ vault_storagebox_password }}"
|
||||||
|
storagebox_uid: "1000"
|
||||||
|
storagebox_gid: "1000"
|
||||||
|
storagebox_dir_mode: "0777"
|
||||||
|
storagebox_file_mode: "0666"
|
||||||
storagebox_managed_directories:
|
storagebox_managed_directories:
|
||||||
|
- path: "{{ storagebox_mount_point }}/db"
|
||||||
|
mode: "0777"
|
||||||
|
- path: "{{ storagebox_mount_point }}/ssl"
|
||||||
|
mode: "0777"
|
||||||
|
- path: "{{ storagebox_mount_point }}/swag"
|
||||||
|
mode: "0777"
|
||||||
|
- path: "{{ storagebox_mount_point }}/swag/dns-conf"
|
||||||
|
mode: "0777"
|
||||||
|
- path: "{{ storagebox_mount_point }}/swag/site-confs"
|
||||||
|
mode: "0777"
|
||||||
|
- path: "{{ storagebox_mount_point }}/swag/proxy-confs"
|
||||||
|
mode: "0777"
|
||||||
|
- path: "{{ storagebox_mount_point }}/swag/certbot"
|
||||||
|
mode: "0777"
|
||||||
- path: "{{ storagebox_mount_point }}/precipitation/images"
|
- path: "{{ storagebox_mount_point }}/precipitation/images"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
iklim_password: "{{ vault_iklim_password }}"
|
iklim_password: "{{ vault_iklim_password }}"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user