THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs

2025-09-08 11:17:17 +02:00 · 2025-08-15 15:15:48 +02:00
parent 0228014d34
commit 022800425d
271 changed files with 1098 additions and 916 deletions
--- a/roles/srv-web-7-4-core/Todo.md
+++ b/roles/srv-web-7-4-core/Todo.md
@@ -0,0 +1,2 @@
+# To-dos
+- It could make sense to merge this role with svc-prx-openresty
--- a/roles/srv-web-7-4-core/tasks/01_core.yml
+++ b/roles/srv-web-7-4-core/tasks/01_core.yml
@@ -1,3 +1,27 @@
+- name: "cleanup (if enabled)"
+  include_tasks: 02_cleanup.yml
+  when: >
+    MODE_CLEANUP | bool or
+    MODE_RESET | bool
+
+- name: "reset (if enabled)"
+  include_tasks: 03_reset.yml
+  when: MODE_RESET | bool
+
+- name: "Load docker compose handlers"
+  include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml"
+  vars:
+    handler_role_name: "docker-compose"
+
+- name: "Include tasks to create directories"
+  include_tasks: 04_directories.yml
+
+- name: create nginx config file
+  template: 
+    src:  nginx.conf.j2
+    dest: "{{ NGINX.FILES.CONFIGURATION }}"
+  notify: docker compose up
+
 - name: Include health dependencies
  include_role:
    name: "{{ item }}"
@@ -5,6 +29,7 @@
    - sys-hlth-webserver
    - sys-hlth-csp
  vars:
+    # Extra flush is for performance reasons not necessary
    flush_handlers: false

 - name: Include openresty
@@ -13,50 +38,12 @@
  # Inside openresty their is a validation that it doesn't run multiple times
  include_role:
    name: svc-prx-openresty
-    public: false
+
    # Explicit set to guaranty that application_id will not be overwritten.
    # Should be anyhow the default case
-  when: run_once_svc_prx_openresty is not defined
+    public: false

- name: "reset (if enabled)"
-  include_tasks: 02_reset.yml
-  when: MODE_RESET | bool
-  
- name: Ensure nginx configuration directories are present
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: "{{nginx.user}}"
-    group: "{{nginx.user}}"
-    mode: '0755'
-    recurse: yes
-  loop: >
-    {{
-      [ nginx.directories.configuration ] +
-      ( nginx.directories.http.values() | list ) +
-      [ nginx.directories.streams ] 
-    }}
-
- name: Ensure nginx data storage directories are present
-  file:
-    path: "{{ item }}"
-    state: directory
-    recurse: yes
-    owner: "{{nginx.user}}"
-    group: "{{nginx.user}}"
-    mode:  '0755'
-  loop: >
-    {{ nginx.directories.data.values() | list }}
-  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
-  
- name: "Include tasks to create cache directories"
-  include_tasks: 03_cache_directories.yml
-  when: run_once_nginx_reverse_proxy is not defined
-
- name: create nginx config file
-  template: 
-    src:  nginx.conf.j2 
-    dest: "{{ nginx.files.configuration }}"
-  notify: restart openresty
-  
+  vars:
+    # Flush openresty handler on first run, so that openresty is up, before openresty related handlers are triggered
+    flush_handlers: true
+  when: run_once_svc_prx_openresty is not defined
--- a/roles/srv-web-7-4-core/tasks/02_cleanup.yml
+++ b/roles/srv-web-7-4-core/tasks/02_cleanup.yml
@@ -0,0 +1,8 @@
+- name: Cleanup all NGINX cache directories
+  become: true
+  ansible.builtin.file:
+    path: "{{ item.value }}"
+    state: absent
+  loop: "{{ NGINX.DIRECTORIES.CACHE | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
--- a/roles/srv-web-7-4-core/tasks/02_reset.yml
+++ b/roles/srv-web-7-4-core/tasks/02_reset.yml
@@ -1,4 +0,0 @@
- name: "Delete {{nginx.directories.configuration}} directory, when MODE_RESET"
-  file:
-    path: "{{ nginx.directories.configuration }}"
-    state: absent
--- a/roles/srv-web-7-4-core/tasks/03_cache_directories.yml
+++ b/roles/srv-web-7-4-core/tasks/03_cache_directories.yml
@@ -1,28 +0,0 @@
- name: Cleanup all NGINX cache directories
-  become: true
-  ansible.builtin.file:
-    path: "{{ item.value }}"
-    state: absent
-  when:
-    - MODE_CLEANUP | bool
-  loop: "{{ nginx.directories.cache | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-
- name: Ensure all NGINX cache directories exist
-  become: true
-  ansible.builtin.file:
-    path: "{{ item.value }}"
-    state: directory
-    owner: "{{ nginx.user }}"
-    group: "{{ nginx.user }}"
-    mode: '0700'
-  loop: "{{ nginx.directories.cache | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
-
- name: run the nginx_reverse_proxy tasks once
-  set_fact:
-    run_once_nginx_reverse_proxy: true
--- a/roles/srv-web-7-4-core/tasks/03_reset.yml
+++ b/roles/srv-web-7-4-core/tasks/03_reset.yml
@@ -0,0 +1,9 @@
+- name: Delete NGINX config paths
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "{{ NGINX.DIRECTORIES.CONFIGURATION }}"
+    - "{{ NGINX.FILES.CONFIGURATION }}"
+  loop_control:
+    label: "{{ item }}"
--- a/roles/srv-web-7-4-core/tasks/04_directories.yml
+++ b/roles/srv-web-7-4-core/tasks/04_directories.yml
@@ -0,0 +1,36 @@
+- name: Ensure nginx configuration directories are present
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ NGINX.USER }}"
+    group: "{{ NGINX.USER }}"
+    mode: '0755'
+    recurse: yes
+  loop: >
+    {{
+      ( NGINX.DIRECTORIES.HTTP.values() | list ) +
+      [ NGINX.DIRECTORIES.STREAMS ] 
+    }}
+
+- name: Ensure all NGINX cache directories exist
+  become: true
+  ansible.builtin.file:
+    path: "{{ item.value }}"
+    state: directory
+    owner: "{{ NGINX.USER }}"
+    group: "{{ NGINX.USER }}"
+    mode: '0700'
+  loop: "{{ NGINX.DIRECTORIES.CACHE | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+
+- name: Ensure nginx data storage directories are present
+  file:
+    path: "{{ item }}"
+    state: directory
+    recurse: yes
+    owner: "{{ NGINX.USER }}"
+    group: "{{ NGINX.USER }}"
+    mode:  '0755'
+  loop: >
+    {{ NGINX.DIRECTORIES.DATA.values() | list }}
--- a/roles/srv-web-7-4-core/templates/nginx.conf.j2
+++ b/roles/srv-web-7-4-core/templates/nginx.conf.j2
@@ -14,8 +14,8 @@ http
  default_type text/html;

  {# caching #}
-  proxy_cache_path {{ nginx.directories.cache.general }} levels=1:2 keys_zone=cache:20m max_size=20g inactive=14d use_temp_path=off;
-  proxy_cache_path {{ nginx.directories.cache.image }} levels=1:2 keys_zone=imgcache:10m inactive=60m use_temp_path=off;
+  proxy_cache_path {{ NGINX.DIRECTORIES.CACHE.GENERAL }} levels=1:2 keys_zone=cache:20m max_size=20g inactive=14d use_temp_path=off;
+  proxy_cache_path {{ NGINX.DIRECTORIES.CACHE.IMAGE }} levels=1:2 keys_zone=imgcache:10m inactive=60m use_temp_path=off;

  # --------------------------------------------------------------------------------
  # Tweak the hash table used to store your server_name entries:
@@ -54,12 +54,12 @@ http
  gzip_types application/atom+xml application/javascript application/xml+rss application/x-javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/javascript text/xml;

  types_hash_max_size 4096;  
-  {% for dir in nginx.directories.http.values() %}
+  {% for dir in NGINX.DIRECTORIES.HTTP.values() %}
  include {{ dir }}*.conf;
  {% endfor %}
 }

 # For port proxies
 stream{
-  include {{nginx.directories.streams}}*.conf;
+  include {{NGINX.DIRECTORIES.STREAMS}}*.conf;
 }