diff --git a/ansible/deploy_zdm_proxy.yml b/ansible/deploy_zdm_proxy.yml index c5e283b..52c41e6 100644 --- a/ansible/deploy_zdm_proxy.yml +++ b/ansible/deploy_zdm_proxy.yml @@ -209,6 +209,7 @@ - name: Create ZDM proxy configuration env file hosts: proxies vars_files: + - vars/zdm_proxy_container_config.yml - vars/zdm_proxy_cluster_config.yml - vars/zdm_proxy_core_config.yml - vars/zdm_proxy_advanced_config.yml @@ -216,22 +217,31 @@ - vars/zdm_playbook_internal_config.yml tasks: + - name: Applying default ZDM proxy config mode + when: zdm_proxy_config_mode is undefined + set_fact: + zdm_proxy_config_mode: "env_vars" + - name: Verify proxy container configuration + assert: + that: zdm_proxy_config_mode == "env_vars" or zdm_proxy_config_mode == "config_file" + success_msg: "ZDM proxy container correctly configured" + fail_msg: "Invalid value of 'zdm_proxy_config_mode' parameter, supported values are 'env_vars' or 'config_file'" - name: Create configuration fragment directory file: path: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_config_fragments_dir_name }}" state: directory - - name: Generate env var file from template for immutable configuration + - name: Generate configuration file from template for immutable configuration template: - src: "zdm_proxy_immutable_config.j2" + src: "{{ 'zdm_proxy_immutable_config_env_vars.j2' if zdm_proxy_config_mode == 'env_vars' else 'zdm_proxy_immutable_config_file.j2' }}" dest: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_config_fragments_dir_name }}/{{ zdm_proxy_immutable_config_fragment_file_name }}" - - name: Generate env var file from template for mutable configuration + - name: Generate configuration file from template for mutable configuration template: - src: "zdm_proxy_mutable_config.j2" + src: "{{ 'zdm_proxy_mutable_config_env_vars.j2' if zdm_proxy_config_mode == 'env_vars' else 'zdm_proxy_mutable_config_file.j2' }}" dest: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_config_fragments_dir_name }}/{{ zdm_proxy_mutable_config_fragment_file_name }}" - name: Merge the immutable and mutable configuration files into a single one assemble: src: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_config_fragments_dir_name }}" - dest: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_environment_config_file_name }}" + dest: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_environment_config_file_name if zdm_proxy_config_mode == 'env_vars' else (zdm_proxy_shared_assets_dir_name + '/' + zdm_proxy_config_file_name) }}" - name: Install ZDM Proxy hosts: proxies @@ -251,7 +261,8 @@ vars: ansible_python_interpreter: python3 - - name: Create ZDM proxy container + - name: Create ZDM proxy container with env vars + when: "zdm_proxy_config_mode == 'env_vars'" docker_container: name: "{{ zdm_proxy_container_name }}" image: "docker.io/{{ zdm_proxy_image }}" @@ -272,6 +283,24 @@ vars: ansible_python_interpreter: python3 + - name: Create ZDM proxy container with configuration file + when: "zdm_proxy_config_mode == 'config_file'" + docker_container: + name: "{{ zdm_proxy_container_name }}" + image: "docker.io/{{ zdm_proxy_image }}" + command: + - "--config={{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{zdm_proxy_config_file_name}}" + mounts: + - source: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}" + target: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}" + type: bind + network_mode: host + restart_policy: unless-stopped + restart: yes + state: started + vars: + ansible_python_interpreter: python3 + - name: Wait for this ZDM proxy to come up uri: url: "http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ metrics_port }}/health/readiness" diff --git a/ansible/rolling_update_zdm_proxy.yml b/ansible/rolling_update_zdm_proxy.yml index 2e470b5..ee7b473 100644 --- a/ansible/rolling_update_zdm_proxy.yml +++ b/ansible/rolling_update_zdm_proxy.yml @@ -18,20 +18,30 @@ - name: Create ZDM proxy configuration env file based on the latest configuration hosts: proxies vars_files: + - vars/zdm_proxy_container_config.yml - vars/zdm_proxy_cluster_config.yml - vars/zdm_proxy_core_config.yml - vars/zdm_proxy_advanced_config.yml - vars/zdm_playbook_internal_config.yml tasks: - - name: Generate env var file from template for mutable configuration + - name: Applying default ZDM proxy config mode + when: zdm_proxy_config_mode is undefined + set_fact: + zdm_proxy_config_mode: "env_vars" + - name: Verify proxy container configuration + assert: + that: zdm_proxy_config_mode == "env_vars" or zdm_proxy_config_mode == "config_file" + success_msg: "ZDM proxy container correctly configured" + fail_msg: "Invalid value of 'zdm_proxy_config_mode' parameter, supported values are 'env_vars' or 'config_file'" + - name: Generate configuration file from template for mutable configuration template: - src: "zdm_proxy_mutable_config.j2" + src: "{{ 'zdm_proxy_mutable_config_env_vars.j2' if zdm_proxy_config_mode == 'env_vars' else 'zdm_proxy_mutable_config_file.j2' }}" dest: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_config_fragments_dir_name }}/{{ zdm_proxy_mutable_config_fragment_file_name }}" - name: Merge the immutable and mutable configuration files into a single one assemble: src: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_config_fragments_dir_name }}" - dest: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_environment_config_file_name }}" + dest: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_environment_config_file_name if zdm_proxy_config_mode == 'env_vars' else (zdm_proxy_shared_assets_dir_name + '/' + zdm_proxy_config_file_name) }}" - name: Configure and restart each ZDM proxy in a rolling fashion hosts: proxies @@ -45,7 +55,8 @@ - vars/zdm_proxy_core_config.yml # this inclusion is for backward compatibility and will be removed in the future tasks: - - name: Create ZDM proxy container with updated configuration + - name: Create ZDM proxy container with updated env vars + when: "zdm_proxy_config_mode == 'env_vars'" docker_container: name: "{{ zdm_proxy_container_name }}" image: "{{ zdm_proxy_image }}" @@ -65,6 +76,25 @@ state: started vars: ansible_python_interpreter: python3 + + - name: Create ZDM proxy container with updated configuration file + when: "zdm_proxy_config_mode == 'config_file'" + docker_container: + name: "{{ zdm_proxy_container_name }}" + image: "{{ zdm_proxy_image }}" + command: + - "--config={{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{zdm_proxy_config_file_name}}" + mounts: + - source: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}" + target: "{{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}" + type: bind + network_mode: host + restart_policy: unless-stopped + restart: yes + state: started + vars: + ansible_python_interpreter: python3 + - name: Wait for this ZDM proxy to come up uri: url: "http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ metrics_port }}/health/readiness" @@ -76,6 +106,3 @@ - pause: prompt: "Pause for {{ pause_between_restarts_in_seconds }} seconds after restarting this ZDM proxy instance" seconds: "{{ pause_between_restarts_in_seconds }}" - - - diff --git a/ansible/templates/zdm_proxy_immutable_config.j2 b/ansible/templates/zdm_proxy_immutable_config_env_vars.j2 similarity index 100% rename from ansible/templates/zdm_proxy_immutable_config.j2 rename to ansible/templates/zdm_proxy_immutable_config_env_vars.j2 diff --git a/ansible/templates/zdm_proxy_immutable_config_file.j2 b/ansible/templates/zdm_proxy_immutable_config_file.j2 new file mode 100644 index 0000000..c148187 --- /dev/null +++ b/ansible/templates/zdm_proxy_immutable_config_file.j2 @@ -0,0 +1,72 @@ +#jinja2: lstrip_blocks: "True", trim_blocks: "True" + +{% set zdm_proxy_address_list = [] %} +{% for host in groups['proxies'] %} + {{ zdm_proxy_address_list.append(host) }} +{% endfor %} +proxy_topology_index: {{ groups['proxies'].index(hostvars[inventory_hostname]['ansible_default_ipv4']['address']) }} +proxy_topology_addresses: {{ zdm_proxy_address_list|join(',') }} + +{% if ( origin_contact_points is defined ) %} +origin_contact_points: {{ origin_contact_points }} + {% if ( origin_port is defined ) %} +origin_port: {{ origin_port }} + {% endif %} +{% elif ( ( origin_scb_downloaded is defined and origin_scb_downloaded == 'success' ) or ( origin_scb_provided is defined and origin_scb_provided == 'success' ) )%} +origin_secure_connect_bundle_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/origin_scb.zip +{% endif %} +{% if ( origin_local_datacenter is defined ) %} +origin_local_datacenter: {{ origin_local_datacenter }} +{% endif %} + +{% if ( target_contact_points is defined ) %} +target_contact_points: {{ target_contact_points }} + {% if ( target_port is defined ) %} +target_port: {{ target_port }} + {% endif %} +{% elif ( target_scb_downloaded is defined and target_scb_downloaded == 'success' ) or ( target_scb_provided is defined and target_scb_provided == 'success' ) %} +target_secure_connect_bundle_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/target_scb.zip +{% endif %} +{% if ( target_local_datacenter is defined ) %} +target_local_datacenter: {{ target_local_datacenter }} +{% endif %} + +proxy_listen_address: {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} +proxy_listen_port: {{ zdm_proxy_listen_port }} + +metrics_address: {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} +metrics_port: {{ metrics_port }} + +{% if ( origin_tls_user_dir_path is defined and origin_tls_server_ca_filename is defined ) %} +origin_tls_server_ca_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{ origin_tls_dest_dir_name }}/{{ origin_tls_server_ca_filename }} +{% endif %} +{% if ( origin_tls_user_dir_path is defined and origin_tls_client_cert_filename is defined ) %} +origin_tls_client_cert_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{ origin_tls_dest_dir_name }}/{{ origin_tls_client_cert_filename }} +{% endif %} +{% if ( origin_tls_user_dir_path is defined and origin_tls_client_key_filename is defined ) %} +origin_tls_client_key_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{ origin_tls_dest_dir_name }}/{{ origin_tls_client_key_filename }} +{% endif %} + +{% if ( target_tls_user_dir_path is defined and target_tls_server_ca_filename is defined ) %} +target_tls_server_ca_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{ target_tls_dest_dir_name }}/{{ target_tls_server_ca_filename }} +{% endif %} +{% if ( target_tls_user_dir_path is defined and target_tls_client_cert_filename is defined ) %} +target_tls_client_cert_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{ target_tls_dest_dir_name }}/{{ target_tls_client_cert_filename }} +{% endif %} +{% if ( target_tls_user_dir_path is defined and target_tls_client_key_filename is defined ) %} +target_tls_client_key_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{ target_tls_dest_dir_name }}/{{ target_tls_client_key_filename }} +{% endif %} + +{% if ( zdm_proxy_tls_user_dir_path is defined and zdm_proxy_tls_ca_filename is defined ) %} +proxy_tls_ca_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{ zdm_proxy_tls_dest_dir_name }}/{{ zdm_proxy_tls_ca_filename }} +{% endif %} +{% if ( zdm_proxy_tls_user_dir_path is defined and zdm_proxy_tls_cert_filename is defined ) %} +proxy_tls_cert_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{ zdm_proxy_tls_dest_dir_name }}/{{ zdm_proxy_tls_cert_filename }} +{% endif %} +{% if ( zdm_proxy_tls_user_dir_path is defined and zdm_proxy_tls_key_filename is defined ) %} +proxy_tls_key_path: {{ zdm_proxy_home_dir }}/{{ zdm_proxy_shared_assets_dir_name }}/{{ zdm_proxy_tls_dest_dir_name }}/{{ zdm_proxy_tls_key_filename }} +{% endif %} +{% if ( zdm_proxy_tls_require_client_auth is defined ) %} +proxy_tls_require_client_auth: {{ zdm_proxy_tls_require_client_auth }} +{% endif %} + diff --git a/ansible/templates/zdm_proxy_mutable_config.j2 b/ansible/templates/zdm_proxy_mutable_config_env_vars.j2 similarity index 100% rename from ansible/templates/zdm_proxy_mutable_config.j2 rename to ansible/templates/zdm_proxy_mutable_config_env_vars.j2 diff --git a/ansible/templates/zdm_proxy_mutable_config_file.j2 b/ansible/templates/zdm_proxy_mutable_config_file.j2 new file mode 100644 index 0000000..7be7aa5 --- /dev/null +++ b/ansible/templates/zdm_proxy_mutable_config_file.j2 @@ -0,0 +1,58 @@ +#jinja2: lstrip_blocks: "True", trim_blocks: "True" + +{% if ( primary_cluster is defined ) %} +primary_cluster: {{ primary_cluster }} +{% endif %} + +{% if ( read_mode is defined ) %} +read_mode: {{ read_mode }} +{% endif %} + +{% if ( log_level is defined ) %} +log_level: {{ log_level }} +{% endif %} + +origin_username: {{ origin_username | default('') }} +origin_password: {{ origin_password | default('') }} +target_username: {{ target_username | default('') }} +target_password: {{ target_password | default('') }} + +{% if ( zdm_proxy_max_clients_connections is defined ) %} +proxy_max_client_connections: {{ zdm_proxy_max_clients_connections }} +{% endif %} + +{% if ( zdm_proxy_request_timeout_ms is defined ) %} +proxy_request_timeout_ms: {{ zdm_proxy_request_timeout_ms }} +{% endif %} +{% if ( origin_connection_timeout_ms is defined ) %} +origin_connection_timeout_ms: {{ origin_connection_timeout_ms }} +{% endif %} +{% if ( target_connection_timeout_ms is defined ) %} +target_connection_timeout_ms: {{ target_connection_timeout_ms }} +{% endif %} +{% if ( async_handshake_timeout_ms is defined ) %} +async_handshake_timeout_ms: {{ async_handshake_timeout_ms }} +{% endif %} +{% if ( heartbeat_interval_ms is defined ) %} +heartbeat_interval_ms: {{ heartbeat_interval_ms }} +{% endif %} +{% if ( zdm_proxy_max_stream_ids is defined ) %} +proxy_max_stream_ids: {{ zdm_proxy_max_stream_ids }} +{% endif %} + +{% if ( metrics_enabled is defined ) %} +metrics_enabled: {{ metrics_enabled }} +{% endif %} + +{% if ( system_queries_mode is defined ) %} +system_queries_mode: {{ system_queries_mode }} +{% endif %} + +{% if ( replace_cql_functions is defined ) %} +replace_cql_functions: {{ replace_cql_functions }} +{% endif %} + +{% if ( forward_client_credentials_to_origin is defined ) %} +forward_client_credentials_to_origin: {{ forward_client_credentials_to_origin }} +{% endif %} + diff --git a/ansible/vars/zdm_playbook_internal_config.yml b/ansible/vars/zdm_playbook_internal_config.yml index f588e23..1790946 100644 --- a/ansible/vars/zdm_playbook_internal_config.yml +++ b/ansible/vars/zdm_playbook_internal_config.yml @@ -11,6 +11,7 @@ zdm_proxy_config_fragments_dir_name: zdm_proxy_config_fragments zdm_proxy_mutable_config_fragment_file_name: zdm_proxy_mutable_config.env zdm_proxy_immutable_config_fragment_file_name: zdm_proxy_immutable_config.env zdm_proxy_environment_config_file_name: zdm_proxy_config.env +zdm_proxy_config_file_name: zdm_proxy_config.yml origin_scb_file_name: origin_scb target_scb_file_name: target_scb diff --git a/ansible/vars/zdm_proxy_container_config.yml b/ansible/vars/zdm_proxy_container_config.yml index 284aaea..c5662a8 100644 --- a/ansible/vars/zdm_proxy_container_config.yml +++ b/ansible/vars/zdm_proxy_container_config.yml @@ -2,4 +2,8 @@ zdm_proxy_image: datastax/zdm-proxy:2.x create_containers: 1 -zdm_proxy_container_name: zdm-proxy-container \ No newline at end of file +zdm_proxy_container_name: zdm-proxy-container + +# Defines how configuration shall be passed to ZDM proxy. +# Allowed values are "env_vars" and "config_file". +zdm_proxy_config_mode: env_vars \ No newline at end of file