feat(ess-pro/compose): deploy Element Server Suite Pro via Compose
initial commit of the converted role from helm charts for qubernetis to compose ansible role
This commit is contained in:
parent
c11f019aae
commit
32eca6b923
33 changed files with 1906 additions and 0 deletions
47
roles/ess_pro_compose/tasks/secrets.yml
Normal file
47
roles/ess_pro_compose/tasks/secrets.yml
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
# SPDX-License-Identifier: MIT-0
|
||||
---
|
||||
# Generate the ess-generated secret bundle. Mirrors the chart's `init-secrets`
|
||||
# job, but runs locally on the host. Idempotent — only writes missing files.
|
||||
|
||||
- name: Render generate-secrets script
|
||||
ansible.builtin.template:
|
||||
src: generate-secrets.py.j2
|
||||
dest: "{{ ess_compose_dir }}/.generate-secrets.py"
|
||||
mode: "0700"
|
||||
|
||||
- name: Run generate-secrets (creates only what's missing)
|
||||
ansible.builtin.command:
|
||||
cmd: "/usr/bin/python3 {{ ess_compose_dir }}/.generate-secrets.py"
|
||||
register: ess_secrets_run
|
||||
changed_when: "'CREATED:' in ess_secrets_run.stdout"
|
||||
|
||||
- name: Verify every required secret exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ ess_compose_secrets_dir }}/{{ item }}"
|
||||
register: ess_secret_stat
|
||||
loop: "{{ _ess_secret_names }}"
|
||||
failed_when: not ess_secret_stat.stat.exists
|
||||
|
||||
- name: Read postgres passwords for config templates (not persisted)
|
||||
ansible.builtin.slurp:
|
||||
src: "{{ ess_compose_secrets_dir }}/{{ item }}"
|
||||
register: ess_password_slurp
|
||||
loop:
|
||||
- POSTGRES_ADMIN_PASSWORD
|
||||
- POSTGRES_SYNAPSE_PASSWORD
|
||||
- POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD
|
||||
- SYNAPSE_MACAROON
|
||||
- SYNAPSE_REGISTRATION_SHARED_SECRET
|
||||
- SYNAPSE_WORKERS_REPLICATION_SECRET
|
||||
- MAS_SYNAPSE_SHARED_SECRET
|
||||
- MAS_MATRIX_TOOLS_OIDC_CLIENT_SECRET
|
||||
- ELEMENT_CALL_LIVEKIT_SECRET
|
||||
no_log: true
|
||||
|
||||
- name: Expose passwords as facts for templates
|
||||
ansible.builtin.set_fact:
|
||||
_ess_secrets: "{{ _ess_secrets | default({}) | combine({item.item: (item.content | b64decode).strip()}) }}"
|
||||
loop: "{{ ess_password_slurp.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item }}"
|
||||
no_log: true
|
||||
Loading…
Add table
Add a link
Reference in a new issue