Setup Hydra systemd service

- run migrations before start - register systemd unit - start service - define localhost as default listening address
2 years ago · f0d279789a
parent 9791658838
commit f0d279789a
5 changed files with 44 additions and 3 deletions
--- a/deployment/playbooks/01_install_cacert_oidc.yml
+++ b/deployment/playbooks/01_install_cacert_oidc.yml
@ -3,6 +3,13 @@
  hosts: pgsqlserver
  become: true

+  pre_tasks:
+
+    - name: Install python3-psycopg2
+      ansible.builtin.package:
+        name: python3-psycopg2
+        state: present
+
  roles:
    - hydra_database

--- a/deployment/roles/hydra_server/handlers/main.yml
+++ b/deployment/roles/hydra_server/handlers/main.yml
@ -1,2 +1,7 @@
 ---
-# handlers file for roles/hydra_server
+- name: hydra_systemd_reload
+  ansible.builtin.systemd:
+    state: started
+    name: hydra
+    daemon_reload: true
+    enabled: true
--- a/deployment/roles/hydra_server/tasks/main.yml
+++ b/deployment/roles/hydra_server/tasks/main.yml
@ -117,3 +117,17 @@
        content: "{{ hydra_tls.keydata }}"

  when: not use_mkcert
+
+- name: Run Hydra SQL migrations
+  ansible.builtin.command:
+    cmd: "{{ hydra_home }}/bin/hydra migrate sql --yes --read-from-env --config {{ hydra_home }}/etc/hydra.yml"
+  changed_when: false
+
+- name: Create systemd unit file
+  ansible.builtin.template:
+    src: hydra.service.j2
+    dest: /etc/systemd/system/hydra.service
+    owner: root
+    group: root
+    mode: "0640"
+  notify: hydra_systemd_reload
--- a/deployment/roles/hydra_server/templates/hydra.service.j2
+++ b/deployment/roles/hydra_server/templates/hydra.service.j2
@ -0,0 +1,13 @@
+[Unit]
+Description=ORY Hydra OAuth2/OpenID Connect API server
+After=network.target
+Documentation=https://www.ory.sh/docs/hydra/
+
+[Service]
+ExecStart={{ hydra_home }}/bin/hydra serve all --config "{{ hydra_home }}/etc/hydra.yml"
+WorkingDirectory={{ hydra_home }}
+User={{ hydra_os_user }}
+Group={{ hydra_os_group }}
+
+[Install]
+WantedBy=multi-user.target
--- a/deployment/roles/hydra_server/templates/hydra.yml.j2
+++ b/deployment/roles/hydra_server/templates/hydra.yml.j2
@ -1,9 +1,11 @@
 ---
 serve:
  admin:
-    host: {{ oidc_urls.hydra_admin.host }}
+    host: {{ oidc_urls.hydra_admin.address | default("localhost") }}
+    port: {{ oidc_urls.hydra_admin.port | default("4445") }}
  public:
-    host: {{ oidc_urls.hydra_public.host }}
+    host: {{ oidc_urls.hydra_public.address | default("localhost") }}
+    port: {{ oidc_urls.hydra_public.port | default("4444") }}
  tls:
    cert:
      path: {{ hydra_tls.cert }}