From f0d279789a75973ca3f366c26ee351e1308a0517 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Tue, 16 Aug 2022 16:22:36 +0200 Subject: [PATCH] Setup Hydra systemd service - run migrations before start - register systemd unit - start service - define localhost as default listening address --- deployment/playbooks/01_install_cacert_oidc.yml | 7 +++++++ deployment/roles/hydra_server/handlers/main.yml | 7 ++++++- deployment/roles/hydra_server/tasks/main.yml | 14 ++++++++++++++ .../roles/hydra_server/templates/hydra.service.j2 | 13 +++++++++++++ .../roles/hydra_server/templates/hydra.yml.j2 | 6 ++++-- 5 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 deployment/roles/hydra_server/templates/hydra.service.j2 diff --git a/deployment/playbooks/01_install_cacert_oidc.yml b/deployment/playbooks/01_install_cacert_oidc.yml index 01fc695..5032556 100644 --- a/deployment/playbooks/01_install_cacert_oidc.yml +++ b/deployment/playbooks/01_install_cacert_oidc.yml @@ -3,6 +3,13 @@ hosts: pgsqlserver become: true + pre_tasks: + + - name: Install python3-psycopg2 + ansible.builtin.package: + name: python3-psycopg2 + state: present + roles: - hydra_database diff --git a/deployment/roles/hydra_server/handlers/main.yml b/deployment/roles/hydra_server/handlers/main.yml index 018486d..63b31e8 100644 --- a/deployment/roles/hydra_server/handlers/main.yml +++ b/deployment/roles/hydra_server/handlers/main.yml @@ -1,2 +1,7 @@ --- -# handlers file for roles/hydra_server +- name: hydra_systemd_reload + ansible.builtin.systemd: + state: started + name: hydra + daemon_reload: true + enabled: true diff --git a/deployment/roles/hydra_server/tasks/main.yml b/deployment/roles/hydra_server/tasks/main.yml index f7a27a2..72a9385 100644 --- a/deployment/roles/hydra_server/tasks/main.yml +++ b/deployment/roles/hydra_server/tasks/main.yml @@ -117,3 +117,17 @@ content: "{{ hydra_tls.keydata }}" when: not use_mkcert + +- name: Run Hydra SQL migrations + ansible.builtin.command: + cmd: "{{ hydra_home }}/bin/hydra migrate sql --yes --read-from-env --config {{ hydra_home }}/etc/hydra.yml" + changed_when: false + +- name: Create systemd unit file + ansible.builtin.template: + src: hydra.service.j2 + dest: /etc/systemd/system/hydra.service + owner: root + group: root + mode: "0640" + notify: hydra_systemd_reload diff --git a/deployment/roles/hydra_server/templates/hydra.service.j2 b/deployment/roles/hydra_server/templates/hydra.service.j2 new file mode 100644 index 0000000..92bc507 --- /dev/null +++ b/deployment/roles/hydra_server/templates/hydra.service.j2 @@ -0,0 +1,13 @@ +[Unit] +Description=ORY Hydra OAuth2/OpenID Connect API server +After=network.target +Documentation=https://www.ory.sh/docs/hydra/ + +[Service] +ExecStart={{ hydra_home }}/bin/hydra serve all --config "{{ hydra_home }}/etc/hydra.yml" +WorkingDirectory={{ hydra_home }} +User={{ hydra_os_user }} +Group={{ hydra_os_group }} + +[Install] +WantedBy=multi-user.target diff --git a/deployment/roles/hydra_server/templates/hydra.yml.j2 b/deployment/roles/hydra_server/templates/hydra.yml.j2 index 358aa84..de94340 100644 --- a/deployment/roles/hydra_server/templates/hydra.yml.j2 +++ b/deployment/roles/hydra_server/templates/hydra.yml.j2 @@ -1,9 +1,11 @@ --- serve: admin: - host: {{ oidc_urls.hydra_admin.host }} + host: {{ oidc_urls.hydra_admin.address | default("localhost") }} + port: {{ oidc_urls.hydra_admin.port | default("4445") }} public: - host: {{ oidc_urls.hydra_public.host }} + host: {{ oidc_urls.hydra_public.address | default("localhost") }} + port: {{ oidc_urls.hydra_public.port | default("4444") }} tls: cert: path: {{ hydra_tls.cert }}