Fix/docker friendly - Githubissues

IBM-Security / isam-ansible-roles

Ansible Custom Modules, Handlers and Tasks for ISAM. Requires "ibmsecurity" python package.

Apache License 2.0

24 stars 43 forks source link

Fix/docker friendly #176

Open nka11 opened 4 years ago

nka11 commented 4 years ago

Fixes for making these roles friendly with ISAM docker deployement

REF: IBM-Security/isam-ansible-roles#175

ram-ibm commented 4 years ago

I see that it is not comprehensive but an incredible first shot at this. Glanced over the changes - need to examine in more detail. For example, I am not clear on the call to /lmi to determine Docker status.

nka11 commented 4 years ago

Hi Ram,

I gess you're talking about the call in first_steps role. It's basically the same way you call /lmi with password "admin" to see if first steps have to be processed, as the password in docker is injected by environment var at docker run.

For the handlers, I just read the facts and it's fine. I let you have a closer look and you might feel it as comprehensive as I felt the first_steps role at first analyse :)

ram-ibm commented 4 years ago

This is good - I just need to get the time to test it before I can merge.

nka11 commented 4 years ago

@ram-ibm any idea on how to implement the docker snapshot publish (PUT /core/docker/publish) and run it instead of the commit handler ?

Scoi4101 commented 4 years ago

in theory adding a new handler

name: Docker Publish isam: appliance: "{{ inventory_hostname }}" username: "{{ username }}" password: "{{ password }}" lmi_port: "{{ lmi_port }}" log: "{{ log_level }}" force: "{{ force }}" action: ibmsecurity.isam.docker.publish.publish_changes

with the when condition for the docker model should work

However I am trying this using a custom role with no luck yet

nka11 commented 4 years ago

@Scoi4101 :+1: thanks for the snip, unfortunately it won't be enough, the handler has to be notified from the other roles.

with your help I fixed this issue for the "Commit Changes" handler by including a dedicated tasks file with the conditionals (last commit)

Scoi4101 commented 4 years ago

Nice !!! Can we add the same thing for the Restart Reverse Proxy and Restart Runtime Handler ?

ram-ibm commented 4 years ago

https://docs.ansible.com/ansible/2.3/playbooks_intro.html

handlers:
    - name: restart memcached
      service: name=memcached state=restarted
      listen: "restart web services"
    - name: restart apache
      service: name=apache state=restarted
      listen: "restart web services"

tasks:
    - name: restart everything
      command: echo "this task will restart the web services"
      notify: "restart web services"

My idea was to use the listen option and then either run the appliance specific command or write out a message if it is not applicable and it is Docker.