deprecate ood-portal.conf.j2 template

[johrstrom]

We need to deprecate the use of ood_portal.conf.j2. I added it initially as a way for folks to write new directives but it's just too much to maintain. Folks should get by with just adding new conf files to conf.d.

I don't know how to get ansible to signify that this is deprecated, but we should use that mechanism if it exists.

[sjpb]

I seem to remember I've used this before for deprecated stuff - it's nastily noisy so should get some attention, but shouldn't actually break things:

https://stackoverflow.com/a/63557091/916373

[sandermitre]

Am I missing something or is the task logic only in place to use the templates? I see the note about using the defaults with the --extra-vars=@overrides.yml, but won't running the configure option always copy the template?

[johrstrom]

Templates in general, yes, but ood_portal.conf.j2 specifically we need to get rid of. update_ood_portal(what ships with OOD) has good support for Debian now. So we can directly use OOD's templating through update_ood_portal to generate an ood_portal.conf instead of this library templating that j2 file.

This is the config that drives this behavior and this is the default. Setting it to false, and using this library's ood_portal.conf.j2 is being deprecated.

ood_portal_generator: true

Hope that makes sense!

[sandermitre]

That makes sense.

Not to get too far into the weeds on this, but were do the files in default factor into the setup? I need to augment either the role or playbook to add in items which aren't covered in the role. One of the changes is I was just going to copy over the ood_portal.yml as opposed to using the template. Does the role have an option to do this?

As always thanks for your work on this project!

[johrstrom]

One of the changes is I was just going to copy over the ood_portal.yml as opposed to using the template.

Got it. So the defaults in defaults/main/ood_portal.yml are going to be used to template the ood_portal.yml.j2 which in turn is placed to /etc/ood/config/ood_portal.yml. We'll do that templating forever. OOD then takes that config to generate the httpd portal config (through update_ood_portal).

If you want default values - just don't supply any --extra-vars. We use the same defaults OOD does and/or have blocks like this that will actually template a commented default config (as it appears in the original).

ood-ansible/templates/ood_portal.yml.j2

Lines 11 to 13 in a068982

	{% if listen_addr_port is defined %}listen_addr_port: {{ listen_addr_port }}
	{% else %}#listen_addr_port: null
	{% endif %}

[sandermitre]

Got it! This makes a lot more sense to me now, and I was able to mimic our existing configuration so perfect.

I still need to add installing mellon (which is our auth method) and the various certificates around that and ssl. I think I can do this using the playbook which will invoke the role later on using includ_role https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html unless there is an existing method to add those changes as well.

[johrstrom]

Yea, we're a puppet shop, so I made this role initially to build from source - then started to use it to play around in GCP. Which is to say - there could be some preparatory steps missing.

Looking back I have this playbook where I had some separate pre & post roles. I know for sure the pre roles setup let's encrypt certificates.

My guess is you have to get this setup before we run this role because and the end of this role bouncing httpd is going to fail (because you're using configs for say mellon but you don't have actual libraries yet).

- hosts: gcp_dev
  roles:
  - role: prep-ood-vm
  - role: gke-users

   # I'm generating certs on the fly in prep-ood-vm and setting them as facts, so that I can use them here.
  - role: 'osc.open_ondemand'
    import_role: 'prep-ood-vm'

  - role: post-ood-vm

[sandermitre]

Got it thanks. I appreciate your tolerance on the thread drift on this issue. If I end up finding any way to easily extend the role to include this I will see if I can push it back, but I'm probably just going to lump into an extended playbook at this point.

[johrstrom]

NP at all.

[johrstrom]

using ood_portal_generator: false is deprecated now in 3.0 and will be pulled in some future version. Folks should refer to the changelog to see when this occurs.