risotto/doc/dataset_example/dataset.md
2022-12-21 16:14:27 +01:00

4.3 KiB

Risotto dataset simple examples

This tutorial aims to show how create a dataset to deploy a Caddy server via Risotto.

Attention it has no other virtues than to be educational. It is not intended for production use.

See Rougail documentation for more details about dictionaries, templates and patches.

The project can be divided into three application services:

  • caddy-common: an application service containing the information common to the two other application services
  • caddy-https: a standalone http/https server
  • caddy-https-rp: a https only server served behind a reverse proxy

caddy-common

Start by creating the project tree:

seed/caddy-common/
├── dictionaries
├── templates
└── manual
    └── image
        └── preinstall

Then describe the application service in seed/caddy-common/applicationservice.yml.

Also a dictionary seed/caddy-common/dictionaries/20-caddy.yml with

  • the activation of the caddy service in the "multi-user" target. This service needs some templates:

    • the main configuration's /etc/caddy/Caddyfile to include other /etc/caddy/Caddyfile.d/*.caddyfile
    • /etc/caddy/Caddyfile.d/risotto.caddyfile with appropriate configuration (this file is not part of this application service)
    • a sysusers file /sysusers.d/0caddy.conf to create the system user "caddy"
    • a tmpfiles file /tmpfiles.d/0caddy.conf to create the directory "caddy_root_directory" and volatile directory "/var/lib/caddy"
  • a family "caddy" (Caddy web server) with a filename variable "caddy_root_directory" (The root path of the site) with default value "/srv/caddy".

Finally, create a script to build the image with the caddy package: seed/caddy-common/manual/image/preinstall/caddy.sh.

caddy-https

Start by creating the project tree:

seed/caddy-https-rp/
├── dictionaries
└── templates

Then describe the application service in seed/caddy-https/applicationservice.yml with OS and caddy-common dependencies.

Also create a dictionary seed/caddy-https/dictionaries/25-caddy.yml to define the variables:

  • caddy_domain: the domain where Caddy should listen to
  • caddy_ca_file, caddy_crt_file and caddy_key_file: certificat for this domain
  • redefine the variable incoming_ports to open the ports 80 and 443

And new templates:

caddy-https-rp

Start by creating the project tree:

seed/caddy-https-rp/
├── dictionaries
├── patches
└── templates

Then describe the application service in seed/caddy-https-rp/applicationservice.yml with OS, caddy-common and reverse-proxy-client dependencies.

By default, reverse proxy certificate is only readable by "root" user. In the dictionary seed/caddy-https-rp/dictionaries/25-caddy.yml we change the user to "caddy".

And add Caddy configuration's file seed/caddy-https-rp/templates/risotto.caddyfile. This template use mainly variables defined in reverse-proxy application service.

Finally add a patch to modify Caddyfile to not starts Caddy in port 80: seed/caddy-https-rp/patches/Caddyfile.patch. Patches should only use if a template file is define in an other dataset. You should instead add a condition in the template. But for educational reasons we made a patch in this case.