gsoft.eventstore

Panoramica Versioni Approfondimenti

Ansible EventStoreDB Role

This is an Ansible role that helps you install and set up a Linux machine to run an EventStoreDB server.

Check out examples of how to use it here.

Requirements

  • You need Ubuntu 14.04 (Trusty) LTS or a newer version.

Role Variables

Here are the available variables along with their default values (check defaults/main.yml for details):

eventstore_version: 20.10.4
eventstore_admin_password: changeit
eventstore_admin_new_password: null
eventstore_config_file: "{{ role_path }}/templates/eventstore.conf.j2"
eventstore_wait_for_http: true
eventstore_wait_for_http_timeout: 30
eventstore_generate_node_certitificate: false
eventstore_certificate_path: /etc/eventstore/certs
eventstore_ca_key_path: ./ca/ca.key
eventstore_ca_cert_path: ./ca/ca.crt
eventstore_node_cert_days: 365
eventstore_node_cert_out: ./node
eventstore_node_cert_ip_addresses:
  - 127.0.0.1
  - "{{ ansible_default_ipv4.address }}"
eventstore_node_cert_dns_names:
  - localhost
  - "{{ inventory_hostname }}"

Configuration

By default, the configuration file (eventstore.conf) is very simple:

---
ClusterSize: 1

Security

Starting from version 20, EventStoreDB is secure by default. This means you need to provide valid certificates and a proper configuration for the database node to function correctly.

This role assumes you already have the CA certificate on your machine. You can check this repo for examples on how to set up your certificates before using this role.

Node Certificates

If you want to generate the node certificates using this role, set eventstore_generate_node_certitificate: true. The certificate generation will follow these default values (which you can change):

eventstore_certificate_path: /etc/eventstore/certs
eventstore_ca_key_path: ./ca/ca.key
eventstore_ca_cert_path: ./ca/ca.crt
eventstore_node_cert_days: 365
eventstore_node_cert_out: ./node
eventstore_node_cert_ip_addresses:
  - 127.0.0.1
  - "{{ ansible_default_ipv4.address }}"
eventstore_node_cert_dns_names:
  - localhost
  - "{{ inventory_hostname }}"

This will produce the following files:

/etc/eventstore/certs/node/node.key
/etc/eventstore/certs/node/node.crt

These files will include DNS and IP addresses for your local machine and network.

Example Playbook

Changing the configuration is easy. Just create your own YAML file and point to it with the eventstore_config_file variable.

Example folder layout:

- playbook.yml
- files/eventstore.conf.j2

Sample contents for eventstore.conf.j2:

For a complete list of options, refer to the official configuration documentation.

# Certificates configuration
CertificateFile: /etc/eventstore/certs/node/node.crt
CertificatePrivateKeyFile: /etc/eventstore/certs/node/node.key
TrustedRootCertificatesPath: /etc/eventstore/certs/ca

# Network configuration
IntIp: {{ ansible_default_ipv4.address }}
ExtIp: {{ ansible_default_ipv4.address }}
EnableExternalTcp: true
EnableAtomPubOverHTTP: true

# Cluster gossip
ClusterSize: 3
DiscoverViaDns: true
ClusterDns: eventstore.dns

# Projections configuration
RunProjections: All

Example playbook.yml:

- hosts: all
  roles:
    - eventstore

  vars:
    eventstore_generate_node_certitificate: true
    eventstore_config_file: ./files/eventstore.conf.j2
    eventstore_ca_key: "{{ lookup('file', 'ca/ca.key') }}"
    eventstore_ca_cert: "{{ lookup('file', 'ca/ca.crt') }}"
    eventstore_node_cert_ip_addresses:
      - 127.0.0.1
      - "{{ ansible_default_ipv4.address }}"
    eventstore_node_cert_dns:
      - localhost
      - "{{ inventory_hostname }}"
      - eventstore.dns
  pre_tasks:
    - name: Ensure eventstore group exists
      ansible.builtin.group:
        name: eventstore
        state: present

    - name: Ensure eventstore user exists
      ansible.builtin.user:
        name: eventstore
        state: present

    - name: Create eventstore CA cert folder
      ansible.builtin.file:
        path: /etc/eventstore/certs/ca
        state: directory

    - name: Add eventstore CA cert files
      ansible.builtin.copy:
        content: "{{ item.content }}"
        dest: "{{ item.dest }}"
        owner: eventstore
        group: eventstore
        mode: '0600'
      no_log: true
      loop:
        - { content: "{{ eventstore_ca_key }}", dest: /etc/eventstore/certs/ca/ca.key }
        - { content: "{{ eventstore_ca_cert }}", dest: /etc/eventstore/certs/ca/ca.crt }

    - name: Trust eventstore CA cert
      ansible.builtin.copy:
        content: "{{ eventstore_ca_cert }}"
        dest: /usr/local/share/ca-certificates/eventstore-ca.crt
        mode: '0644'
      notify:
        - update trusted ca

  handlers:
    - name: update trusted ca
      shell: /usr/sbin/update-ca-certificates

License

Copyright © 2021, GSoft inc. This code is licensed under the Apache License, Version 2.0. You can find a copy of this license at https://github.com/gsoft-inc/gsoft-license/blob/master/LICENSE.

Informazioni sul progetto

EventStoreDB role for Linux.

role database eventstore eventstoredb
Installa
ansible-galaxy install gsoft.eventstore
GitHub repository
0 stelle
2 fork
2 problemi aperti
Licenza
Unknown
Download
868
Proprietario
Workleap
Workleap is the one simple employee experience platform to elevate hybrid work