Browse Source

add bunch of fixes, working pod-charlesreid1 on DO

Charles Reid 6 months ago
parent
commit
3d060e17df

+ 6
- 4
do.cfg View File

@@ -1,8 +1,10 @@
1
-[defualts]
2
-inventory = dohosts
1
+[defaults]
2
+inventory=dohosts
3 3
 remote_user = root
4
-private_key_file = ~/do/keys/key.pem
4
+private_key_file = ~/.ssh/id_rsa
5 5
 host_key_checking = False
6 6
 vault_password_file = .vault_secret
7 7
 log_path = ansible_do.log
8
-command_warnings=False
8
+command_warnings=ralse
9
+[inventory]
10
+enable_plugns=yaml

+ 1
- 1
dohosts View File

@@ -2,4 +2,4 @@
2 2
 doservers
3 3
 
4 4
 [doservers]
5
-do ansible_host=1.1.1.1 ansible_port=22
5
+do ansible_host=134.209.4.111 ansible_port=22 ansible_python_interpreter=/usr/bin/python3 

+ 1
- 1
provision.yml View File

@@ -8,7 +8,7 @@
8 8
   hosts: servers
9 9
   become: yes
10 10
   gather_facts: no
11
-  remote_user: ubuntu
11
+  remote_user: root
12 12
   pre_tasks:
13 13
     - name: "Install python2"
14 14
       raw: sudo apt-get -y install python

+ 31
- 0
roles/docker/files/install.sh View File

@@ -0,0 +1,31 @@
1
+#!/bin/bash
2
+
3
+# Ask for the user password
4
+# Script only works if sudo caches the password for a few minutes
5
+sudo true
6
+
7
+# Install kernel extra's to enable docker aufs support
8
+# sudo apt-get -y install linux-image-extra-$(uname -r)
9
+
10
+# Add Docker PPA and install latest version
11
+# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
12
+# sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
13
+# sudo apt-get update
14
+# sudo apt-get install lxc-docker -y
15
+
16
+# Alternatively you can use the official docker install script
17
+wget -qO- https://get.docker.com/ | sh
18
+
19
+# Install docker-compose
20
+COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose | grep refs/tags | grep -oP "[0-9]+\.[0-9][0-9]+\.[0-9]+$" | tail -n 1`
21
+sudo sh -c "curl -L https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
22
+sudo chmod +x /usr/local/bin/docker-compose
23
+sudo sh -c "curl -L https://raw.githubusercontent.com/docker/compose/${COMPOSE_VERSION}/contrib/completion/bash/docker-compose > /etc/bash_completion.d/docker-compose"
24
+
25
+# Install docker-cleanup command
26
+cd /tmp
27
+git clone https://gist.github.com/76b450a0c986e576e98b.git
28
+cd 76b450a0c986e576e98b
29
+sudo mv docker-cleanup /usr/local/bin/docker-cleanup
30
+sudo chmod +x /usr/local/bin/docker-cleanup
31
+

+ 12
- 19
roles/docker/tasks/main.yml View File

@@ -1,38 +1,31 @@
1 1
 ---
2 2
 # tasks file for docker
3 3
 
4
-
5 4
 - name: Check for existing docker executable
6 5
   stat:
7 6
     path: "/usr/bin/docker"
8 7
   register: register_docker
9 8
 
10 9
 
11
-- name: Install docker
12
-  become: yes
13
-  command: "{{ item }}"
14
-  with_items:
15
-    - "curl -L \"https://get.docker.com/\" -o /tmp/get-docker.sh"
16
-    - "chmod +x /tmp/get-docker.sh"
17
-    - "/tmp/get-docker.sh"
18
-  when:
19
-    - "not register_docker.stat.exists"
20
-
21
-
22
-- name: Check for existing docker compose executable
10
+- name: Check if existing docker-compose executable is present
23 11
   stat:
24 12
     path: "/usr/local/bin/docker-compose"
25 13
   register: register_docker_compose
26 14
 
27 15
 
28
-- name: Install docker-compose
16
+- name: Copy docker/docker-compose install script onto remote host
29 17
   become: yes
30
-  command: "{{ item }}"
31
-  with_items:
32
-    - "curl -L \"https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose"
33
-    - "chmod +x /usr/local/bin/docker-compose"
18
+  copy:
19
+    src: install.sh
20
+    dest: /tmp/install.sh
21
+    mode: 0700
22
+    force: yes
23
+
24
+
25
+- name: Run docker/docker-compose install script
26
+  command: "/tmp/install.sh"
34 27
   when:
35
-    - "not register_docker_compose.stat.exists"
28
+    - "not register_docker.stat.exists or not register_docker_compose.stat.exists"
36 29
 
37 30
 
38 31
 - name: Add principal user to docker group

+ 10
- 1
roles/dotfiles/tasks/main.yml View File

@@ -14,11 +14,17 @@
14 14
   become: yes
15 15
   become_user: "{{ username }}"
16 16
   git:
17
-    repo: https://github.com:charlesreid1/debian-dotfiles.git
17
+    repo: https://github.com/charlesreid1/debian-dotfiles.git
18 18
     dest: "/home/{{ username }}/dotfiles"
19 19
     recursive: yes
20 20
 
21 21
 
22
+- name: Check for bootstrap script
23
+  stat:
24
+    path: "/home/{{ username }}/dotfiles/dotfiles/bootstrap.sh"
25
+  register: bootstrap_present
26
+
27
+
22 28
 # Use the bootstrap.sh script in the 
23 29
 # dotfiles repo to install all the
24 30
 # dotfiles for our nonroot user.
@@ -28,4 +34,7 @@
28 34
   become: yes
29 35
   become_user: "{{ username }}"
30 36
   command: "/home/{{ username }}/dotfiles/dotfiles/bootstrap.sh -f"
37
+  args:
38
+    chdir: "/home/{{ username}}/dotfiles/dotfiles"
39
+  when: "bootstrap_present.stat.executable"
31 40
 

+ 5
- 1
roles/pod-bots/handlers/main.yml View File

@@ -1,2 +1,6 @@
1 1
 ---
2
-# handlers file for pod-bots
2
+# handlers file for pod-charlesreid1
3
+#
4
+- name: restart pod-charlesreid1
5
+  service: name=pod-charlesreid1 state=restarted
6
+

+ 1
- 1
roles/pod-charlesreid1/defaults/main.yml View File

@@ -1,7 +1,7 @@
1 1
 ---
2 2
 # defaults file for pod-charlesreid1
3 3
 
4
-username: charles
4
+username: "{{ nonroot_user }}"
5 5
 
6 6
 # where pod-charlesreid1 is installed
7 7
 pod_install_dir: "/home/{{ username }}/pod-charlesreid1"

+ 41
- 2
roles/pod-charlesreid1/tasks/main.yml View File

@@ -12,6 +12,8 @@
12 12
 # Clone the charlesreid1 docker pod
13 13
 
14 14
 - name: Clone pod-charlesreid1
15
+  become: yes
16
+  become_user: "{{ username }}"
15 17
   git:
16 18
     repo: 'https://github.com/charlesreid1-docker/pod-charlesreid1.git'
17 19
     dest: "{{ pod_install_dir }}"
@@ -35,6 +37,8 @@
35 37
 
36 38
 
37 39
 - name: Install the docker-compose file
40
+  become: yes
41
+  become_user: "{{ username }}"
38 42
   template:
39 43
     src: /tmp/docker-compose.yml.j2
40 44
     dest: "{{ pod_install_dir }}/docker-compose.yml"
@@ -50,11 +54,44 @@
50 54
   register: pod_register_docker_compose
51 55
 
52 56
 
57
+
58
+# MEDIAWIKI PREP
59
+# We have to build the extensions dir for the MediaWiki container
60
+# /pod-charlesreid1/d-mediawiki/charlesreid1-config/mediawiki/build_extensions_dir.sh 
61
+
62
+- name: Check if extensions dir already exists
63
+  stat:
64
+    path: "{{ pod_install_dir }}/d-mediawiki/charlesreid1-config/mediawiki/extensions"
65
+  register: extensions_dir_exists
66
+
67
+
68
+- name: Make mediawiki extensions dir build script executable
69
+  become: yes
70
+  become_user: "{{ username }}"
71
+  file:
72
+    path: "{{ pod_install_dir }}/d-mediawiki/charlesreid1-config/mediawiki/build_extensions_dir.sh"
73
+    mode: "u+x"
74
+  when:
75
+    - "not extensions_dir_exists.stat.exists"
76
+
77
+
78
+- name: Build the mediawiki extensions dir
79
+  become: yes
80
+  become_user: "{{ username }}"
81
+  command: "{{ pod_install_dir }}/d-mediawiki/charlesreid1-config/mediawiki/build_extensions_dir.sh"
82
+  args:
83
+    chdir: "{{ pod_install_dir }}/d-mediawiki/charlesreid1-config/mediawiki"
84
+  when:
85
+    - "not extensions_dir_exists.stat.exists"
86
+
87
+
53 88
 # CONSTRUCT THE POD
54 89
 # This task will be time-consuming.
55 90
 
56 91
 - name: Build pod-charlesreid1 from scratch
57
-  command: "docker-compose build --no-cache"
92
+  become: yes
93
+  become_user: "{{ username }}"
94
+  command: "/usr/local/bin/docker-compose build --no-cache"
58 95
   args:
59 96
     chdir: "{{ pod_install_dir }}"
60 97
   when:
@@ -71,6 +108,7 @@
71 108
 
72 109
 
73 110
 - name: Install pod-charlesreid1 service
111
+  become: yes
74 112
   template:
75 113
     src: pod-charlesreid1.service.j2
76 114
     dest: /etc/systemd/system/pod-charlesreid1.service
@@ -92,12 +130,13 @@
92 130
 
93 131
 
94 132
 - name: Enable pod-charlesreid1 service
133
+  become: yes
95 134
   service:
96 135
     name: pod-charlesreid1
97 136
     enabled: yes
98 137
     state: restarted
99 138
   when:
100
-    - "pod_register_docker_compose.stat.exists"
139
+    - "pod_register_docker_compose.stat.executable"
101 140
     - "register_letsencrypt_livecert.stat.exists"
102 141
 
103 142
 

+ 2
- 1
roles/pod-webhooks/defaults/main.yml View File

@@ -1,2 +1,3 @@
1 1
 ---
2
-# defaults file for pod-webhooks
2
+# defaults file for pod-webhooks
3
+

+ 5
- 1
roles/pod-webhooks/handlers/main.yml View File

@@ -1,2 +1,6 @@
1 1
 ---
2
-# handlers file for pod-webhooks
2
+# handlers file for pod-charlesreid1
3
+#
4
+- name: restart pod-charlesreid1
5
+  service: name=pod-charlesreid1 state=restarted
6
+

+ 0
- 60
roles/pod-webhooks/meta/main.yml View File

@@ -1,60 +0,0 @@
1
-galaxy_info:
2
-  author: your name
3
-  description: your description
4
-  company: your company (optional)
5
-
6
-  # If the issue tracker for your role is not on github, uncomment the
7
-  # next line and provide a value
8
-  # issue_tracker_url: http://example.com/issue/tracker
9
-
10
-  # Some suggested licenses:
11
-  # - BSD (default)
12
-  # - MIT
13
-  # - GPLv2
14
-  # - GPLv3
15
-  # - Apache
16
-  # - CC-BY
17
-  license: license (GPLv2, CC-BY, etc)
18
-
19
-  min_ansible_version: 2.4
20
-
21
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
22
-  # min_ansible_container_version:
23
-
24
-  # Optionally specify the branch Galaxy will use when accessing the GitHub
25
-  # repo for this role. During role install, if no tags are available,
26
-  # Galaxy will use this branch. During import Galaxy will access files on
27
-  # this branch. If Travis integration is configured, only notifications for this
28
-  # branch will be accepted. Otherwise, in all cases, the repo's default branch
29
-  # (usually master) will be used.
30
-  #github_branch:
31
-
32
-  #
33
-  # Provide a list of supported platforms, and for each platform a list of versions.
34
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
35
-  # To view available platforms and versions (or releases), visit:
36
-  # https://galaxy.ansible.com/api/v1/platforms/
37
-  #
38
-  # platforms:
39
-  # - name: Fedora
40
-  #   versions:
41
-  #   - all
42
-  #   - 25
43
-  # - name: SomePlatform
44
-  #   versions:
45
-  #   - all
46
-  #   - 1.0
47
-  #   - 7
48
-  #   - 99.99
49
-
50
-  galaxy_tags: []
51
-    # List tags for your role here, one per line. A tag is a keyword that describes
52
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
53
-    # remove the '[]' above, if you add tags to this list.
54
-    #
55
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
56
-    #       Maximum 20 tags per role.
57
-
58
-dependencies: []
59
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
60
-  # if you add dependencies to this list.

+ 104
- 1
roles/pod-webhooks/tasks/main.yml View File

@@ -1,2 +1,105 @@
1 1
 ---
2
-# tasks file for pod-webhooks
2
+# tasks file for pod-webhooks
3
+#
4
+# clone pod contents
5
+# docker-compose build
6
+# install service
7
+# port mapping taken care of in dockerfile
8
+# letsencrypt dealt with by the role
9
+# enable service
10
+#
11
+# webhooks and pages both
12
+
13
+
14
+- import_tasks: webhooks.yml
15
+
16
+- import_tasks: pages.yml
17
+
18
+
19
+
20
+
21
+
22
+
23
+
24
+
25
+
26
+
27
+
28
+
29
+
30
+
31
+
32
+
33
+
34
+
35
+# The docker role, in the base playbook,
36
+# will install docker-compose
37
+
38
+- name: Check that docker compose executable is available
39
+  stat:
40
+    path: "/usr/local/bin/docker-compose"
41
+  register: pod_register_docker_compose
42
+
43
+
44
+# CONSTRUCT THE POD
45
+# This task will be time-consuming.
46
+
47
+- name: Build pod-charlesreid1 from scratch
48
+  command: "docker-compose build --no-cache"
49
+  args:
50
+    chdir: "{{ pod_install_dir }}"
51
+  when:
52
+    - "pod_register_docker_compose.stat.exists"
53
+
54
+
55
+# Check if the charlesreid1 docker pod service
56
+# is installed. If not, install it.
57
+
58
+- name: Check if pod-charlesreid1 service is installed
59
+  stat:
60
+    path: /etc/systemd/system/pod-charlesreid1.service
61
+  register: pod_charlesreid1_service_check
62
+
63
+
64
+- name: Install pod-charlesreid1 service
65
+  template:
66
+    src: pod-charlesreid1.service.j2
67
+    dest: /etc/systemd/system/pod-charlesreid1.service
68
+    mode: 0777
69
+  when:
70
+    - "not pod_charlesreid1_service_check.stat.exists"
71
+
72
+
73
+# LetsEncrypt role will install certs,
74
+# either fake or real, so this should
75
+# always pass.
76
+
77
+- name: Check if LetsEncrypt live domain cert is present
78
+  tags:
79
+    - letsencrypt
80
+  stat:
81
+    path: "/etc/letsencrypt/live/{{ top_domain }}"
82
+  register: register_letsencrypt_livecert
83
+
84
+
85
+- name: Enable pod-charlesreid1 service
86
+  service:
87
+    name: pod-charlesreid1
88
+    enabled: yes
89
+    state: restarted
90
+  when:
91
+    - "pod_register_docker_compose.stat.exists"
92
+    - "register_letsencrypt_livecert.stat.exists"
93
+
94
+
95
+# From pod docs:
96
+# - mw database backup
97
+# - mw files backup
98
+# - gitea dump zip
99
+# - gitea avatars zip
100
+# 
101
+# database restore script: utils-mysql
102
+# mediawiki image restore script: utils-mw
103
+# gitea database and avatar: utils-gitea
104
+
105
+

+ 47
- 0
roles/pod-webhooks/tasks/pages.yml View File

@@ -0,0 +1,47 @@
1
+---
2
+###########################
3
+# Set up pages pod
4
+#
5
+# d-nginx-subdomains
6
+###########################
7
+
8
+
9
+# Create /www dir
10
+
11
+- name: Create the /www directory structure
12
+  directory:
13
+    path: "/www/{{ item }}"
14
+    state: directory
15
+  with_items:
16
+    - "pages.charlesreid1.com"
17
+    - "bots.charlesreid1.com"
18
+    - "hooks.charlesreid1.com"
19
+
20
+
21
+# Check to make sure we cloned the 
22
+# webhooks docker pod...
23
+
24
+- name: Check if pod-webhooks repo is cloned
25
+  stat:
26
+    path: "{{ webhooks_install_dir }}"
27
+  register: pod_webhooks_clone_check
28
+
29
+
30
+# Run the script in the webhooks
31
+# docker pod to do initial setup
32
+# of /www/pages.charlesreid1.com
33
+
34
+- name: Run initial clone commands to set up pages at /www/pages.charlesreid1.com
35
+  command: "{{ webhooks_install_dir }}/scripts/pages_init_setup.py"
36
+
37
+- name: Run initial clone commands to set up subdomains at /www/*.charlesreid1.com
38
+  command: "{{ webhooks_install_dir }}/scripts/pages_init_setup.py"
39
+
40
+
41
+# We don't have any docker pods to run
42
+
43
+
44
+
45
+
46
+
47
+

+ 112
- 0
roles/pod-webhooks/tasks/webhooks.yml View File

@@ -0,0 +1,112 @@
1
+---
2
+###########################
3
+# Set up webhooks pod
4
+#
5
+# captain hook
6
+###########################
7
+
8
+
9
+# Clone the webhooks docker pod
10
+
11
+- name: Clone pod-webhooks
12
+  git:
13
+    repo: 'https://github.com/charlesreid1-docker/pod-webhooks.git'
14
+    dest: "{{ webhooks_install_dir }}"
15
+    recursive: yes
16
+
17
+
18
+# The docker-compose file is static, so we don't need to do anything.
19
+# Otherwise, this is where we would modify it.
20
+#
21
+# The docker role, in the base playbook,
22
+# will install docker-compose
23
+
24
+- name: Check that docker compose executable is available
25
+  stat:
26
+    path: "/usr/local/bin/docker-compose"
27
+  register: pod_register_docker_compose
28
+
29
+
30
+# CONSTRUCT THE POD
31
+
32
+- name: Build pod-charlesreid1 from scratch
33
+  command: "docker-compose build --no-cache"
34
+  args:
35
+    chdir: "{{ webhooks_install_dir }}"
36
+  when:
37
+    - "pod_register_docker_compose.stat.exists"
38
+
39
+
40
+########################################
41
+# Set up pod-webhooks startup service
42
+########################################
43
+
44
+# Check if the webhook docker pod service
45
+# is installed. If not, install it.
46
+
47
+- name: Check if pod-webhooks service is installed
48
+  stat:
49
+    path: /etc/systemd/system/pod-webhooks.service
50
+  register: pod_webhooks_service_check
51
+
52
+
53
+- name: Install pod-webhooks service
54
+  template:
55
+    src: pod-webhooks.service.j2
56
+    dest: /etc/systemd/system/pod-webhooks.service
57
+    mode: 0777
58
+  when:
59
+    - "not pod_webhooks_service_check.stat.exists"
60
+
61
+
62
+# Before we enable the service - 
63
+# LetsEncrypt role will install certs,
64
+# either fake or real, so this should
65
+# always pass.
66
+
67
+- name: Check if LetsEncrypt live domain cert is present
68
+  tags:
69
+    - letsencrypt
70
+  stat:
71
+    path: "/etc/letsencrypt/live/{{ top_domain }}"
72
+  register: register_letsencrypt_livecert
73
+
74
+
75
+# Enabling the service requires docker compose and LetsEncrypt certs
76
+
77
+- name: Enable pod-webhooks service
78
+  service:
79
+    name: pod-webhooks
80
+    enabled: yes
81
+    state: restarted
82
+  when:
83
+    - "pod_register_docker_compose.stat.exists"
84
+    - "register_letsencrypt_livecert.stat.exists"
85
+
86
+
87
+########################################
88
+# Set up captain-hook-canary service
89
+########################################
90
+
91
+# Check if the captain hook canary service
92
+# is installed. If not, install it.
93
+
94
+- name: Check if captain-hook-canary service is installed
95
+  stat:
96
+    path: /etc/systemd/system/captain-hook-canary.service
97
+  register: canary_service_check
98
+
99
+- name: Install captain-hook-canary service
100
+  template:
101
+    src: captain-hook-canary.service.j2
102
+    dest: /etc/systemd/system/captain-hook-canary.service
103
+    mode: 0777
104
+  when:
105
+    - "not canary_service_check.stat.exists"
106
+
107
+- name: Enable captain-hook-canary service
108
+  service:
109
+    name: captain-hook-canary
110
+    enabled: yes
111
+    state: restarted
112
+

+ 15
- 0
roles/pod-webhooks/templates/pod-webhooks.service.j2 View File

@@ -0,0 +1,15 @@
1
+# Hopefully this comment works
2
+
3
+[Unit]
4
+Description=webhooks and subdomains docker pod
5
+Requires=docker.service
6
+After=docker.service
7
+
8
+[Service]
9
+Restart=always
10
+ExecStart=/usr/local/bin/docker-compose -f /home/charles/codes/docker/pod-webhooks/docker-compose.yml up
11
+ExecStop=/usr/local/bin/docker-compose  -f /home/charles/codes/docker/pod-webhooks/docker-compose.yml down
12
+
13
+[Install]
14
+WantedBy=default.target
15
+

+ 0
- 2
roles/pod-webhooks/tests/inventory View File

@@ -1,2 +0,0 @@
1
-localhost
2
-

+ 0
- 5
roles/pod-webhooks/tests/test.yml View File

@@ -1,5 +0,0 @@
1
----
2
-- hosts: localhost
3
-  remote_user: root
4
-  roles:
5
-    - pod-webhooks

+ 0
- 2
roles/pod-webhooks/vars/main.yml View File

@@ -1,2 +0,0 @@
1
----
2
-# vars file for pod-webhooks