Browse Source

add bunch of fixes, working pod-charlesreid1 on DO

new-app-ini
Charles Reid 11 months ago
parent
commit
3d060e17df
19 changed files with 393 additions and 102 deletions
  1. +6
    -4
      do.cfg
  2. +1
    -1
      dohosts
  3. +1
    -1
      provision.yml
  4. +31
    -0
      roles/docker/files/install.sh
  5. +12
    -19
      roles/docker/tasks/main.yml
  6. +10
    -1
      roles/dotfiles/tasks/main.yml
  7. +5
    -1
      roles/pod-bots/handlers/main.yml
  8. +1
    -1
      roles/pod-charlesreid1/defaults/main.yml
  9. +41
    -2
      roles/pod-charlesreid1/tasks/main.yml
  10. +2
    -1
      roles/pod-webhooks/defaults/main.yml
  11. +5
    -1
      roles/pod-webhooks/handlers/main.yml
  12. +0
    -60
      roles/pod-webhooks/meta/main.yml
  13. +104
    -1
      roles/pod-webhooks/tasks/main.yml
  14. +47
    -0
      roles/pod-webhooks/tasks/pages.yml
  15. +112
    -0
      roles/pod-webhooks/tasks/webhooks.yml
  16. +15
    -0
      roles/pod-webhooks/templates/pod-webhooks.service.j2
  17. +0
    -2
      roles/pod-webhooks/tests/inventory
  18. +0
    -5
      roles/pod-webhooks/tests/test.yml
  19. +0
    -2
      roles/pod-webhooks/vars/main.yml

+ 6
- 4
do.cfg View File

@@ -1,8 +1,10 @@
[defualts]
inventory = dohosts
[defaults]
inventory=dohosts
remote_user = root
private_key_file = ~/do/keys/key.pem
private_key_file = ~/.ssh/id_rsa
host_key_checking = False
vault_password_file = .vault_secret
log_path = ansible_do.log
command_warnings=False
command_warnings=ralse
[inventory]
enable_plugns=yaml

+ 1
- 1
dohosts View File

@@ -2,4 +2,4 @@
doservers

[doservers]
do ansible_host=1.1.1.1 ansible_port=22
do ansible_host=134.209.4.111 ansible_port=22 ansible_python_interpreter=/usr/bin/python3

+ 1
- 1
provision.yml View File

@@ -8,7 +8,7 @@
hosts: servers
become: yes
gather_facts: no
remote_user: ubuntu
remote_user: root
pre_tasks:
- name: "Install python2"
raw: sudo apt-get -y install python

+ 31
- 0
roles/docker/files/install.sh View File

@@ -0,0 +1,31 @@
#!/bin/bash

# Ask for the user password
# Script only works if sudo caches the password for a few minutes
sudo true

# Install kernel extra's to enable docker aufs support
# sudo apt-get -y install linux-image-extra-$(uname -r)

# Add Docker PPA and install latest version
# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
# sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
# sudo apt-get update
# sudo apt-get install lxc-docker -y

# Alternatively you can use the official docker install script
wget -qO- https://get.docker.com/ | sh

# Install docker-compose
COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose | grep refs/tags | grep -oP "[0-9]+\.[0-9][0-9]+\.[0-9]+$" | tail -n 1`
sudo sh -c "curl -L https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
sudo chmod +x /usr/local/bin/docker-compose
sudo sh -c "curl -L https://raw.githubusercontent.com/docker/compose/${COMPOSE_VERSION}/contrib/completion/bash/docker-compose > /etc/bash_completion.d/docker-compose"

# Install docker-cleanup command
cd /tmp
git clone https://gist.github.com/76b450a0c986e576e98b.git
cd 76b450a0c986e576e98b
sudo mv docker-cleanup /usr/local/bin/docker-cleanup
sudo chmod +x /usr/local/bin/docker-cleanup


+ 12
- 19
roles/docker/tasks/main.yml View File

@@ -1,38 +1,31 @@
---
# tasks file for docker


- name: Check for existing docker executable
stat:
path: "/usr/bin/docker"
register: register_docker


- name: Install docker
become: yes
command: "{{ item }}"
with_items:
- "curl -L \"https://get.docker.com/\" -o /tmp/get-docker.sh"
- "chmod +x /tmp/get-docker.sh"
- "/tmp/get-docker.sh"
when:
- "not register_docker.stat.exists"


- name: Check for existing docker compose executable
- name: Check if existing docker-compose executable is present
stat:
path: "/usr/local/bin/docker-compose"
register: register_docker_compose


- name: Install docker-compose
- name: Copy docker/docker-compose install script onto remote host
become: yes
command: "{{ item }}"
with_items:
- "curl -L \"https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose"
- "chmod +x /usr/local/bin/docker-compose"
copy:
src: install.sh
dest: /tmp/install.sh
mode: 0700
force: yes


- name: Run docker/docker-compose install script
command: "/tmp/install.sh"
when:
- "not register_docker_compose.stat.exists"
- "not register_docker.stat.exists or not register_docker_compose.stat.exists"


- name: Add principal user to docker group

+ 10
- 1
roles/dotfiles/tasks/main.yml View File

@@ -14,11 +14,17 @@
become: yes
become_user: "{{ username }}"
git:
repo: https://github.com:charlesreid1/debian-dotfiles.git
repo: https://github.com/charlesreid1/debian-dotfiles.git
dest: "/home/{{ username }}/dotfiles"
recursive: yes


- name: Check for bootstrap script
stat:
path: "/home/{{ username }}/dotfiles/dotfiles/bootstrap.sh"
register: bootstrap_present


# Use the bootstrap.sh script in the
# dotfiles repo to install all the
# dotfiles for our nonroot user.
@@ -28,4 +34,7 @@
become: yes
become_user: "{{ username }}"
command: "/home/{{ username }}/dotfiles/dotfiles/bootstrap.sh -f"
args:
chdir: "/home/{{ username}}/dotfiles/dotfiles"
when: "bootstrap_present.stat.executable"


+ 5
- 1
roles/pod-bots/handlers/main.yml View File

@@ -1,2 +1,6 @@
---
# handlers file for pod-bots
# handlers file for pod-charlesreid1
#
- name: restart pod-charlesreid1
service: name=pod-charlesreid1 state=restarted


+ 1
- 1
roles/pod-charlesreid1/defaults/main.yml View File

@@ -1,7 +1,7 @@
---
# defaults file for pod-charlesreid1

username: charles
username: "{{ nonroot_user }}"

# where pod-charlesreid1 is installed
pod_install_dir: "/home/{{ username }}/pod-charlesreid1"

+ 41
- 2
roles/pod-charlesreid1/tasks/main.yml View File

@@ -12,6 +12,8 @@
# Clone the charlesreid1 docker pod

- name: Clone pod-charlesreid1
become: yes
become_user: "{{ username }}"
git:
repo: 'https://github.com/charlesreid1-docker/pod-charlesreid1.git'
dest: "{{ pod_install_dir }}"
@@ -35,6 +37,8 @@


- name: Install the docker-compose file
become: yes
become_user: "{{ username }}"
template:
src: /tmp/docker-compose.yml.j2
dest: "{{ pod_install_dir }}/docker-compose.yml"
@@ -50,11 +54,44 @@
register: pod_register_docker_compose



# MEDIAWIKI PREP
# We have to build the extensions dir for the MediaWiki container
# /pod-charlesreid1/d-mediawiki/charlesreid1-config/mediawiki/build_extensions_dir.sh

- name: Check if extensions dir already exists
stat:
path: "{{ pod_install_dir }}/d-mediawiki/charlesreid1-config/mediawiki/extensions"
register: extensions_dir_exists


- name: Make mediawiki extensions dir build script executable
become: yes
become_user: "{{ username }}"
file:
path: "{{ pod_install_dir }}/d-mediawiki/charlesreid1-config/mediawiki/build_extensions_dir.sh"
mode: "u+x"
when:
- "not extensions_dir_exists.stat.exists"


- name: Build the mediawiki extensions dir
become: yes
become_user: "{{ username }}"
command: "{{ pod_install_dir }}/d-mediawiki/charlesreid1-config/mediawiki/build_extensions_dir.sh"
args:
chdir: "{{ pod_install_dir }}/d-mediawiki/charlesreid1-config/mediawiki"
when:
- "not extensions_dir_exists.stat.exists"


# CONSTRUCT THE POD
# This task will be time-consuming.

- name: Build pod-charlesreid1 from scratch
command: "docker-compose build --no-cache"
become: yes
become_user: "{{ username }}"
command: "/usr/local/bin/docker-compose build --no-cache"
args:
chdir: "{{ pod_install_dir }}"
when:
@@ -71,6 +108,7 @@


- name: Install pod-charlesreid1 service
become: yes
template:
src: pod-charlesreid1.service.j2
dest: /etc/systemd/system/pod-charlesreid1.service
@@ -92,12 +130,13 @@


- name: Enable pod-charlesreid1 service
become: yes
service:
name: pod-charlesreid1
enabled: yes
state: restarted
when:
- "pod_register_docker_compose.stat.exists"
- "pod_register_docker_compose.stat.executable"
- "register_letsencrypt_livecert.stat.exists"



+ 2
- 1
roles/pod-webhooks/defaults/main.yml View File

@@ -1,2 +1,3 @@
---
# defaults file for pod-webhooks
# defaults file for pod-webhooks


+ 5
- 1
roles/pod-webhooks/handlers/main.yml View File

@@ -1,2 +1,6 @@
---
# handlers file for pod-webhooks
# handlers file for pod-charlesreid1
#
- name: restart pod-charlesreid1
service: name=pod-charlesreid1 state=restarted


+ 0
- 60
roles/pod-webhooks/meta/main.yml View File

@@ -1,60 +0,0 @@
galaxy_info:
author: your name
description: your description
company: your company (optional)

# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker

# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)

min_ansible_version: 2.4

# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:

#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99

galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.

dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

+ 104
- 1
roles/pod-webhooks/tasks/main.yml View File

@@ -1,2 +1,105 @@
---
# tasks file for pod-webhooks
# tasks file for pod-webhooks
#
# clone pod contents
# docker-compose build
# install service
# port mapping taken care of in dockerfile
# letsencrypt dealt with by the role
# enable service
#
# webhooks and pages both


- import_tasks: webhooks.yml

- import_tasks: pages.yml


















# The docker role, in the base playbook,
# will install docker-compose

- name: Check that docker compose executable is available
stat:
path: "/usr/local/bin/docker-compose"
register: pod_register_docker_compose


# CONSTRUCT THE POD
# This task will be time-consuming.

- name: Build pod-charlesreid1 from scratch
command: "docker-compose build --no-cache"
args:
chdir: "{{ pod_install_dir }}"
when:
- "pod_register_docker_compose.stat.exists"


# Check if the charlesreid1 docker pod service
# is installed. If not, install it.

- name: Check if pod-charlesreid1 service is installed
stat:
path: /etc/systemd/system/pod-charlesreid1.service
register: pod_charlesreid1_service_check


- name: Install pod-charlesreid1 service
template:
src: pod-charlesreid1.service.j2
dest: /etc/systemd/system/pod-charlesreid1.service
mode: 0777
when:
- "not pod_charlesreid1_service_check.stat.exists"


# LetsEncrypt role will install certs,
# either fake or real, so this should
# always pass.

- name: Check if LetsEncrypt live domain cert is present
tags:
- letsencrypt
stat:
path: "/etc/letsencrypt/live/{{ top_domain }}"
register: register_letsencrypt_livecert


- name: Enable pod-charlesreid1 service
service:
name: pod-charlesreid1
enabled: yes
state: restarted
when:
- "pod_register_docker_compose.stat.exists"
- "register_letsencrypt_livecert.stat.exists"


# From pod docs:
# - mw database backup
# - mw files backup
# - gitea dump zip
# - gitea avatars zip
#
# database restore script: utils-mysql
# mediawiki image restore script: utils-mw
# gitea database and avatar: utils-gitea



+ 47
- 0
roles/pod-webhooks/tasks/pages.yml View File

@@ -0,0 +1,47 @@
---
###########################
# Set up pages pod
#
# d-nginx-subdomains
###########################


# Create /www dir

- name: Create the /www directory structure
directory:
path: "/www/{{ item }}"
state: directory
with_items:
- "pages.charlesreid1.com"
- "bots.charlesreid1.com"
- "hooks.charlesreid1.com"


# Check to make sure we cloned the
# webhooks docker pod...

- name: Check if pod-webhooks repo is cloned
stat:
path: "{{ webhooks_install_dir }}"
register: pod_webhooks_clone_check


# Run the script in the webhooks
# docker pod to do initial setup
# of /www/pages.charlesreid1.com

- name: Run initial clone commands to set up pages at /www/pages.charlesreid1.com
command: "{{ webhooks_install_dir }}/scripts/pages_init_setup.py"

- name: Run initial clone commands to set up subdomains at /www/*.charlesreid1.com
command: "{{ webhooks_install_dir }}/scripts/pages_init_setup.py"


# We don't have any docker pods to run







+ 112
- 0
roles/pod-webhooks/tasks/webhooks.yml View File

@@ -0,0 +1,112 @@
---
###########################
# Set up webhooks pod
#
# captain hook
###########################


# Clone the webhooks docker pod

- name: Clone pod-webhooks
git:
repo: 'https://github.com/charlesreid1-docker/pod-webhooks.git'
dest: "{{ webhooks_install_dir }}"
recursive: yes


# The docker-compose file is static, so we don't need to do anything.
# Otherwise, this is where we would modify it.
#
# The docker role, in the base playbook,
# will install docker-compose

- name: Check that docker compose executable is available
stat:
path: "/usr/local/bin/docker-compose"
register: pod_register_docker_compose


# CONSTRUCT THE POD

- name: Build pod-charlesreid1 from scratch
command: "docker-compose build --no-cache"
args:
chdir: "{{ webhooks_install_dir }}"
when:
- "pod_register_docker_compose.stat.exists"


########################################
# Set up pod-webhooks startup service
########################################

# Check if the webhook docker pod service
# is installed. If not, install it.

- name: Check if pod-webhooks service is installed
stat:
path: /etc/systemd/system/pod-webhooks.service
register: pod_webhooks_service_check


- name: Install pod-webhooks service
template:
src: pod-webhooks.service.j2
dest: /etc/systemd/system/pod-webhooks.service
mode: 0777
when:
- "not pod_webhooks_service_check.stat.exists"


# Before we enable the service -
# LetsEncrypt role will install certs,
# either fake or real, so this should
# always pass.

- name: Check if LetsEncrypt live domain cert is present
tags:
- letsencrypt
stat:
path: "/etc/letsencrypt/live/{{ top_domain }}"
register: register_letsencrypt_livecert


# Enabling the service requires docker compose and LetsEncrypt certs

- name: Enable pod-webhooks service
service:
name: pod-webhooks
enabled: yes
state: restarted
when:
- "pod_register_docker_compose.stat.exists"
- "register_letsencrypt_livecert.stat.exists"


########################################
# Set up captain-hook-canary service
########################################

# Check if the captain hook canary service
# is installed. If not, install it.

- name: Check if captain-hook-canary service is installed
stat:
path: /etc/systemd/system/captain-hook-canary.service
register: canary_service_check

- name: Install captain-hook-canary service
template:
src: captain-hook-canary.service.j2
dest: /etc/systemd/system/captain-hook-canary.service
mode: 0777
when:
- "not canary_service_check.stat.exists"

- name: Enable captain-hook-canary service
service:
name: captain-hook-canary
enabled: yes
state: restarted


+ 15
- 0
roles/pod-webhooks/templates/pod-webhooks.service.j2 View File

@@ -0,0 +1,15 @@
# Hopefully this comment works

[Unit]
Description=webhooks and subdomains docker pod
Requires=docker.service
After=docker.service

[Service]
Restart=always
ExecStart=/usr/local/bin/docker-compose -f /home/charles/codes/docker/pod-webhooks/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /home/charles/codes/docker/pod-webhooks/docker-compose.yml down

[Install]
WantedBy=default.target


+ 0
- 2
roles/pod-webhooks/tests/inventory View File

@@ -1,2 +0,0 @@
localhost


+ 0
- 5
roles/pod-webhooks/tests/test.yml View File

@@ -1,5 +0,0 @@
---
- hosts: localhost
remote_user: root
roles:
- pod-webhooks

+ 0
- 2
roles/pod-webhooks/vars/main.yml View File

@@ -1,2 +0,0 @@
---
# vars file for pod-webhooks

Loading…
Cancel
Save