Remove Vagrant support and deploy services selectively
This commit is contained in:
parent
ec4f107100
commit
ef891ced42
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,6 +1,5 @@
|
||||||
*.retry
|
*.retry
|
||||||
*.sw*
|
*.sw*
|
||||||
.vagrant/
|
|
||||||
*.log
|
*.log
|
||||||
.idea/
|
.idea/
|
||||||
.vscode/
|
.vscode/
|
||||||
|
|
39
Vagrantfile
vendored
39
Vagrantfile
vendored
|
@ -1,39 +0,0 @@
|
||||||
Vagrant.require_version ">= 2.0.0"
|
|
||||||
PORT = 19022
|
|
||||||
|
|
||||||
def provisioned?(vm="default", provider="virtualbox")
|
|
||||||
File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
|
|
||||||
end
|
|
||||||
|
|
||||||
Vagrant.configure(2) do |config|
|
|
||||||
config.vm.network :private_network, ip: "192.168.56.10"
|
|
||||||
config.vm.network :forwarded_port, guest: PORT, host: PORT
|
|
||||||
|
|
||||||
config.vm.box = "ubuntu/focal64"
|
|
||||||
config.vm.hostname = "datacoop"
|
|
||||||
|
|
||||||
config.vm.provider :virtualbox do |v|
|
|
||||||
v.cpus = 8
|
|
||||||
v.memory = 16384
|
|
||||||
end
|
|
||||||
|
|
||||||
config.vm.provision :ansible do |ansible|
|
|
||||||
ansible.compatibility_mode = "2.0"
|
|
||||||
ansible.playbook = "playbook.yml"
|
|
||||||
ansible.ask_vault_pass = true
|
|
||||||
ansible.verbose = "v"
|
|
||||||
|
|
||||||
# If the VM is already provisioned, we need to use the new port
|
|
||||||
if provisioned?
|
|
||||||
config.ssh.guest_port = PORT
|
|
||||||
ansible.extra_vars = {
|
|
||||||
ansible_port: PORT,
|
|
||||||
from_vagrant: true
|
|
||||||
}
|
|
||||||
else
|
|
||||||
ansible.extra_vars = {
|
|
||||||
from_vagrant: true
|
|
||||||
}
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
|
@ -2,7 +2,7 @@
|
||||||
ask_vault_pass = True
|
ask_vault_pass = True
|
||||||
inventory = datacoop_hosts
|
inventory = datacoop_hosts
|
||||||
interpreter_python = /usr/bin/python3
|
interpreter_python = /usr/bin/python3
|
||||||
remote_user = root
|
remote_user = ansible
|
||||||
retry_files_enabled = True
|
retry_files_enabled = True
|
||||||
use_persistent_connections = True
|
use_persistent_connections = True
|
||||||
forks = 10
|
forks = 10
|
||||||
|
|
28
deploy.sh
28
deploy.sh
|
@ -2,20 +2,15 @@
|
||||||
|
|
||||||
usage () {
|
usage () {
|
||||||
{
|
{
|
||||||
echo "Usage: $0 [--vagrant]"
|
echo "Usage: $0"
|
||||||
echo "Usage: $0 [--vagrant] base"
|
echo "Usage: $0 base"
|
||||||
echo "Usage: $0 [--vagrant] users"
|
echo "Usage: $0 users"
|
||||||
echo "Usage: $0 [--vagrant] services [SERVICE]"
|
echo "Usage: $0 services [--deploy] [SERVICE]"
|
||||||
} >&2
|
} >&2
|
||||||
}
|
}
|
||||||
|
|
||||||
BASE_CMD="ansible-playbook playbook.yml"
|
BASE_CMD="ansible-playbook playbook.yml"
|
||||||
|
DEPLOY="false"
|
||||||
if [ "$1" = "--vagrant" ]; then
|
|
||||||
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
|
|
||||||
VAGRANT_VAR="from_vagrant"
|
|
||||||
shift
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
|
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
|
||||||
echo "Installing community.general modules"
|
echo "Installing community.general modules"
|
||||||
|
@ -28,19 +23,24 @@ if [ -z "$1" ]; then
|
||||||
else
|
else
|
||||||
case $1 in
|
case $1 in
|
||||||
"services")
|
"services")
|
||||||
|
if [ -n "$2" && "$2" = "--deploy" ]; then
|
||||||
|
DEPLOY="true"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
echo "Deploying all services!"
|
echo "Deploying all services!"
|
||||||
eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY"
|
||||||
else
|
else
|
||||||
echo "Deploying service: $2"
|
echo "Deploying service: $2"
|
||||||
$BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
|
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY" --extra-vars "single_service=$2"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
"base")
|
"base")
|
||||||
eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
$BASE_CMD --tags base_only
|
||||||
;;
|
;;
|
||||||
"users")
|
"users")
|
||||||
eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
$BASE_CMD --tags setup-users
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
usage
|
usage
|
||||||
|
|
|
@ -1,10 +1,7 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
# code: language=ansible
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
base_domain: data.coop
|
||||||
letsencrypt_enabled: "{{ not vagrant }}"
|
|
||||||
|
|
||||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
|
||||||
letsencrypt_email: admin@data.coop
|
letsencrypt_email: admin@data.coop
|
||||||
|
|
||||||
services_include:
|
services_include:
|
||||||
|
|
|
@ -1,10 +1,7 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
# code: language=ansible
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
base_domain: data.coop
|
||||||
letsencrypt_enabled: "{{ not vagrant }}"
|
|
||||||
|
|
||||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
|
||||||
letsencrypt_email: admin@data.coop
|
letsencrypt_email: admin@data.coop
|
||||||
|
|
||||||
services_exclude:
|
services_exclude:
|
||||||
|
|
|
@ -1,10 +1,7 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
# code: language=ansible
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
base_domain: staging.data.coop
|
||||||
letsencrypt_enabled: "{{ not vagrant }}"
|
|
||||||
|
|
||||||
base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
|
|
||||||
letsencrypt_email: admin@data.coop
|
letsencrypt_email: admin@data.coop
|
||||||
|
|
||||||
services_exclude:
|
services_exclude:
|
||||||
|
|
|
@ -2,4 +2,7 @@
|
||||||
# code: language=ansible
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
ansible_host: 85.209.118.134
|
ansible_host: 85.209.118.134
|
||||||
fqdn: cavall.servers.data.coop
|
ansible_port: 22
|
||||||
|
|
||||||
|
hostname: "{{ inventory_hostname }}"
|
||||||
|
fqdn: "{{ hostname }}.servers.data.coop"
|
||||||
|
|
|
@ -3,4 +3,9 @@
|
||||||
---
|
---
|
||||||
ansible_host: 85.209.118.134
|
ansible_host: 85.209.118.134
|
||||||
ansible_port: 19022
|
ansible_port: 19022
|
||||||
fqdn: folald.vm.cavall.servers.data.coop
|
|
||||||
|
vm_host: cavall
|
||||||
|
vm_type: qemu
|
||||||
|
|
||||||
|
hostname: "{{ inventory_hostname }}"
|
||||||
|
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
|
||||||
|
|
|
@ -2,4 +2,10 @@
|
||||||
# code: language=ansible
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
ansible_host: 159.223.17.241
|
ansible_host: 159.223.17.241
|
||||||
fqdn: hestur.servers.data.coop
|
ansible_port: 22
|
||||||
|
|
||||||
|
vm_host: cloud
|
||||||
|
vm_type: vps
|
||||||
|
|
||||||
|
hostname: "{{ inventory_hostname }}"
|
||||||
|
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
|
||||||
|
|
|
@ -3,4 +3,9 @@
|
||||||
---
|
---
|
||||||
ansible_host: 85.209.118.142
|
ansible_host: 85.209.118.142
|
||||||
ansible_port: 19022
|
ansible_port: 19022
|
||||||
fqdn: poltre.vm.cavall.servers.data.coop
|
|
||||||
|
vm_host: cavall
|
||||||
|
vm_type: qemu
|
||||||
|
|
||||||
|
hostname: "{{ inventory_hostname }}"
|
||||||
|
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
|
||||||
|
|
|
@ -3,4 +3,9 @@
|
||||||
---
|
---
|
||||||
ansible_host: 85.209.118.143
|
ansible_host: 85.209.118.143
|
||||||
ansible_port: 19022
|
ansible_port: 19022
|
||||||
fqdn: varsa.vm.cavall.servers.data.coop
|
|
||||||
|
vm_host: cavall
|
||||||
|
vm_type: qemu
|
||||||
|
|
||||||
|
hostname: "{{ inventory_hostname }}"
|
||||||
|
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
|
||||||
|
|
|
@ -17,3 +17,6 @@ folald
|
||||||
production
|
production
|
||||||
staging
|
staging
|
||||||
control
|
control
|
||||||
|
|
||||||
|
[physical:children]
|
||||||
|
proxmox
|
|
@ -50,7 +50,6 @@ services:
|
||||||
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
||||||
repository: restic
|
repository: restic
|
||||||
version: "1.7.0"
|
version: "1.7.0"
|
||||||
disabled_in_vagrant: true
|
|
||||||
# mail dance
|
# mail dance
|
||||||
domain: "noreply.{{ base_domain }}"
|
domain: "noreply.{{ base_domain }}"
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
|
@ -1,27 +1,30 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
# code: language=ansible
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Create volume folder for service {{ service.name }}
|
- name: Create volume folder for service '{{ service.name }}'
|
||||||
file:
|
file:
|
||||||
name: "{{ service.vars.volume_folder }}"
|
name: "{{ service.vars.volume_folder }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: Upload Compose file for service {{ service.name }}
|
- name: Upload Compose file for service '{{ service.name }}'
|
||||||
template:
|
template:
|
||||||
src: compose-files/{{ service.name }}.yml.j2
|
src: compose-files/{{ service.name }}.yml.j2
|
||||||
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
|
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
|
||||||
owner: root
|
owner: root
|
||||||
mode: u=rw,go=
|
mode: u=rw,go=
|
||||||
|
|
||||||
- name: Run pre-deployment tasks for service {{ service.name }}
|
- name: Run pre-deployment tasks for service '{{ service.name }}'
|
||||||
include_tasks: pre_deploy/{{ service.name }}.yml
|
ansible.builtin.include_tasks: pre_deploy/{{ service.name }}.yml
|
||||||
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
|
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
|
||||||
|
|
||||||
- name: Deploy Compose stack for service {{ service.name }}
|
- name: Deploy service '{{ service.name }}'
|
||||||
command: docker compose up -d --remove-orphans --pull always
|
when: deploy_services is defined and deploy_services
|
||||||
args:
|
block:
|
||||||
chdir: "{{ service.vars.volume_folder }}"
|
- name: Deploy Compose stack for service '{{ service.name }}'
|
||||||
|
ansible.builtin.command: docker compose up -d --remove-orphans --pull always
|
||||||
|
args:
|
||||||
|
chdir: "{{ service.vars.volume_folder }}"
|
||||||
|
|
||||||
- name: Run post-deployment tasks for service {{ service.name }}
|
- name: Run post-deployment tasks for service '{{ service.name }}'
|
||||||
include_tasks: post_deploy/{{ service.name }}.yml
|
ansible.builtin.include_tasks: post_deploy/{{ service.name }}.yml
|
||||||
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
||||||
|
|
|
@ -9,6 +9,6 @@
|
||||||
|
|
||||||
- name: log in to registry
|
- name: log in to registry
|
||||||
docker_login:
|
docker_login:
|
||||||
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
registry: docker.data.coop
|
||||||
username: docker
|
username: docker
|
||||||
password: "{{ docker_password }}"
|
password: "{{ docker_password }}"
|
||||||
|
|
|
@ -35,7 +35,6 @@
|
||||||
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||||
state: hard
|
state: hard
|
||||||
force: true
|
force: true
|
||||||
when: letsencrypt_enabled
|
|
||||||
|
|
||||||
- name: Hard link to Let's Encrypt TLS key
|
- name: Hard link to Let's Encrypt TLS key
|
||||||
file:
|
file:
|
||||||
|
@ -43,4 +42,3 @@
|
||||||
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||||
state: hard
|
state: hard
|
||||||
force: true
|
force: true
|
||||||
when: letsencrypt_enabled
|
|
||||||
|
|
|
@ -13,9 +13,7 @@
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
vars: "{{ services[item] }}"
|
vars: "{{ services[item] }}"
|
||||||
loop: "{{ services_include }}"
|
loop: "{{ services_include }}"
|
||||||
when: single_service is not defined and
|
when: single_service is not defined
|
||||||
(item.vars.disabled_in_vagrant is not defined or
|
|
||||||
not (item.vars.disabled_in_vagrant and vagrant))
|
|
||||||
|
|
||||||
- name: Deploy single service
|
- name: Deploy single service
|
||||||
include_tasks:
|
include_tasks:
|
||||||
|
@ -24,6 +22,4 @@
|
||||||
service:
|
service:
|
||||||
name: "{{ single_service }}"
|
name: "{{ single_service }}"
|
||||||
vars: "{{ services[single_service] }}"
|
vars: "{{ services[single_service] }}"
|
||||||
when: single_service is defined and single_service in services and
|
when: single_service is defined and single_service in services
|
||||||
(services[single_service].disabled_in_vagrant is not defined or
|
|
||||||
not (services[single_service].disabled_in_vagrant and vagrant))
|
|
||||||
|
|
|
@ -22,7 +22,6 @@ services:
|
||||||
labels:
|
labels:
|
||||||
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
|
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
|
||||||
|
|
||||||
{% if letsencrypt_enabled %}
|
|
||||||
acme:
|
acme:
|
||||||
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
|
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
|
||||||
restart: always
|
restart: always
|
||||||
|
@ -34,7 +33,6 @@ services:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
depends_on:
|
depends_on:
|
||||||
- proxy
|
- proxy
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
external_services:
|
external_services:
|
||||||
|
|
|
@ -7,8 +7,8 @@ services:
|
||||||
backup:
|
backup:
|
||||||
image: mazzolino/restic:{{ services.restic.version }}
|
image: mazzolino/restic:{{ services.restic.version }}
|
||||||
restart: always
|
restart: always
|
||||||
hostname: {{ inventory_hostname_short }}
|
hostname: {{ hostname }}
|
||||||
domainname: {{ inventory_hostname }}
|
domainname: {{ fqdn }}
|
||||||
environment:
|
environment:
|
||||||
RUN_ON_STARTUP: false
|
RUN_ON_STARTUP: false
|
||||||
BACKUP_CRON: "0 30 3 * * *"
|
BACKUP_CRON: "0 30 3 * * *"
|
||||||
|
|
|
@ -1,10 +1,6 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
# code: language=ansible
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- ansible.builtin.import_tasks: ssh-port.yml
|
|
||||||
tags: [change-ssh-port]
|
|
||||||
when: ansible_port != 22
|
|
||||||
|
|
||||||
- ansible.builtin.import_tasks: base.yml
|
- ansible.builtin.import_tasks: base.yml
|
||||||
tags: [install-base-packages]
|
tags: [install-base-packages]
|
||||||
|
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
# code: language=ansible
|
|
||||||
---
|
|
||||||
- name: Change SSH port on host
|
|
||||||
lineinfile:
|
|
||||||
dest: "/etc/ssh/sshd_config"
|
|
||||||
regexp: "^#?Port "
|
|
||||||
line: "Port 19022"
|
|
||||||
register: ssh_changed
|
|
||||||
|
|
||||||
- name: Restart sshd
|
|
||||||
service:
|
|
||||||
name: sshd
|
|
||||||
state: restarted
|
|
||||||
when: ssh_changed is defined and
|
|
||||||
ssh_changed.changed
|
|
||||||
|
|
||||||
- name: Change Ansible port to 19022
|
|
||||||
set_fact:
|
|
||||||
ansible_port: 19022
|
|
||||||
when: ssh_changed is defined and
|
|
||||||
ssh_changed.changed
|
|
|
@ -1,2 +0,0 @@
|
||||||
[production]
|
|
||||||
localhost ansible_port=19022
|
|
Loading…
Reference in a new issue