Remove Vagrant support and deploy services selectively

This commit is contained in:
Sam A. 2024-03-29 22:55:56 +01:00
parent ec4f107100
commit ef891ced42
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
23 changed files with 70 additions and 126 deletions

1
.gitignore vendored
View file

@ -1,6 +1,5 @@
*.retry *.retry
*.sw* *.sw*
.vagrant/
*.log *.log
.idea/ .idea/
.vscode/ .vscode/

39
Vagrantfile vendored
View file

@ -1,39 +0,0 @@
Vagrant.require_version ">= 2.0.0"
PORT = 19022
def provisioned?(vm="default", provider="virtualbox")
File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
end
Vagrant.configure(2) do |config|
config.vm.network :private_network, ip: "192.168.56.10"
config.vm.network :forwarded_port, guest: PORT, host: PORT
config.vm.box = "ubuntu/focal64"
config.vm.hostname = "datacoop"
config.vm.provider :virtualbox do |v|
v.cpus = 8
v.memory = 16384
end
config.vm.provision :ansible do |ansible|
ansible.compatibility_mode = "2.0"
ansible.playbook = "playbook.yml"
ansible.ask_vault_pass = true
ansible.verbose = "v"
# If the VM is already provisioned, we need to use the new port
if provisioned?
config.ssh.guest_port = PORT
ansible.extra_vars = {
ansible_port: PORT,
from_vagrant: true
}
else
ansible.extra_vars = {
from_vagrant: true
}
end
end
end

View file

@ -2,7 +2,7 @@
ask_vault_pass = True ask_vault_pass = True
inventory = datacoop_hosts inventory = datacoop_hosts
interpreter_python = /usr/bin/python3 interpreter_python = /usr/bin/python3
remote_user = root remote_user = ansible
retry_files_enabled = True retry_files_enabled = True
use_persistent_connections = True use_persistent_connections = True
forks = 10 forks = 10

View file

@ -2,20 +2,15 @@
usage () { usage () {
{ {
echo "Usage: $0 [--vagrant]" echo "Usage: $0"
echo "Usage: $0 [--vagrant] base" echo "Usage: $0 base"
echo "Usage: $0 [--vagrant] users" echo "Usage: $0 users"
echo "Usage: $0 [--vagrant] services [SERVICE]" echo "Usage: $0 services [--deploy] [SERVICE]"
} >&2 } >&2
} }
BASE_CMD="ansible-playbook playbook.yml" BASE_CMD="ansible-playbook playbook.yml"
DEPLOY="false"
if [ "$1" = "--vagrant" ]; then
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
VAGRANT_VAR="from_vagrant"
shift
fi
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
echo "Installing community.general modules" echo "Installing community.general modules"
@ -28,19 +23,24 @@ if [ -z "$1" ]; then
else else
case $1 in case $1 in
"services") "services")
if [ -n "$2" && "$2" = "--deploy" ]; then
DEPLOY="true"
shift
fi
if [ -z "$2" ]; then if [ -z "$2" ]; then
echo "Deploying all services!" echo "Deploying all services!"
eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")" $BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY"
else else
echo "Deploying service: $2" echo "Deploying service: $2"
$BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}' $BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY" --extra-vars "single_service=$2"
fi fi
;; ;;
"base") "base")
eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")" $BASE_CMD --tags base_only
;; ;;
"users") "users")
eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")" $BASE_CMD --tags setup-users
;; ;;
*) *)
usage usage

View file

@ -1,10 +1,7 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
vagrant: "{{ from_vagrant is defined and from_vagrant }}" base_domain: data.coop
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
letsencrypt_email: admin@data.coop letsencrypt_email: admin@data.coop
services_include: services_include:

View file

@ -1,10 +1,7 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
vagrant: "{{ from_vagrant is defined and from_vagrant }}" base_domain: data.coop
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
letsencrypt_email: admin@data.coop letsencrypt_email: admin@data.coop
services_exclude: services_exclude:

View file

@ -1,10 +1,7 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
vagrant: "{{ from_vagrant is defined and from_vagrant }}" base_domain: staging.data.coop
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
letsencrypt_email: admin@data.coop letsencrypt_email: admin@data.coop
services_exclude: services_exclude:

View file

@ -2,4 +2,7 @@
# code: language=ansible # code: language=ansible
--- ---
ansible_host: 85.209.118.134 ansible_host: 85.209.118.134
fqdn: cavall.servers.data.coop ansible_port: 22
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.servers.data.coop"

View file

@ -3,4 +3,9 @@
--- ---
ansible_host: 85.209.118.134 ansible_host: 85.209.118.134
ansible_port: 19022 ansible_port: 19022
fqdn: folald.vm.cavall.servers.data.coop
vm_host: cavall
vm_type: qemu
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

View file

@ -2,4 +2,10 @@
# code: language=ansible # code: language=ansible
--- ---
ansible_host: 159.223.17.241 ansible_host: 159.223.17.241
fqdn: hestur.servers.data.coop ansible_port: 22
vm_host: cloud
vm_type: vps
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

View file

@ -3,4 +3,9 @@
--- ---
ansible_host: 85.209.118.142 ansible_host: 85.209.118.142
ansible_port: 19022 ansible_port: 19022
fqdn: poltre.vm.cavall.servers.data.coop
vm_host: cavall
vm_type: qemu
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

View file

@ -3,4 +3,9 @@
--- ---
ansible_host: 85.209.118.143 ansible_host: 85.209.118.143
ansible_port: 19022 ansible_port: 19022
fqdn: varsa.vm.cavall.servers.data.coop
vm_host: cavall
vm_type: qemu
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

View file

@ -17,3 +17,6 @@ folald
production production
staging staging
control control
[physical:children]
proxmox

View file

@ -50,7 +50,6 @@ services:
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
repository: restic repository: restic
version: "1.7.0" version: "1.7.0"
disabled_in_vagrant: true
# mail dance # mail dance
domain: "noreply.{{ base_domain }}" domain: "noreply.{{ base_domain }}"
allowed_sender_domain: true allowed_sender_domain: true

View file

@ -1,27 +1,30 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
- name: Create volume folder for service {{ service.name }} - name: Create volume folder for service '{{ service.name }}'
file: file:
name: "{{ service.vars.volume_folder }}" name: "{{ service.vars.volume_folder }}"
state: directory state: directory
- name: Upload Compose file for service {{ service.name }} - name: Upload Compose file for service '{{ service.name }}'
template: template:
src: compose-files/{{ service.name }}.yml.j2 src: compose-files/{{ service.name }}.yml.j2
dest: "{{ service.vars.volume_folder }}/docker-compose.yml" dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
owner: root owner: root
mode: u=rw,go= mode: u=rw,go=
- name: Run pre-deployment tasks for service {{ service.name }} - name: Run pre-deployment tasks for service '{{ service.name }}'
include_tasks: pre_deploy/{{ service.name }}.yml ansible.builtin.include_tasks: pre_deploy/{{ service.name }}.yml
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
- name: Deploy Compose stack for service {{ service.name }} - name: Deploy service '{{ service.name }}'
command: docker compose up -d --remove-orphans --pull always when: deploy_services is defined and deploy_services
args: block:
chdir: "{{ service.vars.volume_folder }}" - name: Deploy Compose stack for service '{{ service.name }}'
ansible.builtin.command: docker compose up -d --remove-orphans --pull always
args:
chdir: "{{ service.vars.volume_folder }}"
- name: Run post-deployment tasks for service {{ service.name }} - name: Run post-deployment tasks for service '{{ service.name }}'
include_tasks: post_deploy/{{ service.name }}.yml ansible.builtin.include_tasks: post_deploy/{{ service.name }}.yml
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

View file

@ -9,6 +9,6 @@
- name: log in to registry - name: log in to registry
docker_login: docker_login:
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}" registry: docker.data.coop
username: docker username: docker
password: "{{ docker_password }}" password: "{{ docker_password }}"

View file

@ -35,7 +35,6 @@
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem" dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
state: hard state: hard
force: true force: true
when: letsencrypt_enabled
- name: Hard link to Let's Encrypt TLS key - name: Hard link to Let's Encrypt TLS key
file: file:
@ -43,4 +42,3 @@
dest: "{{ services.mailu.volume_folder }}/certs/key.pem" dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
state: hard state: hard
force: true force: true
when: letsencrypt_enabled

View file

@ -13,9 +13,7 @@
name: "{{ item }}" name: "{{ item }}"
vars: "{{ services[item] }}" vars: "{{ services[item] }}"
loop: "{{ services_include }}" loop: "{{ services_include }}"
when: single_service is not defined and when: single_service is not defined
(item.vars.disabled_in_vagrant is not defined or
not (item.vars.disabled_in_vagrant and vagrant))
- name: Deploy single service - name: Deploy single service
include_tasks: include_tasks:
@ -24,6 +22,4 @@
service: service:
name: "{{ single_service }}" name: "{{ single_service }}"
vars: "{{ services[single_service] }}" vars: "{{ services[single_service] }}"
when: single_service is defined and single_service in services and when: single_service is defined and single_service in services
(services[single_service].disabled_in_vagrant is not defined or
not (services[single_service].disabled_in_vagrant and vagrant))

View file

@ -22,7 +22,6 @@ services:
labels: labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
{% if letsencrypt_enabled %}
acme: acme:
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }} image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
restart: always restart: always
@ -34,7 +33,6 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
depends_on: depends_on:
- proxy - proxy
{% endif %}
networks: networks:
external_services: external_services:

View file

@ -7,8 +7,8 @@ services:
backup: backup:
image: mazzolino/restic:{{ services.restic.version }} image: mazzolino/restic:{{ services.restic.version }}
restart: always restart: always
hostname: {{ inventory_hostname_short }} hostname: {{ hostname }}
domainname: {{ inventory_hostname }} domainname: {{ fqdn }}
environment: environment:
RUN_ON_STARTUP: false RUN_ON_STARTUP: false
BACKUP_CRON: "0 30 3 * * *" BACKUP_CRON: "0 30 3 * * *"

View file

@ -1,10 +1,6 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
- ansible.builtin.import_tasks: ssh-port.yml
tags: [change-ssh-port]
when: ansible_port != 22
- ansible.builtin.import_tasks: base.yml - ansible.builtin.import_tasks: base.yml
tags: [install-base-packages] tags: [install-base-packages]

View file

@ -1,22 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Change SSH port on host
lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^#?Port "
line: "Port 19022"
register: ssh_changed
- name: Restart sshd
service:
name: sshd
state: restarted
when: ssh_changed is defined and
ssh_changed.changed
- name: Change Ansible port to 19022
set_fact:
ansible_port: 19022
when: ssh_changed is defined and
ssh_changed.changed

View file

@ -1,2 +0,0 @@
[production]
localhost ansible_port=19022