Remove Vagrant support and deploy services selectively
This commit is contained in:
parent
ec4f107100
commit
ef891ced42
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,6 +1,5 @@
|
|||
*.retry
|
||||
*.sw*
|
||||
.vagrant/
|
||||
*.log
|
||||
.idea/
|
||||
.vscode/
|
||||
|
|
39
Vagrantfile
vendored
39
Vagrantfile
vendored
|
@ -1,39 +0,0 @@
|
|||
Vagrant.require_version ">= 2.0.0"
|
||||
PORT = 19022
|
||||
|
||||
def provisioned?(vm="default", provider="virtualbox")
|
||||
File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
|
||||
end
|
||||
|
||||
Vagrant.configure(2) do |config|
|
||||
config.vm.network :private_network, ip: "192.168.56.10"
|
||||
config.vm.network :forwarded_port, guest: PORT, host: PORT
|
||||
|
||||
config.vm.box = "ubuntu/focal64"
|
||||
config.vm.hostname = "datacoop"
|
||||
|
||||
config.vm.provider :virtualbox do |v|
|
||||
v.cpus = 8
|
||||
v.memory = 16384
|
||||
end
|
||||
|
||||
config.vm.provision :ansible do |ansible|
|
||||
ansible.compatibility_mode = "2.0"
|
||||
ansible.playbook = "playbook.yml"
|
||||
ansible.ask_vault_pass = true
|
||||
ansible.verbose = "v"
|
||||
|
||||
# If the VM is already provisioned, we need to use the new port
|
||||
if provisioned?
|
||||
config.ssh.guest_port = PORT
|
||||
ansible.extra_vars = {
|
||||
ansible_port: PORT,
|
||||
from_vagrant: true
|
||||
}
|
||||
else
|
||||
ansible.extra_vars = {
|
||||
from_vagrant: true
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -2,7 +2,7 @@
|
|||
ask_vault_pass = True
|
||||
inventory = datacoop_hosts
|
||||
interpreter_python = /usr/bin/python3
|
||||
remote_user = root
|
||||
remote_user = ansible
|
||||
retry_files_enabled = True
|
||||
use_persistent_connections = True
|
||||
forks = 10
|
||||
|
|
28
deploy.sh
28
deploy.sh
|
@ -2,20 +2,15 @@
|
|||
|
||||
usage () {
|
||||
{
|
||||
echo "Usage: $0 [--vagrant]"
|
||||
echo "Usage: $0 [--vagrant] base"
|
||||
echo "Usage: $0 [--vagrant] users"
|
||||
echo "Usage: $0 [--vagrant] services [SERVICE]"
|
||||
echo "Usage: $0"
|
||||
echo "Usage: $0 base"
|
||||
echo "Usage: $0 users"
|
||||
echo "Usage: $0 services [--deploy] [SERVICE]"
|
||||
} >&2
|
||||
}
|
||||
|
||||
BASE_CMD="ansible-playbook playbook.yml"
|
||||
|
||||
if [ "$1" = "--vagrant" ]; then
|
||||
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
|
||||
VAGRANT_VAR="from_vagrant"
|
||||
shift
|
||||
fi
|
||||
DEPLOY="false"
|
||||
|
||||
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
|
||||
echo "Installing community.general modules"
|
||||
|
@ -28,19 +23,24 @@ if [ -z "$1" ]; then
|
|||
else
|
||||
case $1 in
|
||||
"services")
|
||||
if [ -n "$2" && "$2" = "--deploy" ]; then
|
||||
DEPLOY="true"
|
||||
shift
|
||||
fi
|
||||
|
||||
if [ -z "$2" ]; then
|
||||
echo "Deploying all services!"
|
||||
eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY"
|
||||
else
|
||||
echo "Deploying service: $2"
|
||||
$BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
|
||||
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY" --extra-vars "single_service=$2"
|
||||
fi
|
||||
;;
|
||||
"base")
|
||||
eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||
$BASE_CMD --tags base_only
|
||||
;;
|
||||
"users")
|
||||
eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||
$BASE_CMD --tags setup-users
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||
base_domain: data.coop
|
||||
letsencrypt_email: admin@data.coop
|
||||
|
||||
services_include:
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||
base_domain: data.coop
|
||||
letsencrypt_email: admin@data.coop
|
||||
|
||||
services_exclude:
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
|
||||
base_domain: staging.data.coop
|
||||
letsencrypt_email: admin@data.coop
|
||||
|
||||
services_exclude:
|
||||
|
|
|
@ -2,4 +2,7 @@
|
|||
# code: language=ansible
|
||||
---
|
||||
ansible_host: 85.209.118.134
|
||||
fqdn: cavall.servers.data.coop
|
||||
ansible_port: 22
|
||||
|
||||
hostname: "{{ inventory_hostname }}"
|
||||
fqdn: "{{ hostname }}.servers.data.coop"
|
||||
|
|
|
@ -3,4 +3,9 @@
|
|||
---
|
||||
ansible_host: 85.209.118.134
|
||||
ansible_port: 19022
|
||||
fqdn: folald.vm.cavall.servers.data.coop
|
||||
|
||||
vm_host: cavall
|
||||
vm_type: qemu
|
||||
|
||||
hostname: "{{ inventory_hostname }}"
|
||||
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
|
||||
|
|
|
@ -2,4 +2,10 @@
|
|||
# code: language=ansible
|
||||
---
|
||||
ansible_host: 159.223.17.241
|
||||
fqdn: hestur.servers.data.coop
|
||||
ansible_port: 22
|
||||
|
||||
vm_host: cloud
|
||||
vm_type: vps
|
||||
|
||||
hostname: "{{ inventory_hostname }}"
|
||||
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
|
||||
|
|
|
@ -3,4 +3,9 @@
|
|||
---
|
||||
ansible_host: 85.209.118.142
|
||||
ansible_port: 19022
|
||||
fqdn: poltre.vm.cavall.servers.data.coop
|
||||
|
||||
vm_host: cavall
|
||||
vm_type: qemu
|
||||
|
||||
hostname: "{{ inventory_hostname }}"
|
||||
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
|
||||
|
|
|
@ -3,4 +3,9 @@
|
|||
---
|
||||
ansible_host: 85.209.118.143
|
||||
ansible_port: 19022
|
||||
fqdn: varsa.vm.cavall.servers.data.coop
|
||||
|
||||
vm_host: cavall
|
||||
vm_type: qemu
|
||||
|
||||
hostname: "{{ inventory_hostname }}"
|
||||
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
|
||||
|
|
|
@ -17,3 +17,6 @@ folald
|
|||
production
|
||||
staging
|
||||
control
|
||||
|
||||
[physical:children]
|
||||
proxmox
|
|
@ -50,7 +50,6 @@ services:
|
|||
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
||||
repository: restic
|
||||
version: "1.7.0"
|
||||
disabled_in_vagrant: true
|
||||
# mail dance
|
||||
domain: "noreply.{{ base_domain }}"
|
||||
allowed_sender_domain: true
|
||||
|
|
|
@ -1,27 +1,30 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Create volume folder for service {{ service.name }}
|
||||
- name: Create volume folder for service '{{ service.name }}'
|
||||
file:
|
||||
name: "{{ service.vars.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: Upload Compose file for service {{ service.name }}
|
||||
- name: Upload Compose file for service '{{ service.name }}'
|
||||
template:
|
||||
src: compose-files/{{ service.name }}.yml.j2
|
||||
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
|
||||
owner: root
|
||||
mode: u=rw,go=
|
||||
|
||||
- name: Run pre-deployment tasks for service {{ service.name }}
|
||||
include_tasks: pre_deploy/{{ service.name }}.yml
|
||||
- name: Run pre-deployment tasks for service '{{ service.name }}'
|
||||
ansible.builtin.include_tasks: pre_deploy/{{ service.name }}.yml
|
||||
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
|
||||
|
||||
- name: Deploy Compose stack for service {{ service.name }}
|
||||
command: docker compose up -d --remove-orphans --pull always
|
||||
args:
|
||||
chdir: "{{ service.vars.volume_folder }}"
|
||||
- name: Deploy service '{{ service.name }}'
|
||||
when: deploy_services is defined and deploy_services
|
||||
block:
|
||||
- name: Deploy Compose stack for service '{{ service.name }}'
|
||||
ansible.builtin.command: docker compose up -d --remove-orphans --pull always
|
||||
args:
|
||||
chdir: "{{ service.vars.volume_folder }}"
|
||||
|
||||
- name: Run post-deployment tasks for service {{ service.name }}
|
||||
include_tasks: post_deploy/{{ service.name }}.yml
|
||||
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
||||
- name: Run post-deployment tasks for service '{{ service.name }}'
|
||||
ansible.builtin.include_tasks: post_deploy/{{ service.name }}.yml
|
||||
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
||||
|
|
|
@ -9,6 +9,6 @@
|
|||
|
||||
- name: log in to registry
|
||||
docker_login:
|
||||
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
||||
registry: docker.data.coop
|
||||
username: docker
|
||||
password: "{{ docker_password }}"
|
||||
|
|
|
@ -35,7 +35,6 @@
|
|||
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||
state: hard
|
||||
force: true
|
||||
when: letsencrypt_enabled
|
||||
|
||||
- name: Hard link to Let's Encrypt TLS key
|
||||
file:
|
||||
|
@ -43,4 +42,3 @@
|
|||
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||
state: hard
|
||||
force: true
|
||||
when: letsencrypt_enabled
|
||||
|
|
|
@ -13,9 +13,7 @@
|
|||
name: "{{ item }}"
|
||||
vars: "{{ services[item] }}"
|
||||
loop: "{{ services_include }}"
|
||||
when: single_service is not defined and
|
||||
(item.vars.disabled_in_vagrant is not defined or
|
||||
not (item.vars.disabled_in_vagrant and vagrant))
|
||||
when: single_service is not defined
|
||||
|
||||
- name: Deploy single service
|
||||
include_tasks:
|
||||
|
@ -24,6 +22,4 @@
|
|||
service:
|
||||
name: "{{ single_service }}"
|
||||
vars: "{{ services[single_service] }}"
|
||||
when: single_service is defined and single_service in services and
|
||||
(services[single_service].disabled_in_vagrant is not defined or
|
||||
not (services[single_service].disabled_in_vagrant and vagrant))
|
||||
when: single_service is defined and single_service in services
|
||||
|
|
|
@ -22,7 +22,6 @@ services:
|
|||
labels:
|
||||
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
|
||||
|
||||
{% if letsencrypt_enabled %}
|
||||
acme:
|
||||
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
|
||||
restart: always
|
||||
|
@ -34,7 +33,6 @@ services:
|
|||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
depends_on:
|
||||
- proxy
|
||||
{% endif %}
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
|
|
|
@ -7,8 +7,8 @@ services:
|
|||
backup:
|
||||
image: mazzolino/restic:{{ services.restic.version }}
|
||||
restart: always
|
||||
hostname: {{ inventory_hostname_short }}
|
||||
domainname: {{ inventory_hostname }}
|
||||
hostname: {{ hostname }}
|
||||
domainname: {{ fqdn }}
|
||||
environment:
|
||||
RUN_ON_STARTUP: false
|
||||
BACKUP_CRON: "0 30 3 * * *"
|
||||
|
|
|
@ -1,10 +1,6 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- ansible.builtin.import_tasks: ssh-port.yml
|
||||
tags: [change-ssh-port]
|
||||
when: ansible_port != 22
|
||||
|
||||
- ansible.builtin.import_tasks: base.yml
|
||||
tags: [install-base-packages]
|
||||
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
- name: Change SSH port on host
|
||||
lineinfile:
|
||||
dest: "/etc/ssh/sshd_config"
|
||||
regexp: "^#?Port "
|
||||
line: "Port 19022"
|
||||
register: ssh_changed
|
||||
|
||||
- name: Restart sshd
|
||||
service:
|
||||
name: sshd
|
||||
state: restarted
|
||||
when: ssh_changed is defined and
|
||||
ssh_changed.changed
|
||||
|
||||
- name: Change Ansible port to 19022
|
||||
set_fact:
|
||||
ansible_port: 19022
|
||||
when: ssh_changed is defined and
|
||||
ssh_changed.changed
|
|
@ -1,2 +0,0 @@
|
|||
[production]
|
||||
localhost ansible_port=19022
|
Loading…
Reference in a new issue