Remove Vagrant support and deploy services selectively

This commit is contained in:
Sam A. 2024-03-29 22:55:56 +01:00
parent ec4f107100
commit ef891ced42
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
23 changed files with 70 additions and 126 deletions

1
.gitignore vendored
View file

@ -1,6 +1,5 @@
*.retry
*.sw*
.vagrant/
*.log
.idea/
.vscode/

39
Vagrantfile vendored
View file

@ -1,39 +0,0 @@
Vagrant.require_version ">= 2.0.0"
PORT = 19022
def provisioned?(vm="default", provider="virtualbox")
File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
end
Vagrant.configure(2) do |config|
config.vm.network :private_network, ip: "192.168.56.10"
config.vm.network :forwarded_port, guest: PORT, host: PORT
config.vm.box = "ubuntu/focal64"
config.vm.hostname = "datacoop"
config.vm.provider :virtualbox do |v|
v.cpus = 8
v.memory = 16384
end
config.vm.provision :ansible do |ansible|
ansible.compatibility_mode = "2.0"
ansible.playbook = "playbook.yml"
ansible.ask_vault_pass = true
ansible.verbose = "v"
# If the VM is already provisioned, we need to use the new port
if provisioned?
config.ssh.guest_port = PORT
ansible.extra_vars = {
ansible_port: PORT,
from_vagrant: true
}
else
ansible.extra_vars = {
from_vagrant: true
}
end
end
end

View file

@ -2,7 +2,7 @@
ask_vault_pass = True
inventory = datacoop_hosts
interpreter_python = /usr/bin/python3
remote_user = root
remote_user = ansible
retry_files_enabled = True
use_persistent_connections = True
forks = 10

View file

@ -2,20 +2,15 @@
usage () {
{
echo "Usage: $0 [--vagrant]"
echo "Usage: $0 [--vagrant] base"
echo "Usage: $0 [--vagrant] users"
echo "Usage: $0 [--vagrant] services [SERVICE]"
echo "Usage: $0"
echo "Usage: $0 base"
echo "Usage: $0 users"
echo "Usage: $0 services [--deploy] [SERVICE]"
} >&2
}
BASE_CMD="ansible-playbook playbook.yml"
if [ "$1" = "--vagrant" ]; then
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
VAGRANT_VAR="from_vagrant"
shift
fi
DEPLOY="false"
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
echo "Installing community.general modules"
@ -28,19 +23,24 @@ if [ -z "$1" ]; then
else
case $1 in
"services")
if [ -n "$2" && "$2" = "--deploy" ]; then
DEPLOY="true"
shift
fi
if [ -z "$2" ]; then
echo "Deploying all services!"
eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY"
else
echo "Deploying service: $2"
$BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY" --extra-vars "single_service=$2"
fi
;;
"base")
eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
$BASE_CMD --tags base_only
;;
"users")
eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
$BASE_CMD --tags setup-users
;;
*)
usage

View file

@ -1,10 +1,7 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
base_domain: data.coop
letsencrypt_email: admin@data.coop
services_include:

View file

@ -1,10 +1,7 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
base_domain: data.coop
letsencrypt_email: admin@data.coop
services_exclude:

View file

@ -1,10 +1,7 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
base_domain: staging.data.coop
letsencrypt_email: admin@data.coop
services_exclude:

View file

@ -2,4 +2,7 @@
# code: language=ansible
---
ansible_host: 85.209.118.134
fqdn: cavall.servers.data.coop
ansible_port: 22
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.servers.data.coop"

View file

@ -3,4 +3,9 @@
---
ansible_host: 85.209.118.134
ansible_port: 19022
fqdn: folald.vm.cavall.servers.data.coop
vm_host: cavall
vm_type: qemu
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

View file

@ -2,4 +2,10 @@
# code: language=ansible
---
ansible_host: 159.223.17.241
fqdn: hestur.servers.data.coop
ansible_port: 22
vm_host: cloud
vm_type: vps
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

View file

@ -3,4 +3,9 @@
---
ansible_host: 85.209.118.142
ansible_port: 19022
fqdn: poltre.vm.cavall.servers.data.coop
vm_host: cavall
vm_type: qemu
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

View file

@ -3,4 +3,9 @@
---
ansible_host: 85.209.118.143
ansible_port: 19022
fqdn: varsa.vm.cavall.servers.data.coop
vm_host: cavall
vm_type: qemu
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

View file

@ -17,3 +17,6 @@ folald
production
staging
control
[physical:children]
proxmox

View file

@ -50,7 +50,6 @@ services:
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
repository: restic
version: "1.7.0"
disabled_in_vagrant: true
# mail dance
domain: "noreply.{{ base_domain }}"
allowed_sender_domain: true

View file

@ -1,27 +1,30 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create volume folder for service {{ service.name }}
- name: Create volume folder for service '{{ service.name }}'
file:
name: "{{ service.vars.volume_folder }}"
state: directory
- name: Upload Compose file for service {{ service.name }}
- name: Upload Compose file for service '{{ service.name }}'
template:
src: compose-files/{{ service.name }}.yml.j2
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
owner: root
mode: u=rw,go=
- name: Run pre-deployment tasks for service {{ service.name }}
include_tasks: pre_deploy/{{ service.name }}.yml
- name: Run pre-deployment tasks for service '{{ service.name }}'
ansible.builtin.include_tasks: pre_deploy/{{ service.name }}.yml
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
- name: Deploy Compose stack for service {{ service.name }}
command: docker compose up -d --remove-orphans --pull always
args:
chdir: "{{ service.vars.volume_folder }}"
- name: Deploy service '{{ service.name }}'
when: deploy_services is defined and deploy_services
block:
- name: Deploy Compose stack for service '{{ service.name }}'
ansible.builtin.command: docker compose up -d --remove-orphans --pull always
args:
chdir: "{{ service.vars.volume_folder }}"
- name: Run post-deployment tasks for service {{ service.name }}
include_tasks: post_deploy/{{ service.name }}.yml
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
- name: Run post-deployment tasks for service '{{ service.name }}'
ansible.builtin.include_tasks: post_deploy/{{ service.name }}.yml
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

View file

@ -9,6 +9,6 @@
- name: log in to registry
docker_login:
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
registry: docker.data.coop
username: docker
password: "{{ docker_password }}"

View file

@ -35,7 +35,6 @@
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
state: hard
force: true
when: letsencrypt_enabled
- name: Hard link to Let's Encrypt TLS key
file:
@ -43,4 +42,3 @@
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
state: hard
force: true
when: letsencrypt_enabled

View file

@ -13,9 +13,7 @@
name: "{{ item }}"
vars: "{{ services[item] }}"
loop: "{{ services_include }}"
when: single_service is not defined and
(item.vars.disabled_in_vagrant is not defined or
not (item.vars.disabled_in_vagrant and vagrant))
when: single_service is not defined
- name: Deploy single service
include_tasks:
@ -24,6 +22,4 @@
service:
name: "{{ single_service }}"
vars: "{{ services[single_service] }}"
when: single_service is defined and single_service in services and
(services[single_service].disabled_in_vagrant is not defined or
not (services[single_service].disabled_in_vagrant and vagrant))
when: single_service is defined and single_service in services

View file

@ -22,7 +22,6 @@ services:
labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
{% if letsencrypt_enabled %}
acme:
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
restart: always
@ -34,7 +33,6 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- proxy
{% endif %}
networks:
external_services:

View file

@ -7,8 +7,8 @@ services:
backup:
image: mazzolino/restic:{{ services.restic.version }}
restart: always
hostname: {{ inventory_hostname_short }}
domainname: {{ inventory_hostname }}
hostname: {{ hostname }}
domainname: {{ fqdn }}
environment:
RUN_ON_STARTUP: false
BACKUP_CRON: "0 30 3 * * *"

View file

@ -1,10 +1,6 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- ansible.builtin.import_tasks: ssh-port.yml
tags: [change-ssh-port]
when: ansible_port != 22
- ansible.builtin.import_tasks: base.yml
tags: [install-base-packages]

View file

@ -1,22 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Change SSH port on host
lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^#?Port "
line: "Port 19022"
register: ssh_changed
- name: Restart sshd
service:
name: sshd
state: restarted
when: ssh_changed is defined and
ssh_changed.changed
- name: Change Ansible port to 19022
set_fact:
ansible_port: 19022
when: ssh_changed is defined and
ssh_changed.changed

View file

@ -1,2 +0,0 @@
[production]
localhost ansible_port=19022