Created portainer service

2026-05-16 10:09:01 +00:00 · 2018-10-16 10:04:04 -04:00
parent 74ebb46140
commit 47316b9171
7 changed files with 205 additions and 160 deletions
--- a/roles/startup-infrastructure/tasks/configure-portainer.yml
+++ b/roles/startup-infrastructure/tasks/configure-portainer.yml
@@ -0,0 +1,14 @@
 ---
 #https://app.swaggerhub.com/apis/deviantony/Portainer/1.19.2/#/users/
 - name: Check for portainer admin account
  shell: >
    curl --silent -I -X GET "http://portainer.{{ root_domain }}/api/users/admin/check" -H  "accept: application/json"
  register: admin_account_check
  delegate_to: localhost
 - name: Init admin account if it hasn't already
  shell: >
    curl -X POST "http://portainer.{{ root_domain }}/api/users/admin/init" -H  "accept: application/json" -H  \
    "Content-Type: application/json" -d "{  \"Username\": \"admin\",  \"Password\": \"admin-password\"}"
  when: not admin_account_check.stdout | search("204")
  delegate_to: localhost
--- a/roles/startup-infrastructure/tasks/main.yml
+++ b/roles/startup-infrastructure/tasks/main.yml
@@ -16,5 +16,12 @@
  become: true
 - name: Run stack deploy
-  shell: cd /data && docker stack deploy -c startup-infrastructure.yml startup-infrastructure
+  shell: >
-  become: true
+    docker stack deploy -c /data/startup-infrastructure.yml startup-infrastructure
  become: true
 - name: Give containers time to spin up
  wait_for:
    timeout: 120
 - include_tasks: configure-portainer.yml
--- a/roles/startup-infrastructure/templates/docker-compose.yml.j2
+++ b/roles/startup-infrastructure/templates/docker-compose.yml.j2
@@ -1,9 +1,12 @@
 #jinja2: lstrip_blocks: True
 # ^that fixes tab in compose files when jinja2 compiles them
 {% set docker_volumes = ['portainer_data','wekan-db','wekan-db-dump'] %}
 version: '3.1'
 networks:
  appnet:
    external: true
-  wekan:
+  portainer:
-    driver: bridge
+    driver: overlay
 services:
  traefik:
@@ -16,11 +19,65 @@ services:
      - appnet
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
-    command: --docker --docker.swarmMode --docker.domain=traefik --docker.watch --api --ping
+    command: --docker --docker.swarmMode --docker.domain={{ root_domain }} --docker.watch --api --ping
    # --acme --acme.email='test@test.com' --acme.storage='acme.json' --acme.entrypoint='https'
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
-          - node.role == manager
+          - node.role == manager
  portainer-agent:
    image: portainer/agent
    environment:
      # REQUIRED: Should be equal to the service name prefixed by "tasks." when
      # deployed inside an overlay network
      AGENT_CLUSTER_ADDR: tasks.portainer-agent
      # AGENT_PORT: 9001
      # LOG_LEVEL: debug
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - portainer
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]
  portainer:
    image: portainer/portainer
    command: -H tcp://tasks.portainer-agent:9001 --tlsskipverify
    volumes:
      - portainer_data:/data
    networks:
      - portainer
      - appnet
    deploy:
      labels:
        - "traefik.frontend.entryPoints=http"
        - "traefik.protocol=http"
        - "traefik.backend=portainer"
        - "traefik.port=9000"
        - "traefik.docker.network=appnet"
        - "traefik.frontend.rule=Host:portainer.{{ root_domain }}"
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == manager
 volumes:
 {% for volume in docker_volumes %}
  {{ volume }}:
  {% if storage_type == 'nfs' %}
    driver: local
    driver_opts:
      type: nfs
      o: "addr={{ nfs_address }},soft,nolock,rw"
      device: ":{{ nfs_root_path }}/{{ volume }}"
  {% elif storage_type == 'local' %}
    driver: local
  {% endif %}
 {% endfor %}
--- a/roles/startup-infrastructure/templates/old-code.yml
+++ b/roles/startup-infrastructure/templates/old-code.yml
@@ -1,154 +1,116 @@
-  portainer:
+  wekandb:
-    image: portainer/portainer
+    # All Wekan data is stored in MongoDB. For backup and restore, see:
-    networks:
+    #   https://github.com/wekan/wekan/wiki/Export-Docker-Mongo-Data
-      - appnet
+    image: mongo:3.2.21
-    volumes:
+    command: mongod --smallfiles --oplogSize 128
-      - portainer_data:/data
+    networks:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - wekan
-    deploy:
+    volumes:
-      labels:
+      - wekan-db:/data/db
-        - "traefik.frontend.entryPoints=http"
+      - wekan-db-dump:/dump
-        - "traefik.protocol=http"
+    deploy:
-        - "traefik.backend=portainer"
+      mode: replicated
-        - "traefik.port=9000"
+      replicas: 1
-        - "traefik.docker.network=appnet"
+      {% if (groups['workers'] | length) > 0 %}
-        - "traefik.frontend.rule=Host:portainer.{{ root_domain }}"
+      placement:
-      mode: replicated
+        constraints:
-      replicas: 1
+          - node.role == worker
-      {% if {{ groups['workers'] | length }} > 0 %}
+      {% endif %}
-      placement:
+
-        constraints:
+  wekan:
-          - node.role == worker
+    image: quay.io/wekan/wekan
-      {% endif %}
+    networks:
-
+      - wekan
-  bitwarden:
+      - appnet
-    image: mprasil/bitwarden
+    environment:
-    networks:
+      - ROOT_URL=http://{{ root_domain }}
-      - appnet
+      - MONGO_URL=mongodb://wekandb:27017/wekan
-    volumes:
+      #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/
-      - bitwarden_data:/data
+      #- MAIL_FROM='Example Wekan Support <support@example.com>'
-    deploy:
+      - WITH_API=true
-      labels:
+    deploy:
-        - "traefik.frontend.entryPoints=http"
+      labels:
-        - "traefik.protocol=http"
+        - "traefik.frontend.entryPoints=http"
-        - "traefik.backend=bitwarden"
+        - "traefik.protocol=http"
-        - "traefik.port=80"
+        - "traefik.backend=wekan"
-        - "traefik.docker.network=appnet"
+        - "traefik.port=8080"
-        - "traefik.frontend.rule=Host:bitwarden.{{ root_domain }}"
+        - "traefik.docker.network=appnet"
-      mode: replicated
+        - "traefik.frontend.rule=Host:wekan.{{ root_domain }}"
-      replicas: 1
+      mode: replicated
-      {% if {{ groups['workers'] | length }} > 0 %}
+      replicas: 1
-      placement:
+      {% if (groups['workers'] | length) > 0 %}
-        constraints:
+      placement:
-          - node.role == worker
+        constraints:
-      {% endif %}
+          - node.role == worker
-
+      {% endif %}
-  gitea:
+
-    image: gitea/gitea:latest
+  bitwarden:
-    environment:
+    image: mprasil/bitwarden
-      - USER_UID=1000
+    networks:
-      - USER_GID=1000
+      - appnet
-    networks:
+    volumes:
-      - appnet
+      - bitwarden_data:/data
-    volumes:
+    deploy:
-      - gitea_data:/data
+      labels:
-    ports:
+        - "traefik.frontend.entryPoints=http"
-      - "2222:22"
+        - "traefik.protocol=http"
-    deploy:
+        - "traefik.backend=bitwarden"
-      labels:
+        - "traefik.port=80"
-        - "traefik.frontend.entryPoints=http"
+        - "traefik.docker.network=appnet"
-        - "traefik.protocol=http"
+        - "traefik.frontend.rule=Host:bitwarden.{{ root_domain }}"
-        - "traefik.backend=git"
+      mode: replicated
-        - "traefik.port=3000"
+      replicas: 1
-        - "traefik.docker.network=appnet"
+      {% if (groups['workers'] | length) > 0 %}
-        - "traefik.frontend.rule=Host:git.{{ root_domain }}"
+      placement:
-      mode: replicated
+        constraints:
-      replicas: 1
+          - node.role == worker
-      {% if {{ groups['workers'] | length }} > 0 %}
+      {% endif %}
-      placement:
+
-        constraints:
+  gitea:
-          - node.role == worker
+    image: gitea/gitea:latest
-      {% endif %}
+    environment:
-
+      - USER_UID=1000
-  dokuwiki:
+      - USER_GID=1000
-    image: mprasil/dokuwiki
+    networks:
-    networks:
+      - appnet
-      - appnet
+    volumes:
-    volumes:
+      - gitea_data:/data
-      - dokuwiki_data:/dokuwiki
+    ports:
-    deploy:
+      - "2222:22"
-      labels:
+    deploy:
-        - "traefik.frontend.entryPoints=http"
+      labels:
-        - "traefik.protocol=http"
+        - "traefik.frontend.entryPoints=http"
-        - "traefik.backend=dokuwiki"
+        - "traefik.protocol=http"
-        - "traefik.port=80"
+        - "traefik.backend=git"
-        - "traefik.docker.network=appnet"
+        - "traefik.port=3000"
-        - "traefik.frontend.rule=Host:dokuwiki.{{ root_domain }}"
+        - "traefik.docker.network=appnet"
-      mode: replicated
+        - "traefik.frontend.rule=Host:git.{{ root_domain }}"
-      replicas: 1
+      mode: replicated
-      {% if {{ groups['workers'] | length }} > 0 %}
+      replicas: 1
-      placement:
+      {% if (groups['workers'] | length) > 0 %}
-        constraints:
+      placement:
-          - node.role == worker
+        constraints:
-      {% endif %}
+          - node.role == worker
-
+      {% endif %}
-  wekandb:
+
-    # All Wekan data is stored in MongoDB. For backup and restore, see:
+  dokuwiki:
-    #   https://github.com/wekan/wekan/wiki/Export-Docker-Mongo-Data
+    image: mprasil/dokuwiki
-    image: mongo:3.2.21
+    networks:
-    command: mongod --smallfiles --oplogSize 128
+      - appnet
-    networks:
+    volumes:
-      - wekan
+      - dokuwiki_data:/dokuwiki
-    volumes:
+    deploy:
-      - wekan-db:/data/db
+      labels:
-      - wekan-db-dump:/dump
+        - "traefik.frontend.entryPoints=http"
-    deploy:
+        - "traefik.protocol=http"
-      mode: replicated
+        - "traefik.backend=dokuwiki"
-      replicas: 1
+        - "traefik.port=80"
-      {% if {{ groups['workers'] | length }} > 0 %}
+        - "traefik.docker.network=appnet"
-      placement:
+        - "traefik.frontend.rule=Host:dokuwiki.{{ root_domain }}"
-        constraints:
+      mode: replicated
-          - node.role == worker
+      replicas: 1
-      {% endif %}
+      {% if (groups['workers'] | length) > 0 %}
-
+      placement:
-  wekan:
+        constraints:
-    image: quay.io/wekan/wekan
+          - node.role == worker
-    networks:
+      {% endif %}
      - wekan
      - appnet
    environment:
      - ROOT_URL=http://{{ root_domain }}
      - MONGO_URL=mongodb://wekandb:27017/wekan
      #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/
      #- MAIL_FROM='Example Wekan Support <support@example.com>'
      - WITH_API=true
    deploy:
      labels:
        - "traefik.frontend.entryPoints=http"
        - "traefik.protocol=http"
        - "traefik.backend=wekan"
        - "traefik.port=8080"
        - "traefik.docker.network=appnet"
        - "traefik.frontend.rule=Host:wekan.{{ root_domain }}"
      mode: replicated
      replicas: 1
      {% if {{ groups['workers'] | length }} > 0 %}
      placement:
        constraints:
          - node.role == worker
      {% endif %}
 {% set docker_volumes = ['portainer_data','bitwarden_data','gitea_data','dokuwiki_data','wekan-db','wekan-db-dump'] %}
 volumes:
 {% for volume in docker_volumes %}
  {{ volume }}:
  {% if storage_type == 'nfs' %}
    driver: local
    driver_opts:
      type: nfs
      o: "addr={{ nfs_address }},soft,nolock,rw"
      device: ":{{ nfs_root_path }}/{{ volume }}"
  {% elif storage_type == 'local' %}
    driver: local
  {% endif %}
 {% endfor %}
--- a/tests/files/group_vars_all
+++ b/tests/files/group_vars_all
@@ -11,6 +11,7 @@ chosen_timezone: "America/New_York"
 # root domain for all services. You should have an A record for *.root_domain. For example, if your domain is test.com you should have an A record for *.test.com pointing to your node.
 # this will allow automatic dns for for things like dokuwiki.test.com and portainer.test.com
 root_domain: test.com
 portainer_admin_password: "admin-password"
 # interface for the swarm network
 swarm_network_interface: enp0s8
--- a/tests/files/provision-script.sh
+++ b/tests/files/provision-script.sh
@@ -6,6 +6,7 @@ echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYa9zstumlg7XkKoNrJMlIN/zteqMA9J4Gju
 # Setting A record
 echo "192.168.254.2 swarm.test.com" >> /etc/hosts
 echo "192.168.254.2 portainer.test.com" >> /etc/hosts
 cp /vagrant/tests/files/test_rsa /home/vagrant/test_rsa
 chmod 600 /home/vagrant/test_rsa
--- a/tests/vagrant-tests.sh
+++ b/tests/vagrant-tests.sh
@@ -47,6 +47,9 @@ function run-tests {
  testbash "Traefik got deployed" \
    "vagrant ssh client -c 'curl --silent http://swarm.test.com:8081/ping | grep OK > /dev/null'"
  testbash "Portainer was deployed and admin account was initialized" \
    "vagrant ssh client -c 'curl --silent -I \
   -X GET \"http://portainer.test.com/api/users/admin/check\" -H  \"accept: application/json\"' | grep 204"
 }
 function destroy-infrastructure {