From 74ebb4614009546aab86d65d9d69b389fbdfede2 Mon Sep 17 00:00:00 2001 From: Jacob Cody Wimer Date: Thu, 11 Oct 2018 12:47:57 -0400 Subject: [PATCH] Used dos2unix to convert all files in repo to unix and set up Traefik service --- playbooks/site.yml | 12 +- roles/dokuwiki/tasks/main.yml | 10 +- roles/gitea/tasks/main.yml | 10 +- roles/startup-infrastructure/tasks/main.yml | 26 ++- .../templates/docker-compose.yml.j2 | 205 +++--------------- .../templates/old-code.yml | 154 +++++++++++++ tasks/ansible-dependencies.yml | 20 +- tasks/ubuntu-common.yml | 94 ++++---- tests/files/provision-script.sh | 4 + tests/vagrant-tests.sh | 3 + 10 files changed, 280 insertions(+), 258 deletions(-) create mode 100644 roles/startup-infrastructure/templates/old-code.yml diff --git a/playbooks/site.yml b/playbooks/site.yml index 8d4883a..907700e 100644 --- a/playbooks/site.yml +++ b/playbooks/site.yml @@ -21,9 +21,9 @@ - import_playbook: swarm.yml -# - name: Deploy startup-infrastructure swarm stack -# hosts: bootstrap -# user: root -# serial: 100% -# tasks: -# - include: ../roles/startup-infrastructure/tasks/main.yml \ No newline at end of file +- name: Deploy startup-infrastructure swarm stack + hosts: bootstrap + user: root + serial: 100% + tasks: + - include: ../roles/startup-infrastructure/tasks/main.yml \ No newline at end of file diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index 3dff465..7f6a721 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -1,6 +1,6 @@ ---- -- name: Replace sudoers file - template: src=../roles/dokuwiki/templates/docker-compose.yml.j2 dest=/data/dokuwiki.yml - -- name: Run docker-compose +--- +- name: Replace sudoers file + template: src=../roles/dokuwiki/templates/docker-compose.yml.j2 dest=/data/dokuwiki.yml + +- name: Run docker-compose shell: cd /data && docker-compose -f dokuwiki.yml up -d \ No newline at end of file diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 7ed2fe6..5820968 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -1,6 +1,6 @@ ---- -- name: Replace sudoers file - template: src=../roles/gitea/templates/docker-compose.yml.j2 dest=/data/gitea.yml - -- name: Run docker-compose +--- +- name: Replace sudoers file + template: src=../roles/gitea/templates/docker-compose.yml.j2 dest=/data/gitea.yml + +- name: Run docker-compose shell: cd /data && docker-compose -f gitea.yml up -d \ No newline at end of file diff --git a/roles/startup-infrastructure/tasks/main.yml b/roles/startup-infrastructure/tasks/main.yml index 5005f8e..3346c76 100644 --- a/roles/startup-infrastructure/tasks/main.yml +++ b/roles/startup-infrastructure/tasks/main.yml @@ -1,6 +1,20 @@ ---- -- name: Place the compose file - template: src=../roles/startup-infrastructure/templates/docker-compose.yml.j2 dest=/data/startup-infrastructure.yml - -- name: Run stack deploy - shell: cd /data && docker stack deploy -c startup-infrastructure.yml startup-infrastructure \ No newline at end of file +--- +- name: Create appnet + shell: > + docker network ls | grep "appnet" || + { + docker network create --driver overlay appnet + } + become: true + + +- name: Place the compose file + template: + src: ../roles/startup-infrastructure/templates/docker-compose.yml.j2 + dest: /data/startup-infrastructure.yml + mode: 0600 + become: true + +- name: Run stack deploy + shell: cd /data && docker stack deploy -c startup-infrastructure.yml startup-infrastructure + become: true \ No newline at end of file diff --git a/roles/startup-infrastructure/templates/docker-compose.yml.j2 b/roles/startup-infrastructure/templates/docker-compose.yml.j2 index d44904f..7cecc48 100644 --- a/roles/startup-infrastructure/templates/docker-compose.yml.j2 +++ b/roles/startup-infrastructure/templates/docker-compose.yml.j2 @@ -1,179 +1,26 @@ -version: '3.1' -networks: - appnet: - wekan: - driver: bridge - -services: - traefik: - image: traefik:1.6.4 - ports: - - "80:80" - - "443:443" - - "8081:8080" - networks: - - appnet - volumes: - - ./traefik.toml:/etc/traefik/traefik.toml - - /var/run/docker.sock:/var/run/docker.sock:ro - deploy: - mode: replicated - replicas: 1 - placement: - constraints: - - node.role == manager - - portainer: - image: portainer/portainer - networks: - - appnet - volumes: - - portainer_data:/data - - /var/run/docker.sock:/var/run/docker.sock:ro - deploy: - labels: - - "traefik.frontend.entryPoints=http" - - "traefik.protocol=http" - - "traefik.backend=portainer" - - "traefik.port=9000" - - "traefik.docker.network=appnet" - - "traefik.frontend.rule=Host:portainer.{{ root_domain }}" - mode: replicated - replicas: 1 - {% if {{ groups['workers'] | length }} > 0 %} - placement: - constraints: - - node.role == worker - {% endif %} - - bitwarden: - image: mprasil/bitwarden - networks: - - appnet - volumes: - - bitwarden_data:/data - deploy: - labels: - - "traefik.frontend.entryPoints=http" - - "traefik.protocol=http" - - "traefik.backend=bitwarden" - - "traefik.port=80" - - "traefik.docker.network=appnet" - - "traefik.frontend.rule=Host:bitwarden.{{ root_domain }}" - mode: replicated - replicas: 1 - {% if {{ groups['workers'] | length }} > 0 %} - placement: - constraints: - - node.role == worker - {% endif %} - - gitea: - image: gitea/gitea:latest - environment: - - USER_UID=1000 - - USER_GID=1000 - networks: - - appnet - volumes: - - gitea_data:/data - ports: - - "2222:22" - deploy: - labels: - - "traefik.frontend.entryPoints=http" - - "traefik.protocol=http" - - "traefik.backend=git" - - "traefik.port=3000" - - "traefik.docker.network=appnet" - - "traefik.frontend.rule=Host:git.{{ root_domain }}" - mode: replicated - replicas: 1 - {% if {{ groups['workers'] | length }} > 0 %} - placement: - constraints: - - node.role == worker - {% endif %} - - dokuwiki: - image: mprasil/dokuwiki - networks: - - appnet - volumes: - - dokuwiki_data:/dokuwiki - deploy: - labels: - - "traefik.frontend.entryPoints=http" - - "traefik.protocol=http" - - "traefik.backend=dokuwiki" - - "traefik.port=80" - - "traefik.docker.network=appnet" - - "traefik.frontend.rule=Host:dokuwiki.{{ root_domain }}" - mode: replicated - replicas: 1 - {% if {{ groups['workers'] | length }} > 0 %} - placement: - constraints: - - node.role == worker - {% endif %} - - wekandb: - # All Wekan data is stored in MongoDB. For backup and restore, see: - # https://github.com/wekan/wekan/wiki/Export-Docker-Mongo-Data - image: mongo:3.2.21 - command: mongod --smallfiles --oplogSize 128 - networks: - - wekan - volumes: - - wekan-db:/data/db - - wekan-db-dump:/dump - deploy: - mode: replicated - replicas: 1 - {% if {{ groups['workers'] | length }} > 0 %} - placement: - constraints: - - node.role == worker - {% endif %} - - wekan: - image: quay.io/wekan/wekan - networks: - - wekan - - appnet - environment: - - ROOT_URL=http://{{ root_domain }} - - MONGO_URL=mongodb://wekandb:27017/wekan - #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/ - #- MAIL_FROM='Example Wekan Support ' - - WITH_API=true - deploy: - labels: - - "traefik.frontend.entryPoints=http" - - "traefik.protocol=http" - - "traefik.backend=wekan" - - "traefik.port=8080" - - "traefik.docker.network=appnet" - - "traefik.frontend.rule=Host:wekan.{{ root_domain }}" - mode: replicated - replicas: 1 - {% if {{ groups['workers'] | length }} > 0 %} - placement: - constraints: - - node.role == worker - {% endif %} - -{% set docker_volumes = ['portainer_data','bitwarden_data','gitea_data','dokuwiki_data','wekan-db','wekan-db-dump'] %} -volumes: -{% for volume in docker_volumes %} - {{ volume }}: - {% if storage_type == 'nfs' %} - driver: local - driver_opts: - type: nfs - o: "addr={{ nfs_address }},soft,nolock,rw" - device: ":{{ nfs_root_path }}/{{ volume }}" - {% elif storage_type == 'local' %} - driver: local - {% endif %} -{% endfor %} \ No newline at end of file +version: '3.1' +networks: + appnet: + external: true + wekan: + driver: bridge + +services: + traefik: + image: traefik:1.6.4 + ports: + - "80:80" + - "443:443" + - "8081:8080" + networks: + - appnet + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + command: --docker --docker.swarmMode --docker.domain=traefik --docker.watch --api --ping + # --acme --acme.email='test@test.com' --acme.storage='acme.json' --acme.entrypoint='https' + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.role == manager \ No newline at end of file diff --git a/roles/startup-infrastructure/templates/old-code.yml b/roles/startup-infrastructure/templates/old-code.yml new file mode 100644 index 0000000..17b12fc --- /dev/null +++ b/roles/startup-infrastructure/templates/old-code.yml @@ -0,0 +1,154 @@ + portainer: + image: portainer/portainer + networks: + - appnet + volumes: + - portainer_data:/data + - /var/run/docker.sock:/var/run/docker.sock:ro + deploy: + labels: + - "traefik.frontend.entryPoints=http" + - "traefik.protocol=http" + - "traefik.backend=portainer" + - "traefik.port=9000" + - "traefik.docker.network=appnet" + - "traefik.frontend.rule=Host:portainer.{{ root_domain }}" + mode: replicated + replicas: 1 + {% if {{ groups['workers'] | length }} > 0 %} + placement: + constraints: + - node.role == worker + {% endif %} + + bitwarden: + image: mprasil/bitwarden + networks: + - appnet + volumes: + - bitwarden_data:/data + deploy: + labels: + - "traefik.frontend.entryPoints=http" + - "traefik.protocol=http" + - "traefik.backend=bitwarden" + - "traefik.port=80" + - "traefik.docker.network=appnet" + - "traefik.frontend.rule=Host:bitwarden.{{ root_domain }}" + mode: replicated + replicas: 1 + {% if {{ groups['workers'] | length }} > 0 %} + placement: + constraints: + - node.role == worker + {% endif %} + + gitea: + image: gitea/gitea:latest + environment: + - USER_UID=1000 + - USER_GID=1000 + networks: + - appnet + volumes: + - gitea_data:/data + ports: + - "2222:22" + deploy: + labels: + - "traefik.frontend.entryPoints=http" + - "traefik.protocol=http" + - "traefik.backend=git" + - "traefik.port=3000" + - "traefik.docker.network=appnet" + - "traefik.frontend.rule=Host:git.{{ root_domain }}" + mode: replicated + replicas: 1 + {% if {{ groups['workers'] | length }} > 0 %} + placement: + constraints: + - node.role == worker + {% endif %} + + dokuwiki: + image: mprasil/dokuwiki + networks: + - appnet + volumes: + - dokuwiki_data:/dokuwiki + deploy: + labels: + - "traefik.frontend.entryPoints=http" + - "traefik.protocol=http" + - "traefik.backend=dokuwiki" + - "traefik.port=80" + - "traefik.docker.network=appnet" + - "traefik.frontend.rule=Host:dokuwiki.{{ root_domain }}" + mode: replicated + replicas: 1 + {% if {{ groups['workers'] | length }} > 0 %} + placement: + constraints: + - node.role == worker + {% endif %} + + wekandb: + # All Wekan data is stored in MongoDB. For backup and restore, see: + # https://github.com/wekan/wekan/wiki/Export-Docker-Mongo-Data + image: mongo:3.2.21 + command: mongod --smallfiles --oplogSize 128 + networks: + - wekan + volumes: + - wekan-db:/data/db + - wekan-db-dump:/dump + deploy: + mode: replicated + replicas: 1 + {% if {{ groups['workers'] | length }} > 0 %} + placement: + constraints: + - node.role == worker + {% endif %} + + wekan: + image: quay.io/wekan/wekan + networks: + - wekan + - appnet + environment: + - ROOT_URL=http://{{ root_domain }} + - MONGO_URL=mongodb://wekandb:27017/wekan + #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/ + #- MAIL_FROM='Example Wekan Support ' + - WITH_API=true + deploy: + labels: + - "traefik.frontend.entryPoints=http" + - "traefik.protocol=http" + - "traefik.backend=wekan" + - "traefik.port=8080" + - "traefik.docker.network=appnet" + - "traefik.frontend.rule=Host:wekan.{{ root_domain }}" + mode: replicated + replicas: 1 + {% if {{ groups['workers'] | length }} > 0 %} + placement: + constraints: + - node.role == worker + {% endif %} + +{% set docker_volumes = ['portainer_data','bitwarden_data','gitea_data','dokuwiki_data','wekan-db','wekan-db-dump'] %} +volumes: +{% for volume in docker_volumes %} + {{ volume }}: + {% if storage_type == 'nfs' %} + driver: local + driver_opts: + type: nfs + o: "addr={{ nfs_address }},soft,nolock,rw" + device: ":{{ nfs_root_path }}/{{ volume }}" + {% elif storage_type == 'local' %} + driver: local + {% endif %} +{% endfor %} \ No newline at end of file diff --git a/tasks/ansible-dependencies.yml b/tasks/ansible-dependencies.yml index ceaffcb..f23e584 100644 --- a/tasks/ansible-dependencies.yml +++ b/tasks/ansible-dependencies.yml @@ -1,11 +1,11 @@ ---- -- name: Install package dependencies - raw: apt-get update -qq && apt-get install -y python-dev python-simplejson python-urllib3 python-openssl python-pyasn1 python-pip ca-certificates - -- name: Install pip dependencies - raw: pip install ndg-httpsclient - ignore_errors: true - -- name: Install pip dependencies again because it fails sometimes - raw: pip install ndg-httpsclient +--- +- name: Install package dependencies + raw: apt-get update -qq && apt-get install -y python-dev python-simplejson python-urllib3 python-openssl python-pyasn1 python-pip ca-certificates + +- name: Install pip dependencies + raw: pip install ndg-httpsclient + ignore_errors: true + +- name: Install pip dependencies again because it fails sometimes + raw: pip install ndg-httpsclient ignore_errors: true \ No newline at end of file diff --git a/tasks/ubuntu-common.yml b/tasks/ubuntu-common.yml index c1d8f34..8ac6d28 100644 --- a/tasks/ubuntu-common.yml +++ b/tasks/ubuntu-common.yml @@ -1,48 +1,48 @@ ---- -- name: Add docker key - apt_key: - url: https://download.docker.com/linux/ubuntu/gpg - state: present - -- name: Add docker repo - apt_repository: - repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable - state: present - -- name: Update apt - apt: update_cache=yes - -- name: Install standard programs - apt: name={{ item }} state=present force=yes - with_items: - - htop - - curl - - openssh-server - - git - - rsync - - zip - - unzip - - fail2ban - - ntp - - mysql-client - - wget - - nfs-common - - docker-ce={{docker_ce_version_to_install}} - - sshpass - - ack-grep - - dnsutils - - nmon - - build-essential - - tmux - -- name: Docker compose version - get_url: - url: "https://github.com/docker/compose/releases/download/{{docker_compose_version_to_install}}/docker-compose-{{ ansible_system }}-{{ ansible_userspace_architecture }}" - dest: /usr/local/bin/docker-compose - validate_certs: false - mode: 0755 - -- name: Set timezone to NewYork - timezone: - name: America/New_York +--- +- name: Add docker key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + +- name: Add docker repo + apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable + state: present + +- name: Update apt + apt: update_cache=yes + +- name: Install standard programs + apt: name={{ item }} state=present force=yes + with_items: + - htop + - curl + - openssh-server + - git + - rsync + - zip + - unzip + - fail2ban + - ntp + - mysql-client + - wget + - nfs-common + - docker-ce={{docker_ce_version_to_install}} + - sshpass + - ack-grep + - dnsutils + - nmon + - build-essential + - tmux + +- name: Docker compose version + get_url: + url: "https://github.com/docker/compose/releases/download/{{docker_compose_version_to_install}}/docker-compose-{{ ansible_system }}-{{ ansible_userspace_architecture }}" + dest: /usr/local/bin/docker-compose + validate_certs: false + mode: 0755 + +- name: Set timezone to NewYork + timezone: + name: America/New_York ignore_errors: true \ No newline at end of file diff --git a/tests/files/provision-script.sh b/tests/files/provision-script.sh index 5e95926..7646878 100644 --- a/tests/files/provision-script.sh +++ b/tests/files/provision-script.sh @@ -1,8 +1,12 @@ #!/bin/bash +# Putting test_rsa.pub into root and vagrant authorized keys echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYa9zstumlg7XkKoNrJMlIN/zteqMA9J4GjuZA7r0xfMPrz4CglxzYKd/BhBpwp/HhU+vSR6vBa15kRODHdPZ+T1oXzMXAmMT3R2ZJRqF280Hsx9sK0X+FZWM84e4a1zQUrxuWyWJ4kKIiaX6DBAmhy8zHNvQ0c4Nk1exfwRicojaze71qrexSas4FHWaI4usC/g3mMKfiML/QX0UWW/G+D8qrg3cK3zClG916XlY/p1h9SWantqz75ea33TtmDNW6iCraKSjVeDGfzhshJsmQ7+/Rr/L4/s7hdpwTqdjSlJTIi61eBxcpDfMWBmsHOMZgnsTZ3wrdYXo70k44moA7 vagrant@test" >> /home/vagrant/.ssh/authorized_keys echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYa9zstumlg7XkKoNrJMlIN/zteqMA9J4GjuZA7r0xfMPrz4CglxzYKd/BhBpwp/HhU+vSR6vBa15kRODHdPZ+T1oXzMXAmMT3R2ZJRqF280Hsx9sK0X+FZWM84e4a1zQUrxuWyWJ4kKIiaX6DBAmhy8zHNvQ0c4Nk1exfwRicojaze71qrexSas4FHWaI4usC/g3mMKfiML/QX0UWW/G+D8qrg3cK3zClG916XlY/p1h9SWantqz75ea33TtmDNW6iCraKSjVeDGfzhshJsmQ7+/Rr/L4/s7hdpwTqdjSlJTIi61eBxcpDfMWBmsHOMZgnsTZ3wrdYXo70k44moA7 vagrant@test" >> /root/.ssh/authorized_keys +# Setting A record +echo "192.168.254.2 swarm.test.com" >> /etc/hosts + cp /vagrant/tests/files/test_rsa /home/vagrant/test_rsa chmod 600 /home/vagrant/test_rsa chown vagrant:vagrant /home/vagrant/test_rsa \ No newline at end of file diff --git a/tests/vagrant-tests.sh b/tests/vagrant-tests.sh index 5f1929d..d11c875 100644 --- a/tests/vagrant-tests.sh +++ b/tests/vagrant-tests.sh @@ -44,6 +44,9 @@ function run-tests { testbash "The swarm has a leader" \ "test ${number_of_docker_leaders} -eq 1" + testbash "Traefik got deployed" \ + "vagrant ssh client -c 'curl --silent http://swarm.test.com:8081/ping | grep OK > /dev/null'" + } function destroy-infrastructure {