cody/startup-infrastructure
1
0
Fork 0
mirror of https://github.com/jcwimer/startup-infrastructure synced 2026-03-24 14:24:43 +00:00
Code Issues Releases Wiki Activity

Used dos2unix to convert all files in repo to unix and set up Traefik service

Browse Source
This commit is contained in:
Jacob Cody Wimer
2018-10-11 12:47:57 -04:00
parent 2b0cfd3f99
commit 74ebb46140
10 changed files with 280 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
playbooks/site.yml
View File

@@ -21,9 +21,9 @@
- import_playbook: swarm.yml - import_playbook: swarm.yml
# - name: Deploy startup-infrastructure swarm stack - name: Deploy startup-infrastructure swarm stack
# hosts: bootstrap hosts: bootstrap
# user: root user: root
# serial: 100% serial: 100%
# tasks: tasks:
# - include: ../roles/startup-infrastructure/tasks/main.yml - include: ../roles/startup-infrastructure/tasks/main.yml

10
roles/dokuwiki/tasks/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Replace sudoers file - name: Replace sudoers file
template: src=../roles/dokuwiki/templates/docker-compose.yml.j2 dest=/data/dokuwiki.yml template: src=../roles/dokuwiki/templates/docker-compose.yml.j2 dest=/data/dokuwiki.yml
- name: Run docker-compose - name: Run docker-compose
shell: cd /data && docker-compose -f dokuwiki.yml up -d shell: cd /data && docker-compose -f dokuwiki.yml up -d

10
roles/gitea/tasks/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Replace sudoers file - name: Replace sudoers file
template: src=../roles/gitea/templates/docker-compose.yml.j2 dest=/data/gitea.yml template: src=../roles/gitea/templates/docker-compose.yml.j2 dest=/data/gitea.yml
- name: Run docker-compose - name: Run docker-compose
shell: cd /data && docker-compose -f gitea.yml up -d shell: cd /data && docker-compose -f gitea.yml up -d

26
roles/startup-infrastructure/tasks/main.yml
View File

@@ -1,6 +1,20 @@
--- ---
- name: Place the compose file - name: Create appnet
template: src=../roles/startup-infrastructure/templates/docker-compose.yml.j2 dest=/data/startup-infrastructure.yml shell: >
docker network ls | grep "appnet" ||
- name: Run stack deploy {
shell: cd /data && docker stack deploy -c startup-infrastructure.yml startup-infrastructure docker network create --driver overlay appnet
}
become: true
- name: Place the compose file
template:
src: ../roles/startup-infrastructure/templates/docker-compose.yml.j2
dest: /data/startup-infrastructure.yml
mode: 0600
become: true
- name: Run stack deploy
shell: cd /data && docker stack deploy -c startup-infrastructure.yml startup-infrastructure
become: true

205
roles/startup-infrastructure/templates/docker-compose.yml.j2
View File

@@ -1,179 +1,26 @@
version: '3.1' version: '3.1'
networks: networks:
appnet: appnet:
wekan: external: true
driver: bridge wekan:
driver: bridge
services:
traefik: services:
image: traefik:1.6.4 traefik:
ports: image: traefik:1.6.4
- "80:80" ports:
- "443:443" - "80:80"
- "8081:8080" - "443:443"
networks: - "8081:8080"
- appnet networks:
volumes: - appnet
- ./traefik.toml:/etc/traefik/traefik.toml volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
deploy: command: --docker --docker.swarmMode --docker.domain=traefik --docker.watch --api --ping
mode: replicated # --acme --acme.email='test@test.com' --acme.storage='acme.json' --acme.entrypoint='https'
replicas: 1 deploy:
placement: mode: replicated
constraints: replicas: 1
- node.role == manager placement:
constraints:
portainer: - node.role == manager
image: portainer/portainer
networks:
- appnet
volumes:
- portainer_data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=portainer"
- "traefik.port=9000"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:portainer.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
bitwarden:
image: mprasil/bitwarden
networks:
- appnet
volumes:
- bitwarden_data:/data
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=bitwarden"
- "traefik.port=80"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:bitwarden.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
gitea:
image: gitea/gitea:latest
environment:
- USER_UID=1000
- USER_GID=1000
networks:
- appnet
volumes:
- gitea_data:/data
ports:
- "2222:22"
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=git"
- "traefik.port=3000"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:git.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
dokuwiki:
image: mprasil/dokuwiki
networks:
- appnet
volumes:
- dokuwiki_data:/dokuwiki
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=dokuwiki"
- "traefik.port=80"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:dokuwiki.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
wekandb:
# All Wekan data is stored in MongoDB. For backup and restore, see:
# https://github.com/wekan/wekan/wiki/Export-Docker-Mongo-Data
image: mongo:3.2.21
command: mongod --smallfiles --oplogSize 128
networks:
- wekan
volumes:
- wekan-db:/data/db
- wekan-db-dump:/dump
deploy:
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
wekan:
image: quay.io/wekan/wekan
networks:
- wekan
- appnet
environment:
- ROOT_URL=http://{{ root_domain }}
- MONGO_URL=mongodb://wekandb:27017/wekan
#- MAIL_URL=smtp://user:pass@mailserver.example.com:25/
#- MAIL_FROM='Example Wekan Support <support@example.com>'
- WITH_API=true
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=wekan"
- "traefik.port=8080"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:wekan.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
{% set docker_volumes = ['portainer_data','bitwarden_data','gitea_data','dokuwiki_data','wekan-db','wekan-db-dump'] %}
volumes:
{% for volume in docker_volumes %}
{{ volume }}:
{% if storage_type == 'nfs' %}
driver: local
driver_opts:
type: nfs
o: "addr={{ nfs_address }},soft,nolock,rw"
device: ":{{ nfs_root_path }}/{{ volume }}"
{% elif storage_type == 'local' %}
driver: local
{% endif %}
{% endfor %}

154
roles/startup-infrastructure/templates/old-code.yml Normal file
View File

@@ -0,0 +1,154 @@
portainer:
image: portainer/portainer
networks:
- appnet
volumes:
- portainer_data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=portainer"
- "traefik.port=9000"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:portainer.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
bitwarden:
image: mprasil/bitwarden
networks:
- appnet
volumes:
- bitwarden_data:/data
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=bitwarden"
- "traefik.port=80"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:bitwarden.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
gitea:
image: gitea/gitea:latest
environment:
- USER_UID=1000
- USER_GID=1000
networks:
- appnet
volumes:
- gitea_data:/data
ports:
- "2222:22"
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=git"
- "traefik.port=3000"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:git.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
dokuwiki:
image: mprasil/dokuwiki
networks:
- appnet
volumes:
- dokuwiki_data:/dokuwiki
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=dokuwiki"
- "traefik.port=80"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:dokuwiki.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
wekandb:
# All Wekan data is stored in MongoDB. For backup and restore, see:
# https://github.com/wekan/wekan/wiki/Export-Docker-Mongo-Data
image: mongo:3.2.21
command: mongod --smallfiles --oplogSize 128
networks:
- wekan
volumes:
- wekan-db:/data/db
- wekan-db-dump:/dump
deploy:
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
wekan:
image: quay.io/wekan/wekan
networks:
- wekan
- appnet
environment:
- ROOT_URL=http://{{ root_domain }}
- MONGO_URL=mongodb://wekandb:27017/wekan
#- MAIL_URL=smtp://user:pass@mailserver.example.com:25/
#- MAIL_FROM='Example Wekan Support <support@example.com>'
- WITH_API=true
deploy:
labels:
- "traefik.frontend.entryPoints=http"
- "traefik.protocol=http"
- "traefik.backend=wekan"
- "traefik.port=8080"
- "traefik.docker.network=appnet"
- "traefik.frontend.rule=Host:wekan.{{ root_domain }}"
mode: replicated
replicas: 1
{% if {{ groups['workers'] | length }} > 0 %}
placement:
constraints:
- node.role == worker
{% endif %}
{% set docker_volumes = ['portainer_data','bitwarden_data','gitea_data','dokuwiki_data','wekan-db','wekan-db-dump'] %}
volumes:
{% for volume in docker_volumes %}
{{ volume }}:
{% if storage_type == 'nfs' %}
driver: local
driver_opts:
type: nfs
o: "addr={{ nfs_address }},soft,nolock,rw"
device: ":{{ nfs_root_path }}/{{ volume }}"
{% elif storage_type == 'local' %}
driver: local
{% endif %}
{% endfor %}

20
tasks/ansible-dependencies.yml
View File

@@ -1,11 +1,11 @@
--- ---
- name: Install package dependencies - name: Install package dependencies
raw: apt-get update -qq && apt-get install -y python-dev python-simplejson python-urllib3 python-openssl python-pyasn1 python-pip ca-certificates raw: apt-get update -qq && apt-get install -y python-dev python-simplejson python-urllib3 python-openssl python-pyasn1 python-pip ca-certificates
- name: Install pip dependencies - name: Install pip dependencies
raw: pip install ndg-httpsclient raw: pip install ndg-httpsclient
ignore_errors: true ignore_errors: true
- name: Install pip dependencies again because it fails sometimes - name: Install pip dependencies again because it fails sometimes
raw: pip install ndg-httpsclient raw: pip install ndg-httpsclient
ignore_errors: true ignore_errors: true

94
tasks/ubuntu-common.yml
View File

@@ -1,48 +1,48 @@
--- ---
- name: Add docker key - name: Add docker key
apt_key: apt_key:
url: https://download.docker.com/linux/ubuntu/gpg url: https://download.docker.com/linux/ubuntu/gpg
state: present state: present
- name: Add docker repo - name: Add docker repo
apt_repository: apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
state: present state: present
- name: Update apt - name: Update apt
apt: update_cache=yes apt: update_cache=yes
- name: Install standard programs - name: Install standard programs
apt: name={{ item }} state=present force=yes apt: name={{ item }} state=present force=yes
with_items: with_items:
- htop - htop
- curl - curl
- openssh-server - openssh-server
- git - git
- rsync - rsync
- zip - zip
- unzip - unzip
- fail2ban - fail2ban
- ntp - ntp
- mysql-client - mysql-client
- wget - wget
- nfs-common - nfs-common
- docker-ce={{docker_ce_version_to_install}} - docker-ce={{docker_ce_version_to_install}}
- sshpass - sshpass
- ack-grep - ack-grep
- dnsutils - dnsutils
- nmon - nmon
- build-essential - build-essential
- tmux - tmux
- name: Docker compose version - name: Docker compose version
get_url: get_url:
url: "https://github.com/docker/compose/releases/download/{{docker_compose_version_to_install}}/docker-compose-{{ ansible_system }}-{{ ansible_userspace_architecture }}" url: "https://github.com/docker/compose/releases/download/{{docker_compose_version_to_install}}/docker-compose-{{ ansible_system }}-{{ ansible_userspace_architecture }}"
dest: /usr/local/bin/docker-compose dest: /usr/local/bin/docker-compose
validate_certs: false validate_certs: false
mode: 0755 mode: 0755
- name: Set timezone to NewYork - name: Set timezone to NewYork
timezone: timezone:
name: America/New_York name: America/New_York
ignore_errors: true ignore_errors: true

4
tests/files/provision-script.sh
View File

@@ -1,8 +1,12 @@
#!/bin/bash #!/bin/bash
# Putting test_rsa.pub into root and vagrant authorized keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYa9zstumlg7XkKoNrJMlIN/zteqMA9J4GjuZA7r0xfMPrz4CglxzYKd/BhBpwp/HhU+vSR6vBa15kRODHdPZ+T1oXzMXAmMT3R2ZJRqF280Hsx9sK0X+FZWM84e4a1zQUrxuWyWJ4kKIiaX6DBAmhy8zHNvQ0c4Nk1exfwRicojaze71qrexSas4FHWaI4usC/g3mMKfiML/QX0UWW/G+D8qrg3cK3zClG916XlY/p1h9SWantqz75ea33TtmDNW6iCraKSjVeDGfzhshJsmQ7+/Rr/L4/s7hdpwTqdjSlJTIi61eBxcpDfMWBmsHOMZgnsTZ3wrdYXo70k44moA7 vagrant@test" >> /home/vagrant/.ssh/authorized_keys echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYa9zstumlg7XkKoNrJMlIN/zteqMA9J4GjuZA7r0xfMPrz4CglxzYKd/BhBpwp/HhU+vSR6vBa15kRODHdPZ+T1oXzMXAmMT3R2ZJRqF280Hsx9sK0X+FZWM84e4a1zQUrxuWyWJ4kKIiaX6DBAmhy8zHNvQ0c4Nk1exfwRicojaze71qrexSas4FHWaI4usC/g3mMKfiML/QX0UWW/G+D8qrg3cK3zClG916XlY/p1h9SWantqz75ea33TtmDNW6iCraKSjVeDGfzhshJsmQ7+/Rr/L4/s7hdpwTqdjSlJTIi61eBxcpDfMWBmsHOMZgnsTZ3wrdYXo70k44moA7 vagrant@test" >> /home/vagrant/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYa9zstumlg7XkKoNrJMlIN/zteqMA9J4GjuZA7r0xfMPrz4CglxzYKd/BhBpwp/HhU+vSR6vBa15kRODHdPZ+T1oXzMXAmMT3R2ZJRqF280Hsx9sK0X+FZWM84e4a1zQUrxuWyWJ4kKIiaX6DBAmhy8zHNvQ0c4Nk1exfwRicojaze71qrexSas4FHWaI4usC/g3mMKfiML/QX0UWW/G+D8qrg3cK3zClG916XlY/p1h9SWantqz75ea33TtmDNW6iCraKSjVeDGfzhshJsmQ7+/Rr/L4/s7hdpwTqdjSlJTIi61eBxcpDfMWBmsHOMZgnsTZ3wrdYXo70k44moA7 vagrant@test" >> /root/.ssh/authorized_keys echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYa9zstumlg7XkKoNrJMlIN/zteqMA9J4GjuZA7r0xfMPrz4CglxzYKd/BhBpwp/HhU+vSR6vBa15kRODHdPZ+T1oXzMXAmMT3R2ZJRqF280Hsx9sK0X+FZWM84e4a1zQUrxuWyWJ4kKIiaX6DBAmhy8zHNvQ0c4Nk1exfwRicojaze71qrexSas4FHWaI4usC/g3mMKfiML/QX0UWW/G+D8qrg3cK3zClG916XlY/p1h9SWantqz75ea33TtmDNW6iCraKSjVeDGfzhshJsmQ7+/Rr/L4/s7hdpwTqdjSlJTIi61eBxcpDfMWBmsHOMZgnsTZ3wrdYXo70k44moA7 vagrant@test" >> /root/.ssh/authorized_keys
# Setting A record
echo "192.168.254.2 swarm.test.com" >> /etc/hosts
cp /vagrant/tests/files/test_rsa /home/vagrant/test_rsa cp /vagrant/tests/files/test_rsa /home/vagrant/test_rsa
chmod 600 /home/vagrant/test_rsa chmod 600 /home/vagrant/test_rsa
chown vagrant:vagrant /home/vagrant/test_rsa chown vagrant:vagrant /home/vagrant/test_rsa

3
tests/vagrant-tests.sh
View File

@@ -44,6 +44,9 @@ function run-tests {
testbash "The swarm has a leader" \ testbash "The swarm has a leader" \
"test ${number_of_docker_leaders} -eq 1" "test ${number_of_docker_leaders} -eq 1"
testbash "Traefik got deployed" \
"vagrant ssh client -c 'curl --silent http://swarm.test.com:8081/ping | grep OK > /dev/null'"
} }
function destroy-infrastructure { function destroy-infrastructure {