From 92950ffd2dba6307fa5e8d7e15e52b20f7e7a689 Mon Sep 17 00:00:00 2001 From: richard Date: Mon, 2 Oct 2017 06:32:53 -0400 Subject: [PATCH] reworked letsencrypt to use docker containers instead of certbot on the host. --- dkhost.xai-corp.net.yml | 126 ++++++++++-------- dockerfiles/owncloud/docker-compose.yml | 29 ---- .../dkregistry/docker-compose.yml | 2 +- .../{ => services}/filesystem/Dockerfile | 0 .../filesystem/docker.vhost.conf | 0 .../{ => services}/gitea/docker-compose.yml | 0 .../{ => services}/graylog/docker-compose.yml | 0 .../{ => services}/jenkins/docker-compose.yml | 0 .../{ => services}/jira/docker-compose.yml | 0 .../docker-compose-staging-install.yml | 48 +++++++ .../docker-compose-staging-update.yml | 45 +++++++ .../letsencrypt/docker-compose-update.yml | 47 +++++++ .../services/letsencrypt/docker-compose.yml | 84 ++++++++++++ dockerfiles/services/letsencrypt/readme.md | 48 +++++++ .../{ => services}/logstash/Dockerfile | 0 .../logstash/config/logstash.yml | 0 .../logstash/docker-compose.yml | 0 .../orangescrum/docker-compose.yml | 0 dockerfiles/services/owncloud/Dockerfile | 4 + .../services/owncloud/docker-compose-prod.yml | 51 +++++++ .../services/owncloud/docker-compose.yml | 51 +++++++ .../postgres/docker-compose.yml | 0 .../services/{ => services}/cron/Dockerfile | 0 .../{ => services}/cron/docker-compose.yml | 2 +- .../cron/periodic/15min/helloworld | 0 .../elasticsearch/docker-compose.yml | 0 .../{ => services}/mariadb/docker-compose.yml | 0 .../memcached/docker-compose.yml | 0 .../services/minio/docker-compose.yml | 100 ++++++++++++++ .../{ => services}/mongo/docker-compose.yml | 0 .../{ => services}/redis/docker-compose.yml | 0 .../shipyard/docker-compose.yml | 0 .../{ => services}/sslproxy/Dockerfile | 0 .../{ => services}/sslproxy/cetbot/Dockerfile | 0 .../sslproxy/docker-compose-prod.yml | 12 +- .../sslproxy/docker-compose.yml | 0 .../hosts/dkregistry.xai-corp.net.conf | 0 .../sslproxy/hosts/dkui.xai-corp.net.conf | 2 +- .../sslproxy/hosts/fs.xai-corp.net.conf | 2 +- .../sslproxy/hosts/git.xai-corp.net.conf | 2 +- .../sslproxy/hosts/jenkins.xai-corp.net.conf | 2 +- .../sslproxy/hosts/logs.xai-corp.net.conf | 2 +- .../hosts/tripbuilder.xai-corp.net.conf | 0 .../sslproxy/hosts/xaibox.xai-corp.net.conf | 2 +- .../{ => services}/sslproxy/nginx.conf | 0 dockerfiles/{ => services}/sslproxy/readme.md | 0 .../sslproxy/testdata/_first.txt | 0 .../{ => services}/ui/docker-compose.yml | 0 managed_setup.yml | 2 +- managed_updates.yml | 20 +-- roles/certbot/tasks/install.yml | 33 +++++ roles/certbot/tasks/main.yml | 37 +---- roles/certbot/tasks/uninstall.yml | 26 ++++ .../templates/xai-corp.net.internal.j2 | 1 + site-django-test.yml | 8 -- test-ping.yml | 5 +- test01.xai-corp.net.yml | 37 ----- 57 files changed, 632 insertions(+), 198 deletions(-) delete mode 100644 dockerfiles/owncloud/docker-compose.yml rename dockerfiles/{ => services}/dkregistry/docker-compose.yml (93%) rename dockerfiles/{ => services}/filesystem/Dockerfile (100%) rename dockerfiles/{ => services}/filesystem/docker.vhost.conf (100%) rename dockerfiles/{ => services}/gitea/docker-compose.yml (100%) rename dockerfiles/{ => services}/graylog/docker-compose.yml (100%) rename dockerfiles/{ => services}/jenkins/docker-compose.yml (100%) rename dockerfiles/{ => services}/jira/docker-compose.yml (100%) create mode 100644 dockerfiles/services/letsencrypt/docker-compose-staging-install.yml create mode 100644 dockerfiles/services/letsencrypt/docker-compose-staging-update.yml create mode 100644 dockerfiles/services/letsencrypt/docker-compose-update.yml create mode 100644 dockerfiles/services/letsencrypt/docker-compose.yml create mode 100644 dockerfiles/services/letsencrypt/readme.md rename dockerfiles/{ => services}/logstash/Dockerfile (100%) rename dockerfiles/{ => services}/logstash/config/logstash.yml (100%) rename dockerfiles/{ => services}/logstash/docker-compose.yml (100%) rename dockerfiles/{ => services}/orangescrum/docker-compose.yml (100%) create mode 100644 dockerfiles/services/owncloud/Dockerfile create mode 100644 dockerfiles/services/owncloud/docker-compose-prod.yml create mode 100644 dockerfiles/services/owncloud/docker-compose.yml rename dockerfiles/{ => services}/postgres/docker-compose.yml (100%) rename dockerfiles/services/{ => services}/cron/Dockerfile (100%) rename dockerfiles/services/{ => services}/cron/docker-compose.yml (97%) rename dockerfiles/services/{ => services}/cron/periodic/15min/helloworld (100%) rename dockerfiles/services/{ => services}/elasticsearch/docker-compose.yml (100%) rename dockerfiles/services/{ => services}/mariadb/docker-compose.yml (100%) rename dockerfiles/services/{ => services}/memcached/docker-compose.yml (100%) create mode 100644 dockerfiles/services/services/minio/docker-compose.yml rename dockerfiles/services/{ => services}/mongo/docker-compose.yml (100%) rename dockerfiles/services/{ => services}/redis/docker-compose.yml (100%) rename dockerfiles/{ => services}/shipyard/docker-compose.yml (100%) rename dockerfiles/{ => services}/sslproxy/Dockerfile (100%) rename dockerfiles/{ => services}/sslproxy/cetbot/Dockerfile (100%) rename dockerfiles/{ => services}/sslproxy/docker-compose-prod.yml (81%) rename dockerfiles/{ => services}/sslproxy/docker-compose.yml (100%) rename dockerfiles/{ => services}/sslproxy/hosts/dkregistry.xai-corp.net.conf (100%) rename dockerfiles/{ => services}/sslproxy/hosts/dkui.xai-corp.net.conf (98%) rename dockerfiles/{ => services}/sslproxy/hosts/fs.xai-corp.net.conf (82%) rename dockerfiles/{ => services}/sslproxy/hosts/git.xai-corp.net.conf (82%) rename dockerfiles/{ => services}/sslproxy/hosts/jenkins.xai-corp.net.conf (97%) rename dockerfiles/{ => services}/sslproxy/hosts/logs.xai-corp.net.conf (97%) rename dockerfiles/{ => services}/sslproxy/hosts/tripbuilder.xai-corp.net.conf (100%) rename dockerfiles/{ => services}/sslproxy/hosts/xaibox.xai-corp.net.conf (96%) rename dockerfiles/{ => services}/sslproxy/nginx.conf (100%) rename dockerfiles/{ => services}/sslproxy/readme.md (100%) rename dockerfiles/{ => services}/sslproxy/testdata/_first.txt (100%) rename dockerfiles/{ => services}/ui/docker-compose.yml (100%) create mode 100644 roles/certbot/tasks/install.yml create mode 100644 roles/certbot/tasks/uninstall.yml delete mode 100644 site-django-test.yml delete mode 100644 test01.xai-corp.net.yml diff --git a/dkhost.xai-corp.net.yml b/dkhost.xai-corp.net.yml index fd45997..6b58faf 100644 --- a/dkhost.xai-corp.net.yml +++ b/dkhost.xai-corp.net.yml @@ -8,78 +8,86 @@ become: true vars: - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb - datadog_checks: - system: - init_config: [] - instances: [] - disk: - init_config: - instances: - - use_mount: yes - excluded_filesystems: - - sysfs - - cgroup - - tracefs - - debugfs - - proc - - securityfs - - tmpfs - excluded_mountpoint_re: /[media/richard|run/user].* +# datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb +# datadog_config: +# log_level: WARNING +# apm_enabled: false +# datadog_checks: +# system: +# init_config: [] +# instances: [] +# disk: +# init_config: +# instances: +# - use_mount: yes +# excluded_filesystems: +# - sysfs +# - cgroup +# - tracefs +# - debugfs +# - proc +# - securityfs +# - tmpfs +# excluded_mountpoint_re: /[media/richard|run/user].* + docker: init_config: instances: - url: "unix://var/run/docker.sock" new_tag_names: true - dockerhost: - users: - - dd-agent - - richard - - ansible + dockerhost: + users: + - dd-agent + - richard + - ansible - nginx_remove_default_vhost: true - nginx_vhosts_filename: "xai-corp.conf" - nginx_vhosts: - - listen: "80 default_server" - server_name: "xai-corp.net" - root: "/var/www/xai-corp.net" - index: "index.html index.htm" - access_log: "/var/log/nginx/xaicorp.access.log" - error_log: "/var/log/nginx/xaicorp.error.log" + nginx_remove_default_vhost: true + nginx_vhosts_filename: "xai-corp.conf" + nginx_vhosts: + - listen: "80 default_server" + server_name: "xai-corp.net" + root: "/var/www/xai-corp.net" + index: "index.html index.htm" + access_log: "/var/log/nginx/xaicorp.access.log" + error_log: "/var/log/nginx/xaicorp.error.log" - gluster: - vmshare: - host: gluster:/vmshares - mount: /opt/shared - gitea: - host: gluster:/gitea - mount: /var/lib/gitea - jenkins: - host: gluster:/jenkins - mount: /var/lib/jenkins - elasticsearch: - host: gluster:/elasticsearch - mount: /data/elasticsearch + gluster: + vmshare: + host: gluster:/vmshares + mount: /opt/shared + gitea: + host: gluster:/gitea + mount: /var/lib/gitea + jenkins: + host: gluster:/jenkins + mount: /var/lib/jenkins + elasticsearch: + host: gluster:/elasticsearch + mount: /data/elasticsearch - certbot: - domains: - - xai-corp.net - - www.xai-corp.net - - dkregistry.xai-corp.net - - sql.xai-corp.net - - fs.xai-corp.net - - dkhost.xai-corp.net - - git.xai-corp.net - - dkui.xai-corp.net - - jenkins.xai-corp.net - - logs.xai-corp.net - - tripbuilder.xai-corp.net - - xaibox.xai-corp.net + certbot: + uninstall: true + domains: + - xai-corp.net + - www.xai-corp.net + - dkregistry.xai-corp.net + - sql.xai-corp.net + - fs.xai-corp.net + - dkhost.xai-corp.net + - git.xai-corp.net + - dkui.xai-corp.net + - jenkins.xai-corp.net + - logs.xai-corp.net + - tripbuilder.xai-corp.net + - xaibox.xai-corp.net + - office.xai-corp.net roles: - dockerhost - geerlingguy.nginx - certbot +# - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash + post_tasks: diff --git a/dockerfiles/owncloud/docker-compose.yml b/dockerfiles/owncloud/docker-compose.yml deleted file mode 100644 index cf3ffa2..0000000 --- a/dockerfiles/owncloud/docker-compose.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# docker-compose file for owncloud server - -# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml owncloud - -version: '3' -services: - - owncloud: - image: nextcloud:12 - ports: - - 8083:80 -# - 9083:9000 - volumes: - - /opt/shared/nextcloud/data:/var/www/html/data - - /opt/shared/nextcloud/config:/var/www/html/config - - /opt/shared/nextcloud/apps:/var/www/html/custom_apps - - deploy: - mode: replicated - replicas: 1 - restart_policy: - condition: any - delay: "1s" - max_attempts: 5 - resources: - limits: - cpus: '1' - memory: 512M diff --git a/dockerfiles/dkregistry/docker-compose.yml b/dockerfiles/services/dkregistry/docker-compose.yml similarity index 93% rename from dockerfiles/dkregistry/docker-compose.yml rename to dockerfiles/services/dkregistry/docker-compose.yml index 9e29113..66dfb51 100644 --- a/dockerfiles/dkregistry/docker-compose.yml +++ b/dockerfiles/services/dkregistry/docker-compose.yml @@ -3,7 +3,7 @@ # - see https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html # # DOCKER_HOST=dkhost03:2376 docker-compose up -d -# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml services +# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services version: '3' services: diff --git a/dockerfiles/filesystem/Dockerfile b/dockerfiles/services/filesystem/Dockerfile similarity index 100% rename from dockerfiles/filesystem/Dockerfile rename to dockerfiles/services/filesystem/Dockerfile diff --git a/dockerfiles/filesystem/docker.vhost.conf b/dockerfiles/services/filesystem/docker.vhost.conf similarity index 100% rename from dockerfiles/filesystem/docker.vhost.conf rename to dockerfiles/services/filesystem/docker.vhost.conf diff --git a/dockerfiles/gitea/docker-compose.yml b/dockerfiles/services/gitea/docker-compose.yml similarity index 100% rename from dockerfiles/gitea/docker-compose.yml rename to dockerfiles/services/gitea/docker-compose.yml diff --git a/dockerfiles/graylog/docker-compose.yml b/dockerfiles/services/graylog/docker-compose.yml similarity index 100% rename from dockerfiles/graylog/docker-compose.yml rename to dockerfiles/services/graylog/docker-compose.yml diff --git a/dockerfiles/jenkins/docker-compose.yml b/dockerfiles/services/jenkins/docker-compose.yml similarity index 100% rename from dockerfiles/jenkins/docker-compose.yml rename to dockerfiles/services/jenkins/docker-compose.yml diff --git a/dockerfiles/jira/docker-compose.yml b/dockerfiles/services/jira/docker-compose.yml similarity index 100% rename from dockerfiles/jira/docker-compose.yml rename to dockerfiles/services/jira/docker-compose.yml diff --git a/dockerfiles/services/letsencrypt/docker-compose-staging-install.yml b/dockerfiles/services/letsencrypt/docker-compose-staging-install.yml new file mode 100644 index 0000000..f177239 --- /dev/null +++ b/dockerfiles/services/letsencrypt/docker-compose-staging-install.yml @@ -0,0 +1,48 @@ +--- +# docker-compose file for letsencrypt cert management + +# DOCKER_HOST=dkhost01:2376 docker-compose up install +# DOCKER_HOST=dkhost01:2376 docker-compose up updates + +# docker login dkregistry.xai-corp.net:5000 +# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest +# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt + +version: '3' +services: + + install: + image: "blacklabelops/letsencrypt" + container_name: letsencrypt_staging_install + ports: + - 80:80 +# - 443:443 + volumes: + - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt + environment: + LETSENCRYPT_HTTPS_ENABLED: "false" + LETSENCRYPT_EMAIL: r_morgan@sympatico.ca + LETSENCRYPT_DOMAIN1: xai-corp.net + LETSENCRYPT_DOMAIN2: git.xai-corp.net + LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net + LETSENCRYPT_DOMAIN4: dkui.xai-corp.net + LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net + LETSENCRYPT_DOMAIN6: fs.xai-corp.net + LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net + LETSENCRYPT_DOMAIN8: sql.xai-corp.net + LETSENCRYPT_DOMAIN9: office.xai-corp.net + LETSENCRYPT_DOMAIN9: www.xai-corp.net + command: + - install + - --staging + - --expand + + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: none + resources: + limits: + cpus: '0.1' + memory: 256M diff --git a/dockerfiles/services/letsencrypt/docker-compose-staging-update.yml b/dockerfiles/services/letsencrypt/docker-compose-staging-update.yml new file mode 100644 index 0000000..c86cf46 --- /dev/null +++ b/dockerfiles/services/letsencrypt/docker-compose-staging-update.yml @@ -0,0 +1,45 @@ +--- +# docker-compose file for letsencrypt cert management + +# DOCKER_HOST=dkhost01:2376 docker-compose up updates + +# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-staging-update.yml services_letsencrypt + +version: '3' +services: + + updates: + image: "blacklabelops/letsencrypt" + container_name: letsencrypt_staging_updates + ports: + - 80:80 +# - 443:443 + volumes: + - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt + environment: + LETSENCRYPT_HTTPS_ENABLED: "false" + LETSENCRYPT_EMAIL: r_morgan@sympatico.ca + LETSENCRYPT_DOMAIN1: xai-corp.net + LETSENCRYPT_DOMAIN2: git.xai-corp.net + LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net + LETSENCRYPT_DOMAIN4: dkui.xai-corp.net + LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net + LETSENCRYPT_DOMAIN6: fs.xai-corp.net + LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net + LETSENCRYPT_DOMAIN8: sql.xai-corp.net + LETSENCRYPT_DOMAIN9: office.xai-corp.net + LETSENCRYPT_DOMAIN9: www.xai-corp.net + command: + - install + - --staging + - --expand + + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: none + resources: + limits: + cpus: '0.1' + memory: 256M diff --git a/dockerfiles/services/letsencrypt/docker-compose-update.yml b/dockerfiles/services/letsencrypt/docker-compose-update.yml new file mode 100644 index 0000000..6e7aad5 --- /dev/null +++ b/dockerfiles/services/letsencrypt/docker-compose-update.yml @@ -0,0 +1,47 @@ +--- +# docker-compose file for letsencrypt cert management + +# DOCKER_HOST=dkhost01:2376 docker-compose up updates + +# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-update.yml services_letsencrypt + +version: '3' +services: + + updates: + image: "blacklabelops/letsencrypt" + container_name: letsencrypt_staging_updates + ports: + - 80:80 +# - 443:443 + volumes: + - /opt/shared/letsencrypt:/etc/letsencrypt + environment: + LETSENCRYPT_EMAIL: r_morgan@sympatico.ca + LETSENCRYPT_HTTPS_ENABLED: "false" + LETSENCRYPT_TESTCERT: "true" + LETSENCRYPT_DEBUG: "true" + LETSENCRYPT_JOB_TIME: "0 0 1 15 * *" + LETSENCRYPT_DOMAIN1: xai-corp.net + LETSENCRYPT_DOMAIN2: git.xai-corp.net + LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net + LETSENCRYPT_DOMAIN4: dkui.xai-corp.net + LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net + LETSENCRYPT_DOMAIN6: fs.xai-corp.net + LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net + LETSENCRYPT_DOMAIN8: sql.xai-corp.net + LETSENCRYPT_DOMAIN9: office.xai-corp.net + LETSENCRYPT_DOMAIN9: www.xai-corp.net + command: + - install + - --expand + + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: none + resources: + limits: + cpus: '0.1' + memory: 256M diff --git a/dockerfiles/services/letsencrypt/docker-compose.yml b/dockerfiles/services/letsencrypt/docker-compose.yml new file mode 100644 index 0000000..ebed695 --- /dev/null +++ b/dockerfiles/services/letsencrypt/docker-compose.yml @@ -0,0 +1,84 @@ +--- +# docker-compose file for letsencrypt cert management + +# DOCKER_HOST=dkhost01:2376 docker-compose up install +# DOCKER_HOST=dkhost01:2376 docker-compose up updates + +# docker login dkregistry.xai-corp.net:5000 +# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest +# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt + +version: '3' +services: + + install: + image: "blacklabelops/letsencrypt" + container_name: letsencrypt_staging_install + ports: + - 80:80 +# - 443:443 + volumes: + - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt + environment: + LETSENCRYPT_HTTPS_ENABLED: "false" + LETSENCRYPT_EMAIL: r_morgan@sympatico.ca + LETSENCRYPT_DOMAIN1: xai-corp.net + LETSENCRYPT_DOMAIN2: git.xai-corp.net + LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net + LETSENCRYPT_DOMAIN4: dkui.xai-corp.net + LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net + LETSENCRYPT_DOMAIN6: fs.xai-corp.net + LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net + LETSENCRYPT_DOMAIN8: sql.xai-corp.net + LETSENCRYPT_DOMAIN9: office.xai-corp.net + LETSENCRYPT_DOMAIN9: www.xai-corp.net + command: + - install + - --staging + - --expand + + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: none + resources: + limits: + cpus: '0.1' + memory: 256M + + updates: + image: "blacklabelops/letsencrypt" + container_name: letsencrypt_staging_updates + ports: + - 80:80 +# - 443:443 + volumes: + - /opt/shared/letsencrypt-2-staging:/etc/letsencrypt + environment: + LETSENCRYPT_HTTPS_ENABLED: "false" + LETSENCRYPT_EMAIL: r_morgan@sympatico.ca + LETSENCRYPT_DOMAIN1: xai-corp.net + LETSENCRYPT_DOMAIN2: git.xai-corp.net + LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net + LETSENCRYPT_DOMAIN4: dkui.xai-corp.net + LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net + LETSENCRYPT_DOMAIN6: fs.xai-corp.net + LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net + LETSENCRYPT_DOMAIN8: sql.xai-corp.net + LETSENCRYPT_DOMAIN9: office.xai-corp.net + LETSENCRYPT_DOMAIN9: www.xai-corp.net + command: + - install + - --staging + - --expand + + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: none + resources: + limits: + cpus: '0.1' + memory: 256M diff --git a/dockerfiles/services/letsencrypt/readme.md b/dockerfiles/services/letsencrypt/readme.md new file mode 100644 index 0000000..c25a98a --- /dev/null +++ b/dockerfiles/services/letsencrypt/readme.md @@ -0,0 +1,48 @@ +#Letsencrypt container + +run this as a regular container via cron job + +note that this container only takes 2 parameters, so we can use --staging and --merge. maybe we should build our own. + +todo: set this up as a cron + +#install new certs +``` +DOCKER_HOST=dkhost:2376 docker run -d \ + -p 80:80 \ + --name letsencrypt \ + -e "LETSENCRYPT_HTTPS_ENABLED=false" \ + -v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \ + -e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \ + -e "LETSENCRYPT_DOMAIN1=xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN3=xaibox.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN4=dkui.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN5=dkregistry.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN6=fs.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN7=jenkins.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN8=sql.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN9=www.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN90=office.xai-corp.net" \ + blacklabelops/letsencrypt install +``` + +``` +DOCKER_HOST=dkhost:2376 docker run -d \ + -p 80:80 \ + --name letsencrypt_updates \ + -e "LETSENCRYPT_HTTPS_ENABLED=false" \ + -v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \ + -e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \ + -e "LETSENCRYPT_DOMAIN1=xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN3=xaibox.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN4=dkui.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN5=dkregistry.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN6=fs.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN7=jenkins.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN8=sql.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN9=www.xai-corp.net" \ + -e "LETSENCRYPT_DOMAIN90=office.xai-corp.net" \ + blacklabelops/letsencrypt +``` diff --git a/dockerfiles/logstash/Dockerfile b/dockerfiles/services/logstash/Dockerfile similarity index 100% rename from dockerfiles/logstash/Dockerfile rename to dockerfiles/services/logstash/Dockerfile diff --git a/dockerfiles/logstash/config/logstash.yml b/dockerfiles/services/logstash/config/logstash.yml similarity index 100% rename from dockerfiles/logstash/config/logstash.yml rename to dockerfiles/services/logstash/config/logstash.yml diff --git a/dockerfiles/logstash/docker-compose.yml b/dockerfiles/services/logstash/docker-compose.yml similarity index 100% rename from dockerfiles/logstash/docker-compose.yml rename to dockerfiles/services/logstash/docker-compose.yml diff --git a/dockerfiles/orangescrum/docker-compose.yml b/dockerfiles/services/orangescrum/docker-compose.yml similarity index 100% rename from dockerfiles/orangescrum/docker-compose.yml rename to dockerfiles/services/orangescrum/docker-compose.yml diff --git a/dockerfiles/services/owncloud/Dockerfile b/dockerfiles/services/owncloud/Dockerfile new file mode 100644 index 0000000..f7452c0 --- /dev/null +++ b/dockerfiles/services/owncloud/Dockerfile @@ -0,0 +1,4 @@ +FROM nextcloud:12 + +RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/* + diff --git a/dockerfiles/services/owncloud/docker-compose-prod.yml b/dockerfiles/services/owncloud/docker-compose-prod.yml new file mode 100644 index 0000000..d0d6f06 --- /dev/null +++ b/dockerfiles/services/owncloud/docker-compose-prod.yml @@ -0,0 +1,51 @@ +--- +# docker-compose file for owncloud server + +# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-prod.yml owncloud + +version: '3' +services: + + owncloud: + image: dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest + ports: + - 8083:80 +# - 9083:9000 + volumes: + - /opt/shared/nextcloud/data:/var/www/html/data + - /opt/shared/nextcloud/config:/var/www/html/config + - /opt/shared/nextcloud/apps:/var/www/html/custom_apps + + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + delay: "1s" + max_attempts: 5 + resources: + limits: + cpus: '1' + memory: 512M + + collabora: + image: collabora/code + ports: + - 9980:9980 + environment: + domain: office\\.xai-corp\\.net + username: admin + password: ah8031qhnbc + server_name: office.xai-corp.net + + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + delay: "1s" + max_attempts: 5 + resources: + limits: + cpus: '1' + memory: 512M diff --git a/dockerfiles/services/owncloud/docker-compose.yml b/dockerfiles/services/owncloud/docker-compose.yml new file mode 100644 index 0000000..9696be9 --- /dev/null +++ b/dockerfiles/services/owncloud/docker-compose.yml @@ -0,0 +1,51 @@ +--- +# docker-compose file for nextcloud server + +# docker login dkregistry.xai-corp.net:5000 +# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest +# DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml owncloud + +version: '3' +services: + + owncloud: + image: "dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest" + build: + context: . + dockerfile: Dockerfile + ports: + - 8083:80 +# - 9083:9000 + volumes: + - ./data:/var/www/html + + collabora: + image: collabora/code + ports: + - 9980:9980 + environment: + domain: office\\.xai-corp\\.net + username: admin + password: ah8031qhnbc + server_name: office.xai-corp.net + +# letsencrypt: +# image: linuxserver/letsencrypt +# volumes: +# - ./letsencrypt:/config +# environment: +# URL: xai-corp.net +# SUBDOMAINS: www,sql,xaibox,office +# TZ: America/Montreal +# EMAIL: r_morgan@sympatico.ca + + +#TODO: +# cron: + + http: + image: "dkregistry.xai-corp.net:5000/sslproxy:2.0" + volumes: + - ./letsencrypt:/etc/letsencrypt:ro + ports: + - "443:443" diff --git a/dockerfiles/postgres/docker-compose.yml b/dockerfiles/services/postgres/docker-compose.yml similarity index 100% rename from dockerfiles/postgres/docker-compose.yml rename to dockerfiles/services/postgres/docker-compose.yml diff --git a/dockerfiles/services/cron/Dockerfile b/dockerfiles/services/services/cron/Dockerfile similarity index 100% rename from dockerfiles/services/cron/Dockerfile rename to dockerfiles/services/services/cron/Dockerfile diff --git a/dockerfiles/services/cron/docker-compose.yml b/dockerfiles/services/services/cron/docker-compose.yml similarity index 97% rename from dockerfiles/services/cron/docker-compose.yml rename to dockerfiles/services/services/cron/docker-compose.yml index 637b8e0..3ac7880 100644 --- a/dockerfiles/services/cron/docker-compose.yml +++ b/dockerfiles/services/services/cron/docker-compose.yml @@ -10,7 +10,7 @@ services: cron: image: "dkregistry.xai-corp.net:5000/cron:latest" build: - context: . + context: "" dockerfile: Dockerfile deploy: diff --git a/dockerfiles/services/cron/periodic/15min/helloworld b/dockerfiles/services/services/cron/periodic/15min/helloworld similarity index 100% rename from dockerfiles/services/cron/periodic/15min/helloworld rename to dockerfiles/services/services/cron/periodic/15min/helloworld diff --git a/dockerfiles/services/elasticsearch/docker-compose.yml b/dockerfiles/services/services/elasticsearch/docker-compose.yml similarity index 100% rename from dockerfiles/services/elasticsearch/docker-compose.yml rename to dockerfiles/services/services/elasticsearch/docker-compose.yml diff --git a/dockerfiles/services/mariadb/docker-compose.yml b/dockerfiles/services/services/mariadb/docker-compose.yml similarity index 100% rename from dockerfiles/services/mariadb/docker-compose.yml rename to dockerfiles/services/services/mariadb/docker-compose.yml diff --git a/dockerfiles/services/memcached/docker-compose.yml b/dockerfiles/services/services/memcached/docker-compose.yml similarity index 100% rename from dockerfiles/services/memcached/docker-compose.yml rename to dockerfiles/services/services/memcached/docker-compose.yml diff --git a/dockerfiles/services/services/minio/docker-compose.yml b/dockerfiles/services/services/minio/docker-compose.yml new file mode 100644 index 0000000..839ecd5 --- /dev/null +++ b/dockerfiles/services/services/minio/docker-compose.yml @@ -0,0 +1,100 @@ +--- +#minio s3 clone +#https://docs.minio.io/docs/deploy-minio-on-docker-swarm +# DOCKER_HOST=dkhost:2376 docker-compose up -d +# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml s3 + +version: '3.1' + +services: + minio1: + image: minio/minio:RELEASE.2017-08-05T00-00-53Z + volumes: + - minio1-data:/export + ports: + - "9061:9000" + networks: + - minio_distributed + deploy: + restart_policy: + delay: 10s + max_attempts: 10 + window: 60s + command: server http://s3_minio1/export +# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export + secrets: + - s3_secret_key + - s3_access_key + +# minio2: +# image: minio/minio:RELEASE.2017-08-05T00-00-53Z +# volumes: +# - minio2-data:/export +# ports: +# - "9062:9000" +# networks: +# - minio_distributed +# deploy: +# restart_policy: +# delay: 10s +# max_attempts: 10 +# window: 60s +# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export +# secrets: +# - s3_secret_key +# - s3_access_key +# +# minio3: +# image: minio/minio:RELEASE.2017-08-05T00-00-53Z +# volumes: +# - minio3-data:/export +# ports: +# - "9063:9000" +# networks: +# - minio_distributed +# deploy: +# restart_policy: +# delay: 10s +# max_attempts: 10 +# window: 60s +# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export +# secrets: +# - s3_secret_key +# - s3_access_key +# +# minio4: +# image: minio/minio:RELEASE.2017-08-05T00-00-53Z +# volumes: +# - minio4-data:/export +# ports: +# - "9064:9000" +# networks: +# - minio_distributed +# deploy: +# restart_policy: +# delay: 10s +# max_attempts: 10 +# window: 60s +# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export +# secrets: +# - s3_secret_key +# - s3_access_key + +volumes: + minio1-data: + + minio2-data: + + minio3-data: + + minio4-data: + +networks: + minio_distributed: + driver: overlay + +secrets: + s3_secret_key: + external: true + s3_access_key: + external: true diff --git a/dockerfiles/services/mongo/docker-compose.yml b/dockerfiles/services/services/mongo/docker-compose.yml similarity index 100% rename from dockerfiles/services/mongo/docker-compose.yml rename to dockerfiles/services/services/mongo/docker-compose.yml diff --git a/dockerfiles/services/redis/docker-compose.yml b/dockerfiles/services/services/redis/docker-compose.yml similarity index 100% rename from dockerfiles/services/redis/docker-compose.yml rename to dockerfiles/services/services/redis/docker-compose.yml diff --git a/dockerfiles/shipyard/docker-compose.yml b/dockerfiles/services/shipyard/docker-compose.yml similarity index 100% rename from dockerfiles/shipyard/docker-compose.yml rename to dockerfiles/services/shipyard/docker-compose.yml diff --git a/dockerfiles/sslproxy/Dockerfile b/dockerfiles/services/sslproxy/Dockerfile similarity index 100% rename from dockerfiles/sslproxy/Dockerfile rename to dockerfiles/services/sslproxy/Dockerfile diff --git a/dockerfiles/sslproxy/cetbot/Dockerfile b/dockerfiles/services/sslproxy/cetbot/Dockerfile similarity index 100% rename from dockerfiles/sslproxy/cetbot/Dockerfile rename to dockerfiles/services/sslproxy/cetbot/Dockerfile diff --git a/dockerfiles/sslproxy/docker-compose-prod.yml b/dockerfiles/services/sslproxy/docker-compose-prod.yml similarity index 81% rename from dockerfiles/sslproxy/docker-compose-prod.yml rename to dockerfiles/services/sslproxy/docker-compose-prod.yml index f1f9640..9ab9fcc 100644 --- a/dockerfiles/sslproxy/docker-compose-prod.yml +++ b/dockerfiles/services/sslproxy/docker-compose-prod.yml @@ -1,7 +1,7 @@ --- # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d # docker login dkregistry.xai-corp.net:5000 -# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:latest +# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.0 # DOCKER_HOST=dkhost01:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy # DOCKER_HOST=dkhost01:2376 docker stack ps sslproxy @@ -14,11 +14,11 @@ services: ports: - "443:443" - logging: - driver: syslog - options: - syslog-address: "tcp+tls://logs6.papertrailapp.com:38577" - tag: "{{.Name}}/{{.ID}}" +# logging: +# driver: syslog +# options: +# syslog-address: "tcp+tls://logs6.papertrailapp.com:38577" +# tag: "{{.Name}}/{{.ID}}" deploy: mode: replicated diff --git a/dockerfiles/sslproxy/docker-compose.yml b/dockerfiles/services/sslproxy/docker-compose.yml similarity index 100% rename from dockerfiles/sslproxy/docker-compose.yml rename to dockerfiles/services/sslproxy/docker-compose.yml diff --git a/dockerfiles/sslproxy/hosts/dkregistry.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/dkregistry.xai-corp.net.conf similarity index 100% rename from dockerfiles/sslproxy/hosts/dkregistry.xai-corp.net.conf rename to dockerfiles/services/sslproxy/hosts/dkregistry.xai-corp.net.conf diff --git a/dockerfiles/sslproxy/hosts/dkui.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf similarity index 98% rename from dockerfiles/sslproxy/hosts/dkui.xai-corp.net.conf rename to dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf index 4718cf9..3578999 100644 --- a/dockerfiles/sslproxy/hosts/dkui.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf @@ -2,7 +2,7 @@ server { listen 443 ssl; server_name dkui.xai-corp.net; - ssl_certificate /etc/letsencrypt/live/dkui.xai-corp.net/cert.pem; + ssl_certificate /etc/letsencrypt/live/dkui.xai-corp.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dkui.xai-corp.net/privkey.pem; #Strict-Transport-Security: max-age=15768000 diff --git a/dockerfiles/sslproxy/hosts/fs.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf similarity index 82% rename from dockerfiles/sslproxy/hosts/fs.xai-corp.net.conf rename to dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf index 31530a3..f98a3e4 100644 --- a/dockerfiles/sslproxy/hosts/fs.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf @@ -2,7 +2,7 @@ server { listen 443 ssl; server_name fs.xai-corp.net; - ssl_certificate /etc/letsencrypt/live/fs.xai-corp.net/cert.pem; + ssl_certificate /etc/letsencrypt/live/fs.xai-corp.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/fs.xai-corp.net/privkey.pem; #Strict-Transport-Security: max-age=15768000 diff --git a/dockerfiles/sslproxy/hosts/git.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf similarity index 82% rename from dockerfiles/sslproxy/hosts/git.xai-corp.net.conf rename to dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf index 95325de..addc291 100644 --- a/dockerfiles/sslproxy/hosts/git.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf @@ -2,7 +2,7 @@ server { listen 443 ssl; server_name git.xai-corp.net; - ssl_certificate /etc/letsencrypt/live/git.xai-corp.net/cert.pem; + ssl_certificate /etc/letsencrypt/live/git.xai-corp.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/git.xai-corp.net/privkey.pem; #Strict-Transport-Security: max-age=15768000 diff --git a/dockerfiles/sslproxy/hosts/jenkins.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf similarity index 97% rename from dockerfiles/sslproxy/hosts/jenkins.xai-corp.net.conf rename to dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf index ffda5d8..f4f09da 100644 --- a/dockerfiles/sslproxy/hosts/jenkins.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf @@ -2,7 +2,7 @@ server { listen 443 ssl; server_name jenkins.xai-corp.net; - ssl_certificate /etc/letsencrypt/live/jenkins.xai-corp.net/cert.pem; + ssl_certificate /etc/letsencrypt/live/jenkins.xai-corp.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/jenkins.xai-corp.net/privkey.pem; #Strict-Transport-Security: max-age=15768000 diff --git a/dockerfiles/sslproxy/hosts/logs.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/logs.xai-corp.net.conf similarity index 97% rename from dockerfiles/sslproxy/hosts/logs.xai-corp.net.conf rename to dockerfiles/services/sslproxy/hosts/logs.xai-corp.net.conf index 8b33da8..a41b3dd 100644 --- a/dockerfiles/sslproxy/hosts/logs.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/logs.xai-corp.net.conf @@ -2,7 +2,7 @@ server { listen 443 ssl; server_name logs.xai-corp.net; - ssl_certificate /etc/letsencrypt/live/logs.xai-corp.net/cert.pem; + ssl_certificate /etc/letsencrypt/live/logs.xai-corp.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/logs.xai-corp.net/privkey.pem; #Strict-Transport-Security: max-age=15768000 add_header Strict-Transport-Security "max-age=600; includeSubDomains" always; diff --git a/dockerfiles/sslproxy/hosts/tripbuilder.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/tripbuilder.xai-corp.net.conf similarity index 100% rename from dockerfiles/sslproxy/hosts/tripbuilder.xai-corp.net.conf rename to dockerfiles/services/sslproxy/hosts/tripbuilder.xai-corp.net.conf diff --git a/dockerfiles/sslproxy/hosts/xaibox.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf similarity index 96% rename from dockerfiles/sslproxy/hosts/xaibox.xai-corp.net.conf rename to dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf index d957a1b..4d0a89e 100644 --- a/dockerfiles/sslproxy/hosts/xaibox.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf @@ -2,7 +2,7 @@ server { listen 443 ssl; server_name xaibox.xai-corp.net; - ssl_certificate /etc/letsencrypt/live/xaibox.xai-corp.net/cert.pem; + ssl_certificate /etc/letsencrypt/live/xaibox.xai-corp.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xaibox.xai-corp.net/privkey.pem; client_max_body_size 200m; diff --git a/dockerfiles/sslproxy/nginx.conf b/dockerfiles/services/sslproxy/nginx.conf similarity index 100% rename from dockerfiles/sslproxy/nginx.conf rename to dockerfiles/services/sslproxy/nginx.conf diff --git a/dockerfiles/sslproxy/readme.md b/dockerfiles/services/sslproxy/readme.md similarity index 100% rename from dockerfiles/sslproxy/readme.md rename to dockerfiles/services/sslproxy/readme.md diff --git a/dockerfiles/sslproxy/testdata/_first.txt b/dockerfiles/services/sslproxy/testdata/_first.txt similarity index 100% rename from dockerfiles/sslproxy/testdata/_first.txt rename to dockerfiles/services/sslproxy/testdata/_first.txt diff --git a/dockerfiles/ui/docker-compose.yml b/dockerfiles/services/ui/docker-compose.yml similarity index 100% rename from dockerfiles/ui/docker-compose.yml rename to dockerfiles/services/ui/docker-compose.yml diff --git a/managed_setup.yml b/managed_setup.yml index e186365..147ed62 100644 --- a/managed_setup.yml +++ b/managed_setup.yml @@ -50,7 +50,7 @@ - debugfs - proc - securityfs - - shm + - tempfs excluded_mountpoint_re: /[media/richard|run/user].* diff --git a/managed_updates.yml b/managed_updates.yml index b050b99..2aa3719 100644 --- a/managed_updates.yml +++ b/managed_updates.yml @@ -9,29 +9,11 @@ become: True vars: - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb - datadog_checks: - system: - init_config: [] - instances: [] - disk: - init_config: - instances: - - use_mount: yes - excluded_filesystems: - - sysfs - - cgroup - - tracefs - - debugfs - - proc - - securityfs - - shm - excluded_mountpoint_re: /[media/richard|run/user].* roles: - _install_updates - user-richard - motd - - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash +# - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash tasks: diff --git a/roles/certbot/tasks/install.yml b/roles/certbot/tasks/install.yml new file mode 100644 index 0000000..4ca7137 --- /dev/null +++ b/roles/certbot/tasks/install.yml @@ -0,0 +1,33 @@ +--- +# main task for installing Let's Encrypt's certbot tool +# https://certbot.eff.org/#ubuntuxenial-other + +- name: install certbot on ubuntu 16.04 + apt: + state: latest + package: "{{ item }}" + update_cache: yes + cache_valid_time: 3600 + with_items: + - "letsencrypt" + when: ansible_os_family == "Debian" + +- name: create webroot /var/www/xai-corp.net + file: + state: directory + path: /var/www/xai-corp.net + +#- name: create first certificates +# command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}" +# args: +# creates: /etc/letsencrypt/live/{{ item }}/cert.pem +# with_items: "{{certbot.domains}}" + + +- name: cron job for renewing certs + cron: + name: renew let's encrypt certificates + state: absent + user: root + day: "*/2" + job: "letsencrypt renew " diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index c5511fb..49cf7db 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -1,33 +1,10 @@ --- -# main task for installing Let's Encrypt's certbot tool -# https://certbot.eff.org/#ubuntuxenial-other - -- name: install certbot on ubuntu 16.04 - apt: - state: latest - package: "{{ item }}" - update_cache: yes - cache_valid_time: 3600 - with_items: - - "letsencrypt" - when: ansible_os_family == "Debian" - -- name: create webroot /var/www/xai-corp.net - file: - state: directory - path: /var/www/xai-corp.net - -- name: create first certificates - command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}" - args: - creates: /etc/letsencrypt/live/{{ item }}/cert.pem - with_items: "{{certbot.domains}}" +# main install certbot +# deprecated. Use container instead -- name: cron job for renewing certs - cron: - name: renew let's encrypt certificates - state: present - user: root - day: "*/2" - job: "letsencrypt renew " +- include: install.yml + when: certbot.uninstall != true + +- include: uninstall.yml + when: certbot.uninstall == true diff --git a/roles/certbot/tasks/uninstall.yml b/roles/certbot/tasks/uninstall.yml new file mode 100644 index 0000000..64a8b69 --- /dev/null +++ b/roles/certbot/tasks/uninstall.yml @@ -0,0 +1,26 @@ +--- +# uninstall certbot + +- name: uninstall certbot on ubuntu 16.04 + apt: + state: absent + package: "{{ item }}" + update_cache: yes + cache_valid_time: 3600 + with_items: + - "letsencrypt" + - "nginx" + when: ansible_os_family == "Debian" + +- name: remove webroot /var/www/xai-corp.net + file: + state: absent + path: /var/www/xai-corp.net + +- name: remove cron job for renewing certs + cron: + name: renew let's encrypt certificates + state: absent + user: root + day: "*/2" + job: "letsencrypt renew " diff --git a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 index 3571a65..1f0e4f3 100644 --- a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 +++ b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 @@ -56,3 +56,4 @@ sql IN CNAME dkhost mysql IN CNAME dkhost tripbuilder IN CNAME dkhost xaibox IN CNAME dkhost +office IN CNAME dkhost diff --git a/site-django-test.yml b/site-django-test.yml deleted file mode 100644 index 9a7d34b..0000000 --- a/site-django-test.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - # playbook to install django test on home.xai-corp.net - -- hosts: home - remote_user: ansible - - roles: - - django diff --git a/test-ping.yml b/test-ping.yml index 876c4d6..3227b42 100644 --- a/test-ping.yml +++ b/test-ping.yml @@ -1,8 +1,11 @@ --- # playbook to install django test on home.xai-corp.net -- hosts: home +- hosts: managed remote_user: root + remote_user: ansible + gather_facts: yes + become: true tasks: - name: test connection diff --git a/test01.xai-corp.net.yml b/test01.xai-corp.net.yml deleted file mode 100644 index 03bc6ab..0000000 --- a/test01.xai-corp.net.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# playbook for home02 - - -- hosts: test1 - remote_user: ansible - gather_facts: yes - become: true - - vars: - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb - datadog_checks: - system: - init_config: [] - instances: [] - disk: - init_config: - instances: - - use_mount: yes - excluded_filesystems: - - sysfs - - cgroup - - tracefs - - debugfs - - proc - - securityfs - excluded_mountpoint_re: /[media/richard|run/user].* - - - roles: -# - Datadog.datadog -# - bennojoy.ntp - - td-agent - - post_tasks: -# - name: check service is up -# service: name={{ bind.service }} state=started