xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

reworked letsencrypt to use docker containers instead of certbot on the host.

Browse Source
This commit is contained in:
richard
2017-10-02 06:32:53 -04:00
parent de1e0d66c3
commit 92950ffd2d
57 changed files with 632 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
dkhost.xai-corp.net.yml
View File

@@ -8,78 +8,86 @@
become: true become: true
vars: vars:
datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb # datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
datadog_checks: # datadog_config:
system: # log_level: WARNING
init_config: [] # apm_enabled: false
instances: [] # datadog_checks:
disk: # system:
init_config: # init_config: []
instances: # instances: []
- use_mount: yes # disk:
excluded_filesystems: # init_config:
- sysfs # instances:
- cgroup # - use_mount: yes
- tracefs # excluded_filesystems:
- debugfs # - sysfs
- proc # - cgroup
- securityfs # - tracefs
- tmpfs # - debugfs
excluded_mountpoint_re: /[media/richard|run/user].* # - proc
# - securityfs
# - tmpfs
# excluded_mountpoint_re: /[media/richard|run/user].*
docker: docker:
init_config: init_config:
instances: instances:
- url: "unix://var/run/docker.sock" - url: "unix://var/run/docker.sock"
new_tag_names: true new_tag_names: true
dockerhost: dockerhost:
users: users:
- dd-agent - dd-agent
- richard - richard
- ansible - ansible
nginx_remove_default_vhost: true nginx_remove_default_vhost: true
nginx_vhosts_filename: "xai-corp.conf" nginx_vhosts_filename: "xai-corp.conf"
nginx_vhosts: nginx_vhosts:
- listen: "80 default_server" - listen: "80 default_server"
server_name: "xai-corp.net" server_name: "xai-corp.net"
root: "/var/www/xai-corp.net" root: "/var/www/xai-corp.net"
index: "index.html index.htm" index: "index.html index.htm"
access_log: "/var/log/nginx/xaicorp.access.log" access_log: "/var/log/nginx/xaicorp.access.log"
error_log: "/var/log/nginx/xaicorp.error.log" error_log: "/var/log/nginx/xaicorp.error.log"
gluster: gluster:
vmshare: vmshare:
host: gluster:/vmshares host: gluster:/vmshares
mount: /opt/shared mount: /opt/shared
gitea: gitea:
host: gluster:/gitea host: gluster:/gitea
mount: /var/lib/gitea mount: /var/lib/gitea
jenkins: jenkins:
host: gluster:/jenkins host: gluster:/jenkins
mount: /var/lib/jenkins mount: /var/lib/jenkins
elasticsearch: elasticsearch:
host: gluster:/elasticsearch host: gluster:/elasticsearch
mount: /data/elasticsearch mount: /data/elasticsearch
certbot: certbot:
domains: uninstall: true
- xai-corp.net domains:
- www.xai-corp.net - xai-corp.net
- dkregistry.xai-corp.net - www.xai-corp.net
- sql.xai-corp.net - dkregistry.xai-corp.net
- fs.xai-corp.net - sql.xai-corp.net
- dkhost.xai-corp.net - fs.xai-corp.net
- git.xai-corp.net - dkhost.xai-corp.net
- dkui.xai-corp.net - git.xai-corp.net
- jenkins.xai-corp.net - dkui.xai-corp.net
- logs.xai-corp.net - jenkins.xai-corp.net
- tripbuilder.xai-corp.net - logs.xai-corp.net
- xaibox.xai-corp.net - tripbuilder.xai-corp.net
- xaibox.xai-corp.net
- office.xai-corp.net
roles: roles:
- dockerhost - dockerhost
- geerlingguy.nginx - geerlingguy.nginx
- certbot - certbot
# - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash
post_tasks: post_tasks:

29
dockerfiles/owncloud/docker-compose.yml
View File

@@ -1,29 +0,0 @@
---
# docker-compose file for owncloud server
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml owncloud
version: '3'
services:
owncloud:
image: nextcloud:12
ports:
- 8083:80
# - 9083:9000
volumes:
- /opt/shared/nextcloud/data:/var/www/html/data
- /opt/shared/nextcloud/config:/var/www/html/config
- /opt/shared/nextcloud/apps:/var/www/html/custom_apps
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: "1s"
max_attempts: 5
resources:
limits:
cpus: '1'
memory: 512M

2
dockerfiles/dkregistry/docker-compose.yml → dockerfiles/services/dkregistry/docker-compose.yml
View File

@@ -3,7 +3,7 @@
# - see https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html # - see https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html
# #
# DOCKER_HOST=dkhost03:2376 docker-compose up -d # DOCKER_HOST=dkhost03:2376 docker-compose up -d
# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml services # DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
version: '3' version: '3'
services: services:

0
dockerfiles/filesystem/Dockerfile → dockerfiles/services/filesystem/Dockerfile
View File

0
dockerfiles/filesystem/docker.vhost.conf → dockerfiles/services/filesystem/docker.vhost.conf
View File

0
dockerfiles/gitea/docker-compose.yml → dockerfiles/services/gitea/docker-compose.yml
View File

0
dockerfiles/graylog/docker-compose.yml → dockerfiles/services/graylog/docker-compose.yml
View File

0
dockerfiles/jenkins/docker-compose.yml → dockerfiles/services/jenkins/docker-compose.yml
View File

0
dockerfiles/jira/docker-compose.yml → dockerfiles/services/jira/docker-compose.yml
View File

48
dockerfiles/services/letsencrypt/docker-compose-staging-install.yml Normal file
View File

@@ -0,0 +1,48 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up install
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt
version: '3'
services:
install:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_install
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

45
dockerfiles/services/letsencrypt/docker-compose-staging-update.yml Normal file
View File

@@ -0,0 +1,45 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-staging-update.yml services_letsencrypt
version: '3'
services:
updates:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_updates
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

47
dockerfiles/services/letsencrypt/docker-compose-update.yml Normal file
View File

@@ -0,0 +1,47 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-update.yml services_letsencrypt
version: '3'
services:
updates:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_updates
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt:/etc/letsencrypt
environment:
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_TESTCERT: "true"
LETSENCRYPT_DEBUG: "true"
LETSENCRYPT_JOB_TIME: "0 0 1 15 * *"
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

84
dockerfiles/services/letsencrypt/docker-compose.yml Normal file
View File

@@ -0,0 +1,84 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up install
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt
version: '3'
services:
install:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_install
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M
updates:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_updates
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

48
dockerfiles/services/letsencrypt/readme.md Normal file
View File

@@ -0,0 +1,48 @@
#Letsencrypt container
run this as a regular container via cron job
note that this container only takes 2 parameters, so we can use --staging and --merge. maybe we should build our own.
todo: set this up as a cron
#install new certs
```
DOCKER_HOST=dkhost:2376 docker run -d \
-p 80:80 \
--name letsencrypt \
-e "LETSENCRYPT_HTTPS_ENABLED=false" \
-v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
-e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
-e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
-e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN3=xaibox.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN4=dkui.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN5=dkregistry.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN6=fs.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN7=jenkins.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN8=sql.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN9=www.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN90=office.xai-corp.net" \
blacklabelops/letsencrypt install
```
```
DOCKER_HOST=dkhost:2376 docker run -d \
-p 80:80 \
--name letsencrypt_updates \
-e "LETSENCRYPT_HTTPS_ENABLED=false" \
-v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
-e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
-e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
-e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN3=xaibox.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN4=dkui.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN5=dkregistry.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN6=fs.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN7=jenkins.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN8=sql.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN9=www.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN90=office.xai-corp.net" \
blacklabelops/letsencrypt
```

0
dockerfiles/logstash/Dockerfile → dockerfiles/services/logstash/Dockerfile
View File

0
dockerfiles/logstash/config/logstash.yml → dockerfiles/services/logstash/config/logstash.yml
View File

0
dockerfiles/logstash/docker-compose.yml → dockerfiles/services/logstash/docker-compose.yml
View File

0
dockerfiles/orangescrum/docker-compose.yml → dockerfiles/services/orangescrum/docker-compose.yml
View File

4
dockerfiles/services/owncloud/Dockerfile Normal file
View File

@@ -0,0 +1,4 @@
FROM nextcloud:12
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*

51
dockerfiles/services/owncloud/docker-compose-prod.yml Normal file
View File

@@ -0,0 +1,51 @@
---
# docker-compose file for owncloud server
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-prod.yml owncloud
version: '3'
services:
owncloud:
image: dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
ports:
- 8083:80
# - 9083:9000
volumes:
- /opt/shared/nextcloud/data:/var/www/html/data
- /opt/shared/nextcloud/config:/var/www/html/config
- /opt/shared/nextcloud/apps:/var/www/html/custom_apps
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: "1s"
max_attempts: 5
resources:
limits:
cpus: '1'
memory: 512M
collabora:
image: collabora/code
ports:
- 9980:9980
environment:
domain: office\\.xai-corp\\.net
username: admin
password: ah8031qhnbc
server_name: office.xai-corp.net
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: "1s"
max_attempts: 5
resources:
limits:
cpus: '1'
memory: 512M

51
dockerfiles/services/owncloud/docker-compose.yml Normal file
View File

@@ -0,0 +1,51 @@
---
# docker-compose file for nextcloud server
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
# DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml owncloud
version: '3'
services:
owncloud:
image: "dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest"
build:
context: .
dockerfile: Dockerfile
ports:
- 8083:80
# - 9083:9000
volumes:
- ./data:/var/www/html
collabora:
image: collabora/code
ports:
- 9980:9980
environment:
domain: office\\.xai-corp\\.net
username: admin
password: ah8031qhnbc
server_name: office.xai-corp.net
# letsencrypt:
# image: linuxserver/letsencrypt
# volumes:
# - ./letsencrypt:/config
# environment:
# URL: xai-corp.net
# SUBDOMAINS: www,sql,xaibox,office
# TZ: America/Montreal
# EMAIL: r_morgan@sympatico.ca
#TODO:
# cron:
http:
image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
volumes:
- ./letsencrypt:/etc/letsencrypt:ro
ports:
- "443:443"

0
dockerfiles/postgres/docker-compose.yml → dockerfiles/services/postgres/docker-compose.yml
View File

0
dockerfiles/services/cron/Dockerfile → dockerfiles/services/services/cron/Dockerfile
View File

2
dockerfiles/services/cron/docker-compose.yml → dockerfiles/services/services/cron/docker-compose.yml
View File

@@ -10,7 +10,7 @@ services:
cron: cron:
image: "dkregistry.xai-corp.net:5000/cron:latest" image: "dkregistry.xai-corp.net:5000/cron:latest"
build: build:
context: . context: ""
dockerfile: Dockerfile dockerfile: Dockerfile
deploy: deploy:

0
dockerfiles/services/cron/periodic/15min/helloworld → dockerfiles/services/services/cron/periodic/15min/helloworld
View File

0
dockerfiles/services/elasticsearch/docker-compose.yml → dockerfiles/services/services/elasticsearch/docker-compose.yml
View File

0
dockerfiles/services/mariadb/docker-compose.yml → dockerfiles/services/services/mariadb/docker-compose.yml
View File

0
dockerfiles/services/memcached/docker-compose.yml → dockerfiles/services/services/memcached/docker-compose.yml
View File

100
dockerfiles/services/services/minio/docker-compose.yml Normal file
View File

@@ -0,0 +1,100 @@
---
#minio s3 clone
#https://docs.minio.io/docs/deploy-minio-on-docker-swarm
# DOCKER_HOST=dkhost:2376 docker-compose up -d
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml s3
version: '3.1'
services:
minio1:
image: minio/minio:RELEASE.2017-08-05T00-00-53Z
volumes:
- minio1-data:/export
ports:
- "9061:9000"
networks:
- minio_distributed
deploy:
restart_policy:
delay: 10s
max_attempts: 10
window: 60s
command: server http://s3_minio1/export
# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export
secrets:
- s3_secret_key
- s3_access_key
# minio2:
# image: minio/minio:RELEASE.2017-08-05T00-00-53Z
# volumes:
# - minio2-data:/export
# ports:
# - "9062:9000"
# networks:
# - minio_distributed
# deploy:
# restart_policy:
# delay: 10s
# max_attempts: 10
# window: 60s
# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export
# secrets:
# - s3_secret_key
# - s3_access_key
#
# minio3:
# image: minio/minio:RELEASE.2017-08-05T00-00-53Z
# volumes:
# - minio3-data:/export
# ports:
# - "9063:9000"
# networks:
# - minio_distributed
# deploy:
# restart_policy:
# delay: 10s
# max_attempts: 10
# window: 60s
# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export
# secrets:
# - s3_secret_key
# - s3_access_key
#
# minio4:
# image: minio/minio:RELEASE.2017-08-05T00-00-53Z
# volumes:
# - minio4-data:/export
# ports:
# - "9064:9000"
# networks:
# - minio_distributed
# deploy:
# restart_policy:
# delay: 10s
# max_attempts: 10
# window: 60s
# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export
# secrets:
# - s3_secret_key
# - s3_access_key
volumes:
minio1-data:
minio2-data:
minio3-data:
minio4-data:
networks:
minio_distributed:
driver: overlay
secrets:
s3_secret_key:
external: true
s3_access_key:
external: true

0
dockerfiles/services/mongo/docker-compose.yml → dockerfiles/services/services/mongo/docker-compose.yml
View File

0
dockerfiles/services/redis/docker-compose.yml → dockerfiles/services/services/redis/docker-compose.yml
View File

0
dockerfiles/shipyard/docker-compose.yml → dockerfiles/services/shipyard/docker-compose.yml
View File

0
dockerfiles/sslproxy/Dockerfile → dockerfiles/services/sslproxy/Dockerfile
View File

0
dockerfiles/sslproxy/cetbot/Dockerfile → dockerfiles/services/sslproxy/cetbot/Dockerfile
View File

12
dockerfiles/sslproxy/docker-compose-prod.yml → dockerfiles/services/sslproxy/docker-compose-prod.yml
View File

@@ -1,7 +1,7 @@
--- ---
# DOCKER_HOST=192.168.2.41:2376 docker-compose up -d # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
# docker login dkregistry.xai-corp.net:5000 # docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:latest # docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.0
# DOCKER_HOST=dkhost01:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy # DOCKER_HOST=dkhost01:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy
# DOCKER_HOST=dkhost01:2376 docker stack ps sslproxy # DOCKER_HOST=dkhost01:2376 docker stack ps sslproxy
@@ -14,11 +14,11 @@ services:
ports: ports:
- "443:443" - "443:443"
logging: # logging:
driver: syslog # driver: syslog
options: # options:
syslog-address: "tcp+tls://logs6.papertrailapp.com:38577" # syslog-address: "tcp+tls://logs6.papertrailapp.com:38577"
tag: "{{.Name}}/{{.ID}}" # tag: "{{.Name}}/{{.ID}}"
deploy: deploy:
mode: replicated mode: replicated

0
dockerfiles/sslproxy/docker-compose.yml → dockerfiles/services/sslproxy/docker-compose.yml
View File

0
dockerfiles/sslproxy/hosts/dkregistry.xai-corp.net.conf → dockerfiles/services/sslproxy/hosts/dkregistry.xai-corp.net.conf
View File

2
dockerfiles/sslproxy/hosts/dkui.xai-corp.net.conf → dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf
View File

@@ -2,7 +2,7 @@
server { server {
listen 443 ssl; listen 443 ssl;
server_name dkui.xai-corp.net; server_name dkui.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/dkui.xai-corp.net/cert.pem; ssl_certificate /etc/letsencrypt/live/dkui.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dkui.xai-corp.net/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/dkui.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000 #Strict-Transport-Security: max-age=15768000

2
dockerfiles/sslproxy/hosts/fs.xai-corp.net.conf → dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf
View File

@@ -2,7 +2,7 @@
server { server {
listen 443 ssl; listen 443 ssl;
server_name fs.xai-corp.net; server_name fs.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/fs.xai-corp.net/cert.pem; ssl_certificate /etc/letsencrypt/live/fs.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fs.xai-corp.net/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/fs.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000 #Strict-Transport-Security: max-age=15768000

2
dockerfiles/sslproxy/hosts/git.xai-corp.net.conf → dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
View File

@@ -2,7 +2,7 @@
server { server {
listen 443 ssl; listen 443 ssl;
server_name git.xai-corp.net; server_name git.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/git.xai-corp.net/cert.pem; ssl_certificate /etc/letsencrypt/live/git.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.xai-corp.net/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/git.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000 #Strict-Transport-Security: max-age=15768000

2
dockerfiles/sslproxy/hosts/jenkins.xai-corp.net.conf → dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf
View File

@@ -2,7 +2,7 @@
server { server {
listen 443 ssl; listen 443 ssl;
server_name jenkins.xai-corp.net; server_name jenkins.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/jenkins.xai-corp.net/cert.pem; ssl_certificate /etc/letsencrypt/live/jenkins.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jenkins.xai-corp.net/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/jenkins.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000 #Strict-Transport-Security: max-age=15768000

2
dockerfiles/sslproxy/hosts/logs.xai-corp.net.conf → dockerfiles/services/sslproxy/hosts/logs.xai-corp.net.conf
View File

@@ -2,7 +2,7 @@
server { server {
listen 443 ssl; listen 443 ssl;
server_name logs.xai-corp.net; server_name logs.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/logs.xai-corp.net/cert.pem; ssl_certificate /etc/letsencrypt/live/logs.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/logs.xai-corp.net/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/logs.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000 #Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=600; includeSubDomains" always; add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;

0
dockerfiles/sslproxy/hosts/tripbuilder.xai-corp.net.conf → dockerfiles/services/sslproxy/hosts/tripbuilder.xai-corp.net.conf
View File

2
dockerfiles/sslproxy/hosts/xaibox.xai-corp.net.conf → dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
View File

@@ -2,7 +2,7 @@
server { server {
listen 443 ssl; listen 443 ssl;
server_name xaibox.xai-corp.net; server_name xaibox.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/xaibox.xai-corp.net/cert.pem; ssl_certificate /etc/letsencrypt/live/xaibox.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xaibox.xai-corp.net/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/xaibox.xai-corp.net/privkey.pem;
client_max_body_size 200m; client_max_body_size 200m;

0
dockerfiles/sslproxy/nginx.conf → dockerfiles/services/sslproxy/nginx.conf
View File

0
dockerfiles/sslproxy/readme.md → dockerfiles/services/sslproxy/readme.md
View File

0
dockerfiles/sslproxy/testdata/_first.txt → dockerfiles/services/sslproxy/testdata/_first.txt vendored
View File

0
dockerfiles/ui/docker-compose.yml → dockerfiles/services/ui/docker-compose.yml
View File

2
managed_setup.yml
View File

@@ -50,7 +50,7 @@
- debugfs - debugfs
- proc - proc
- securityfs - securityfs
- shm - tempfs
excluded_mountpoint_re: /[media/richard|run/user].* excluded_mountpoint_re: /[media/richard|run/user].*

20
managed_updates.yml
View File

@@ -9,29 +9,11 @@
become: True become: True
vars: vars:
datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
datadog_checks:
system:
init_config: []
instances: []
disk:
init_config:
instances:
- use_mount: yes
excluded_filesystems:
- sysfs
- cgroup
- tracefs
- debugfs
- proc
- securityfs
- shm
excluded_mountpoint_re: /[media/richard|run/user].*
roles: roles:
- _install_updates - _install_updates
- user-richard - user-richard
- motd - motd
- { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash # - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash
tasks: tasks:

33
roles/certbot/tasks/install.yml Normal file
View File

@@ -0,0 +1,33 @@
---
# main task for installing Let's Encrypt's certbot tool
# https://certbot.eff.org/#ubuntuxenial-other
- name: install certbot on ubuntu 16.04
apt:
state: latest
package: "{{ item }}"
update_cache: yes
cache_valid_time: 3600
with_items:
- "letsencrypt"
when: ansible_os_family == "Debian"
- name: create webroot /var/www/xai-corp.net
file:
state: directory
path: /var/www/xai-corp.net
#- name: create first certificates
# command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
# args:
# creates: /etc/letsencrypt/live/{{ item }}/cert.pem
# with_items: "{{certbot.domains}}"
- name: cron job for renewing certs
cron:
name: renew let's encrypt certificates
state: absent
user: root
day: "*/2"
job: "letsencrypt renew "

37
roles/certbot/tasks/main.yml
View File

@@ -1,33 +1,10 @@
--- ---
# main task for installing Let's Encrypt's certbot tool # main install certbot
# https://certbot.eff.org/#ubuntuxenial-other # deprecated. Use container instead
- name: install certbot on ubuntu 16.04
apt:
state: latest
package: "{{ item }}"
update_cache: yes
cache_valid_time: 3600
with_items:
- "letsencrypt"
when: ansible_os_family == "Debian"
- name: create webroot /var/www/xai-corp.net
file:
state: directory
path: /var/www/xai-corp.net
- name: create first certificates
command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
args:
creates: /etc/letsencrypt/live/{{ item }}/cert.pem
with_items: "{{certbot.domains}}"
- name: cron job for renewing certs - include: install.yml
cron: when: certbot.uninstall != true
name: renew let's encrypt certificates
state: present - include: uninstall.yml
user: root when: certbot.uninstall == true
day: "*/2"
job: "letsencrypt renew "

26
roles/certbot/tasks/uninstall.yml Normal file
View File

@@ -0,0 +1,26 @@
---
# uninstall certbot
- name: uninstall certbot on ubuntu 16.04
apt:
state: absent
package: "{{ item }}"
update_cache: yes
cache_valid_time: 3600
with_items:
- "letsencrypt"
- "nginx"
when: ansible_os_family == "Debian"
- name: remove webroot /var/www/xai-corp.net
file:
state: absent
path: /var/www/xai-corp.net
- name: remove cron job for renewing certs
cron:
name: renew let's encrypt certificates
state: absent
user: root
day: "*/2"
job: "letsencrypt renew "

1
roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
View File

@@ -56,3 +56,4 @@ sql IN CNAME dkhost
mysql IN CNAME dkhost mysql IN CNAME dkhost
tripbuilder IN CNAME dkhost tripbuilder IN CNAME dkhost
xaibox IN CNAME dkhost xaibox IN CNAME dkhost
office IN CNAME dkhost

8
site-django-test.yml
View File

@@ -1,8 +0,0 @@
---
# playbook to install django test on home.xai-corp.net
- hosts: home
remote_user: ansible
roles:
- django

5
test-ping.yml
View File

@@ -1,8 +1,11 @@
--- ---
# playbook to install django test on home.xai-corp.net # playbook to install django test on home.xai-corp.net
- hosts: home - hosts: managed
remote_user: root remote_user: root
remote_user: ansible
gather_facts: yes
become: true
tasks: tasks:
- name: test connection - name: test connection

37
test01.xai-corp.net.yml
View File

@@ -1,37 +0,0 @@
---
# playbook for home02
- hosts: test1
remote_user: ansible
gather_facts: yes
become: true
vars:
datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
datadog_checks:
system:
init_config: []
instances: []
disk:
init_config:
instances:
- use_mount: yes
excluded_filesystems:
- sysfs
- cgroup
- tracefs
- debugfs
- proc
- securityfs
excluded_mountpoint_re: /[media/richard|run/user].*
roles:
# - Datadog.datadog
# - bennojoy.ntp
- td-agent
post_tasks:
# - name: check service is up
# service: name={{ bind.service }} state=started