From 96087c229590fa5179953268bf5ad2db0bacacf5 Mon Sep 17 00:00:00 2001 From: richard Date: Wed, 28 Dec 2016 13:13:35 -0500 Subject: [PATCH] Docker host and docker registry --- .idea/webServers.xml | 7 +++ dkhost.xai-corp.net.yml | 57 ++++++++++++++++++ home02.xai-corp.net.yml | 4 +- requirements.yml | 3 + roles/_install_updates/tasks/main.yml | 9 +++ roles/certbot/tasks/main.yml | 32 ++++++++++ roles/docker/tasks/install.yml | 21 ------- roles/docker/tasks/main.yml | 4 -- roles/docker_registry/defaults/creds.yml | 6 ++ .../docker_registry/files/docker-compose.yml | 19 ++++++ roles/docker_registry/tasks/main.yml | 37 ++++++++++++ roles/dockerhost/defaults/main.yml | 7 +++ roles/dockerhost/files/daemon.json | 10 ++++ roles/dockerhost/tasks/install-xenial.yml | 59 +++++++++++++++++++ roles/dockerhost/tasks/main.yml | 6 ++ .../templates/xai-corp.net.internal.j2 | 3 + .../handlers/main.yml | 0 .../tasks/main.yml | 0 roles/php7-fpm/defaults/main.yml | 6 ++ roles/php7-fpm/tasks/devtools.yml | 4 ++ roles/php7-fpm/tasks/main.yml | 17 ++++++ roles/td-agent/files/td-leaf.conf | 40 +++++++++++++ web01.xai-corp.net.yml | 37 ++++++++++++ 23 files changed, 361 insertions(+), 27 deletions(-) create mode 100644 dkhost.xai-corp.net.yml create mode 100644 roles/_install_updates/tasks/main.yml create mode 100644 roles/certbot/tasks/main.yml delete mode 100644 roles/docker/tasks/install.yml delete mode 100644 roles/docker/tasks/main.yml create mode 100644 roles/docker_registry/defaults/creds.yml create mode 100644 roles/docker_registry/files/docker-compose.yml create mode 100644 roles/docker_registry/tasks/main.yml create mode 100644 roles/dockerhost/defaults/main.yml create mode 100644 roles/dockerhost/files/daemon.json create mode 100644 roles/dockerhost/tasks/install-xenial.yml create mode 100644 roles/dockerhost/tasks/main.yml rename roles/{php-fpm => php5-fpm-phalcon}/handlers/main.yml (100%) rename roles/{php-fpm => php5-fpm-phalcon}/tasks/main.yml (100%) create mode 100644 roles/php7-fpm/defaults/main.yml create mode 100644 roles/php7-fpm/tasks/devtools.yml create mode 100644 roles/php7-fpm/tasks/main.yml create mode 100644 roles/td-agent/files/td-leaf.conf create mode 100644 web01.xai-corp.net.yml diff --git a/.idea/webServers.xml b/.idea/webServers.xml index 98008e8..41b2672 100644 --- a/.idea/webServers.xml +++ b/.idea/webServers.xml @@ -16,6 +16,13 @@ + + + + + + + \ No newline at end of file diff --git a/dkhost.xai-corp.net.yml b/dkhost.xai-corp.net.yml new file mode 100644 index 0000000..7ddb7dc --- /dev/null +++ b/dkhost.xai-corp.net.yml @@ -0,0 +1,57 @@ +--- +# playbook for home02 + + +- hosts: dkhost01 + remote_user: ansible + gather_facts: yes + become: true + + vars: + datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb + datadog_checks: + system: + init_config: [] + instances: [] + disk: + init_config: + instances: + - use_mount: yes + excluded_filesystems: + - sysfs + - cgroup + - tracefs + - debugfs + - proc + - securityfs + excluded_mountpoint_re: /[media/richard|run/user].* +# docker: +# init_config: +# instances: +# - url: "unix://var/run/docker.sock" +# new_tag_names: true + dockerhost: + users: + - dd-agent + - richard + - ansible + + nginx_remove_default_vhost: true + nginx_vhosts_filename: "xai-corp.conf" + nginx_vhosts: + - listen: "80 default_server" + server_name: "xai-corp.net" + root: "/var/www/xai-corp.net" + index: "index.html index.htm" + access_log: "/var/log/nginx/xaicorp.access.log" + error_log: "/var/log/nginx/xaicorp.error.log" + + roles: +# - _install_updates +# - Datadog.datadog +# - dockerhost +# - geerlingguy.nginx +# - certbot + - docker_registry + + post_tasks: diff --git a/home02.xai-corp.net.yml b/home02.xai-corp.net.yml index 7cc2d10..64ee8eb 100644 --- a/home02.xai-corp.net.yml +++ b/home02.xai-corp.net.yml @@ -28,8 +28,8 @@ roles: -# - Datadog.datadog -# - ns.xai-corp.net + - Datadog.datadog + - ns.xai-corp.net - td-agent-bit post_tasks: diff --git a/requirements.yml b/requirements.yml index 1261722..abd0eb6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,4 +16,7 @@ - src: bennojoy.ntp path: roles/vendor/ +- src: geerlingguy.nginx + path: roles/vendor/ + diff --git a/roles/_install_updates/tasks/main.yml b/roles/_install_updates/tasks/main.yml new file mode 100644 index 0000000..172f233 --- /dev/null +++ b/roles/_install_updates/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# update packages to latest + +- name: run apt updates + apt: + upgrade: dist + update_cache: yes + cache_valid_time: 3600 + when: ansible_os_family == "Debian" diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml new file mode 100644 index 0000000..304ac71 --- /dev/null +++ b/roles/certbot/tasks/main.yml @@ -0,0 +1,32 @@ +--- +# main task for installing Let's Encrypt's certbot tool +# https://certbot.eff.org/#ubuntuxenial-other + +- name: install certbot on ubuntu 16.04 + apt: + state: latest + package: "{{ item }}" + update_cache: yes + cache_valid_time: 3600 + with_items: + - "letsencrypt" + when: ansible_os_family == "Debian" + + +- name: create first certificates + command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}" + args: + creates: /etc/letsencrypt/live/{{ item }}/cert.pem + with_items: + - xai-corp.net + - www.xai-corp.net + - dkregistry.xai-corp.net + - sql.xai-corp.net + +- name: cron job for renewing certs + cron: + name: renew let's encrypt certificates + state: present + user: root + day: "*/2" + job: "letsencrypt renew " diff --git a/roles/docker/tasks/install.yml b/roles/docker/tasks/install.yml deleted file mode 100644 index b1ee45a..0000000 --- a/roles/docker/tasks/install.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- - # main tasks to install docker - - -- name: install packages - apt: state=present package={{ item }} - with_items: - - "wget" - -- name: run docker install script - command: "wget -qO- https://get.docker.com/ | sh" - args: - creates: /usr/bin/docker - -- name: create docker group - group: state=present name=docker gid=999 system=yes - -- name: add users to docker group - user: name={{ item }} groups=docker append=yes - with_items: - - richard diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml deleted file mode 100644 index 9a3cfd2..0000000 --- a/roles/docker/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - # main docker tasks - -- include: install.yml \ No newline at end of file diff --git a/roles/docker_registry/defaults/creds.yml b/roles/docker_registry/defaults/creds.yml new file mode 100644 index 0000000..4d9e4f2 --- /dev/null +++ b/roles/docker_registry/defaults/creds.yml @@ -0,0 +1,6 @@ +--- +# private credentials used in docker_registry + +docker_registry.users: + - { "richard" : "richard" } + - { "testuser" : "testpassword" } diff --git a/roles/docker_registry/files/docker-compose.yml b/roles/docker_registry/files/docker-compose.yml new file mode 100644 index 0000000..87a3d91 --- /dev/null +++ b/roles/docker_registry/files/docker-compose.yml @@ -0,0 +1,19 @@ +registry: + restart: always + image: registry:2 + ports: + - 5000:5000 + environment: +# REGISTRY_HTTP_TLS_CERTIFICATE: /certs/cert.pem +# REGISTRY_HTTP_TLS_KEY: /certs/privkey.pem +# REGISTRY_HTTP_LETSENCRYPT_CACHEFILE: + REGISTRY_HTTP_LETSENCRYPT_EMAIL: r_morgan@sympatico.ca + REGISTRY_HTTP_HOST: https://192.168.2.41:5000 +# REGISTRY_HTTP_ADDR: 192.168.2.41:5000 +# REGISTRY_AUTH: htpasswd +# REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd +# REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm + volumes: + - /opt/dkregistry/data:/var/lib/registry + - /etc/letsencrypt/live/dkregistry.xai-corp.net:/certs + - /opt/dkregistry/auth:/auth diff --git a/roles/docker_registry/tasks/main.yml b/roles/docker_registry/tasks/main.yml new file mode 100644 index 0000000..b269673 --- /dev/null +++ b/roles/docker_registry/tasks/main.yml @@ -0,0 +1,37 @@ +--- +# Main task for creating a docker registry + +- name: clean up old config + command: "rm -rf /opt/dkrepository" + +# create folders for certs, data, +- name: create data folders (/opt/dkregistry) + file: + path: "{{ item }}" + state: directory + owner: root + group: docker + mode: 0770 + with_items: + - /opt/dkregistry/data + - /opt/dkregistry/auth + +# make auth files using docker container +- name: create auth file + shell: echo '' > /opt/dkregistry/auth/htpasswd + +- name: add user to auth file + shell: "docker run --entrypoint htpasswd registry:2 -Bbn {{ item.name }} {{ item.pass }} >> /opt/dkregistry/auth/htpasswd" + with_items: + - { "name" : "richard", "pass" : "richard" } + - { "name" : "testuser", "pass" : "testpassword" } + +- name: copy composer file + copy: + src: docker-compose.yml + dest: /opt/dkregistry/docker-compose.yml + +- name: run docker up + shell: "docker-compose up -d" + args: + chdir: /opt/dkregistry diff --git a/roles/dockerhost/defaults/main.yml b/roles/dockerhost/defaults/main.yml new file mode 100644 index 0000000..52a2a54 --- /dev/null +++ b/roles/dockerhost/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# default vars + +dockerhost: + users: + - richard + - ansible diff --git a/roles/dockerhost/files/daemon.json b/roles/dockerhost/files/daemon.json new file mode 100644 index 0000000..61c8a7b --- /dev/null +++ b/roles/dockerhost/files/daemon.json @@ -0,0 +1,10 @@ +{ + "insecure-registries": [ + "dkregistry.xai-corp.net:5000", + "192.168.2.41:5000" + ], + "dns": [ + "192.168.2.22", + "8.8.8.8" + ] +} diff --git a/roles/dockerhost/tasks/install-xenial.yml b/roles/dockerhost/tasks/install-xenial.yml new file mode 100644 index 0000000..3e9a588 --- /dev/null +++ b/roles/dockerhost/tasks/install-xenial.yml @@ -0,0 +1,59 @@ +--- + # main tasks to install docker + +- name: install packages + apt: + state: installed + package: "{{ item }}" + update_cache: yes + cache_valid_time: 3600 + with_items: + - "wget" + - "apt-transport-https" + - "ca-certificates" + +#- name: run docker install script +# command: "wget -qO- https://get.docker.com/ | sh" +# args: +# creates: /usr/bin/docker + +#- stat: +# path: /usr/bin/docker +# register: docker +# +#- debug: var=docker + +#- name: download install script +# get_url: +# url: https://get.docker.com/ +# dest: /tmp/docker_install.sh +# mode: 500 +# when: docker.stat.exists == false +# +#- name: run install script +# script: /tmp/docker_install.sh +# args: +# creates: /usr/bin/docker +# when: docker.stat.exists == false + +- name: create docker group + group: state=present name=docker gid=999 system=yes + +- name: add users to docker group + user: name={{ item }} groups=docker append=yes + with_items: "{{ dockerhost.users }}" + + +- name: install via apt + apt: + update_cache: true + package: "{{ item }}" + with_items: + - docker-engine + - docker-compose + + +- name: copy docker config file + copy: + src: daemon.json + dest: /etc/docker/daemon.json diff --git a/roles/dockerhost/tasks/main.yml b/roles/dockerhost/tasks/main.yml new file mode 100644 index 0000000..7e09f05 --- /dev/null +++ b/roles/dockerhost/tasks/main.yml @@ -0,0 +1,6 @@ +--- + # main docker tasks + +- include: "install-xenial.yml" + when: ansible_distribution_release == "xenial" + become: true diff --git a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 index a5b0192..db93966 100644 --- a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 +++ b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 @@ -32,3 +32,6 @@ tv IN A 192.168.2.16 xaicorp1 IN A 192.168.2.103 garden IN A 192.168.2.20 +home02 IN A 192.168.2.22 +dkhost01 IN A 192.168.2.41 +dkregistry IN A 192.168.2.41 diff --git a/roles/php-fpm/handlers/main.yml b/roles/php5-fpm-phalcon/handlers/main.yml similarity index 100% rename from roles/php-fpm/handlers/main.yml rename to roles/php5-fpm-phalcon/handlers/main.yml diff --git a/roles/php-fpm/tasks/main.yml b/roles/php5-fpm-phalcon/tasks/main.yml similarity index 100% rename from roles/php-fpm/tasks/main.yml rename to roles/php5-fpm-phalcon/tasks/main.yml diff --git a/roles/php7-fpm/defaults/main.yml b/roles/php7-fpm/defaults/main.yml new file mode 100644 index 0000000..9c39229 --- /dev/null +++ b/roles/php7-fpm/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# default vars + +php7-fpm: + packages: + - php-zip diff --git a/roles/php7-fpm/tasks/devtools.yml b/roles/php7-fpm/tasks/devtools.yml new file mode 100644 index 0000000..613e8ac --- /dev/null +++ b/roles/php7-fpm/tasks/devtools.yml @@ -0,0 +1,4 @@ +--- +# install php dev tools + + diff --git a/roles/php7-fpm/tasks/main.yml b/roles/php7-fpm/tasks/main.yml new file mode 100644 index 0000000..0f896b3 --- /dev/null +++ b/roles/php7-fpm/tasks/main.yml @@ -0,0 +1,17 @@ +--- +# install php-fpm on ubuntu16.04 + + +# install packages +- name: Install php-fpm basics. + apt: pkg={{ item }} state=installed + with_items: + - libwww-perl + - php-fpm + - php-zip + + +#- name: Ensure dependencies are installed. +# apt: pkg={{ item }} state=installed +# when: php7-fpm.packages +# with_items: "{{ php7-fpm.packages }}" diff --git a/roles/td-agent/files/td-leaf.conf b/roles/td-agent/files/td-leaf.conf new file mode 100644 index 0000000..c992731 --- /dev/null +++ b/roles/td-agent/files/td-leaf.conf @@ -0,0 +1,40 @@ + + @type stdout + + + # sources + + @type forward + port 24224 + + + + @type http + port 8888 + bind 0.0.0.0 + body_size_limit 32m + keepalive_timeout 10s + # tag is part of the URL, e.g., + # curl -X POST -d 'json={"action":"login","user":2}' http://localhost:8888/tag.here + + + + @type debug_agent + bind 127.0.0.1 + port 24230 + + +# +# @type tail +# path /var/log/httpd-access.log #...or where you placed your Apache access log +# pos_file /var/log/td-agent/httpd-access.log.pos # This is where you record file position +# tag nginx.access #fluentd tag! +# format nginx # Do you have a custom format? You can write your own regex. +# + + + @type syslog + port 5140 + bind 0.0.0.0 + tag system.local + diff --git a/web01.xai-corp.net.yml b/web01.xai-corp.net.yml new file mode 100644 index 0000000..c80c075 --- /dev/null +++ b/web01.xai-corp.net.yml @@ -0,0 +1,37 @@ +--- +# playbook for home02 + + +- hosts: web01 + remote_user: ansible + gather_facts: yes + become: true + + vars: + datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb + datadog_checks: + system: + init_config: [] + instances: [] + disk: + init_config: + instances: + - use_mount: yes + excluded_filesystems: + - sysfs + - cgroup + - tracefs + - debugfs + - proc + - securityfs + excluded_mountpoint_re: /[media/richard|run/user].* + + + roles: + - Datadog.datadog + - td-agent-bit + - php7-fpm + + post_tasks: +# - name: check service is up +# service: name={{ bind.service }} state=started