Docker host and docker registry

roles/_install_updates/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+# update packages to latest
+
+- name: run apt updates
+  apt:
+    upgrade: dist
+    update_cache: yes
+    cache_valid_time: 3600
+  when: ansible_os_family == "Debian"

roles/certbot/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+# main task for installing Let's Encrypt's certbot tool
+# https://certbot.eff.org/#ubuntuxenial-other
+
+- name: install certbot on ubuntu 16.04
+  apt:
+    state: latest
+    package: "{{ item }}"
+    update_cache: yes
+    cache_valid_time: 3600
+  with_items:
+    - "letsencrypt"
+  when: ansible_os_family == "Debian"
+
+
+- name: create first certificates
+  command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
+  args:
+    creates: /etc/letsencrypt/live/{{ item }}/cert.pem
+  with_items:
+    - xai-corp.net
+    - www.xai-corp.net
+    - dkregistry.xai-corp.net
+    - sql.xai-corp.net
+
+- name: cron job for renewing certs
+  cron:
+    name: renew let's encrypt certificates
+    state: present
+    user: root
+    day: "*/2"
+    job: "letsencrypt renew "

roles/docker/tasks/install.yml

@@ -1,21 +0,0 @@
----
-  # main tasks to install docker
-
-
-- name: install packages
-  apt: state=present package={{ item }}
-  with_items:
-    - "wget"
-
-- name: run docker install script
-  command: "wget -qO- https://get.docker.com/ | sh"
-  args:
-    creates: /usr/bin/docker
-
-- name: create docker group
-  group: state=present name=docker gid=999 system=yes
-
-- name: add users to docker group
-  user: name={{ item }} groups=docker append=yes
-  with_items:
-    - richard

roles/docker/tasks/main.yml

@@ -1,4 +0,0 @@
----
-  # main docker tasks
-
-- include: install.yml

roles/docker_registry/defaults/creds.yml

@@ -0,0 +1,6 @@
+---
+# private credentials used in docker_registry
+
+docker_registry.users:
+  - { "richard" : "richard" }
+  - { "testuser" : "testpassword" }

roles/docker_registry/files/docker-compose.yml

@@ -0,0 +1,19 @@
+registry:
+  restart: always
+  image: registry:2
+  ports:
+    - 5000:5000
+  environment:
+#    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/cert.pem
+#    REGISTRY_HTTP_TLS_KEY: /certs/privkey.pem
+#    REGISTRY_HTTP_LETSENCRYPT_CACHEFILE:
+    REGISTRY_HTTP_LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
+    REGISTRY_HTTP_HOST: https://192.168.2.41:5000
+#    REGISTRY_HTTP_ADDR: 192.168.2.41:5000
+#    REGISTRY_AUTH: htpasswd
+#    REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
+#    REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
+  volumes:
+    - /opt/dkregistry/data:/var/lib/registry
+    - /etc/letsencrypt/live/dkregistry.xai-corp.net:/certs
+    - /opt/dkregistry/auth:/auth

roles/docker_registry/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+# Main task for creating a docker registry
+
+- name: clean up old config
+  command: "rm -rf /opt/dkrepository"
+
+# create folders for certs, data,
+- name: create data folders (/opt/dkregistry)
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: docker
+    mode: 0770
+  with_items:
+    - /opt/dkregistry/data
+    - /opt/dkregistry/auth
+
+# make auth files using docker container
+- name: create auth file
+  shell: echo '' > /opt/dkregistry/auth/htpasswd
+
+- name: add user to auth file
+  shell: "docker run --entrypoint htpasswd registry:2 -Bbn {{ item.name }} {{ item.pass }} >> /opt/dkregistry/auth/htpasswd"
+  with_items:
+    - { "name" : "richard", "pass" : "richard" }
+    - { "name" : "testuser", "pass" : "testpassword" }
+
+- name: copy composer file
+  copy:
+    src: docker-compose.yml
+    dest: /opt/dkregistry/docker-compose.yml
+
+- name: run docker up
+  shell: "docker-compose up -d"
+  args:
+    chdir: /opt/dkregistry

roles/dockerhost/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+# default vars
+
+dockerhost:
+  users:
+    - richard
+    - ansible

roles/dockerhost/files/daemon.json

@@ -0,0 +1,10 @@
+{
+  "insecure-registries": [
+    "dkregistry.xai-corp.net:5000",
+    "192.168.2.41:5000"
+  ],
+  "dns": [
+    "192.168.2.22",
+    "8.8.8.8"
+  ]
+}

roles/dockerhost/tasks/install-xenial.yml

@@ -0,0 +1,59 @@
+---
+  # main tasks to install docker
+
+- name: install packages
+  apt:
+    state: installed
+    package: "{{ item }}"
+    update_cache: yes
+    cache_valid_time: 3600
+  with_items:
+    - "wget"
+    - "apt-transport-https"
+    - "ca-certificates"
+
+#- name: run docker install script
+#  command: "wget -qO- https://get.docker.com/ | sh"
+#  args:
+#    creates: /usr/bin/docker
+
+#- stat:
+#    path: /usr/bin/docker
+#  register: docker
+#
+#- debug: var=docker
+
+#- name: download install script
+#  get_url:
+#    url: https://get.docker.com/
+#    dest: /tmp/docker_install.sh
+#    mode: 500
+#  when: docker.stat.exists == false
+#
+#- name: run install script
+#  script: /tmp/docker_install.sh
+#  args:
+#    creates: /usr/bin/docker
+#  when: docker.stat.exists == false
+
+- name: create docker group
+  group: state=present name=docker gid=999 system=yes
+
+- name: add users to docker group
+  user: name={{ item }} groups=docker append=yes
+  with_items: "{{ dockerhost.users }}"
+
+
+- name: install via apt
+  apt:
+    update_cache: true
+    package: "{{ item }}"
+  with_items:
+    - docker-engine
+    - docker-compose
+
+
+- name: copy docker config file
+  copy:
+    src: daemon.json
+    dest: /etc/docker/daemon.json

roles/dockerhost/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+  # main docker tasks
+
+- include: "install-xenial.yml"
+  when: ansible_distribution_release == "xenial"
+  become: true

roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2

@@ -32,3 +32,6 @@ tv                      IN A    192.168.2.16
 xaicorp1                IN A    192.168.2.103
 garden                  IN A    192.168.2.20
 
+home02                  IN A    192.168.2.22
+dkhost01                IN A    192.168.2.41
+dkregistry              IN A    192.168.2.41

roles/php7-fpm/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+# default vars
+
+php7-fpm:
+  packages:
+    - php-zip

roles/php7-fpm/tasks/devtools.yml

@@ -0,0 +1,4 @@
+---
+# install php dev tools
+
+

roles/php7-fpm/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+# install php-fpm on ubuntu16.04
+
+
+# install packages
+- name: Install php-fpm basics.
+  apt: pkg={{ item }} state=installed
+  with_items:
+    - libwww-perl
+    - php-fpm
+    - php-zip
+
+
+#- name: Ensure dependencies are installed.
+#  apt: pkg={{ item }} state=installed
+#  when:  php7-fpm.packages
+#  with_items: "{{ php7-fpm.packages }}"

roles/td-agent/files/td-leaf.conf

@@ -0,0 +1,40 @@
+  <match **>
+        @type stdout
+  </match>
+
+  # sources
+  <source>
+    @type forward
+    port 24224
+  </source>
+
+  <source>
+    @type http
+    port 8888
+    bind 0.0.0.0
+    body_size_limit 32m
+    keepalive_timeout 10s
+    # tag is part of the URL, e.g.,
+    # curl -X POST -d 'json={"action":"login","user":2}' http://localhost:8888/tag.here
+  </source>
+
+  <source>
+    @type debug_agent
+    bind 127.0.0.1
+    port 24230
+  </source>
+
+#  <source>
+#    @type tail
+#    path /var/log/httpd-access.log #...or where you placed your Apache access log
+#    pos_file /var/log/td-agent/httpd-access.log.pos # This is where you record file position
+#    tag nginx.access #fluentd tag!
+#    format nginx # Do you have a custom format? You can write your own regex.
+#  </source>
+
+  <source>
+    @type syslog
+    port 5140
+    bind 0.0.0.0
+    tag system.local
+  </source>