xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

Docker host and docker registry

Browse Source
This commit is contained in:
richard
2016-12-28 13:13:35 -05:00
parent a519e04791
commit 96087c2295
23 changed files with 361 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.idea/webServers.xml generated
View File

@@ -16,6 +16,13 @@
</advancedOptions>
</fileTransfer>
</webServer>
<webServer id="5ea0148a-6c7a-4234-aeb2-def267ab69c8" name="web01.xai-corp.net" url="http://192.168.2.18">
<fileTransfer host="192.168.2.18" port="22" privateKey="$USER_HOME$/.ssh/id_rsa" accessType="SFTP" username="ansible" keyPair="true">
<advancedOptions>
<advancedOptions dataProtectionLevel="Private" />
</advancedOptions>
</fileTransfer>
</webServer>
</option>
</component>
</project>

57
dkhost.xai-corp.net.yml Normal file
View File

@@ -0,0 +1,57 @@
---
# playbook for home02
- hosts: dkhost01
remote_user: ansible
gather_facts: yes
become: true
vars:
datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
datadog_checks:
system:
init_config: []
instances: []
disk:
init_config:
instances:
- use_mount: yes
excluded_filesystems:
- sysfs
- cgroup
- tracefs
- debugfs
- proc
- securityfs
excluded_mountpoint_re: /[media/richard|run/user].*
# docker:
# init_config:
# instances:
# - url: "unix://var/run/docker.sock"
# new_tag_names: true
dockerhost:
users:
- dd-agent
- richard
- ansible
nginx_remove_default_vhost: true
nginx_vhosts_filename: "xai-corp.conf"
nginx_vhosts:
- listen: "80 default_server"
server_name: "xai-corp.net"
root: "/var/www/xai-corp.net"
index: "index.html index.htm"
access_log: "/var/log/nginx/xaicorp.access.log"
error_log: "/var/log/nginx/xaicorp.error.log"
roles:
# - _install_updates
# - Datadog.datadog
# - dockerhost
# - geerlingguy.nginx
# - certbot
- docker_registry
post_tasks:

4
home02.xai-corp.net.yml
View File

@@ -28,8 +28,8 @@
roles:
# - Datadog.datadog
# - ns.xai-corp.net
- Datadog.datadog
- ns.xai-corp.net
- td-agent-bit
post_tasks:

3
requirements.yml
View File

@@ -16,4 +16,7 @@
- src: bennojoy.ntp
path: roles/vendor/
- src: geerlingguy.nginx
path: roles/vendor/

9
roles/_install_updates/tasks/main.yml Normal file
View File

@@ -0,0 +1,9 @@
---
# update packages to latest
- name: run apt updates
apt:
upgrade: dist
update_cache: yes
cache_valid_time: 3600
when: ansible_os_family == "Debian"

32
roles/certbot/tasks/main.yml Normal file
View File

@@ -0,0 +1,32 @@
---
# main task for installing Let's Encrypt's certbot tool
# https://certbot.eff.org/#ubuntuxenial-other
- name: install certbot on ubuntu 16.04
apt:
state: latest
package: "{{ item }}"
update_cache: yes
cache_valid_time: 3600
with_items:
- "letsencrypt"
when: ansible_os_family == "Debian"
- name: create first certificates
command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
args:
creates: /etc/letsencrypt/live/{{ item }}/cert.pem
with_items:
- xai-corp.net
- www.xai-corp.net
- dkregistry.xai-corp.net
- sql.xai-corp.net
- name: cron job for renewing certs
cron:
name: renew let's encrypt certificates
state: present
user: root
day: "*/2"
job: "letsencrypt renew "

21
roles/docker/tasks/install.yml
View File

@@ -1,21 +0,0 @@
---
# main tasks to install docker
- name: install packages
apt: state=present package={{ item }}
with_items:
- "wget"
- name: run docker install script
command: "wget -qO- https://get.docker.com/ | sh"
args:
creates: /usr/bin/docker
- name: create docker group
group: state=present name=docker gid=999 system=yes
- name: add users to docker group
user: name={{ item }} groups=docker append=yes
with_items:
- richard

4
roles/docker/tasks/main.yml
View File

@@ -1,4 +0,0 @@
---
# main docker tasks
- include: install.yml

6
roles/docker_registry/defaults/creds.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# private credentials used in docker_registry
docker_registry.users:
- { "richard" : "richard" }
- { "testuser" : "testpassword" }

19
roles/docker_registry/files/docker-compose.yml Normal file
View File

@@ -0,0 +1,19 @@
registry:
restart: always
image: registry:2
ports:
- 5000:5000
environment:
# REGISTRY_HTTP_TLS_CERTIFICATE: /certs/cert.pem
# REGISTRY_HTTP_TLS_KEY: /certs/privkey.pem
# REGISTRY_HTTP_LETSENCRYPT_CACHEFILE:
REGISTRY_HTTP_LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
REGISTRY_HTTP_HOST: https://192.168.2.41:5000
# REGISTRY_HTTP_ADDR: 192.168.2.41:5000
# REGISTRY_AUTH: htpasswd
# REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
# REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /opt/dkregistry/data:/var/lib/registry
- /etc/letsencrypt/live/dkregistry.xai-corp.net:/certs
- /opt/dkregistry/auth:/auth

37
roles/docker_registry/tasks/main.yml Normal file
View File

@@ -0,0 +1,37 @@
---
# Main task for creating a docker registry
- name: clean up old config
command: "rm -rf /opt/dkrepository"
# create folders for certs, data,
- name: create data folders (/opt/dkregistry)
file:
path: "{{ item }}"
state: directory
owner: root
group: docker
mode: 0770
with_items:
- /opt/dkregistry/data
- /opt/dkregistry/auth
# make auth files using docker container
- name: create auth file
shell: echo '' > /opt/dkregistry/auth/htpasswd
- name: add user to auth file
shell: "docker run --entrypoint htpasswd registry:2 -Bbn {{ item.name }} {{ item.pass }} >> /opt/dkregistry/auth/htpasswd"
with_items:
- { "name" : "richard", "pass" : "richard" }
- { "name" : "testuser", "pass" : "testpassword" }
- name: copy composer file
copy:
src: docker-compose.yml
dest: /opt/dkregistry/docker-compose.yml
- name: run docker up
shell: "docker-compose up -d"
args:
chdir: /opt/dkregistry

7
roles/dockerhost/defaults/main.yml Normal file
View File

@@ -0,0 +1,7 @@
---
# default vars
dockerhost:
users:
- richard
- ansible

10
roles/dockerhost/files/daemon.json Normal file
View File

@@ -0,0 +1,10 @@
{
"insecure-registries": [
"dkregistry.xai-corp.net:5000",
"192.168.2.41:5000"
],
"dns": [
"192.168.2.22",
"8.8.8.8"
]
}

59
roles/dockerhost/tasks/install-xenial.yml Normal file
View File

@@ -0,0 +1,59 @@
---
# main tasks to install docker
- name: install packages
apt:
state: installed
package: "{{ item }}"
update_cache: yes
cache_valid_time: 3600
with_items:
- "wget"
- "apt-transport-https"
- "ca-certificates"
#- name: run docker install script
# command: "wget -qO- https://get.docker.com/ | sh"
# args:
# creates: /usr/bin/docker
#- stat:
# path: /usr/bin/docker
# register: docker
#
#- debug: var=docker
#- name: download install script
# get_url:
# url: https://get.docker.com/
# dest: /tmp/docker_install.sh
# mode: 500
# when: docker.stat.exists == false
#
#- name: run install script
# script: /tmp/docker_install.sh
# args:
# creates: /usr/bin/docker
# when: docker.stat.exists == false
- name: create docker group
group: state=present name=docker gid=999 system=yes
- name: add users to docker group
user: name={{ item }} groups=docker append=yes
with_items: "{{ dockerhost.users }}"
- name: install via apt
apt:
update_cache: true
package: "{{ item }}"
with_items:
- docker-engine
- docker-compose
- name: copy docker config file
copy:
src: daemon.json
dest: /etc/docker/daemon.json

6
roles/dockerhost/tasks/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# main docker tasks
- include: "install-xenial.yml"
when: ansible_distribution_release == "xenial"
become: true

3
roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
View File

@@ -32,3 +32,6 @@ tv IN A 192.168.2.16
xaicorp1 IN A 192.168.2.103
garden IN A 192.168.2.20
home02 IN A 192.168.2.22
dkhost01 IN A 192.168.2.41
dkregistry IN A 192.168.2.41

0
roles/php-fpm/handlers/main.yml → roles/php5-fpm-phalcon/handlers/main.yml
View File

0
roles/php-fpm/tasks/main.yml → roles/php5-fpm-phalcon/tasks/main.yml
View File

6
roles/php7-fpm/defaults/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# default vars
php7-fpm:
packages:
- php-zip

4
roles/php7-fpm/tasks/devtools.yml Normal file
View File

@@ -0,0 +1,4 @@
---
# install php dev tools

17
roles/php7-fpm/tasks/main.yml Normal file
View File

@@ -0,0 +1,17 @@
---
# install php-fpm on ubuntu16.04
# install packages
- name: Install php-fpm basics.
apt: pkg={{ item }} state=installed
with_items:
- libwww-perl
- php-fpm
- php-zip
#- name: Ensure dependencies are installed.
# apt: pkg={{ item }} state=installed
# when: php7-fpm.packages
# with_items: "{{ php7-fpm.packages }}"

40
roles/td-agent/files/td-leaf.conf Normal file
View File

@@ -0,0 +1,40 @@
<match **>
@type stdout
</match>
# sources
<source>
@type forward
port 24224
</source>
<source>
@type http
port 8888
bind 0.0.0.0
body_size_limit 32m
keepalive_timeout 10s
# tag is part of the URL, e.g.,
# curl -X POST -d 'json={"action":"login","user":2}' http://localhost:8888/tag.here
</source>
<source>
@type debug_agent
bind 127.0.0.1
port 24230
</source>
# <source>
# @type tail
# path /var/log/httpd-access.log #...or where you placed your Apache access log
# pos_file /var/log/td-agent/httpd-access.log.pos # This is where you record file position
# tag nginx.access #fluentd tag!
# format nginx # Do you have a custom format? You can write your own regex.
# </source>
<source>
@type syslog
port 5140
bind 0.0.0.0
tag system.local
</source>

37
web01.xai-corp.net.yml Normal file
View File

@@ -0,0 +1,37 @@
---
# playbook for home02
- hosts: web01
remote_user: ansible
gather_facts: yes
become: true
vars:
datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
datadog_checks:
system:
init_config: []
instances: []
disk:
init_config:
instances:
- use_mount: yes
excluded_filesystems:
- sysfs
- cgroup
- tracefs
- debugfs
- proc
- securityfs
excluded_mountpoint_re: /[media/richard|run/user].*
roles:
- Datadog.datadog
- td-agent-bit
- php7-fpm
post_tasks:
# - name: check service is up
# service: name={{ bind.service }} state=started