setup nextcloud service

dkhost.xai-corp.net.yml

@@ -24,6 +24,7 @@
                 - debugfs
                 - proc
                 - securityfs
+                - tmpfs
               excluded_mountpoint_re: /[media/richard|run/user].*
       docker:
         init_config:
@@ -61,11 +62,24 @@
         host: gluster:/elasticsearch
         mount: /data/elasticsearch
 
+    certbot:
+      domains:
+        - xai-corp.net
+        - www.xai-corp.net
+        - dkregistry.xai-corp.net
+        - sql.xai-corp.net
+        - fs.xai-corp.net
+        - dkhost.xai-corp.net
+        - git.xai-corp.net
+        - dkui.xai-corp.net
+        - jenkins.xai-corp.net
+        - logs.xai-corp.net
+        - tripbuilder.xai-corp.net
+        - xaibox.xai-corp.net
+
   roles:
     - dockerhost
     - geerlingguy.nginx
     - certbot
-#    - docker_registry
-#    - docker_graylog
 
   post_tasks:

dockerfiles/dkregistry/docker-compose.yml

@@ -34,7 +34,7 @@ services:
       restart_policy:
         condition: any
         delay: "1s"
-        max_attempts: 1
+        max_attempts: 15
       resources:
         limits:
           cpus: '0.1'

dockerfiles/owncloud/docker-compose.yml

@@ -0,0 +1,29 @@
+---
+# docker-compose file for owncloud server
+
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml owncloud
+
+version: '3'
+services:
+
+  owncloud:
+    image: nextcloud:12
+    ports:
+      - 8083:80
+#      - 9083:9000
+    volumes:
+      - /opt/shared/nextcloud/data:/var/www/html/data
+      - /opt/shared/nextcloud/config:/var/www/html/config
+      - /opt/shared/nextcloud/apps:/var/www/html/custom_apps
+
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        delay: "1s"
+        max_attempts: 5
+      resources:
+        limits:
+          cpus: '1'
+          memory: 512M

dockerfiles/services/mariadb/docker-compose.yml

@@ -0,0 +1,33 @@
+---
+# docker-compose file for mysql
+# DOCKER_HOST=dkhost:2376 docker-compose up -d
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
+
+version: '3'
+services:
+
+  mysql:
+    image: "mariadb:10"
+    volumes:
+      - /opt/shared/mariadb/data:/var/lib/mysql
+    ports:
+      - "3306:3306"
+    environment:
+      MYSQL_ROOT_PASSWORD: "aifuoqibcqobcqb3"
+
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        delay: "1s"
+        max_attempts: 3
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 512M
+
+networks:
+  default:
+    external:
+      name: prod-private

dockerfiles/services/memcached/docker-compose.yml

@@ -0,0 +1,32 @@
+---
+# docker-compose file for memcached
+# DOCKER_HOST=dkhost:2376 docker-compose up -d
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
+
+version: '3'
+services:
+
+  memcached:
+    image: "memcached:alpine"
+    ports:
+      - "11211:11211"
+    command:
+      - memcached
+      - -m64
+
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        delay: "1s"
+        max_attempts: 3
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 65M
+
+networks:
+  default:
+    external:
+      name: prod-private

dockerfiles/services/redis/docker-compose.yml

@@ -0,0 +1,28 @@
+---
+# docker-compose file for redis
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
+
+version: '3'
+services:
+
+  redis:
+    image: "redis:4-alpine"
+    ports:
+      - "6379:6379"
+
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        delay: "1s"
+        max_attempts: 3
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 256M
+
+networks:
+  default:
+    external:
+      name: prod-private

dockerfiles/sslproxy/Dockerfile

@@ -1,4 +1,4 @@
 FROM nginx:alpine
 
 COPY ./nginx.conf /etc/nginx/nginx.conf
-COPY ./host.conf /etc/nginx/conf.d/host.conf
+COPY ./hosts /etc/nginx/conf.d/

dockerfiles/sslproxy/docker-compose-prod.yml

@@ -0,0 +1,31 @@
+---
+# DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
+# docker login dkregistry.xai-corp.net:5000
+# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:latest
+# DOCKER_HOST=dkhost01:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy
+# DOCKER_HOST=dkhost01:2376 docker stack ps sslproxy
+
+version: '3'
+services:
+  app:
+    image: "dkregistry.xai-corp.net:5000/sslproxy:latest"
+    volumes:
+      - /etc/letsencrypt:/etc/letsencrypt:ro
+    ports:
+      - "443:443"
+
+    logging:
+      driver: syslog
+      options:
+        syslog-address: "tcp+tls://logs6.papertrailapp.com:38577"
+        tag: "{{.Name}}/{{.ID}}"
+
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        delay: 5s
+        max_attempts: 10
+      labels:
+        net.xai-corp.sslproxy.description:  proxy ssl calls to non ssl containers

dockerfiles/sslproxy/docker-compose.yml

@@ -18,24 +18,3 @@ services:
       - /etc/letsencrypt:/etc/letsencrypt:ro
     ports:
       - "443:443"
-#
-#    logging:
-#      driver: gelf
-#      options:
-#        gelf-address: "udp://logs.xai-corp.net:12201"
-
-    logging:
-      driver: syslog
-      options:
-        syslog-address: "tcp+tls://logs6.papertrailapp.com:38577"
-        tag: "{{.Name}}/{{.ID}}"
-
-    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
-        delay: 5s
-        max_attempts: 10
-      labels:
-        net.xai-corp.sslproxy.description:  proxy ssl calls to non ssl containers

dockerfiles/sslproxy/host.conf

@@ -1,159 +0,0 @@
-# fs.xai-corp.net
-server {
-    listen  443 ssl;
-    server_name fs.xai-corp.net;
-    ssl_certificate     /etc/letsencrypt/live/fs.xai-corp.net/cert.pem;
-    ssl_certificate_key /etc/letsencrypt/live/fs.xai-corp.net/privkey.pem;
-
-    #Strict-Transport-Security: max-age=15768000
-    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
-
-    location / {
-        proxy_pass http://dkhost.xai-corp.net:8081;
-    }
-
-}
-
-# git.xai-corp.net
-server {
-    listen  443 ssl;
-    server_name git.xai-corp.net;
-    ssl_certificate     /etc/letsencrypt/live/git.xai-corp.net/cert.pem;
-    ssl_certificate_key /etc/letsencrypt/live/git.xai-corp.net/privkey.pem;
-
-    #Strict-Transport-Security: max-age=15768000
-    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
-
-    location / {
-        proxy_pass http://dkhost.xai-corp.net:10080;
-    }
-
-}
-
-# tripbuilder.xai-corp.net
-server {
-    listen  443 ssl;
-    server_name tripbuilder.xai-corp.net;
-    ssl_certificate     /etc/letsencrypt/live/tripbuilder.xai-corp.net/cert.pem;
-    ssl_certificate_key /etc/letsencrypt/live/tripbuilder.xai-corp.net/privkey.pem;
-
-    #Strict-Transport-Security: max-age=15768000
-    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
-
-    location / {
-        proxy_pass http://dkhost.xai-corp.net:8080;
-    }
-}
-
-# jenkins.xai-corp.net
-server {
-    listen  443 ssl;
-    server_name jenkins.xai-corp.net;
-    ssl_certificate     /etc/letsencrypt/live/jenkins.xai-corp.net/cert.pem;
-    ssl_certificate_key /etc/letsencrypt/live/jenkins.xai-corp.net/privkey.pem;
-
-    #Strict-Transport-Security: max-age=15768000
-    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
-
-    location / {
-        proxy_set_header        Host $host:$server_port;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Host $host;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-
-        proxy_pass http://dkhost.xai-corp.net:8080;
-    }
-
-}
-
-# dkui.xai-corp.net
-server {
-    listen  443 ssl;
-    server_name dkui.xai-corp.net;
-    ssl_certificate     /etc/letsencrypt/live/dkui.xai-corp.net/cert.pem;
-    ssl_certificate_key /etc/letsencrypt/live/dkui.xai-corp.net/privkey.pem;
-
-    #Strict-Transport-Security: max-age=15768000
-    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
-
-    location / {
-        proxy_set_header Connection $http_connection;
-        proxy_pass http://dkhost.xai-corp.net:9000;
-    }
-
-}
-
-# dkregistry.xai-corp.net
-## Set a variable to help us decide if we need to add the
-## 'Docker-Distribution-Api-Version' header.
-## The registry always sets this header.
-## In the case of nginx performing auth, the header will be unset
-## since nginx is auth-ing before proxying.
-map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
-'' 'registry/2.0';
-}
-
-server {
-    listen  443 ssl;
-    server_name dkregistry.xai-corp.net;
-    ssl_certificate     /etc/letsencrypt/live/dkregistry.xai-corp.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/dkregistry.xai-corp.net/privkey.pem;
-
-    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-    ssl_protocols TLSv1.1 TLSv1.2;
-    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
-
-    #Strict-Transport-Security: max-age=15768000
-    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
-
-    # disable any limits to avoid HTTP 413 for large image uploads
-    client_max_body_size 0;
-
-    # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
-    chunked_transfer_encoding on;
-
-    location /v2/ {
-        # Do not allow connections from docker 1.5 and earlier
-        # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
-        if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
-        return 404;
-        }
-
-        # To add basic authentication to v2 use auth_basic setting.
-        auth_basic "Registry realm";
-        auth_basic_user_file /opt/shared/dkregistry/auth/htpasswd;
-
-        ## If $docker_distribution_api_version is empty, the header will not be added.
-        ## See the map directive above where this variable is defined.
-        add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
-
-        proxy_set_header  Host              $http_host;   # required for docker client's sake
-        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
-        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header  X-Forwarded-Proto $scheme;
-        proxy_set_header Connection $http_connection;
-
-        proxy_pass http://dkhost.xai-corp.net:5000;
-        proxy_read_timeout                  900;
-    }
-
-}
-
-# logs.xai-corp.net
-server {
-    listen  443 ssl;
-    server_name logs.xai-corp.net;
-    ssl_certificate     /etc/letsencrypt/live/logs.xai-corp.net/cert.pem;
-    ssl_certificate_key /etc/letsencrypt/live/logs.xai-corp.net/privkey.pem;
-    #Strict-Transport-Security: max-age=15768000
-    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
-
-    location / {
-        proxy_set_header Connection $http_connection;
-        proxy_pass http://dkhost.xai-corp.net:10090;
-    }
-
-}

dockerfiles/sslproxy/hosts/dkregistry.xai-corp.net.conf

@@ -0,0 +1,57 @@
+# dkregistry.xai-corp.net
+## Set a variable to help us decide if we need to add the
+## 'Docker-Distribution-Api-Version' header.
+## The registry always sets this header.
+## In the case of nginx performing auth, the header will be unset
+## since nginx is auth-ing before proxying.
+map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
+'' 'registry/2.0';
+}
+
+server {
+    listen  443 ssl;
+    server_name dkregistry.xai-corp.net;
+    ssl_certificate     /etc/letsencrypt/live/dkregistry.xai-corp.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/dkregistry.xai-corp.net/privkey.pem;
+
+    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+
+    #Strict-Transport-Security: max-age=15768000
+    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
+
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
+    chunked_transfer_encoding on;
+
+    location /v2/ {
+        # Do not allow connections from docker 1.5 and earlier
+        # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
+        if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+        return 404;
+        }
+
+        # To add basic authentication to v2 use auth_basic setting.
+        auth_basic "Registry realm";
+        auth_basic_user_file /opt/shared/dkregistry/auth/htpasswd;
+
+        ## If $docker_distribution_api_version is empty, the header will not be added.
+        ## See the map directive above where this variable is defined.
+        add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
+
+        proxy_set_header  Host              $http_host;   # required for docker client's sake
+        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Proto $scheme;
+        proxy_set_header Connection $http_connection;
+
+        proxy_pass http://dkhost.xai-corp.net:5000;
+        proxy_read_timeout                  900;
+    }
+
+}

dockerfiles/sslproxy/hosts/dkui.xai-corp.net.conf

@@ -0,0 +1,21 @@
+# dkui.xai-corp.net
+server {
+    listen  443 ssl;
+    server_name dkui.xai-corp.net;
+    ssl_certificate     /etc/letsencrypt/live/dkui.xai-corp.net/cert.pem;
+    ssl_certificate_key /etc/letsencrypt/live/dkui.xai-corp.net/privkey.pem;
+
+    #Strict-Transport-Security: max-age=15768000
+    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
+
+    location / {
+        proxy_set_header        Connection $http_connection;
+        proxy_set_header        Host $host:$server_port;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Host $host;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass http://dkhost.xai-corp.net:9000;
+    }
+
+}

dockerfiles/sslproxy/hosts/fs.xai-corp.net.conf

@@ -0,0 +1,15 @@
+# fs.xai-corp.net
+server {
+    listen  443 ssl;
+    server_name fs.xai-corp.net;
+    ssl_certificate     /etc/letsencrypt/live/fs.xai-corp.net/cert.pem;
+    ssl_certificate_key /etc/letsencrypt/live/fs.xai-corp.net/privkey.pem;
+
+    #Strict-Transport-Security: max-age=15768000
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+
+    location / {
+        proxy_pass http://dkhost.xai-corp.net:8081;
+    }
+
+}

dockerfiles/sslproxy/hosts/git.xai-corp.net.conf

@@ -0,0 +1,15 @@
+# git.xai-corp.net
+server {
+    listen  443 ssl;
+    server_name git.xai-corp.net;
+    ssl_certificate     /etc/letsencrypt/live/git.xai-corp.net/cert.pem;
+    ssl_certificate_key /etc/letsencrypt/live/git.xai-corp.net/privkey.pem;
+
+    #Strict-Transport-Security: max-age=15768000
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+
+    location / {
+        proxy_pass http://dkhost.xai-corp.net:10080;
+    }
+
+}

dockerfiles/sslproxy/hosts/jenkins.xai-corp.net.conf

@@ -0,0 +1,21 @@
+# jenkins.xai-corp.net
+server {
+    listen  443 ssl;
+    server_name jenkins.xai-corp.net;
+    ssl_certificate     /etc/letsencrypt/live/jenkins.xai-corp.net/cert.pem;
+    ssl_certificate_key /etc/letsencrypt/live/jenkins.xai-corp.net/privkey.pem;
+
+    #Strict-Transport-Security: max-age=15768000
+    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
+
+    location / {
+        proxy_set_header        Host $host:$server_port;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Host $host;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+        proxy_pass http://dkhost.xai-corp.net:8080;
+    }
+
+}

dockerfiles/sslproxy/hosts/logs.xai-corp.net.conf

@@ -0,0 +1,15 @@
+# logs.xai-corp.net
+server {
+    listen  443 ssl;
+    server_name logs.xai-corp.net;
+    ssl_certificate     /etc/letsencrypt/live/logs.xai-corp.net/cert.pem;
+    ssl_certificate_key /etc/letsencrypt/live/logs.xai-corp.net/privkey.pem;
+    #Strict-Transport-Security: max-age=15768000
+    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
+
+    location / {
+        proxy_set_header Connection $http_connection;
+        proxy_pass http://dkhost.xai-corp.net:10090;
+    }
+
+}

dockerfiles/sslproxy/hosts/tripbuilder.xai-corp.net.conf

@@ -0,0 +1,14 @@
+# tripbuilder.xai-corp.net
+server {
+    listen  443 ssl;
+    server_name tripbuilder.xai-corp.net;
+    ssl_certificate     /etc/letsencrypt/live/tripbuilder.xai-corp.net/cert.pem;
+    ssl_certificate_key /etc/letsencrypt/live/tripbuilder.xai-corp.net/privkey.pem;
+
+    #Strict-Transport-Security: max-age=15768000
+    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
+
+    location / {
+        proxy_pass http://dkhost.xai-corp.net:8080;
+    }
+}

dockerfiles/sslproxy/hosts/xaibox.xai-corp.net.conf

@@ -0,0 +1,16 @@
+# xaibox.xai-corp.net
+server {
+    listen  443 ssl;
+    server_name xaibox.xai-corp.net;
+    ssl_certificate     /etc/letsencrypt/live/xaibox.xai-corp.net/cert.pem;
+    ssl_certificate_key /etc/letsencrypt/live/xaibox.xai-corp.net/privkey.pem;
+
+    #Strict-Transport-Security: max-age=15768000
+    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+
+    location / {
+        proxy_set_header Connection $http_connection;
+        proxy_pass http://dkhost.xai-corp.net:8083;
+    }
+
+}

managed_setup.yml

@@ -82,6 +82,7 @@
     - rsyslog
     - motd
     - { role: Datadog.datadog, when: ansible_architecture != 'armv7l' } #does not support armhf architecture. should switch to fluentd or logstash
+    - { role: ddagent_source, when: ansible_architecture == 'armv7l' }
 
   tasks:
     - name: add ansible to sudoers

roles/_install_updates/tasks/rebootAndWait.yml

@@ -0,0 +1,18 @@
+---
+
+# wait random time to start this to offset reboots of individual machines
+- pause: seconds={{ 100 | random(1,10) }}
+
+# Send the reboot command
+- shell: shutdown -r now
+
+# This pause is mandatory, otherwise the existing control connection gets reused!
+- pause: seconds=30
+
+# Now we will run a local 'ansible -m ping' on this host until it returns.
+# This works with the existing ansible hosts inventory and so any custom ansible_ssh_hosts definitions are being used
+- local_action: shell ansible -u {{ ansible_user_id }} -m ping {{ inventory_hostname }}
+  register: result
+  until: result.rc == 0
+  retries: 30
+  delay: 10

roles/certbot/tasks/main.yml

@@ -21,18 +21,8 @@
   command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
   args:
     creates: /etc/letsencrypt/live/{{ item }}/cert.pem
-  with_items:
+  with_items: "{{certbot.domains}}"
-    - xai-corp.net
+
-    - www.xai-corp.net
-    - dkregistry.xai-corp.net
-    - sql.xai-corp.net
-    - fs.xai-corp.net
-    - dkhost.xai-corp.net
-    - git.xai-corp.net
-    - dkui.xai-corp.net
-    - jenkins.xai-corp.net
-    - logs.xai-corp.net
-    - tripbuilder.xai-corp.net
 
 - name: cron job for renewing certs
   cron:

roles/ddagent_source/files/supervisor-dd-agent.conf

@@ -0,0 +1,4 @@
+[program:dd-agent]
+command=/root/.datadog-agent/bin/agent start -d
+stderr_logfile = /var/log/supervisord/ddagent-stderr.log
+stdout_logfile = /var/log/supervisord/ddagent-stdout.log

roles/ddagent_source/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+# handlers/main.yml
+# define handlers here
+
+#- name: restart <service>
+#  service: name=<service> state=restarted
+
+#- name: stop <service>
+#  service: name=<service> state=stopped
+
+- name: restart supervisor
+  service: name=supervisor start restarted

roles/ddagent_source/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+# install dd-agent from source
+
+- name: install packages
+  apt:
+    state: installed
+    package: "{{ item }}"
+    update_cache: yes
+    cache_valid_time: 3600
+  with_items:
+    - python-psutil
+
+- shell: DD_API_KEY=ca0faf176c4aedd4f547ed7cf85615eb sh -c "$(curl -L https://raw.githubusercontent.com/DataDog/dd-agent/master/packaging/datadog-agent/source/setup_agent.sh)"
+  args:
+    creates: "/root/.datadog-agent/bin/agent"
+
+- name: add agent line to rc.local
+  lineinfile:
+    dest: /etc/rc.local
+    regexp: '^nohup sh /root/.datadog-agent/bin/agent &'
+    line: 'nohup sh /root/.datadog-agent/bin/agent &'
+    insertbefore: "^exit 0"
+
+- name: start agent
+  shell: /root/.datadog-agent/bin/agent start

roles/dockerhost/tasks/install-xenial.yml

@@ -14,6 +14,7 @@
     - "glusterfs-client"
     - xfsprogs
     - attr
+    - virtualbox-guest-additions-iso
 
 #- name: install repo keys
 #  apt_key:

roles/dockerhost/tasks/main.yml

@@ -15,3 +15,11 @@
     force: yes
   with_items:
     - { src: "/opt/shared/letsencrypt", path: "/etc/letsencrypt" }
+
+- name: setup owncloud cron job
+  cron:
+    name: owncloud
+    state: present
+    user: www-data
+    day: "*/15"
+    job: "curl -k https://xaibox.xai-corp.net/cron.php"

roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2

@@ -53,4 +53,6 @@ jenkins                 IN CNAME    dkhost
 logs                    IN CNAME    dkhost
 dkregistry              IN CNAME    dkhost
 sql                     IN CNAME    dkhost
+mysql                   IN CNAME    dkhost
 tripbuilder             IN CNAME    dkhost
+xaibox                  IN CNAME    dkhost