Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/registry drone roles #42

Open
wants to merge 22 commits into
base: master
Choose a base branch
from
Open

Feature/registry drone roles #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
2847a29
Rename caliopen cert and key to match naming
PabloPie Jul 26, 2018
a57645a
Install also the base *.caliopen.org cert
PabloPie Jul 26, 2018
dde0ff6
Add role for docker registry
PabloPie Jul 26, 2018
1d4c868
Add base role for vms not connected to private vlan
PabloPie Jul 26, 2018
3f0a2de
Role to install docker on machines that need it
PabloPie Jul 26, 2018
beca854
Add role for drone server
PabloPie Jul 26, 2018
5a0cb4b
Nginx not running as a container the IP is needed
PabloPie Jul 26, 2018
16bcf7a
Fix naming and end of files
PabloPie Jul 26, 2018
dba782f
Variable is now named caliopen_domain_base
PabloPie Jul 26, 2018
b24fa8b
VM should also be created...
PabloPie Jul 26, 2018
b6fe69c
nginx conf files do not need http directive
PabloPie Jul 26, 2018
bc0aebd
Upgrade machine on start
PabloPie Jul 26, 2018
11db4ff
fix docker compose command
PabloPie Jul 26, 2018
1a0ace9
Create auth directory
PabloPie Jul 26, 2018
f3926a4
add tag to skip monitoring tasks
PabloPie Jul 26, 2018
1d040fa
Update caliopen certs
PabloPie Jul 27, 2018
1d8d349
Password change
PabloPie Jul 27, 2018
7d3551d
Getting the release codename from the machine allows more version fle…
PabloPie Jul 31, 2018
7df4d75
Expose directly drone on port 8000 to avoid conflicts with nginx
PabloPie Jul 31, 2018
8a3b7fa
Tags no longer needed
PabloPie Jul 31, 2018
861f50d
add_header directive correction
PabloPie Jul 31, 2018
7593456
Building applications needs more RAM and cpu
PabloPie Aug 2, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions bin/create_gandi_vm.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,6 @@ gandi vm create --memory 1024 --hostname worker1 --image "Debian 8" --size 10G -
# SMTP
# vlan ip range for smtp services : 192.168.1.32/29
gandi vm create --memory 2048 --hostname mail1 --image "Debian 8" --size 20G --datacenter FR-SD3 --vlan alpha_vlan --ip 192.168.1.33 --ip-version 4

# Registry
gandi vm create --memory 4096 --cpu 2 --hostname registry1 --image "Debian 8" --size 50G --datacenter FR-SD3 --ip-version 4
7 changes: 7 additions & 0 deletions deploy-registry.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
- hosts: registry
roles:
- common-no-vlan
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This role is useless at the moment, only needed for ssh keys, maybe in the future it will be of more use.

- docker
- nginx
- registry
- drone
24 changes: 23 additions & 1 deletion hosts.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,14 @@ caliopen
gateway
storage
smtp
citools

[services:vars]
dist_directory=./dist
object_store_access_key=SZ1BBGKTD2N13E0W5L8N
object_store_secret_key=qTsjiThBQA2NH6ZO32tCwCC6wcC8ValVLR16XUsB
caliopen_domain_name=alpha.caliopen.org
caliopen_domain_base=caliopen.org
caliopen_domain_name=alpha.{{ caliopen_domain_base }}
caliopen_nameservers=["155.133.128.67", "155.133.128.65"]

# Vault
Expand All @@ -20,6 +22,20 @@ vault_worker_password=TO_BE_DEFINED
vault_cert_path=/etc/vault/alpha.caliopen.org.crt
vault_key_path=/etc/vault/alpha.caliopen.org.key

# Docker registry
registry_path=/etc/docker-registry

# Drone
drone_path=/etc/drone
# Github OAuth
DRONE_GITHUB_CLIENT=
DRONE_GITHUB_SECRET=
# Agent/Server communication
DRONE_SECRET=this_should_be_a_secret
# List of admins, Github usernames
DRONE_ADMIN=
DRONE_HOST=drone.{{ caliopen_domain_base }}

# Version of installed software out of host packaging

# monitoring platform
Expand Down Expand Up @@ -61,6 +77,9 @@ cache
mq
object_store

[citools:children]
registry

[store]
store1 ansible_host=ip_store1 ansible_user=root backend_ip=backend_store1
store2 ansible_host=ip_store2 ansible_user=root backend_ip=backend_store2
Expand Down Expand Up @@ -107,3 +126,6 @@ mail1 ansible_host=ip_mail1 ansible_user=root backend_ip=backend_mail1

[logstash]
logstash1 ansible_host=ip_logstash1 ansible_user=root backend_ip=backend_logstash1

[registry]
registry1 ansible_host=ip_registry1 ansible_user=root backend_ip=backend_registry1
8 changes: 8 additions & 0 deletions roles/common-no-vlan/files/ssh_authorized_keys
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5+2ViaP1ktWlzMCY4IOJOV1K0TH1GstHzoMdeIf9ihiSz7nR7wKcYJMC6KlmOYVQzftENXHQZAtbL4tVPLpLWXN+4fCn+pbQVu47P3QCH9Ez0d23p4byZl5h+qyx0dJv/ltc71X6NIvHH2WXmvvy+Bda4b1NVpJN/voiMoihipsjPPeL+s6B+3dw6PD3h5vvzvJCrfkKGijoT74+BbjYimwmNsaDRQH9tIMaTVeV7ZIe9qfxg5fkg4WsFl9mzikbqYzdBgiC2XeK/L4w3FJONALAEy7FTsUdNaenKxTn4zw/9qdV20TqYEyCbYlANS+2NMLYxeSqdpYB3yvePoucOw== [email protected]
ssh-dss AAAAB3NzaC1kc3MAAACBAM686CNkUeMiHvr/1tj4zRaJMqAgZAFCuX6WmocNHleTLG2yWcQPAIXKONp++AJ78woEERCTB2otJSsP4Ur8q/K95UiPYmtRJ/wwTI4ojrCk4BmK9KK2hb0OONOL0SvX/sUZlddFtAZ2xnSFD6YC4gtANE1nnojo2/BOrgs9h13tAAAAFQCkqnmRZOK29LK8OPI+095IzI0YMQAAAIAf3BB/TX2mZWGtB9PivKybt+QPMx5YWA43jK6NippTIVq60ihvcnVKpAQDt0llZn4J5qoEgVHwELr+4F6vMz2HP3ZviQ3c/4hlIpfknVsFLgMkJynKZaJLTe+Afwv1r+8DAA2+/SvtwLjFIDcbkTgGdxiyInD8rDyprKQ7nI3sNwAAAIABuUMiFMmpkARmatAJoXjFm2V1JIyycuJdMqJMUoq9m7kjJB4r55+eTLEtIvtBs/LnlAUTl2kCQszEax4VlLGiEEH/hWryaePRuosEv1issiISiluJmIQcJU+vgAHApyGH6uVCWzoc58or5rnQto22MEcH/qHIggTuKIfQvz8Hhg== [email protected]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzWy1ckqww3CP8BPB56tfHwN7Wh+/4dpByhwTpb5lXpfjNvI3KNaz3835oa/cHvxt34alBHdhG65eUQOYOX3frXGEPxFPCjADPBh0+WAa00IpFLCyvsVxOutBU9Fu5eGVVcmIC5gq4M21zUppbiFzppc/7a8W/xz4W17LzuqzRRaerz5WcYNE5uf+arqW2zrmWA5Nhwjo2C1Q0qB8a+6Nvg14OAKyYL8P2eTUmzmK+Dv3oCwgqLZalx1djjmFv3N6SWdOLK92Jq3/b6Xb9RHCALP1/wnVtmzKFaCtspBpDs9eU6f6G4hP67sRobimMWdB/EibLlLDw3Sul6j6CK6Qd8QMJwR5cU2+lmSQXlwlvRmgvhayPUNJEwR0nY3uiHoybJzClF3LOljn7RkqBUY6ud3y1L1OUbJvUYw9ou6gd61HGqXFjuD8hLDRBdCaAzlPm1Wm6eAY01bLOcKcXdqNJOoSh/ZKAdT5VvmPZgbit9c5OitujNGs3wkI2O+DydMa/UBJbdzQdh+QZLVFzQ1qO2BPkQCQ2TZBad0YqtlTxGiB+cEwIx4dkYfJcbWcrVZs04g24otMQOnb+1KcISKcqVR/qOWvFzaBMa8uXu6JoDE2qL6R1q+uls+gMFFIKoy16C3skg7jxydlgXEfiURWNy3RkIEgMSEkGz9dxDv8UAQ== [email protected]
ssh-dss AAAAB3NzaC1kc3MAAACBAMZ50GLnHEvUFvMQsHBRdlUka0ikKOmpTt7etALYXfDSsR6ItF1r3evY74bDGrQjD6SwOHiwfnDsUH6pw8OydHH17803JBhUjDe2/NEhmaAqOmI+sLTknHVJZwDEVLhvXBaFTQcT4qEGgG0XYxM+EZ7vBirodzvGwBpwXnmMlNA3AAAAFQDVlmYkBh8rhBbJwZpmWGaGDPjFBQAAAIEAl4shqD8f64XTqcaJ456j5vghvElyPN1T8JoqlUg7iyzFeRnHlcGZkN3nw+aB1DVHIRIBA5hGk0TOCXgGRNkcgtDn6Wj9R0A2Wow/reFFPjio+NIM5YaNVqUPirFMWOO+cVhCaN3RvIHjWzGM+oQjk2LGxpN/Tzh2UyF7O3FLU6MAAACAcH39fUlEERGhrfx6cyKv7jjoChOsHKc/Wix3QyU7jq7Ta5iVjOGBOR1nYL5JKJWnEhIx/g5N+NAuvvzLIe/x4vlFo8PLk0obCXDeOsucuwWpcCldYE3GqTJZzxnCOIkdjooszQhztmxe1bBP/Aib7KyogaJmKrQv6BOjWQhx/TE= laurent@brasil
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPQJeSOFDn9N73xOkJvWS97CvGQLarKI6n2kaA4cLzx root@argentina
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCm70qHMJSqaQKJdoNOzrfCo+1pzlhqHIFBozI5VCiMwA6Nr2qEHD+VgSbhDByX0xdgv9cwIcxvVzWMZPn8QM2ZewvNgPHoQxH4ae3pWjTM+W8qqaNjBfWuarinwt7gO8jT8i55AcMa5ctihvXWE3jTM6EHcaKTngFD1NYFj5tS4Zrw9a5nK1ZRsMrPF6Wte9S3e2PWiPYiT8uCauNUB5Xi6r1BxzMtviJddZmv0r4WQL3QD672Gmia6xhIybiIFTOID+N4cAARKZKh7WSlcx4qA1umWLd1nst5HgyK4SfFhSPd+2XJLsPc1cZpVVfjJRGomLi7yxu4P8VMaKwwCiuj stan@BobyLap
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdqFMRQx+OI+3b8st+ho1Ioqp3wiQqqMlMKiNjDC1rUiQ5sGhGT1uxBzxWSA8UjyfJmYaJhllfe5Tjp2D1lUyXX2tX0QCMM1doHON/29wjBXxBgtP7i5focNAv6KP2suSuyFuIRpP3MuEyieQgyH0atL1FxNpQIrvnOrdiw609T4xfLTWfad+jjtIo3qq3Rvb7TpI9h0lBcgJEHPSjsapYenFPNCaRE+3oye37OtYdWaF9ozdHkRBDj8mp23bitJSwltYOhYZlVs8fVyBr30+z4tSwNMizl7DCrr+rJFBCRwoHUOLo82LuJf1ivQwu3mC77JJgWsiycMYnKPOamDwv pablo@pablo
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTHau8idcljL+CRudl/i0HPzKbTxYk+qSJg26ql/K+BJF5uS360jYt9MW+C4qLSfYBtY0Ywcb7ePeO+1I/BjAdf6BtzxnNCYDnKptPMlkq9E0caMcDuuYFNG8BZQ6HcVmIbCns6aa0cXRGZcIBeHFAWfveocPdpcnTOXbFItV4ndFhm+KsCaJ9uQUxmJZMuUYoA/mmIgizddevh+bWMyN2/ntLhCvXucKti79sUoGVo5Ihk4KKXYxmZkWMJeY6y72TMeMx/KOJuoI5bkaLl/Y7oF8g7gzghmF56yI0uev83CyY1Mi+nF+qYqcjA9W9UVzx/xlkt3vhVyQ0C7hywoW1SPultSOr2ovtaEEFG16phOhWCNTwc1fUBwDv+UHHSgDjUQw1XBeMpTyW3d0Kys6bqvdisT9Z8n364BNDs2wC5VpctOLMyWXOt7stql56625fjMTGZYxD/+b4IvyW+qP9JRSjeeqb03PXoT+45V57s6UxJpIihjZSrEqJ1ZXAD0tLv3Fsj1KHNQi8da+P0ph33XeplCGPhRBohiL3obxWSDZ/WX0MaX4tgICqDHAkSGrDJkeF8dgNAtO2+m44oty6U/ztnuSKQGBXACxbpS+M8YfPFTyBkjrOtfqk0R/MgdG2gxvPyYPG3ody20QcYzTbG9LrtOReN58kPt4D/3Mp2w== [email protected]
7 changes: 7 additions & 0 deletions roles/common-no-vlan/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
- name: install ssh authorized keys
copy: src=ssh_authorized_keys dest=/root/.ssh/authorized_keys mode=0600
tags:
- ssh

- name: upgrade packages
shell: apt-get upgrade -y
39 changes: 39 additions & 0 deletions roles/docker/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
- name: install dependencies
apt: package={{ item }} state=installed update_cache=yes
with_items:
- apt-transport-https
- curl
- ca-certificates
- gnupg2
- software-properties-common

- name: add apt key
apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present

- name: get codename
shell: lsb_release -cs
register: debian_codename

- name: Add docker apt repo
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ debian_codename.stdout }} stable"
filename: docker
state: present

- name: install docker ce
apt: package={{ item }} update_cache=yes
with_items:
- docker-ce

- name: start docker
service:
name: docker
state: restarted

- name: install docker compose
get_url:
url: https://github.com/docker/compose/releases/download/1.22.0/docker-compose-Linux-x86_64
dest: /usr/local/bin/docker-compose
mode: 0550
20 changes: 20 additions & 0 deletions roles/drone/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
- name: create drone directory
file:
path: "{{ drone_path }}"
state: directory

- name: copy compose file for registry server
template: src=docker-compose.yml.j2 dest={{ drone_path }}/docker-compose.yml

- name: start drone
shell: docker-compose -f {{ drone_path }}/docker-compose.yml up -d

- name: configure nginx vhost
template:
src: drone.nginx.j2
dest: /etc/nginx/sites-enabled/drone

- name: restart service nginx
service:
name: nginx
state: restarted
33 changes: 33 additions & 0 deletions roles/drone/templates/docker-compose.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
version: '2'

services:

drone-server:
image: drone/drone
ports:
- 8000:8000
- 9000
volumes:
- ./drone/:/var/lib/drone/
restart: always
environment:
- DRONE_OPEN=true
- DRONE_HOST={{ DRONE_HOST }}
- DRONE_GITHUB=true
- DRONE_ORGS=CaliOpen
- DRONE_GITHUB_CLIENT={{ DRONE_GITHUB_CLIENT }}
- DRONE_GITHUB_SECRET={{ DRONE_GITHUB_SECRET }}
- DRONE_SECRET={{ DRONE_SECRET }}
- DRONE_ADMIN={{ DRONE_ADMIN }}

drone-agent:
image: drone/agent
command: agent
restart: always
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_SERVER=drone-server:9000
- DRONE_SECRET={{ DRONE_SECRET }}
29 changes: 29 additions & 0 deletions roles/drone/templates/drone.nginx.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
upstream drone {
server 127.0.0.1:8000;
}

server {
listen 443 ssl;
listen [::]:443 ssl;
server_name drone.{{ caliopen_domain_base }};

ssl_certificate /etc/nginx/certs/{{ caliopen_domain_base }}.crt;
ssl_certificate_key /etc/nginx/certs/{{ caliopen_domain_base }}.key;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
ssl_session_cache shared:SSL:10m;

location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;

proxy_pass http://drone;
proxy_redirect off;
proxy_http_version 1.1;
proxy_buffering off;

chunked_transfer_encoding off;
}
}
89 changes: 0 additions & 89 deletions roles/nginx/files/caliopen.key
View file
Open in desktop

This file was deleted.

19 changes: 9 additions & 10 deletions roles/nginx/files/caliopen.crt → roles/nginx/files/caliopen.org.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIRAIn6T0qtHCKnhWVOo9GJrm0wDQYJKoZIhvcNAQELBQAw
MIIE/TCCA+WgAwIBAgIRAKO4AoUUaIjbwWmDEdaT8JQwDQYJKoZIhvcNAQELBQAw
XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
MB4XDTE3MDIwMTAwMDAwMFoXDTE4MDMwOTIzNTk1OVowYjEhMB8GA1UECxMYRG9t
MB4XDTE4MDIxNTAwMDAwMFoXDTIwMDMzMDIzNTk1OVowYjEhMB8GA1UECxMYRG9t
YWluIENvbnRyb2wgVmFsaWRhdGVkMSQwIgYDVQQLExtHYW5kaSBTdGFuZGFyZCBX
aWxkY2FyZCBTU0wxFzAVBgNVBAMMDiouY2FsaW9wZW4ub3JnMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ke+cfirm6IeW1NCIBYADlSu6BzfkfgO0u5w
Expand All @@ -20,12 +20,12 @@ dXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUw
PAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5k
YXJkU1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0
LmNvbTAnBgNVHREEIDAegg4qLmNhbGlvcGVuLm9yZ4IMY2FsaW9wZW4ub3JnMA0G
CSqGSIb3DQEBCwUAA4IBAQBfgKcVApJwM6dWGh/cFn46laoBNqyBBZr/Szlw1w7X
a73j+Eh4tCCNgwozPq834UUavbzP0K5SlDyenYAzHbKwXZDa+R/tdos84ike46Z3
Wtd0kTUdv0K7L/sIJCWWGiyVs5V8zPQ0T+o4B77Bd745fapLYQQJ5D8RLTHDurgq
hzg/bQ7CG9XbXSzWm+ZB66VYMZjQg8h1nC/I1mPA1D6J2IvMhwZYvukOlarH/o0+
5Dq1B5LLsI4i1EVnbHEwg2a8HqgB1xvBjSieXs7JSCulLphd37HInaLvhan76l34
EqNISm/xqIWpge/Dg1VxKe9p7WWlNj/EQH2e56Pn8i9f
CSqGSIb3DQEBCwUAA4IBAQBIp+2X3cN7EHUXcz8cLp/9sP05PAz/HIEawdkX/muv
uWEctln2Pdg2YR3GWaCVFYAIOOaTpG5gFFysQ9E0d7hex4obKaWMeMFjw3aJMXcN
P1WO6YL3zgabeK+C4+ZupMhrS/G4hw3dIIDE54YXtY4NidkPE+9cvhMNWgNQvLdT
irDqRMX+dNt0BKVksXty2F++Y+zdOeEUHnI/l4A09Q0b4bxGX4cwjGydDUR+3uKF
6YGyTqOtXXd1z8sR0oUmUDEBk0XFWqSU+zLrqfhaSUcIvykdKBHPOphWE3g1xxrB
fWA/1c0//CFBR++Q5LcO1tFiWkZKJBdq1LPbtQIcuVdc
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIQBeTcO5Q4qzuFl8umoZhQ4zANBgkqhkiG9w0BAQwFADCB
Expand Down Expand Up @@ -92,5 +92,4 @@ YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----

-----END CERTIFICATE-----
Loading