Skip to content

Commit

Permalink
Merge pull request #6 from devopswise/pro
Browse files Browse the repository at this point in the history 
Pro
  • Loading branch information
@devopswise
devopswise committed Jan 10, 2019
2 parents c169a5f + 0d179f7 commit 3f42aa9
Show file tree
Hide file tree
Showing 64 changed files with 1,202 additions and 20 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
*.retry
credentials/
extra-vars.json
2 changes: 1 addition & 1 deletion Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ node('jenkins-python-slave') {
sh '''docker run -i \
-e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
-e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
-e AWS_INSTANCE_TYPE="t2.large"
-e AWS_INSTANCE_TYPE="t2.large" -e DO_NOT_PROVISION_EC2="true" \
-e CDT_BRANCH="${BRANCH_NAME}" \
-e CDT_PLAYBOOK="site.yml" \
-e ELASTIC_IP=${CDT_ELASTIC_IP} \
Expand Down
11 changes: 9 additions & 2 deletions inventories/pro/group_vars/all/vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,15 @@

env: pro
base_domain: __base_domain__
cdt_protocol: https

#registry_url: "docker.nexus3.devopswise.com/docker-internal/"
registry_url: ""

docker_volumes: /opt/docker-volumes
docker_logs: /opt/docker-logs
docker_backups: /opt/docker-backups
docker_certs: /opt/docker-certs

aws_access_key: "AKIAJYUEDKFQKOPEJMHQ"
aws_region: "eu-west-1"
Expand All @@ -18,11 +20,16 @@ http_proxy_port: 3128
http_proxy: "http://{{ http_proxy_hostname }}:{{ http_proxy_port }}"
https_proxy: "{{ http_proxy }}"
no_proxy: "127.0.0.1,localhost"
use_self_signed_https_cert: false

#smtp configuration
smtp_relay_gmail_user: "devopswise@gmail.com"
smtp_server: "smtp.{{ smtp_domain }}"
smtp_domain: "mail.{{ smtp_domain }}"
smtp_server: "smtp.{{ base_domain }}"
smtp_domain: "mail.{{ base_domain }}"
smtp_server_port: 25

mariadb_version: "10.3"

#misc
cdt_shutdown_after_2h: false
## end of new inventory
10 changes: 10 additions & 0 deletions inventories/pro/group_vars/gitea/vars.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
gitea_service_name: "gitea"
gitea_registry_url: "" #from dockerhub
gitea_image_name: "gitea/gitea"

mariadb_version: "10.3"

gitea_version: "1.6"
gitea_user: 1000
gitea_group: 1000

7 changes: 7 additions & 0 deletions inventories/pro/group_vars/jira/vars.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
jira_service_name: "jira"
jira_registry_url: ""
jira_image_name: "cptactionhank/atlassian-jira-software"

jira_version: "7.12.3"
jira_user: 0
jira_group: 0
2 changes: 1 addition & 1 deletion inventories/pro/group_vars/reverse_proxy/vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ traefik_admin_email: devopswise@gmail.com

traefik_service_name: "traefik"

traefik_version: "1.5.4"
traefik_version: "1.7.4"
traefik_user: 0
traefik_group: 0

10 changes: 10 additions & 0 deletions inventories/pro/group_vars/rocketchat/vars.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
rocketchat_service_name: "rocketchat"
rocketchat_registry_url: ""
rocketchat_image_name: "rocketchat/rocket.chat"

mongodb_version: 3.6

rocketchat_version: "0.71.1"
rocketchat_user: 0
rocketchat_group: 0

2 changes: 1 addition & 1 deletion inventories/pro/group_vars/web_proxy/vars.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
squid_service_name: "squid"

squid_version: "latest"
squid_version: "3.3.8-23"
squid_user: 0
squid_group: 0

Expand Down
12 changes: 12 additions & 0 deletions inventories/pro/hosts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,17 @@ only_server
[jenkins:children]
only_server

[grafana:children]
only_server

[jira:children]
only_server

[rocketchat:children]
only_server

[gitea:children]
only_server

[only_server]
cdt01 ansible_ssh_host=__dw_server_fqdn__ ansible_ssh_user=centos ansible_ssh_private_key_file=__dw_private_key__
5 changes: 5 additions & 0 deletions playbooks/cdtportal.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
- hosts: cdtportal
roles:
- { role: cdtportal,
tags: [ 'cdtportal' ] }
5 changes: 5 additions & 0 deletions playbooks/gitea.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
- hosts: gitea
roles:
- { role: gitea,
tags: [ 'gitea' ] }
5 changes: 5 additions & 0 deletions playbooks/grafana.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
- hosts: grafana
roles:
- { role: grafana,
tags: [ 'grafana' ] }
5 changes: 5 additions & 0 deletions playbooks/jira.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
- hosts: jira
roles:
- { role: jira,
tags: [ 'jira' ] }
5 changes: 5 additions & 0 deletions playbooks/rocketchat.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
- hosts: rocketchat
roles:
- { role: rocketchat,
tags: [ 'rocketchat' ] }
Binary file added resources/images/gitea-logo.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added resources/images/jenkins-logo.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added resources/images/rocketchat-logo.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added resources/images/traefik-logo.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
8 changes: 8 additions & 0 deletions roles/cdtportal/defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
cdtportal_service_name: "cdtportal"
cdtportal_registry_url: "" #from dockerhub
cdtportal_image_name: "devopswise/cdtportal"

cdtportal_version: "latest"
cdtportal_user: 1000
cdtportal_group: 1000

9 changes: 9 additions & 0 deletions roles/cdtportal/handlers/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
- name: restart cdtportal
docker_service:
project_name: "{{ cdtportal_service_name }}"
project_src: "/tmp/{{ cdtportal_service_name }}"
restarted: true
state: present
become: yes
become_method: sudo
39 changes: 39 additions & 0 deletions roles/cdtportal/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
- name: Create a directory to store volume
file: path="{{ item }}" state=directory mode=0777 owner="{{ cdtportal_user }}" group="{{ cdtportal_group }}"
with_items:
- "{{ docker_logs }}/{{ cdtportal_service_name }}"
- "{{ docker_volumes }}/{{ cdtportal_service_name }}"
- "{{ docker_volumes }}/{{ cdtportal_service_name }}/config"
- "{{ docker_volumes }}/{{ cdtportal_service_name }}/data"
become: yes
become_method: sudo

- name: create directory for project_src
file: path="/tmp/{{ cdtportal_service_name }}" state=directory
become: yes
become_method: sudo

- name: sync application.properties file for cdtportal
template:
src: ../templates/application.properties.j2
dest: /{{ docker_volumes }}/{{ cdtportal_service_name }}/config/application.properties
mode: 0755
become: yes
become_method: sudo

- name: sync docker-compose.yml
template:
src: ../templates/docker-compose.yml.j2
dest: /tmp/{{ cdtportal_service_name }}/docker-compose.yml
mode: 0755
become: yes
become_method: sudo

- name: "Run cdtportal service {{ cdtportal_version }}"
become: yes
become_method: sudo
docker_service:
project_name: "{{ cdtportal_service_name }}"
project_src: "/tmp/{{ cdtportal_service_name }}"
register: output
12 changes: 12 additions & 0 deletions roles/cdtportal/templates/application.properties.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
springfox.documentation.swagger.v2.path=/api-docs
server.contextPath=/v2
server.port=8080
spring.jackson.date-format=io.swagger.RFC3339DateFormat
spring.jackson.serialization.WRITE_DATES_AS_TIMESTAMPS=false
spring.h2.console.enabled=true
spring.jpa.open-in-view=true
spring.data.jpa.repositories.bootstrap-mode=default
logging.level.org.hibernate.SQL=debug
jenkins.baseUrl=http://jenkins.{{ base_domain }}
jenkins.username=admin
jenkins.password=password
30 changes: 30 additions & 0 deletions roles/cdtportal/templates/docker-compose.yml.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
version: '2'
services:
cdtportal:
image: "{{ cdtportal_registry_url }}{{ cdtportal_image_name }}:{{ cdtportal_version }}"
volumes:
- "{{ docker_volumes }}/{{ cdtportal_service_name }}/config/application.properties:/config/application.properties"
- "{{ docker_volumes }}/{{ cdtportal_service_name }}/data:/data"
ports:
- 8080
networks:
- internal
- external
restart: always
labels:
- traefik.backend=cdtportal
- traefik.frontend.rule=Host:cdtportal.{{ base_domain }}
- traefik.port=8080
#logging:
# driver: "syslog"
# options:
# syslog-facility: "local2"
# tag: "docker/{% raw %}{{.Name}}{% endraw %}"

networks:
internal:
external: true
external:
external: true


62 changes: 58 additions & 4 deletions roles/common/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
---
# This is a temporary workaround to avoid aws bills for development
- name: Schedule to turn off system after 2 hours
shell: "shutdown -P +90"
shell: "shutdown -P +120"
become: yes
become_method: sudo
when: cdt_shutdown_after_2h == "true"

- name: Turn swap off
shell: "nohup swapoff -a &"
Expand All @@ -27,7 +28,6 @@
become_method: sudo

- name: Disable SELinux imme.
when: false
shell: "setenforce 0"
become: yes
become_method: sudo
Expand All @@ -37,9 +37,16 @@
with_items:
- "{{ docker_logs }}"
- "{{ docker_volumes }}"
- "{{ docker_certs }}"
become: yes
become_method: sudo

- name: Install yum-config-manager
package: name={{ item }} state=latest
with_items:
- "yum-utils"
become: yes
become_method: sudo
# enable extra
- name: enable extras for epel
shell: "{{ item }}"
Expand All @@ -56,6 +63,7 @@
- "python-setuptools"
- "docker-ce"
- "python-pip"
- "git"
become: yes
become_method: sudo

Expand All @@ -68,18 +76,27 @@
- "docker-compose==1.15.0"
become: yes
become_method: sudo

- name: Ensures /etc/systemd/system/docker.service.d dir exists
file: path=/etc/systemd/system/docker.service.d state=directory
become: yes
become_method: sudo


- name: enable docker remote api
template: src=docker-external.conf.j2 dest=/etc/systemd/system/docker.service.d/docker-external.conf mode=644
become: yes
become_method: sudo

- name: Create /etc/docker directories
file: path="/etc/docker" state=directory mode=0755 owner="0" group="0"
become: yes
become_method: sudo

- name: enable docker metrics
template: src=docker-daemon-js.j2 dest=/etc/docker/daemon.json mode=644
become: yes
become_method: sudo

- name: start docker
service: name=docker state=started
become: yes
Expand All @@ -95,6 +112,43 @@
become: yes
become_method: sudo

- name: generate self-signed ssl certificate if not exists
local_action: stat path=../credentials/{{ base_domain }}.crt
register: http_ssl_crt

- name: generate self-signed ssl certificate if not exists
local_action: stat path=../credentials/{{ base_domain }}.key
register: http_ssl_key

- name: create openssl configuration file
template: src=../templates/openssl_req.cfg.j2 dest=../credentials/openssl_req.cfg
delegate_to: localhost

- name: generate self-signed ssl certificate if not exists
local_action:
module: shell
_raw_params: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -sha256 -subj "/C=UK/ST=LO/O=devopswise/CN=*.{{ base_domain }}" -keyout ../credentials/{{ base_domain }}.key -out ../credentials/{{ base_domain }}.crt -config ../credentials/openssl_req.cfg
when: not (http_ssl_key.stat.exists and http_ssl_crt.stat.exists)

- name: copy generated certificates to cert folder
copy: src=../credentials/{{ base_domain }}.crt dest={{ docker_certs }}/{{base_domain}}.crt

- name: copy generated certificates to cert folder
copy: src=../credentials/{{ base_domain }}.key dest={{ docker_certs }}/{{base_domain}}.key

- name: generate-cacert.sh file
template:
src: ../templates/generate-cacert.sh.j2
dest: "{{ docker_certs }}/generate-cacert.sh"
mode: 0755
become: yes
become_method: sudo

- name: Run cacert generation script
shell: "cd {{ docker_certs }} && {{ docker_certs }}/generate-cacert.sh"
become: yes
become_method: sudo

# TODO: https://stackoverflow.com/a/41493058
- name: Create an internal network
docker_network:
Expand Down
4 changes: 4 additions & 0 deletions roles/common/templates/docker-daemon-js.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"metrics-addr" : "0.0.0.0:9323",
"experimental" : true
}
7 changes: 7 additions & 0 deletions roles/common/templates/generate-cacert.sh.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/bin/bash
OPENJDK_VERSION="8-jdk"
WORKING_DIR={{ docker_certs }}
CERT_TO_IMPORT={{ base_domain }}.crt
docker pull openjdk:${OPENJDK_VERSION}
docker run --rm --entrypoint cat openjdk:${OPENJDK_VERSION} /etc/ssl/certs/java/cacerts > ${WORKING_DIR}/cacerts
docker run --rm -v `pwd`:/tmp/certs openjdk:${OPENJDK_VERSION} bash -c 'cd /tmp/certs && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias {{ base_domain }} -file {{ base_domain }}.crt'
17 changes: 17 additions & 0 deletions roles/common/templates/openssl_req.cfg.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
[ req ]
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = san_self_signed
[ req_distinguished_name ]
CN={{ base_domain }}
[ san_self_signed ]
subjectAltName = @alt_names
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign, cRLSign
extendedKeyUsage = serverAuth, clientAuth, timeStamping

[alt_names]
DNS.1 = *.{{ base_domain }}
DNS.2 = {{ base_domain }}

0 comments on commit 3f42aa9

Please sign in to comment.