Новый сервер с приложениями внутри котейнеров

2018-10-07 17:47:46 +03:00
parent 1083d7d073
commit 244c9a96e4
9 changed files with 97 additions and 24 deletions
--- a/17
+++ b/17
@@ -1,3 +1,9 @@
+install-roles:
+	ansible-galaxy install -r "ansible/requirements.yml"
+
+test-rebuild:
+	vagrant destroy -f && vagrant up
+
 configure:
 	ansible-playbook \
 		--inventory "ansible/hosts_prod" \
@@ -25,11 +31,12 @@ dry-run:
 		--diff \
 		ansible/configuration.yml

-install-roles:
-	ansible-galaxy install -r "ansible/requirements.yml"
-
-test-rebuild:
-	vagrant destroy -f && vagrant up
+configure-test:
+	ansible-playbook \
+		--inventory "ansible/hosts_vagrant" \
+		--extra-vars 'ansible_python_interpreter=/usr/bin/python3' \
+		--user root \
+		ansible/amber.yml

 lint:
 	ansible-lint "./ansible/configuration.yml" --exclude="./ansible/galaxy.roles/" -v || true
--- a/26
+++ b/26
@@ -1,6 +1,11 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :

+
+# Этот файл предназначен для запуска тестовой виртуальной машины,
+# на которой можно обкатать роли для настройки сервера.
+
+
 ENV["LC_ALL"] = "en_US.UTF-8"

 # For installing ansible_local from pip on guest
@@ -12,19 +17,12 @@ Vagrant.configure("2") do |config|

  config.vm.network "private_network", ip: "192.168.50.10"

-  config.vm.provision "ansible_local" do |ansible|
-    ansible.playbook = "ansible/configuration.yml"
-    ansible.galaxy_role_file = "ansible/requirements.yml"
-    ansible.galaxy_roles_path = "ansible/galaxy.roles"
-    ansible.sudo = true
-    ansible.extra_vars = {
-      cert_type: "self-signed",
-      deploy_user: "deployer_test",
-      notes_domain: 'notes.loc',
-      notes_cert_type: 'self-signed',
-    }
+  # Приватный ключ для доступа к машине
+  config.vm.provision "shell" do |s|
+    ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip
+    s.inline = <<-SHELL
+      echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys
+      echo #{ssh_pub_key} >> /root/.ssh/authorized_keys
+    SHELL
  end
-
-  config.vm.network "forwarded_port", guest: 80, host: 8080, auto_correct: true
-  config.vm.network "forwarded_port", guest: 3306, host: 33060, auto_correct: true
 end
--- a/ansible/amber.yml
+++ b/ansible/amber.yml
@@ -0,0 +1,44 @@
+---
+
+# v3, nginx, docker
+
+- hosts: all
+
+  vars_files:
+    - vars/apps.yml
+
+  tasks:
+
+#    - include_role:
+#        name: yatesr.timezone
+#      vars:
+#        timezone: UTC
+#
+#    - include_role:
+#        name: geerlingguy.security
+#      vars:
+#        security_ssh_permit_root_login: "yes"
+#        security_autoupdate_enabled: false
+#        security_fail2ban_enabled: false
+#
+#    - include_role:
+#        name: geerlingguy.nginx
+#      vars:
+#        nginx_remove_default_vhost: true
+#
+#    - include_role:
+#        name: geerlingguy.docker
+#      vars:
+#        docker_users: '{{ apps | map(attribute="username") | list }}'
+
+    - include_role:
+        name: docker-app
+      private: yes
+      vars:
+        username: '{{ app_item.username }}'
+        ssh_keys: '{{ app_item.ssh_keys | default([]) }}'
+        envs: '{{ app_item.envs | default({}) }}'
+      with_items: '{{ apps }}'
+      loop_control:
+        loop_var: app_item
+
--- a/ansible/hosts_vagrant
+++ b/ansible/hosts_vagrant
@@ -0,0 +1 @@
+192.168.50.10
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -2,6 +2,9 @@
 - src: yatesr.timezone
  version: 1.0.0

+- src: geerlingguy.security
+  version: 1.7.0
+
 - src: geerlingguy.nginx
  version: 2.6.0

@@ -14,6 +17,9 @@
 - src: geerlingguy.mysql
  version: 2.9.0

+- src: geerlingguy.docker
+  version: 2.5.1
+
 - name: thefinn93.ansible-letsencrypt
  src: https://github.com/thefinn93/ansible-letsencrypt
  version: origin/master
--- a/ansible/roles/blocks/owner/tasks/main.yml
+++ b/ansible/roles/blocks/owner/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
- name: 'Check app requirements for {{ owner_name }}.'
+- name: 'Check app requirements for user "{{ owner_name }}".'
  fail:
    msg: You must set owner name.
  when: not owner_name
@@ -15,26 +15,27 @@
    group: '{{ owner_group }}'
    shell: /bin/bash

- name: 'Set up user ssh keys for {{ owner_name }}.'
+- name: 'Set up user ssh keys for user "{{ owner_name }}".'
  authorized_key:
    user: '{{ owner_name }}'
    key: '{{ item }}'
    state: present
  with_items: '{{ owner_ssh_keys }}'
+  when: owner_ssh_keys

- name: 'Set up environment variables for {{ owner_name }}.'
+- name: 'Set up environment variables for user "{{ owner_name }}".'
  template:
    src: envs.j2
    dest: '/home/{{ owner_name }}/.envs'

- name: 'Remove environment variables for {{ owner_name }} from bashrc.'
+- name: 'Remove absent environment variables for user "{{ owner_name }}" from bashrc.'
  lineinfile:
    path: '/home/{{ owner_name }}/.bashrc'
    regexp: '^export {{ item.key }}='
    state: absent
  with_dict: '{{ owner_envs }}'

- name: 'Include environment variables for {{ owner_name }} in bashrc.'
+- name: 'Include environment variables for user "{{ owner_name }}" in bashrc.'
  lineinfile:
    path: '/home/{{ owner_name }}/.bashrc'
    regexp: '^\. ~\/\.envs'
--- a/ansible/roles/docker-app/meta/main.yml
+++ b/ansible/roles/docker-app/meta/main.yml
@@ -0,0 +1,7 @@
+---
+dependencies:
+  - role: blocks/owner
+    owner_name: '{{ username }}'
+    owner_group: '{{ username }}'
+    owner_ssh_keys: '{{ ssh_keys | default([]) }}'
+    owner_envs: '{{ env | default({}) }}'
--- a/ansible/roles/docker-app/tasks/main.yml
+++ b/ansible/roles/docker-app/tasks/main.yml
@@ -0,0 +1 @@
+---
--- a/ansible/vars/apps.yml
+++ b/ansible/vars/apps.yml
@@ -0,0 +1,8 @@
+---
+apps:
+  - name: homepage
+    username: homepage
+    ssh_keys:
+      - '{{ lookup("file", "av_id_rsa.pub") }}'
+    domains:
+      - vakhrushev.me