From 244c9a96e4d354e19b0c3e035582dc48c80fd7a1 Mon Sep 17 00:00:00 2001 From: Anton Vakhrushev Date: Sun, 7 Oct 2018 17:47:46 +0300 Subject: [PATCH] =?UTF-8?q?=D0=9D=D0=BE=D0=B2=D1=8B=D0=B9=20=D1=81=D0=B5?= =?UTF-8?q?=D1=80=D0=B2=D0=B5=D1=80=20=D1=81=20=D0=BF=D1=80=D0=B8=D0=BB?= =?UTF-8?q?=D0=BE=D0=B6=D0=B5=D0=BD=D0=B8=D1=8F=D0=BC=D0=B8=20=D0=B2=D0=BD?= =?UTF-8?q?=D1=83=D1=82=D1=80=D0=B8=20=D0=BA=D0=BE=D1=82=D0=B5=D0=B9=D0=BD?= =?UTF-8?q?=D0=B5=D1=80=D0=BE=D0=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 17 ++++++--- Vagrantfile | 26 +++++++------- ansible/amber.yml | 44 +++++++++++++++++++++++ ansible/hosts_vagrant | 1 + ansible/requirements.yml | 6 ++++ ansible/roles/blocks/owner/tasks/main.yml | 11 +++--- ansible/roles/docker-app/meta/main.yml | 7 ++++ ansible/roles/docker-app/tasks/main.yml | 1 + ansible/vars/apps.yml | 8 +++++ 9 files changed, 97 insertions(+), 24 deletions(-) create mode 100644 ansible/amber.yml create mode 100644 ansible/hosts_vagrant create mode 100644 ansible/roles/docker-app/meta/main.yml create mode 100644 ansible/roles/docker-app/tasks/main.yml create mode 100644 ansible/vars/apps.yml diff --git a/Makefile b/Makefile index 8fbcb1f..a41b45f 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,9 @@ +install-roles: + ansible-galaxy install -r "ansible/requirements.yml" + +test-rebuild: + vagrant destroy -f && vagrant up + configure: ansible-playbook \ --inventory "ansible/hosts_prod" \ @@ -25,11 +31,12 @@ dry-run: --diff \ ansible/configuration.yml -install-roles: - ansible-galaxy install -r "ansible/requirements.yml" - -test-rebuild: - vagrant destroy -f && vagrant up +configure-test: + ansible-playbook \ + --inventory "ansible/hosts_vagrant" \ + --extra-vars 'ansible_python_interpreter=/usr/bin/python3' \ + --user root \ + ansible/amber.yml lint: ansible-lint "./ansible/configuration.yml" --exclude="./ansible/galaxy.roles/" -v || true diff --git a/Vagrantfile b/Vagrantfile index 92accc0..3c939f7 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,6 +1,11 @@ # -*- mode: ruby -*- # vi: set ft=ruby : + +# Этот файл предназначен для запуска тестовой виртуальной машины, +# на которой можно обкатать роли для настройки сервера. + + ENV["LC_ALL"] = "en_US.UTF-8" # For installing ansible_local from pip on guest @@ -12,19 +17,12 @@ Vagrant.configure("2") do |config| config.vm.network "private_network", ip: "192.168.50.10" - config.vm.provision "ansible_local" do |ansible| - ansible.playbook = "ansible/configuration.yml" - ansible.galaxy_role_file = "ansible/requirements.yml" - ansible.galaxy_roles_path = "ansible/galaxy.roles" - ansible.sudo = true - ansible.extra_vars = { - cert_type: "self-signed", - deploy_user: "deployer_test", - notes_domain: 'notes.loc', - notes_cert_type: 'self-signed', - } + # Приватный ключ для доступа к машине + config.vm.provision "shell" do |s| + ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip + s.inline = <<-SHELL + echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys + echo #{ssh_pub_key} >> /root/.ssh/authorized_keys + SHELL end - - config.vm.network "forwarded_port", guest: 80, host: 8080, auto_correct: true - config.vm.network "forwarded_port", guest: 3306, host: 33060, auto_correct: true end diff --git a/ansible/amber.yml b/ansible/amber.yml new file mode 100644 index 0000000..0e2b9d6 --- /dev/null +++ b/ansible/amber.yml @@ -0,0 +1,44 @@ +--- + +# v3, nginx, docker + +- hosts: all + + vars_files: + - vars/apps.yml + + tasks: + +# - include_role: +# name: yatesr.timezone +# vars: +# timezone: UTC +# +# - include_role: +# name: geerlingguy.security +# vars: +# security_ssh_permit_root_login: "yes" +# security_autoupdate_enabled: false +# security_fail2ban_enabled: false +# +# - include_role: +# name: geerlingguy.nginx +# vars: +# nginx_remove_default_vhost: true +# +# - include_role: +# name: geerlingguy.docker +# vars: +# docker_users: '{{ apps | map(attribute="username") | list }}' + + - include_role: + name: docker-app + private: yes + vars: + username: '{{ app_item.username }}' + ssh_keys: '{{ app_item.ssh_keys | default([]) }}' + envs: '{{ app_item.envs | default({}) }}' + with_items: '{{ apps }}' + loop_control: + loop_var: app_item + diff --git a/ansible/hosts_vagrant b/ansible/hosts_vagrant new file mode 100644 index 0000000..d98d628 --- /dev/null +++ b/ansible/hosts_vagrant @@ -0,0 +1 @@ +192.168.50.10 diff --git a/ansible/requirements.yml b/ansible/requirements.yml index b7c55ef..0dd768d 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -2,6 +2,9 @@ - src: yatesr.timezone version: 1.0.0 +- src: geerlingguy.security + version: 1.7.0 + - src: geerlingguy.nginx version: 2.6.0 @@ -14,6 +17,9 @@ - src: geerlingguy.mysql version: 2.9.0 +- src: geerlingguy.docker + version: 2.5.1 + - name: thefinn93.ansible-letsencrypt src: https://github.com/thefinn93/ansible-letsencrypt version: origin/master diff --git a/ansible/roles/blocks/owner/tasks/main.yml b/ansible/roles/blocks/owner/tasks/main.yml index 7632e9b..465df83 100644 --- a/ansible/roles/blocks/owner/tasks/main.yml +++ b/ansible/roles/blocks/owner/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: 'Check app requirements for {{ owner_name }}.' +- name: 'Check app requirements for user "{{ owner_name }}".' fail: msg: You must set owner name. when: not owner_name @@ -15,26 +15,27 @@ group: '{{ owner_group }}' shell: /bin/bash -- name: 'Set up user ssh keys for {{ owner_name }}.' +- name: 'Set up user ssh keys for user "{{ owner_name }}".' authorized_key: user: '{{ owner_name }}' key: '{{ item }}' state: present with_items: '{{ owner_ssh_keys }}' + when: owner_ssh_keys -- name: 'Set up environment variables for {{ owner_name }}.' +- name: 'Set up environment variables for user "{{ owner_name }}".' template: src: envs.j2 dest: '/home/{{ owner_name }}/.envs' -- name: 'Remove environment variables for {{ owner_name }} from bashrc.' +- name: 'Remove absent environment variables for user "{{ owner_name }}" from bashrc.' lineinfile: path: '/home/{{ owner_name }}/.bashrc' regexp: '^export {{ item.key }}=' state: absent with_dict: '{{ owner_envs }}' -- name: 'Include environment variables for {{ owner_name }} in bashrc.' +- name: 'Include environment variables for user "{{ owner_name }}" in bashrc.' lineinfile: path: '/home/{{ owner_name }}/.bashrc' regexp: '^\. ~\/\.envs' diff --git a/ansible/roles/docker-app/meta/main.yml b/ansible/roles/docker-app/meta/main.yml new file mode 100644 index 0000000..7b01c20 --- /dev/null +++ b/ansible/roles/docker-app/meta/main.yml @@ -0,0 +1,7 @@ +--- +dependencies: + - role: blocks/owner + owner_name: '{{ username }}' + owner_group: '{{ username }}' + owner_ssh_keys: '{{ ssh_keys | default([]) }}' + owner_envs: '{{ env | default({}) }}' diff --git a/ansible/roles/docker-app/tasks/main.yml b/ansible/roles/docker-app/tasks/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/roles/docker-app/tasks/main.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/vars/apps.yml b/ansible/vars/apps.yml new file mode 100644 index 0000000..1aada64 --- /dev/null +++ b/ansible/vars/apps.yml @@ -0,0 +1,8 @@ +--- +apps: + - name: homepage + username: homepage + ssh_keys: + - '{{ lookup("file", "av_id_rsa.pub") }}' + domains: + - vakhrushev.me