Новый сервер с приложениями внутри котейнеров

2018-10-07 17:47:46 +03:00 · 2018-10-07 17:47:46 +03:00 · 244c9a96e4
commit 244c9a96e4
parent 1083d7d073
9 changed files with 97 additions and 24 deletions
--- a/17
+++ b/17
@ -1,3 +1,9 @@
 install-roles:
 	ansible-galaxy install -r "ansible/requirements.yml"
 test-rebuild:
 	vagrant destroy -f && vagrant up
 configure:
 	ansible-playbook \
 		--inventory "ansible/hosts_prod" \
@ -25,11 +31,12 @@ dry-run:
 		--diff \
 		ansible/configuration.yml
-install-roles:
+configure-test:
-	ansible-galaxy install -r "ansible/requirements.yml"
+	ansible-playbook \
-
+		--inventory "ansible/hosts_vagrant" \
-test-rebuild:
+		--extra-vars 'ansible_python_interpreter=/usr/bin/python3' \
-	vagrant destroy -f && vagrant up
+		--user root \
 		ansible/amber.yml
 lint:
 	ansible-lint "./ansible/configuration.yml" --exclude="./ansible/galaxy.roles/" -v || true
--- a/26
+++ b/26
@ -1,6 +1,11 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # Этот файл предназначен для запуска тестовой виртуальной машины,
 # на которой можно обкатать роли для настройки сервера.
 ENV["LC_ALL"] = "en_US.UTF-8"
 # For installing ansible_local from pip on guest
@ -12,19 +17,12 @@ Vagrant.configure("2") do |config|
  config.vm.network "private_network", ip: "192.168.50.10"
-  config.vm.provision "ansible_local" do |ansible|
+  # Приватный ключ для доступа к машине
-    ansible.playbook = "ansible/configuration.yml"
+  config.vm.provision "shell" do |s|
-    ansible.galaxy_role_file = "ansible/requirements.yml"
+    ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip
-    ansible.galaxy_roles_path = "ansible/galaxy.roles"
+    s.inline = <<-SHELL
-    ansible.sudo = true
+      echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys
-    ansible.extra_vars = {
+      echo #{ssh_pub_key} >> /root/.ssh/authorized_keys
-      cert_type: "self-signed",
+    SHELL
      deploy_user: "deployer_test",
      notes_domain: 'notes.loc',
      notes_cert_type: 'self-signed',
    }
  end
  config.vm.network "forwarded_port", guest: 80, host: 8080, auto_correct: true
  config.vm.network "forwarded_port", guest: 3306, host: 33060, auto_correct: true
 end
--- a/ansible/amber.yml
+++ b/ansible/amber.yml
@ -0,0 +1,44 @@
 ---
 # v3, nginx, docker
 - hosts: all
  vars_files:
    - vars/apps.yml
  tasks:
 #    - include_role:
 #        name: yatesr.timezone
 #      vars:
 #        timezone: UTC
 #
 #    - include_role:
 #        name: geerlingguy.security
 #      vars:
 #        security_ssh_permit_root_login: "yes"
 #        security_autoupdate_enabled: false
 #        security_fail2ban_enabled: false
 #
 #    - include_role:
 #        name: geerlingguy.nginx
 #      vars:
 #        nginx_remove_default_vhost: true
 #
 #    - include_role:
 #        name: geerlingguy.docker
 #      vars:
 #        docker_users: '{{ apps | map(attribute="username") | list }}'
    - include_role:
        name: docker-app
      private: yes
      vars:
        username: '{{ app_item.username }}'
        ssh_keys: '{{ app_item.ssh_keys | default([]) }}'
        envs: '{{ app_item.envs | default({}) }}'
      with_items: '{{ apps }}'
      loop_control:
        loop_var: app_item
--- a/ansible/hosts_vagrant
+++ b/ansible/hosts_vagrant
@ -0,0 +1 @@
 192.168.50.10
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -2,6 +2,9 @@
 - src: yatesr.timezone
  version: 1.0.0
 - src: geerlingguy.security
  version: 1.7.0
 - src: geerlingguy.nginx
  version: 2.6.0
@ -14,6 +17,9 @@
 - src: geerlingguy.mysql
  version: 2.9.0
 - src: geerlingguy.docker
  version: 2.5.1
 - name: thefinn93.ansible-letsencrypt
  src: https://github.com/thefinn93/ansible-letsencrypt
  version: origin/master
--- a/ansible/roles/blocks/owner/tasks/main.yml
+++ b/ansible/roles/blocks/owner/tasks/main.yml
@ -1,5 +1,5 @@
 ---
- name: 'Check app requirements for {{ owner_name }}.'
+- name: 'Check app requirements for user "{{ owner_name }}".'
  fail:
    msg: You must set owner name.
  when: not owner_name
@ -15,26 +15,27 @@
    group: '{{ owner_group }}'
    shell: /bin/bash
- name: 'Set up user ssh keys for {{ owner_name }}.'
+- name: 'Set up user ssh keys for user "{{ owner_name }}".'
  authorized_key:
    user: '{{ owner_name }}'
    key: '{{ item }}'
    state: present
  with_items: '{{ owner_ssh_keys }}'
  when: owner_ssh_keys
- name: 'Set up environment variables for {{ owner_name }}.'
+- name: 'Set up environment variables for user "{{ owner_name }}".'
  template:
    src: envs.j2
    dest: '/home/{{ owner_name }}/.envs'
- name: 'Remove environment variables for {{ owner_name }} from bashrc.'
+- name: 'Remove absent environment variables for user "{{ owner_name }}" from bashrc.'
  lineinfile:
    path: '/home/{{ owner_name }}/.bashrc'
    regexp: '^export {{ item.key }}='
    state: absent
  with_dict: '{{ owner_envs }}'
- name: 'Include environment variables for {{ owner_name }} in bashrc.'
+- name: 'Include environment variables for user "{{ owner_name }}" in bashrc.'
  lineinfile:
    path: '/home/{{ owner_name }}/.bashrc'
    regexp: '^\. ~\/\.envs'
--- a/ansible/roles/docker-app/meta/main.yml
+++ b/ansible/roles/docker-app/meta/main.yml
@ -0,0 +1,7 @@
 ---
 dependencies:
  - role: blocks/owner
    owner_name: '{{ username }}'
    owner_group: '{{ username }}'
    owner_ssh_keys: '{{ ssh_keys | default([]) }}'
    owner_envs: '{{ env | default({}) }}'
--- a/ansible/roles/docker-app/tasks/main.yml
+++ b/ansible/roles/docker-app/tasks/main.yml
@ -0,0 +1 @@
 ---
--- a/ansible/vars/apps.yml
+++ b/ansible/vars/apps.yml
@ -0,0 +1,8 @@
 ---
 apps:
  - name: homepage
    username: homepage
    ssh_keys:
      - '{{ lookup("file", "av_id_rsa.pub") }}'
    domains:
      - vakhrushev.me