Port cloud service

This commit is contained in:
Wojciech Kozlowski 2022-12-16 23:57:38 +01:00
parent 0a1e0625ab
commit b126304227
24 changed files with 108 additions and 148 deletions

View File

@ -27,6 +27,9 @@ vpn_bridge_dnat: "{{ services_host_services | dict2items |
# services # services
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
services_all_hosts: "{{ groups['asgard'] }}" services_all_hosts: "{{ groups['asgard'] }}"
services_all_services: "{{
services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') |
flatten | items2dict }}"
services: services:
rproxy: {} rproxy: {}

View File

@ -1,9 +0,0 @@
---
- name: "Deploy services"
hosts: asgard
tasks:
- include_tasks: tasks/services/c-deploy/01-service-deploy.yml
with_items: "{{ host_services }}"
loop_control:
loop_var: service_name

View File

@ -1 +0,0 @@
{{ services[service_name].admin_password }}

View File

@ -1 +0,0 @@
{{ services[service_name].database_password }}

View File

@ -1,3 +0,0 @@
- block:
- import_tasks: service-deploy/service.yml
tags: "{{ service_name }}"

View File

@ -1,48 +0,0 @@
- block:
- name: Copy database name file
template:
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.name.j2"
dest: "{{ service_home }}/.config/{{ service_user_name }}/database.name"
mode: 0600
register: database_name_file
- name: Copy database user file
template:
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.user.j2"
dest: "{{ service_home }}/.config/{{ service_user_name }}/database.user"
mode: 0600
register: database_user_file
- name: Copy database password file
template:
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.password.j2"
dest: "{{ service_home }}/.config/{{ service_user_name }}/database.password"
mode: 0600
register: database_password_file
- name: Copy admin user file
template:
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/admin.user.j2"
dest: "{{ service_home }}/.config/{{ service_user_name }}/admin.user"
mode: 0600
register: admin_user_file
- name: Copy admin password file
template:
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/admin.password.j2"
dest: "{{ service_home }}/.config/{{ service_user_name }}/admin.password"
mode: 0600
register: admin_password_file
- name: Record changes
set_fact:
service_changed: true
when:
database_name_file is changed or
database_user_file is changed or
database_password_file is changed or
admin_user_file is changed or
admin_password_file is changed
become_user: "{{ service_user_name }}"

View File

@ -1,70 +0,0 @@
- block:
- name: Check if service configuration exists
become: no
delegate_to: localhost
stat:
path: "{{ local_service_home }}/.config/{{ service_user_name }}"
register: local_service_path
- name: Synchronise service configuration
copy:
src: "{{ local_service_home }}/.config/{{ service_user_name }}"
dest: "{{ service_home }}/.config"
directory_mode: 0755
mode: 0644
register: service_synchronise
when:
local_service_path.stat.exists
- name: Configure {{ service_user_name }} SystemD service
template:
src: "{{ item }}"
dest: /{{ service_home }}/.config/systemd/user/{{ item | basename | regex_replace('\.j2','') }}
mode: 0644
with_fileglob:
- "{{ local_service_home }}/.config/systemd/user/*.j2"
register: systemd_pod_service_files
- name: SystemD user daemon reload
systemd:
daemon_reload: true
scope: user
when:
systemd_pod_service_files is changed
- name: Reset service_changed variable
set_fact:
service_changed: false
- include_tasks: "{{ item }}"
with_first_found:
- files:
- "service.d/{{ service_name }}.yml"
skip: true
- name: Enable the {{ service_name }} service
systemd:
name: "pod-{{ service_name }}.service"
enabled: yes
scope: user
- name: Start the {{ service_name }} service
systemd:
name: "pod-{{ service_name }}.service"
state: started
scope: user
register: systemd_pod_service_start
- name: Restart the {{ service_name }} service
systemd:
name: "pod-{{ service_name }}.service"
state: restarted
scope: user
when:
(service_synchronise is changed or
service_changed is true or
systemd_pod_service_files is changed) and
systemd_pod_service_start is not changed
become_user: "{{ service_user_name }}"

View File

@ -100,3 +100,16 @@
vars: vars:
services_service_name: "database" services_service_name: "database"
tags: "always" tags: "always"
- name: "deploy"
ansible.builtin.include_role:
name: "deploy/cloud"
apply:
tags:
- "services:{{ services_service_name }}"
- "services:deploy"
- "services:deploy:{{ services_service_name }}"
- "services:{{ services_service_name }}:deploy"
vars:
services_service_name: "cloud"
tags: "always"

View File

@ -0,0 +1,76 @@
- name: "set the user variables"
ansible.builtin.import_role:
name: "include"
vars_from: "user"
- name: "set the version variables"
ansible.builtin.import_role:
name: "deploy/include"
vars_from: "versions"
- block:
- name: "configure nginx"
ansible.builtin.copy:
src: "./config/nginx.conf"
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"
mode: 0644
register: services_deploy_cloud_config_files
- name: "configure nextcloud secrets"
ansible.builtin.template:
src: "./nextcloud/{{ item }}.j2"
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
mode: 0600
loop:
- "admin.password"
- "admin.user"
- "database.name"
- "database.password"
- "database.user"
register: services_deploy_cloud_nextcloud_files
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}.j2"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0644
loop:
- "pod-cloud.service"
- "container-cloud-nginx.service"
- "container-cloud-nextcloud.service"
- "container-cloud-cron.service"
register: services_deploy_cloud_systemd_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_cloud_systemd_files.changed
- name: "enable the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
enabled: true
scope: "user"
- name: "start the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "started"
scope: "user"
register: services_deploy_cloud_service_start
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: restarted
scope: user
when:
(services_deploy_cloud_config_files.changed or
services_deploy_cloud_nextcloud_files.changed or
services_deploy_cloud_systemd_files.changed) and
not services_deploy_cloud_service_start.changed
become_user: "{{ services_service_user_name }}"

View File

@ -0,0 +1 @@
{{ services[services_service_name].admin_password }}

View File

@ -0,0 +1 @@
{{ services[services_service_name].admin_user }}

View File

@ -0,0 +1 @@
{{ services[services_service_name].database_name }}

View File

@ -0,0 +1 @@
{{ services[services_service_name].database_password }}

View File

@ -0,0 +1 @@
{{ services[services_service_name].database_user }}

View File

@ -20,12 +20,12 @@ ExecStart=/usr/bin/podman run \
--replace \ --replace \
--label "io.containers.autoupdate=image" \ --label "io.containers.autoupdate=image" \
-dt \ -dt \
--add-host=pod-database:{{ services['database'].address }} \ --add-host=pod-database:{{ services_all_services['database'].address }} \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \
--name=pod-cloud-cron \ --name=pod-cloud-cron \
docker.io/library/nextcloud:{{ versions.cloud.nextcloud }} \ docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} \
/cron.sh /cron.sh
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-cron.ctr-id -t 10 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-cron.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-cron.ctr-id ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-cron.ctr-id

View File

@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
--replace \ --replace \
--label "io.containers.autoupdate=image" \ --label "io.containers.autoupdate=image" \
-dt \ -dt \
--add-host=pod-database:{{ services['database'].address }} \ --add-host=pod-database:{{ services_all_services['database'].address }} \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \
@ -35,18 +35,18 @@ ExecStart=/usr/bin/podman run \
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \ -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
-e NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/admin.user \ -e NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/admin.user \
-e NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin.password \ -e NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin.password \
-e NEXTCLOUD_TRUSTED_DOMAINS="{{ services[service_name].domain }}" \ -e NEXTCLOUD_TRUSTED_DOMAINS="{{ services[services_service_name].domain }}" \
-e OVERWRITEPROTOCOL="https" \ -e OVERWRITEPROTOCOL="https" \
-e SMTP_HOST="{{ services[service_name].smtp_host }}" \ -e SMTP_HOST="{{ services[services_service_name].smtp_host }}" \
-e SMTP_SECURE="ssl" \ -e SMTP_SECURE="ssl" \
-e SMTP_PORT=465 \ -e SMTP_PORT=465 \
-e SMTP_AUTHTYPE="PLAIN" \ -e SMTP_AUTHTYPE="PLAIN" \
-e SMTP_NAME="{{ services[service_name].smtp_name }}" \ -e SMTP_NAME="{{ services[services_service_name].smtp_name }}" \
-e SMTP_PASSWORD="{{ services[service_name].smtp_password }}" \ -e SMTP_PASSWORD="{{ services[services_service_name].smtp_password }}" \
-e MAIL_FROM_ADDRESS="cloud" \ -e MAIL_FROM_ADDRESS="cloud" \
-e MAIL_DOMAIN="{{ services[service_name].domain }}" \ -e MAIL_DOMAIN="{{ services[services_service_name].domain }}" \
--name=pod-cloud-nextcloud \ --name=pod-cloud-nextcloud \
docker.io/library/nextcloud:{{ versions.cloud.nextcloud }} docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nextcloud.ctr-id -t 10 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nextcloud.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-nextcloud.ctr-id ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-nextcloud.ctr-id
PIDFile=%t/container-cloud-nextcloud.pid PIDFile=%t/container-cloud-nextcloud.pid

View File

@ -25,7 +25,7 @@ ExecStart=/usr/bin/podman run \
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \
--name=pod-cloud-nginx \ --name=pod-cloud-nginx \
docker.io/library/nginx:stable docker.io/library/nginx:{{ services_deploy_versions.cloud.nginx }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nginx.ctr-id -t 10 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nginx.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-nginx.ctr-id ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-nginx.ctr-id
PIDFile=%t/container-cloud-nginx.pid PIDFile=%t/container-cloud-nginx.pid

View File

@ -8,6 +8,7 @@ services_deploy_versions:
database: database:
postgres: "15.0" postgres: "15.0"
cloud: cloud:
nginx: "stable"
nextcloud: "25-fpm" nextcloud: "25-fpm"
git: git:
gitea: "1" gitea: "1"

View File

@ -1,6 +1,3 @@
services_all_services: "{{
services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') |
flatten | items2dict }}"
services_rproxy_nginx_add_hosts: "\ services_rproxy_nginx_add_hosts: "\
{% set add_host_list = [] %}\ {% set add_host_list = [] %}\
{% for service in ( services_all_services | dict2items ) %}\ {% for service in ( services_all_services | dict2items ) %}\