From 117b8b315fb1fa0a9ea0b8118f4bcc09644be48b Mon Sep 17 00:00:00 2001 From: staffadmin Date: Tue, 2 Apr 2024 21:05:10 +0200 Subject: [PATCH] Last push from mac os --- dockerapps.yml | 190 ++++++++++++++++++++++++++++++-------------- host_vars/ovh01.yml | 8 ++ 2 files changed, 137 insertions(+), 61 deletions(-) diff --git a/dockerapps.yml b/dockerapps.yml index 17c4540..dd5fbb4 100644 --- a/dockerapps.yml +++ b/dockerapps.yml @@ -1,77 +1,145 @@ --- - name: Docker-Compose playbook - hosts: controller + hosts: monitoring become: true # # # # @author Stéphane Gratias (2021). # + pre_tasks: + - name: Create node_exporter cert dir + file: + path: "{{ item }}" + state: directory + owner: root + group: root + loop: + - /etc/node_exporter + + - name: Generate an OpenSSL private key with the default values (4096 bits, RSA) + community.crypto.openssl_privatekey: + path: /etc/node_exporter/tls.key + mode: 0644 + +# /etc/node_exporter# chmod 644 tls.key + + - name: Generate an OpenSSL Certificate Signing Request + community.crypto.openssl_csr: + path: /etc/node_exporter/tls.csr + privatekey_path: /etc/node_exporter/tls.key + common_name: "{{ inventory_hostname }}.netbird.cloud" + + - name: Generate a Self Signed OpenSSL certificate + community.crypto.x509_certificate: + path: /etc/node_exporter/tls.cert + privatekey_path: /etc/node_exporter/tls.key + csr_path: /etc/node_exporter/tls.csr + provider: selfsigned + roles: - # manage docker-compose@dev systemd unit file - - { role: tumf.systemd-service, tags: docker-compose, - when: ansible_service_mgr == 'systemd', - vars: { - # do not restart service via systemd - ansible_unit_test: true, - systemd_service_name: "docker-compose@lab", - # [Unit] - systemd_service_Unit_Description: "%i service with docker compose", - systemd_service_Service_Type: "simple", - systemd_service_Unit_After: [ "docker.service" ], - systemd_service_Unit_Requires: [ "docker.service" ], - # [Service] - systemd_service_Service_WorkingDirectory: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}", - # Remove old containers, images and volumes - systemd_service_Service_ExecStartPre: [ - "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose down -v", - "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose rm -fv", - ], - # Compose up - systemd_service_Service_ExecStart: "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose up", - # Compose down, remove containers and volumes - systemd_service_Service_ExecStop: "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose down -v", - systemd_service_Service_Restart: "always", - # [Install] - systemd_service_Install_WantedBy: "multi-user.target" - } - } + - { role: geerlingguy.pip, tags: pip } + - { role: geerlingguy.docker, tags: docker } tasks: - - name: create docker app base dir - file: - path: "{{ item }}" - state: directory - mode: 0755 - owner: root - group: root - with_items: - - "{{ dockerapp_tree_base_dir | last }}" - - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}" - - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs" - - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs/homeserver" - tags: - - docker-compose - - bootstrap_dockerapp_create_base_dir - - name: create docker volumes tree for containers - file: - path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/{{ item | default('') }}" - state: directory - mode: 0755 - with_items: "{{ dockerapp_tree_volumes | default([]) }}" - tags: - - docker-compose - - bootstrap_dockerapp_create_app_dir + - name: Ensure Docker is installed and running + service: + name: docker + state: started + enabled: yes - - name: create the main docker-compose file (docker-compose.yml) - template: - src: "../templates/docker-compose.yml.j2" - dest: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose-test.yml" - mode: 0600 - tags: - - docker-compose - - bootstrap_dockerapp_configure_docker_compose + - name: Create Docker network for Traefik (optional, adjust if needed) + docker_network: + name: traefik_network + + - name: Deploy Traefik container + docker_container: + name: traefik + image: traefik:v2.11 + command: + - --api.insecure=true + - --providers.docker + ports: + - "80:80" + - "8080:8080" # Web UI (optional) + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - name: traefik_network # Optional, adapt network name + restart: unless-stopped + + - name: Deploy Traefik Forward Auth container + docker_container: + name: forward-auth + image: thomseddon/traefik-forward-auth:2.2.0 + env_file: + - ./traefik-auth-conf.env # Path to your environment file + volumes: + - ./traefik-auth-conf.env:/config.ini:ro # Configuration file + labels: + - traefik.enable=true + - traefik.http.routers.auth.rule=Host(`auth.local.net`) + # Additional labels for authentication and TLS (uncomment and adjust as needed) + # - traefik.http.routers.auth.entrypoints=https # Enable HTTPS + # - traefik.http.routers.auth.tls.domains[0].main=your_domain.com # Main domain + # - traefik.http.routers.auth.tls.domains[0].sans=*.your_domain.com # Wildcard for subdomains + # - traefik.http.routers.auth.tls.certresolver=letsencrypt-resolver # Use Let's Encrypt + - traefik.http.routers.auth.service=auth@docker + - traefik.http.services.auth.loadbalancer.server.port=4181 + - traefik.http.middlewares.forward-auth.forwardauth.address=http://forward-auth:4181 # Adjusted container name + - traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true + - traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User + - traefik.http.routers.auth.middlewares=forward-auth + networks: + - name: traefik_network # Optional, adapt network name + restart: unless-stopped + + - name: Deploy Whoami container for testing (optional) + docker_container: + name: whoami + image: traefik/whoami + labels: + - traefik.http.routers.whoami.rule=Host(`whoami.local.net`) + - traefik.http.routers.whoami.middlewares=forward-auth + networks: + - name: traefik_network # Optional, adapt network name + restart: unless-stopped + + # - name: create docker app base dir + # file: + # path: "{{ item }}" + # state: directory + # mode: 0755 + # owner: root + # group: root + # with_items: + # - "{{ dockerapp_tree_base_dir | last }}" + # - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}" + # - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs" + # - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs/homeserver" + # tags: + # - docker-compose + # - bootstrap_dockerapp_create_base_dir + + # - name: create docker volumes tree for containers + # file: + # path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/{{ item | default('') }}" + # state: directory + # mode: 0755 + # with_items: "{{ dockerapp_tree_volumes | default([]) }}" + # tags: + # - docker-compose + # - bootstrap_dockerapp_create_app_dir + + # - name: create the main docker-compose file (docker-compose.yml) + # template: + # src: "../templates/docker-compose.yml.j2" + # dest: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose-test.yml" + # mode: 0600 + # tags: + # - docker-compose + # - bootstrap_dockerapp_configure_docker_compose # - name: Run `docker-compose pull` # community.docker.docker_compose: diff --git a/host_vars/ovh01.yml b/host_vars/ovh01.yml index b2540e8..8c24397 100644 --- a/host_vars/ovh01.yml +++ b/host_vars/ovh01.yml @@ -1,5 +1,13 @@ --- +#* DOCKER +docker_install_compose: true +pip_executable: pip3 + +#*PIP +pip_install_packages: + - docker-compose + #* SSH #ssh_listen_to: "{{ host_private_address }}"