sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Last push from mac os

Browse Source
This commit is contained in:
sgratias
2024-04-02 21:05:10 +02:00
parent 7fd978da5f
commit 117b8b315f
2 changed files with 137 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
dockerapps.yml
View File

@@ -1,77 +1,145 @@
---
- name: Docker-Compose playbook
hosts: controller
hosts: monitoring
become: true
# #
# # @author Stéphane Gratias (2021).
#
roles:
# manage docker-compose@dev systemd unit file
- { role: tumf.systemd-service, tags: docker-compose,
when: ansible_service_mgr == 'systemd',
vars: {
# do not restart service via systemd
ansible_unit_test: true,
systemd_service_name: "docker-compose@lab",
# [Unit]
systemd_service_Unit_Description: "%i service with docker compose",
systemd_service_Service_Type: "simple",
systemd_service_Unit_After: [ "docker.service" ],
systemd_service_Unit_Requires: [ "docker.service" ],
# [Service]
systemd_service_Service_WorkingDirectory: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}",
# Remove old containers, images and volumes
systemd_service_Service_ExecStartPre: [
"{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose down -v",
"{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose rm -fv",
],
# Compose up
systemd_service_Service_ExecStart: "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose up",
# Compose down, remove containers and volumes
systemd_service_Service_ExecStop: "{{ '/usr/local/bin' if docker_install_compose else '/usr/bin' }}/docker-compose down -v",
systemd_service_Service_Restart: "always",
# [Install]
systemd_service_Install_WantedBy: "multi-user.target"
}
}
tasks:
- name: create docker app base dir
pre_tasks:
- name: Create node_exporter cert dir
file:
path: "{{ item }}"
state: directory
mode: 0755
owner: root
group: root
with_items:
- "{{ dockerapp_tree_base_dir | last }}"
- "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}"
- "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs"
- "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs/homeserver"
tags:
- docker-compose
- bootstrap_dockerapp_create_base_dir
loop:
- /etc/node_exporter
- name: create docker volumes tree for containers
file:
path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/{{ item | default('') }}"
state: directory
mode: 0755
with_items: "{{ dockerapp_tree_volumes | default([]) }}"
tags:
- docker-compose
- bootstrap_dockerapp_create_app_dir
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
community.crypto.openssl_privatekey:
path: /etc/node_exporter/tls.key
mode: 0644
- name: create the main docker-compose file (docker-compose.yml)
template:
src: "../templates/docker-compose.yml.j2"
dest: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose-test.yml"
mode: 0600
tags:
- docker-compose
- bootstrap_dockerapp_configure_docker_compose
# /etc/node_exporter# chmod 644 tls.key
- name: Generate an OpenSSL Certificate Signing Request
community.crypto.openssl_csr:
path: /etc/node_exporter/tls.csr
privatekey_path: /etc/node_exporter/tls.key
common_name: "{{ inventory_hostname }}.netbird.cloud"
- name: Generate a Self Signed OpenSSL certificate
community.crypto.x509_certificate:
path: /etc/node_exporter/tls.cert
privatekey_path: /etc/node_exporter/tls.key
csr_path: /etc/node_exporter/tls.csr
provider: selfsigned
roles:
- { role: geerlingguy.pip, tags: pip }
- { role: geerlingguy.docker, tags: docker }
tasks:
- name: Ensure Docker is installed and running
service:
name: docker
state: started
enabled: yes
- name: Create Docker network for Traefik (optional, adjust if needed)
docker_network:
name: traefik_network
- name: Deploy Traefik container
docker_container:
name: traefik
image: traefik:v2.11
command:
- --api.insecure=true
- --providers.docker
ports:
- "80:80"
- "8080:8080" # Web UI (optional)
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- name: traefik_network # Optional, adapt network name
restart: unless-stopped
- name: Deploy Traefik Forward Auth container
docker_container:
name: forward-auth
image: thomseddon/traefik-forward-auth:2.2.0
env_file:
- ./traefik-auth-conf.env # Path to your environment file
volumes:
- ./traefik-auth-conf.env:/config.ini:ro # Configuration file
labels:
- traefik.enable=true
- traefik.http.routers.auth.rule=Host(`auth.local.net`)
# Additional labels for authentication and TLS (uncomment and adjust as needed)
# - traefik.http.routers.auth.entrypoints=https # Enable HTTPS
# - traefik.http.routers.auth.tls.domains[0].main=your_domain.com # Main domain
# - traefik.http.routers.auth.tls.domains[0].sans=*.your_domain.com # Wildcard for subdomains
# - traefik.http.routers.auth.tls.certresolver=letsencrypt-resolver # Use Let's Encrypt
- traefik.http.routers.auth.service=auth@docker
- traefik.http.services.auth.loadbalancer.server.port=4181
- traefik.http.middlewares.forward-auth.forwardauth.address=http://forward-auth:4181 # Adjusted container name
- traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true
- traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User
- traefik.http.routers.auth.middlewares=forward-auth
networks:
- name: traefik_network # Optional, adapt network name
restart: unless-stopped
- name: Deploy Whoami container for testing (optional)
docker_container:
name: whoami
image: traefik/whoami
labels:
- traefik.http.routers.whoami.rule=Host(`whoami.local.net`)
- traefik.http.routers.whoami.middlewares=forward-auth
networks:
- name: traefik_network # Optional, adapt network name
restart: unless-stopped
# - name: create docker app base dir
# file:
# path: "{{ item }}"
# state: directory
# mode: 0755
# owner: root
# group: root
# with_items:
# - "{{ dockerapp_tree_base_dir | last }}"
# - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}"
# - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs"
# - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs/homeserver"
# tags:
# - docker-compose
# - bootstrap_dockerapp_create_base_dir
# - name: create docker volumes tree for containers
# file:
# path: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/{{ item | default('') }}"
# state: directory
# mode: 0755
# with_items: "{{ dockerapp_tree_volumes | default([]) }}"
# tags:
# - docker-compose
# - bootstrap_dockerapp_create_app_dir
# - name: create the main docker-compose file (docker-compose.yml)
# template:
# src: "../templates/docker-compose.yml.j2"
# dest: "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/docker-compose-test.yml"
# mode: 0600
# tags:
# - docker-compose
# - bootstrap_dockerapp_configure_docker_compose
# - name: Run `docker-compose pull`
# community.docker.docker_compose:

8
host_vars/ovh01.yml
View File

@@ -1,5 +1,13 @@
---
#* DOCKER
docker_install_compose: true
pip_executable: pip3
#*PIP
pip_install_packages:
- docker-compose
#* SSH
#ssh_listen_to: "{{ host_private_address }}"