From 189e2ec60f5cbe56f043cac713cde7ef6d30afcb Mon Sep 17 00:00:00 2001 From: Adrien Luxey Date: Thu, 7 May 2020 08:17:17 +0200 Subject: [PATCH] moved stuff around, gitea not working --- deployer/group_vars/all/vars.yml | 185 +++++++++--------- deployer/group_vars/all/vault.yml | 70 +++---- deployer/roles/build/tasks/main.yml | 6 +- deployer/roles/build/tasks/mysql.yml | 11 +- .../templates/gitea/docker-compose.yml.j2 | 4 +- .../build/templates/gitea/nginx/nginx.conf.j2 | 16 +- deployer/roles/deploy/tasks/deploy.yml | 10 + deployer/roles/deploy/tasks/docker.yml | 10 + deployer/roles/deploy/tasks/drupal.yml | 27 --- deployer/roles/deploy/tasks/main.yml | 22 ++- deployer/roles/deploy/tasks/nginx.yml | 23 +++ deployer/roles/deploy/tasks/wordpress.yml | 30 --- 12 files changed, 220 insertions(+), 194 deletions(-) create mode 100644 deployer/roles/deploy/tasks/deploy.yml create mode 100644 deployer/roles/deploy/tasks/docker.yml delete mode 100644 deployer/roles/deploy/tasks/drupal.yml create mode 100644 deployer/roles/deploy/tasks/nginx.yml delete mode 100644 deployer/roles/deploy/tasks/wordpress.yml diff --git a/deployer/group_vars/all/vars.yml b/deployer/group_vars/all/vars.yml index 688b513..b97ab00 100644 --- a/deployer/group_vars/all/vars.yml +++ b/deployer/group_vars/all/vars.yml @@ -14,96 +14,96 @@ gitea: version: 1.11.4 sites: - - slug: rdb # Shorthand name to use as directory/file name - # The site URL (without www) - url: rennesdesbois.fr - # Ask nginx to redirect url to www - # Else, we redirect www to url - redirect_to_www: yes - # What kind of site is that? - type: wordpress - # Subnet addresses - subnet_cidr_address: 172.27.1.0/24 - subnet_gateway_ip: 172.27.1.1 - subnet_nginx_ip: 172.27.1.2 - subnet_site_ip: 172.27.1.3 - # MySQL - mysql_database: rdb - mysql_username: rdb - mysql_password: "{{ vault_rdb_mysql_password }}" + # - slug: rdb # Shorthand name to use as directory/file name + # # The site URL (without www) + # url: rennesdesbois.fr + # # Ask nginx to redirect url to www + # # Else, we redirect www to url + # redirect_to_www: yes + # # What kind of site is that? + # type: wordpress + # # Subnet addresses + # subnet_cidr_address: 172.27.1.0/24 + # subnet_gateway_ip: 172.27.1.1 + # subnet_nginx_ip: 172.27.1.2 + # subnet_site_ip: 172.27.1.3 + # # MySQL + # mysql_database: rdb + # mysql_username: rdb + # mysql_password: "{{ vault_rdb_mysql_password }}" - - slug: arvuhez # Shorthand name to use as directory/file name - # The site URL (without www) - url: arvuhez.org - # Ask nginx to redirect url to www - # Else, we redirect www to url - redirect_to_www: no - # What kind of site is that? - type: wordpress - # Subnet addresses - subnet_cidr_address: 172.27.2.0/24 - subnet_gateway_ip: 172.27.2.1 - subnet_nginx_ip: 172.27.2.2 - subnet_site_ip: 172.27.2.3 - # MySQL - mysql_database: arvuhez - mysql_username: arvuhez - mysql_password: "{{ vault_arvuhez_mysql_password }}" + # - slug: arvuhez # Shorthand name to use as directory/file name + # # The site URL (without www) + # url: arvuhez.org + # # Ask nginx to redirect url to www + # # Else, we redirect www to url + # redirect_to_www: no + # # What kind of site is that? + # type: wordpress + # # Subnet addresses + # subnet_cidr_address: 172.27.2.0/24 + # subnet_gateway_ip: 172.27.2.1 + # subnet_nginx_ip: 172.27.2.2 + # subnet_site_ip: 172.27.2.3 + # # MySQL + # mysql_database: arvuhez + # mysql_username: arvuhez + # mysql_password: "{{ vault_arvuhez_mysql_password }}" - - slug: zinzoscope # Shorthand name to use as directory/file name - # The site URL (without www) - url: zinz.luxeylab.net - # Ask nginx to redirect url to www - # Else, we redirect www to url - redirect_to_www: no - # What kind of site is that? - type: wordpress - # Subnet addresses - subnet_cidr_address: 172.27.3.0/24 - subnet_gateway_ip: 172.27.3.1 - subnet_nginx_ip: 172.27.3.2 - subnet_site_ip: 172.27.3.3 - # MySQL - mysql_database: zinzoscope - mysql_username: zinzoscope - mysql_password: "{{ vault_zinzoscope_mysql_password }}" + # - slug: zinzoscope # Shorthand name to use as directory/file name + # # The site URL (without www) + # url: zinz.luxeylab.net + # # Ask nginx to redirect url to www + # # Else, we redirect www to url + # redirect_to_www: no + # # What kind of site is that? + # type: wordpress + # # Subnet addresses + # subnet_cidr_address: 172.27.3.0/24 + # subnet_gateway_ip: 172.27.3.1 + # subnet_nginx_ip: 172.27.3.2 + # subnet_site_ip: 172.27.3.3 + # # MySQL + # mysql_database: zinzoscope + # mysql_username: zinzoscope + # mysql_password: "{{ vault_zinzoscope_mysql_password }}" - - slug: lexperimental # Shorthand name to use as directory/file name - # The site URL (without www) - url: lexperimental.fr - # Ask nginx to redirect url to www - # Else, we redirect www to url - redirect_to_www: no - # What kind of site is that? - type: wordpress - # Subnet addresses - subnet_cidr_address: 172.27.4.0/24 - subnet_gateway_ip: 172.27.4.1 - subnet_nginx_ip: 172.27.4.2 - subnet_site_ip: 172.27.4.3 - # MySQL - mysql_database: lexperimental - mysql_username: lexperimental - mysql_password: "{{ vault_lexperimental_mysql_password }}" + # - slug: lexperimental # Shorthand name to use as directory/file name + # # The site URL (without www) + # url: lexperimental.fr + # # Ask nginx to redirect url to www + # # Else, we redirect www to url + # redirect_to_www: no + # # What kind of site is that? + # type: wordpress + # # Subnet addresses + # subnet_cidr_address: 172.27.4.0/24 + # subnet_gateway_ip: 172.27.4.1 + # subnet_nginx_ip: 172.27.4.2 + # subnet_site_ip: 172.27.4.3 + # # MySQL + # mysql_database: lexperimental + # mysql_username: lexperimental + # mysql_password: "{{ vault_lexperimental_mysql_password }}" - - slug: mts # Shorthand name to use as directory/file name - # The site URL (without www) - url: editionsmangetasoupe.fr - # Ask nginx to redirect url to www - # Else, we redirect www to url - redirect_to_www: no - # What kind of site is that? - type: drupal - # Subnet addresses - subnet_cidr_address: 172.27.5.0/24 - subnet_gateway_ip: 172.27.5.1 - subnet_site_ip: 172.27.5.2 - # This will allow setting up MySQL - # Configuration on Drupal's side must be done by hand: - # Edit your /sites/default/settings.php - mysql_database: mts8 - mysql_username: mts - mysql_password: "{{ vault_mts_mysql_password }}" + # - slug: mts # Shorthand name to use as directory/file name + # # The site URL (without www) + # url: editionsmangetasoupe.fr + # # Ask nginx to redirect url to www + # # Else, we redirect www to url + # redirect_to_www: no + # # What kind of site is that? + # type: drupal + # # Subnet addresses + # subnet_cidr_address: 172.27.5.0/24 + # subnet_gateway_ip: 172.27.5.1 + # subnet_site_ip: 172.27.5.2 + # # This will allow setting up MySQL + # # Configuration on Drupal's side must be done by hand: + # # Edit your /sites/default/settings.php + # mysql_database: mts8 + # mysql_username: mts + # mysql_password: "{{ vault_mts_mysql_password }}" - slug: gitea_test # Shorthand name to use as directory/file name # The site URL (without www) @@ -114,11 +114,14 @@ sites: # What kind of site is that? type: gitea # Subnet addresses - subnet_cidr_address: 172.27.4.0/24 - subnet_gateway_ip: 172.27.4.1 - subnet_nginx_ip: 172.27.4.2 - subnet_site_ip: 172.27.4.3 + subnet_cidr_address: 172.27.6.0/24 + subnet_gateway_ip: 172.27.6.1 + subnet_nginx_ip: 172.27.6.2 + subnet_site_ip: 172.27.6.3 + # User ID (git on remote) + user_uid: 1007 + user_gid: 1006 # MySQL mysql_database: gitea_test mysql_username: gitea_test - mysql_password: "{{ vault_lexperimental_mysql_password }}" + mysql_password: "{{ vault_gitea_test_mysql_password }}" diff --git a/deployer/group_vars/all/vault.yml b/deployer/group_vars/all/vault.yml index 1a0749d..22395e4 100644 --- a/deployer/group_vars/all/vault.yml +++ b/deployer/group_vars/all/vault.yml @@ -1,34 +1,38 @@ $ANSIBLE_VAULT;1.1;AES256 -34386539366237643636326332343434623662373561336536363338373535393662323663656535 -6431333031393336353139616535363739343763356163620a356164313063616231373634393963 -30366366616539306438326563623832626666363562383334303961643862373736356337356635 -6461363664316566660a346539376262326438353933663333393137623438643166623335383236 -38643631363032636138333739353337633839303562383664366163303537633463663331313362 -30306132383465633434376236626562353935383463306333386538653436323832313063646162 -35653934306631383633636132666534373537316137623961653566303463376433373561323166 -38353034393830323165653130663063646135656137633434313066616663636635346431333138 -65633663626266613039323264653738316564643563303764646330643837383639646131643639 -36646664386138623565353864373235326362353537306133633663316238613862616464323732 -66383733306166633466333833643162353261356565326232356132303062623936663731663136 -36613261646130383632636165393061316235326435383064313233316639383830323165653265 -31383063303463303561383434623832323536336438623265316264623661653333323133356231 -64663734343333663130303565383466666436383964646564313932323637393136646165643634 -66636261663561613139393333326663646464303339323933663061383736343536623164356566 -36323534323666303532383333343363373666386565643566396636386265393232636233396133 -35393338613166653931666536663336633364383735303361636366656666636433356262656262 -34633534306239663563326566623161633363633466613764343836613331326265636439623530 -37326138393738316536393464643131653537663434323664343237393165613039646232343835 -34323036386232363437633966303861643962393337326332613334343431383231646465336334 -65396465373163643163313466376334646436386463373232613663393663373139356234326165 -64353633313832633335633830323337636130636431666263383061626231343138646665346136 -36323232373338373734333436656435646163393961633366613735616537656638633034373965 -38663662373736626561666239333733393630653439383265616433663934366435323136373963 -66303836363764393363383833323066616234316666303934626638363734346663616661616664 -36366635656534343738343234356363323032636435336433333135666232623231333739336262 -30636561613938396631623365613535656666313334663665363037636534353030626262313134 -62663931626661313231613235366364613635383638633265386330373731663738336435346537 -30393137373636363237643365626437623734376162626437306364313564616530663934343137 -33313065346465633933616134386434323031313239303736653564623833376563336361366164 -37666635643334663665633966653738616131643237343063326430326263363461303966333032 -64616336303361626336343930363666623565356431336461346132326636333636663730343934 -3666 +64313133656432666630353732343865386336613536386135326132616366393761663936653565 +3038656636653562353037643765333831656334343332310a313062353730333865383964376537 +30393232616663626336616638373136316130336332626632633132643764613034333838653361 +3563393837396232370a636232646566353261356333333137386234313661633238626263313535 +36326239633339663035303165333239346530373332393431396462326266366536623566656630 +35313335313836656239333137363337353833333333343732353138313638336662613733333032 +61353033343934343066333235336466373665353964316136316534666135353538353562316238 +32613861636336376533356535656134333934653834336136303364313335353061373738343232 +62663238383535653637616532353662343061353236396231346365346339353964663962646233 +61376535306166353261386163386362356137653962386338633631383738326164646235356532 +34333665393963306130393832343834353132623035363739323736396531353462633331653135 +31333262303433633434653430616363663932333830363163393362376437636163376162326338 +64613431336631333033663966346438386632326461633934393433643864343061363239383338 +36663938623661343535643663646661643335616431616364646535663735396639353239353936 +30356166643630316564663137393666666635666466356661363039666436346136613032393034 +62326563313061316466666430366163396537663262303562386265353938373833393531636437 +37346331353364366436666531656534323332353439373935623835646363633330636232396137 +35666466316134613538376166633863656332616332613130613134633362643839343131366332 +61343630653865353236383532353736626530343332626138323636346239356235303037636565 +64363438343435313232363035643462653736323362323636383062333335336531626366363431 +35616631386539306436333733656530626637616533343164343035316165366138373363613930 +30373136316562306530376633653431346463663162383466643933306133633132383961343432 +35336533623735633135623332366136323563366136633761633137363664393563386462303864 +39633163333636386563303162366537386237646635373666653662633239343532663061363536 +34626338616638666266323637333630353262376135613237313738383965386539636365306162 +32366335666438383632326139386561303937613138386666396538333034336235373063613863 +39383238346561653236663464306332363461663933633462636432383639363632393130633965 +33356633616462336637396432646633343535383133353065616630303736323335623439313932 +66633030643664326662636264323234623064376464333838363039353234343138373732633533 +30653761306131386430613838383538306564636361633838326636383636383539313465656135 +32626264353534366565306236623361353331623036613137623332636366653331333534623035 +31313731363263323063656264663632636265393639633765366435623333313937313065303231 +32656239663961333430613161346435333438616662613735313862666239636561326566353139 +35643965393263353865356637383664316166333839633738373861383535343337663466396563 +32393563613730636438393539323561393962366532646138633131376364383862653437393037 +37343634333233393135643939396361626135353435666466393664666335623533636337626436 +3632 diff --git a/deployer/roles/build/tasks/main.yml b/deployer/roles/build/tasks/main.yml index f802357..8116df5 100644 --- a/deployer/roles/build/tasks/main.yml +++ b/deployer/roles/build/tasks/main.yml @@ -5,7 +5,7 @@ loop: "{{ sites }}" loop_control: loop_var: site - when: item.type == "wordpress" + when: site.type == "wordpress" tags: wordpress - name: Build Drupal sites @@ -13,7 +13,7 @@ loop: "{{ sites }}" loop_control: loop_var: site - when: item.type == "drupal" + when: site.type == "drupal" tags: drupal - name: Build Gitea sites @@ -21,7 +21,7 @@ loop: "{{ sites }}" loop_control: loop_var: site - when: item.type == "gitea" + when: site.type == "gitea" tags: gitea # build an image diff --git a/deployer/roles/build/tasks/mysql.yml b/deployer/roles/build/tasks/mysql.yml index a5b6ccc..6b4f7de 100644 --- a/deployer/roles/build/tasks/mysql.yml +++ b/deployer/roles/build/tasks/mysql.yml @@ -2,6 +2,15 @@ # Needs variables: # - site: dict describing the site install (cf group_vars/all/vars.yml) +- name: "Create database {{ site.mysql_database }} if inexistent" + mysql_db: + name: "{{ site.mysql_database }}" + state: present + # Credentials to log in MySQL + login_host: localhost + login_user: root + login_password: "{{ mysql_root_password }}" + # MySQL equivalent: # create user @ identified by ; # grant all on .* to @; @@ -17,4 +26,4 @@ password: "{{ site.mysql_password }}" # Grants priv: "{{ site.mysql_database }}.*:all" - state: present + state: present \ No newline at end of file diff --git a/deployer/roles/build/templates/gitea/docker-compose.yml.j2 b/deployer/roles/build/templates/gitea/docker-compose.yml.j2 index 40dfade..48e82a4 100644 --- a/deployer/roles/build/templates/gitea/docker-compose.yml.j2 +++ b/deployer/roles/build/templates/gitea/docker-compose.yml.j2 @@ -12,8 +12,8 @@ services: restart: always environment: APP_NAME: "Gitea: git with a cup of coffee" - DOMAIN: "{{ site.url }}" - ROOT_URL: "{{ site.url }}" + # DOMAIN: "{{ site.url }}" + # ROOT_URL: "{{ site.url }}" USER_UID: "{{ site.user_uid }}" USER_GID: "{{ site.user_gid }}" DB_TYPE: mysql diff --git a/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2 b/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2 index 620e3d7..c08bc69 100644 --- a/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2 +++ b/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2 @@ -57,11 +57,23 @@ http { server { - listen 80 default; - listen [::]:80 default; + listen 80; + listen [::]:80; server_name {{ site.url }} www.{{ site.url }}; + root /data; + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-Url-Scheme $scheme; + proxy_redirect off; + proxy_max_temp_file_size 0; + proxy_read_timeout 120; + proxy_pass http://{{ site.subnet_site_ip }}:3000; } + } } \ No newline at end of file diff --git a/deployer/roles/deploy/tasks/deploy.yml b/deployer/roles/deploy/tasks/deploy.yml new file mode 100644 index 0000000..fc99e06 --- /dev/null +++ b/deployer/roles/deploy/tasks/deploy.yml @@ -0,0 +1,10 @@ +# Needs variables: +# - site: dict describing the site install (cf group_vars/all/vars.yml) + +- name: Include nginx tasks + include_tasks: nginx.yml + tags: nginx + +- name: Include docker tasks + include_tasks: docker.yml + tags: docker diff --git a/deployer/roles/deploy/tasks/docker.yml b/deployer/roles/deploy/tasks/docker.yml new file mode 100644 index 0000000..3135c0e --- /dev/null +++ b/deployer/roles/deploy/tasks/docker.yml @@ -0,0 +1,10 @@ +--- +# Needs variables: +# - site: dict describing the site install (cf group_vars/all/vars.yml) + +- name: "Launch the site's containers" + docker_compose: + project_src: "{{ sites_path }}/{{ site.slug }}" + state: present + build: yes + restarted: yes \ No newline at end of file diff --git a/deployer/roles/deploy/tasks/drupal.yml b/deployer/roles/deploy/tasks/drupal.yml deleted file mode 100644 index 0f6f825..0000000 --- a/deployer/roles/deploy/tasks/drupal.yml +++ /dev/null @@ -1,27 +0,0 @@ -- name: "Launch the site's containers" - docker_compose: - project_src: "{{ sites_path }}/{{ item.slug }}" - state: present - build: yes - restarted: yes - tags: docker - -- name: "Symlink nginx configuration to sites-enabled" - file: - src: "/etc/nginx/sites-available/{{ item.url }}" - dest: "/etc/nginx/sites-enabled/{{ item.url }}" - state: link - become: yes - tags: nginx - -- name: Verify nginx configuration - command: "nginx -t" - become: yes - tags: nginx - -- name: Restart nginx service - service: - name: nginx - state: restarted - become: yes - tags: nginx \ No newline at end of file diff --git a/deployer/roles/deploy/tasks/main.yml b/deployer/roles/deploy/tasks/main.yml index cd2cf9a..9108b35 100644 --- a/deployer/roles/deploy/tasks/main.yml +++ b/deployer/roles/deploy/tasks/main.yml @@ -1,13 +1,25 @@ --- - name: Deploy Wordpress sites - include_tasks: wordpress.yml + include_tasks: deploy.yml loop: "{{ sites }}" - when: item.type == "wordpress" + loop_control: + loop_var: site + when: site.type == "wordpress" tags: wordpress - name: Deploy Drupal sites - include_tasks: drupal.yml + include_tasks: deploy.yml loop: "{{ sites }}" - when: item.type == "drupal" - tags: drupal \ No newline at end of file + loop_control: + loop_var: site + when: site.type == "drupal" + tags: drupal + +- name: Deploy Gitea sites + include_tasks: deploy.yml + loop: "{{ sites }}" + loop_control: + loop_var: site + when: site.type == "gitea" + tags: gitea \ No newline at end of file diff --git a/deployer/roles/deploy/tasks/nginx.yml b/deployer/roles/deploy/tasks/nginx.yml new file mode 100644 index 0000000..ef92c4d --- /dev/null +++ b/deployer/roles/deploy/tasks/nginx.yml @@ -0,0 +1,23 @@ +# Needs variables: +# - site: dict describing the site install (cf group_vars/all/vars.yml) + +- name: Copy host config to /etc/nginx/sites-available + copy: + remote_src: yes + src: "{{ sites_path }}/{{ site.slug }}/nginx.host" + dest: "/etc/nginx/sites-available/{{ site.url }}" + become: yes + notify: Restart nginx + +- name: "Symlink nginx configuration to sites-enabled" + file: + src: "/etc/nginx/sites-available/{{ site.url }}" + dest: "/etc/nginx/sites-enabled/{{ site.url }}" + state: link + become: yes + notify: Restart nginx + +- name: Verify nginx configuration + command: "nginx -t" + any_errors_fatal: true + become: yes diff --git a/deployer/roles/deploy/tasks/wordpress.yml b/deployer/roles/deploy/tasks/wordpress.yml deleted file mode 100644 index f85517b..0000000 --- a/deployer/roles/deploy/tasks/wordpress.yml +++ /dev/null @@ -1,30 +0,0 @@ -- name: "Launch the site's containers" - docker_compose: - project_src: "{{ sites_path }}/{{ item.slug }}" - state: present - build: yes - restarted: yes - tags: docker - -- name: Copy host config to /etc/nginx/sites-available - copy: - remote_src: yes - src: "{{ sites_path }}/{{ item.slug }}/nginx.host" - dest: "/etc/nginx/sites-available/{{ item.url }}" - become: yes - notify: Restart nginx - tags: nginx - -- name: "Symlink nginx configuration to sites-enabled" - file: - src: "/etc/nginx/sites-available/{{ item.url }}" - dest: "/etc/nginx/sites-enabled/{{ item.url }}" - state: link - become: yes - notify: Restart nginx - tags: nginx - -- name: Verify nginx configuration - command: "nginx -t" - become: yes - tags: nginx