we build config files remotely. next test the mailing through msmtp and deploy!

This commit is contained in:
Adrien Luxey 2020-03-31 18:32:13 +02:00
parent 47c4e39b73
commit 62061a03fc
17 changed files with 124 additions and 44 deletions

View file

@ -1,6 +0,0 @@
Three parts:
* make a docker-compose wordpress:apache instance with fixed IP, configured to query host's MySQL
* Configure host's MySQL's access rights to allow connections from fixed IP
* Make new nginx server (answering to site's URL) to do TLS and pass connections to container with fixed IP

15
ansible/ansible.cfg Normal file
View file

@ -0,0 +1,15 @@
[defaults]
# To forward my SSH key to remote hosts, and be able to pull from gitlab
transport = ssh
ask_vault_pass = True
[ssh_connection]
# ForwardAgent to forward my SSH key to remote hosts, and be able to pull from gitlab
# ControlMaster to avoid a bug when cloning: https://github.com/ansible/ansible/issues/13876
# ControlPersist for SSH multiplexing "-o ControlPersist=60s" <- Causes user not being added to docker group T_T
ssh_args = -o ForwardAgent=yes -o ControlMaster=auto
# For speed
pipelining=True

5
ansible/build.yml Normal file
View file

@ -0,0 +1,5 @@
---
- hosts: all
gather_facts: no
roles:
- build

1
ansible/command Normal file
View file

@ -0,0 +1 @@
ansible-playbook --ask-vault-pass build.yml -i inventory

View file

@ -0,0 +1,19 @@
---
www_path: /vault/www
sites_path: /vault/sites
sites:
- slug: rdb # Shorthand name to use as directory/file name
# The complete site URL
url: www.rennesdesbois.fr
# What kind of service is that?
type: wordpress
# Subnet addresses
subnet_cidr_address: 172.27.0.0/24
subnet_gateway_ip: 172.27.0.1
subnet_site_ip: 172.27.0.2
mysql_database: rdb
mysql_username: rdb
mysql_password: "{{ vault_rdb_mysql_password }}"

View file

@ -0,0 +1,9 @@
$ANSIBLE_VAULT;1.1;AES256
64613132623931393566346236303131623137326233643334626630346233333933363135666132
6331386332666238623539613361633836613837343530610a623632666231366436666136303764
66333939643963323830326161646332633632336164366635613634366138663932393866356464
3066396637656636380a626635366239363866653335333661346432313566356635303338313963
34613666396637346536616365323636376466626637313134346266353230376166303031353461
65633731623463393736663136303931666637303130353531353930663437353835346532373833
63346539653439383138303732656637323562336265616338323133343863356235346265616130
63333639666263363361

1
ansible/inventory Normal file
View file

@ -0,0 +1 @@
serenity ansible_user=adrien ansible_host=92.243.8.85

View file

@ -0,0 +1,17 @@
---
- name: Build Wordpress sites
include_tasks: wordpress.yml
loop: "{{ sites }}"
when: item.type == "wordpress"
# build an image
# do the msmtp bullshit
# docker compose
# nginx
# let's encrypt
# in another role: deploy the stuff

View file

@ -0,0 +1,15 @@
- name: "Create folder {{ sites_path }}/{{ item.slug }}"
file:
path: "{{ sites_path }}/{{ item.slug }}"
state: directory
mode: '750'
- name: Render sexy Dockerfile
template:
src: Dockerfile.j2
dest: "{{ sites_path }}/{{ item.slug }}/Dockerfile"
- name: Render marvelous docker-compose.yml
template:
src: docker-compose.yml.j2
dest: "{{ sites_path }}/{{ item.slug }}/docker-compose.yml"

View file

@ -0,0 +1,14 @@
FROM wordpress:apache
RUN apt-get update; \
apt-get install -y --no-install-recommends msmtp; \
rm -rf /var/lib/apt/lists/*
RUN echo "sendmail_path = /usr/sbin/msmtp -t " > /usr/local/etc/php/conf.d/sendmail.ini
RUN cat << EOF > /etc/msmtprc
account default
host {{ item.subnet_gateway_ip }}
port 25
EOF

View file

@ -0,0 +1,26 @@
version: '3'
# Generated by ansible for site {{ item.url }}
# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
services:
wp:
build: .
restart: always
environment:
WORDPRESS_DB_HOST: "{{ item.subnet_gateway_ip }}"
WORDPRESS_DB_USER: "{{ item.mysql_username }}"
WORDPRESS_DB_PASSWORD: "{{ item.mysql_password }}"
WORDPRESS_DB_NAME: "{{ item.mysql_database }}"
volumes:
- "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content"
networks:
net:
ipv4_address: "{{ item.subnet_site_ip }}"
networks:
net:
ipam:
driver: default
config:
- subnet: "{{ item.subnet_cidr_address }}"

View file

@ -4,7 +4,7 @@
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name {{ site_url }} www.{{ site_url }}; server_name {{ site_url }};
rewrite ^ https://{{ site_url }}$request_uri permanent; rewrite ^ https://{{ site_url }}$request_uri permanent;
} }
@ -12,7 +12,7 @@ server {
server { server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
server_name {{ site_url }} www.{{ site_url }}; server_name {{ site_url }};
access_log /var/log/nginx/{{ site_name }}-access.log; access_log /var/log/nginx/{{ site_name }}-access.log;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
@ -23,16 +23,7 @@ server {
include snippets/ssl-params.conf; include snippets/ssl-params.conf;
ssl_certificate /etc/letsencrypt/live/{{ site_url }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ site_url }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ site_url }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ site_url }}/privkey.pem;
if ($host = www.{{ site_url }}) {
rewrite ^ https://{{ site_url }}$request_uri permanent;
}
# Run by host
# root /var/www/{{ site_name }};
# include snippets/wordpress.conf;
# Run in Docker
include snippets/header-params_server.conf; include snippets/header-params_server.conf;
location / { location / {
include snippets/header-params_location.conf; include snippets/header-params_location.conf;

View file

@ -1,26 +0,0 @@
version: '3'
# Generated by ansible for site {{ site_url }}
# At {{ subnet_site_ip }} on {{ subnet_cidr_address }}
services:
wp:
image: {{ docker_image }}
restart: always
environment:
WORDPRESS_DB_HOST: "{{ subnet_gateway_ip }}"
WORDPRESS_DB_USER: "{{ mysql_username }}"
WORDPRESS_DB_PASSWORD: "{{ mysql_password }}"
WORDPRESS_DB_NAME: "{{ mysql_database }}"
volumes: {{ docker_volumes | to_yaml }}
networks:
net:
ipv4_address: "{{ subnet_site_ip }}"
networks:
net:
ipam:
driver: default
config:
- subnet: "{{ subnet_cidr_address }}"

View file

@ -1 +0,0 @@
Add this to an Ansible role executing the templates to add the propoer IP, notably to msmtprc