Added ansible for docker

data/ansible/docker/docker-compose.yaml

@@ -0,0 +1,19 @@
+nginx:
+  # Note : Only nginx:alpine supports bcrypt.
+  # If you don't need to use bcrypt, you can use a different tag.
+  # Ref. https://github.com/nginxinc/docker-nginx/issues/29
+  image: "nginx:alpine"
+  ports:
+    - 5043:443
+  links:
+    - registry:registry
+  volumes:
+    - ./auth:/etc/nginx/conf.d
+    - ./auth/nginx.conf:/etc/nginx/nginx.conf:ro
+
+registry:
+  image: registry:2
+  ports:
+    - 5000:5000
+  volumes:
+    - ./data:/var/lib/registry

data/ansible/docker/docker.yaml

@@ -0,0 +1,34 @@
+---
+
+- name: Add Docker's public GPG key to the APT keyring
+  apt_key:
+    url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    state: present
+
+- name: Configure Docker's upstream APT repository
+  apt_repository:
+    repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
+    state: present
+    update_cache: yes
+
+- name: Install Docker
+  apt:
+    name:
+      - docker-ce 
+      - docker-ce-cli 
+      - containerd.io
+    state: "present"
+
+- name: Add user(s) to "docker" group
+  user:
+    name: "{{ item }}"
+    groups: "docker"
+    append: true
+  loop: "{{ docker__users }}"
+
+- name: Enable service docker and ensure it is not masked
+  systemd:
+    name: docker
+    state: started
+    enabled: yes
+    masked: no

data/ansible/docker/go.yaml

@@ -0,0 +1,122 @@
+---
+- name: create gopath directory
+  file:
+    state: directory
+    mode: 'u=rwx,go=rx'
+    dest: '{{ golang_gopath }}'
+
+- name: create download directory
+  file:
+    state: directory
+    mode: 'u=rwx,go=rx'
+    dest: '{{ golang_download_dir }}'
+
+- name: Register the current Go version (if any)
+  command: /usr/local/go/bin/go version
+  ignore_errors: yes
+  register: go_version
+  changed_when: false
+
+- name: Remove old installation of Go
+  become: yes
+  file:
+    path: /usr/local/go
+    state: absent
+  when: go_version is failed or go_version.stdout != go_version_target
+
+- name: download Go language SDK
+  get_url:
+    url: '{{ golang_mirror }}/{{ golang_redis_filename }}'
+    dest: '{{ golang_download_dir }}/{{ golang_redis_filename }}'
+    mode: 'u=rw,go=r'
+
+- name: create Go language SDK installation directory
+  become: yes
+  file:
+    state: directory
+    owner: root
+    group: root
+    mode: 'u=rwx,go=rx'
+    dest: '{{ golang_install_dir }}'
+
+- name: install Go language SDK
+  become: yes
+  unarchive:
+    src: '{{ golang_download_dir }}/{{ golang_redis_filename }}'
+    remote_src: yes
+    extra_opts: '--strip-components=1'
+    dest: '{{ golang_install_dir }}'
+    owner: root
+    group: root
+    creates: '{{ golang_install_dir }}/bin'
+
+# Set Go language SDK environment variables
+- name: make sure /etc/profile.d exists
+  become: yes
+  file:
+    path: /etc/profile.d
+    state: directory
+    owner: root
+    group: root
+    mode: 'u=rwx,go=rx'
+
+- name: export Go language SDK environment variables
+  become: yes
+  template:
+    src: golang.sh.j2
+    dest: /etc/profile.d/golang.sh
+    owner: root
+    group: root
+    mode: 'u=rw,go=r'
+
+- name: Export GOROOT for root
+  become: yes
+  lineinfile:
+    path: ~/.bashrc
+    line: export GOROOT='{{ golang_install_dir }}'
+    insertafter: last
+
+- name: Add GOROOT to PATH for root
+  become: yes
+  lineinfile:
+    dest: ~/.bashrc
+    line: export PATH=$PATH:$GOROOT/bin
+    insertafter: last
+
+- name: Export GOPATH for root
+  become: yes
+  lineinfile:
+    dest: ~/.bashrc
+    line: export GOPATH='{{ golang_gopath }}'
+    insertafter: last
+
+- name: Add GOPATH to PATH for root
+  become: yes
+  lineinfile:
+    dest: ~/.bashrc
+    line: export PATH=$PATH:$GOPATH/bin
+    insertafter: last
+
+- name: Export GOROOT
+  lineinfile:
+    dest: ~/.bashrc
+    line: export GOROOT='{{ golang_install_dir }}'
+    insertafter: last
+
+- name: Add GOROOT to PATH
+  lineinfile:
+    dest: ~/.bashrc
+    line: export PATH=$PATH:$GOROOT/bin
+    insertafter: last
+
+- name: Export GOPATH
+  lineinfile:
+    dest: ~/.bashrc
+    line: export GOPATH='{{ golang_gopath }}'
+    insertafter: last
+
+- name: Add GOPATH to PATH
+  lineinfile:
+    dest: ~/.bashrc
+    line: export PATH=$PATH:$GOPATH/bin
+    insertafter: last

data/ansible/docker/golang.sh.j2

@@ -0,0 +1,12 @@
+
+#!/bin/sh
+
+{{ ansible_managed | comment('plain') }}
+
+export GOROOT='{{ golang_install_dir }}'
+export PATH=$PATH:$GOROOT/bin
+
+{% if golang_gopath not in (None, '') %}
+export GOPATH="{{ golang_gopath }}"
+export PATH=$PATH:$GOPATH/bin
+{% endif %}

data/ansible/docker/main.yaml

@@ -0,0 +1,156 @@
+---
+- name: Check and set python version on APT server
+  hosts: apt
+  remote_user: '{{ gouser }}'
+  gather_facts: false
+  tasks:
+    - name: symlink /usr/bin/python -> /usr/bin/python3
+      raw: |
+        if [ -f /usr/bin/python3 ] && [ ! -f /usr/bin/python ]; then
+          ln --symbolic /usr/bin/python3 /usr/bin/python; 
+        fi
+      become: true
+
+- name: Check and set python version on PKG server
+  hosts: pkg
+  remote_user: '{{ gouser }}'
+  gather_facts: false
+  tasks:
+    - name: symlink /usr/bin/python -> /usr/bin/python3
+      raw: |
+        if [ -f /usr/bin/python3 ] && [ ! -f /usr/bin/python ]; then
+          ln --symbolic /usr/bin/python3 /usr/bin/python; 
+        fi
+      become: true
+
+- hosts: apt
+  vars:
+    ###############################################################
+    ##################### Golang Vars #############################
+    ###############################################################
+    # Go language SDK version number
+    golang_version: '1.13'
+    go_version_target: "go version go{{ golang_version }} linux/amd64"
+    # Mirror to download the Go language SDK redistributable package from
+    golang_mirror: 'https://storage.googleapis.com/golang'
+    # Base installation directory the Go language SDK distribution
+    golang_install_dir: '/usr/local/go'
+    # Directory to store files downloaded for Go language SDK installation
+    golang_download_dir: "{{ x_ansible_download_dir | default(ansible_env.HOME + '/.ansible/tmp/downloads') }}"
+    # Location for GOPATH environment variable
+    golang_gopath: "/home/{{ gouser }}/go"
+    # Filename of Go language SDK redistributable package
+    golang_redis_filename: 'go{{ golang_version }}.linux-amd64.tar.gz'
+
+    ###############################################################
+    # CGRateS vars
+    cgrates_dir: "{{ golang_gopath }}/src/github.com/cgrates/cgrates"
+    cgrates_branch: "master"
+    cgrates_distribution: "nightly"
+    ###############################################################
+    ######################## GPG Vars #############################
+    ###############################################################
+    gpg_home: "/root"
+    gpg_realname: "CGRateS"
+    gpg_useremail: "cgrates@itsyscom.com"
+    gpg_pubkeyfileexport: "apt.cgrates.org.gpg.key"
+
+    gpg_keylength: 2048
+    gpg_subkeylength: 2048
+    gpg_expire: 360
+
+    rootUser : root
+
+    customPath: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin:{{ ansible_env.PATH }}"
+
+    dependencies:
+      - build-essential
+      - git
+      - devscripts
+      - apt-transport-https
+      - ca-certificates
+      - gnupg2
+      - software-properties-common
+      - nginx
+
+  remote_user: '{{ gouser }}'
+  tasks:
+    - name: set cgrates cgrates_distribution
+      set_fact:
+        cgrates_distribution: "{{ cgrates_distribution }}"
+###########################################################################################################################
+###########################################################################################################################
+# install dependencies
+    - name: Install dependencies
+      become: yes
+      apt: name={{ dependencies }} state=present
+###########################################################################################################################
+###########################################################################################################################
+# Prepare for configuration
+    - name: Check if NGINX needs to be configured
+      become: true
+      shell: "ls /etc/nginx/sites-enabled | grep 'apt.cgrates.org.vhost'"
+      ignore_errors: true
+      register: nginxConfig
+
+    - name: Configure NGINX server
+      include: nginx.yaml
+      when: nginxConfig.stdout_lines|length < 1
+
+###########################################################################################################################
+###########################################################################################################################
+# Install Golang
+    - name: install unarchive dependencies (zypper)
+      become: yes
+      zypper:
+        name:
+          - gzip
+          - tar
+        state: present
+      when: ansible_pkg_mgr == 'zypper'
+
+    - name: Install golang
+      include: go.yaml
+
+###########################################################################################################################
+###########################################################################################################################
+# Install CGRateS
+    - name: create cgrates directory
+      become: yes
+      file:
+        state: directory
+        mode: 'u=rwx,go=rx'
+        owner: "{{ gouser }}"
+        group: "{{ gouser }}"
+        dest: '{{ cgrates_dir }}'
+      become_user: "{{ gouser }}"
+
+    - name: git clone cgrates
+      git:
+        repo: https://github.com/cgrates/cgrates.git
+        dest: '{{ cgrates_dir }}'
+        update: yes
+        force: yes
+        version: "{{ cgrates_branch }}"
+      become: yes
+      become_user: "{{ gouser }}"
+
+    - name:  build cgrates
+      shell: "sh {{ cgrates_dir }}/build.sh"
+      environment:
+        PATH: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin:{{ ansible_env.PATH }}"
+      args:
+        chdir: '{{ cgrates_dir }}'
+
+    - name: symbol link
+      become: yes
+      file:
+        src: "{{ cgrates_dir }}/data"
+        dest: "/usr/share/cgrates"
+        state: link
+            
+    - name: get git tag
+      shell: "git tag -l --points-at HEAD"
+      args:
+        chdir: '{{ cgrates_dir }}'
+      register: gitTagVar

data/ansible/docker/nginx.conf

@@ -0,0 +1,66 @@
+events {
+    worker_connections  1024;
+}
+
+http {
+  upstream docker-registry {
+    server registry:5000;
+  }
+
+  ## Set a variable to help us decide if we need to add the
+  ## 'Docker-Distribution-Api-Version' header.
+  ## The registry always sets this header.
+  ## In the case of nginx performing auth, the header is unset
+  ## since nginx is auth-ing before proxying.
+  map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
+    '' 'registry/2.0';
+  }
+
+
+  server {
+    listen 443 ;#ssl;
+    server_name 127.0.0.1;
+
+    # SSL
+    # ssl_certificate /etc/nginx/conf.d/domain.crt;
+    # ssl_certificate_key /etc/nginx/conf.d/domain.key;
+
+    # # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+    # ssl_protocols TLSv1.1 TLSv1.2;
+    # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+    # ssl_prefer_server_ciphers on;
+    # ssl_session_cache shared:SSL:10m;
+
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
+    chunked_transfer_encoding on;
+
+    location /v2/ {
+      # Do not allow connections from docker 1.5 and earlier
+      # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
+      if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+        return 404;
+      }
+
+      # To add basic authentication to v2 use auth_basic setting.
+      limit_except GET HEAD OPTIONS {
+        deny all;
+        # auth_basic "Registry realm";
+        # auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
+      }
+
+      ## If $docker_distribution_api_version is empty, the header is not added.
+      ## See the map directive above where this variable is defined.
+      add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
+
+      proxy_pass                          http://docker-registry;
+      proxy_set_header  Host              $http_host;   # required for docker client's sake
+      proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+      proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+      # proxy_set_header  X-Forwarded-Proto $scheme;
+      proxy_read_timeout                  900;
+    }
+  }
+}

data/ansible/docker/nginx.conf.j2

@@ -0,0 +1,22 @@
+{{ ansible_managed | comment }}
+server {
+  listen 80;
+  server_name apt.cgrates.org;
+
+  access_log /var/log/nginx/packages-error.log;
+  error_log /var/log/nginx/packages-error.log;
+
+  location / {
+    root /var/packages;
+    index index.html;
+    autoindex on;
+  }
+
+  location ~ /(.*)/conf {
+    deny all;
+  }
+
+  location ~ /(.*)/db {
+    deny all;
+  }
+}

data/ansible/docker/nginx.yaml

@@ -0,0 +1,19 @@
+---
+- name: Add apt.cgrates.vhost in nginx
+  become: true
+  template:
+    src: nginx.conf.j2
+    dest: "/etc/nginx/sites-available/apt.cgrates.org.vhost"
+    mode: '0600'
+    owner: "{{ rootUser }}"
+
+- name: Create a symlink for apt.cgrates.org
+  become: true
+  file:
+    src: "/etc/nginx/sites-available/apt.cgrates.org.vhost"
+    dest: "/etc/nginx/sites-enabled/apt.cgrates.org.vhost"
+    state: link
+
+- name: Restart the nginx so the change take effects
+  become: true
+  shell: "/etc/init.d/nginx reload"