From d6eaa35c585e14d0b0af666338ec8abeefba71e8 Mon Sep 17 00:00:00 2001 From: Trial97 Date: Wed, 4 Mar 2020 17:58:50 +0200 Subject: [PATCH] Added ansible for docker --- data/ansible/docker/docker-compose.yaml | 19 +++ data/ansible/docker/docker.yaml | 34 ++++++ data/ansible/docker/go.yaml | 122 ++++++++++++++++++ data/ansible/docker/golang.sh.j2 | 12 ++ data/ansible/docker/main.yaml | 156 ++++++++++++++++++++++++ data/ansible/docker/nginx.conf | 66 ++++++++++ data/ansible/docker/nginx.conf.j2 | 22 ++++ data/ansible/docker/nginx.yaml | 19 +++ 8 files changed, 450 insertions(+) create mode 100644 data/ansible/docker/docker-compose.yaml create mode 100644 data/ansible/docker/docker.yaml create mode 100644 data/ansible/docker/go.yaml create mode 100644 data/ansible/docker/golang.sh.j2 create mode 100644 data/ansible/docker/main.yaml create mode 100644 data/ansible/docker/nginx.conf create mode 100644 data/ansible/docker/nginx.conf.j2 create mode 100644 data/ansible/docker/nginx.yaml diff --git a/data/ansible/docker/docker-compose.yaml b/data/ansible/docker/docker-compose.yaml new file mode 100644 index 000000000..8d86d94f8 --- /dev/null +++ b/data/ansible/docker/docker-compose.yaml @@ -0,0 +1,19 @@ +nginx: + # Note : Only nginx:alpine supports bcrypt. + # If you don't need to use bcrypt, you can use a different tag. + # Ref. https://github.com/nginxinc/docker-nginx/issues/29 + image: "nginx:alpine" + ports: + - 5043:443 + links: + - registry:registry + volumes: + - ./auth:/etc/nginx/conf.d + - ./auth/nginx.conf:/etc/nginx/nginx.conf:ro + +registry: + image: registry:2 + ports: + - 5000:5000 + volumes: + - ./data:/var/lib/registry diff --git a/data/ansible/docker/docker.yaml b/data/ansible/docker/docker.yaml new file mode 100644 index 000000000..a5053de6b --- /dev/null +++ b/data/ansible/docker/docker.yaml @@ -0,0 +1,34 @@ +--- + +- name: Add Docker's public GPG key to the APT keyring + apt_key: + url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg + state: present + +- name: Configure Docker's upstream APT repository + apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable + state: present + update_cache: yes + +- name: Install Docker + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + state: "present" + +- name: Add user(s) to "docker" group + user: + name: "{{ item }}" + groups: "docker" + append: true + loop: "{{ docker__users }}" + +- name: Enable service docker and ensure it is not masked + systemd: + name: docker + state: started + enabled: yes + masked: no diff --git a/data/ansible/docker/go.yaml b/data/ansible/docker/go.yaml new file mode 100644 index 000000000..c08fae40b --- /dev/null +++ b/data/ansible/docker/go.yaml @@ -0,0 +1,122 @@ +--- +- name: create gopath directory + file: + state: directory + mode: 'u=rwx,go=rx' + dest: '{{ golang_gopath }}' + +- name: create download directory + file: + state: directory + mode: 'u=rwx,go=rx' + dest: '{{ golang_download_dir }}' + +- name: Register the current Go version (if any) + command: /usr/local/go/bin/go version + ignore_errors: yes + register: go_version + changed_when: false + +- name: Remove old installation of Go + become: yes + file: + path: /usr/local/go + state: absent + when: go_version is failed or go_version.stdout != go_version_target + +- name: download Go language SDK + get_url: + url: '{{ golang_mirror }}/{{ golang_redis_filename }}' + dest: '{{ golang_download_dir }}/{{ golang_redis_filename }}' + mode: 'u=rw,go=r' + +- name: create Go language SDK installation directory + become: yes + file: + state: directory + owner: root + group: root + mode: 'u=rwx,go=rx' + dest: '{{ golang_install_dir }}' + +- name: install Go language SDK + become: yes + unarchive: + src: '{{ golang_download_dir }}/{{ golang_redis_filename }}' + remote_src: yes + extra_opts: '--strip-components=1' + dest: '{{ golang_install_dir }}' + owner: root + group: root + creates: '{{ golang_install_dir }}/bin' + +# Set Go language SDK environment variables +- name: make sure /etc/profile.d exists + become: yes + file: + path: /etc/profile.d + state: directory + owner: root + group: root + mode: 'u=rwx,go=rx' + +- name: export Go language SDK environment variables + become: yes + template: + src: golang.sh.j2 + dest: /etc/profile.d/golang.sh + owner: root + group: root + mode: 'u=rw,go=r' + +- name: Export GOROOT for root + become: yes + lineinfile: + path: ~/.bashrc + line: export GOROOT='{{ golang_install_dir }}' + insertafter: last + +- name: Add GOROOT to PATH for root + become: yes + lineinfile: + dest: ~/.bashrc + line: export PATH=$PATH:$GOROOT/bin + insertafter: last + +- name: Export GOPATH for root + become: yes + lineinfile: + dest: ~/.bashrc + line: export GOPATH='{{ golang_gopath }}' + insertafter: last + +- name: Add GOPATH to PATH for root + become: yes + lineinfile: + dest: ~/.bashrc + line: export PATH=$PATH:$GOPATH/bin + insertafter: last + +- name: Export GOROOT + lineinfile: + dest: ~/.bashrc + line: export GOROOT='{{ golang_install_dir }}' + insertafter: last + +- name: Add GOROOT to PATH + lineinfile: + dest: ~/.bashrc + line: export PATH=$PATH:$GOROOT/bin + insertafter: last + +- name: Export GOPATH + lineinfile: + dest: ~/.bashrc + line: export GOPATH='{{ golang_gopath }}' + insertafter: last + +- name: Add GOPATH to PATH + lineinfile: + dest: ~/.bashrc + line: export PATH=$PATH:$GOPATH/bin + insertafter: last diff --git a/data/ansible/docker/golang.sh.j2 b/data/ansible/docker/golang.sh.j2 new file mode 100644 index 000000000..7bfc41c2e --- /dev/null +++ b/data/ansible/docker/golang.sh.j2 @@ -0,0 +1,12 @@ + +#!/bin/sh + +{{ ansible_managed | comment('plain') }} + +export GOROOT='{{ golang_install_dir }}' +export PATH=$PATH:$GOROOT/bin + +{% if golang_gopath not in (None, '') %} +export GOPATH="{{ golang_gopath }}" +export PATH=$PATH:$GOPATH/bin +{% endif %} \ No newline at end of file diff --git a/data/ansible/docker/main.yaml b/data/ansible/docker/main.yaml new file mode 100644 index 000000000..87fdce169 --- /dev/null +++ b/data/ansible/docker/main.yaml @@ -0,0 +1,156 @@ +--- +- name: Check and set python version on APT server + hosts: apt + remote_user: '{{ gouser }}' + gather_facts: false + tasks: + - name: symlink /usr/bin/python -> /usr/bin/python3 + raw: | + if [ -f /usr/bin/python3 ] && [ ! -f /usr/bin/python ]; then + ln --symbolic /usr/bin/python3 /usr/bin/python; + fi + become: true + +- name: Check and set python version on PKG server + hosts: pkg + remote_user: '{{ gouser }}' + gather_facts: false + tasks: + - name: symlink /usr/bin/python -> /usr/bin/python3 + raw: | + if [ -f /usr/bin/python3 ] && [ ! -f /usr/bin/python ]; then + ln --symbolic /usr/bin/python3 /usr/bin/python; + fi + become: true + +- hosts: apt + vars: + ############################################################### + ##################### Golang Vars ############################# + ############################################################### + # Go language SDK version number + golang_version: '1.13' + go_version_target: "go version go{{ golang_version }} linux/amd64" + # Mirror to download the Go language SDK redistributable package from + golang_mirror: 'https://storage.googleapis.com/golang' + # Base installation directory the Go language SDK distribution + golang_install_dir: '/usr/local/go' + # Directory to store files downloaded for Go language SDK installation + golang_download_dir: "{{ x_ansible_download_dir | default(ansible_env.HOME + '/.ansible/tmp/downloads') }}" + # Location for GOPATH environment variable + golang_gopath: "/home/{{ gouser }}/go" + # Filename of Go language SDK redistributable package + golang_redis_filename: 'go{{ golang_version }}.linux-amd64.tar.gz' + + ############################################################### + # CGRateS vars + cgrates_dir: "{{ golang_gopath }}/src/github.com/cgrates/cgrates" + cgrates_branch: "master" + cgrates_distribution: "nightly" + ############################################################### + ######################## GPG Vars ############################# + ############################################################### + gpg_home: "/root" + gpg_realname: "CGRateS" + gpg_useremail: "cgrates@itsyscom.com" + gpg_pubkeyfileexport: "apt.cgrates.org.gpg.key" + + gpg_keylength: 2048 + gpg_subkeylength: 2048 + gpg_expire: 360 + + rootUser : root + + customPath: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin:{{ ansible_env.PATH }}" + + dependencies: + - build-essential + - git + - devscripts + - apt-transport-https + - ca-certificates + - gnupg2 + - software-properties-common + - nginx + + remote_user: '{{ gouser }}' + tasks: + - name: set cgrates cgrates_distribution + set_fact: + cgrates_distribution: "{{ cgrates_distribution }}" +########################################################################################################################### +########################################################################################################################### +# install dependencies + - name: Install dependencies + become: yes + apt: name={{ dependencies }} state=present +########################################################################################################################### +########################################################################################################################### +# Prepare for configuration + - name: Check if NGINX needs to be configured + become: true + shell: "ls /etc/nginx/sites-enabled | grep 'apt.cgrates.org.vhost'" + ignore_errors: true + register: nginxConfig + + - name: Configure NGINX server + include: nginx.yaml + when: nginxConfig.stdout_lines|length < 1 + +########################################################################################################################### +########################################################################################################################### +# Install Golang + - name: install unarchive dependencies (zypper) + become: yes + zypper: + name: + - gzip + - tar + state: present + when: ansible_pkg_mgr == 'zypper' + + - name: Install golang + include: go.yaml + +########################################################################################################################### +########################################################################################################################### +# Install CGRateS + - name: create cgrates directory + become: yes + file: + state: directory + mode: 'u=rwx,go=rx' + owner: "{{ gouser }}" + group: "{{ gouser }}" + dest: '{{ cgrates_dir }}' + become_user: "{{ gouser }}" + + - name: git clone cgrates + git: + repo: https://github.com/cgrates/cgrates.git + dest: '{{ cgrates_dir }}' + update: yes + force: yes + version: "{{ cgrates_branch }}" + become: yes + become_user: "{{ gouser }}" + + - name: build cgrates + shell: "sh {{ cgrates_dir }}/build.sh" + environment: + PATH: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin:{{ ansible_env.PATH }}" + args: + chdir: '{{ cgrates_dir }}' + + - name: symbol link + become: yes + file: + src: "{{ cgrates_dir }}/data" + dest: "/usr/share/cgrates" + state: link + + - name: get git tag + shell: "git tag -l --points-at HEAD" + args: + chdir: '{{ cgrates_dir }}' + register: gitTagVar diff --git a/data/ansible/docker/nginx.conf b/data/ansible/docker/nginx.conf new file mode 100644 index 000000000..f2f8fcce5 --- /dev/null +++ b/data/ansible/docker/nginx.conf @@ -0,0 +1,66 @@ +events { + worker_connections 1024; +} + +http { + upstream docker-registry { + server registry:5000; + } + + ## Set a variable to help us decide if we need to add the + ## 'Docker-Distribution-Api-Version' header. + ## The registry always sets this header. + ## In the case of nginx performing auth, the header is unset + ## since nginx is auth-ing before proxying. + map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { + '' 'registry/2.0'; + } + + + server { + listen 443 ;#ssl; + server_name 127.0.0.1; + + # SSL + # ssl_certificate /etc/nginx/conf.d/domain.crt; + # ssl_certificate_key /etc/nginx/conf.d/domain.key; + + # # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html + # ssl_protocols TLSv1.1 TLSv1.2; + # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + # ssl_prefer_server_ciphers on; + # ssl_session_cache shared:SSL:10m; + + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) + chunked_transfer_encoding on; + + location /v2/ { + # Do not allow connections from docker 1.5 and earlier + # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents + if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { + return 404; + } + + # To add basic authentication to v2 use auth_basic setting. + limit_except GET HEAD OPTIONS { + deny all; + # auth_basic "Registry realm"; + # auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd; + } + + ## If $docker_distribution_api_version is empty, the header is not added. + ## See the map directive above where this variable is defined. + add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; + + proxy_pass http://docker-registry; + proxy_set_header Host $http_host; # required for docker client's sake + proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 900; + } + } +} \ No newline at end of file diff --git a/data/ansible/docker/nginx.conf.j2 b/data/ansible/docker/nginx.conf.j2 new file mode 100644 index 000000000..8f0b30be2 --- /dev/null +++ b/data/ansible/docker/nginx.conf.j2 @@ -0,0 +1,22 @@ +{{ ansible_managed | comment }} +server { + listen 80; + server_name apt.cgrates.org; + + access_log /var/log/nginx/packages-error.log; + error_log /var/log/nginx/packages-error.log; + + location / { + root /var/packages; + index index.html; + autoindex on; + } + + location ~ /(.*)/conf { + deny all; + } + + location ~ /(.*)/db { + deny all; + } +} \ No newline at end of file diff --git a/data/ansible/docker/nginx.yaml b/data/ansible/docker/nginx.yaml new file mode 100644 index 000000000..6279c5982 --- /dev/null +++ b/data/ansible/docker/nginx.yaml @@ -0,0 +1,19 @@ +--- +- name: Add apt.cgrates.vhost in nginx + become: true + template: + src: nginx.conf.j2 + dest: "/etc/nginx/sites-available/apt.cgrates.org.vhost" + mode: '0600' + owner: "{{ rootUser }}" + +- name: Create a symlink for apt.cgrates.org + become: true + file: + src: "/etc/nginx/sites-available/apt.cgrates.org.vhost" + dest: "/etc/nginx/sites-enabled/apt.cgrates.org.vhost" + state: link + +- name: Restart the nginx so the change take effects + become: true + shell: "/etc/init.d/nginx reload" \ No newline at end of file