autonomic-cooperative/id.autonomic.zone
Archived
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Bootstrap new approach

Browse Source
This commit is contained in:
Luke Murphy 2020-03-22 15:40:59 +01:00
parent a51613fe77
commit 1c59412d34
No known key found for this signature in database
GPG Key ID: 5E2EF5A63E3718CC
13 changed files with 181 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.envrc.sample Normal file
View File

@ -0,0 +1,2 @@
# The path to our pass credentials store
export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store

5
ansible/.vault.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -eu -o pipefail
echo $(pass show hosts/autonomic-dokku/vault/password)

23
ansible/post-delete.yml Normal file
View File

@ -0,0 +1,23 @@
---
- hosts: all
gather_facts: false
tasks:
- name: Load variables
include_vars:
dir: "{{ dokku_lib_root }}/data/ansible/keycloak/vars/"
extensions:
- yml
- name: Remove mariadb database
shell: "dokku mariadb:destroy keycloak --force"
args:
removes: /var/lib/dokku/services/mariadb/keycloak
become: true
- name: Remove volume mount configuration directories
file:
path: "{{ item }}"
state: absent
with_items:
- /var/lib/dokku/services/mariadb/keycloak
become: true

56
ansible/post-deploy.yml Normal file
View File

@ -0,0 +1,56 @@
---
- hosts: all
gather_facts: false
tasks:
- name: Load variables
include_vars:
dir: "{{ dokku_lib_root }}/data/ansible/keycloak/vars/"
extensions:
- yml
- name: Set HTTP 80 port proxy
dokku_ports:
app: keycloak
mappings:
- "http:80:8080"
state: present
- name: Setup LE certificates
shell: dokku letsencrypt keycloak
args:
creates: /home/dokku/keycloak/letsencrypt/certs
- name: Setup LE certificates renew cron job
shell: dokku letsencrypt:cron-job --add
args:
creates: /home/dokku/keycloak/letsencrypt/cron-job
- name: Create volume mount configuration directories
file:
path: "{{ item }}"
state: directory
owner: dokku
group: dokku
with_items:
- "/home/dokku/keycloak/letsencrypt/certs/current/key.pem:/etc/x509/https/tls.key"
- "/home/dokku/keycloak/letsencrypt/certs/current/cert.pem:/etc/x509/https/tls.crt"
become: true
register: volume_mounts
- name: Rebuild the application to mount new volumes
shell: dokku ps:rebuild keycloak
when: volume_mounts.changed
- name: Remove automatically configured ports
dokku_ports:
app: keycloak
mappings:
- "http:8080:8080"
state: absent
- name: Set HTTP 443 port
dokku_ports:
app: keycloak
mappings:
- "https:443:8080"
state: present

41
ansible/pre-deploy.yml Normal file
View File

@ -0,0 +1,41 @@
---
- hosts: all
gather_facts: false
tasks:
- name: Load variables
include_vars:
dir: "{{ dokku_lib_root }}/data/ansible/keycloak/vars/"
extensions:
- yml
- name: Configure id.autonomic.zone domain
dokku_domains:
app: keycloak
domains:
- id.autonomic.zone
state: present
- name: Create mariadb database
shell: "dokku mariadb:create keycloak --password {{ db_passwd }} --root-password {{ root_db_passwd }}"
args:
creates: /var/lib/dokku/services/mariadb/keycloak
- name: Specify mariadb docker volume mounts
dokku_storage:
app: keycloak
mounts:
- /var/lib/dokku/services/mariadb/keycloak:/var/lib/mysql
- name: Configure the dokku app environment
dokku_config:
app: keycloak
restart: false
config:
DB_VENDOR: "mariadb"
DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}"
KEYCLOAK_PASSWORD: "{{ autonomic_admin_pass }}"
KEYCLOAK_USER: "{{ autonomic_admin_user }}"
MYSQL_DATABASE: "keycloak"
MYSQL_PASSWORD: "{{ db_passwd }}"
MYSQL_USER: "mariadb" # https://github.com/dokku/dokku-mariadb/issues/89
MYSQL_ROOT_PASSWORD: "{{ root_db_passwd }}"

3
ansible/requirements.yml Normal file
View File

@ -0,0 +1,3 @@
---
- src: dokku_bot.ansible_dokku
version: v2020.3.15

3
ansible/vars/all.yml Normal file
View File

@ -0,0 +1,3 @@
---
autonomic_admin_mail: helo@autonomic.zone
autonomic_admin_user: autonomic

8
ansible/vars/ansible_become_pass.yml Normal file
View File

@ -0,0 +1,8 @@
---
ansible_become_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
34396236353735666531323238656533643465303131663464613162396333313836363630666266
6539323631656635333864316166633064633366323936610a656137616334313534333635313232
35323561303763366563316631313638363333393763323935343563303963616334336639386462
3837383830616637360a373539613630356564363662393836366462666430353439353637303035
63396633303166343433313439303539313637306637663137313533316531616434

8
ansible/vars/autonomic_admin_pass.yml Normal file
View File

@ -0,0 +1,8 @@
autonomic_admin_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
35303431663632323539653636353862383432626466376263666238346263663839396638333162
3661306338336635653936386335646665623332376330370a363039323662616432366132316135
32343839356631383832366638326661323661623033343338306336313639376664373931313364
3732653332646462630a366563633737303934656561343461633630613666306634646433373465
35373966653563303664336231643134653866653135363537383230383262353634356165613631
3136333437386635656234386432316466386566626238333161

8
ansible/vars/db_passwd.yml Normal file
View File

@ -0,0 +1,8 @@
db_passwd: !vault |
$ANSIBLE_VAULT;1.1;AES256
65626261633661356263353564376431633962663461353261316534306635376137393164393036
3163373239316364646165656666626462616434346365640a313832663133636132376330623132
30313534333135386336373566376634326339303233653336383665346463333037643265663537
3135333366313433340a643565653265363531633561306163303938323731393133326165336639
37396330363062326465386163373733653165623961626537336139633663326630666462386262
3463376239386531313534653834326637386635643961306436

8
ansible/vars/root_db_passwd.yml Normal file
View File

@ -0,0 +1,8 @@
root_db_passwd: !vault |
$ANSIBLE_VAULT;1.1;AES256
66626439333936646661366235393638343639393730633435643166666331376432616632343330
3564313661336331356661343465666462376430366234650a616561333233633631333135333865
64343963346537353534663134306466336531383037636132646662626163313061333435646661
3335623563616438650a366666323631383039656632333862383836313739383361333864633962
35303435396237346230393431363030666536646361643566636534613063376532626434653731
6334346166646231666165623462666638646236613133656330

1
requirements.txt Normal file
View File

@ -0,0 +1 @@
ansible==2.9.6

15
sbin/encrypt.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
set -eu -o pipefail
# Usage
# ./encrypt.sh mysecretname mysecretvalue
declare name="$1"
declare secret="$2"
ansible-vault \
encrypt_string \
--vault-password-file ansible/.vault.sh \
--name "$name" \
"$secret"