From 7541860728734a4907ce54e3bbf3706664477c19 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Tue, 7 Apr 2020 10:26:17 +0200 Subject: [PATCH 01/15] Migrate to experimental new v2 format --- ansible/.vault.sh | 5 -- ansible/post-deploy.yml | 40 -------------- ansible/pre-deploy.yml | 55 ------------------- ansible/requirements.yml | 6 -- ansible/vars/all.yml | 5 -- deploy.d/config.yml | 18 ++++++ .../vault}/ansible_become_pass.yml | 0 .../vault}/autonomic_admin_pass.yml | 0 .../vars => deploy.d/vault}/db_passwd.yml | 0 .../vault}/root_db_passwd.yml | 0 requirements.txt | 1 - 11 files changed, 18 insertions(+), 112 deletions(-) delete mode 100755 ansible/.vault.sh delete mode 100644 ansible/post-deploy.yml delete mode 100644 ansible/pre-deploy.yml delete mode 100644 ansible/requirements.yml delete mode 100644 ansible/vars/all.yml create mode 100644 deploy.d/config.yml rename {ansible/vars => deploy.d/vault}/ansible_become_pass.yml (100%) rename {ansible/vars => deploy.d/vault}/autonomic_admin_pass.yml (100%) rename {ansible/vars => deploy.d/vault}/db_passwd.yml (100%) rename {ansible/vars => deploy.d/vault}/root_db_passwd.yml (100%) delete mode 100644 requirements.txt diff --git a/ansible/.vault.sh b/ansible/.vault.sh deleted file mode 100755 index 8f30d37..0000000 --- a/ansible/.vault.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -eu -o pipefail - -echo $(pass show hosts/autonomic-dokku/vault/password) diff --git a/ansible/post-deploy.yml b/ansible/post-deploy.yml deleted file mode 100644 index 667acca..0000000 --- a/ansible/post-deploy.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- hosts: all - gather_facts: false - tasks: - - name: Load variables - include_vars: - dir: "{{ dokku_lib_root }}/data/ansible/keycloak/vars/" - extensions: - - yml - - - name: Set HTTP 80 port proxy - dokku_ports: - app: keycloak - mappings: - - "http:80:{{ http_port }}" - state: present - - - name: Setup LE certificates - shell: dokku letsencrypt keycloak - args: - creates: /home/dokku/keycloak/letsencrypt/certs - - - name: Setup LE certificates renew cron job - shell: dokku letsencrypt:cron-job --add - args: - creates: /home/dokku/keycloak/letsencrypt/cron-job - - - name: Remove automatically configured ports - dokku_ports: - app: keycloak - mappings: - - "http:{{ http_port }}:{{ http_port }}" - state: absent - - - name: Set HTTP 443 port - dokku_ports: - app: keycloak - mappings: - - "https:443:{{ http_port }}" - state: present diff --git a/ansible/pre-deploy.yml b/ansible/pre-deploy.yml deleted file mode 100644 index 864a798..0000000 --- a/ansible/pre-deploy.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- hosts: all - gather_facts: false - tasks: - - name: Load variables - include_vars: - dir: "{{ dokku_lib_root }}/data/ansible/keycloak/vars/" - extensions: - - yml - - - name: Configure id.autonomic.zone domain - dokku_domains: - app: keycloak - domains: - - id.autonomic.zone - state: present - - - name: Create mariadb database - no_log: true - shell: " - dokku - mariadb:create - keycloak - --password {{ db_passwd }} - --root-password {{ root_db_passwd }} - " - args: - creates: /var/lib/dokku/services/mariadb/keycloak - - - name: Link mariadb database to application - dokku_service_link: - app: keycloak - name: keycloak - service: mariadb - - - name: Specify mariadb docker volume mounts - dokku_storage: - app: keycloak - mounts: - - /var/lib/dokku/services/mariadb/keycloak:/var/lib/mysql - - - name: Configure the dokku app environment - dokku_config: - app: keycloak - restart: false - config: - DB_ADDR: "dokku-mariadb-keycloak:3306" - DB_DATABASE: "keycloak" - DB_PASSWORD: "{{ db_passwd }}" - DB_USER: "mariadb" # https://github.com/dokku/dokku-mariadb/issues/89 - DB_VENDOR: "mariadb" - DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}" - KEYCLOAK_PASSWORD: "{{ autonomic_admin_pass }}" - KEYCLOAK_USER: "{{ autonomic_admin_user }}" - PROXY_ADDRESS_FORWARDING: "{{ proxy_address_forwarding }}" diff --git a/ansible/requirements.yml b/ansible/requirements.yml deleted file mode 100644 index 2ff94b9..0000000 --- a/ansible/requirements.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- src: dokku_bot.ansible_dokku - version: v2020.3.24 - -- src: https://git.autonomic.zone/autonomic-cooperative/autonomic.gandi/archive/0.0.3.tar.gz - name: autonomic.gandi diff --git a/ansible/vars/all.yml b/ansible/vars/all.yml deleted file mode 100644 index e49685b..0000000 --- a/ansible/vars/all.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -autonomic_admin_mail: helo@autonomic.zone -autonomic_admin_user: autonomic -http_port: "8080" -proxy_address_forwarding: "true" diff --git a/deploy.d/config.yml b/deploy.d/config.yml new file mode 100644 index 0000000..67e1630 --- /dev/null +++ b/deploy.d/config.yml @@ -0,0 +1,18 @@ +--- +environment: + DB_ADDR: "{{ dokku_db_addr }}" + DB_DATABASE: "keycloak" + DB_PASSWORD: "{{ db_passwd }}" + DB_USER: "{{ dokku_db_user }}" + DB_VENDOR: "mariadb" + KEYCLOAK_PASSWORD: "helo@autonomic.zone" + KEYCLOAK_USER: "autonomic" + PROXY_ADDRESS_FORWARDING: "true" + +settings: + http_port: 8080 + domain: id.autonomic.zone + database: + type: mariadb + password: "{{ db_passwd }}" + root_password: "{{ root_db_passwd }}" diff --git a/ansible/vars/ansible_become_pass.yml b/deploy.d/vault/ansible_become_pass.yml similarity index 100% rename from ansible/vars/ansible_become_pass.yml rename to deploy.d/vault/ansible_become_pass.yml diff --git a/ansible/vars/autonomic_admin_pass.yml b/deploy.d/vault/autonomic_admin_pass.yml similarity index 100% rename from ansible/vars/autonomic_admin_pass.yml rename to deploy.d/vault/autonomic_admin_pass.yml diff --git a/ansible/vars/db_passwd.yml b/deploy.d/vault/db_passwd.yml similarity index 100% rename from ansible/vars/db_passwd.yml rename to deploy.d/vault/db_passwd.yml diff --git a/ansible/vars/root_db_passwd.yml b/deploy.d/vault/root_db_passwd.yml similarity index 100% rename from ansible/vars/root_db_passwd.yml rename to deploy.d/vault/root_db_passwd.yml diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 130e91f..0000000 --- a/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -ansible==2.9.6 From 449fa027f474e4e9de371d2229fa763e56c15934 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Wed, 8 Apr 2020 12:37:27 +0200 Subject: [PATCH 02/15] Fool around with simpler format --- deploy.d/config.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index 67e1630..6ee6e6b 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -1,4 +1,12 @@ --- +http_port: 8080 +domain: id.autonomic.zone + +database: + type: mariadb + password: "{{ db_passwd }}" + root_password: "{{ root_db_passwd }}" + environment: DB_ADDR: "{{ dokku_db_addr }}" DB_DATABASE: "keycloak" @@ -8,11 +16,3 @@ environment: KEYCLOAK_PASSWORD: "helo@autonomic.zone" KEYCLOAK_USER: "autonomic" PROXY_ADDRESS_FORWARDING: "true" - -settings: - http_port: 8080 - domain: id.autonomic.zone - database: - type: mariadb - password: "{{ db_passwd }}" - root_password: "{{ root_db_passwd }}" From da07298a56f7fa196eb02d93dc2b5bfeb243b3cc Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Sat, 11 Apr 2020 17:23:18 +0200 Subject: [PATCH 03/15] Don't copy anything since we don't run checks --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6da72d0..9c89e05 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,3 @@ FROM jboss/keycloak:9.0.2 EXPOSE 8080 - -COPY . ${WORKDIR} From 9a8397f0f4283b3956bc05a23abf4c3e2740b32d Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 11:08:18 +0200 Subject: [PATCH 04/15] Use non-conflicting keys --- deploy.d/config.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index 6ee6e6b..6f4a152 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -1,13 +1,14 @@ --- -http_port: 8080 +port: 8080 + domain: id.autonomic.zone -database: +db: type: mariadb password: "{{ db_passwd }}" root_password: "{{ root_db_passwd }}" -environment: +env: DB_ADDR: "{{ dokku_db_addr }}" DB_DATABASE: "keycloak" DB_PASSWORD: "{{ db_passwd }}" From bd0f410957969aa8e681d40996690d506e1c020d Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 14:27:16 +0200 Subject: [PATCH 05/15] Just take the domain dokku gives us --- deploy.d/config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index 6f4a152..e433a85 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -1,8 +1,6 @@ --- port: 8080 -domain: id.autonomic.zone - db: type: mariadb password: "{{ db_passwd }}" From 24b0e7d06d9585b07ec420645ad77bc8002bbb18 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 14:34:27 +0200 Subject: [PATCH 06/15] Break up config (implementation details...) --- deploy.d/app.yml | 2 ++ deploy.d/config.yml | 17 ----------------- deploy.d/db.yml | 4 ++++ deploy.d/env.yml | 9 +++++++++ 4 files changed, 15 insertions(+), 17 deletions(-) create mode 100644 deploy.d/app.yml delete mode 100644 deploy.d/config.yml create mode 100644 deploy.d/db.yml create mode 100644 deploy.d/env.yml diff --git a/deploy.d/app.yml b/deploy.d/app.yml new file mode 100644 index 0000000..11dc6cd --- /dev/null +++ b/deploy.d/app.yml @@ -0,0 +1,2 @@ +--- +port: 8080 diff --git a/deploy.d/config.yml b/deploy.d/config.yml deleted file mode 100644 index e433a85..0000000 --- a/deploy.d/config.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -port: 8080 - -db: - type: mariadb - password: "{{ db_passwd }}" - root_password: "{{ root_db_passwd }}" - -env: - DB_ADDR: "{{ dokku_db_addr }}" - DB_DATABASE: "keycloak" - DB_PASSWORD: "{{ db_passwd }}" - DB_USER: "{{ dokku_db_user }}" - DB_VENDOR: "mariadb" - KEYCLOAK_PASSWORD: "helo@autonomic.zone" - KEYCLOAK_USER: "autonomic" - PROXY_ADDRESS_FORWARDING: "true" diff --git a/deploy.d/db.yml b/deploy.d/db.yml new file mode 100644 index 0000000..95bac74 --- /dev/null +++ b/deploy.d/db.yml @@ -0,0 +1,4 @@ +--- +mariadb: + password: "{{ db_passwd }}" + root_password: "{{ root_db_passwd }}" diff --git a/deploy.d/env.yml b/deploy.d/env.yml new file mode 100644 index 0000000..d8d22a0 --- /dev/null +++ b/deploy.d/env.yml @@ -0,0 +1,9 @@ +--- +DB_ADDR: "{{ dokku_db_addr }}" +DB_DATABASE: "keycloak" +DB_PASSWORD: "{{ db_passwd }}" +DB_USER: "{{ dokku_db_user }}" +DB_VENDOR: "mariadb" +KEYCLOAK_PASSWORD: "helo@autonomic.zone" +KEYCLOAK_USER: "autonomic" +PROXY_ADDRESS_FORWARDING: "true" From e47e7670a9b7d23389463808b58b52b7c1a2c76e Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 15:02:01 +0200 Subject: [PATCH 07/15] Revert to single file config --- deploy.d/app.yml | 2 -- deploy.d/config.yml | 18 ++++++++++++++++++ deploy.d/db.yml | 4 ---- deploy.d/env.yml | 9 --------- 4 files changed, 18 insertions(+), 15 deletions(-) delete mode 100644 deploy.d/app.yml create mode 100644 deploy.d/config.yml delete mode 100644 deploy.d/db.yml delete mode 100644 deploy.d/env.yml diff --git a/deploy.d/app.yml b/deploy.d/app.yml deleted file mode 100644 index 11dc6cd..0000000 --- a/deploy.d/app.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -port: 8080 diff --git a/deploy.d/config.yml b/deploy.d/config.yml new file mode 100644 index 0000000..1eceb46 --- /dev/null +++ b/deploy.d/config.yml @@ -0,0 +1,18 @@ +--- +port: 8080 + +db: + - type: "mariadb" + password: "{{ db_passwd }}" + root_password: "{{ root_db_passwd }}" + +env: + DB_ADDR: "{{ dokku_db_addr }}" + DB_DATABASE: "keycloak" + DB_PASSWORD: "{{ db_passwd }}" + DB_USER: "{{ dokku_db_user }}" + DB_VENDOR: "mariadb" + DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone" + KEYCLOAK_PASSWORD: "helo@autonomic.zone" + KEYCLOAK_USER: "autonomic" + PROXY_ADDRESS_FORWARDING: "true" diff --git a/deploy.d/db.yml b/deploy.d/db.yml deleted file mode 100644 index 95bac74..0000000 --- a/deploy.d/db.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -mariadb: - password: "{{ db_passwd }}" - root_password: "{{ root_db_passwd }}" diff --git a/deploy.d/env.yml b/deploy.d/env.yml deleted file mode 100644 index d8d22a0..0000000 --- a/deploy.d/env.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -DB_ADDR: "{{ dokku_db_addr }}" -DB_DATABASE: "keycloak" -DB_PASSWORD: "{{ db_passwd }}" -DB_USER: "{{ dokku_db_user }}" -DB_VENDOR: "mariadb" -KEYCLOAK_PASSWORD: "helo@autonomic.zone" -KEYCLOAK_USER: "autonomic" -PROXY_ADDRESS_FORWARDING: "true" From 2791788c95f9ae9f66bba079e0ccc07baa37ca81 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 15:09:59 +0200 Subject: [PATCH 08/15] Pretend there is only one database ever --- deploy.d/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index 1eceb46..b61e9f6 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -2,9 +2,9 @@ port: 8080 db: - - type: "mariadb" - password: "{{ db_passwd }}" - root_password: "{{ root_db_passwd }}" + type: "mariadb" + password: "{{ db_passwd }}" + root_password: "{{ root_db_passwd }}" env: DB_ADDR: "{{ dokku_db_addr }}" From fd76881c64203ec0375ae512bfc3b17cacc2b5a2 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 15:16:24 +0200 Subject: [PATCH 09/15] Specify type inside magic variable --- deploy.d/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index b61e9f6..e7a6614 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -7,10 +7,10 @@ db: root_password: "{{ root_db_passwd }}" env: - DB_ADDR: "{{ dokku_db_addr }}" + DB_ADDR: "{{ dokku_mariadb_db_addr }}" DB_DATABASE: "keycloak" DB_PASSWORD: "{{ db_passwd }}" - DB_USER: "{{ dokku_db_user }}" + DB_USER: "{{ dokku_mariadb_db_user }}" DB_VENDOR: "mariadb" DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone" KEYCLOAK_PASSWORD: "helo@autonomic.zone" From 8e4b4d2ccd2a4936fdeba054131d27a0a95446f3 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 15:24:35 +0200 Subject: [PATCH 10/15] Use right app name --- deploy.d/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index e7a6614..f69d5bb 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -8,7 +8,7 @@ db: env: DB_ADDR: "{{ dokku_mariadb_db_addr }}" - DB_DATABASE: "keycloak" + DB_DATABASE: "keycloak-v2" DB_PASSWORD: "{{ db_passwd }}" DB_USER: "{{ dokku_mariadb_db_user }}" DB_VENDOR: "mariadb" From 5bd4cd65f3a0f6d1c94e0254c3133d36f7006909 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 15:27:20 +0200 Subject: [PATCH 11/15] Fix name --- deploy.d/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index f69d5bb..e796b1d 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -8,7 +8,7 @@ db: env: DB_ADDR: "{{ dokku_mariadb_db_addr }}" - DB_DATABASE: "keycloak-v2" + DB_DATABASE: "keycloak_v2" DB_PASSWORD: "{{ db_passwd }}" DB_USER: "{{ dokku_mariadb_db_user }}" DB_VENDOR: "mariadb" From 74768c7e840b3ee6bab1c39d4120a007d030e150 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 15:57:48 +0200 Subject: [PATCH 12/15] Cater for multiple DBs --- deploy.d/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index e796b1d..b251643 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -2,9 +2,9 @@ port: 8080 db: - type: "mariadb" - password: "{{ db_passwd }}" - root_password: "{{ root_db_passwd }}" + - type: "mariadb" + passwd: "{{ db_passwd }}" + root_passwd: "{{ root_db_passwd }}" env: DB_ADDR: "{{ dokku_mariadb_db_addr }}" From 561e6e282331a67d489cf0e207c4398248f01194 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 16:00:10 +0200 Subject: [PATCH 13/15] Cancel https and rip out white space --- deploy.d/config.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index b251643..9221013 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -1,11 +1,10 @@ --- port: 8080 - +https: false db: - type: "mariadb" passwd: "{{ db_passwd }}" root_passwd: "{{ root_db_passwd }}" - env: DB_ADDR: "{{ dokku_mariadb_db_addr }}" DB_DATABASE: "keycloak_v2" From 4538eaf20aa7a63a66717b4a64cf2f6091034d6b Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 16:16:05 +0200 Subject: [PATCH 14/15] Quote the port --- deploy.d/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index 9221013..f85e53e 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -1,5 +1,5 @@ --- -port: 8080 +port: "8080" https: false db: - type: "mariadb" From 0052d5c1bae3f29d8d5582a447ac8d8f2dd3d1ff Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 13 Apr 2020 16:22:45 +0200 Subject: [PATCH 15/15] Use proper domain --- deploy.d/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.d/config.yml b/deploy.d/config.yml index f85e53e..c59b9ac 100644 --- a/deploy.d/config.yml +++ b/deploy.d/config.yml @@ -1,6 +1,6 @@ --- port: "8080" -https: false +domain: "id.autonomic.zone" db: - type: "mariadb" passwd: "{{ db_passwd }}"