Bootstrap minio
This commit is contained in:
commit
a42aff635d
2
.envrc.sample
Normal file
2
.envrc.sample
Normal file
@ -0,0 +1,2 @@
|
||||
# The path to our pass credentials store
|
||||
export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store
|
5
Dockerfile
Normal file
5
Dockerfile
Normal file
@ -0,0 +1,5 @@
|
||||
FROM minio/minio:RELEASE.2020-03-25T07-03-04Z
|
||||
|
||||
EXPOSE 9000
|
||||
|
||||
COPY . ${WORKDIR}
|
43
README.md
Normal file
43
README.md
Normal file
@ -0,0 +1,43 @@
|
||||
# minio
|
||||
|
||||
> https://drone.io/
|
||||
|
||||
## Setup
|
||||
|
||||
### Pre-requisites
|
||||
|
||||
1. You have SSH access to dokku.autonomic.zone
|
||||
1. You have sudo privilege escalation working
|
||||
|
||||
```
|
||||
Host dokku.autonomic.zone
|
||||
Hostname dokku.autonomic.zone
|
||||
User <your-username>
|
||||
Port 222
|
||||
IdentityFile ~/.ssh/<your-ssh-key-private-file>
|
||||
```
|
||||
|
||||
See the password-store under `autonomic-dokku` for your sudo password.
|
||||
|
||||
### Environment
|
||||
|
||||
1. Clone the [infrastructure repository](https://gitlab.com/autonomic-cooperative/infrastructure)
|
||||
1. Copy the sample file: `cp .envrc.sample .envrc`
|
||||
1. Ensure that the .envrc `PASSWORD_STORE_DIR` env var points to the `infrastructure/credentials/password-store`
|
||||
|
||||
### Python
|
||||
|
||||
You only need to do this if you're working with Ansible vault (encrypting/decrypting new secrets).
|
||||
|
||||
```bash
|
||||
$ python3 -m venv .venv
|
||||
$ source .venv/bin/activate
|
||||
$ pip install -r requirements.txt
|
||||
```
|
||||
|
||||
## Deploy
|
||||
|
||||
```bash
|
||||
$ git remote add dokku dokku@dokku.autonomic.zone:minio
|
||||
$ git push dokku
|
||||
```
|
5
ansible/.vault.sh
Executable file
5
ansible/.vault.sh
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
echo $(pass show hosts/autonomic-dokku/vault/password)
|
46
ansible/post-deploy.yml
Normal file
46
ansible/post-deploy.yml
Normal file
@ -0,0 +1,46 @@
|
||||
---
|
||||
- hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Load variables
|
||||
include_vars:
|
||||
dir: "{{ dokku_lib_root }}/data/ansible/minio/vars/"
|
||||
extensions:
|
||||
- yml
|
||||
|
||||
- name: Set HTTP 80 port proxy
|
||||
dokku_ports:
|
||||
app: minio
|
||||
mappings:
|
||||
- "http:80:{{ http_port }}"
|
||||
state: present
|
||||
|
||||
- name: Setup LE certificates
|
||||
shell: dokku letsencrypt minio
|
||||
args:
|
||||
creates: /home/dokku/minio/letsencrypt/certs
|
||||
|
||||
- name: Setup LE certificates renew cron job
|
||||
shell: dokku letsencrypt:cron-job --add
|
||||
args:
|
||||
creates: /home/dokku/minio/letsencrypt/cron-job
|
||||
|
||||
- name: Specify certificate docker volume mounts
|
||||
dokku_storage:
|
||||
app: keycloak
|
||||
mounts:
|
||||
- /home/dokku/minio/letsencrypt/certs:/root/.minio/certs
|
||||
|
||||
- name: Remove automatically configured ports
|
||||
dokku_ports:
|
||||
app: minio
|
||||
mappings:
|
||||
- "http:{{ http_port }}:{{ http_port }}"
|
||||
state: absent
|
||||
|
||||
- name: Set HTTP 443 port
|
||||
dokku_ports:
|
||||
app: minio
|
||||
mappings:
|
||||
- "https:443:{{ http_port }}"
|
||||
state: present
|
41
ansible/pre-deploy.yml
Normal file
41
ansible/pre-deploy.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
- hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Load variables
|
||||
include_vars:
|
||||
dir: "{{ dokku_lib_root }}/data/ansible/minio/vars/"
|
||||
extensions:
|
||||
- yml
|
||||
|
||||
- name: "Configure {{ domain }} domain"
|
||||
dokku_domains:
|
||||
app: minio
|
||||
domains:
|
||||
- "{{ domain }}"
|
||||
state: present
|
||||
|
||||
- name: Create application directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: git
|
||||
group: git
|
||||
with_items:
|
||||
- /var/lib/minio
|
||||
become: true
|
||||
|
||||
- name: Specify docker volume mount
|
||||
dokku_storage:
|
||||
app: minio
|
||||
mounts:
|
||||
- /var/run/minio:/data
|
||||
|
||||
- name: Configure the app environment
|
||||
dokku_config:
|
||||
app: minio
|
||||
restart: false
|
||||
config:
|
||||
DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}"
|
||||
MINIO_ACCESS_KEY: "{{ minio_access_key }}"
|
||||
MINIO_SECRET_KEY: "{{ minio_secret_key }}"
|
3
ansible/requirements.yml
Normal file
3
ansible/requirements.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
- src: dokku_bot.ansible_dokku
|
||||
version: v2020.3.15
|
4
ansible/vars/all.yml
Normal file
4
ansible/vars/all.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
domain: "minio.autonomic.zone"
|
||||
autonomic_admin_mail: "helo@autonomic.zone"
|
||||
http_port: "9000"
|
5
app.json
Normal file
5
app.json
Normal file
@ -0,0 +1,5 @@
|
||||
{
|
||||
"name": "minio",
|
||||
"description": "High Performance, Kubernetes-Friendly Object Storage",
|
||||
"repository": "https://git.autonomic.zone/autonomic-cooperative/minio"
|
||||
}
|
1
requirements.txt
Normal file
1
requirements.txt
Normal file
@ -0,0 +1 @@
|
||||
ansible==2.9.6
|
15
sbin/encrypt.sh
Executable file
15
sbin/encrypt.sh
Executable file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
# Usage
|
||||
# ./encrypt.sh mysecretname mysecretvalue
|
||||
|
||||
declare name="$1"
|
||||
declare secret="$2"
|
||||
|
||||
ansible-vault \
|
||||
encrypt_string \
|
||||
--vault-password-file ansible/.vault.sh \
|
||||
--name "$name" \
|
||||
"$secret"
|
Reference in New Issue
Block a user