Bootstrap minio

2020-03-26 11:37:18 +01:00 · 2020-03-26 11:37:18 +01:00 · a42aff635d
commit a42aff635d
12 changed files with 175 additions and 0 deletions
--- a/.envrc.sample
+++ b/.envrc.sample
@ -0,0 +1,2 @@
+# The path to our pass credentials store
+export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+WAIT=3
+TIMEOUT=3
+ATTEMPTS=5
+
+/minio/health/ready
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+FROM minio/minio:RELEASE.2020-03-25T07-03-04Z
+
+EXPOSE 9000
+
+COPY . ${WORKDIR}
--- a/README.md
+++ b/README.md
@ -0,0 +1,43 @@
+# minio
+
+> https://drone.io/
+
+## Setup
+
+### Pre-requisites
+
+1. You have SSH access to dokku.autonomic.zone
+1. You have sudo privilege escalation working
+
+```
+Host dokku.autonomic.zone
+  Hostname dokku.autonomic.zone
+  User <your-username>
+  Port 222
+  IdentityFile ~/.ssh/<your-ssh-key-private-file>
+```
+
+See the password-store under `autonomic-dokku` for your sudo password.
+
+### Environment
+
+1. Clone the [infrastructure repository](https://gitlab.com/autonomic-cooperative/infrastructure)
+1. Copy the sample file: `cp .envrc.sample .envrc`
+1. Ensure that the .envrc `PASSWORD_STORE_DIR` env var points to the `infrastructure/credentials/password-store`
+
+### Python
+
+You only need to do this if you're working with Ansible vault (encrypting/decrypting new secrets).
+
+```bash
+$ python3 -m venv .venv
+$ source .venv/bin/activate
+$ pip install -r requirements.txt
+```
+
+## Deploy
+
+```bash
+$ git remote add dokku dokku@dokku.autonomic.zone:minio
+$ git push dokku
+```
--- a/ansible/.vault.sh
+++ b/ansible/.vault.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+echo $(pass show hosts/autonomic-dokku/vault/password)
--- a/ansible/post-deploy.yml
+++ b/ansible/post-deploy.yml
@ -0,0 +1,46 @@
+---
+- hosts: all
+  gather_facts: false
+  tasks:
+    - name: Load variables
+      include_vars:
+        dir: "{{ dokku_lib_root }}/data/ansible/minio/vars/"
+        extensions:
+          - yml
+
+    - name: Set HTTP 80 port proxy
+      dokku_ports:
+        app: minio
+        mappings:
+          - "http:80:{{ http_port }}"
+        state: present
+
+    - name: Setup LE certificates
+      shell: dokku letsencrypt minio
+      args:
+        creates: /home/dokku/minio/letsencrypt/certs
+
+    - name: Setup LE certificates renew cron job
+      shell: dokku letsencrypt:cron-job --add
+      args:
+        creates: /home/dokku/minio/letsencrypt/cron-job
+
+    - name: Specify certificate docker volume mounts
+      dokku_storage:
+        app: keycloak
+        mounts:
+          - /home/dokku/minio/letsencrypt/certs:/root/.minio/certs
+
+    - name: Remove automatically configured ports
+      dokku_ports:
+        app: minio
+        mappings:
+          - "http:{{ http_port }}:{{ http_port }}"
+        state: absent
+
+    - name: Set HTTP 443 port
+      dokku_ports:
+        app: minio
+        mappings:
+          - "https:443:{{ http_port }}"
+        state: present
--- a/ansible/pre-deploy.yml
+++ b/ansible/pre-deploy.yml
@ -0,0 +1,41 @@
+---
+- hosts: all
+  gather_facts: false
+  tasks:
+    - name: Load variables
+      include_vars:
+        dir: "{{ dokku_lib_root }}/data/ansible/minio/vars/"
+        extensions:
+          - yml
+
+    - name: "Configure {{ domain }} domain"
+      dokku_domains:
+        app: minio
+        domains:
+          - "{{ domain }}"
+        state: present
+
+    - name: Create application directories
+      file:
+        path: "{{ item }}"
+        state: directory
+        owner: git
+        group: git
+      with_items:
+        - /var/lib/minio
+      become: true
+
+    - name: Specify docker volume mount
+      dokku_storage:
+        app: minio
+        mounts:
+          - /var/run/minio:/data
+
+    - name: Configure the app environment
+      dokku_config:
+        app: minio
+        restart: false
+        config:
+          DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}"
+          MINIO_ACCESS_KEY: "{{ minio_access_key }}"
+          MINIO_SECRET_KEY: "{{ minio_secret_key }}"
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -0,0 +1,3 @@
+---
+- src: dokku_bot.ansible_dokku
+  version: v2020.3.15
--- a/ansible/vars/all.yml
+++ b/ansible/vars/all.yml
@ -0,0 +1,4 @@
+---
+domain: "minio.autonomic.zone"
+autonomic_admin_mail: "helo@autonomic.zone"
+http_port: "9000"
--- a/app.json
+++ b/app.json
@ -0,0 +1,5 @@
+{
+  "name": "minio",
+  "description": "High Performance, Kubernetes-Friendly Object Storage",
+  "repository": "https://git.autonomic.zone/autonomic-cooperative/minio"
+}
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1 @@
+ansible==2.9.6
--- a/sbin/encrypt.sh
+++ b/sbin/encrypt.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+# Usage
+# ./encrypt.sh mysecretname mysecretvalue
+
+declare name="$1"
+declare secret="$2"
+
+ansible-vault \
+  encrypt_string \
+  --vault-password-file ansible/.vault.sh \
+  --name "$name" \
+  "$secret"