Bootstrap minio

This commit is contained in:
Luke Murphy 2020-03-26 11:37:18 +01:00
commit a42aff635d
No known key found for this signature in database
GPG Key ID: 5E2EF5A63E3718CC
12 changed files with 175 additions and 0 deletions

2
.envrc.sample Normal file
View File

@ -0,0 +1,2 @@
# The path to our pass credentials store
export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store

5
CHECKS Normal file
View File

@ -0,0 +1,5 @@
WAIT=3
TIMEOUT=3
ATTEMPTS=5
/minio/health/ready

5
Dockerfile Normal file
View File

@ -0,0 +1,5 @@
FROM minio/minio:RELEASE.2020-03-25T07-03-04Z
EXPOSE 9000
COPY . ${WORKDIR}

43
README.md Normal file
View File

@ -0,0 +1,43 @@
# minio
> https://drone.io/
## Setup
### Pre-requisites
1. You have SSH access to dokku.autonomic.zone
1. You have sudo privilege escalation working
```
Host dokku.autonomic.zone
Hostname dokku.autonomic.zone
User <your-username>
Port 222
IdentityFile ~/.ssh/<your-ssh-key-private-file>
```
See the password-store under `autonomic-dokku` for your sudo password.
### Environment
1. Clone the [infrastructure repository](https://gitlab.com/autonomic-cooperative/infrastructure)
1. Copy the sample file: `cp .envrc.sample .envrc`
1. Ensure that the .envrc `PASSWORD_STORE_DIR` env var points to the `infrastructure/credentials/password-store`
### Python
You only need to do this if you're working with Ansible vault (encrypting/decrypting new secrets).
```bash
$ python3 -m venv .venv
$ source .venv/bin/activate
$ pip install -r requirements.txt
```
## Deploy
```bash
$ git remote add dokku dokku@dokku.autonomic.zone:minio
$ git push dokku
```

5
ansible/.vault.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -eu -o pipefail
echo $(pass show hosts/autonomic-dokku/vault/password)

46
ansible/post-deploy.yml Normal file
View File

@ -0,0 +1,46 @@
---
- hosts: all
gather_facts: false
tasks:
- name: Load variables
include_vars:
dir: "{{ dokku_lib_root }}/data/ansible/minio/vars/"
extensions:
- yml
- name: Set HTTP 80 port proxy
dokku_ports:
app: minio
mappings:
- "http:80:{{ http_port }}"
state: present
- name: Setup LE certificates
shell: dokku letsencrypt minio
args:
creates: /home/dokku/minio/letsencrypt/certs
- name: Setup LE certificates renew cron job
shell: dokku letsencrypt:cron-job --add
args:
creates: /home/dokku/minio/letsencrypt/cron-job
- name: Specify certificate docker volume mounts
dokku_storage:
app: keycloak
mounts:
- /home/dokku/minio/letsencrypt/certs:/root/.minio/certs
- name: Remove automatically configured ports
dokku_ports:
app: minio
mappings:
- "http:{{ http_port }}:{{ http_port }}"
state: absent
- name: Set HTTP 443 port
dokku_ports:
app: minio
mappings:
- "https:443:{{ http_port }}"
state: present

41
ansible/pre-deploy.yml Normal file
View File

@ -0,0 +1,41 @@
---
- hosts: all
gather_facts: false
tasks:
- name: Load variables
include_vars:
dir: "{{ dokku_lib_root }}/data/ansible/minio/vars/"
extensions:
- yml
- name: "Configure {{ domain }} domain"
dokku_domains:
app: minio
domains:
- "{{ domain }}"
state: present
- name: Create application directories
file:
path: "{{ item }}"
state: directory
owner: git
group: git
with_items:
- /var/lib/minio
become: true
- name: Specify docker volume mount
dokku_storage:
app: minio
mounts:
- /var/run/minio:/data
- name: Configure the app environment
dokku_config:
app: minio
restart: false
config:
DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}"
MINIO_ACCESS_KEY: "{{ minio_access_key }}"
MINIO_SECRET_KEY: "{{ minio_secret_key }}"

3
ansible/requirements.yml Normal file
View File

@ -0,0 +1,3 @@
---
- src: dokku_bot.ansible_dokku
version: v2020.3.15

4
ansible/vars/all.yml Normal file
View File

@ -0,0 +1,4 @@
---
domain: "minio.autonomic.zone"
autonomic_admin_mail: "helo@autonomic.zone"
http_port: "9000"

5
app.json Normal file
View File

@ -0,0 +1,5 @@
{
"name": "minio",
"description": "High Performance, Kubernetes-Friendly Object Storage",
"repository": "https://git.autonomic.zone/autonomic-cooperative/minio"
}

1
requirements.txt Normal file
View File

@ -0,0 +1 @@
ansible==2.9.6

15
sbin/encrypt.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
set -eu -o pipefail
# Usage
# ./encrypt.sh mysecretname mysecretvalue
declare name="$1"
declare secret="$2"
ansible-vault \
encrypt_string \
--vault-password-file ansible/.vault.sh \
--name "$name" \
"$secret"