Bootstrap minio
This commit is contained in:
commit
a42aff635d
2
.envrc.sample
Normal file
2
.envrc.sample
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# The path to our pass credentials store
|
||||||
|
export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store
|
5
Dockerfile
Normal file
5
Dockerfile
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
FROM minio/minio:RELEASE.2020-03-25T07-03-04Z
|
||||||
|
|
||||||
|
EXPOSE 9000
|
||||||
|
|
||||||
|
COPY . ${WORKDIR}
|
43
README.md
Normal file
43
README.md
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
# minio
|
||||||
|
|
||||||
|
> https://drone.io/
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
### Pre-requisites
|
||||||
|
|
||||||
|
1. You have SSH access to dokku.autonomic.zone
|
||||||
|
1. You have sudo privilege escalation working
|
||||||
|
|
||||||
|
```
|
||||||
|
Host dokku.autonomic.zone
|
||||||
|
Hostname dokku.autonomic.zone
|
||||||
|
User <your-username>
|
||||||
|
Port 222
|
||||||
|
IdentityFile ~/.ssh/<your-ssh-key-private-file>
|
||||||
|
```
|
||||||
|
|
||||||
|
See the password-store under `autonomic-dokku` for your sudo password.
|
||||||
|
|
||||||
|
### Environment
|
||||||
|
|
||||||
|
1. Clone the [infrastructure repository](https://gitlab.com/autonomic-cooperative/infrastructure)
|
||||||
|
1. Copy the sample file: `cp .envrc.sample .envrc`
|
||||||
|
1. Ensure that the .envrc `PASSWORD_STORE_DIR` env var points to the `infrastructure/credentials/password-store`
|
||||||
|
|
||||||
|
### Python
|
||||||
|
|
||||||
|
You only need to do this if you're working with Ansible vault (encrypting/decrypting new secrets).
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ python3 -m venv .venv
|
||||||
|
$ source .venv/bin/activate
|
||||||
|
$ pip install -r requirements.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
## Deploy
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ git remote add dokku dokku@dokku.autonomic.zone:minio
|
||||||
|
$ git push dokku
|
||||||
|
```
|
5
ansible/.vault.sh
Executable file
5
ansible/.vault.sh
Executable file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eu -o pipefail
|
||||||
|
|
||||||
|
echo $(pass show hosts/autonomic-dokku/vault/password)
|
46
ansible/post-deploy.yml
Normal file
46
ansible/post-deploy.yml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Load variables
|
||||||
|
include_vars:
|
||||||
|
dir: "{{ dokku_lib_root }}/data/ansible/minio/vars/"
|
||||||
|
extensions:
|
||||||
|
- yml
|
||||||
|
|
||||||
|
- name: Set HTTP 80 port proxy
|
||||||
|
dokku_ports:
|
||||||
|
app: minio
|
||||||
|
mappings:
|
||||||
|
- "http:80:{{ http_port }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Setup LE certificates
|
||||||
|
shell: dokku letsencrypt minio
|
||||||
|
args:
|
||||||
|
creates: /home/dokku/minio/letsencrypt/certs
|
||||||
|
|
||||||
|
- name: Setup LE certificates renew cron job
|
||||||
|
shell: dokku letsencrypt:cron-job --add
|
||||||
|
args:
|
||||||
|
creates: /home/dokku/minio/letsencrypt/cron-job
|
||||||
|
|
||||||
|
- name: Specify certificate docker volume mounts
|
||||||
|
dokku_storage:
|
||||||
|
app: keycloak
|
||||||
|
mounts:
|
||||||
|
- /home/dokku/minio/letsencrypt/certs:/root/.minio/certs
|
||||||
|
|
||||||
|
- name: Remove automatically configured ports
|
||||||
|
dokku_ports:
|
||||||
|
app: minio
|
||||||
|
mappings:
|
||||||
|
- "http:{{ http_port }}:{{ http_port }}"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Set HTTP 443 port
|
||||||
|
dokku_ports:
|
||||||
|
app: minio
|
||||||
|
mappings:
|
||||||
|
- "https:443:{{ http_port }}"
|
||||||
|
state: present
|
41
ansible/pre-deploy.yml
Normal file
41
ansible/pre-deploy.yml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Load variables
|
||||||
|
include_vars:
|
||||||
|
dir: "{{ dokku_lib_root }}/data/ansible/minio/vars/"
|
||||||
|
extensions:
|
||||||
|
- yml
|
||||||
|
|
||||||
|
- name: "Configure {{ domain }} domain"
|
||||||
|
dokku_domains:
|
||||||
|
app: minio
|
||||||
|
domains:
|
||||||
|
- "{{ domain }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create application directories
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: git
|
||||||
|
group: git
|
||||||
|
with_items:
|
||||||
|
- /var/lib/minio
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Specify docker volume mount
|
||||||
|
dokku_storage:
|
||||||
|
app: minio
|
||||||
|
mounts:
|
||||||
|
- /var/run/minio:/data
|
||||||
|
|
||||||
|
- name: Configure the app environment
|
||||||
|
dokku_config:
|
||||||
|
app: minio
|
||||||
|
restart: false
|
||||||
|
config:
|
||||||
|
DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}"
|
||||||
|
MINIO_ACCESS_KEY: "{{ minio_access_key }}"
|
||||||
|
MINIO_SECRET_KEY: "{{ minio_secret_key }}"
|
3
ansible/requirements.yml
Normal file
3
ansible/requirements.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- src: dokku_bot.ansible_dokku
|
||||||
|
version: v2020.3.15
|
4
ansible/vars/all.yml
Normal file
4
ansible/vars/all.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
domain: "minio.autonomic.zone"
|
||||||
|
autonomic_admin_mail: "helo@autonomic.zone"
|
||||||
|
http_port: "9000"
|
5
app.json
Normal file
5
app.json
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
"name": "minio",
|
||||||
|
"description": "High Performance, Kubernetes-Friendly Object Storage",
|
||||||
|
"repository": "https://git.autonomic.zone/autonomic-cooperative/minio"
|
||||||
|
}
|
1
requirements.txt
Normal file
1
requirements.txt
Normal file
@ -0,0 +1 @@
|
|||||||
|
ansible==2.9.6
|
15
sbin/encrypt.sh
Executable file
15
sbin/encrypt.sh
Executable file
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eu -o pipefail
|
||||||
|
|
||||||
|
# Usage
|
||||||
|
# ./encrypt.sh mysecretname mysecretvalue
|
||||||
|
|
||||||
|
declare name="$1"
|
||||||
|
declare secret="$2"
|
||||||
|
|
||||||
|
ansible-vault \
|
||||||
|
encrypt_string \
|
||||||
|
--vault-password-file ansible/.vault.sh \
|
||||||
|
--name "$name" \
|
||||||
|
"$secret"
|
Reference in New Issue
Block a user