Browse Source

pad: playbook that can be deployed on website-host

keep-around/2c9e89b8086bc735451ae27318e9ba63ed1783a4
singuliere 1 year ago
parent
commit
2c9e89b808
No known key found for this signature in database GPG Key ID: 900857755EF189C2
  1. 3
      inventory/02-all.yml
  2. 1
      molecule/pad/create.yml
  3. 1
      molecule/pad/destroy.yml
  4. 39
      molecule/pad/molecule.yml
  5. 36
      molecule/pad/pad-playbook.yml
  6. 8
      molecule/pad/playbook.yml
  7. 3
      molecule/pad/roles/pad/defaults/main.yml
  8. 2
      molecule/pad/roles/pad/tasks/main.yml
  9. 94
      molecule/pad/roles/pad/tasks/pad.yml
  10. 13
      molecule/pad/roles/pad/templates/etherpad.service.j2
  11. 13
      molecule/pad/tests/test_icinga.py

3
inventory/02-all.yml

@ -39,3 +39,6 @@ testing:
external-host:
bind-client-host:
pad-group:
hosts:
website-host:

1
molecule/pad/create.yml

@ -0,0 +1 @@
../infrastructure/create.yml

1
molecule/pad/destroy.yml

@ -0,0 +1 @@
../infrastructure/destroy.yml

39
molecule/pad/molecule.yml

@ -0,0 +1,39 @@
---
driver:
name: delegated
lint:
name: yamllint
platforms:
- name: bind-host
- name: icinga-host
- name: website-host
groups:
- pad-group
provisioner:
name: ansible
options:
i: ../../inventory/firewall.yml
limit: bind-host,icinga-host,website-host,localhost
lint:
name: ansible-lint
env:
ANSIBLE_ROLES_PATH: roles:../infrastructure/roles:../firewall/roles:../bind/roles:../icinga/roles:../jdauphant.nginx/roles:../enough-nginx/roles:../certificate/roles
inventory:
links:
group_vars: ../../inventory/group_vars
host_vars: ../../inventory/host_vars
scenario:
name: pad
test_sequence:
- destroy
- create
- converge
- verify
- destroy
verifier:
name: testinfra
options:
v: True
s: True
lint:
name: flake8

36
molecule/pad/pad-playbook.yml

@ -0,0 +1,36 @@
---
- name: install pad
hosts: pad-group
become: true
pre_tasks:
- name: set CNAME
nsupdate:
server: "{{ hostvars['bind-host']['ansible_host'] }}"
zone: "{{ domain }}"
record: "pad.{{ domain }}."
ttl: 1800
type: CNAME
value: "website-host.{{ domain }}."
delegate_to: bind-host
roles:
- role: pad
- role: monitor_http_vhost
http_vhost_https: true
http_vhost_name: Pad
http_vhost_fqdn: "{{ pad_vhost_fqdn }}"
http_vhost_uri: "/"
http_vhost_string: "New Pad"
- role: enough-nginx
vars:
enough_nginx_reverse_proxy: 127.0.0.1:9001
enough_nginx_fqdn: "{{ pad_vhost_fqdn }}"
- role: certificate
vars:
certificate_fqdn: "{{ pad_vhost_fqdn }}"
certificate_installer: nginx

8
molecule/pad/playbook.yml

@ -0,0 +1,8 @@
---
- import_playbook: ../infrastructure/buster-playbook.yml
- import_playbook: ../firewall/firewall-playbook.yml
- import_playbook: ../icinga/test-icinga-playbook.yml
- import_playbook: ../bind/bind-playbook.yml
- import_playbook: ../bind/bind-client-playbook.yml
- import_playbook: ../icinga/icinga-playbook.yml
- import_playbook: pad-playbook.yml

3
molecule/pad/roles/pad/defaults/main.yml

@ -0,0 +1,3 @@
---
pad_nodejs_version: 13.x
pad_admin_password: AtledNir6Quiv

2
molecule/pad/roles/pad/tasks/main.yml

@ -0,0 +1,2 @@
---
- import_tasks: pad.yml

94
molecule/pad/roles/pad/tasks/pad.yml

@ -0,0 +1,94 @@
---
- name: apt-get install git jq
apt:
name: [git, jq, node-json5]
state: present
- name: apt-get install apt-transport-https
apt:
name: apt-transport-https
state: present
- name: apt-key https://deb.nodesource.com/gpgkey/nodesource.gpg.key
apt_key:
url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
state: present
- name: add repo https://deb.nodesource.com/node_{{ pad_nodejs_version }}
apt_repository:
repo: "{{ item }}"
state: present
with_items:
- "deb https://deb.nodesource.com/node_{{ pad_nodejs_version }} {{ ansible_distribution_release }} main"
- "deb-src https://deb.nodesource.com/node_{{ pad_nodejs_version }} {{ ansible_distribution_release }} main"
register: node_repo
- name: apt-get update
apt:
update_cache: yes
when: node_repo.changed
- name: apt-get install nodejs
apt:
name: nodejs
state: present
- name: git clone https://github.com/ether/etherpad-lite.git
git:
repo: https://github.com/ether/etherpad-lite.git
force: yes
dest: /srv/etherpad
version: tags/1.8.0
- name: groupadd etherpad
group:
name: etherpad
- name: adduser etherpad
user:
name: etherpad
groups: etherpad
system: yes
home: /srv/etherpad
- name: chown etherpad /srv
file:
path: /srv
owner: etherpad
- name: json5 -c /srv/etherpad/settings.json.template
shell: json5 -c settings.json.template
args:
chdir: /srv/etherpad
creates: /srv/etherpad/settings.json.template.json
- name: set admin password
shell: |
jq '.users |= { "admin": { "password": "{{ pad_admin_password }}", "is_admin": true } }' < settings.json.template.json > settings.json
args:
chdir: /srv/etherpad
- name: npm install ep_delete_empty_pads ep_author_hover ep_spellcheck
shell: |
npm install ep_delete_empty_pads ep_author_hover ep_spellcheck
args:
chdir: /srv/etherpad
- name: chown -R etherpad /srv/etherpad
file:
path: /srv/etherpad
state: directory
owner: etherpad
recurse: yes
- name: add unit /etc/systemd/system/etherpad.service
template:
src: etherpad.service.j2
dest: /etc/systemd/system/etherpad.service
- name: systemctl start etherpad
service:
name: etherpad
state: restarted
enabled: yes

13
molecule/pad/roles/pad/templates/etherpad.service.j2

@ -0,0 +1,13 @@
[Unit]
Description=etherpad-lite (real-time collaborative document editing)
After=syslog.target network.target
[Service]
Type=simple
User=etherpad
Group=etherpad
Environment=NODE_ENV=production
ExecStart=/srv/etherpad/bin/run.sh
[Install]
WantedBy=multi-user.target

13
molecule/pad/tests/test_icinga.py

@ -0,0 +1,13 @@
from tests.icinga_helper import IcingaHelper
testinfra_hosts = ['icinga-host']
class TestChecks(IcingaHelper):
def test_host(self):
r = self.get_client().objects.get('Host', 'website-host')
assert r['attrs']['name'] == 'website-host'
def test_service(self):
assert self.is_service_ok('website-host!Pad')
Loading…
Cancel
Save