Browse Source

cloud: split cloud into two roles

One which is generic and does not have any hardcoded assumption about
the hostname. Instead it runs on all hosts in the enough group. And
the other, empty for now, that has all tweaks specific to the
cloud.enough.community instance.
keep-around/ba50dcfebb55b79f93234ba87ee3ab8b47cd1bfa
Loïc Dachary 3 years ago
parent
commit
9c6eb81d00
Signed by: dachary GPG Key ID: 283AFA30CA7F55A4
  1. 1
      enough-community-playbook.yml
  2. 3
      inventory/02-all.yml
  3. 2
      inventory/host_vars/cloud-host/cloud.yml
  4. 18
      molecule/cloud/cloud-playbook.yml
  5. 25
      molecule/cloud/enough-playbook.yml
  6. 10
      molecule/cloud/molecule.yml
  7. 1
      molecule/cloud/playbook.yml
  8. 1
      molecule/cloud/roles/cloud/tasks/cloud.yml
  9. 2
      molecule/cloud/roles/cloud/tasks/main.yml
  10. 8
      molecule/cloud/roles/nextcloud/tasks/nextcloud.yml
  11. 4
      molecule/cloud/roles/nextcloud/templates/docker-compose-infrastructure.yml
  12. 4
      molecule/cloud/tests/test_icinga.py

1
enough-community-playbook.yml

@ -17,6 +17,7 @@
- import_playbook: molecule/packages/packages-playbook.yml
- import_playbook: molecule/packages/enough-playbook.yml
- import_playbook: molecule/chat/chat-playbook.yml
- import_playbook: molecule/cloud/enough-playbook.yml
- import_playbook: molecule/cloud/cloud-playbook.yml
- import_playbook: molecule/website/website-playbook.yml
- import_playbook: molecule/forum/forum-playbook.yml

3
inventory/02-all.yml

@ -10,3 +10,6 @@ pets:
chat-host:
forum-host:
enough:
hosts:
cloud-host:

2
inventory/host_vars/cloud-host/cloud.yml

@ -1,2 +0,0 @@
---
cloud_vhost_fqdn: cloud.{{ domain }}

18
molecule/cloud/cloud-playbook.yml

@ -3,22 +3,6 @@
hosts: cloud-host
roles:
- { role: docker_filesystem }
- { role: ansible-role-docker }
- { role: docker }
- { role: nextcloud }
- role: monitor_http_vhost
http_vhost_name: Cloud
http_vhost_fqdn: "{{ cloud_vhost_fqdn }}"
http_vhost_uri: "/login"
http_vhost_string: "Forgot password"
- role: monitor_tor_http_vhost
with_https: false
tor_hostname_file: /var/lib/tor/services/cloud/hostname
tor_http_vhost_name: Cloud
tor_http_vhost_uri: "/login"
tor_http_vhost_string: "Forgot password"
- { role: cloud }
become: True

25
molecule/cloud/enough-playbook.yml

@ -0,0 +1,25 @@
---
- name: prepare cloud environment
hosts: enough
roles:
- { role: docker_filesystem }
- { role: ansible-role-docker }
- { role: docker }
- role: nextcloud
vhost_fqdn: "{{ inventory_hostname | replace('-host','') }}.{{ domain }}"
- role: monitor_http_vhost
http_vhost_name: "{{ inventory_hostname }}"
http_vhost_fqdn: "{{ inventory_hostname | replace('-host','') }}.{{ domain }}"
http_vhost_uri: "/login"
http_vhost_string: "Forgot password"
- role: monitor_tor_http_vhost
with_https: false
tor_hostname_file: /var/lib/tor/services/cloud/hostname
tor_http_vhost_name: "{{ inventory_hostname }}"
tor_http_vhost_uri: "/login"
tor_http_vhost_string: "Forgot password"
become: True

10
molecule/cloud/molecule.yml

@ -12,6 +12,8 @@ platforms:
flavor: "s1-2"
- name: cloud-host
flavor: "s1-2"
groups:
- enough
volumes:
- name: cloud-volume
size: 10
@ -20,13 +22,11 @@ provisioner:
lint:
name: ansible-lint
env:
# https://github.com/metacloud/molecule/issues/1008 for why ../../.. and ../ only
ANSIBLE_ROLES_PATH: roles:../../../infrastructure/roles:../postfix/roles:../bind/roles:../icinga/roles:../backup/roles:../misc/roles:../packages/roles:../jdauphant.nginx/roles
ANSIBLE_ROLES_PATH: roles:../infrastructure/roles:../postfix/roles:../bind/roles:../icinga/roles:../backup/roles:../misc/roles:../packages/roles:../jdauphant.nginx/roles
inventory:
links:
# Path is relative to .molecule folder
group_vars: ../../../inventory/group_vars
host_vars: ../../../inventory/host_vars
group_vars: ../../inventory/group_vars
host_vars: ../../inventory/host_vars
scenario:
name: cloud
test_sequence:

1
molecule/cloud/playbook.yml

@ -9,5 +9,6 @@
- import_playbook: ../icinga/icinga-playbook.yml
- import_playbook: ../postfix/postfix-playbook.yml
- import_playbook: ../gitlab/test-real-gitlab-playbook.yml
- import_playbook: enough-playbook.yml
- import_playbook: cloud-playbook.yml
- import_playbook: ../misc/commit_etc-playbook.yml

1
molecule/cloud/roles/cloud/tasks/cloud.yml

@ -0,0 +1 @@
---

2
molecule/cloud/roles/cloud/tasks/main.yml

@ -0,0 +1,2 @@
---
- import_tasks: cloud.yml

8
molecule/cloud/roles/nextcloud/tasks/nextcloud.yml

@ -50,7 +50,7 @@
- name: wait for nextcloud to be ready
uri:
url: "http{% if with_https is defined and with_https == true %}s{% endif %}://cloud.{{ domain }}"
url: "http{% if with_https is defined and with_https == true %}s{% endif %}://{{ vhost_fqdn }}"
method: GET
status_code: 200
register: nextcloud_get
@ -74,9 +74,9 @@
become: False
when: nextcloud_config.rc == 1
- name: occ config:system:set trusted_domains cloud.{{ domain }}
- name: occ config:system:set trusted_domains {{ vhost_fqdn }}
shell: |
{{ app_sh }} php -f occ config:system:set trusted_domains 0 --value cloud.{{ domain }}
{{ app_sh }} php -f occ config:system:set trusted_domains 0 --value {{ vhost_fqdn }}
{{ app_sh }} php -f occ config:system:set trusted_domains 1 --value {{ ansible_host }} # for test purposes only
args:
chdir: "{{ app_dir }}"
@ -155,7 +155,7 @@
echo -n $(cat /var/lib/tor/services/cloud/hostname)
register: nextcloud_onion
- name: occ config:system:set trusted_domains {{ nextcloud_onion.stdout }}
- name: occ config:system:set trusted_domains *.onion
shell: |
{{ app_sh }} php -f occ config:system:set trusted_domains 2 --value {{ nextcloud_onion.stdout }}
args:

4
molecule/cloud/roles/nextcloud/templates/docker-compose-infrastructure.yml

@ -21,8 +21,8 @@ services:
- 8080:80
{% endif %}
environment:
- VIRTUAL_HOST={{ cloud_vhost_fqdn }}
- LETSENCRYPT_HOST={{ cloud_vhost_fqdn }}
- VIRTUAL_HOST={{ vhost_fqdn }}
- LETSENCRYPT_HOST={{ vhost_fqdn }}
- LETSENCRYPT_EMAIL=admin@securedrop.club
- POSTGRES_HOST=db
env_file:

4
molecule/cloud/tests/test_icinga.py

@ -55,6 +55,6 @@ def test_icinga_api_services(host):
answer = r.json()
assert len(answer['results']) > 10
assert len([s for s in answer['results']
if 'cloud-host!Cloud' == s['name']]) == 1
if 'cloud-host!cloud-host' == s['name']]) == 1
assert len([s for s in answer['results']
if 'cloud-host!Cloud over Tor' == s['name']]) == 1
if 'cloud-host!cloud-host over Tor' == s['name']]) == 1
Loading…
Cancel
Save