Browse Source

chat: initial implementation

keep-around/3e0400fddc1d96281bed9154491b7fc6e94b1930
Loïc Dachary 3 years ago
parent
commit
b7bf2299fa
Signed by: dachary GPG Key ID: 283AFA30CA7F55A4
  1. 1
      inventory/02-all.yml
  2. 2
      inventory/host_vars/chat-host/chat.yml
  3. 1
      molecule/chat/.gitignore
  4. 16
      molecule/chat/chat-playbook.yml
  5. 1
      molecule/chat/create.yml
  6. 1
      molecule/chat/destroy.yml
  7. 41
      molecule/chat/molecule.yml
  8. 11
      molecule/chat/playbook.yml
  9. 1
      molecule/chat/roles/mattermost/defaults/main.yml
  10. 7
      molecule/chat/roles/mattermost/handlers/main.yml
  11. 2
      molecule/chat/roles/mattermost/tasks/main.yml
  12. 36
      molecule/chat/roles/mattermost/tasks/mattermost.yml
  13. 61
      molecule/chat/roles/mattermost/templates/docker-compose-securedrop-club.yml
  14. 1
      molecule/chat/tests/test_history.py
  15. 58
      molecule/chat/tests/test_icinga.py
  16. 9
      molecule/chat/tests/test_mattermost.py
  17. 4
      molecule/infrastructure/roles/docker/tasks/main.yml
  18. 2
      molecule/preprod/molecule.yml
  19. 1
      securedrop-club-playbook.yml

1
inventory/02-all.yml

@ -7,3 +7,4 @@ pets:
gitlab-host:
weblate-host:
packages-host:
chat-host:

2
inventory/host_vars/chat-host/chat.yml

@ -0,0 +1,2 @@
---
chat_vhost_fqdn: chat.{{ domain }}

1
molecule/chat/.gitignore

@ -0,0 +1 @@
secret

16
molecule/chat/chat-playbook.yml

@ -0,0 +1,16 @@
---
- name: prepare chat environment
hosts: chat-host
roles:
- { role: ansible-role-docker }
- { role: docker }
- { role: mattermost }
- role: monitor_http_vhost
http_vhost_name: Chat
http_vhost_fqdn: "{{ chat_vhost_fqdn }}"
http_vhost_uri: "/"
http_vhost_string: "Mattermost"
become: True

1
molecule/chat/create.yml

@ -0,0 +1 @@
../infrastructure/create.yml

1
molecule/chat/destroy.yml

@ -0,0 +1 @@
../infrastructure/destroy.yml

41
molecule/chat/molecule.yml

@ -0,0 +1,41 @@
---
driver:
name: openstack
lint:
name: yamllint
platforms:
- name: bind-host
flavor: "s1-2"
- name: postfix-host
flavor: "s1-2"
- name: icinga-host
flavor: "s1-2"
- name: chat-host
flavor: "s1-2"
provisioner:
name: ansible
lint:
name: ansible-lint
env:
# https://github.com/metacloud/molecule/issues/1008 for why ../../.. and ../ only
ANSIBLE_ROLES_PATH: roles:../../../infrastructure/roles:../postfix/roles:../bind/roles:../icinga/roles:../backup/roles:../misc/roles:../packages/roles:../jdauphant.nginx/roles
inventory:
links:
# Path is relative to .molecule folder
group_vars: ../../../inventory/group_vars
host_vars: ../../../inventory/host_vars
scenario:
name: chat
test_sequence:
- destroy
- create
- converge
- verify
- destroy
verifier:
name: testinfra
options:
v: True
s: True
lint:
name: flake8

11
molecule/chat/playbook.yml

@ -0,0 +1,11 @@
---
- import_playbook: ../misc/history-playbook.yml
- import_playbook: ../misc/sexy-debian-playbook.yml
- import_playbook: ../icinga/test-icinga-playbook.yml
- import_playbook: ../bind/bind-playbook.yml
- import_playbook: ../bind/bind-client-playbook.yml
- import_playbook: ../icinga/icinga-playbook.yml
- import_playbook: ../postfix/postfix-playbook.yml
- import_playbook: chat-playbook.yml
- import_playbook: ../misc/commit_etc-playbook.yml

1
molecule/chat/roles/mattermost/defaults/main.yml

@ -0,0 +1 @@
---

7
molecule/chat/roles/mattermost/handlers/main.yml

@ -0,0 +1,7 @@
---
- name: recreate mattermost
docker_service:
files: docker-compose-securedrop-club.yml
project_src: /srv/mattermost
state: present
become: False

2
molecule/chat/roles/mattermost/tasks/main.yml

@ -0,0 +1,2 @@
---
- import_tasks: mattermost.yml

36
molecule/chat/roles/mattermost/tasks/mattermost.yml

@ -0,0 +1,36 @@
---
- name: apt-get install git
apt:
name: git
state: present
- name: chown debian /srv
file:
path: /srv
owner: debian
- name: git clone https://github.com/mattermost/mattermost-docker.git
git:
repo: https://github.com/mattermost/mattermost-docker.git
force: yes
dest: /srv/mattermost
become: False
- name: cleanup docker leftovers
shell: docker system prune --force
become: False
- name: create mattermost directories
shell: |
mkdir -p /srv/mattermost/volumes/app/mattermost/{data,config,logs}
chown -R debian:debian /srv/mattermost/volumes/app
- name: Copy docker-compose-securedrop-club.yml
template:
src: docker-compose-securedrop-club.yml
dest: /srv/mattermost/docker-compose-securedrop-club.yml
owner: debian
mode: "0600"
notify:
- recreate mattermost
become: False

61
molecule/chat/roles/mattermost/templates/docker-compose-securedrop-club.yml

@ -0,0 +1,61 @@
version: "2"
services:
db:
build: db
read_only: true
restart: unless-stopped
volumes:
- ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
- POSTGRES_USER=mmuser
- POSTGRES_PASSWORD=mmuser_password
- POSTGRES_DB=mattermost
# uncomment the following to enable backup
# - AWS_ACCESS_KEY_ID=XXXX
# - AWS_SECRET_ACCESS_KEY=XXXX
# - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
# - AWS_REGION=us-east-1
app:
build:
context: app
# comment out following lines for team edition or change UID/GID
args:
- edition=team
- PUID=1000
- PGID=1000
restart: unless-stopped
{% if with_https is not defined or with_https == false %}
ports:
- "80:8000"
{% endif %}
volumes:
- ./volumes/app/mattermost/config:/mattermost/config:rw
- ./volumes/app/mattermost/data:/mattermost/data:rw
- ./volumes/app/mattermost/logs:/mattermost/logs:rw
- /etc/localtime:/etc/localtime:ro
environment:
# set same as db credentials and dbname
- MM_USERNAME=mmuser
- MM_PASSWORD=mmuser_password
- MM_DBNAME=mattermost
# in case your config is not in default location
#- MM_CONFIG=/mattermost/config/config.json
{% if with_https is defined and with_https == true %}
https-portal:
image: steveltn/https-portal:1.2.4
ports:
- '80:80'
- '443:443'
restart: always
environment:
DOMAINS: '{{ chat_vhost_fqdn }} -> http://{{ chat_vhost_fqdn }}:8000'
{% if with_fake_LE is undefined %}
STAGE: production
{% endif %}
SERVER_NAMES_HASH_BUCKET_SIZE: 128
{% endif %}

1
molecule/chat/tests/test_history.py

@ -0,0 +1 @@
../../misc/tests/test_history.py

58
molecule/chat/tests/test_icinga.py

@ -0,0 +1,58 @@
import urllib3
import re
import requests
import yaml
testinfra_hosts = ['icinga-host']
def get_auth(host):
with host.sudo():
f = host.file("/etc/icinga2/conf.d/api-users.conf")
return (
re.search('ApiUser "(.*)"', f.content_string).group(1),
re.search('password = "(.*)"', f.content_string).group(1)
)
def get_master_address(host):
inventory = yaml.load(open(host.backend.ansible_inventory))
address = inventory['all']['hosts']['icinga-host']['ansible_host']
return address
def sloppy_get(url, headers={}, auth=None):
s = requests.Session()
s.auth = auth
s.headers.update(headers)
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
r = s.get(url, verify=False, timeout=5)
r.raise_for_status()
return r
def test_icinga_api_hosts(host):
address = get_master_address(host)
r = sloppy_get(
'https://{address}:5665/v1/objects/hosts/chat-host'.format(
address=address),
{'Accept': 'application/json'},
get_auth(host),
)
answer = r.json()
assert len(answer['results']) == 1
assert answer['results'][0]['name'] == 'chat-host'
def test_icinga_api_services(host):
address = get_master_address(host)
r = sloppy_get(
'https://{address}:5665/v1/objects/services?host=chat-host'.format(
address=address),
{'Accept': 'application/json'},
get_auth(host),
)
answer = r.json()
assert len(answer['results']) > 10
assert len([s for s in answer['results']
if 'chat-host!Chat' == s['name']]) == 1

9
molecule/chat/tests/test_mattermost.py

@ -0,0 +1,9 @@
testinfra_hosts = ['chat-host']
def test_mattermost(host):
cmd = host.run("""
exit 0
""")
print(cmd.stdout)
print(cmd.stderr)
assert 0 == cmd.rc

4
molecule/infrastructure/roles/docker/tasks/main.yml

@ -17,6 +17,10 @@
pip:
name: docker
- name: pip install docker-compose
pip:
name: docker-compose
- name: Allow debian user to use docker without sudo
user:
name: debian

2
molecule/preprod/molecule.yml

@ -24,6 +24,8 @@ platforms:
flavor: "s1-2"
- name: bots-host
flavor: "s1-2"
- name: chat-host
flavor: "s1-2"
- name: trusty-host
flavor: "s1-2"
image: "Ubuntu 14.04"

1
securedrop-club-playbook.yml

@ -18,5 +18,6 @@
- import_playbook: molecule/demo/demo-playbook.yml
- import_playbook: molecule/bots/bots-playbook.yml
- import_playbook: molecule/bots/sd-helper-playbook.yml
- import_playbook: molecule/chat/chat-playbook.yml
- import_playbook: molecule/website/website-playbook.yml
- import_playbook: molecule/misc/commit_etc-playbook.yml
Loading…
Cancel
Save