La rama master de este repositorio un playbook para instalar todos los servicios de la Brecha Digital.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

main.yml 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329
  1. ---
  2. - name: If Im skipped, we're good
  3. hosts: all
  4. gather_facts: False
  5. tasks:
  6. - name: Fail if idiot
  7. fail:
  8. msg: "Si me lees, es que no has esquivado este tag, así que tal vez no sabes lo que haces. Ejecútame de nuevo con --skip-tag medehes "
  9. tags:
  10. - medehes
  11. - name: Restart service{s}
  12. hosts: all
  13. tasks:
  14. - name: Restart service{s}
  15. become: yes
  16. service:
  17. name: "docker-{{ item }}"
  18. state: restarted
  19. with_items: "{{ restart.split(' ') }}"
  20. when: restart is defined and restart
  21. - name: Fail
  22. fail:
  23. msg: "No has dicho que servicios reiniciar, melón. Usa esta notación: -e 'restart=\"gitea nginx\"' sin las contrabarras."
  24. when: not restart
  25. tags:
  26. - restart
  27. - name: Install usual packages
  28. hosts: all
  29. tasks:
  30. - name: Install packages
  31. become: yes
  32. apt:
  33. name: "{{ item }}"
  34. state: present
  35. with_items: "{{ packages }}"
  36. tags:
  37. - requirements
  38. - name: Install docker
  39. hosts: all
  40. roles:
  41. - docker
  42. tags:
  43. - requirements
  44. - name: Create the main docker network
  45. hosts: all
  46. tasks:
  47. - docker_network:
  48. name: internal
  49. driver: bridge
  50. state: present
  51. become: yes
  52. tags:
  53. - requirements
  54. - name: Configure docker registry
  55. hosts: all
  56. vars:
  57. registry_data: data
  58. registry_config: config
  59. docker_main_dir: "{{ remote_docker_main_dir }}"
  60. docker_command: /usr/bin/docker run -i --name "{{ registry_service_name }}" -p 127.0.0.1:5000:5000 --rm -v "{{ registry_data }}:/var/lib/registry" -v "{{ registry_config }}/:/etc/docker/registry" --net internal registry:2
  61. roles:
  62. - docker-registry
  63. tags:
  64. - registry
  65. - name: Copy all nginx virtualhosts
  66. hosts: all
  67. tasks:
  68. - name: Copy file
  69. become: yes
  70. copy:
  71. remote_src: no
  72. src: "{{ item }}"
  73. dest: "{{ nginx_directory }}/virtual_hosts/"
  74. with_fileglob:
  75. - files/virtual_hosts/*
  76. tags:
  77. - nginx
  78. - name: Download, push and configure nginx
  79. hosts: all
  80. vars:
  81. docker_image: nginx
  82. service_name: nginx
  83. service_name_prefix: "{{ prefix_service_name }}"
  84. docker_registry: "{{ write_registry }}"
  85. registry_user: "{{ registry_users.first_user.name }}"
  86. registry_password: "{{ registry_users.first_user.password }}"
  87. docker_image_tag: "{{ nginx_version }}"
  88. docker_push: False
  89. docker_command: /usr/bin/docker run -v "{{ nginx_directory }}/certs":/etc/ssl -v "{{ nginx_directory }}/logs":/var/log/nginx -v "{{ nginx_directory }}/auth":/etc/nginx/auth -v "{{ nginx_directory }}/auth/htpasswd":/etc/nginx/registry.htpasswd -v "{{ nginx_directory }}/virtual_hosts":/etc/nginx/conf.d/ -p 80:80 -p 443:443 --name "{{ service_name }}" --net internal --rm nginx:"{{ nginx_version }}"
  90. roles:
  91. - deploy-docker
  92. tags:
  93. - nginx
  94. - name: Download, push and configure nikola
  95. hosts: all
  96. vars:
  97. docker_image: nginx
  98. service_name: nikola
  99. service_name_prefix: "{{ prefix_service_name }}"
  100. docker_registry: "{{ write_registry }}"
  101. registry_user: "{{ registry_users.first_user.name }}"
  102. registry_password: "{{ registry_users.first_user.password }}"
  103. docker_image_tag: "{{ nginx_version }}"
  104. docker_command: /usr/bin/docker run --rm -v "{{ nikola_directory }}":/usr/share/nginx/html --name "{{ service_name }}" --net internal --name "{{ service_name }}" "{{ docker_image }}":"{{ docker_image_tag }}"
  105. roles:
  106. - deploy-docker
  107. tags:
  108. - nginx
  109. - name: Copy write only registry vhost
  110. hosts: all
  111. tasks:
  112. - name: Copy htpasswd file
  113. become: yes
  114. htpasswd:
  115. path: "{{ nginx_directory }}/auth/htpasswd"
  116. name: "{{ item.value.name }}"
  117. password: "{{ item.value.password }}"
  118. owner: root
  119. group: root
  120. mode: 0644
  121. with_dict: "{{ registry_users }}"
  122. tags:
  123. - registry
  124. - name: Log into private registry
  125. hosts: all
  126. tasks:
  127. - name: Log into registry
  128. become: yes
  129. docker_login:
  130. registry: "{{ write_registry }}"
  131. username: "{{ registry_users.first_user.name }}"
  132. password: "{{ registry_users.first_user.password }}"
  133. tags:
  134. - registry
  135. - name: Download, push and configure the docker registry
  136. hosts: all
  137. vars:
  138. registry_data: data
  139. registry_config: config
  140. docker_main_dir: "{{ remote_docker_main_dir }}"
  141. docker_command: /usr/bin/docker run -i --name "{{ registry_service_name }}" -p 127.0.0.1:5000:5000 --rm -v "{{ registry_data }}:/var/lib/registry" -v "{{ registry_config }}/:/etc/docker/registry" --net internal registry:2
  142. roles:
  143. - docker-registry
  144. tags:
  145. - registry
  146. - name: Download, build and push Jess Fraz registry UI
  147. hosts: all
  148. vars:
  149. git_repository: https://github.com/jessfraz/reg
  150. git_repository_destination: "{{ repo_destination }}/reg"
  151. git_repository_extra_path: server
  152. git_repository_tag: "{{ ui_reg_version }}"
  153. service_name: ui-registry
  154. service_name_prefix: "{{ prefix_service_name }}"
  155. docker_registry: "{{ write_registry }}"
  156. docker_registry_read: "{{ read_registry }}"
  157. registry_user: "{{ registry_users.first_user.name }}"
  158. registry_password: "{{ registry_users.first_user.password }}"
  159. docker_image_tag: "{{ git_repository_tag }}"
  160. social_user: "{{ social_link }}"
  161. docker_command: /usr/bin/docker run --rm --net internal --name "{{ service_name }}" -i -p 8080:8080 "{{ docker_registry }}/{{ service_name }}":"{{ ui_reg_version }}" -u "{{ registry_user }}" -p "{{ registry_password }}" -r "{{ docker_registry_read }}" --insecure
  162. # Desactivado hasta que sea arregle clair --clair http://172.17.0.1:6061
  163. roles:
  164. - ui-registry
  165. tags:
  166. - registry
  167. - name: Copy clair config file
  168. hosts: all
  169. tasks:
  170. - name: Copy file
  171. become: yes
  172. copy:
  173. remote_src: no
  174. src: files/clair-config.yml
  175. dest: "{{ clair_directory }}/config.yml"
  176. tags:
  177. - clair
  178. - name: Download, and push postgresql
  179. hosts: all
  180. vars:
  181. docker_image: postgres
  182. service_name: postgres
  183. service_name_prefix: "{{ prefix_service_name }}"
  184. docker_registry: "{{ write_registry }}"
  185. docker_registry_read: "{{ read_registry }}"
  186. registry_user: "{{ registry_users.first_user.name }}"
  187. registry_password: "{{ registry_users.first_user.password }}"
  188. docker_image_tag: "{{ postgres_version }}"
  189. docker_data_directories: "{{ postgres_directory }}/data"
  190. docker_command: /usr/bin/docker run --name "{{ service_name }}" --rm -e POSTGRES_PASSWORD="" -p 5432:5432 -v "{{ docker_data_directories }}":/var/lib/postgresql/data --net internal --name postgres ":{{ postgres_version }}"
  191. roles:
  192. - deploy-docker
  193. tags:
  194. - clair
  195. - name: Download, and push clair
  196. hosts: all
  197. vars:
  198. docker_image: quay.io/coreos/clair
  199. service_name: clair
  200. service_name_prefix: "{{ prefix_service_name }}"
  201. docker_registry: "{{ write_registry }}"
  202. docker_registry_read: "{{ read_registry }}"
  203. registry_user: "{{ registry_users.first_user.name }}"
  204. registry_password: "{{ registry_users.first_user.password }}"
  205. docker_image_tag: "{{ clair_version }}"
  206. docker_data_directories: "{{ clair_directory }}"
  207. docker_command: /usr/bin/docker run --rm -v "{{ clair_directory }}":/config -p 6060-6061:6060-6061 --name "{{ service_name }}" --net internal --cpus=".1" --memory=200m --memory-swap=300m "{{ docker_registry_read }}/{{ service_name }}:{{ clair_version }}" -config=/config/config.yml
  208. roles:
  209. - deploy-docker
  210. tags:
  211. - clair
  212. - name: Copy prosody community modules
  213. hosts: all
  214. tasks:
  215. - name: Clone prosody community modules
  216. become: yes
  217. hg:
  218. repo: https://hg.prosody.im/prosody-modules/
  219. dest: "{{ prosody_directory }}/modules/"
  220. tags:
  221. - prosody
  222. - name: Copy prosody configuration file
  223. hosts: all
  224. tasks:
  225. - name: Copy prosody configuration file
  226. become: yes
  227. template:
  228. src: files/prosody.cfg.lua.j2
  229. dest: "{{ prosody_directory }}/conf/prosody.cfg.lua"
  230. tags:
  231. - prosody
  232. - name: Download, build and push prosody
  233. hosts: all
  234. vars:
  235. git_repository: https://git.digitales.cslabrecha.org/La_Brecha_Digital/prosody-docker
  236. git_repository_destination: "{{ repo_destination }}/prosody"
  237. git_repository_tag: "{{ prosody_version }}"
  238. service_name: prosody
  239. service_name_prefix: "{{ prefix_service_name }}"
  240. docker_registry: "{{ write_registry }}"
  241. docker_registry_read: "{{ read_registry }}"
  242. registry_user: "{{ registry_users.first_user.name }}"
  243. registry_password: "{{ registry_users.first_user.password }}"
  244. docker_image_tag: "{{ git_repository_tag }}"
  245. docker_data_directories: "{{ prosody_directory }}"
  246. docker_command: /usr/bin/docker run --rm -v "{{ prosody_directory }}/conf":/etc/prosody/ -v "{{ prosody_directory }}/certs":/etc/prosody/certs/ -v "{{ prosody_directory }}/modules":/usr/lib/prosody/modules/extra:ro -v "{{ prosody_directory }}/logs":/var/log/prosody/ -v "{{ prosody_directory }}/images/":/var/lib/prosody/ -e LOCAL=admin -e DOMAIN=chat.cslabrecha.org -e PASSWORD="{{ xmpp_password }}" -p 5222:5222 -p 5269:5269 -p 5280:5280 -p 5281:5281 --name "{{ service_name }}" --net internal "{{ docker_registry_read }}/{{ service_name }}"
  247. roles:
  248. - deploy-docker
  249. tags:
  250. - prosody
  251. - name: Download, and push drone
  252. hosts: all
  253. vars:
  254. docker_image: "drone/drone"
  255. service_name: drone
  256. git_repository_tag: "{{ prosody_version }}"
  257. service_name: prosody
  258. service_name_prefix: "{{ prefix_service_name }}"
  259. docker_registry: "{{ write_registry }}"
  260. docker_registry_read: "{{ read_registry }}"
  261. registry_user: "{{ registry_users.first_user.name }}"
  262. registry_password: "{{ registry_users.first_user.password }}"
  263. docker_image_tag: "{{ drone_version }}"
  264. docker_data_directories: "{{ drone_directory }}"
  265. docker_command: /usr/bin/docker run --rm -v "{{ drone_directory }}/":/var/lib/drone/ -p 8000:8000 -p 9000:9000 -e DRONE_OPEN=true -e DRONE_HOST=https://"{{ drone_domain }}" -e DRONE_GITEA=true -e DRONE_GITEA_URL=https://"{{ gitea_domain }}" --net internal --name "{{ service_name }}" -e DRONE_ORGS="{{ drone_organizations }}" -e DRONE_ADMIN="{{ drone_admins }}" -v /var/run/docker.sock:/var/run/docker.sock "{{ read_registry }}/{{ service_name }}":"{{ docker_image_tag }}"
  266. roles:
  267. - deploy-docker
  268. tags:
  269. - drone
  270. - name: Download, push and configure drone agent
  271. hosts: all
  272. vars:
  273. docker_image: drone/agent
  274. service_name: drone-agent
  275. service_name_prefix: "{{ prefix_service_name }}"
  276. docker_registry: "{{ write_registry }}"
  277. registry_user: "{{ registry_users.first_user.name }}"
  278. registry_password: "{{ registry_users.first_user.password }}"
  279. docker_image_tag: "{{ drone_version }}"
  280. docker_command: /usr/bin/docker run --rm -e DRONE_SERVER=drone:9000 --name "{{ service_name }}" --net internal -v /var/run/docker.sock:/var/run/docker.sock --memory=200m --memory-swap=500m "{{ read_registry }}/{{ service_name }}":"{{ docker_image_tag }}"
  281. roles:
  282. - deploy-docker
  283. tags:
  284. - drone
  285. - name: Download, and push gitea
  286. hosts: all
  287. vars:
  288. docker_image: "gitea/gitea"
  289. service_name: gitea
  290. service_name_prefix: "{{ prefix_service_name }}"
  291. docker_registry: "{{ write_registry }}"
  292. docker_registry_read: "{{ read_registry }}"
  293. registry_user: "{{ registry_users.first_user.name }}"
  294. registry_password: "{{ registry_users.first_user.password }}"
  295. docker_image_tag: "{{ gitea_version }}"
  296. docker_data_directories: "{{ gitea_directory }}"
  297. docker_command: /usr/bin/docker run --rm -v "{{ gitea_directory }}/data":/data -p 22:22 --name "{{ service_name }}" --net internal "{{ docker_registry_read }}/{{ service_name }}":"{{ docker_image_tag }}"
  298. roles:
  299. - deploy-docker
  300. tags:
  301. - gitea
  302. - name: Configure the iptables
  303. hosts: all
  304. roles:
  305. - iptables
  306. tags:
  307. - iptables