chore: setup docker-registry

5 years ago · c10d556038
parent b741b5872a
commit c10d556038
20 changed files with 362 additions and 48 deletions
--- a/group_vars/all/plain.yml
+++ b/group_vars/all/plain.yml
@ -1,6 +1,6 @@
 ---
-send_status_messages: true
+send_status_messages: false
 domain: smardigo.digital
--- a/roles/_deploy/tasks/caddy_config.yml
+++ b/roles/_deploy/tasks/caddy_config.yml
@ -1,39 +0,0 @@
 ---
 - name: 'Insert/Update caddy configuration in {{ caddy_config_file_path_full }}'
  blockinfile:
    marker: '# {mark} managed by ansible (reverse proxy config for {{ current_service }})'
    path: '{{ caddy_config_file_path_full }}'
    state: "{{ 'present' if reverse_proxy == 'caddy' else 'absent' }}"
    create: yes
    block: |
      {% for service in current_services %}
      {{ http_s }}://{{ service.external }} {
        proxy / {{ service.internal }} {
          transparent
        }
        tls {{ caddy_tls }}
        {% if service.basicauth is defined %}
        basicauth {{ service.basicauth }}
        {% endif %}
      }
      {% endfor %}
  tags:
    - update_deployment
 - name: "Stop caddy"
  shell: docker-compose down
  args:
    chdir: '{{ service_base_path }}/caddy'
  ignore_errors: yes
  when: reverse_proxy == 'caddy'
  tags:
    - update_deployment
 - name: "Start caddy"
  shell: docker-compose up -d
  args:
    chdir: '{{ service_base_path }}/caddy'
  when: reverse_proxy == 'caddy'
  tags:
    - update_deployment
--- a/roles/_deploy/tasks/configs.yml
+++ b/roles/_deploy/tasks/configs.yml
@ -20,7 +20,7 @@
  tags:
    - update_config
- name: Ensure docker files are populated from templates
+- name: Ensure docker files are populated from templates/_docker
  template:
    src: "{{ item.src }}"
    dest: "{{ current_base_path }}/{{ current_destination }}/{{ item.path | regex_replace('\\.j2$', '') }}"
@ -33,7 +33,7 @@
    - update_deployment
    - update_config
- name: Ensure config template files are populated from templates
+- name: Ensure config template files are populated from templates/{{ current_config }}
  template:
    src: "{{ item.src }}"
    dest: "{{ current_base_path }}/{{ current_destination }}/{{ item.path | regex_replace('\\.j2$', '') }}"
@ -45,7 +45,7 @@
  tags:
    - update_config
- name: Ensure config files are populated from templates
+- name: Ensure config files are populated from from templates/{{ current_config }}
  copy:
    src: "{{ item.src }}"
    dest: "{{ current_base_path }}/{{ current_destination }}/{{ item.path }}"
--- a/roles/_digitalocean/tasks/domain.yml
+++ b/roles/_digitalocean/tasks/domain.yml
@ -8,7 +8,6 @@
      authorization: Bearer {{ digitalocean_authentication_token }}
    return_content: yes
  register: domain_records_response
  delegate_to: 127.0.0.1
 - name: Save DNS entry as variable (fact)
  set_fact: 
@ -35,7 +34,6 @@
  when:
        domain_record.ip != '-'
    and record_data != domain_record.ip
  delegate_to: 127.0.0.1
 - name: Create DNS entry for <{{ record_name }}> if necessary
  uri:
@ -57,4 +55,3 @@
        domain_record.ip == '-'
    or record_data != domain_record.ip
    or record_name != domain_record.name
  delegate_to: 127.0.0.1
--- a/roles/docker-registry/defaults/main.yml
+++ b/roles/docker-registry/defaults/main.yml
@ -0,0 +1,137 @@
 ---
 docker_registry_id: "{{ service_name }}-registry"
 docker_registry_image_name: "library/registry"
 docker_registry_image_version: "2.7"
 docker_portus_secret_key_base: docker-portus-secret-key-base
 docker_portus_password: docker-portus-admin
 docker_postgres_portus_image_name: "postgres"
 docker_postgres_portus_image_version: "12"
 docker_portus_postgres_database: docker-portus-postgres
 docker_portus_postgres_username: docker-portus-postgres-admin
 docker_portus_postgres_password: docker-portus-postgres-admin
 docker_registry_docker: {
  networks: [
    {
      name: front-tier,
      external: true,
    },
    {
      name: back-tier,
      external: true,
    },
  ],
  volumes: [
    {
      name: "{{ service_name }}-registry-data",
    },
    {
      name: "{{ service_name }}-postgres-portus-data"
    }
  ],
  services: [
    {
      name: "{{ service_name }}-portus",
      image_name: "opensuse/portus",
      image_version: "2.4",
      environment: [
        "PORTUS_MACHINE_FQDN_VALUE: \"{{ stage_server_url_host }}\"",
        "PORTUS_DB_HOST: \"{{ service_name }}-postgres-portus\"",
        "PORTUS_DB_DATABASE: \"{{ docker_portus_postgres_database }}\"",
        "PORTUS_DB_USERNAME: \"{{ docker_portus_postgres_username }}\"",
        "PORTUS_DB_PASSWORD: \"{{ docker_portus_postgres_password }}\"",
        "PORTUS_DB_POOL: \"5\"",
        "PORTUS_SECRET_KEY_BASE: \"{{ docker_portus_secret_key_base }}\"",
        "PORTUS_KEY_PATH: \"/certificates/portus.key\"",
        "PORTUS_PASSWORD: \"{{ docker_portus_password }}\"",
        "PORTUS_PUMA_TLS_KEY: \"/certificates/portus.key\"",
        "PORTUS_PUMA_TLS_CERT: \"/certificates/portus.crt\"",
        "RAILS_SERVE_STATIC_FILES: \"true\"",
      ],
      volumes: [
        '"{{ service_name }}-postgres-portus-data:/var/lib/postgresql/data"',
      ],
      networks: [
        '"front-tier"',
        '"back-tier"',
      ]
    },
    {
      name: "{{ service_name }}-portus-background",
      image_name: "opensuse/portus",
      image_version: "2.4",
      environment: [
        "CCONFIG_PREFIX: \"PORTUS\"",
        "PORTUS_MACHINE_FQDN_VALUE: \"{{ stage_server_url_host }}\"",
        "PORTUS_DB_HOST: \"{{ service_name }}-postgres-portus\"",
        "PORTUS_DB_DATABASE: \"{{ docker_portus_postgres_database }}\"",
        "PORTUS_DB_USERNAME: \"{{ docker_portus_postgres_username }}\"",
        "PORTUS_DB_PASSWORD: \"{{ docker_portus_postgres_password }}\"",
        "PORTUS_DB_POOL: \"5\"",
        "PORTUS_SECRET_KEY_BASE: \"{{ docker_portus_secret_key_base }}\"",
        "PORTUS_KEY_PATH: \"/certificates/portus.key\"",
        "PORTUS_PASSWORD: \"{{ docker_portus_password }}\"",
        "PORTUS_BACKGROUND: \"true\"",
      ],
      volumes: [
        '"./secrets:/certificates:ro"',
      ],
      networks: [
        '"back-tier"',
      ]
    },
    {
      name: "{{ service_name }}-postgres-portus",
      image_name: "{{ docker_postgres_portus_image_name }}",
      image_version: "{{ docker_postgres_portus_image_version }}",
      environment: [
        'POSTGRES_DB: "{{ docker_portus_postgres_database }}"',
        'POSTGRES_USER: "{{ docker_portus_postgres_username }}"',
        'POSTGRES_PASSWORD: "{{ docker_portus_postgres_password }}"',
      ],
      volumes: [
        '"{{ service_name }}-postgres-portus-data:/var/lib/postgresql/data"',
      ],
      networks: [
        '"back-tier"',
      ],
      ports: "{{ docker_registry_postgres_ports | default([]) }}",
    },
    {
      name: "{{ service_name }}-registry",
      image_name: "{{ docker_registry_image_name }}",
      image_version: "{{ docker_registry_image_version }}",
      command: [
        '"/bin/sh"',
        '"/etc/docker/registry/init"',
      ],
      environment: [
        "REGISTRY_HTTP_SECRET: \"3a025df1-c7df-4c63-9ec4-103ffe3bde42\"",
        "REGISTRY_AUTH_TOKEN_REALM: \"{{ stage_server_url }}/v2/token\"",
        "REGISTRY_AUTH_TOKEN_SERVICE: \"{{ stage_server_url_host }}\"",
        "REGISTRY_AUTH_TOKEN_ISSUER: \"{{ stage_server_url_host }}\"",
        "REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: \"/secrets/portus.crt\"",
        "REGISTRY_HTTP_TLS_CERTIFICATE: \"/secrets/portus.crt\"",
        "REGISTRY_HTTP_TLS_KEY: \"/secrets/portus.key\"",
      ],
      volumes: [
        '"{{ service_name }}-registry-data:/var/lib/registry"',
        '"./secrets:/secrets:ro"',
        '"./registry/init:/etc/docker/registry/init:ro"',
        '"./registry/config.yml:/etc/docker/registry/config.yml:ro"',
      ],
      networks: [
        '"front-tier"'
      ],
      ports: "{{ docker_registry_ports | default([]) }}",
    }
  ]
 }
--- a/roles/docker-registry/handlers/main.yml
+++ b/roles/docker-registry/handlers/main.yml
--- a/roles/docker-registry/meta/main.yml
+++ b/roles/docker-registry/meta/main.yml
--- a/roles/docker-registry/tasks/main.yml
+++ b/roles/docker-registry/tasks/main.yml
@ -0,0 +1,171 @@
 ---
 ### tags:
 ###   update_deployment
 - name: "Send mattermost message"
  uri:
    url: "{{ mattermost_hook_smardigo }}"
    method: POST
    body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}"
    body_format: json
    headers:
      Content-Type: "application/json"
  delegate_to: 127.0.0.1
  become: false
  when:
    - send_status_messages
 - name: Gather current server infos
  hcloud_server_info:
    api_token: "{{ hetzner_authentication_token }}"
  register: hetzner_server_infos
  delegate_to: 127.0.0.1
  become: false
 - name: Save current server infos as variable (fact)
  set_fact: 
    hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
  delegate_to: 127.0.0.1
  become: false
 - name: Read ip for {{ inventory_hostname }}
  set_fact:
    stage_server_ip: "{{ item.ipv4_address }}"
  when: item.name == inventory_hostname
  with_items: "{{ hetzner_server_infos_json }}"
  delegate_to: 127.0.0.1
  become: false
 - name: "Setup DNS configuration for {{ service_name }}"
  include_role:
    name: _digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ service_name }}"
 - name: "Setup public DNS configuration for {{ service_name }}"
  include_role:
    name: _digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ item.ip }}"
    record_name: "{{ item.name }}"
  loop: "{{ docker_registry_public_dns_entries }}"
  when: docker_registry_public_dns_entries is defined
 - name: "Check docker networks"
  include_role:
    name: _docker
    tasks_from: networks
 - name: "Check if {{ service_name }}/docker-compose.yml exists"
  stat:
    path: '{{ service_base_path }}/{{ service_name }}/docker-compose.yml'
  register: check_docker_compose_file
  tags:
    - update_deployment
 - name: "Stop {{ service_name }}"
  shell: docker-compose down
  args:
    chdir: '{{ service_base_path }}/{{ service_name }}'
  when: check_docker_compose_file.stat.exists
  ignore_errors: yes
  tags:
    - update_deployment
 - name: "Deploy service configuration for {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: configs
  vars:
    current_config: "docker-registry"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ service_name }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
    current_docker: "{{ docker_registry_docker }}"
 - name: "Update {{ service_name }}"
  shell: docker-compose pull
  args:
    chdir: '{{ service_base_path }}/{{ service_name }}'
  tags:
    - update_deployment
 - name: "Start {{ service_name }}"
  shell: docker-compose up -d
  args:
    chdir: '{{ service_base_path }}/{{ service_name }}'
  tags:
    - update_deployment
 - name: "Update landing page entries for {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: caddy_landing_page
  vars:
    current_services: [
      {
        current_name: "{{ service_name }}",
        current_url: "{{ http_s }}://{{ service_url }}",
        current_version: "{{ docker_registry_image_version }}",
        current_date: "{{ ansible_date_time.iso8601 }}",
        management: "{{ http_s }}://{{ service_url }}:{{ monitor_port_service }}/management",
      },
    ]
  tags:
    - update_deployment
 - name: "Update landing page with public entries {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: caddy_landing_page
  vars:
    current_services: [
      {
        current_name: "{{ item.name }}",
        current_url: "{{ http_s }}://{{ item.name }}.{{ domain }}",
        current_version: "{{ docker_registry_image_version }}",
        current_date: "{{ ansible_date_time.iso8601 }}",
        management: "{{ http_s }}://{{ service_url }}:{{ monitor_port_service }}/management",
      },
    ]
  loop: "{{ docker_registry_public_dns_entries }}"
  when: docker_registry_public_dns_entries is defined
  tags:
    - update_deployment
 - name: "Update landing page with extra entries for {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: caddy_landing_page
  vars:
    current_services: [
      {
        current_name: "{{ item.name }}",
        current_url: "{{ item.domain }}",
        current_version: "{{ docker_registry_image_version }}",
        current_date: "{{ ansible_date_time.iso8601 }}",
        management: "{{ http_s }}://{{ service_url }}:{{ monitor_port_service }}/management",
      },
    ]
  loop: "{{ docker_registry_extra_domain_entries }}"
  when: docker_registry_extra_domain_entries is defined
  tags:
    - update_deployment
 - name: "Send mattermost messsge"
  uri:
    url: "{{ mattermost_hook_smardigo }}"
    method: POST
    body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}"
    body_format: json
    headers:
      Content-Type: "application/json"
  delegate_to: 127.0.0.1
  become: false
  when:
    - send_status_messages
--- a/roles/docker-registry/vars/main.yml
+++ b/roles/docker-registry/vars/main.yml
--- a/roles/node-exporter/defaults/main.yml
+++ b/roles/node-exporter/defaults/main.yml
--- a/roles/node-exporter/handlers/main.yml
+++ b/roles/node-exporter/handlers/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/node-exporter/meta/main.yml
+++ b/roles/node-exporter/meta/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/node-exporter/tasks/main.yml
+++ b/roles/node-exporter/tasks/main.yml
--- a/roles/node-exporter/vars/main.yml
+++ b/roles/node-exporter/vars/main.yml
@ -0,0 +1 @@
 ---
--- a/setup.yml
+++ b/setup.yml
@ -40,10 +40,10 @@
      tags:
        - common
-    - role: node_exporter
+    - role: node-exporter
      when: node_exporter_enabled | default(True)
      tags:
-        - node_exporter
+        - node-exporter
    - role: traefik
      when: traefik_enabled | default(True)
--- a/smardigo.yml
+++ b/smardigo.yml
@ -0,0 +1,17 @@
 ---
 - name: 'apply setup to {{ host | default("all") }}'
  hosts: '{{ host | default("all") }}'
  serial: "{{ serial_number|default(1) }}"
  become: yes
  pre_tasks:
    - name: "Check if ansible version is at least 2.10.x"
      assert:
        that:
          - ansible_version.major >= 2
          - ansible_version.minor >= 10
        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
  roles:
    - role: docker-registry
      when: "'docker_registry' in group_names"
--- a/8
+++ b/8
@ -1,12 +1,20 @@
 [hcloud]
 dev-docker-registry-01
 dev-elastic-stack-01
 dev-elastic-stack-02
 dev-elastic-stack-03
 dev-prometheus-01
 [docker_registry]
 dev-docker-registry-01
 [prometheus]
 dev-prometheus-01
 [stage_dev:children]
 hcloud
 docker_registry
 prometheus
 [all:children]
 stage_dev
--- a/templates/docker-registry/registry/config.yml
+++ b/templates/docker-registry/registry/config.yml
@ -0,0 +1,12 @@
 version: 0.1
 storage:
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
 http:
  addr: 0.0.0.0:5000
  debug:
    addr: 0.0.0.0:5001
--- a/templates/docker-registry/registry/init
+++ b/templates/docker-registry/registry/init
@ -0,0 +1,7 @@
 #!/bin/sh
 set -x
 cp /secrets/portus.crt /usr/local/share/ca-certificates
 update-ca-certificates
 registry serve /etc/docker/registry/config.yml
--- a/templates/docker-registry/secrets/.gitignore
+++ b/templates/docker-registry/secrets/.gitignore
@ -0,0 +1 @@
 portus.*