Compare commits
3 Commits
main
...
containers
Author | SHA1 | Date |
---|---|---|
Christophe Siraut | f8edaafda8 | |
Christophe Siraut | 1aa37728ad | |
Christophe Siraut | 8703b81d7e |
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- hosts: local
|
||||
- hosts: "{{target}}"
|
||||
tasks:
|
||||
- name: delete venv
|
||||
file:
|
||||
|
|
|
@ -0,0 +1,111 @@
|
|||
---
|
||||
- name: Initialize a systemd-nspawn container
|
||||
hosts: localhost
|
||||
roles:
|
||||
- facts
|
||||
tasks:
|
||||
- name: Sanity cheks
|
||||
assert:
|
||||
that:
|
||||
- "target != 'localhost'"
|
||||
- "'ansible_host' in hostvars[target]"
|
||||
- "hostvars[target]['ansible_host'] | ipaddr"
|
||||
msg: 'please add CONTAINER_NAME to your inventory, with an ip address in ansible_host variable, then specify "-e target CONTAINER_NAME" on the command line. See for example dev.publik in inventory.yml'
|
||||
|
||||
- name: "create {{src_dir}} directory"
|
||||
file:
|
||||
path: "{{src_dir}}"
|
||||
state: directory
|
||||
owner: "{{user}}"
|
||||
group: "{{user}}"
|
||||
|
||||
- name: create/start container and bind-mount our development directory
|
||||
local_action: command dspawn -p -b {{ src_dir }} -a {{ hostvars[target]['ansible_host'] }} create {{ target }}
|
||||
become: yes
|
||||
ignore_errors: yes
|
||||
|
||||
- lineinfile:
|
||||
path: /etc/hosts
|
||||
regexp: "^{{hostvars[target]['ansible_host']}} "
|
||||
line: "{{hostvars[target]['ansible_host']}} dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik dev-corbo.local.publik dev-bijoe.local.publik"
|
||||
become: yes
|
||||
|
||||
- name: Deploy container basic configuration
|
||||
hosts: "{{ target }}"
|
||||
gather_facts: False
|
||||
roles:
|
||||
- facts
|
||||
vars:
|
||||
ansible_user: root
|
||||
tasks:
|
||||
- raw: echo 'deb http://deb.entrouvert.org/ stretch main' > /etc/apt/sources.list.d/entrouvert.list
|
||||
- raw: apt update; apt install -y python-simplejson python-apt ca-certificates sudo postgresql git
|
||||
- raw: wget -O - https://deb.entrouvert.org/entrouvert.gpg | apt-key add -
|
||||
- raw: apt update; dpkg -s ca-certificates-entrouvert || apt install -y ca-certificates-entrouvert
|
||||
|
||||
- lineinfile:
|
||||
path: /etc/postgresql/9.6/main/pg_hba.conf
|
||||
line: 'local all postgres trust'
|
||||
insertbefore: '# DO NOT DISABLE!'
|
||||
|
||||
- lineinfile:
|
||||
path: /etc/postgresql/9.6/main/pg_hba.conf
|
||||
line: 'local all all peer'
|
||||
insertafter: 'local all postgres trust'
|
||||
|
||||
- raw: systemctl restart postgresql
|
||||
|
||||
- postgresql_user:
|
||||
name: "{{user}}"
|
||||
role_attr_flags: CREATEDB,SUPERUSER
|
||||
|
||||
- user:
|
||||
name: "{{user}}"
|
||||
groups: sudo
|
||||
append: yes
|
||||
shell: /bin/bash
|
||||
|
||||
# it is strange we need to fix permissions here (ansible 2.4)
|
||||
- file:
|
||||
path: "~{{user}}"
|
||||
state: directory
|
||||
owner: "{{user}}"
|
||||
group: "{{user}}"
|
||||
|
||||
- lineinfile:
|
||||
dest: /etc/sudoers
|
||||
regexp: "^%{{user}}"
|
||||
line: "{{user}} ALL=(ALL) NOPASSWD: ALL"
|
||||
validate: 'visudo -cf %s'
|
||||
|
||||
- file:
|
||||
path: "~{{user}}/.ssh"
|
||||
state: directory
|
||||
owner: "{{user}}"
|
||||
mode: 0700
|
||||
- copy:
|
||||
src: "~/.ssh/id_rsa.pub"
|
||||
dest: "~{{user}}/.ssh/authorized_keys"
|
||||
owner: "{{user}}"
|
||||
mode: 0600
|
||||
|
||||
- lineinfile:
|
||||
path: /etc/hosts
|
||||
regexp: '^127.0.42.1'
|
||||
line: '127.0.42.1 dev.publik dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik'
|
||||
|
||||
- name: Copy certificates obtained from pki.entrouvert.org
|
||||
hosts: "{{ target }}"
|
||||
gather_facts: False
|
||||
vars:
|
||||
ansible_user: root
|
||||
tasks:
|
||||
- copy:
|
||||
src: /etc/ssl/certs/*.local.publik.crt
|
||||
dest: /etc/ssl/certs/*.local.publik.crt
|
||||
ignore-errors: yes
|
||||
- copy:
|
||||
src: /etc/ssl/private/*.local.publik.key
|
||||
dest: /etc/ssl/private/*.local.publik.key
|
||||
ignore-errors: yes
|
||||
|
|
@ -1,8 +1,11 @@
|
|||
---
|
||||
- name: delete all publik tenants
|
||||
hosts: local
|
||||
hosts: "{{target}"
|
||||
vars:
|
||||
venv_bin: "{{venv}}/bin"
|
||||
roles:
|
||||
- facts
|
||||
|
||||
tasks:
|
||||
- name: "delete hobo tenant"
|
||||
command: "{{venv_bin}}/{{apps['hobo']['project_name']}}-manage delete_tenant {{tenants_conf['dev-hobo']}}"
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
- name: deploy publik tenants for local developement
|
||||
hosts: local
|
||||
hosts: "{{target}}"
|
||||
roles:
|
||||
- facts
|
||||
- deploy-tenants
|
||||
vars:
|
||||
venv_bin: "{{venv}}/bin"
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
- name: "ssh git clone {{ repo }}"
|
||||
git:
|
||||
repo: "ssh://git@git.entrouvert.org/{{ repo }}.git"
|
||||
dest: "{{ repo_dir }}"
|
||||
when:
|
||||
- git_ssh
|
||||
- clone_repo
|
||||
|
||||
- name: "standard git clone {{ repo }}"
|
||||
git:
|
||||
repo: "git://repos.entrouvert.org/{{ repo }}.git"
|
||||
dest: "{{ repo_dir }}"
|
||||
when:
|
||||
- not git_ssh
|
||||
- clone_repo
|
|
@ -6,7 +6,8 @@ src_dir: "/home/{{user}}/src"
|
|||
ssl_certificate: "/etc/ssl/certs/*.local.publik.crt"
|
||||
ssl_certificate_key: "/etc/ssl/private/*.local.publik.key"
|
||||
venv: "/home/{{user}}/envs/publik-env"
|
||||
user: publik
|
||||
user: your_user_name
|
||||
target: localhost
|
||||
apps:
|
||||
authentic:
|
||||
db_name: authentic_multitenant
|
||||
|
|
11
install.yml
11
install.yml
|
@ -1,7 +1,14 @@
|
|||
---
|
||||
- name: publik multitenants installation
|
||||
hosts: local
|
||||
- name: collect facts and get sources
|
||||
hosts: localhost
|
||||
roles:
|
||||
- facts
|
||||
- get-sources
|
||||
|
||||
- name: publik multitenants installation
|
||||
hosts: "{{ target }}"
|
||||
roles:
|
||||
- facts
|
||||
- base
|
||||
- hobo
|
||||
- authentic
|
||||
|
|
|
@ -1,19 +1,3 @@
|
|||
- name: "ssh git clone {{ repo }}"
|
||||
git:
|
||||
repo: "ssh://git@git.entrouvert.org/{{ repo }}.git"
|
||||
dest: "{{ repo_dir }}"
|
||||
when:
|
||||
- git_ssh
|
||||
- clone_repo
|
||||
|
||||
- name: "standard git clone {{ repo }}"
|
||||
git:
|
||||
repo: "git://repos.entrouvert.org/{{ repo }}.git"
|
||||
dest: "{{ repo_dir }}"
|
||||
when:
|
||||
- not git_ssh
|
||||
- clone_repo
|
||||
|
||||
# Ugly hack to perform a simple 'pip install -e /some/source/dir'
|
||||
- name: "pip install {{ repo_dir }}"
|
||||
pip:
|
||||
|
|
|
@ -3,3 +3,5 @@ local:
|
|||
hosts:
|
||||
localhost:
|
||||
ansible_connection: local
|
||||
dev.publik:
|
||||
ansible_host: 10.0.0.100
|
||||
|
|
|
@ -66,22 +66,6 @@
|
|||
repo: "eopayment"
|
||||
repo_dir: "{{ src_dir }}/eopayment"
|
||||
|
||||
- name: ssh git clone publik-base-theme
|
||||
git:
|
||||
repo: ssh://git@git.entrouvert.org/publik-base-theme.git
|
||||
dest: "{{ src_dir }}/publik-base-theme"
|
||||
when:
|
||||
- git_ssh
|
||||
- clone_repo
|
||||
|
||||
- name: standard git clone publik-base-theme
|
||||
git:
|
||||
repo: git://repos.entrouvert.org/publik-base-theme.git
|
||||
dest: "{{ src_dir }}/publik-base-theme"
|
||||
when:
|
||||
- not git_ssh
|
||||
- clone_repo
|
||||
|
||||
- name: make publik-base-theme
|
||||
make:
|
||||
chdir: "{{ src_dir }}/publik-base-theme"
|
||||
|
|
|
@ -24,6 +24,7 @@
|
|||
copy:
|
||||
src: "/tmp/{{wcs_skeleton_filename}}"
|
||||
dest: "/var/lib/wcs/skeletons/{{wcs_skeleton_filename}}"
|
||||
remote_src: yes
|
||||
|
||||
- name: copies a cook json template
|
||||
template:
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: guess username (can be overidden in options/inventory)
|
||||
local_action: command whoami
|
||||
when: user == 'your_user_name'
|
||||
register: username
|
||||
|
||||
- name: set user variable
|
||||
set_fact:
|
||||
user: "{{ username.stdout }}"
|
||||
when: user == 'your_user_name'
|
|
@ -0,0 +1,136 @@
|
|||
- name: "create {{src_dir}} directory"
|
||||
file:
|
||||
path: "{{src_dir}}"
|
||||
state: directory
|
||||
owner: "{{user}}"
|
||||
group: "{{user}}"
|
||||
|
||||
- name: get eopayment
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "eopayment"
|
||||
repo_dir: "{{ src_dir }}/eopayment"
|
||||
|
||||
- name: ssh git clone publik-base-theme
|
||||
git:
|
||||
repo: ssh://git@git.entrouvert.org/publik-base-theme.git
|
||||
dest: "{{ src_dir }}/publik-base-theme"
|
||||
when:
|
||||
- git_ssh
|
||||
- clone_repo
|
||||
|
||||
- name: standard git clone publik-base-theme
|
||||
git:
|
||||
repo: git://repos.entrouvert.org/publik-base-theme.git
|
||||
dest: "{{ src_dir }}/publik-base-theme"
|
||||
when:
|
||||
- not git_ssh
|
||||
- clone_repo
|
||||
|
||||
###
|
||||
|
||||
- name: get django-mellon
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "django-mellon"
|
||||
repo_dir: "{{ src_dir }}/django-mellon"
|
||||
|
||||
- name: get gadjo
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "gadjo"
|
||||
repo_dir: "{{ src_dir }}/gadjo"
|
||||
|
||||
- name: get django-tenant-schemas
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "debian/django-tenant-schemas"
|
||||
repo_dir: "{{ src_dir }}/django-tenant-schemas"
|
||||
|
||||
- name: get hobo
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "hobo"
|
||||
repo_dir: "{{ src_dir }}/hobo"
|
||||
|
||||
###
|
||||
|
||||
- name: get authentic
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "authentic"
|
||||
repo_dir: "{{ src_dir }}/authentic"
|
||||
|
||||
- name: get authentic2-auth-fc
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "authentic2-auth-fc"
|
||||
repo_dir: "{{ src_dir }}/authentic2-auth-fc"
|
||||
|
||||
###
|
||||
|
||||
- name: get combo
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "combo"
|
||||
repo_dir: "{{ src_dir }}/combo"
|
||||
|
||||
###
|
||||
|
||||
- name: get wcs
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "wcs"
|
||||
repo_dir: "{{ src_dir }}/wcs"
|
||||
|
||||
- name: get auquotidien
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "auquotidien"
|
||||
repo_dir: "{{ src_dir }}/auquotidien"
|
||||
|
||||
###
|
||||
|
||||
- name: get django-tenant-schemas
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "debian/django-tenant-schemas"
|
||||
repo_dir: "{{ src_dir }}/django-tenant-schemas"
|
||||
|
||||
- name: get passerelle
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "passerelle"
|
||||
repo_dir: "{{ src_dir }}/passerelle"
|
||||
|
||||
###
|
||||
|
||||
- name: get fargo
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "fargo"
|
||||
repo_dir: "{{ src_dir }}/fargo"
|
||||
|
||||
- name: get chrono
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "chrono"
|
||||
repo_dir: "{{ src_dir }}/chrono"
|
||||
|
||||
- name: get corbo
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "corbo"
|
||||
repo_dir: "{{ src_dir }}/corbo"
|
||||
|
||||
- name: get bijoe
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "bijoe"
|
||||
repo_dir: "{{ src_dir }}/bijoe"
|
||||
|
||||
- name: get welco
|
||||
import_tasks: git_clone.yml
|
||||
vars:
|
||||
repo: "welco"
|
||||
repo_dir: "{{ src_dir }}/welco"
|
Loading…
Reference in New Issue