diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-01-15 16:30:04 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-03-27 03:35:06 +0200 |
commit | 599ad367358470c60cbcdc3758443fa4dc5fda85 (patch) | |
tree | 805e440d86469cc71fc7e10b67b76b8f24f57d98 | |
parent | add ch-epimetheus to monitoring (diff) |
initial test for new apps deployment structuretopic/new-style-apps-roles
-rw-r--r-- | chaos-at-home/ch-apps.yml | 1 | ||||
-rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 1 | ||||
-rw-r--r-- | inventory/group_vars/appszone-chaos-at-home/gotify.yml | 11 | ||||
-rw-r--r-- | inventory/hosts.ini | 6 | ||||
-rw-r--r-- | roles/apps/gotify/defaults/main.yml | 15 | ||||
-rw-r--r-- | roles/apps/gotify/filter_plugins/gotify.py | 49 | ||||
-rw-r--r-- | roles/apps/gotify/instance/tasks/main.yml | 43 | ||||
-rw-r--r-- | roles/apps/gotify/instance/templates/config.yml.j2 | 3 | ||||
-rw-r--r-- | roles/apps/gotify/instance/templates/pod-spec.yml.j2 | 30 | ||||
-rw-r--r-- | roles/apps/gotify/publish/tasks/main.yml | 6 | ||||
-rw-r--r-- | roles/apps/gotify/tasks/main.yml | 29 |
11 files changed, 194 insertions, 0 deletions
diff --git a/chaos-at-home/ch-apps.yml b/chaos-at-home/ch-apps.yml index 3cfc5d24..b4746cb7 100644 --- a/chaos-at-home/ch-apps.yml +++ b/chaos-at-home/ch-apps.yml @@ -14,3 +14,4 @@ - role: monitoring/prometheus/exporter - role: kubernetes/base - role: kubernetes/standalone/base + - role: apps/gotify diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index 507e8906..d60430a0 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -9,6 +9,7 @@ - role: apt-repo/spreadspace - role: acmetool/base - role: nginx/base + - role: apps/gotify post_tasks: #### web.chaos-at-home.org (default-server) - name: create directory for default server diff --git a/inventory/group_vars/appszone-chaos-at-home/gotify.yml b/inventory/group_vars/appszone-chaos-at-home/gotify.yml new file mode 100644 index 00000000..51f87dec --- /dev/null +++ b/inventory/group_vars/appszone-chaos-at-home/gotify.yml @@ -0,0 +1,11 @@ +--- +gotify_instances: + gotify.chaos-at-home.org: + host: + instance: ch-apps + publish: ch-http-proxy + version: 2.1.4 + timezone: "Europe/Vienna" + defaultuser: + username: admin + password: admin diff --git a/inventory/hosts.ini b/inventory/hosts.ini index e530a847..2cb47cd9 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -443,6 +443,12 @@ emc # ovpnzone-test-clients +## apps +[appszone-chaos-at-home] +ch-apps +ch-http-proxy + + ## hoster [hroot] sk-2019 diff --git a/roles/apps/gotify/defaults/main.yml b/roles/apps/gotify/defaults/main.yml new file mode 100644 index 00000000..0760be87 --- /dev/null +++ b/roles/apps/gotify/defaults/main.yml @@ -0,0 +1,15 @@ +--- +gotify_uid: 970 +gotify_gid: 970 + +gotify_storage: + type: directory + dest: /srv/gotify + +gotify_instances: + gotify.example.com: + version: 1.3.4 + timezone: "Europe/Vienna" + defaultuser: + username: admin + password: admin diff --git a/roles/apps/gotify/filter_plugins/gotify.py b/roles/apps/gotify/filter_plugins/gotify.py new file mode 100644 index 00000000..cf7fd07a --- /dev/null +++ b/roles/apps/gotify/filter_plugins/gotify.py @@ -0,0 +1,49 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from ansible import errors + + +def host_has_gotify_instances(instances, this_host): + try: + for _, instance in instances.items(): + if 'host' not in instance or instance['host']['instance'] == this_host: + return True + return False + except Exception as e: + raise errors.AnsibleFilterError("host_has_gotify_instances(): %s" % str(e)) + + +def extract_gotify_instances(instances, this_host): + try: + result = [] + for name, instance in instances.items(): + if 'host' not in instance or instance['host']['instance'] == this_host: + result.append(name) + return result + except Exception as e: + raise errors.AnsibleFilterError("extract_gotify_instances(): %s" % str(e)) + + +def extract_gotify_publishments(instances, this_host): + try: + result = [] + for name, instance in instances.items(): + if 'host' not in instance or instance['host']['publish'] == this_host: + result.append(name) + return result + except Exception as e: + raise errors.AnsibleFilterError("extract_gotify_publishments(): %s" % str(e)) + + +class FilterModule(object): + + ''' gotify filters ''' + filter_map = { + 'host_has_gotify_instances': host_has_gotify_instances, + 'extract_gotify_instances': extract_gotify_instances, + 'extract_gotify_publishments': extract_gotify_publishments, + } + + def filters(self): + return self.filter_map diff --git a/roles/apps/gotify/instance/tasks/main.yml b/roles/apps/gotify/instance/tasks/main.yml new file mode 100644 index 00000000..bcd36d9e --- /dev/null +++ b/roles/apps/gotify/instance/tasks/main.yml @@ -0,0 +1,43 @@ +--- +- debug: + msg: "deploying gotify instance: {{ gotify_instance }}" + +- debug: + var: gotify_instances[gotify_instance] + + + ## TODO: support ZFS +# - name: create gotify instance base directory +# file: +# path: "{{ gotify_base_path }}/{{ gotify_instance }}" +# state: directory +# group: gotify +# mode: 0750 + +# - name: create gotify config +# template: +# src: config.yml.j2 +# dest: "{{ gotify_base_path }}/{{ gotify_instance }}/config.yml" +# group: gotify +# mode: 0640 + +# - name: create gotify data directory +# file: +# path: "{{ gotify_base_path }}/{{ gotify_instance }}/data" +# state: directory +# owner: gotify +# group: gotify +# mode: 0750 + +# - name: install pod manifest +# vars: +# kubernetes_standalone_pod: +# name: "gotify-{{ gotify_instance }}" +# spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" +# mode: "0600" +# config_hash_items: +# - path: "{{ gotify_base_path }}/{{ gotify_instance }}/config.yml" +# properties: +# - checksum +# include_role: +# name: kubernetes/standalone/pod diff --git a/roles/apps/gotify/instance/templates/config.yml.j2 b/roles/apps/gotify/instance/templates/config.yml.j2 new file mode 100644 index 00000000..f31be76e --- /dev/null +++ b/roles/apps/gotify/instance/templates/config.yml.j2 @@ -0,0 +1,3 @@ +defaultuser: + name: "{{ gotify_instances[gotify_instance].defaultuser.username }}" + pass: "{{ gotify_instances[gotify_instance].defaultuser.password }}" diff --git a/roles/apps/gotify/instance/templates/pod-spec.yml.j2 b/roles/apps/gotify/instance/templates/pod-spec.yml.j2 new file mode 100644 index 00000000..441a6adb --- /dev/null +++ b/roles/apps/gotify/instance/templates/pod-spec.yml.j2 @@ -0,0 +1,30 @@ +securityContext: + allowPrivilegeEscalation: false + runAsUser: {{ gotify_uid }} + runAsGroup: {{ gotify_gid }} +containers: +- name: gotify + image: "gotify/server:{{ gotify_instances[gotify_instance].version }}" + env: + - name: TZ + value: "{{ gotify_instances[gotify_instance].timezone }}" + - name: GOTIFY_SERVER_PORT + value: "8080" + resources: + limits: + memory: "512Mi" + volumeMounts: + - name: config + mountPath: /etc/gotify/config.yml + readOnly: true + - name: data + mountPath: /app/data +volumes: +- name: config + hostPath: + path: "{{ gotify_base_path }}/{{ gotify_instance }}/config.yml" + type: File +- name: data + hostPath: + path: "{{ gotify_base_path }}/{{ gotify_instance }}/data" + type: Directory diff --git a/roles/apps/gotify/publish/tasks/main.yml b/roles/apps/gotify/publish/tasks/main.yml new file mode 100644 index 00000000..636ea517 --- /dev/null +++ b/roles/apps/gotify/publish/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- debug: + msg: "publishing gotify instance: {{ gotify_instance }}" + +- debug: + var: gotify_instances[gotify_instance] diff --git a/roles/apps/gotify/tasks/main.yml b/roles/apps/gotify/tasks/main.yml new file mode 100644 index 00000000..96367c8c --- /dev/null +++ b/roles/apps/gotify/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: prepare host to run gotify instances + when: gotify_instances | host_has_gotify_instances(inventory_hostname) + block: + - name: add group for gotify + group: + name: gotify + gid: "{{ gotify_gid }}" + + - name: add user for gotify + user: + name: gotify + uid: "{{ gotify_uid }}" + group: gotify + password: "!" + +- name: deploy gotify instances + loop: "{{ gotify_instances | extract_gotify_instances(inventory_hostname) }}" + loop_control: + loop_var: gotify_instance + include_role: + name: apps/gotify/instance + +- name: publish gotify instances + loop: "{{ gotify_instances | extract_gotify_publishments(inventory_hostname) }}" + loop_control: + loop_var: gotify_instance + include_role: + name: apps/gotify/publish |