initial test for new apps deployment structuretopic/new-style-apps-roles

11 files changed, 194 insertions, 0 deletions

diff --git a/chaos-at-home/ch-apps.yml b/chaos-at-home/ch-apps.yml
index 3cfc5d24..b4746cb7 100644
--- a/chaos-at-home/ch-apps.yml
+++ b/chaos-at-home/ch-apps.yml
@@ -14,3 +14,4 @@
   - role: monitoring/prometheus/exporter
   - role: kubernetes/base
   - role: kubernetes/standalone/base
+  - role: apps/gotify
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml
index 507e8906..d60430a0 100644
--- a/chaos-at-home/ch-http-proxy.yml
+++ b/chaos-at-home/ch-http-proxy.yml
@@ -9,6 +9,7 @@
   - role: apt-repo/spreadspace
   - role: acmetool/base
   - role: nginx/base
+  - role: apps/gotify
   post_tasks:
   #### web.chaos-at-home.org (default-server)
   - name: create directory for default server
diff --git a/inventory/group_vars/appszone-chaos-at-home/gotify.yml b/inventory/group_vars/appszone-chaos-at-home/gotify.yml
new file mode 100644
index 00000000..51f87dec
--- /dev/null
+++ b/inventory/group_vars/appszone-chaos-at-home/gotify.yml
@@ -0,0 +1,11 @@
+---
+gotify_instances:
+  gotify.chaos-at-home.org:
+    host:
+      instance: ch-apps
+      publish: ch-http-proxy
+    version: 2.1.4
+    timezone: "Europe/Vienna"
+    defaultuser:
+      username: admin
+      password: admin
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index e530a847..2cb47cd9 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -443,6 +443,12 @@ emc
 # ovpnzone-test-clients
 
 
+## apps
+[appszone-chaos-at-home]
+ch-apps
+ch-http-proxy
+
+
 ## hoster
 [hroot]
 sk-2019
diff --git a/roles/apps/gotify/defaults/main.yml b/roles/apps/gotify/defaults/main.yml
new file mode 100644
index 00000000..0760be87
--- /dev/null
+++ b/roles/apps/gotify/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+gotify_uid: 970
+gotify_gid: 970
+
+gotify_storage:
+  type: directory
+  dest: /srv/gotify
+
+gotify_instances:
+  gotify.example.com:
+    version: 1.3.4
+    timezone: "Europe/Vienna"
+    defaultuser:
+      username: admin
+      password: admin
diff --git a/roles/apps/gotify/filter_plugins/gotify.py b/roles/apps/gotify/filter_plugins/gotify.py
new file mode 100644
index 00000000..cf7fd07a
--- /dev/null
+++ b/roles/apps/gotify/filter_plugins/gotify.py
@@ -0,0 +1,49 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible import errors
+
+
+def host_has_gotify_instances(instances, this_host):
+    try:
+        for _, instance in instances.items():
+            if 'host' not in instance or instance['host']['instance'] == this_host:
+                return True
+        return False
+    except Exception as e:
+        raise errors.AnsibleFilterError("host_has_gotify_instances(): %s" % str(e))
+
+
+def extract_gotify_instances(instances, this_host):
+    try:
+        result = []
+        for name, instance in instances.items():
+            if 'host' not in instance or instance['host']['instance'] == this_host:
+                result.append(name)
+        return result
+    except Exception as e:
+        raise errors.AnsibleFilterError("extract_gotify_instances(): %s" % str(e))
+
+
+def extract_gotify_publishments(instances, this_host):
+    try:
+        result = []
+        for name, instance in instances.items():
+            if 'host' not in instance or instance['host']['publish'] == this_host:
+                result.append(name)
+        return result
+    except Exception as e:
+        raise errors.AnsibleFilterError("extract_gotify_publishments(): %s" % str(e))
+
+
+class FilterModule(object):
+
+    ''' gotify filters '''
+    filter_map = {
+        'host_has_gotify_instances': host_has_gotify_instances,
+        'extract_gotify_instances': extract_gotify_instances,
+        'extract_gotify_publishments': extract_gotify_publishments,
+    }
+
+    def filters(self):
+        return self.filter_map
diff --git a/roles/apps/gotify/instance/tasks/main.yml b/roles/apps/gotify/instance/tasks/main.yml
new file mode 100644
index 00000000..bcd36d9e
--- /dev/null
+++ b/roles/apps/gotify/instance/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+- debug:
+    msg: "deploying gotify instance: {{ gotify_instance }}"
+
+- debug:
+    var: gotify_instances[gotify_instance]
+
+
+  ## TODO: support ZFS
+# - name: create gotify instance base directory
+#   file:
+#     path: "{{ gotify_base_path }}/{{ gotify_instance }}"
+#     state: directory
+#     group: gotify
+#     mode: 0750
+
+# - name: create gotify config
+#   template:
+#     src: config.yml.j2
+#     dest: "{{ gotify_base_path }}/{{ gotify_instance }}/config.yml"
+#     group: gotify
+#     mode: 0640
+
+# - name: create gotify data directory
+#   file:
+#     path: "{{ gotify_base_path }}/{{ gotify_instance }}/data"
+#     state: directory
+#     owner: gotify
+#     group: gotify
+#     mode: 0750
+
+# - name: install pod manifest
+#   vars:
+#     kubernetes_standalone_pod:
+#       name: "gotify-{{ gotify_instance }}"
+#       spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+#       mode: "0600"
+#       config_hash_items:
+#       - path: "{{ gotify_base_path }}/{{ gotify_instance }}/config.yml"
+#         properties:
+#         - checksum
+#   include_role:
+#     name: kubernetes/standalone/pod
diff --git a/roles/apps/gotify/instance/templates/config.yml.j2 b/roles/apps/gotify/instance/templates/config.yml.j2
new file mode 100644
index 00000000..f31be76e
--- /dev/null
+++ b/roles/apps/gotify/instance/templates/config.yml.j2
@@ -0,0 +1,3 @@
+defaultuser:
+  name: "{{ gotify_instances[gotify_instance].defaultuser.username }}"
+  pass: "{{ gotify_instances[gotify_instance].defaultuser.password }}"
diff --git a/roles/apps/gotify/instance/templates/pod-spec.yml.j2 b/roles/apps/gotify/instance/templates/pod-spec.yml.j2
new file mode 100644
index 00000000..441a6adb
--- /dev/null
+++ b/roles/apps/gotify/instance/templates/pod-spec.yml.j2
@@ -0,0 +1,30 @@
+securityContext:
+  allowPrivilegeEscalation: false
+  runAsUser: {{ gotify_uid }}
+  runAsGroup: {{ gotify_gid }}
+containers:
+- name: gotify
+  image: "gotify/server:{{ gotify_instances[gotify_instance].version }}"
+  env:
+  - name: TZ
+    value: "{{ gotify_instances[gotify_instance].timezone }}"
+  - name: GOTIFY_SERVER_PORT
+    value: "8080"
+  resources:
+    limits:
+      memory: "512Mi"
+  volumeMounts:
+  - name: config
+    mountPath: /etc/gotify/config.yml
+    readOnly: true
+  - name: data
+    mountPath: /app/data
+volumes:
+- name: config
+  hostPath:
+    path: "{{ gotify_base_path }}/{{ gotify_instance }}/config.yml"
+    type: File
+- name: data
+  hostPath:
+    path: "{{ gotify_base_path }}/{{ gotify_instance }}/data"
+    type: Directory
diff --git a/roles/apps/gotify/publish/tasks/main.yml b/roles/apps/gotify/publish/tasks/main.yml
new file mode 100644
index 00000000..636ea517
--- /dev/null
+++ b/roles/apps/gotify/publish/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- debug:
+    msg: "publishing gotify instance: {{ gotify_instance }}"
+
+- debug:
+    var: gotify_instances[gotify_instance]
diff --git a/roles/apps/gotify/tasks/main.yml b/roles/apps/gotify/tasks/main.yml
new file mode 100644
index 00000000..96367c8c
--- /dev/null
+++ b/roles/apps/gotify/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+- name: prepare host to run gotify instances
+  when: gotify_instances | host_has_gotify_instances(inventory_hostname)
+  block:
+  - name: add group for gotify
+    group:
+      name: gotify
+      gid: "{{ gotify_gid }}"
+
+  - name: add user for gotify
+    user:
+      name: gotify
+      uid: "{{ gotify_uid }}"
+      group: gotify
+      password: "!"
+
+- name: deploy gotify instances
+  loop: "{{ gotify_instances | extract_gotify_instances(inventory_hostname) }}"
+  loop_control:
+    loop_var: gotify_instance
+  include_role:
+    name: apps/gotify/instance
+
+- name: publish gotify instances
+  loop: "{{ gotify_instances | extract_gotify_publishments(inventory_hostname) }}"
+  loop_control:
+    loop_var: gotify_instance
+  include_role:
+    name: apps/gotify/publish