From aa798535cdd76257ba2ec54a53bd9baf8a54a68a Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 17 Oct 2019 20:02:22 +0200 Subject: basic etherpad installation works now --- dan/host_vars/sk-cloudia.yml | 53 +++++---- inventory/host_vars/sk-cloudia/etherpad.yml | 59 ++++++++++ roles/etherpad-lite/defaults/main.yml | 29 +++++ roles/etherpad-lite/tasks/main.yml | 128 +++++++++++++++++++++ roles/etherpad-lite/templates/nginx-vhost.conf.j2 | 57 +++++++++ .../templates/pod-with-mariadb.yml.j2 | 57 +++++++++ 6 files changed, 359 insertions(+), 24 deletions(-) create mode 100644 inventory/host_vars/sk-cloudia/etherpad.yml create mode 100644 roles/etherpad-lite/defaults/main.yml create mode 100644 roles/etherpad-lite/tasks/main.yml create mode 100644 roles/etherpad-lite/templates/nginx-vhost.conf.j2 create mode 100644 roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 diff --git a/dan/host_vars/sk-cloudia.yml b/dan/host_vars/sk-cloudia.yml index 8307debd..49740d46 100644 --- a/dan/host_vars/sk-cloudia.yml +++ b/dan/host_vars/sk-cloudia.yml @@ -1,25 +1,30 @@ $ANSIBLE_VAULT;1.2;AES256;dan -62386362306561396565303363383237326235396163376239653536373431656133326136663562 -6433353232643232376539636662633038643461623439620a623436333137386138643537383531 -61343165346339333331666363386565336462316333353763326661303733363431386566666530 -3062363533663232650a393362313437343830346336346465356466393735373438313061383961 -37363164656130353934306461343634373530323630373964333137323731643130333363363938 -65366336616235376534653732363235353563656635373530636638396533386534336661306435 -66366331613539363562316433383436656339656635316635666535303631643564306565326562 -61373531306230373063303636323166636436666634353039396262656631663638386162646663 -32633039633261623938646534363230343761343331346134326265393635303863323838356633 -35353137383431653864366337623038373961376131303063333234313932616633353938363464 -31383233316630333464623763656565383536353133616232386635623763356363386631306561 -38333766363466666631383964616334646637363638643762636435316239333961666164396637 -37346637346165393639393038323564323238376233363030643336613435636138636634363964 -38333236306264373466623161363239346232383937343438623665353133323231316139383234 -34386634366639656132666534323766303462393530666631393865316535663532383538653866 -32613464373034343832343035316365316161616334616162326430666535623830393334386664 -37303362333030613164313264333333663638373933326234636362363432323466343731616564 -61393837633764666662343338356239313333633436623830653237656138656132353066313238 -34326364633364353965366630633964383261316363663231333134366239633339353133363130 -35366266363133323262663833383163613366373462396134383263356435666664396239626433 -33616261386135643834303861326438333632356231653634653338623263316234663966343066 -39313437616534373162613064626562383630386638353266643437313833376463643033343230 -64303832336631396532626665643739623635643233663837663931366465333637366333616361 -38323938646334666561 +35343436313330383232353966303231333938336435353363643864663238633166653839346264 +6339313431306438326535393365386638626361333836310a613838623439653736363933303732 +36613466353164316336663439336238623335343937633631383564313638623665383962666134 +3234313638613036320a616266333333316564386165653332363061303935386533336533363539 +34323635376464346330333238636133326536656332633535623532303638383262663165636464 +36633862666330333933383739336262633631303237623235373032303430616265643665623566 +32633735653438313939353938306638636239653137316663626237326635643235643661343164 +34636530393836333064343863623138353566313839363737373164343038663665333939643864 +30323733363366346465653930303937656632643634626630353939663262646230643339646231 +66636562303061616338303430346663306135353463663833613366666333613933353536313465 +31666163383863393830386261373136656138366132643461623864376366353535633533363334 +32373132653066383735313832343032316361623466313761353562366662663636386635353537 +30356161313737663332626363646133393330353862393466313437386561363564363236623839 +65396639303463633964363935643461633330613639373832343938346438346266366132323634 +62363366363133313833666165646635656265616437363138396162363438313130616635623964 +39343265336466646566643633643839386666613962633730336233396562316334613464633633 +30303561353866313163333962616539326335663736643832313030613761653037346135313633 +38336333333538396562663663303265313062633539626464353335366536363931616665643861 +62386366386138373338633132623262366436646161656335353334663438333630663165313262 +66383237636330373239376463346132363666386336313636626661663232303733633739386365 +39336130346630373831346135356630303632666233313531343663303439633130663538313537 +61336463343131616435373165663139346461646665343039633038343638313033366436613930 +32613437623539663264376364363230613232303238643061383738346462643032636431623565 +39376531353163366636393932623932393333633730653764376633326139663132353831373834 +39383932396637633232613334646161306336323365353961316464613662366432383232626235 +38653562623466396536393336643162363935333638353331653963653562336562643832353662 +33303065663036663361636162396336343262333232356563303832626133626165343965626166 +32616435313430663734656437613135616437636138646432663362353262346561616537313361 +6464 diff --git a/inventory/host_vars/sk-cloudia/etherpad.yml b/inventory/host_vars/sk-cloudia/etherpad.yml new file mode 100644 index 00000000..9cd26e19 --- /dev/null +++ b/inventory/host_vars/sk-cloudia/etherpad.yml @@ -0,0 +1,59 @@ +--- +etherpad_lite_zfs: + pool: storage + name: etherpad-lite + size: 20G + +etherpad_lite_instances: + pad.elevate.at: + version: 1.7.5 + port: 8300 + hostnames: +# - pad.elevate.at + - wolke.elev8.at + quota: 5G + settings: + title: Elevate Etherpad + users: + admin: + is_admin: true + password: admin + user: + is_admin: false + password: user + + defaultPadText: "Welcome to the ELEVATE - Etherpad!\n\nThis pad text is synchronized\ + \ as you type, so that everyone viewing this page sees the same text. This allows\ + \ you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http://etherpad.org\n\ + \n IMPORTANT: THIS PAD IS PRIVIDED FOR FREE TO THE PUBLIC! There is no guarantee\ + \ for your data - please take care of backups yourself! This is usually intended\ + \ only for the Elevate Team and it might get access control in the future! If you\ + \ are interested in having a PAD for your project, please get back to dan@elevate.at\ + \ for information. It can be made available!" + favicon: favicon.ico + + maxAge: 21600 + editOnly: false + minify: true + requireSession: false + requireAuthentication: false + requireAuthorization: false + socketTransportProtocols: [xhr-polling, jsonp-polling, htmlfile] + abiword: null + loglevel: INFO + logconfig: + appenders: + - type: console + + credentials: + dbType: "mysql" + dbSettings: + host: "127.0.0.1" + user: "etherpad-lite" + password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" + database: "etherpad-lite" + charset: "utf8mb4" + database: + type: mariadb + version: 10.4.8 + password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" diff --git a/roles/etherpad-lite/defaults/main.yml b/roles/etherpad-lite/defaults/main.yml new file mode 100644 index 00000000..5281c739 --- /dev/null +++ b/roles/etherpad-lite/defaults/main.yml @@ -0,0 +1,29 @@ +--- +etherpad_lite_app_uid: "940" +etherpad_lite_app_gid: "940" + +etherpad_lite_db_uid: "941" +etherpad_lite_db_gid: "941" + +# etherpad_lite_base_path: /srv/etherpad_lite + +# etherpad_lite_zfs: +# pool: storage +# name: etherpad_lite +# size: 20G + +# etherpad_lite_instances: +# example: +# version: 1.7.5 +# port: 8300 +# hostnames: +# - pad.example.com +# quota: 40G +# settings: +# .... +# credentials: +# .... +# database: +# type: mariadb +# version: 10.4.8 +# password: "{{ vault_etherpad_lite_database_passwords['example'] }}" diff --git a/roles/etherpad-lite/tasks/main.yml b/roles/etherpad-lite/tasks/main.yml new file mode 100644 index 00000000..05bf32ce --- /dev/null +++ b/roles/etherpad-lite/tasks/main.yml @@ -0,0 +1,128 @@ +--- +- name: create zfs datasets + when: etherpad_lite_zfs is defined + block: + - name: create zfs base dataset + zfs: + name: "{{ etherpad_lite_zfs.pool }}/{{ etherpad_lite_zfs.name }}" + state: present + extra_zfs_properties: + quota: "{{ etherpad_lite_zfs.size }}" + + - name: create zfs volumes for instances + loop: "{{ etherpad_lite_instances | dict2items }}" + loop_control: + label: "{{ item.key }} ({{ item.value.quota }})" + zfs: + name: "{{ etherpad_lite_zfs.pool }}/{{ etherpad_lite_zfs.name }}/{{ item.key }}" + state: present + extra_zfs_properties: + quota: "{{ item.value.quota }}" + + - name: configure etherpad_lite base bath + set_fact: + etherpad_lite_base_path: "{{ zfs_zpools[etherpad_lite_zfs.pool].mountpoint }}/{{ etherpad_lite_zfs.name }}" + + +- name: create instance subdirectories + when: etherpad_lite_zfs is not defined + loop: "{{ etherpad_lite_instances | list }}" + file: + path: "{{ etherpad_lite_base_path }}/{{ item }}" + state: directory + + + +- name: add group for etherpad-lite app + group: + name: epl-app + gid: "{{ etherpad_lite_app_gid }}" + +- name: add user for etherpad-lite app + user: + name: epl-app + uid: "{{ etherpad_lite_app_uid }}" + group: epl-app + password: "!" + +- name: create etherpad_lite app subdirectory + loop: "{{ etherpad_lite_instances | list }}" + file: + path: "{{ etherpad_lite_base_path }}/{{ item }}/etherpad-lite" + owner: "{{ etherpad_lite_app_uid }}" + group: "{{ etherpad_lite_app_gid }}" + state: directory + + +- name: add group for etherpad-lite db + group: + name: epl-db + gid: "{{ etherpad_lite_db_gid }}" + +- name: add user for etherpad-lite db + user: + name: epl-db + uid: "{{ etherpad_lite_db_uid }}" + group: epl-db + password: "!" + +- name: create etherpad-lite database subdirectory + loop: "{{ etherpad_lite_instances | dict2items}}" + loop_control: + label: "{{ item.key }} ({{ item.value.database.type }})" + file: + path: "{{ etherpad_lite_base_path }}/{{ item.key }}/{{ item.value.database.type }}" + owner: "{{ etherpad_lite_db_uid }}" + group: "{{ etherpad_lite_db_gid }}" + state: directory + + +- name: create etherpad-lite config directory + loop: "{{ etherpad_lite_instances | list }}" + file: + path: "{{ etherpad_lite_base_path }}/{{ item }}/config" + state: directory + +- name: create settings json + loop: "{{ etherpad_lite_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + content: "{{ item.value.settings | combine({'ip': '0.0.0.0', 'port': 9001}) | to_nice_json }}" + dest: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/settings.json" + mode: 0644 + owner: "{{ etherpad_lite_app_uid }}" + group: "{{ etherpad_lite_app_gid }}" + +- name: create db credentials json + loop: "{{ etherpad_lite_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + content: "{{ item.value.credentials | to_nice_json }}" + dest: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/credentials.json" + mode: 0600 + owner: "{{ etherpad_lite_app_uid }}" + group: "{{ etherpad_lite_app_gid }}" + + +- name: generate pod manifests + loop: "{{ etherpad_lite_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: "pod-with-{{ item.value.database.type }}.yml.j2" + dest: "/etc/kubernetes/manifests/etherpad-lite-{{ item.key }}.yml" + mode: 0600 + + +- name: configure nginx vhost + loop: "{{ etherpad_lite_instances | dict2items }}" + include_role: + name: nginx/vhost + vars: + nginx_vhost: + name: "etherpad-lite-{{ item.key }}" + content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}" + acme: true + hostnames: "{{ item.value.hostnames }}" diff --git a/roles/etherpad-lite/templates/nginx-vhost.conf.j2 b/roles/etherpad-lite/templates/nginx-vhost.conf.j2 new file mode 100644 index 00000000..9bca4f22 --- /dev/null +++ b/roles/etherpad-lite/templates/nginx-vhost.conf.j2 @@ -0,0 +1,57 @@ +server { + listen 80; + listen [::]:80; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + include snippets/ssl.conf; + ssl_certificate /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey; + include snippets/hsts.conf; + + location / { + rewrite ^/$ / break; + rewrite ^/locales/(.*) /locales/$1 break; + rewrite ^/locales.json /locales.json break; + rewrite ^/admin(.*) /admin$1 break; + rewrite ^/p/(.*) /p/$1 break; + rewrite ^/static/(.*) /static/$1 break; + rewrite ^/pluginfw/(.*) /pluginfw/$1 break; + rewrite ^/javascripts/(.*) /javascripts/$1 break; + rewrite ^/socket.io/(.*) /socket.io/$1 break; + rewrite ^/ep/(.*) /ep/$1 break; + rewrite ^/minified/(.*) /minified/$1 break; + rewrite ^/api/(.*) /api/$1 break; + rewrite ^/ro/(.*) /ro/$1 break; + rewrite ^/error/(.*) /error/$1 break; + rewrite ^/jserror(.*) /jserror$1 break; + rewrite ^/redirect(.*) /redirect$1 break; + rewrite /favicon.ico /favicon.ico break; + rewrite /robots.txt /robots.txt break; + rewrite /(.*) /p/$1; + + include snippets/proxy-nobuff.conf; + + proxy_set_header Host $host; + include snippets/proxy-forward-headers.conf; + proxy_pass_header Server; + + # for websockets + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_pass http://127.0.0.1:{{ item.value.port }}; + } +} diff --git a/roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 b/roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 new file mode 100644 index 00000000..0e0b6b8b --- /dev/null +++ b/roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "etherpad-lite-{{ item.key }}" +spec: + securityContext: + allowPrivilegeEscalation: false + containers: + - name: etherpad-lite + image: etherpad/etherpad:{{ item.value.version }} + # securityContext: + # runAsUser: {{ etherpad_lite_app_uid }} + # runAsGroup: {{ etherpad_lite_app_gid }} + resources: + limits: + memory: "4Gi" + volumeMounts: + - name: config + mountPath: /opt/etherpad/settings.json + subPath: settings.json + readOnly: true + - name: config + mountPath: /opt/etherpad/credentials.json + subPath: credentials.json + readOnly: true + ports: + - containerPort: 9001 + hostPort: {{ item.value.port }} + - name: database + image: "mariadb:{{ item.value.database.version }}" + securityContext: + runAsUser: {{ etherpad_lite_db_uid }} + runAsGroup: {{ etherpad_lite_db_gid }} + resources: + limits: + memory: "4Gi" + env: + - name: MYSQL_RANDOM_ROOT_PASSWORD + value: "true" + - name: MYSQL_DATABASE + value: etherpad-lite + - name: MYSQL_USER + value: etherpad-lite + - name: MYSQL_PASSWORD + value: "{{ item.value.database.password }}" + volumeMounts: + - name: database + mountPath: /var/lib/mysql + volumes: + - name: config + hostPath: + path: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/" + type: Directory + - name: database + hostPath: + path: "{{ etherpad_lite_base_path }}/{{ item.key }}/{{ item.value.database.type }}" + type: Directory -- cgit v1.2.3