From d3a4cb89372814728d272eb6452ad782447d2923 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 20 Jan 2023 01:32:18 +0100 Subject: add tenative role for bluespice mdediawiki (unfinished) --- files/chaos-at-home/bind-zones/db.elev8.at | 4 +- inventory/host_vars/sk-cloudio/bluespice.yml | 20 +++++++++ roles/apps/bluespice/defaults/main.yml | 19 ++++++++ roles/apps/bluespice/tasks/main.yml | 61 ++++++++++++++++++++++++++ roles/apps/bluespice/templates/pod-spec.yml.j2 | 35 +++++++++++++++ 5 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 inventory/host_vars/sk-cloudio/bluespice.yml create mode 100644 roles/apps/bluespice/defaults/main.yml create mode 100644 roles/apps/bluespice/tasks/main.yml create mode 100644 roles/apps/bluespice/templates/pod-spec.yml.j2 diff --git a/files/chaos-at-home/bind-zones/db.elev8.at b/files/chaos-at-home/bind-zones/db.elev8.at index 8d342a15..8af5efaa 100644 --- a/files/chaos-at-home/bind-zones/db.elev8.at +++ b/files/chaos-at-home/bind-zones/db.elev8.at @@ -1,7 +1,7 @@ $TTL 1h @ SOA ns0.chaos-at-home.org. hostmaster ( - 2022111100 + 2023012000 1h 5m 30d @@ -16,6 +16,8 @@ $TTL 1h wolke CNAME cloudio.skillz.biz. office CNAME cloudio.skillz.biz. +bs CNAME cloudio.skillz.biz. + stun A 162.55.59.151 _stun._udp SRV 10 0 3478 stun.elev8.at. _stun._tcp SRV 10 0 3478 stun.elev8.at. diff --git a/inventory/host_vars/sk-cloudio/bluespice.yml b/inventory/host_vars/sk-cloudio/bluespice.yml new file mode 100644 index 00000000..30b3f330 --- /dev/null +++ b/inventory/host_vars/sk-cloudio/bluespice.yml @@ -0,0 +1,20 @@ +--- +## bluespice role does not work yet... + +# bluespice_zfs: +# pool: storage +# name: bluespice +# properties: +# compression: lz4 +# quota: 20G + +# bluespice_instances: +# example: +# version: 4.2.4 +# port: 8000 +# hostname: bs.elev8.at +# language: en +# admin: +# username: admin +# password: test +# db_password: secretgeheim diff --git a/roles/apps/bluespice/defaults/main.yml b/roles/apps/bluespice/defaults/main.yml new file mode 100644 index 00000000..23d18724 --- /dev/null +++ b/roles/apps/bluespice/defaults/main.yml @@ -0,0 +1,19 @@ +--- +# bluespice_base_path: /srv/bluespice + +# bluespice_zfs: +# pool: storage +# name: bluespice +# properties: +# compression: lz4 + +# bluespice_instances: +# example: +# version: 4.2.4 +# port: 8000 +# hostname: bs.example.com +# language: en +# admin: +# username: admin +# password: very-secure-password +# db_password: super-secret diff --git a/roles/apps/bluespice/tasks/main.yml b/roles/apps/bluespice/tasks/main.yml new file mode 100644 index 00000000..899d1e1d --- /dev/null +++ b/roles/apps/bluespice/tasks/main.yml @@ -0,0 +1,61 @@ +--- +- name: create zfs datasets + when: bluespice_zfs is defined + block: + - name: create zfs base dataset + zfs: + name: "{{ bluespice_zfs.pool }}/{{ bluespice_zfs.name }}" + state: present + extra_zfs_properties: "{{ bluespice_zfs.properties | dehumanize_zfs_properties | default(omit) }}" + + - name: create zfs volumes for instances + loop: "{{ bluespice_instances | dict2items }}" + loop_control: + label: "{{ item.key }} ({{ (item.value.zfs_properties | default({})).items() | map('join', '=') | join(', ') }})" + zfs: + name: "{{ bluespice_zfs.pool }}/{{ bluespice_zfs.name }}/{{ item.key }}" + state: present + extra_zfs_properties: "{{ item.value.zfs_properties | dehumanize_zfs_properties | default(omit) }}" + + - name: configure bluespice base bath + set_fact: + bluespice_base_path: "{{ (zfs_pools[bluespice_zfs.pool].mountpoint, bluespice_zfs.name) | path_join }}" + + +- name: create instance subdirectories + loop: "{{ bluespice_instances | list }}" + file: + path: "{{ bluespice_base_path }}/{{ item }}/data" + state: directory + + +- name: install pod manifest + loop: "{{ bluespice_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + kubernetes_standalone_pod: + name: "bluespice-{{ item.key }}" + spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" + mode: "0600" + include_role: + name: kubernetes/standalone/pod + +- name: configure nginx vhost + loop: "{{ bluespice_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + nginx_vhost: + name: "bluespice-{{ item.key }}" + template: generic + acme: true + hostnames: + - "{{ item.value.hostname }}" + locations: + '/': + proxy_pass: "http://127.0.0.1:{{ item.value.port }}" + extra_directives: |- + client_max_body_size 0; + include_role: + name: nginx/vhost diff --git a/roles/apps/bluespice/templates/pod-spec.yml.j2 b/roles/apps/bluespice/templates/pod-spec.yml.j2 new file mode 100644 index 00000000..67493dc0 --- /dev/null +++ b/roles/apps/bluespice/templates/pod-spec.yml.j2 @@ -0,0 +1,35 @@ +terminationGracePeriodSeconds: 120 +containers: +- name: bluespice + image: "bluespice/bluespice-free:{{ item.value.version }}" + resources: + limits: + memory: "4Gi" + env: + - name: "BS_NAME" + value: "{{ item.key }}" + - name: "BS_URL" + value: "https://{{ item.value.hostname }}" + - name: "BS_LANG" + value: "{{ item.value.language }}" + - name: "BS_USER" + value: "{{ item.value.admin.username }}" + - name: "BS_PASSWORD" + value: "{{ item.value.admin.password }}" + - name: "BS_DB_PASSWORD" + value: "{{ item.value.db_password }}" + - name: "DISABLE_PINGBACK" + value: "yes" + volumeMounts: + - name: data + mountPath: /data + ports: + - containerPort: 80 + hostPort: {{ item.value.port }} + hostIP: 127.0.0.1 + +volumes: +- name: data + hostPath: + path: "{{ bluespice_base_path }}/{{ item.key }}/data" + type: Directory -- cgit v1.2.3