Adds Ansible Playbook for deploying multiple docker compose instances. #348
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| vars.yaml | ||
| iris-clients | ||
| .DS_store | ||
| *.cer | ||
| *.crt | ||
| *.key | ||
| *.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
| # IRIS Client - Ansible Playbook | ||
|
|
||
| Playbook for installing one or multiple IRIS Client instances. This installation assumes that all clients run under the same root (sub)domain (e.g. client-1.domain.de, client-2.domain.de) and thus use the same wildcard ssl certificate ( e.g. *.domain.de ). | ||
|
|
||
| This guide assumes that you are already aware of the [IRIS Client Docker Compose Installation](https://github.com/iris-connect/iris-client/blob/develop/infrastructure/deployment/docs/Installation-Docker-Compose.md) and that you have your certificates and keys in handy. | ||
|
|
||
| ## Compatability | ||
|
|
||
| Tested with Ubuntu LTS 18.04. | ||
|
|
||
| ## Installation Ansible | ||
|
|
||
| Running the playbook requires the latest version of Ansible. | ||
|
|
||
| 1. Remove any old version. | ||
|
|
||
| ``` | ||
| sudo apt remove ansible && sudo apt --purge autoremove | ||
| ``` | ||
|
|
||
| 1. Add Ansible repos. | ||
|
|
||
| ``` | ||
| sudo apt install software-properties-common | ||
| sudo apt-add-repository ppa:ansible/ansible | ||
| ``` | ||
|
|
||
| 1. Update your repos. | ||
|
|
||
| ``` | ||
| sudo apt update | ||
| ``` | ||
|
|
||
| 1. Install Ansible. | ||
|
|
||
| ``` | ||
| sudo apt install ansible | ||
| ``` | ||
|
|
||
| 1. Check Ansible version. | ||
|
|
||
| ``` | ||
| ansible --version | ||
| # ansible 2.9.24 | ||
| ``` | ||
| (This or newer) | ||
|
|
||
| ## Project structure | ||
|
|
||
| You need to download the whole folder structure. It contains files and folders needed by the playbook. It also gives you a structure how to customize your personal installation. | ||
|
|
||
| ``` | ||
| . | ||
| ├── certs | ||
| │ ├── eps # This is where your EPS and PROXY certificates and keys go. | ||
| │ └── nginx # This is where your wildcard certificate and key goes. | ||
| ├── includes # Modules needed by the playbook. | ||
| ├── scripts # Scripts needed by the playbook. | ||
| |── templates # JNinja Templates needed by the playbook. | ||
| ├── playbook.yaml # The actual Ansible playbook. | ||
| └── vars.yaml.example # An example of the vars file. | ||
| ``` | ||
|
|
||
| ## Installing IRIS Clients with Ansible. | ||
|
|
||
| 1. Copy your SSL wildcard certificate and key to `certs/nginx`. | ||
| 1. Copy your EPS and Proxy certificates and keys to `certs/eps`. | ||
| 1. Rename file `vars.yaml.example`. | ||
| ``` | ||
| mv vars.yaml.example vars.yaml | ||
| ``` | ||
| 1. Edit `vars.yaml` and add your customized iris-client configurations. | ||
| 1. Run playbook | ||
| ``` | ||
| ansible-playbook playbook.yaml | ||
| ``` | ||
| This will install all clients to `<Your Project Dir>/iris-clients`. You can override the installation dir. | ||
| ``` | ||
| ansible-playbook playbook.yaml --extra-vars "install_dir=/opt/your-preferred-dir" | ||
| ``` | ||
| After the playbook is finished all clients are registered with systemd and already started for you. | ||
|
|
||
| ## Useful commands | ||
|
|
||
| 1. Start and stop a specific iris-client instance. | ||
| ``` | ||
| systemctl start <iris-client-name> | ||
| systemctl stop <iris-client-name> | ||
| ``` | ||
| 1. See status of a specific iris-client instance. | ||
| ``` | ||
| systemctl status <iris-client-name> | ||
| ``` | ||
| 1. See logs of a specific iris-client instance. | ||
| ``` | ||
| journalctl -fu <iris-client-name> | ||
| ``` | ||
|
|
||
|
|
||
|
|
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| - name: "Create envs folder for {{ client.name }}" | ||
| file: | ||
| path: "{{ env_dir }}/{{ client.name }}" | ||
| state: directory | ||
|
|
||
| - name: "Create eps certs folder for {{ client.name }}" | ||
| file: | ||
| path: "{{ env_dir }}/{{ client.name }}/certs/eps" | ||
| state: directory | ||
|
|
||
| - name: "Create nginx certs folder for {{ client.name }}" | ||
| file: | ||
| path: "{{ env_dir }}/{{ client.name }}/certs/nginx" | ||
| state: directory | ||
|
|
||
| - name: "Copy all certificates for {{ client.name }}" | ||
| ansible.builtin.copy: | ||
| src: "certs" | ||
| dest: "{{ env_dir }}/{{ client.name }}" | ||
|
|
||
| - name: "Create docker-compose.yml for {{ client.name }}" | ||
| ansible.builtin.template: | ||
| src: templates/docker-compose.yaml.j2 | ||
| dest: "{{ env_dir }}/{{ client.name }}/docker-compose.yaml" | ||
|
|
||
| # ENVS | ||
|
|
||
| - name: "Create JWT secret for {{ client.name }}" | ||
| set_fact: | ||
| jwt_secret: "{{ lookup('password', '/dev/null chars=chars=ascii_letters,digits length=64') }}" | ||
|
|
||
| - name: "Create Admin start password for {{ client.name }}" | ||
| set_fact: | ||
| admin_password: "{{ lookup('password', passwords_dir + '/' + client.name + '-admin chars=chars=ascii_letters,digits length=16') }}" | ||
|
|
||
| - name: "Create Admin start password for {{ client.name }}" | ||
| set_fact: | ||
| postgres_password: "{{ lookup('password', passwords_dir + '/' + client.name + '-postgres chars=chars=ascii_letters,digits length=16') }}" | ||
|
|
||
| - name: "Create .env file for {{ client.name }}" | ||
| ansible.builtin.template: | ||
| src: templates/env.j2 | ||
| dest: "{{ env_dir }}/{{ client.name }}/.env" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| - name: "Create NGINX site conf for {{ client.name }} -> {{ client.domain }}" | ||
| ansible.builtin.template: | ||
| src: templates/nginx.conf.j2 | ||
| dest: /etc/nginx/sites-enabled/iris-client-{{ client.name }}.conf | ||
| mode: '0644' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| - name: "Create systemd conf for {{ client.name }}" | ||
| ansible.builtin.template: | ||
| src: templates/systemd.j2 | ||
| dest: /etc/systemd/system/iris-client-{{ client.name }}.service | ||
| mode: '0644' | ||
|
|
||
| - name: Reload systemd | ||
| ansible.builtin.systemd: | ||
| daemon_reload: yes | ||
|
|
||
| - name: "Start and enable service for {{ client.name }}" | ||
| ansible.builtin.systemd: | ||
| name: "iris-client-{{ client.name }}" | ||
| state: restarted | ||
| enabled: yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| - block: | ||
| - name: Install required dependencies | ||
| apt: | ||
| name: "{{item}}" | ||
| state: present | ||
| update_cache: yes | ||
| loop: | ||
| - apt-transport-https | ||
| - ca-certificates | ||
| - curl | ||
| - gnupg-agent | ||
| - software-properties-common | ||
|
|
||
| - name: Add docker.io GPG key | ||
| apt_key: | ||
| url: https://download.docker.com/linux/ubuntu/gpg | ||
| state: present | ||
|
|
||
| - name: Add docker repository to apt | ||
| apt_repository: | ||
| repo: deb https://download.docker.com/linux/ubuntu bionic stable | ||
| state: present | ||
|
|
||
| - name: install docker | ||
| apt: | ||
| name: "{{item}}" | ||
| state: latest | ||
| update_cache: yes | ||
| loop: | ||
| - docker-ce | ||
| - docker-ce-cli | ||
| - containerd.io | ||
|
|
||
| - name: Start docker service. | ||
| service: | ||
| name: docker | ||
| state: started | ||
| enabled: yes | ||
|
|
||
| - name: Download docker-compose.yaml | ||
| ansible.builtin.script: scripts/download-docker-compose.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| --- | ||
| - name: Install IRIS Client | ||
| hosts: localhost | ||
| vars: | ||
| install_dir: "{{ lookup('env', 'PWD') }}/iris-clients" | ||
| bin_dir: "{{ install_dir }}/bin" | ||
| passwords_dir: "{{ install_dir }}/.start-passwords" | ||
| env_dir: "{{ install_dir }}/envs" | ||
| vars_files: | ||
| - vars.yaml | ||
| tasks: | ||
|
|
||
| # Install Docker and Docker Comopose. | ||
|
|
||
| - name: Install Docker | ||
| include: includes/install-docker.yaml | ||
|
|
||
| # Create inital folder structure. | ||
|
|
||
| - name: Create envs folder | ||
| file: | ||
| path: "{{ env_dir }}" | ||
| state: directory | ||
|
|
||
| - name: Create passwords folder | ||
| file: | ||
| path: "{{ passwords_dir }}" | ||
| state: directory | ||
|
|
||
| - name: Create eps certs folder | ||
| file: | ||
| path: "{{ install_dir }}/certs/eps" | ||
| state: directory | ||
|
|
||
| - name: Create nginx certs folder | ||
| file: | ||
| path: "{{ install_dir }}/certs/nginx" | ||
| state: directory | ||
|
|
||
| - name: Copy all certificates | ||
| ansible.builtin.copy: | ||
| src: "certs" | ||
| dest: "{{ install_dir }}" | ||
|
|
||
| # IRIS Client conf files for all instances | ||
|
|
||
| - include: includes/create-env-files.yaml client={{ item }} | ||
| vars: | ||
| cert: "{{ nginx.cert}}" | ||
| key: "{{ nginx.key}}" | ||
| loop: "{{ clients }}" | ||
| loop_control: | ||
| index_var: index | ||
|
|
||
|
|
||
| # Systemd conf for all instances | ||
|
|
||
| - include: includes/create-systemd.yaml client={{ item }} | ||
| loop: "{{ clients }}" | ||
|
|
||
|
|
||
|
|
||
| # NGINX reverse Proxy | ||
|
|
||
| - name: Install nginx | ||
| apt: | ||
| name: nginx | ||
| state: latest | ||
| update_cache: yes | ||
|
|
||
| - include: includes/create-nginx-conf.yaml client={{ item }} | ||
| vars: | ||
| cert: "{{ nginx.cert}}" | ||
| key: "{{ nginx.key}}" | ||
| loop: "{{ clients }}" | ||
| loop_control: | ||
| index_var: index | ||
|
|
||
| - name: Start and enable nginx | ||
| ansible.builtin.systemd: | ||
| name: nginx | ||
| state: restarted | ||
| enabled: yes | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | ||
| sudo chmod +x /usr/local/bin/docker-compose | ||
|
Comment on lines
+1
to
+2
There was a problem hiding this comment. Wouldn't it make more sense to use |
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could not find anything where these variables are used.