Helper to transfer data to CephFs and setup wikis

2025-12-24 21:26:59 +01:00 · 2019-09-01 03:41:21 +02:00 · 2019-09-01 03:41:21 +02:00 · d77f2ef548
commit d77f2ef548
parent 80321d5ec9
10 changed files with 163 additions and 39 deletions
--- a/ansible-playbook.sh
+++ b/ansible-playbook.sh
@ -6,4 +6,9 @@ export HCLOUD_TOKEN=$(./get_hcloud_token.sh)
 ENVIRONMENT=$(cat .environment)
 source .virtualenv/bin/activate

-ansible-playbook -i inventories/$ENVIRONMENT --vault-id=~/.ssh/vault-pass  "$@"
+ARGS="-i inventories/$ENVIRONMENT"
+ARGS="$ARGS --vault-id=~/.ssh/vault-pass"
+ARGS="$ARGS $@"
+
+echo "ansible-playbook $ARGS"
+ansible-playbook $ARGS
--- a/manifests.yml
+++ b/manifests.yml
@ -2,3 +2,5 @@
  gather_facts: no
  roles:
    - role: k8s-manifests
+    - role: k8s-utils
+      tags: ["utils"]
--- a/roles/k8s-manifests/defaults/main.yml
+++ b/roles/k8s-manifests/defaults/main.yml
@ -2,5 +2,4 @@
 letsencrypt_email: letsencrypt.account@banditlair.com
 traefik_domain: "traefik.{{banditlair_domain}}"
 searx_domain: "searx.{{banditlair_domain}}"
-anderia_domain: "anderia.{{banditlair_domain}}"
 rook_domain: "rook.{{banditlair_domain}}"
--- a/roles/k8s-manifests/tasks/main.yml
+++ b/roles/k8s-manifests/tasks/main.yml
@ -15,7 +15,14 @@
  tags: searx


- import_tasks: anderia-wiki.yml
-  tags: 
+- include_tasks: 
+    file: wiki.yml
+    apply:
+      tags:
+        - wiki
+  vars:
+    wiki_instance: "{{ item }}"
+  loop:
    - anderia
-    - wiki
+    - arkadia
+  tags: wiki
--- a/roles/k8s-manifests/tasks/rook.yml
+++ b/roles/k8s-manifests/tasks/rook.yml
@ -14,12 +14,10 @@

 # Workaround until https://github.com/ansible/ansible/pull/59160 is released
 - name: Remove last line of the manifest file
-  lineinfile:
-    path: /tmp/rook-common.yml
-    state: absent
-    regexp: '^---$'
+  command: sed -i '$ d' /tmp/rook-common.yml
  delegate_to: localhost
  changed_when: false
+  warn: false

 - name: Apply Rook manifests
  k8s:
--- a/roles/k8s-manifests/tasks/anderia-wiki.yml
+++ b/roles/k8s-manifests/tasks/anderia-wiki.yml
@ -1,4 +1,4 @@
- name: Anderia wiki deployment
+- name: "{{ wiki_instance }} wiki deployment"
  k8s:
    namespace: default
    state: present
@ -6,20 +6,20 @@
      apiVersion: apps/v1
      kind: Deployment
      metadata:
-        name: anderia-wiki
+        name: "{{ wiki_instance }}-wiki"
      spec:
        replicas: 2
        selector:
          matchLabels:
-            app: anderia-wiki
+            app: "{{ wiki_instance }}-wiki"
        template:
          metadata:
            labels:
-              app: anderia-wiki
+              app: "{{ wiki_instance }}-wiki"
          spec:
            containers:
-              - name: anderia-wiki
-                image: bitnami/dokuwiki
+              - name: "{{ wiki_instance }}-wiki"
+                image: bitnami/dokuwiki:0.20180422.201901061035
                imagePullPolicy: IfNotPresent
                ports:
                  - containerPort: 80
@ -32,18 +32,19 @@
                    path: /
                    port: 80
                volumeMounts:
-                - mountPath: "/bitnami"
-                  name: anderia-wiki-data
+                - mountPath: /bitnami
+                  name: "{{ wiki_instance }}-wiki-data"
            volumes:
-              - name: anderia-wiki-data
+              - name: "{{ wiki_instance }}-wiki-data"
                flexVolume:
                  driver: ceph.rook.io/rook
                  fsType: ceph
                  options:
                    fsName: ceph-fs # name of the filesystem specified in the filesystem CRD.
                    clusterNamespace: rook-ceph # namespace where the Rook cluster is deployed
+                    path: /wiki/{{ wiki_instance }}

- name: Anderia wiki service
+- name: "{{ wiki_instance }} wiki service"
  k8s:
    namespace: default
    state: present
@ -51,16 +52,16 @@
      apiVersion: v1
      kind: Service
      metadata:
-        name: anderia-wiki
+        name: "{{ wiki_instance }}-wiki"
      spec:
        type: ClusterIP
        ports:
          - port: 80
            targetPort: 80
        selector:
-          app: anderia-wiki
+          app: "{{ wiki_instance }}-wiki"

- name: Anderia wiki ingress
+- name: "{{ wiki_instance }} wiki ingress"
  k8s:
    namespace: default
    state: present
@ -68,7 +69,7 @@
      apiVersion: extensions/v1beta1
      kind: Ingress
      metadata:
-        name: anderia
+        name: "{{ wiki_instance }}"
        annotations:
          kubernetes.io/ingress.class: nginx
          certmanager.k8s.io/cluster-issuer: "{{cert_manager_issuer}}"
@ -76,14 +77,14 @@
          # ingress.kubernetes.io/ssl-temporary-redirect: "false"
      spec:
        rules:
-        - host: "{{ anderia_domain }}"
+        - host: "{{ wiki_instance }}.{{banditlair_domain}}"
          http:
            paths:
            - path: /
              backend:
-                serviceName: anderia-wiki
+                serviceName: "{{ wiki_instance }}-wiki"
                servicePort: 80
        tls:
        - hosts:
-            - "{{ anderia_domain }}"
-          secretName: anderia-cert
+            - "{{ wiki_instance }}.{{banditlair_domain}}"
+          secretName: "{{ wiki_instance }}-cert"
--- a/roles/k8s-utils/files/run_sshd_pod.sh
+++ b/roles/k8s-utils/files/run_sshd_pod.sh
@ -0,0 +1,60 @@
+kubectl run sshd-data --image=panubo/sshd --rm -ti --restart=Never --overrides='
+{
+  "metadata": {
+      "labels": {
+          "app": "sshd-data"
+      }
+  },
+  "spec": {
+      "containers": [
+          {
+              "stdin": true,
+              "tty": true,
+              "name": "sshd-data",
+              "image": "panubo/sshd",
+              "env": [
+                  {
+                      "name":"SSH_USERS",
+                      "value":"storage1:1042:1042"
+                  },
+                  {
+                      "name":"SSH_ENABLE_ROOT",
+                      "value":"true"
+                  }
+              ],
+              "volumeMounts": [
+                  {
+                      "name": "data",
+                      "mountPath": "/data"
+                  },
+                  {
+                      "name": "authorized-keys",
+                      "mountPath": "/etc/authorized_keys/root",
+                      "subPath": "root"
+                  }
+              ]
+          }
+      ],
+      "volumes": [
+          {
+              "name": "data",
+              "flexVolume": {
+                  "driver": "ceph.rook.io/rook",
+                  "fsType": "ceph",
+                  "options": {
+                      "fsName": "ceph-fs",
+                      "clusterNamespace" : "rook-ceph"
+                  }
+               }
+          },
+          {
+              "name": "authorized-keys",
+              "configMap": {
+                  "name": "sshd-authorized-keys",
+                  "defaultMode": 420
+              }
+          }
+      ]
+  }
+}
+'
--- a/roles/k8s-utils/tasks/main.yml
+++ b/roles/k8s-utils/tasks/main.yml
@ -0,0 +1,44 @@
+- name: Create utils directory
+  file:
+    state: directory
+    path: /root/utils
+
+- name: Create run_sshd_pod.sh
+  copy:
+    src: run_sshd_pod.sh
+    dest: /root/utils/run_sshd_pod.sh
+    mode: 0700
+
+- name: Create sshd_authorized_keys config map
+  k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: sshd-authorized-keys
+        namespace: default
+      data:
+        root: |
+          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPhCld0dsDzpdkMvPRdiwd6IX8HF8Mb2V6uQzBl8/syeny8FbZxlZR8gk39RGxNYcLaZ+nA50DS6mOIplXCGdtozfw0Vm+FdITN3apMufWIdobG7Igs1vxKBBbkAb5lwxkEFUCUMzPdCLFHd5zabVH0WE42Be8+hYPLd5W/ikPCOgxRaGwryHHroxRMdkD3PcNE8upSEMdGl51pzgXhO6Fcig8UokOYHxV92SiQ0KEsCbc+oe8e9Gkr7g78tz+6YcTYLY2p2ygR7Vrh/WyTaUVnrNNqL8NIqp+Lc2kVtnqGXHFBJ0Wggaly+AeKWygy+dnOMEGSirhQ6/dUcB/Phz phfroidmont@archdesktop-2017-07-31
+          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQNavMeTECRU+7JGsv2sSZgC9qfPU9kKkYmM/p+07MGydqt76AJSYBIMl+4u0rSU/Di+TRn0E89Ik/RTduTUwXyqBxOuYMaIu7KnDZAHl0xlg0nEvPuanI0GiUh0uzskVnTyn6zwx9JvglBdH/j6MH/6/LBJ4CnWLIvlvlQN/wpw24Vm9WoTruEp/IWxg30lUA+MUNjx+5MmMUXZatk/zNGZK06fD0/vUMsWh3vQNIE3FsUQ7OEpLCrIPglfU2Wg5T/jmaxl6pD3cze4DjwBT9quqpbep36ZWDcD+ThsuMx5kca/HzGtMEwUA7L1PMNOjqVe5yBSBtOsIw4iB4qNKpjloxMVU1TXZRQd0EIqA/G7YNbsE+38FCzxqjtqin9Rnd9A5ISrkdyVYVycm3CElAU7rlpANT2Qh8y+tPfS/L4K7dyQGt5Fc5GLnIBCWVJlLpDAgykVL1hAOOuzct3dyKAn/7D+bU6OjPI2p0HwkeoI4JBmDqQEv/V04a0aDHm1kYieXzb2CMgkekXe7FwcUvujlNSr6VAoJq0NrNN6hSsPC8itNNElwv618dJwxc/ALO0d1CPRjJzs0lTSeVTZASq29TxJOWhlSGc+zWzxfxEB9EYF+QpqMyhrXh+eMQzqmVv055kMFFwSLCtLOBUq1dW0W/U/5abhNeJ1DRrACUEw== root@storage1-2018-10-11
+
+- name: Create sshd-data service
+  k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: sshd-data-svc
+        namespace: default
+        labels:
+          name: sshd-data-svc
+      spec:
+        ports:
+          - name: ssh
+            port: 22
+            nodePort: 30522
+        type: NodePort
+        selector:
+          app: sshd-data
--- a/roles/scripts/files/syncDataToK8s.sh
+++ b/roles/scripts/files/syncDataToK8s.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+DESTINATION_HOST=116.203.8.164
+
+rsync -aAvh -e 'ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p 30522' --progress /var/lib/wiki/ root@${DESTINATION_HOST}:/data/wiki --delete
--- a/roles/scripts/tasks/main.yml
+++ b/roles/scripts/tasks/main.yml
@ -1,16 +1,17 @@
 ---
- name: Create dockerComposeAll.sh
+- name: Create scripts
  template:
-    src: dockerComposeAll.sh
-    dest: /root/dockerComposeAll.sh
+    src: "{{ item }}"
+    dest: /root/{{ item }}
    mode: 0700
- name: Create syncData.sh
-  template:
-    src: syncData.sh
-    dest: /root/syncData.sh
-    mode: 0700
- name: Create updateAll.sh
-  template:
-    src: updateAll.sh
-    dest: /root/updateAll.sh
+  loop:
+    - dockerComposeAll.sh
+    - syncData.sh
+    - updateAll.sh
+
+- name: Create syncDataToK8s.sh
+  copy:
+    src: syncDataToK8s.sh
+    dest: /root/syncDataToK8s.sh
    mode: 0700
+