From d77f2ef548cb55cb0493820b5b77f4fa70dfe67c Mon Sep 17 00:00:00 2001 From: Paul-Henri Froidmont Date: Sun, 1 Sep 2019 03:41:21 +0200 Subject: [PATCH] Helper to transfer data to CephFs and setup wikis --- ansible-playbook.sh | 7 ++- manifests.yml | 2 + roles/k8s-manifests/defaults/main.yml | 1 - roles/k8s-manifests/tasks/main.yml | 13 +++- roles/k8s-manifests/tasks/rook.yml | 6 +- .../tasks/{anderia-wiki.yml => wiki.yml} | 37 ++++++------ roles/k8s-utils/files/run_sshd_pod.sh | 60 +++++++++++++++++++ roles/k8s-utils/tasks/main.yml | 44 ++++++++++++++ roles/scripts/files/syncDataToK8s.sh | 7 +++ roles/scripts/tasks/main.yml | 25 ++++---- 10 files changed, 163 insertions(+), 39 deletions(-) rename roles/k8s-manifests/tasks/{anderia-wiki.yml => wiki.yml} (66%) create mode 100644 roles/k8s-utils/files/run_sshd_pod.sh create mode 100644 roles/k8s-utils/tasks/main.yml create mode 100644 roles/scripts/files/syncDataToK8s.sh diff --git a/ansible-playbook.sh b/ansible-playbook.sh index f651fbf..922a280 100755 --- a/ansible-playbook.sh +++ b/ansible-playbook.sh @@ -6,4 +6,9 @@ export HCLOUD_TOKEN=$(./get_hcloud_token.sh) ENVIRONMENT=$(cat .environment) source .virtualenv/bin/activate -ansible-playbook -i inventories/$ENVIRONMENT --vault-id=~/.ssh/vault-pass "$@" +ARGS="-i inventories/$ENVIRONMENT" +ARGS="$ARGS --vault-id=~/.ssh/vault-pass" +ARGS="$ARGS $@" + +echo "ansible-playbook $ARGS" +ansible-playbook $ARGS diff --git a/manifests.yml b/manifests.yml index 63e64ef..9d5f224 100644 --- a/manifests.yml +++ b/manifests.yml @@ -2,3 +2,5 @@ gather_facts: no roles: - role: k8s-manifests + - role: k8s-utils + tags: ["utils"] diff --git a/roles/k8s-manifests/defaults/main.yml b/roles/k8s-manifests/defaults/main.yml index 3696da2..b7112d5 100644 --- a/roles/k8s-manifests/defaults/main.yml +++ b/roles/k8s-manifests/defaults/main.yml @@ -2,5 +2,4 @@ letsencrypt_email: letsencrypt.account@banditlair.com traefik_domain: "traefik.{{banditlair_domain}}" searx_domain: "searx.{{banditlair_domain}}" -anderia_domain: "anderia.{{banditlair_domain}}" rook_domain: "rook.{{banditlair_domain}}" diff --git a/roles/k8s-manifests/tasks/main.yml b/roles/k8s-manifests/tasks/main.yml index 2664c4c..5354603 100644 --- a/roles/k8s-manifests/tasks/main.yml +++ b/roles/k8s-manifests/tasks/main.yml @@ -15,7 +15,14 @@ tags: searx -- import_tasks: anderia-wiki.yml - tags: +- include_tasks: + file: wiki.yml + apply: + tags: + - wiki + vars: + wiki_instance: "{{ item }}" + loop: - anderia - - wiki + - arkadia + tags: wiki \ No newline at end of file diff --git a/roles/k8s-manifests/tasks/rook.yml b/roles/k8s-manifests/tasks/rook.yml index 15a2e87..fc0fa2f 100644 --- a/roles/k8s-manifests/tasks/rook.yml +++ b/roles/k8s-manifests/tasks/rook.yml @@ -14,12 +14,10 @@ # Workaround until https://github.com/ansible/ansible/pull/59160 is released - name: Remove last line of the manifest file - lineinfile: - path: /tmp/rook-common.yml - state: absent - regexp: '^---$' + command: sed -i '$ d' /tmp/rook-common.yml delegate_to: localhost changed_when: false + warn: false - name: Apply Rook manifests k8s: diff --git a/roles/k8s-manifests/tasks/anderia-wiki.yml b/roles/k8s-manifests/tasks/wiki.yml similarity index 66% rename from roles/k8s-manifests/tasks/anderia-wiki.yml rename to roles/k8s-manifests/tasks/wiki.yml index f0d59c9..a86536b 100644 --- a/roles/k8s-manifests/tasks/anderia-wiki.yml +++ b/roles/k8s-manifests/tasks/wiki.yml @@ -1,4 +1,4 @@ -- name: Anderia wiki deployment +- name: "{{ wiki_instance }} wiki deployment" k8s: namespace: default state: present @@ -6,20 +6,20 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: anderia-wiki + name: "{{ wiki_instance }}-wiki" spec: replicas: 2 selector: matchLabels: - app: anderia-wiki + app: "{{ wiki_instance }}-wiki" template: metadata: labels: - app: anderia-wiki + app: "{{ wiki_instance }}-wiki" spec: containers: - - name: anderia-wiki - image: bitnami/dokuwiki + - name: "{{ wiki_instance }}-wiki" + image: bitnami/dokuwiki:0.20180422.201901061035 imagePullPolicy: IfNotPresent ports: - containerPort: 80 @@ -32,18 +32,19 @@ path: / port: 80 volumeMounts: - - mountPath: "/bitnami" - name: anderia-wiki-data + - mountPath: /bitnami + name: "{{ wiki_instance }}-wiki-data" volumes: - - name: anderia-wiki-data + - name: "{{ wiki_instance }}-wiki-data" flexVolume: driver: ceph.rook.io/rook fsType: ceph options: fsName: ceph-fs # name of the filesystem specified in the filesystem CRD. clusterNamespace: rook-ceph # namespace where the Rook cluster is deployed + path: /wiki/{{ wiki_instance }} -- name: Anderia wiki service +- name: "{{ wiki_instance }} wiki service" k8s: namespace: default state: present @@ -51,16 +52,16 @@ apiVersion: v1 kind: Service metadata: - name: anderia-wiki + name: "{{ wiki_instance }}-wiki" spec: type: ClusterIP ports: - port: 80 targetPort: 80 selector: - app: anderia-wiki + app: "{{ wiki_instance }}-wiki" -- name: Anderia wiki ingress +- name: "{{ wiki_instance }} wiki ingress" k8s: namespace: default state: present @@ -68,7 +69,7 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: anderia + name: "{{ wiki_instance }}" annotations: kubernetes.io/ingress.class: nginx certmanager.k8s.io/cluster-issuer: "{{cert_manager_issuer}}" @@ -76,14 +77,14 @@ # ingress.kubernetes.io/ssl-temporary-redirect: "false" spec: rules: - - host: "{{ anderia_domain }}" + - host: "{{ wiki_instance }}.{{banditlair_domain}}" http: paths: - path: / backend: - serviceName: anderia-wiki + serviceName: "{{ wiki_instance }}-wiki" servicePort: 80 tls: - hosts: - - "{{ anderia_domain }}" - secretName: anderia-cert + - "{{ wiki_instance }}.{{banditlair_domain}}" + secretName: "{{ wiki_instance }}-cert" diff --git a/roles/k8s-utils/files/run_sshd_pod.sh b/roles/k8s-utils/files/run_sshd_pod.sh new file mode 100644 index 0000000..c9bea42 --- /dev/null +++ b/roles/k8s-utils/files/run_sshd_pod.sh @@ -0,0 +1,60 @@ +kubectl run sshd-data --image=panubo/sshd --rm -ti --restart=Never --overrides=' +{ + "metadata": { + "labels": { + "app": "sshd-data" + } + }, + "spec": { + "containers": [ + { + "stdin": true, + "tty": true, + "name": "sshd-data", + "image": "panubo/sshd", + "env": [ + { + "name":"SSH_USERS", + "value":"storage1:1042:1042" + }, + { + "name":"SSH_ENABLE_ROOT", + "value":"true" + } + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/data" + }, + { + "name": "authorized-keys", + "mountPath": "/etc/authorized_keys/root", + "subPath": "root" + } + ] + } + ], + "volumes": [ + { + "name": "data", + "flexVolume": { + "driver": "ceph.rook.io/rook", + "fsType": "ceph", + "options": { + "fsName": "ceph-fs", + "clusterNamespace" : "rook-ceph" + } + } + }, + { + "name": "authorized-keys", + "configMap": { + "name": "sshd-authorized-keys", + "defaultMode": 420 + } + } + ] + } +} +' diff --git a/roles/k8s-utils/tasks/main.yml b/roles/k8s-utils/tasks/main.yml new file mode 100644 index 0000000..6481949 --- /dev/null +++ b/roles/k8s-utils/tasks/main.yml @@ -0,0 +1,44 @@ +- name: Create utils directory + file: + state: directory + path: /root/utils + +- name: Create run_sshd_pod.sh + copy: + src: run_sshd_pod.sh + dest: /root/utils/run_sshd_pod.sh + mode: 0700 + +- name: Create sshd_authorized_keys config map + k8s: + state: present + definition: + apiVersion: v1 + kind: ConfigMap + metadata: + name: sshd-authorized-keys + namespace: default + data: + root: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPhCld0dsDzpdkMvPRdiwd6IX8HF8Mb2V6uQzBl8/syeny8FbZxlZR8gk39RGxNYcLaZ+nA50DS6mOIplXCGdtozfw0Vm+FdITN3apMufWIdobG7Igs1vxKBBbkAb5lwxkEFUCUMzPdCLFHd5zabVH0WE42Be8+hYPLd5W/ikPCOgxRaGwryHHroxRMdkD3PcNE8upSEMdGl51pzgXhO6Fcig8UokOYHxV92SiQ0KEsCbc+oe8e9Gkr7g78tz+6YcTYLY2p2ygR7Vrh/WyTaUVnrNNqL8NIqp+Lc2kVtnqGXHFBJ0Wggaly+AeKWygy+dnOMEGSirhQ6/dUcB/Phz phfroidmont@archdesktop-2017-07-31 + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQNavMeTECRU+7JGsv2sSZgC9qfPU9kKkYmM/p+07MGydqt76AJSYBIMl+4u0rSU/Di+TRn0E89Ik/RTduTUwXyqBxOuYMaIu7KnDZAHl0xlg0nEvPuanI0GiUh0uzskVnTyn6zwx9JvglBdH/j6MH/6/LBJ4CnWLIvlvlQN/wpw24Vm9WoTruEp/IWxg30lUA+MUNjx+5MmMUXZatk/zNGZK06fD0/vUMsWh3vQNIE3FsUQ7OEpLCrIPglfU2Wg5T/jmaxl6pD3cze4DjwBT9quqpbep36ZWDcD+ThsuMx5kca/HzGtMEwUA7L1PMNOjqVe5yBSBtOsIw4iB4qNKpjloxMVU1TXZRQd0EIqA/G7YNbsE+38FCzxqjtqin9Rnd9A5ISrkdyVYVycm3CElAU7rlpANT2Qh8y+tPfS/L4K7dyQGt5Fc5GLnIBCWVJlLpDAgykVL1hAOOuzct3dyKAn/7D+bU6OjPI2p0HwkeoI4JBmDqQEv/V04a0aDHm1kYieXzb2CMgkekXe7FwcUvujlNSr6VAoJq0NrNN6hSsPC8itNNElwv618dJwxc/ALO0d1CPRjJzs0lTSeVTZASq29TxJOWhlSGc+zWzxfxEB9EYF+QpqMyhrXh+eMQzqmVv055kMFFwSLCtLOBUq1dW0W/U/5abhNeJ1DRrACUEw== root@storage1-2018-10-11 + +- name: Create sshd-data service + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: sshd-data-svc + namespace: default + labels: + name: sshd-data-svc + spec: + ports: + - name: ssh + port: 22 + nodePort: 30522 + type: NodePort + selector: + app: sshd-data diff --git a/roles/scripts/files/syncDataToK8s.sh b/roles/scripts/files/syncDataToK8s.sh new file mode 100644 index 0000000..2fdd1b8 --- /dev/null +++ b/roles/scripts/files/syncDataToK8s.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e + +DESTINATION_HOST=116.203.8.164 + +rsync -aAvh -e 'ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p 30522' --progress /var/lib/wiki/ root@${DESTINATION_HOST}:/data/wiki --delete diff --git a/roles/scripts/tasks/main.yml b/roles/scripts/tasks/main.yml index cdf5b87..3a30fc6 100644 --- a/roles/scripts/tasks/main.yml +++ b/roles/scripts/tasks/main.yml @@ -1,16 +1,17 @@ --- -- name: Create dockerComposeAll.sh +- name: Create scripts template: - src: dockerComposeAll.sh - dest: /root/dockerComposeAll.sh + src: "{{ item }}" + dest: /root/{{ item }} mode: 0700 -- name: Create syncData.sh - template: - src: syncData.sh - dest: /root/syncData.sh - mode: 0700 -- name: Create updateAll.sh - template: - src: updateAll.sh - dest: /root/updateAll.sh + loop: + - dockerComposeAll.sh + - syncData.sh + - updateAll.sh + +- name: Create syncDataToK8s.sh + copy: + src: syncDataToK8s.sh + dest: /root/syncDataToK8s.sh mode: 0700 +