Helper to transfer data to CephFs and setup wikis

ansible-playbook.sh

@@ -6,4 +6,9 @@ export HCLOUD_TOKEN=$(./get_hcloud_token.sh)
 ENVIRONMENT=$(cat .environment)
 source .virtualenv/bin/activate
 
-ansible-playbook -i inventories/$ENVIRONMENT --vault-id=~/.ssh/vault-pass  "$@"
+ARGS="-i inventories/$ENVIRONMENT"
+ARGS="$ARGS --vault-id=~/.ssh/vault-pass"
+ARGS="$ARGS $@"
+
+echo "ansible-playbook $ARGS"
+ansible-playbook $ARGS

manifests.yml

@@ -2,3 +2,5 @@
   gather_facts: no
   roles:
     - role: k8s-manifests
+    - role: k8s-utils
+      tags: ["utils"]

roles/k8s-manifests/defaults/main.yml

@@ -2,5 +2,4 @@
 letsencrypt_email: letsencrypt.account@banditlair.com
 traefik_domain: "traefik.{{banditlair_domain}}"
 searx_domain: "searx.{{banditlair_domain}}"
-anderia_domain: "anderia.{{banditlair_domain}}"
 rook_domain: "rook.{{banditlair_domain}}"

roles/k8s-manifests/tasks/main.yml

@@ -15,7 +15,14 @@
   tags: searx
 
 
-- import_tasks: anderia-wiki.yml
+- include_tasks: 
+    file: wiki.yml
+    apply:
       tags:
-    - anderia
         - wiki
+  vars:
+    wiki_instance: "{{ item }}"
+  loop:
+    - anderia
+    - arkadia
+  tags: wiki

roles/k8s-manifests/tasks/rook.yml

@@ -14,12 +14,10 @@
 
 # Workaround until https://github.com/ansible/ansible/pull/59160 is released
 - name: Remove last line of the manifest file
-  lineinfile:
+  command: sed -i '$ d' /tmp/rook-common.yml
-    path: /tmp/rook-common.yml
-    state: absent
-    regexp: '^---$'
   delegate_to: localhost
   changed_when: false
+  warn: false
 
 - name: Apply Rook manifests
   k8s:

roles/k8s-manifests/tasks/wiki.yml

@@ -1,4 +1,4 @@
-- name: Anderia wiki deployment
+- name: "{{ wiki_instance }} wiki deployment"
   k8s:
     namespace: default
     state: present
@@ -6,20 +6,20 @@
       apiVersion: apps/v1
       kind: Deployment
       metadata:
-        name: anderia-wiki
+        name: "{{ wiki_instance }}-wiki"
       spec:
         replicas: 2
         selector:
           matchLabels:
-            app: anderia-wiki
+            app: "{{ wiki_instance }}-wiki"
         template:
           metadata:
             labels:
-              app: anderia-wiki
+              app: "{{ wiki_instance }}-wiki"
           spec:
             containers:
-              - name: anderia-wiki
+              - name: "{{ wiki_instance }}-wiki"
-                image: bitnami/dokuwiki
+                image: bitnami/dokuwiki:0.20180422.201901061035
                 imagePullPolicy: IfNotPresent
                 ports:
                   - containerPort: 80
@@ -32,18 +32,19 @@
                     path: /
                     port: 80
                 volumeMounts:
-                - mountPath: "/bitnami"
+                - mountPath: /bitnami
-                  name: anderia-wiki-data
+                  name: "{{ wiki_instance }}-wiki-data"
             volumes:
-              - name: anderia-wiki-data
+              - name: "{{ wiki_instance }}-wiki-data"
                 flexVolume:
                   driver: ceph.rook.io/rook
                   fsType: ceph
                   options:
                     fsName: ceph-fs # name of the filesystem specified in the filesystem CRD.
                     clusterNamespace: rook-ceph # namespace where the Rook cluster is deployed
+                    path: /wiki/{{ wiki_instance }}
 
-- name: Anderia wiki service
+- name: "{{ wiki_instance }} wiki service"
   k8s:
     namespace: default
     state: present
@@ -51,16 +52,16 @@
       apiVersion: v1
       kind: Service
       metadata:
-        name: anderia-wiki
+        name: "{{ wiki_instance }}-wiki"
       spec:
         type: ClusterIP
         ports:
           - port: 80
             targetPort: 80
         selector:
-          app: anderia-wiki
+          app: "{{ wiki_instance }}-wiki"
 
-- name: Anderia wiki ingress
+- name: "{{ wiki_instance }} wiki ingress"
   k8s:
     namespace: default
     state: present
@@ -68,7 +69,7 @@
       apiVersion: extensions/v1beta1
       kind: Ingress
       metadata:
-        name: anderia
+        name: "{{ wiki_instance }}"
         annotations:
           kubernetes.io/ingress.class: nginx
           certmanager.k8s.io/cluster-issuer: "{{cert_manager_issuer}}"
@@ -76,14 +77,14 @@
           # ingress.kubernetes.io/ssl-temporary-redirect: "false"
       spec:
         rules:
-        - host: "{{ anderia_domain }}"
+        - host: "{{ wiki_instance }}.{{banditlair_domain}}"
           http:
             paths:
             - path: /
               backend:
-                serviceName: anderia-wiki
+                serviceName: "{{ wiki_instance }}-wiki"
                 servicePort: 80
         tls:
         - hosts:
-            - "{{ anderia_domain }}"
+            - "{{ wiki_instance }}.{{banditlair_domain}}"
-          secretName: anderia-cert
+          secretName: "{{ wiki_instance }}-cert"

roles/k8s-utils/files/run_sshd_pod.sh

@@ -0,0 +1,60 @@
+kubectl run sshd-data --image=panubo/sshd --rm -ti --restart=Never --overrides='
+{
+  "metadata": {
+      "labels": {
+          "app": "sshd-data"
+      }
+  },
+  "spec": {
+      "containers": [
+          {
+              "stdin": true,
+              "tty": true,
+              "name": "sshd-data",
+              "image": "panubo/sshd",
+              "env": [
+                  {
+                      "name":"SSH_USERS",
+                      "value":"storage1:1042:1042"
+                  },
+                  {
+                      "name":"SSH_ENABLE_ROOT",
+                      "value":"true"
+                  }
+              ],
+              "volumeMounts": [
+                  {
+                      "name": "data",
+                      "mountPath": "/data"
+                  },
+                  {
+                      "name": "authorized-keys",
+                      "mountPath": "/etc/authorized_keys/root",
+                      "subPath": "root"
+                  }
+              ]
+          }
+      ],
+      "volumes": [
+          {
+              "name": "data",
+              "flexVolume": {
+                  "driver": "ceph.rook.io/rook",
+                  "fsType": "ceph",
+                  "options": {
+                      "fsName": "ceph-fs",
+                      "clusterNamespace" : "rook-ceph"
+                  }
+               }
+          },
+          {
+              "name": "authorized-keys",
+              "configMap": {
+                  "name": "sshd-authorized-keys",
+                  "defaultMode": 420
+              }
+          }
+      ]
+  }
+}
+'

roles/k8s-utils/tasks/main.yml

@@ -0,0 +1,44 @@
+- name: Create utils directory
+  file:
+    state: directory
+    path: /root/utils
+
+- name: Create run_sshd_pod.sh
+  copy:
+    src: run_sshd_pod.sh
+    dest: /root/utils/run_sshd_pod.sh
+    mode: 0700
+
+- name: Create sshd_authorized_keys config map
+  k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: sshd-authorized-keys
+        namespace: default
+      data:
+        root: |
+          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPhCld0dsDzpdkMvPRdiwd6IX8HF8Mb2V6uQzBl8/syeny8FbZxlZR8gk39RGxNYcLaZ+nA50DS6mOIplXCGdtozfw0Vm+FdITN3apMufWIdobG7Igs1vxKBBbkAb5lwxkEFUCUMzPdCLFHd5zabVH0WE42Be8+hYPLd5W/ikPCOgxRaGwryHHroxRMdkD3PcNE8upSEMdGl51pzgXhO6Fcig8UokOYHxV92SiQ0KEsCbc+oe8e9Gkr7g78tz+6YcTYLY2p2ygR7Vrh/WyTaUVnrNNqL8NIqp+Lc2kVtnqGXHFBJ0Wggaly+AeKWygy+dnOMEGSirhQ6/dUcB/Phz phfroidmont@archdesktop-2017-07-31
+          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQNavMeTECRU+7JGsv2sSZgC9qfPU9kKkYmM/p+07MGydqt76AJSYBIMl+4u0rSU/Di+TRn0E89Ik/RTduTUwXyqBxOuYMaIu7KnDZAHl0xlg0nEvPuanI0GiUh0uzskVnTyn6zwx9JvglBdH/j6MH/6/LBJ4CnWLIvlvlQN/wpw24Vm9WoTruEp/IWxg30lUA+MUNjx+5MmMUXZatk/zNGZK06fD0/vUMsWh3vQNIE3FsUQ7OEpLCrIPglfU2Wg5T/jmaxl6pD3cze4DjwBT9quqpbep36ZWDcD+ThsuMx5kca/HzGtMEwUA7L1PMNOjqVe5yBSBtOsIw4iB4qNKpjloxMVU1TXZRQd0EIqA/G7YNbsE+38FCzxqjtqin9Rnd9A5ISrkdyVYVycm3CElAU7rlpANT2Qh8y+tPfS/L4K7dyQGt5Fc5GLnIBCWVJlLpDAgykVL1hAOOuzct3dyKAn/7D+bU6OjPI2p0HwkeoI4JBmDqQEv/V04a0aDHm1kYieXzb2CMgkekXe7FwcUvujlNSr6VAoJq0NrNN6hSsPC8itNNElwv618dJwxc/ALO0d1CPRjJzs0lTSeVTZASq29TxJOWhlSGc+zWzxfxEB9EYF+QpqMyhrXh+eMQzqmVv055kMFFwSLCtLOBUq1dW0W/U/5abhNeJ1DRrACUEw== root@storage1-2018-10-11
+
+- name: Create sshd-data service
+  k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: sshd-data-svc
+        namespace: default
+        labels:
+          name: sshd-data-svc
+      spec:
+        ports:
+          - name: ssh
+            port: 22
+            nodePort: 30522
+        type: NodePort
+        selector:
+          app: sshd-data

roles/scripts/files/syncDataToK8s.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+DESTINATION_HOST=116.203.8.164
+
+rsync -aAvh -e 'ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p 30522' --progress /var/lib/wiki/ root@${DESTINATION_HOST}:/data/wiki --delete

roles/scripts/tasks/main.yml

@@ -1,16 +1,17 @@
 ---
-- name: Create dockerComposeAll.sh
+- name: Create scripts
   template:
-    src: dockerComposeAll.sh
+    src: "{{ item }}"
-    dest: /root/dockerComposeAll.sh
+    dest: /root/{{ item }}
     mode: 0700
-- name: Create syncData.sh
+  loop:
-  template:
+    - dockerComposeAll.sh
-    src: syncData.sh
+    - syncData.sh
-    dest: /root/syncData.sh
+    - updateAll.sh
-    mode: 0700
+
-- name: Create updateAll.sh
+- name: Create syncDataToK8s.sh
-  template:
+  copy:
-    src: updateAll.sh
+    src: syncDataToK8s.sh
-    dest: /root/updateAll.sh
+    dest: /root/syncDataToK8s.sh
     mode: 0700
+