Helper to transfer data to CephFs and setup wikis

2025-12-25 05:36:59 +01:00 · 2019-09-01 03:41:21 +02:00 · 2019-09-01 03:41:21 +02:00 · d77f2ef548
commit d77f2ef548
parent 80321d5ec9
10 changed files with 163 additions and 39 deletions
--- a/ansible-playbook.sh
+++ b/ansible-playbook.sh
@ -6,4 +6,9 @@ export HCLOUD_TOKEN=$(./get_hcloud_token.sh)
 ENVIRONMENT=$(cat .environment)
 source .virtualenv/bin/activate
-ansible-playbook -i inventories/$ENVIRONMENT --vault-id=~/.ssh/vault-pass  "$@"
+ARGS="-i inventories/$ENVIRONMENT"
 ARGS="$ARGS --vault-id=~/.ssh/vault-pass"
 ARGS="$ARGS $@"
 echo "ansible-playbook $ARGS"
 ansible-playbook $ARGS
--- a/manifests.yml
+++ b/manifests.yml
@ -2,3 +2,5 @@
  gather_facts: no
  roles:
    - role: k8s-manifests
    - role: k8s-utils
      tags: ["utils"]
--- a/roles/k8s-manifests/defaults/main.yml
+++ b/roles/k8s-manifests/defaults/main.yml
@ -2,5 +2,4 @@
 letsencrypt_email: letsencrypt.account@banditlair.com
 traefik_domain: "traefik.{{banditlair_domain}}"
 searx_domain: "searx.{{banditlair_domain}}"
 anderia_domain: "anderia.{{banditlair_domain}}"
 rook_domain: "rook.{{banditlair_domain}}"
--- a/roles/k8s-manifests/tasks/main.yml
+++ b/roles/k8s-manifests/tasks/main.yml
@ -15,7 +15,14 @@
  tags: searx
- import_tasks: anderia-wiki.yml
+- include_tasks: 
-  tags: 
+    file: wiki.yml
    apply:
      tags:
        - wiki
  vars:
    wiki_instance: "{{ item }}"
  loop:
    - anderia
-    - wiki
+    - arkadia
  tags: wiki
--- a/roles/k8s-manifests/tasks/rook.yml
+++ b/roles/k8s-manifests/tasks/rook.yml
@ -14,12 +14,10 @@
 # Workaround until https://github.com/ansible/ansible/pull/59160 is released
 - name: Remove last line of the manifest file
-  lineinfile:
+  command: sed -i '$ d' /tmp/rook-common.yml
    path: /tmp/rook-common.yml
    state: absent
    regexp: '^---$'
  delegate_to: localhost
  changed_when: false
  warn: false
 - name: Apply Rook manifests
  k8s:
--- a/roles/k8s-manifests/tasks/anderia-wiki.yml
+++ b/roles/k8s-manifests/tasks/anderia-wiki.yml
@ -1,4 +1,4 @@
- name: Anderia wiki deployment
+- name: "{{ wiki_instance }} wiki deployment"
  k8s:
    namespace: default
    state: present
@ -6,20 +6,20 @@
      apiVersion: apps/v1
      kind: Deployment
      metadata:
-        name: anderia-wiki
+        name: "{{ wiki_instance }}-wiki"
      spec:
        replicas: 2
        selector:
          matchLabels:
-            app: anderia-wiki
+            app: "{{ wiki_instance }}-wiki"
        template:
          metadata:
            labels:
-              app: anderia-wiki
+              app: "{{ wiki_instance }}-wiki"
          spec:
            containers:
-              - name: anderia-wiki
+              - name: "{{ wiki_instance }}-wiki"
-                image: bitnami/dokuwiki
+                image: bitnami/dokuwiki:0.20180422.201901061035
                imagePullPolicy: IfNotPresent
                ports:
                  - containerPort: 80
@ -32,18 +32,19 @@
                    path: /
                    port: 80
                volumeMounts:
-                - mountPath: "/bitnami"
+                - mountPath: /bitnami
-                  name: anderia-wiki-data
+                  name: "{{ wiki_instance }}-wiki-data"
            volumes:
-              - name: anderia-wiki-data
+              - name: "{{ wiki_instance }}-wiki-data"
                flexVolume:
                  driver: ceph.rook.io/rook
                  fsType: ceph
                  options:
                    fsName: ceph-fs # name of the filesystem specified in the filesystem CRD.
                    clusterNamespace: rook-ceph # namespace where the Rook cluster is deployed
                    path: /wiki/{{ wiki_instance }}
- name: Anderia wiki service
+- name: "{{ wiki_instance }} wiki service"
  k8s:
    namespace: default
    state: present
@ -51,16 +52,16 @@
      apiVersion: v1
      kind: Service
      metadata:
-        name: anderia-wiki
+        name: "{{ wiki_instance }}-wiki"
      spec:
        type: ClusterIP
        ports:
          - port: 80
            targetPort: 80
        selector:
-          app: anderia-wiki
+          app: "{{ wiki_instance }}-wiki"
- name: Anderia wiki ingress
+- name: "{{ wiki_instance }} wiki ingress"
  k8s:
    namespace: default
    state: present
@ -68,7 +69,7 @@
      apiVersion: extensions/v1beta1
      kind: Ingress
      metadata:
-        name: anderia
+        name: "{{ wiki_instance }}"
        annotations:
          kubernetes.io/ingress.class: nginx
          certmanager.k8s.io/cluster-issuer: "{{cert_manager_issuer}}"
@ -76,14 +77,14 @@
          # ingress.kubernetes.io/ssl-temporary-redirect: "false"
      spec:
        rules:
-        - host: "{{ anderia_domain }}"
+        - host: "{{ wiki_instance }}.{{banditlair_domain}}"
          http:
            paths:
            - path: /
              backend:
-                serviceName: anderia-wiki
+                serviceName: "{{ wiki_instance }}-wiki"
                servicePort: 80
        tls:
        - hosts:
-            - "{{ anderia_domain }}"
+            - "{{ wiki_instance }}.{{banditlair_domain}}"
-          secretName: anderia-cert
+          secretName: "{{ wiki_instance }}-cert"
--- a/roles/k8s-utils/files/run_sshd_pod.sh
+++ b/roles/k8s-utils/files/run_sshd_pod.sh
@ -0,0 +1,60 @@
 kubectl run sshd-data --image=panubo/sshd --rm -ti --restart=Never --overrides='
 {
  "metadata": {
      "labels": {
          "app": "sshd-data"
      }
  },
  "spec": {
      "containers": [
          {
              "stdin": true,
              "tty": true,
              "name": "sshd-data",
              "image": "panubo/sshd",
              "env": [
                  {
                      "name":"SSH_USERS",
                      "value":"storage1:1042:1042"
                  },
                  {
                      "name":"SSH_ENABLE_ROOT",
                      "value":"true"
                  }
              ],
              "volumeMounts": [
                  {
                      "name": "data",
                      "mountPath": "/data"
                  },
                  {
                      "name": "authorized-keys",
                      "mountPath": "/etc/authorized_keys/root",
                      "subPath": "root"
                  }
              ]
          }
      ],
      "volumes": [
          {
              "name": "data",
              "flexVolume": {
                  "driver": "ceph.rook.io/rook",
                  "fsType": "ceph",
                  "options": {
                      "fsName": "ceph-fs",
                      "clusterNamespace" : "rook-ceph"
                  }
               }
          },
          {
              "name": "authorized-keys",
              "configMap": {
                  "name": "sshd-authorized-keys",
                  "defaultMode": 420
              }
          }
      ]
  }
 }
 '
--- a/roles/k8s-utils/tasks/main.yml
+++ b/roles/k8s-utils/tasks/main.yml
@ -0,0 +1,44 @@
 - name: Create utils directory
  file:
    state: directory
    path: /root/utils
 - name: Create run_sshd_pod.sh
  copy:
    src: run_sshd_pod.sh
    dest: /root/utils/run_sshd_pod.sh
    mode: 0700
 - name: Create sshd_authorized_keys config map
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: sshd-authorized-keys
        namespace: default
      data:
        root: |
          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPhCld0dsDzpdkMvPRdiwd6IX8HF8Mb2V6uQzBl8/syeny8FbZxlZR8gk39RGxNYcLaZ+nA50DS6mOIplXCGdtozfw0Vm+FdITN3apMufWIdobG7Igs1vxKBBbkAb5lwxkEFUCUMzPdCLFHd5zabVH0WE42Be8+hYPLd5W/ikPCOgxRaGwryHHroxRMdkD3PcNE8upSEMdGl51pzgXhO6Fcig8UokOYHxV92SiQ0KEsCbc+oe8e9Gkr7g78tz+6YcTYLY2p2ygR7Vrh/WyTaUVnrNNqL8NIqp+Lc2kVtnqGXHFBJ0Wggaly+AeKWygy+dnOMEGSirhQ6/dUcB/Phz phfroidmont@archdesktop-2017-07-31
          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQNavMeTECRU+7JGsv2sSZgC9qfPU9kKkYmM/p+07MGydqt76AJSYBIMl+4u0rSU/Di+TRn0E89Ik/RTduTUwXyqBxOuYMaIu7KnDZAHl0xlg0nEvPuanI0GiUh0uzskVnTyn6zwx9JvglBdH/j6MH/6/LBJ4CnWLIvlvlQN/wpw24Vm9WoTruEp/IWxg30lUA+MUNjx+5MmMUXZatk/zNGZK06fD0/vUMsWh3vQNIE3FsUQ7OEpLCrIPglfU2Wg5T/jmaxl6pD3cze4DjwBT9quqpbep36ZWDcD+ThsuMx5kca/HzGtMEwUA7L1PMNOjqVe5yBSBtOsIw4iB4qNKpjloxMVU1TXZRQd0EIqA/G7YNbsE+38FCzxqjtqin9Rnd9A5ISrkdyVYVycm3CElAU7rlpANT2Qh8y+tPfS/L4K7dyQGt5Fc5GLnIBCWVJlLpDAgykVL1hAOOuzct3dyKAn/7D+bU6OjPI2p0HwkeoI4JBmDqQEv/V04a0aDHm1kYieXzb2CMgkekXe7FwcUvujlNSr6VAoJq0NrNN6hSsPC8itNNElwv618dJwxc/ALO0d1CPRjJzs0lTSeVTZASq29TxJOWhlSGc+zWzxfxEB9EYF+QpqMyhrXh+eMQzqmVv055kMFFwSLCtLOBUq1dW0W/U/5abhNeJ1DRrACUEw== root@storage1-2018-10-11
 - name: Create sshd-data service
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Service
      metadata:
        name: sshd-data-svc
        namespace: default
        labels:
          name: sshd-data-svc
      spec:
        ports:
          - name: ssh
            port: 22
            nodePort: 30522
        type: NodePort
        selector:
          app: sshd-data
--- a/roles/scripts/files/syncDataToK8s.sh
+++ b/roles/scripts/files/syncDataToK8s.sh
@ -0,0 +1,7 @@
 #!/bin/bash
 set -e
 DESTINATION_HOST=116.203.8.164
 rsync -aAvh -e 'ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p 30522' --progress /var/lib/wiki/ root@${DESTINATION_HOST}:/data/wiki --delete
--- a/roles/scripts/tasks/main.yml
+++ b/roles/scripts/tasks/main.yml
@ -1,16 +1,17 @@
 ---
- name: Create dockerComposeAll.sh
+- name: Create scripts
  template:
-    src: dockerComposeAll.sh
+    src: "{{ item }}"
-    dest: /root/dockerComposeAll.sh
+    dest: /root/{{ item }}
    mode: 0700
- name: Create syncData.sh
+  loop:
-  template:
+    - dockerComposeAll.sh
-    src: syncData.sh
+    - syncData.sh
-    dest: /root/syncData.sh
+    - updateAll.sh
-    mode: 0700
+
- name: Create updateAll.sh
+- name: Create syncDataToK8s.sh
-  template:
+  copy:
-    src: updateAll.sh
+    src: syncDataToK8s.sh
-    dest: /root/updateAll.sh
+    dest: /root/syncDataToK8s.sh
    mode: 0700