yohan/ovh_instance_playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Start containers on reboot.

Browse Source
This commit is contained in:
yohan 2024-10-19 17:59:09 +02:00
parent f4bab982f1
commit de879a0793
10 changed files with 114 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
roles/role_deploy_SemanticScuttle/tasks/main.yml
View File

@ -8,7 +8,6 @@
containers.podman.podman_network:
name: php5-fpm
become: true
when: not scuttle_installed_flag.stat.exists
- name: Create volumes directories
ansible.builtin.file:
@ -82,6 +81,7 @@
containers.podman.podman_container:
name: apache-scuttle
image: "{{ private_registry_domain }}/apache-scuttle:72099cd4a1"
state: present
network:
- reverse-proxy
- php5-fpm
@ -90,18 +90,23 @@
env:
FPM_HOST: php5-fpm:9000
SERVER_NAME: "scuttle.{{ DOMAIN }}"
generate_systemd:
path: /etc/systemd/system
become: true
- name: Create php5-fpm container
containers.podman.podman_container:
name: php5-fpm
image: "{{ private_registry_domain }}/php5-fpm:f533a39b96"
state: present
network:
- php5-fpm
- mysqlnet
volume:
- /mnt/volumes/scuttle_code/data:/var/www/html:z
- /mnt/volumes/scuttle_php5-fpm_conf/data:/etc/php5/fpm/pool.d:Z
generate_systemd:
path: /etc/systemd/system
become: true
- name: Add cloud.{{ DOMAIN }} to /etc/hosts
@ -109,7 +114,6 @@
path: "/etc/hosts"
line: "127.0.0.1 scuttle.{{ DOMAIN }} scuttle"
become: true
when: not scuttle_installed_flag.stat.exists
# A local volume is needed to store install states
- name: Create /mnt/volumes/install_states directory if it does not exist

25
roles/role_deploy_dovecot/tasks/main.yml
View File

@ -59,7 +59,6 @@
mode: '0755'
recurse: yes
become: true
when: not dovecot_installed_flag.stat.exists
- name: Remove temp directory
ansible.builtin.file:
@ -67,7 +66,6 @@
state: absent
changed_when: false
become: true
when: not dovecot_installed_flag.stat.exists
- name: Create temp directory
ansible.builtin.file:
@ -76,7 +74,6 @@
recurse: yes
changed_when: false
become: true
when: not dovecot_installed_flag.stat.exists
- name: Extract dovecot certs from secrets.tar.gz.enc
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in {{ remote_workdir }}/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 3 {{ item.name }}"
@ -89,7 +86,6 @@
environment:
SECRETS_ARCHIVE_PASSPHRASE: "{{ lookup('env', 'SECRETS_ARCHIVE_PASSPHRASE') }}"
become: true
when: not dovecot_installed_flag.stat.exists
- name: Copy dovecot SSL cert
ansible.builtin.copy:
@ -100,7 +96,6 @@
group: root
mode: "u=rw,g=r,o=r"
become: true
when: not dovecot_installed_flag.stat.exists
- name: Copy dovecot SSL key
ansible.builtin.copy:
@ -111,7 +106,6 @@
group: root
mode: "u=rw,g=,o="
become: true
when: not dovecot_installed_flag.stat.exists
- name: Retrieve config repo
ansible.builtin.git:
@ -121,7 +115,6 @@
accept_hostkey: true
force: true
changed_when: false
when: not dovecot_installed_flag.stat.exists
- name: Copy config
ansible.builtin.copy:
@ -131,7 +124,6 @@
become: true
with_items:
- dovecot_expire.sh
when: not dovecot_installed_flag.stat.exists
- name: Template dovecot config files
ansible.builtin.template:
@ -142,7 +134,6 @@
- 15-lda.conf
- 10-mail.conf
- users
when: not dovecot_installed_flag.stat.exists
- name: Fix permissions
ansible.builtin.file:
@ -154,7 +145,6 @@
with_items:
- name: dovecot_expire.sh
mode: "u=rwx,g=rx,o="
when: not dovecot_installed_flag.stat.exists
- name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
containers.podman.podman_login:
@ -163,7 +153,6 @@
registry: "{{ private_registry_domain }}"
changed_when: false
become: true
when: not dovecot_installed_flag.stat.exists
- name: Create podman networks
containers.podman.podman_network:
@ -171,12 +160,12 @@
become: true
with_items:
- mailnet
when: not dovecot_installed_flag.stat.exists
- name: Create dovecot container
containers.podman.podman_container:
name: dovecot
image: "{{ private_registry_domain }}/dovecot:530c367996"
state: present
network:
- mailnet
ports:
@ -191,8 +180,17 @@
- /usr/local/docker-mounted-files/docker-mail-stack/10-mail.conf:/etc/dovecot/conf.d/10-mail.conf:Z
- /usr/local/docker-mounted-files/docker-mail-stack/certs/dovecot.crt:/etc/dovecot/dovecot.pem:z
- /usr/local/docker-mounted-files/docker-mail-stack/certs/dovecot.key:/etc/dovecot/private/dovecot.pem:Z
generate_systemd:
path: /etc/systemd/system
become: true
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-dovecot
state: started
enabled: true
become: true
when: not dovecot_installed_flag.stat.exists
- name: Add services to /etc/hosts
ansible.builtin.lineinfile:
@ -202,7 +200,6 @@
with_items:
- imap
- sieve
when: not dovecot_installed_flag.stat.exists
# A local volume is needed to store install states
- name: Create /mnt/volumes/install_states directory if it does not exist

11
roles/role_deploy_feed2imap/tasks/main.yml
View File

@ -49,6 +49,7 @@
containers.podman.podman_container:
name: feed2imap
image: "{{ private_registry_domain }}/feed2imap:10d378f5cf"
state: present
network:
- mailnet
volume:
@ -56,4 +57,14 @@
- /usr/local/docker-mounted-files/docker-mail-stack/certs/dovecot.crt:/usr/local/share/ca-certificates/dovecot.crt:z
etc_hosts:
imap.scimetis.net: "{{ ansible_default_ipv4.address }}"
generate_systemd:
path: /etc/systemd/system
become: true
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-feed2imap
state: started
enabled: true
become: true

12
roles/role_deploy_grafana/tasks/main.yml
View File

@ -81,6 +81,7 @@
containers.podman.podman_container:
name: grafana
image: docker.io/grafana/grafana:10.2.4
state: present
network:
- reverse-proxy
- mysqlnet
@ -90,6 +91,17 @@
- /mnt/volumes/var_lib_grafana/data:/var/lib/grafana:Z
- /mnt/volumes/etc_grafana/data:/etc/grafana:Z
- /mnt/volumes/var_log_grafana/data:/var/log/grafana:Z
generate_systemd:
path: /etc/systemd/system
become: true
when: not grafana_installed_flag.stat.exists
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-grafana
state: started
enabled: true
become: true
when: not grafana_installed_flag.stat.exists

12
roles/role_deploy_nextcloud/tasks/main.yml
View File

@ -90,6 +90,7 @@
containers.podman.podman_container:
name: nextcloud
image: "{{ private_registry_domain }}/nextcloud:19.0.13-apache-full"
state: present
network:
- reverse-proxy
- mysqlnet
@ -98,6 +99,17 @@
- /mnt/volumes/nextcloud/data:/var/www/html:Z
- /usr/local/docker-mounted-files/docker-nextcloud-stack/supervisord.conf:/supervisord.conf:z
- /usr/local/docker-mounted-files/docker-nextcloud-stack/run_elasticsearch.sh:/run_elasticsearch.sh:z
generate_systemd:
path: /etc/systemd/system
become: true
when: not nextcloud_installed_flag.stat.exists
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-nextcloud
state: started
enabled: true
become: true
when: not nextcloud_installed_flag.stat.exists

12
roles/role_deploy_registry/tasks/main.yml
View File

@ -88,6 +88,7 @@
containers.podman.podman_container:
name: registry
image: docker.io/registry:2.8.3
state: present
network:
- reverse-proxy
expose:
@ -102,6 +103,17 @@
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
generate_systemd:
path: /etc/systemd/system
become: true
when: not registry_installed_flag.stat.exists
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-registry
state: started
enabled: true
become: true
when: not registry_installed_flag.stat.exists

11
roles/role_deploy_store-metrics-in-db/tasks/main.yml
View File

@ -34,6 +34,7 @@
containers.podman.podman_container:
name: store-metrics-in-db
image: "{{ private_registry_domain }}/store-metrics-in-db:22e20028fc"
state: present
network:
- mysqlnet
- metricsnet
@ -47,4 +48,14 @@
FLASK_RUN_PORT: 3001
volume:
- /usr/local/docker-mounted-files/docker-store-metrics-in-db-stack/conf.yml:/root/conf.yml:Z
generate_systemd:
path: /etc/systemd/system
become: true
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-store-metrics-in-db
state: started
enabled: true
become: true

12
tasks/deploy_gogs.yml
View File

@ -52,6 +52,7 @@
containers.podman.podman_container:
name: gogs
image: docker.io/gogs/gogs:0.12.3
state: present
network:
- reverse-proxy
- mysqlnet
@ -59,6 +60,17 @@
- 2222:22/tcp
volume:
- /mnt/volumes/gogs_data/data:/data:Z
generate_systemd:
path: /etc/systemd/system
become: true
when: not gogs_installed_flag.stat.exists
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-gogs
state: started
enabled: true
become: true
when: not gogs_installed_flag.stat.exists

14
tasks/deploy_mysql-server.yml
View File

@ -19,11 +19,13 @@
registry: "{{ private_registry_domain }}"
changed_when: false
become: true
when: not mysql_installed_flag.stat.exists
- name: Create mysql-server container
containers.podman.podman_container:
name: mysql-server
image: "{{ private_registry_domain }}/mysql-server:fc2f81452f"
state: present
network:
- mysqlnet
volume:
@ -31,7 +33,19 @@
- /mnt/volumes/mysql-server_dumps/data:/mnt/dumps:z
- /mnt/volumes/mysql-server_scripts:/mnt/mysql-server_scripts:z
- /usr/local/docker-mounted-files/docker-mysql-server-stack/debian.cnf:/etc/mysql/debian.cnf:z
generate_systemd:
path: /etc/systemd/system
become: true
when: not mysql_installed_flag.stat.exists
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-mysql-server
state: started
enabled: true
become: true
when: not mysql_installed_flag.stat.exists
- name: Include tasks/mysql-server_install_from_backup_stage_3.yml
ansible.builtin.include_tasks: "tasks/mysql-server_install_from_backup_stage_3.yml"

13
tasks/deploy_reverse-proxy.yml
View File

@ -92,11 +92,13 @@
registry: "{{ private_registry_domain }}"
changed_when: false
become: true
when: not reverse_proxy_installed_flag.stat.exists
- name: Create reverse-proxy container
containers.podman.podman_container:
name: reverse-proxy
image: "{{ private_registry_domain }}/reverse-proxy:8c0dc1f517"
state: present
network:
- reverse-proxy
ports:
@ -106,5 +108,16 @@
- /mnt/volumes/reverse-proxy_conf/data:/etc/apache2/sites-available:Z
- /mnt/volumes/reverse-proxy_conf_enabled/data:/etc/apache2/sites-enabled:Z
- /mnt/volumes/reverse-proxy_letsencrypt/data:/etc/letsencrypt:Z
generate_systemd:
path: /etc/systemd/system
become: true
when: not reverse_proxy_installed_flag.stat.exists
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-reverse-proxy
state: started
enabled: true
become: true
when: not reverse_proxy_installed_flag.stat.exists