Deploy a simple webserver docker-compose stack

The beginning of a revamp of FRITA infrastructure into containers

.gitignore

@@ -1,8 +1,4 @@
-# Vagrant files
+environments
+.playbook
 .vagrant
-
-# Unneeded ansible file
-*.retry
-
-# Custom environments
-/environments/
+.vscode

README.md

@@ -1,22 +1,26 @@
-# Free I.T. Athen’s Infrastructure
-Ansible code used to deploy and maintain websites and services used by Free I.T. Athens.
+# Free I.T. Athen's Infrastructure
+This project is used to develop Ansible for deploying and maintaining websites
+and services operated by Free I.T. Athens.
 
-## Getting Started
-frita-infra is developed in Ansible 2.7.5 using Vagrant 2.2.2 + vagrant-libvirt as a test environment.
+- Requires Ansible and Vagrant on the host
 
-Check it out by simply typing: `vagrant up`
-
-## Versioning
-We use [SemVer](http://semver.org/) for versioning. For the versions available, see the tags on this repository. 
+## Quick Start
+1. Clone this project
+2. Run `vagrant up` to provision a Debian 11 base box
 
 ## Authors
-* **Kris Lamoureux** - *Project Founder* - [krislamo](https://github.com/krislamo)
+* **Kris Lamoureux** - *Project Founder* - @[krislamo](https://github.com/krislamo)
 
 ## Copyrights and Licenses
-Copyright (C) 2019  Free I.T. Athens
+Copyright (C) 2019, 2020, 2022  Free I.T. Athens
 
-This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+This program is free software: you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free Software
+Foundation, version 3 of the License.
 
-This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
-You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
+You should have received a copy of the GNU General Public License along with
+this program. If not, see <https://www.gnu.org/licenses/>.

Vagrantfile

@@ -1,28 +1,24 @@
-# Copyright (C) 2019  Free I.T. Athens
-# 
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
 # vi: set ft=ruby :
 
+# Set PLAYBOOK shell var for ./dev/playbook.yml
+PLAYBOOK=ENV["PLAYBOOK"]
+if !PLAYBOOK
+  if File.exist?('.playbook')
+    PLAYBOOK = IO.read('.playbook').split("\n")[0]
+  end
+
+  if !PLAYBOOK || PLAYBOOK.empty?
+    PLAYBOOK = "webserver"
+  end
+else
+  File.write(".playbook", PLAYBOOK)
+end
+
+# Debian 11
 Vagrant.configure("2") do |config|
-
-  # Debian Stable box
-  config.vm.box = "debian/stretch64"
+  config.vm.box = "debian/bullseye64"
   config.vm.synced_folder ".", "/vagrant", disabled: true
-
-  # Set static IP
-  config.vm.network "private_network", ip: "192.168.121.2"
+  config.vm.network "private_network", type: "dhcp"
 
   # Machine Name
   config.vm.define :frita do |frita| #
@@ -35,9 +31,9 @@ Vagrant.configure("2") do |config|
 
   # Provision with Ansible
   config.vm.provision "ansible" do |ansible|
+    ENV['ANSIBLE_ROLES_PATH'] = File.dirname(__FILE__) + "/roles"
     ansible.compatibility_mode = "2.0"
-    ansible.playbook = "site.yml"
+    ansible.playbook = "dev/" + PLAYBOOK + ".yml"
   end
 
 end
-

ansible.cfg

@@ -1,7 +1,6 @@
 [defaults]
 inventory = ./environments/development
-interpreter_python = /usr/bin/python
+interpreter_python = /usr/bin/python3
 
 [ssh_connection]
 pipelining=True
-

dev/vars/webserver.yml

@@ -0,0 +1,5 @@
+docker_users:
+  - vagrant
+
+webserver_env:
+  TRAEFIK_DOMAIN: traefik.example.org

dev/webserver.yml

@@ -0,0 +1,8 @@
+- name: Install FRITA Web Server
+  hosts: all
+  become: true
+  vars_files:
+    - vars/webserver.yml
+  roles:
+    - docker
+    - webserver

group_vars/all

@@ -1,46 +0,0 @@
-### WordPress Configuration ###
-
-# Domain
-wp_domain: www.freeitathens.org
-wp_admin_email: contact@freeitathens.org
-
-# Version of WordPress to deploy
-wp_version: 5.1.1
-wp_sha1_hash: f1bff89cc360bf5ef7086594e8a9b68b4cbf2192
-
-# WordPress Home Directory
-# Note: value is a directory without trailing '/'
-wp_dir: /var/www/wordpress
-
-# WordPress Database Settings
-wp_db_host: localhost
-wp_db_name: wordpress
-wp_db_user: wordpress_user
-wp_db_pass: Password1
-wp_db_table_prefix: wp_
-
-
-### Nextcloud Configuration ###
-
-# Domain
-nc_domain: cloud.freeitathens.org
-nc_admin_email: contact@freeitathens.org
-
-# Version of Nextcloud to deploy
-nc_version: 15.0.2
-nc_sha256_hash: c1f4cc33e39994ddbe6777370b62c30b7ae52136a0530c0b9922770803ca0fea
-
-# Nextcloud Home Directory
-# Note: value is a directory without trailing '/'
-nc_dir: /var/www/nextcloud
-
-# Nextcloud Database Settings
-nc_db_host: localhost
-nc_db_name: nextcloud
-nc_db_user: nextcloud_user
-nc_db_pass: Password1
-
-# Nextcloud Admin
-nc_admin: admin
-nc_admin_pass: Password1
-

roles/ansible/tasks/main.yml

@@ -1,22 +0,0 @@
-- name: 'Install Ansible dependency: python-apt'
-  shell: 'apt-get update && apt-get install python-apt -y'
-  args:
-    creates: /usr/lib/python2.7/dist-packages/apt
-    warn: false
-
-- name: 'Install Ansible dependency: aptitude'
-  apt:
-    name: 'aptitude'
-    state: present
-    force_apt_get: true
-
-- name: 'Install Ansible dependency: python-docker'
-  apt:
-    name: python-docker
-    state: present
-
-- name: Create Ansible's temporary directory
-  file:
-    path: /root/.ansible/tmp
-    state: directory
-    mode: '0700'

roles/docker/defaults/main.yml

@@ -0,0 +1,3 @@
+docker_compose_root: /var/lib/compose
+docker_compose: /usr/bin/docker-compose
+docker_compose_service: compose

roles/docker/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: Install Docker
+  ansible.builtin.apt:
+    name: ['docker.io', 'docker-compose']
+    state: present
+    update_cache: true
+
+- name: Create docker-compose root
+  ansible.builtin.file:
+    path: "{{ docker_compose_root }}"
+    state: directory
+    mode: 0600
+
+- name: Add users to docker group
+  ansible.builtin.user:
+    name: "{{ item }}"
+    groups: docker
+    append: true
+  loop: "{{ docker_users }}"
+  when: docker_users is defined
+
+- name: Start Docker and enable on boot
+  ansible.builtin.service:
+    name: docker
+    state: started
+    enabled: true

roles/webserver/defaults/main.yml

@@ -0,0 +1 @@
+webserver_root: "{{ docker_compose_root }}/webserver"

roles/webserver/files/docker-compose.yml

@@ -0,0 +1,32 @@
+version: '3.5'
+
+networks:
+  traefik:
+    name: traefik
+
+services:
+  traefik:
+    image: traefik:${TRAEFIK_VERSION:-latest}
+    command:
+      - --api.dashboard=${TRAEFIK_DASHBOARD:-true}
+      - --api.debug=${TRAEFIK_DEBUG:-false}
+      - --providers.docker=true
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.local.address=:8443
+    ports:
+      - 80:80
+      - 443:443
+      - "127.0.0.1:8443:8443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    labels:
+      traefik.http.routers.api.rule: Host(`${TRAEFIK_DOMAIN:-traefik.local.freeitathens.org}`)
+      traefik.http.routers.api.entrypoints: local
+      traefik.http.routers.api.service: api@internal
+      traefik.http.routers.api.tls: true
+    networks:
+      - traefik

roles/webserver/handlers/main.yml

@@ -1,18 +1,5 @@
-# Copyright (C) 2019  Free I.T. Athens
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
-- name: Reload Apache2
-  service: name=apache2 state=reloaded
-
+- name: Compose up on webserver stack
+  ansible.builtin.command: "docker-compose up -d"
+  args:
+    chdir: "{{ webserver_root }}"
+  listen: composeup_webserver

roles/webserver/tasks/main.yml

@@ -1,40 +1,24 @@
-# Copyright (C) 2019  Free I.T. Athens
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
-- name: Install Apache2 Web Server
-  apt:
-    name: apache2
-    state: present
-
-- name: Start Apache2 Web Server
-  service:
-    name: apache2
-    state: started
-
-- name: Install PHP
-  apt:
-    name: php
-    state: present
-
-- name: Install PHP MySQL Extension
-  apt:
-    name: php-mysql
-    state: present
-  notify: Reload Apache2
-
 - name: Install MariaDB Server
-  apt:
+  ansible.builtin.apt:
     name: mariadb-server
     state: present
+
+- name: Create webserver docker-compose directory
+  ansible.builtin.file:
+    path: "{{ webserver_root }}"
+    state: directory
+    mode: 0600
+
+- name: Install webserver docker-compose.yml
+  ansible.builtin.copy:
+    src: docker-compose.yml
+    dest: "{{ webserver_root }}/docker-compose.yml"
+    mode: 0600
+  notify: composeup_webserver
+
+- name: Install docker-compose .env
+  ansible.builtin.template:
+    src: compose-env.j2
+    dest: "{{ webserver_root }}/.env"
+    mode: 0600
+  notify: composeup_webserver

roles/webserver/templates/compose-env.j2

@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+{% for key, value in webserver_env.items() %}
+{{ key }}={{ value }}
+{% endfor %}

webserver.yml

@@ -1,24 +1,6 @@
-# Copyright (C) 2019  Free I.T. Athens
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
 - name: Install FRITA Web Server
   hosts: all
-  become: yes
+  become: true
   roles:
-    - ansible
+    - docker
     - webserver
-    - wordpress
-    - nextcloud
-    - timetrex