testing

2022-11-19 03:01:45 -05:00 · 2022-11-19 03:01:45 -05:00 · ac92286b5b
commit ac92286b5b
parent 75ee5be87d
8 changed files with 128 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,5 @@
 environments
 *.log
 .playbook
 .vagrant
 .vscode
--- a/9
+++ b/9
@ -0,0 +1,9 @@
 all: vagrant
 vagrant:
 	vagrant up --no-destroy-on-error --no-color | tee ./vagrantup.log
 	./forward-ssh.sh
 clean:
 	vagrant destroy -f --no-color
 	rm -rf .vagrant ./*.log
--- a/README.md
+++ b/README.md
@ -1,15 +1,19 @@
 # Free I.T. Athen's Infrastructure
 This project is used to develop Ansible for deploying and maintaining websites
-and services operated by Free I.T. Athens.
+and services operated by Free I.T. Athens (FRITA).
- Requires Ansible and Vagrant on the host
+- Requires GNU Make, Ansible, and Vagrant on the host
 ## Quick Start
 1. Clone this project
-2. Run `vagrant up` to provision a Debian 11 base box
+2. Run `make` to provision a Debian 11 base box
 3. Go to
    - [Traefik Dashboard](https://traefik.local.freeitathens.org:8443/dashboard/#/)
    - [WordPress](https://www.local.freeitathens.org)
 4. Click through the HTTPS security warning
 ## Authors
-* **Kris Lamoureux** - *Project Founder* - @[krislamo](https://github.com/krislamo)
+* **Kris Lamoureux** - *Project Founder* - [@krislamo](https://github.com/krislamo)
 ## Copyrights and Licenses
 Copyright (C) 2019, 2020, 2022  Free I.T. Athens
--- a/dev/vars/webserver.yml
+++ b/dev/vars/webserver.yml
@ -1,5 +1,41 @@
 ###############
 ### Secrets ###
 ###############
 secret:
  WORDPRESS_DB_PASSWORD: WPpa55w0rd!
 ##############
 ### Docker ###
 ##############
 docker_users:
  - vagrant
-webserver_env:
+################
-  TRAEFIK_DOMAIN: traefik.example.org
+#### MariaDB ###
 ################
 databases:
  - name: wordpress
    pass: "{{ secret.WORDPRESS_DB_PASSWORD }}"
 #######################
 ### Webserver Stack ###
 #######################
 webserver:
  ###############
  ### Traefik ###
  ###############
  #TRAEFIK_VERSION: latest
  #TRAEFIK_DOMAIN: traefik.local.freeitathens.org
  #TRAEFIK_DASHBOARD: true
  #TRAEFIK_EXPOSED_DEFAULT: false
  TRAEFIK_DEBUG: true
  #################
  ### WordPress ###
  #################
  #WORDPRESS_VERSION: latest
  #WORDPRESS_DOMAIN: www.local.freeitathens.org
  #WORDPRESS_DB_HOST: host.docker.internal
  #WORDPRESS_DB_NAME: wordpress
  #WORDPRESS_DB_USER: wordpress
  WORDPRESS_DB_PASSWORD: "{{ secret.WORDPRESS_DB_PASSWORD }}"
--- a/forward-ssh.sh
+++ b/forward-ssh.sh
@ -0,0 +1,23 @@
 #!/bin/bash
 # Finds the SSH private key under ./.vagrant and connects to
 # the Vagrant box port forwarding localhost ports: 8443, 80, 443
 PRIVATE_KEY="$(find .vagrant -name "private_key")"
 HOST_IP="$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)"
 if [ "$(pgrep -afc "$PRIVATE_KEY")" -eq 0 ]; then
  set -x
  sudo ssh -fNT -i "$PRIVATE_KEY" \
    -L 8443:localhost:8443 \
    -L 80:localhost:80 \
    -L 443:localhost:443 \
    -o UserKnownHostsFile=/dev/null \
    -o StrictHostKeyChecking=no \
      vagrant@"${HOST_IP::-1}" 2>/dev/null
  set +x
 else
  echo "ERROR: SSH process already running"
  pgrep -af "$PRIVATE_KEY"
  echo -e "\nKill process:\n\tsudo kill -9 \"\$(pgrep -f \"$PRIVATE_KEY\")\""
  exit 1
 fi
--- a/roles/webserver/files/docker-compose.yml
+++ b/roles/webserver/files/docker-compose.yml
@ -1,5 +1,8 @@
 version: '3.5'
 volumes:
  wordpress:
 networks:
  traefik:
    name: traefik
@ -7,10 +10,12 @@ networks:
 services:
  traefik:
    image: traefik:${TRAEFIK_VERSION:-latest}
    restart: always
    command:
      - --api.dashboard=${TRAEFIK_DASHBOARD:-true}
      - --api.debug=${TRAEFIK_DEBUG:-false}
      - --providers.docker=true
      - --providers.docker.exposedbydefault=${TRAEFIK_EXPOSED_DEFAULT:-false}
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
@ -28,5 +33,25 @@ services:
      traefik.http.routers.api.entrypoints: local
      traefik.http.routers.api.service: api@internal
      traefik.http.routers.api.tls: true
      traefik.enable: true
    networks:
      - traefik
  wordpress:
    image: wordpress:${WORDPRESS_VERSION:-latest}
    restart: always
    environment:
      WORDPRESS_DB_HOST: ${WORDPRESS_DB_HOST:-host.docker.internal}
      WORDPRESS_DB_NAME: ${WORDPRESS_DB_NAME-wordpress}
      WORDPRESS_DB_USER: ${WORDPRESS_DB_USER:-wordpress}
      WORDPRESS_DB_PASSWORD: ${WORDPRESS_DB_PASSWORD}
    labels:
      traefik.http.routers.wordpress.rule: Host(`${WORDPRESS_DOMAIN:-www.local.freeitathens.org}`)
      traefik.http.routers.wordpress.entrypoints: websecure
      traefik.http.routers.wordpress.tls.certresolver: letsencrypt
      traefik.docker.network: traefik
      traefik.enable: true
    volumes:
      - wordpress:/var/www/html
    extra_hosts:
      - host.docker.internal:host-gateway
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@ -3,6 +3,29 @@
    name: mariadb-server
    state: present
 - name: Install MySQL Support for Python 3
  ansible.builtin.apt:
    name: python3-pymysql
    state: present
 - name: Create MariaDB databases
  community.mysql.mysql_db:
    name: "{{ item.name }}"
    state: present
    login_unix_socket: /var/run/mysqld/mysqld.sock
  loop: "{{ databases }}"
  no_log: "{{ item.pass is defined }}"
 - name: Create MariaDB users
  community.mysql.mysql_user:
    name: "{{ item.name }}"
    password: "{{ item.pass }}"
    priv: "{{ item.name }}.*:ALL,GRANT"
    state: present
    login_unix_socket: /var/run/mysqld/mysqld.sock
  loop: "{{ databases }}"
  no_log: "{{ item.pass is defined }}"
 - name: Create webserver docker-compose directory
  ansible.builtin.file:
    path: "{{ webserver_root }}"
--- a/roles/webserver/templates/compose-env.j2
+++ b/roles/webserver/templates/compose-env.j2
@ -1,4 +1,4 @@
 # {{ ansible_managed }}
-{% for key, value in webserver_env.items() %}
+{% for key, value in webserver.items() %}
 {{ key }}={{ value }}
 {% endfor %}