ansible
/
xoxys.droneci
1
0
Fork 0
Code Issues Pull Requests Releases Activity

initial commit

This commit is contained in:
Robert Kaussow 2018-12-13 23:09:22 +01:00
commit e4f22274e3
13 changed files with 377 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
# ---> Ansible
*.retry

9
LICENSE Normal file
View File

@ -0,0 +1,9 @@
MIT License
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

2
README.md Normal file
View File

@ -0,0 +1,2 @@
# sit-lnx.droneci

84
defaults/main.yml Normal file
View File

@ -0,0 +1,84 @@
---
droneci_version: 0.8
droneci_service_directory: /var/lib/docker/services/drone-ci
droneci_docker_socket_path: /var/run/docker.sock
droneci_host: http://localhost
droneci_secret: myveryownsecret
droneci_server_image: "drone/drone:{{ droneci_version }}"
droneci_server_restart_policy: always
droneci_server_exposed_port: 8080
droneci_agent_image: "drone/agent:{{ droneci_version }}"
droneci_agent_restart_policy: always
droneci_postgres_enabled: False
droneci_postgres_tls_enabled: False
# droneci_postgres_ssl_mode: disabled
droneci_postgres_server: postgres.example.com:5432
droneci_postgres_superuser: postgres
droneci_postgres_password: secure
droneci_postgres_db:
name: droneci
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8'
encoding: UTF-8
template: template0
login_host: localhost
login_user: "{{ droneci_postgres_superuser }}"
login_password: "{{ droneci_postgres_password }}"
# login_unix_socket: # defaults to not set
port: "{{ droneci_postgres_server | urlsplit('port') }}"
# owner: # defaults to not set
state: present
droneci_postgres_user:
name: pgdroneci
password: droneci
encrypted: 'yes'
# priv: # defaults to not set
# role_attr_flags: # defaults to not set
db: "{{ droneci_postgres_db.name }}"
login_host: localhost
login_user: "{{ droneci_postgres_superuser }}"
login_password: "{{ droneci_postgres_password }}"
# login_unix_socket: # defaults to not set
port: "{{ droneci_postgres_server | urlsplit('port') }}"
state: present
droneci_gitea_enabled: False
droneci_gitea_host: http://my-git.example.com
# droneci_gitea_git_user: # default not set
# droneci_gitea_git_password: # default not set
droneci_gitea_private_mode_enabled: False
droneci_gitea_skip_verify_enabled: False
droneci_tls_cert_path: droneci.pem
droneci_tls_key_path: droneci.pem
droneci_tls_source_use_content: False
droneci_tls_source_use_files: True
droneci_tls_cert_source: mycert.pem
droneci_tls_key_source: mykey.pem
droneci_nginx_vhost_enabled: False
openhab_nginx_tls_enabled: True
droneci_nginx_server: myinventoryname
droneci_nginx_vhost_dir: /etc/nginx/sites-available
droneci_nginx_vhost_symlink: /etc/nginx/sites-enabled
droneci_nginx_iptables_enabled: False
droneci_server_name: droneci.example.com
droneci_server_ip: 127.0.0.1
droneci_server_http_port: 8080
droneci_server_proxy_port: "{{ droneci_server_http_port }}"
droneci_server_proxy_protocol: http
droneci_pass_ca_enabled: False
droneci_ca_path: /etc/pki/tls/certs/ca-bundle.crt
# droneci_admins: # defaults to not set
# droneci_http_proxy: # defaults to not set
# droneci_https_proxy: # defaults to not set
# droneci_no_proxy: (see below)
# - drone-server
# - drone-agent

17
handlers/main.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Restart container
docker_service:
project_src: "{{ droneci_service_directory }}"
build: no
restarted: true
listen: __drone_restart
become: True
become_user: root
- name: Reload nginx
systemd:
state: reloaded
name: nginx
listen: __nginx_reload
become: True
become_user: root

16
meta/main.yml Normal file
View File

@ -0,0 +1,16 @@
# Standards: 0.1
---
galaxy_info:
author: Robert Kaussow
description: Setup Drone CI with docker compose
license: MIT
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 7
galaxy_tags:
- drone ci
- ci
- devops
dependencies: []

4
tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- import_tasks: prepare.yml
- import_tasks: setup.yml
- import_tasks: nginx.yml

52
tasks/nginx.yml Normal file
View File

@ -0,0 +1,52 @@
---
- block:
- name: Copy certs and private key to nginx proxy (content)
copy:
content: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: "{{ droneci_tls_key_source }}", dest: '/etc/pki/tls/private/{{ droneci_tls_key_path | basename }}', mode: '0600' }
- { src: "{{ droneci_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ droneci_tls_cert_path | basename }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
when: droneci_tls_source_use_content
- name: Copy certs and private key to nginx proxy (files)
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: "{{ droneci_tls_key_source }}", dest: '/etc/pki/tls/private/{{ droneci_tls_key_path | basename }}', mode: '0600' }
- { src: "{{ droneci_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ droneci_tls_cert_path | basename }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
when: droneci_tls_source_use_files
delegate_to: "{{ droneci_nginx_server }}"
become: True
become_user: root
tags: tls_renewal
- block:
- name: Add vhost configuration file
template:
src: nginx/vhost.j2
dest: "{{ droneci_nginx_vhost_dir }}/droneci"
owner: root
group: root
mode: 0640
notify: __nginx_reload
- name: Enable droneci vhost
file:
src: "{{ droneci_nginx_vhost_dir }}/droneci"
dest: "{{ droneci_nginx_vhost_symlink }}/droneci"
owner: root
group: root
state: link
notify: __nginx_reload
when: droneci_nginx_vhost_symlink is defined
delegate_to: "{{ droneci_nginx_server }}"
become: True
become_user: root

54
tasks/prepare.yml Normal file
View File

@ -0,0 +1,54 @@
---
- block:
- name: Ensure service directory exists
file:
path: "{{ droneci_service_directory }}"
state: directory
mode: 0755
- name: Install required dependencies
pip:
name: "{{ item }}"
state: present
with_items:
- docker
- docker-compose
become: True
become_user: root
- block:
- name: Setup postgres db '{{ gitea_postgres_db.name }}'
postgresql_db:
name: "{{ gitea_postgres_db.name }}"
lc_collate: "{{ gitea_postgres_db.lc_collate | default('en_US.UTF-8') }}"
lc_ctype: "{{ gitea_postgres_db.lc_ctype | default('en_US.UTF-8') }}"
encoding: "{{ gitea_postgres_db.encoding | default('UTF-8') }}"
template: "{{ gitea_postgres_db.template | default('template0') }}"
login_host: "{{ gitea_postgres_db.login_host | default('localhost') }}"
login_password: "{{ gitea_postgres_db.login_password | default(omit) }}"
login_user: "{{ gitea_postgres_db.login_user | default(postgresql_user) }}"
login_unix_socket: "{{ gitea_postgres_db.login_unix_socket | default(omit) }}"
port: "{{ gitea_postgres_db.port | default(omit) }}"
owner: "{{ gitea_postgres_db.owner | default(omit) }}"
state: "{{ gitea_postgres_db.state | default('present') }}"
no_log: True
when: gitea_postgres_db is defined
- name: Setup postgres user '{{ gitea_postgres_user.name }}'
postgresql_user:
name: "{{ gitea_postgres_user.name }}"
password: "{{ 'md5' + (gitea_postgres_user.password + gitea_postgres_user.name) | hash('md5') }}"
encrypted: "{{ gitea_postgres_user.encrypted | default('yes') }}"
priv: "{{ gitea_postgres_user.priv | default(omit) }}"
role_attr_flags: "{{ gitea_postgres_user.role_attr_flags | default(omit) }}"
db: "{{ gitea_postgres_user.db | default(omit) }}"
login_host: "{{ gitea_postgres_user.login_host | default('localhost') }}"
login_password: "{{ gitea_postgres_user.login_password | default(omit) }}"
login_user: "{{ gitea_postgres_user.login_user | default(omit) }}"
login_unix_socket: "{{ gitea_postgres_user.login_unix_socket | default(omit) }}"
port: "{{ gitea_postgres_user.port | default(omit) }}"
state: "{{ gitea_postgres_user.state | default('present') }}"
no_log: True
when: gitea_postgres_user is defined
delegate_to: "{{ gitea_postgres_server }}"
when: droneci_postgres_enabled

20
tasks/setup.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Concat lists for proxy setup
set_fact:
droneci_no_proxy: "{{ __droneci_default_no_proxy }} + {{ droneci_no_proxy }}"
- block:
- name: Deploy compose file to '{{ droneci_service_directory }}'
template:
src: "services/droneci-compose.yml.j2"
dest: "{{ droneci_service_directory }}/docker-compose.yml"
owner: root
group: root
mode: 0644
notify: __drone_restart
- name: Ensure drone ci containers are up and running
docker_service:
project_src: "{{ droneci_service_directory }}"
become: True
become_user: root

42
templates/nginx/vhost.j2 Normal file
View File

@ -0,0 +1,42 @@
#jinja2: lstrip_blocks: True
# {{ ansible_managed }}
upstream backend {
server {{ droneci_server_ip }}:{{ droneci_server_proxy_port }};
}
server {
listen 80;
server_name {{ droneci_server_name }};
{% if droneci_nginx_tls_enabled %}
return 301 https://$server_name$request_uri;
{% else %}
location / {
proxy_pass {{ droneci_server_proxy_protocol }}://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
{% endif %}
}
{% if droneci_nginx_tls_enabled %}
server {
listen 443 ssl;
server_name {{ droneci_server_name }};
location / {
proxy_pass {{ droneci_server_proxy_protocol }}://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/pki/tls/certs/{{ droneci_tls_key_path | basename }};
ssl_certificate_key /etc/pki/tls/private/{{ droneci_tls_key_path | basename }};
}
{% endif %}

70
templates/services/droneci-compose.yml.j2 Normal file
View File

@ -0,0 +1,70 @@
#jinja2:lstrip_blocks: True
# {{ ansible_managed }}
version: '2'
services:
droneserver:
image: {{ droneci_server_image }}
ports:
- {{ droneci_server_exposed_port }}:8000
- 9000
{% if not droneci_postgres_persistence_enabled %}
volumes:
- droneserver-data:/var/lib/drone/
{% endif %}
restart: {{ droneci_server_restart_policy }}
environment:
- DRONE_OPEN=true
- DRONE_HOST={{ droneci_host }}
- DRONE_SECRET={{ droneci_secret }}
- DRONE_ADMIN={{ droneci_admins | default(omit) | join(",") }}
{% if droneci_pass_ca_enabled %}
- DRONE_VOLUME={{ droneci_ca_path }}:/etc/ssl/certs/ca-certificates.crt
{% endif %}
{% if droneci_postgres_persistence_enabled %}
- DRONE_DATABASE_DRIVER=postgres
- DRONE_DATABASE_DATASOURCE=postgres://{{ droneci_postgres_user.name }}:{{ droneci_postgres_user.password }}@{{ droneci_postgres_server }}/{{ droneci_postgres_db.name }}{% if not droneci_postgres_tls_enabled %}?sslmode=disable{% endif %}
{% endif %}
{% if droneci_gitea_enabled %}
- DRONE_GITEA=true
- DRONE_GITEA_URL={{ droneci_gitea_host }}
{% if droneci_gitea_git_user is defined %}
- DRONE_GITEA_GIT_USERNAME={{ droneci_gitea_git_user }}
{% endif %}
{% if droneci_gitea_git_password is defined %}
- DRONE_GITEA_GIT_PASSWORD={{ droneci_gitea_git_password }}
{% endif %}
- DRONE_GITEA_PRIVATE_MODE={{ droneci_gitea_private_mode_enabled | lower }}
- DRONE_GITEA_SKIP_VERIFY={{ droneci_gitea_skip_verify_enabled | lower }}
{% endif %}
{% if droneci_http_proxy is defined %}
- HTTP_PROXY={{ droneci_http_proxy | join(',') }}
- http_proxy={{ droneci_http_proxy | join(',') }}
{% endif %}
{% if droneci_https_proxy is defined %}
- HTTPS_PROXY={{ droneci_https_proxy | join(',') }}
- https_proxy={{ droneci_https_proxy | join(',') }}
{% endif %}
- NO_PROXY={{ droneci_no_proxy | join(',') }}
- no_proxy={{ droneci_no_proxy | join(',') }}
droneagent:
image: {{ droneci_agent_image }}
command: agent
restart: {{ droneci_agent_restart_policy }}
depends_on:
- droneserver
volumes:
- {{ droneci_docker_socket_path }}:/var/run/docker.sock
environment:
- DRONE_SERVER=droneserver:9000
- DRONE_SECRET={{ droneci_secret }}
# TODO: temp static value, needs to be replaced by a custom fact
- DOCKER_API_VERSION=1.26
{% if not droneci_postgres_persistence_enabled %}
volumes:
droneserver-data:
{% endif %}

4
vars/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
__droneci_default_no_proxy:
- droneserver
- droneagent