Merge pull request 'db-deploy' (#1) from db-deploy into master

Reviewed-on: #1
2022-10-08 17:13:19 +00:00 · 2022-10-08 17:13:19 +00:00 · 29a040751a
commit 29a040751a
parent 4c465044ef a844e10970
22 changed files with 242 additions and 7 deletions
--- a/server/.travis.yml
+++ b/server/.travis.yml
--- a/server/README.md
+++ b/server/README.md
--- a/server/defaults/main.yml
+++ b/server/defaults/main.yml
--- a/db/files/docker-compose-server.yml
+++ b/db/files/docker-compose-server.yml
@ -0,0 +1,30 @@
+version: "3.3"
+services:
+
+  db:
+    image: postgres
+    volumes:
+      - app-db-data:/var/lib/postgresql/data/pgdata
+    env_file:
+      - .env
+    environment:
+      - PGDATA=/var/lib/postgresql/data/pgdata
+    ports:
+      - "54321:5432"
+
+  redis:
+    image: redis/redis-stack-server:latest
+    ports:
+      - "63791:6379"
+    
+  liquibase:
+    build:
+      context: ./covas-liquibase
+      dockerfile: Dockerfile
+    depends_on:
+      - db
+    command:
+      - "update"
+
+volumes:
+  app-db-data:
--- a/server/handlers/main.yml
+++ b/server/handlers/main.yml
--- a/server/meta/main.yml
+++ b/server/meta/main.yml
--- a/db/tasks/deploy-db.yml
+++ b/db/tasks/deploy-db.yml
@ -0,0 +1,34 @@
+# deploy db postgresql, liquibase and redis
+
+- name: git archive local
+  local_action:
+    module: git
+    repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/covas-liquibase.git"
+    dest: "/home/valentin/src/"
+    archive: "/tmp/covas-liquibase.tar.gz"
+    force: yes
+    update: yes
+  run_once: True
+
+- name: Create directory
+  file: 
+    path: "/home/valentin/{{ item }}"
+    state: directory
+  with_items:
+    - db
+    - db/covas-liquibase
+
+- name: Extract covas liquibase
+  unarchive:
+    src: "/tmp/covas-liquibase.tar.gz"
+    dest: "/home/valentin/db/covas-liquibase"
+
+- name: Template env file
+  template:
+    src: env.j2
+    dest: /home/valentin/db/.env
+
+- name: Copy docker compose server file
+  copy:
+    src: docker-compose-server.yml
+    dest: /home/valentin/db/docker-compose.yml
--- a/db/tasks/main.yml
+++ b/db/tasks/main.yml
@ -0,0 +1,23 @@
+---
+# tasks file for server
+
+
+
+# include task db
+
+- name: Deploy database postgresql and redis
+  ansible.builtin.import_tasks: deploy-db.yml
+  tags: ["start-with-deploy", "deploy"]
+
+- name: Start db postgresql and redis
+  ansible.builtin.import_tasks: start-db.yml
+  tags: ["start-with-deploy", "start"]
+
+
+- name: stop db postgresql and redis
+  ansible.builtin.import_tasks: stop-db.yml
+  tags: ["destroy", "stop"]
+
+- name: Remove db
+  ansible.builtin.import_tasks: remove-db.yml
+  tags: ["destroy"]
--- a/db/tasks/remove-db.yml
+++ b/db/tasks/remove-db.yml
@ -0,0 +1,18 @@
+# remove db 
+
+- name: Stopping existing service
+  community.docker.docker_compose:
+    project_src: /home/valentin/db
+    state: absent
+    remove_volumes: yes
+    remove_images: local
+  register: output
+
+- name: Debug output
+  debug:
+    var: output
+
+- name: Remove project covas db
+  file:
+    path: /home/valentin/db
+    state: absent
--- a/db/tasks/start-db.yml
+++ b/db/tasks/start-db.yml
@ -0,0 +1,34 @@
+# start services db
+
+- name: Stopping existing service
+  community.docker.docker_compose:
+    project_src: /home/valentin/db
+
+- name: Starting service
+  community.docker.docker_compose:
+    project_src: /home/valentin/db
+  register: output
+
+- name: debug output
+  debug: 
+    var: output
+
+- name: Allow port postgresql 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 54321
+    jump: ACCEPT
+    state: present
+  become: yes
+  become_method: sudo
+
+- name: Allow port redis 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 63791
+    jump: ACCEPT
+    state: present
+  become: yes
+  become_method: sudo
--- a/db/tasks/stop-db.yml
+++ b/db/tasks/stop-db.yml
@ -0,0 +1,34 @@
+# stop services db and redis 
+
+- name: Disallow port postgresql 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 54321
+    jump: ACCEPT
+    state: absent
+  become: yes
+  become_method: sudo
+
+
+- name: Disallow port redis 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 63791
+    jump: ACCEPT
+    state: absent
+  become: yes
+  become_method: sudo
+
+- name: Stopping existing service
+  community.docker.docker_compose:
+    project_src: /home/valentin/db
+    state: present
+    stopped: yes
+  register: output
+
+
+- name: Debug output
+  debug:
+    var: output
--- a/db/templates/env.j2
+++ b/db/templates/env.j2
@ -0,0 +1,3 @@
+POSTGRES_PASSWORD={{ postgres_password }}
+POSTGRES_USER={{ postgres_user }}
+POSTGRES_DB={{ postgres_db }}
--- a/server/vars/main.yml
+++ b/server/vars/main.yml
--- a/0
+++ b/0
--- a/inventory/all
+++ b/inventory/all
--- a/inventory/group_vars/db
+++ b/inventory/group_vars/db
@ -0,0 +1 @@
+postgres_db: toto
--- a/inventory/group_vars/db_vault
+++ b/inventory/group_vars/db_vault
@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+35323139356565316333376432336436666566666631363635366235316435313536373765383234
+6664623264396635643636663865626130616135326230610a373064656264323233663563623930
+38373762363331663632343036336139663833616638653361363535643239643166363435613764
+3864363664303836380a363739653638623639663262356532656262393862323164656531393531
+35663166376632663734356666306433383363386236613330663536326432306561653665356533
+64396538376432336532343366393938363963656432353638346165313836373136343433623435
+65626138633637653631386663386462623633656434363761623366626565396362663864613166
+33346136386532636132613532626133376534326339646161356461346434626335376661656534
+32343936616335376563363131643938333833376231663862333961383566666137
--- a/inventory/hosts
+++ b/inventory/hosts
@ -0,0 +1,7 @@
+vps ansible_connection=ssh ansible_host=51.222.107.37 ansible_port=2424 ansible_user=valentin
+
+[db]
+vps
+
+[db_vault:children]
+db
--- a/main.tf
+++ b/main.tf
@ -0,0 +1,43 @@
+terraform {
+  required_providers {
+    scaleway = {
+      source = "scaleway/scaleway"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+resource "scaleway_k8s_cluster" "terraform-test" {
+   name    = "terraform-test"
+   version = "1.24.3"
+   cni     = "cilium"
+   project_id = "81af2696-6120-4f45-baf3-d17fb0525824"
+   region = "fr-par"
+}
+
+ resource "scaleway_k8s_pool" "john" {
+   cluster_id = scaleway_k8s_cluster.terraform-test.id
+   name       = "john"
+   node_type  = "DEV1-M"
+   size       = 1
+ }
+
+ resource "null_resource" "kubeconfig" {
+  depends_on = [scaleway_k8s_pool.john] # at least one pool here
+  triggers = {
+    host                   = scaleway_k8s_cluster.terraform-test.kubeconfig[0].host
+    token                  = scaleway_k8s_cluster.terraform-test.kubeconfig[0].token
+    cluster_ca_certificate = scaleway_k8s_cluster.terraform-test.kubeconfig[0].cluster_ca_certificate
+  }
+}
+
+
+provider "kubernetes" {
+  load_config_file = "false"
+
+  host  = null_resource.kubeconfig.triggers.host
+  token = null_resource.kubeconfig.triggers.token
+  cluster_ca_certificate = base64decode(
+  null_resource.kubeconfig.triggers.cluster_ca_certificate
+  )
+}
--- a/playbook.yml
+++ b/playbook.yml
@ -0,0 +1,5 @@
+---
+- hosts: db
+  remote_user: valentin
+  roles:
+    - db
--- a/server/tasks/main.yml
+++ b/server/tasks/main.yml
@ -1,2 +0,0 @@
---
-# tasks file for server
--- a/test.yml
+++ b/test.yml
@ -1,5 +0,0 @@
---
- hosts: localhost
-  remote_user: root
-  roles:
-    - server