Collection with roles and playbooks to get MyDocker up and running
enable_datadog: false
enable_ceph: false
- If you want to use NFS for the persisted storage, configure it on the server :
sudo mkdir -p /mnt/mydocker-fs
sudo mount -t nfs ip.of.the.server:/path/to/mydocker-fs /mnt/mydocker-fs
- Make sure that there is a DNS pointing to your server.
- Generate public and private RSA key pair
openssl genrsa -traditional -out private_key.pem 4096
openssl rsa -traditional -pubout -in private_key.pem -out public_key.pem
- Create an inventory with the groups
web
,docker_swarm_manager
,docker_swarm_worker
:
# inventories/myenv/hosts
web_server ansible_host=ip.of.the.server ansible_user=ubuntu
[web]
web_server
[docker_swarm_manager]
web_server
[docker_swarm_worker]
web_server
- Create a file with the variables (of course, change those unsafe values, and store them safely, for instance with ansible-vault)
# inventories/myenv/group_vars/all/variables.yml
back_version: 2.26.0
front_version: 2.24.2
docker_api_version: 2.16.1
web_pg_password: password
web_jwt_secret: secret
web_url: mydocker.mydomain.com
web_letsencrypt_email: myname@mydomain.com
web_back_private_key: |
-----BEGIN RSA PRIVATE KEY-----
...
web_back_public_key: |
-----BEGIN PUBLIC KEY-----
...
- Run the playbook :
ansible-playbook -i inventories/myenv/hosts centralesupelec.mydocker.full_setup
- First, visit the new website https://mydocker.mydomain.com (directly or through Moodle) to create your account in the DB
- Then, connect to the server (SSH) and run following SQL command:
sudo -u postgres psql thuv -c "UPDATE users_roles SET role_id = (SELECT id FROM roles WHERE name = 'ROLE_ADMIN') WHERE user_id = 1;"
Requirements :
- A docker registry with credentials to push and pull set in variables
Corresponding required variables :
registry_address
registry_username
registry_password
build_image_repository
(namespace where built images will be pushed)build_image
(defaults todocker.io/centralesupelec/kaniko
; must be a Kaniko debug image with a mechanism authorizing to push toregistry_address
)
Requirements :
- A docker image built using the dedicated repository
- A terraform state stored on a S3 storage
Corresponding required variables :
deploy_image
s3_backend_access_key
s3_backend_secret_key
ovh_consumer_key
ovh_application_secret
os_username
os_password
smtp_username
smtp_password
smtp_server
smtp_port
smtp_from
smtp_to
terraform_state_url
Requirements :
- A docker image built using the dedicated repository
- A terraform state stored on a S3 storage
Corresponding required variables :
deploy_image
autoscaling_state_base_url
s3_backend_access_key
s3_backend_secret_key
ovh_consumer_key
ovh_application_secret
os_username
os_password
smtp_username
smtp_password
smtp_server
smtp_port
smtp_from
smtp_to
terraform_state_url
Requirements :
- A Ceph RBD & CephFS cluster on OVH
Corresponding required variables :
enable_ceph
ceph_user
ceph_pool
ceph_key
ceph_service_name
: OVH service name to create ACL