/mydocker-ansible-collection

🗃️ Ansible roles and playbooks for MyDocker

Primary LanguageShell

Ansible Collection - centralesupelec.mydocker

Collection with roles and playbooks to get MyDocker up and running

Variables

enable_datadog: false
enable_ceph: false

Usage

Before

  • If you want to use NFS for the persisted storage, configure it on the server :
sudo mkdir -p /mnt/mydocker-fs
sudo mount -t nfs ip.of.the.server:/path/to/mydocker-fs /mnt/mydocker-fs
  • Make sure that there is a DNS pointing to your server.
  • Generate public and private RSA key pair
openssl genrsa -traditional -out private_key.pem 4096
openssl rsa -traditional -pubout -in private_key.pem -out public_key.pem

Using the playbooks

  • Create an inventory with the groups web, docker_swarm_manager, docker_swarm_worker :
# inventories/myenv/hosts
web_server ansible_host=ip.of.the.server ansible_user=ubuntu

[web]
web_server

[docker_swarm_manager]
web_server

[docker_swarm_worker]
web_server
  • Create a file with the variables (of course, change those unsafe values, and store them safely, for instance with ansible-vault)
# inventories/myenv/group_vars/all/variables.yml
back_version: 2.26.0
front_version: 2.24.2
docker_api_version: 2.16.1
web_pg_password: password
web_jwt_secret: secret
web_url: mydocker.mydomain.com
web_letsencrypt_email: myname@mydomain.com
web_back_private_key: |
  -----BEGIN RSA PRIVATE KEY-----
  ...
web_back_public_key: |
  -----BEGIN PUBLIC KEY-----
  ...
  • Run the playbook :
ansible-playbook -i inventories/myenv/hosts centralesupelec.mydocker.full_setup

Make the first user an admin

  1. First, visit the new website https://mydocker.mydomain.com (directly or through Moodle) to create your account in the DB
  2. Then, connect to the server (SSH) and run following SQL command:
sudo -u postgres psql thuv -c "UPDATE users_roles SET role_id = (SELECT id FROM roles WHERE name = 'ROLE_ADMIN') WHERE user_id = 1;"

Feature : build image

Requirements :

  • A docker registry with credentials to push and pull set in variables

Corresponding required variables :

  • registry_address
  • registry_username
  • registry_password
  • build_image_repository (namespace where built images will be pushed)
  • build_image (defaults to docker.io/centralesupelec/kaniko; must be a Kaniko debug image with a mechanism authorizing to push to registry_address)

Feature : manually deploying nodes using MyDocker

Requirements :

  • A docker image built using the dedicated repository
  • A terraform state stored on a S3 storage

Corresponding required variables :

  • deploy_image
  • s3_backend_access_key
  • s3_backend_secret_key
  • ovh_consumer_key
  • ovh_application_secret
  • os_username
  • os_password
  • smtp_username
  • smtp_password
  • smtp_server
  • smtp_port
  • smtp_from
  • smtp_to
  • terraform_state_url

Feature : automatically deploying nodes using MyDocker

Requirements :

  • A docker image built using the dedicated repository
  • A terraform state stored on a S3 storage

Corresponding required variables :

  • deploy_image
  • autoscaling_state_base_url
  • s3_backend_access_key
  • s3_backend_secret_key
  • ovh_consumer_key
  • ovh_application_secret
  • os_username
  • os_password
  • smtp_username
  • smtp_password
  • smtp_server
  • smtp_port
  • smtp_from
  • smtp_to
  • terraform_state_url

Feature : Ceph storage

Requirements :

  • A Ceph RBD & CephFS cluster on OVH

Corresponding required variables :

  • enable_ceph
  • ceph_user
  • ceph_pool
  • ceph_key
  • ceph_service_name : OVH service name to create ACL