From 216ff475742a33837fa608ef107c363f836f96c7 Mon Sep 17 00:00:00 2001 From: Kacper Donat Date: Sat, 13 Mar 2021 18:27:44 +0100 Subject: [PATCH] Add legacy nginx service --- deploy.yaml | 1 + roles/kadet.docker-swarm/tasks/main.yml | 4 -- services/gitea/tasks/setup.yml | 12 +++++- services/legacy/config/nginx.conf | 28 ++++++++++++++ services/legacy/sites/default.conf | 43 ++++++++++++++++++++++ services/legacy/stack.yml | 15 ++++++++ services/legacy/tasks/config.yml | 18 +++++++++ services/legacy/tasks/setup.yml | 30 +++++++++++++++ services/legacy/vars/main.yml | 5 +++ services/traefik/config/dynamic/nginx.yaml | 6 +++ vars/environment.yml | 1 + vars/services.yml | 2 + 12 files changed, 160 insertions(+), 5 deletions(-) create mode 100644 services/legacy/config/nginx.conf create mode 100644 services/legacy/sites/default.conf create mode 100644 services/legacy/stack.yml create mode 100644 services/legacy/tasks/config.yml create mode 100644 services/legacy/tasks/setup.yml create mode 100644 services/legacy/vars/main.yml create mode 100644 services/traefik/config/dynamic/nginx.yaml diff --git a/deploy.yaml b/deploy.yaml index bea4900..0d39ff3 100644 --- a/deploy.yaml +++ b/deploy.yaml @@ -5,6 +5,7 @@ vars_files: - vars/environment.yml - vars/services.yml + - vars/databases.yml tasks: - name: Deploy services diff --git a/roles/kadet.docker-swarm/tasks/main.yml b/roles/kadet.docker-swarm/tasks/main.yml index 4a717d6..ee213eb 100644 --- a/roles/kadet.docker-swarm/tasks/main.yml +++ b/roles/kadet.docker-swarm/tasks/main.yml @@ -11,7 +11,3 @@ driver: "{{ item.driver|default('overlay') }}" scope: swarm loop: "{{ swarm_global_networks }}" - -- name: Set swarm_host_address fact - set_fact: - swarm_host_address: "{{ ansible_docker0.ipv4.address }}" diff --git a/services/gitea/tasks/setup.yml b/services/gitea/tasks/setup.yml index 6202c85..126115a 100644 --- a/services/gitea/tasks/setup.yml +++ b/services/gitea/tasks/setup.yml @@ -4,6 +4,8 @@ path: "{{ repositories_path }}" state: directory owner: "{{ ansible_user }}" + tags: + - setup - name: 'Create git user for ssh access' user: @@ -14,6 +16,8 @@ state: present generate_ssh_key: yes register: git_user + tags: + - setup - name: 'Add host key for gitea SSH passthrough' ansible.posix.authorized_key: @@ -21,14 +25,20 @@ key: "{{ git_user.ssh_public_key }}" state: present manage_dir: False + tags: + - setup - name: 'Ensure /app/gitea exists' file: path: "/app/gitea" state: directory + tags: + - setup - name: 'Copy gitea-ssh-forward script to remote' copy: src: "{{ service_path }}/bin/gitea-ssh-forward" dest: "/app/gitea/gitea" - + mode: +x + tags: + - setup diff --git a/services/legacy/config/nginx.conf b/services/legacy/config/nginx.conf new file mode 100644 index 0000000..f45bc1d --- /dev/null +++ b/services/legacy/config/nginx.conf @@ -0,0 +1,28 @@ +user {{ www_user.uid }}; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/services/legacy/sites/default.conf b/services/legacy/sites/default.conf new file mode 100644 index 0000000..14d2504 --- /dev/null +++ b/services/legacy/sites/default.conf @@ -0,0 +1,43 @@ +server { + listen 80; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} diff --git a/services/legacy/stack.yml b/services/legacy/stack.yml new file mode 100644 index 0000000..e20c71e --- /dev/null +++ b/services/legacy/stack.yml @@ -0,0 +1,15 @@ +version: "{{ compose_version }}" + +services: + nginx: + image: nginx:latest + networks: + - "{{ ingress_network }}" + - default + volumes: + - "{{ www_root }}:/var/www" + - "{{ remote_service_path }}/sites:/etc/nginx/conf.d:ro" + deploy: + labels: + - traefik.enable=true + - traefik.http.services.{{ service }}.loadbalancer.server.port=80 diff --git a/services/legacy/tasks/config.yml b/services/legacy/tasks/config.yml new file mode 100644 index 0000000..d3554f5 --- /dev/null +++ b/services/legacy/tasks/config.yml @@ -0,0 +1,18 @@ +--- +- name: 'Ensure sites config directory exists' + file: + path: "{{ remote_service_path }}/sites" + state: directory + owner: "{{ ansible_user }}" + tags: + - config + +- name: 'Copy sites configuration to remote server' + template: + src: "{{ file }}" + dest: "{{ remote_service_path }}/sites/{{ file|basename }}" + with_fileglob: "{{ service_path }}/sites/*" + loop_control: + loop_var: file + tags: + - config diff --git a/services/legacy/tasks/setup.yml b/services/legacy/tasks/setup.yml new file mode 100644 index 0000000..8626297 --- /dev/null +++ b/services/legacy/tasks/setup.yml @@ -0,0 +1,30 @@ +--- +- name: Create www-data user for ssh access for legacy services + user: + name: www-data + group: www-data + shell: /bin/bash + system: yes + password: '!' + state: present + register: www_user + tags: + - setup + +- name: Add users to www-data group + user: + user: "{{ user }}" + groups: docker + append: yes + loop: "{{ www_data_users }}" + loop_control: + loop_var: user + +- name: Ensure WWW root exists for legacy services + file: + path: "{{ www_root }}" + state: directory + owner: "{{ www_user.uid }}" + group: "{{ www_user.group }}" + mode: g+rw + diff --git a/services/legacy/vars/main.yml b/services/legacy/vars/main.yml new file mode 100644 index 0000000..7ce217b --- /dev/null +++ b/services/legacy/vars/main.yml @@ -0,0 +1,5 @@ +--- +www_root: /var/www +www_data_users: [] + +php_versions: ['7.1', '7.3'] diff --git a/services/traefik/config/dynamic/nginx.yaml b/services/traefik/config/dynamic/nginx.yaml new file mode 100644 index 0000000..3493ecc --- /dev/null +++ b/services/traefik/config/dynamic/nginx.yaml @@ -0,0 +1,6 @@ +--- +http: + routers: + nginx: + rule: Host(`{{ main_domain }}`) + service: legacy@docker diff --git a/vars/environment.yml b/vars/environment.yml index 22fcb59..1953663 100644 --- a/vars/environment.yml +++ b/vars/environment.yml @@ -11,3 +11,4 @@ pip_executable: pip3 swarm_addr: eth0 swarm_global_networks: - name: traefik +swarm_host_address: "{{ ansible_docker0.ipv4.address }}" diff --git a/vars/services.yml b/vars/services.yml index 377814f..aaa9960 100644 --- a/vars/services.yml +++ b/vars/services.yml @@ -33,3 +33,5 @@ service_config: user: gitea password: "{{ mysql_user_passwords['gitea'] }}" + legacy: + www_data_users: ["{{ ansible_user }}"]