Update vscode config

Remove become requirement from deploy playbook
cojedzie: Add rolling release
2022-02-19 23:09:44 +01:00 · 2022-02-19 23:08:29 +01:00 · 2022-02-19 23:08:12 +01:00 · 2022-02-19 23:07:36 +01:00 · 2022-02-19 23:07:04 +01:00 · 2022-02-19 23:05:30 +01:00
18 changed files with 122 additions and 46 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -3,7 +3,8 @@
    "yaml.schemas": {
        "https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json": [
            "/services/*/stack.yml"
-        ]
+        ],
+        "https://raw.githubusercontent.com/ansible-community/schemas/main/f/ansible-tasks.json": "tasks/deploy.yml"
    },
    "yaml.customTags": ["!vault scalar"]
 }
--- a/deploy.yaml
+++ b/deploy.yaml
@ -1,6 +1,5 @@
 ---
 - hosts: all
-  become: yes

  vars_files:
    - vars/environment.yml
--- a/services/cojedzie-next/environment
+++ b/services/cojedzie-next/environment
@ -1,3 +1,5 @@
 MERCURE_URL=http://mercure/.well-known/mercure
 MERCURE_PUBLIC_URL=https://{{ cojedzie_domain }}/.well-known/mercure
 MERCURE_JWT_SECRET={{ cojedzie_mercure_jwt_key }}
+
+DATABASE_URL=mysql://{{ cojedzie_database.user }}:{{ cojedzie_database.password }}@{{ database_mysql_host }}/{{ cojedzie_database.name }}?serverVersion=mariadb-10.7.1
--- a/services/cojedzie-next/stack.yml
+++ b/services/cojedzie-next/stack.yml
@ -15,6 +15,9 @@ services:
    deploy:
      mode: replicated
      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
      labels:
        - traefik.enable=true
        - traefik.http.routers.{{ service }}-api.rule=Host(`{{ cojedzie_domain }}`) && PathPrefix(`/api/`)
@ -22,24 +25,6 @@ services:
        - traefik.http.routers.{{ service }}-api.tls=true
        - traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
        - traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
-
-  update-job:
-    image: registry.kadet.net/cojedzie/api:next
-    command: ["console", "app:update", "--async"]
-    networks: 
-      - default
-    volumes: 
-      - db_data:/var/db
-    env_file:
-      - ./environment
-    deploy:
-      mode: replicated
-      replicas: 0
-      labels:
-        - "swarm.cronjob.enable=true"
-        - "swarm.cronjob.schedule={{ cojedzie_update_cron }}"
-      restart_policy:
-        condition: none
  
  cron:
    image: registry.kadet.net/cojedzie/cron:next
@ -91,9 +76,13 @@ services:
      - api
    environment:
      - APP_GTM={{ cojedzie_gtm }}
+      - APP_MAPTILER_KEY={{ cojedzie_maptiler }}
    deploy:
      mode: replicated
      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
      labels:
        - traefik.enable=true
        - traefik.http.routers.{{ service }}-front.rule=Host(`{{ service }}.{{ main_domain }}`) || Host(`{{ cojedzie_domain }}`)
--- a/services/cojedzie-next/tasks/pre-deploy.yaml
+++ b/services/cojedzie-next/tasks/pre-deploy.yaml
@ -0,0 +1,15 @@
+---
+- name: 'Pull all images for "{{ service }}"'
+  community.docker.docker_image:
+    name: "{{ image }}"
+    source: pull
+    force_source: yes
+  with_items:
+   - registry.kadet.net/cojedzie/front:next
+   - registry.kadet.net/cojedzie/api:next
+   - registry.kadet.net/cojedzie/worker:next
+   - registry.kadet.net/cojedzie/cron:next
+  loop_control:
+    loop_var: image
+  notify:
+    - Restart services
--- a/services/cojedzie-next/vars/main.yml
+++ b/services/cojedzie-next/vars/main.yml
@ -10,3 +10,4 @@ cojedzie_mercure_jwt_key: !vault |
          3739383365353837310a613931333264386365663730646163383639383563313066643438326465
          30633666343736323539326133626664356462356466323366633738613436636535353963663536
          3837383838613130646365633232613530303863393866613830
+cojedzie_maptiler: 1gwEkcI3lbNcEb0MOoOu
--- a/services/cojedzie/stack.yml
+++ b/services/cojedzie/stack.yml
@ -2,7 +2,7 @@ version: '{{ compose_version }}'

 services:
  api:
-    image: cojedzie/api:latest
+    image: cojedzie/api:{{ cojedzie_version }}
    networks: 
      - "{{ ingress_network }}"
      - default
@ -15,6 +15,9 @@ services:
    deploy:
      mode: replicated
      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
      labels:
        - traefik.enable=true
        - traefik.http.routers.{{ service }}-api.rule=(Host(`{{ service }}.{{ main_domain }}`) || Host(`{{ cojedzie_domain }}`)) && (PathPrefix(`/api/`) || PathPrefix(`/bundles/`))
@ -22,27 +25,9 @@ services:
        - traefik.http.routers.{{ service }}-api.tls=true
        - traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
        - traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
-
-  update-job:
-    image: cojedzie/api:latest
-    command: ["console", "app:update", "--async"]
-    networks: 
-      - default
-    volumes: 
-      - db_data:/var/db
-    env_file:
-      - ./environment
-    deploy:
-      mode: replicated
-      replicas: 0
-      labels:
-        - "swarm.cronjob.enable=true"
-        - "swarm.cronjob.schedule={{ cojedzie_update_cron }}"
-      restart_policy:
-        condition: none
  
  cron:
-    image: cojedzie/cron:latest
+    image: cojedzie/cron:{{ cojedzie_version }}
    env_file:
      - ./environment
    volumes: 
@ -51,7 +36,7 @@ services:
      - api
  
  worker:
-    image: cojedzie/worker:latest
+    image: cojedzie/worker:{{ cojedzie_version }}
    env_file:
      - ./environment
    volumes: 
@ -83,7 +68,7 @@ services:
        - traefik.http.services.{{ service }}-mercure.loadbalancer.server.port=80

  front:
-    image: cojedzie/front:latest
+    image: cojedzie/front:{{ cojedzie_version }}
    networks: 
      - "{{ ingress_network }}"
      - default
@ -91,9 +76,13 @@ services:
      - api
    environment:
      - APP_GTM={{ cojedzie_gtm }}
+      - APP_MAPTILER_KEY={{ cojedzie_maptiler }}
    deploy:
      mode: replicated
      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
      labels:
        - traefik.enable=true
        - traefik.http.routers.{{ service }}-front.rule=Host(`{{ service }}.{{ main_domain }}`) || Host(`{{ cojedzie_domain }}`)
--- a/services/cojedzie/vars/main.yml
+++ b/services/cojedzie/vars/main.yml
@ -1,5 +1,6 @@
 ---
 cojedzie_domain: cojedzie.pl
+cojedzie_version: '2021.2.0'
 cojedzie_update_cron: 0 0 4 * * * 
 cojedzie_gtm: ""
 cojedzie_mercure_jwt_key: !vault |
@ -10,3 +11,4 @@ cojedzie_mercure_jwt_key: !vault |
          3931313836313133390a316562333130366435633335613066373232363439623932656532373032
          62646432343334346165653466633634356635323038306435343932386233323164633134373964
          6232656562626566663964643634366532393136383261333931
+cojedzie_maptiler: 8GX5FRUNgk4lB83GZT8Q 
--- a/services/legacy/sites/default.conf
+++ b/services/legacy/sites/default.conf
@ -1,5 +1,6 @@
 server {
    listen  80;
+    server_name kadet.net default;
    index   index.html index.htm;

    location / {
--- a/services/portainer/stack.yml
+++ b/services/portainer/stack.yml
@ -2,7 +2,7 @@ version: '{{ compose_version }}'

 services:
  agent:
-    image: portainer/agent:2.9.0
+    image: portainer/agent:{{ portainer_version }}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
@ -14,7 +14,7 @@ services:
        constraints: [node.platform.os == linux]

  portainer:
-    image: portainer/portainer-ce:2.9.0
+    image: portainer/portainer-ce:{{ portainer_version }}
    command: -H tcp://tasks.agent:9001 --tlsskipverify
    volumes:
      - portainer_data:/data
--- a/services/portainer/vars/main.yml
+++ b/services/portainer/vars/main.yml
@ -0,0 +1,2 @@
+---
+portainer_version: 2.11.1
--- a/services/registry/stack.yml
+++ b/services/registry/stack.yml
@ -28,6 +28,25 @@ services:
        - traefik.http.services.{{ service }}.loadbalancer.server.port=5000
    networks: ['{{ ingress_network }}']

+  image-cleanup-job:
+    image: registry:2
+    command: ["registry", "garbage-collect", "/etc/docker/registry/config.yml", "-m"]
+    secrets:
+      - source: htpasswd_{{ registry_htpasswd.stat.checksum }}
+        target: /etc/docker/registry/htpasswd
+    configs:
+      - source: registry_{{ registry_config.checksum }}
+        target: /etc/docker/registry/config.yml
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "swarm.cronjob.enable=true"
+        - "swarm.cronjob.schedule=0 0 0 1 * *"
+      restart_policy:
+        condition: none
+
 configs:
  registry_{{ registry_config.checksum }}:
    file: ./config/config.yml
--- a/services/traefik/config/traefik.yaml
+++ b/services/traefik/config/traefik.yaml
@ -77,4 +77,5 @@ certificatesResolvers:
      caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
      email: "kacper@kadet.net"
      storage: "/etc/traefik/acme/lets-encrypt.json"
-      tlsChallenge: {}
+      dnsChallenge: 
+        provider: ovh
--- a/services/traefik/ovh.env
+++ b/services/traefik/ovh.env
@ -0,0 +1,4 @@
+OVH_ENDPOINT={{ ovh_endpoint }}
+OVH_APPLICATION_KEY={{ ovh_application_key }}
+OVH_APPLICATION_SECRET={{ ovh_application_secret }}
+OVH_CONSUMER_KEY={{ ovh_consumer_key }}
--- a/services/traefik/stack.yml
+++ b/services/traefik/stack.yml
@ -3,6 +3,8 @@ version: "{{ compose_version }}"
 services:
  ingress:
    image: traefik:v2.5
+    env_file:
+      - ./ovh.env
    ports:
      - 80:80
      - 443:443
--- a/services/traefik/tasks/config.yml
+++ b/services/traefik/tasks/config.yml
@ -22,6 +22,13 @@
  tags:
    - config

+- name: 'Generate ovh.env file for "{{ service }}"'
+  template:
+    src: "{{ service_path }}/ovh.env"
+    dest: "{{ remote_service_path }}/ovh.env"
+  tags:
+    - config
+
 - name: 'Copy dynamic config'
  template:
    src: "{{ file }}"
--- a/vars/databases.yml
+++ b/vars/databases.yml
@ -12,6 +12,7 @@ mysql_databases:
  - name: wipe
  - name: keylighter
  - name: shitcode
+  - name: cojedzie-next

 mysql_users:
  - name: gitea
@ -54,5 +55,15 @@ mysql_users:
          65373333353830613433663533633265303965356234396136326631626239646533383761326135
          3365633834336464340a616133656265663039353236666565316431383631656435303166393538
          63323630626239396263626536306632356635373535366335666265396630353430
-
+  - name: cojedzie-next
+    priv: cojedzie-next.*:ALL
+    host: '172.%'
+    password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          35346533366533313962656662613965626139646164656536616361353137386137353962616137
+          3639333138656330326431643362363737656536376661350a343430386361653732333932393265
+          65363865616465623965643564376330316437653665646332353663613038343765316663313837
+          3662646135666461310a353561383261313130623132636366363264393639613963386162613330
+          31303239636231636633366530333530643063303434623763363731616635663639636135316666
+          3737323335303065376633356238303961323331396666366636
 mysql_user_passwords: "{{ mysql_users|items2dict(key_name='name', value_name='password') }}"
--- a/vars/services.yml
+++ b/vars/services.yml
@ -16,6 +16,31 @@ services_to_restart: []

 service_config:
  traefik:
+    ovh_endpoint: ovh-eu
+    ovh_application_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36316437333734643766303734613564306539363531323832623032343233303739303135633563
+          3263613130636262386463323836353238656164306462660a616533366165313437636331303766
+          33383963393464313032303336343761306436316163346630306262363762613831373838663837
+          6363373339316534640a333766373162343864613730376563303361656138323262306339613530
+          34653466333161353433326632323731306565643930383962653233346162343362
+    ovh_application_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          37363635656333343863393435343031306630373038663561303038383136616138363538333636
+          6438353634323266356233633034613263653435386262300a393962656564366432643932373264
+          36656161353730376636646233363662376636383461656434306339646339643865626162646435
+          3835623031326137320a653962383531663532663436316264313035356237623466663262643735
+          66646465646531643638653165316531336430356266393631353439633236323733656463643935
+          6436623435613135313862643962663362656539363165303037
+    ovh_consumer_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64356531386663353164303762396664393031323864363362346336346166353933336334303563
+          6135386139616638396136336534656562643061653630650a366365653234643439323537663766
+          31643864353032303237633933326334626161646336346532386566333465333230383639313664
+          3531383466316437390a393130303136356262363231643063373763303265393563326565633965
+          39303464363636366638373065363535353161613334373530623062376333373234666161323731
+          3764613331316433653335376337356464313137336563643834
+
    traefik_token: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          66623665393638313039616464613563316437386566396238623937363238626535633937633536
@ -46,6 +71,12 @@ service_config:
  cojedzie:
    cojedzie_gtm: GTM-TQNX386

+  cojedzie-next: 
+    cojedzie_database:
+      name: cojedzie-next
+      user: cojedzie-next
+      password: "{{ mysql_user_passwords['cojedzie-next'] }}"
+
  registry:
    registry_users:
      - name: kadet
Author	SHA1	Message	Date
Kacper Donat	2ac8ba46be	Update vscode config	2022-02-19 23:09:44 +01:00
Kacper Donat	402b330fa9	Remove become requirement from deploy playbook	2022-02-19 23:08:29 +01:00
Kacper Donat	3f16abe6ac	cojedzie: Add rolling release	2022-02-19 23:08:12 +01:00
Kacper Donat	151e163383	registry: Add monthly garbage collection	2022-02-19 23:07:36 +01:00
Kacper Donat	f99666a20a	portainer: Bump version to 2.11.1	2022-02-19 23:07:04 +01:00
Kacper Donat	b846eec977	cojedzie-next: Use mysql database	2022-02-19 23:05:30 +01:00
Kacper Donat	fb60d105c6	cojedzie-next: Ensure latest images	2022-02-19 23:03:43 +01:00
Kacper Donat	c1c737124d	traefik: Configure dns challenge	2021-10-25 18:23:06 +02:00
Kacper Donat	15d7be33f4	portainer: Bump version to 2.9.1	2021-10-24 21:33:04 +02:00