mirror of
https://github.com/viq/NewsBlur.git
synced 2025-09-18 21:43:31 +00:00
Adding hetzner mongo servers.
This commit is contained in:
Samuel Clay
parent
13ecb01d0a
commit
96016e82e6
6 changed files with 117 additions and 47 deletions
|
|
@ -9,7 +9,9 @@ server=/consul/127.0.0.1#8600
|
|||
no-resolv
|
||||
|
||||
{% for interface in network_interfaces %}
|
||||
{% if not interface.startswith('veth') %}
|
||||
interface={{ interface }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
bind-interfaces
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
---
|
||||
- name: Permissions for mongo
|
||||
become: yes
|
||||
file:
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
|
@ -8,6 +7,17 @@
|
|||
group: "{{ ansible_effective_group_id|int }}"
|
||||
path: /var/log/mongodb
|
||||
|
||||
- name: Copy MongoDB keyfile
|
||||
# become: yes
|
||||
copy:
|
||||
content: "{{ mongodb_keyfile }}"
|
||||
dest: /srv/newsblur/config/mongodb_keyfile.key
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
mode: 0400
|
||||
tags:
|
||||
- keyfile
|
||||
|
||||
- name: Block for mongo volume
|
||||
block:
|
||||
- name: Get the volume name
|
||||
|
|
@ -37,46 +47,47 @@
|
|||
opts: defaults,discard
|
||||
state: mounted
|
||||
|
||||
|
||||
- name: Set permissions on mongo volume
|
||||
# become: yes
|
||||
file:
|
||||
path: "/mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}"
|
||||
state: directory
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
recurse: yes
|
||||
|
||||
- name: Make backup directory
|
||||
# become: yes
|
||||
file:
|
||||
path: "/mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}/backup/"
|
||||
state: directory
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Create symlink to mounted volume for backups to live
|
||||
file:
|
||||
state: link
|
||||
src: "/mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}/backup"
|
||||
path: /srv/newsblur/backup
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
force: yes
|
||||
when: (inventory_hostname | regex_replace('[0-9]+', '')) in ['db-mongo-secondary', 'db-mongo-analytics']
|
||||
|
||||
- name: Copy MongoDB keyfile
|
||||
become: yes
|
||||
copy:
|
||||
content: "{{ mongodb_keyfile }}"
|
||||
dest: /srv/newsblur/config/mongodb_keyfile.key
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
mode: 0400
|
||||
tags:
|
||||
- keyfile
|
||||
|
||||
- name: Set permissions on mongo volume
|
||||
become: yes
|
||||
file:
|
||||
path: "/mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}"
|
||||
state: directory
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
recurse: yes
|
||||
- name: Block for mongo volume on hetzner
|
||||
block:
|
||||
- name: Create backup directory
|
||||
file:
|
||||
path: "/srv/newsblur/docker/volumes/mongo/backup"
|
||||
state: directory
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
mode: 0755
|
||||
when: (inventory_hostname | regex_replace('[0-9]+', '')) in ['hdb-mongo-secondary', 'hdb-mongo-analytics']
|
||||
|
||||
- name: Make backup directory
|
||||
become: yes
|
||||
file:
|
||||
path: "/mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}/backup/"
|
||||
state: directory
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Create symlink to mounted volume for backups to live
|
||||
file:
|
||||
state: link
|
||||
src: "/mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}/backup"
|
||||
path: /srv/newsblur/backup
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
force: yes
|
||||
|
||||
- name: Start db-mongo docker container
|
||||
become: yes
|
||||
docker_container:
|
||||
|
|
@ -103,7 +114,46 @@
|
|||
- /srv/newsblur/config/mongodb_keyfile.key:/srv/newsblur/config/mongodb_keyfile.key
|
||||
- /var/log/mongodb/:/var/log/mongodb/
|
||||
- /mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}/backup/:/backup/
|
||||
when: (inventory_hostname | regex_replace('\-?[0-9]+', '')) in ['db-mongo', 'db-mongo-primary', 'db-mongo-secondary', 'hdb-mongo-secondary', 'hdb-mongo-primray']
|
||||
when: (inventory_hostname | regex_replace('\-?[0-9]+', '')) in ['db-mongo', 'db-mongo-primary', 'db-mongo-secondary']
|
||||
|
||||
- name: Start mongo and set permissions
|
||||
block:
|
||||
- name: Start db-mongo docker container on hetzner
|
||||
docker_container:
|
||||
name: mongo
|
||||
image: mongo:4.0
|
||||
state: started
|
||||
container_default_behavior: no_defaults
|
||||
hostname: "{{ inventory_hostname }}"
|
||||
restart_policy: unless-stopped
|
||||
networks_cli_compatible: yes
|
||||
network_mode: host
|
||||
# network_mode: default
|
||||
# networks:
|
||||
# - name: newsblurnet
|
||||
# aliases:
|
||||
# - mongo
|
||||
# ports:
|
||||
# - "27017:27017"
|
||||
command: --config /etc/mongod.conf
|
||||
# user: 1000:1001
|
||||
user: "{{ ansible_effective_user_id|int }}:{{ ansible_effective_group_id|int }}"
|
||||
volumes:
|
||||
- /srv/newsblur/docker/volumes/mongo:/data/db
|
||||
- /srv/newsblur/ansible/roles/mongo/templates/mongo.conf:/etc/mongod.conf
|
||||
- /srv/newsblur/config/mongodb_keyfile.key:/srv/newsblur/config/mongodb_keyfile.key
|
||||
- /var/log/mongodb/:/var/log/mongodb/
|
||||
- /srv/newsblur/docker/volumes/mongo/backup/:/backup/
|
||||
|
||||
- name: Set permissions on mongo volume
|
||||
become: yes
|
||||
file:
|
||||
path: "/srv/newsblur/docker/volumes/"
|
||||
state: directory
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
recurse: yes
|
||||
when: (inventory_hostname | regex_replace('\-?[0-9]+', '')) in ['hdb-mongo-primary', 'hdb-mongo-secondary', 'hdb-mongo-analytics']
|
||||
|
||||
- name: Start db-mongo-analytics docker container
|
||||
become: yes
|
||||
|
|
@ -191,7 +241,6 @@
|
|||
- logrotate
|
||||
|
||||
- name: Add sanity checkers cronjob for disk usage
|
||||
become: yes
|
||||
cron:
|
||||
name: disk_usage_sanity_checker
|
||||
user: root
|
||||
|
|
@ -214,7 +263,6 @@
|
|||
register: app_changed
|
||||
|
||||
- name: Add mongo backup log
|
||||
become: yes
|
||||
file:
|
||||
path: /var/log/mongo_backup.log
|
||||
state: touch
|
||||
|
|
|
|||
|
|
@ -34,8 +34,16 @@
|
|||
dest: /srv/newsblur/docker/redis/redis_replica.conf
|
||||
notify: restart redis
|
||||
register: updated_config
|
||||
when: "'db-redis-story1' in inventory_hostname"
|
||||
when: "'db-redis-story2' not in inventory_hostname"
|
||||
|
||||
- name: Create Redis docker volume directory
|
||||
file:
|
||||
path: /srv/newsblur/docker/volumes
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: "{{ ansible_effective_user_id|int }}"
|
||||
group: "{{ ansible_effective_group_id|int }}"
|
||||
|
||||
- name: Create Redis docker volume with correct permissions
|
||||
file:
|
||||
path: /srv/newsblur/docker/volumes/redis
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
{% if inventory_hostname in ["db-redis-user", "db-redis-story1", "db-redis-session", "db-redis-pubsub"] %}
|
||||
"name": "{{ inventory_hostname|regex_replace('\d+', '') }}",
|
||||
{% else %}
|
||||
"name": "{{ inventory_hostname|regex_replace('\d+', '') }}-staging",
|
||||
"name": "{{ inventory_hostname|regex_replace('\-?\d+', '')|regex_replace('hdb-', 'db-') }}-staging",
|
||||
{% endif %}
|
||||
"id": "{{ inventory_hostname }}",
|
||||
"tags": [
|
||||
|
|
@ -12,13 +12,13 @@
|
|||
"port": 6379,
|
||||
"checks": [{
|
||||
"id": "{{inventory_hostname}}-ping",
|
||||
{% if inventory_hostname.startswith('db-redis-story') %}
|
||||
{% if 'db-redis-story' in inventory_hostname %}
|
||||
"http": "http://{{ ansible_host }}:5579/db_check/redis_story?consul=1",
|
||||
{% elif inventory_hostname.startswith('db-redis-user') %}
|
||||
{% elif 'db-redis-user' in inventory_hostname %}
|
||||
"http": "http://{{ ansible_host }}:5579/db_check/redis_user?consul=1",
|
||||
{% elif inventory_hostname.startswith('db-redis-pubsub') %}
|
||||
{% elif 'db-redis-pubsub' in inventory_hostname %}
|
||||
"http": "http://{{ ansible_host }}:5579/db_check/redis_pubsub?consul=1",
|
||||
{% elif inventory_hostname.startswith('db-redis-sessions') %}
|
||||
{% elif 'db-redis-sessions' in inventory_hostname %}
|
||||
"http": "http://{{ ansible_host }}:5579/db_check/redis_sessions?consul=1",
|
||||
{% else %}
|
||||
"http": "http://{{ ansible_host }}:5000/db_check/redis?consul=1",
|
||||
|
|
|
|||
|
|
@ -35,10 +35,22 @@
|
|||
- firewall
|
||||
- ufw
|
||||
|
||||
- name: Allow all access from Hetzner inventory hosts
|
||||
become: yes
|
||||
ufw:
|
||||
rule: allow
|
||||
src: '{{ item }}'
|
||||
with_items: "{{ groups['NewsBlur_Hetzner'] | map('extract', hostvars, ['ansible_host']) }}"
|
||||
tags:
|
||||
- firewall
|
||||
- ufw
|
||||
- hetzner_firewall
|
||||
|
||||
- name: Allow all access from Hetzner inventory hosts with docker
|
||||
become: yes
|
||||
ufw:
|
||||
rule: allow
|
||||
route: yes
|
||||
src: '{{ item }}'
|
||||
with_items: "{{ groups['NewsBlur_Hetzner'] | map('extract', hostvars, ['ansible_host']) }}"
|
||||
tags:
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
replicaof {{ inventory_hostname|regex_replace('\d+', '') }}.service.nyc1.consul 6379
|
||||
replicaof {{ inventory_hostname|regex_replace('\-?\d+', '')|regex_replace('hdb\-', 'db-') }}.service.nyc1.consul 6379
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue