public-mirrors/NewsBlur
1
0
Fork 0
mirror of https://github.com/samuelclay/NewsBlur.git synced 2025-04-13 09:42:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Getting the old non-docker servers working in concert with the new ones. Now to give them all the shared firewall and install consul.

Browse source
This commit is contained in:
Samuel Clay 2021-02-23 15:53:46 -05:00
parent 579f554208
commit 1f7816f8ab
12 changed files with 41 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Makefile
View file

@ -65,11 +65,17 @@ plan:
apply: apply:
terraform -chdir=terraform apply terraform -chdir=terraform apply
# Docker
images: images:
- docker image build . --file=docker/newsblur_base_image.Dockerfile --tag=newsblur/newsblur_python3 - docker image build . --file=docker/newsblur_base_image.Dockerfile --tag=newsblur/newsblur_python3
- docker image build . --file=docker/node/node_prod.Dockerfile --tag=newsblur/node_prod - docker image build . --file=docker/node/node_prod.Dockerfile --tag=newsblur/node_prod
- docker push newsblur/newsblur_python3 - docker push newsblur/newsblur_python3
- docker push newsblur/node_prod - docker push newsblur/node_prod
# Tasks
deploy: deploy:
- docker stack deploy --with-registry-auth -c stack-compose.yml dev-stack - docker stack deploy --with-registry-auth -c stack-compose.yml dev-stack
firewall:
- ansible-playbook ansible/provision.yml --tags firewallx -l db

2
ansible.cfg
View file

@ -4,8 +4,6 @@ remote_user = nb
retry_files_enabled = False retry_files_enabled = False
inventory = /srv/newsblur/ansible/inventories/digital_ocean.ini, /srv/newsblur/ansible/inventories/digital_ocean.yml inventory = /srv/newsblur/ansible/inventories/digital_ocean.ini, /srv/newsblur/ansible/inventories/digital_ocean.yml
private_key_file = /srv/secrets-newsblur/keys/docker.key private_key_file = /srv/secrets-newsblur/keys/docker.key
publickey = /srv/secrets-newsblur/keys/docker.key.pub
# private_key_file = /srv/secrets-newsblur/keys/newsblur.key
remote_tmp = ~/.ansible/tmp remote_tmp = ~/.ansible/tmp
forks = 20 forks = 20

1
ansible.old.cfg
View file

@ -7,6 +7,7 @@ private_key_file = /srv/secrets-newsblur/keys/newsblur.key
publickey = /srv/secrets-newsblur/keys/newsblur.key.pub publickey = /srv/secrets-newsblur/keys/newsblur.key.pub
remote_tmp = ~/.ansible/tmp remote_tmp = ~/.ansible/tmp
forks = 20 forks = 20
deprecation_warnings=False
[inventory] [inventory]
enable_plugins = ini, constructed enable_plugins = ini, constructed

3
ansible/group_vars/NewsBlur.yml Normal file
View file

@ -0,0 +1,3 @@
---
ansible_ssh_private_key_file: /srv/secrets-newsblur/keys/newsblur.key
ansible_ssh_user: sclay

3
ansible/group_vars/NewsBlur_Docker.yml Normal file
View file

@ -0,0 +1,3 @@
---
ansible_ssh_private_key_file: /srv/secrets-newsblur/keys/docker.key
ansible_ssh_user: nb

8
ansible/inventories/all.yml
View file

@ -1,3 +1,5 @@
[oldandnew] plugin: constructed
NewsBlur strict: False
NewsBlur_Docker
groups:
oldandnew: group_names | intersect(["NewsBlur", "NewsBlur_Docker"])

11
ansible/inventories/digital_ocean.old.yml
View file

@ -7,9 +7,8 @@ groups:
node: inventory_hostname.startswith('node') node: inventory_hostname.startswith('node')
db: inventory_hostname.startswith('db') db: inventory_hostname.startswith('db')
task: inventory_hostname.startswith('task') task: inventory_hostname.startswith('task')
search: inventory_hostname.startswith('db-elasticsearch') search: inventory_hostname.startswith('search')
elasticsearch: inventory_hostname.startswith('db-elasticsearch') elasticsearch: inventory_hostname.startswith('search')
redis: inventory_hostname.startswith('db-redis') redis: inventory_hostname.startswith('db4')
postgres: inventory_hostname.startswith('db01') postgres: inventory_hostname.startswith('db0')
mongo: inventory_hostname in ['db20d', 'db22', 'db23a', 'db30'] mongo: inventory_hostname.startswith('db2') or inventory_hostname.startswith('db3')
consul: inventory_hostname.startswith('db-consul')

2
ansible/inventories/digital_ocean.yml
View file

@ -4,7 +4,7 @@ strict: False
groups: groups:
web: inventory_hostname.startswith('app') web: inventory_hostname.startswith('app')
app: inventory_hostname.startswith('app') app: inventory_hostname.startswith('app')
work: inventory_hostname.startswith('work') and inventory_hostname != "work" # work: inventory_hostname.startswith('work') and inventory_hostname != "work"
node: inventory_hostname.startswith('node') node: inventory_hostname.startswith('node')
# debug: inventory_hostname.startswith('debug') # debug: inventory_hostname.startswith('debug')
db: inventory_hostname.startswith('db') db: inventory_hostname.startswith('db')

18
ansible/provision.yml
View file

@ -1,19 +1,19 @@
--- ---
- import_playbook: setup_app.yml - import_playbook: setup_app.yml
when: "'app' in inventory_hostname" when: "'app' in group_names"
- import_playbook: setup_www.yml - import_playbook: setup_www.yml
when: "'www' in inventory_hostname" when: "'www' in group_names"
- import_playbook: setup_node.yml - import_playbook: setup_node.yml
when: "'node' in inventory_hostname" when: "'node' in group_names"
- import_playbook: setup_postgres.yml - import_playbook: setup_postgres.yml
when: "'postgres' in inventory_hostname" when: "'postgres' in group_names"
- import_playbook: setup_mongo.yml - import_playbook: setup_mongo.yml
when: "'mongo' in inventory_hostname" when: "'mongo' in group_names"
- import_playbook: setup_redis.yml - import_playbook: setup_redis.yml
when: "'redis' in inventory_hostname" when: "'redis' in group_names"
- import_playbook: setup_elasticsearch.yml - import_playbook: setup_elasticsearch.yml
when: "'elasticsearch' in inventory_hostname" when: "'elasticsearch' in group_names"
- import_playbook: setup_task.yml - import_playbook: setup_task.yml
when: "'task' in inventory_hostname" when: "'task' in group_names"
- import_playbook: setup_consul_manager.yml - import_playbook: setup_consul_manager.yml
when: "'consul' in inventory_hostname" when: "'consul' in group_names"

6
ansible/roles/base/tasks/ufw.yml
View file

@ -31,13 +31,17 @@
with_items: with_items:
- 10.0.0.0/8 - 10.0.0.0/8
- debug:
msg: "{{ groups['oldandnew'] | map('extract', hostvars, ['ansible_host']) }}"
tags: firewallx
- name: Allow all access from inventory hosts - name: Allow all access from inventory hosts
become: yes become: yes
ufw: ufw:
rule: allow rule: allow
src: '{{ item }}' src: '{{ item }}'
with_items: "{{ groups['oldandnew'] | map('extract', hostvars, ['ansible_host']) }}" with_items: "{{ groups['oldandnew'] | map('extract', hostvars, ['ansible_host']) }}"
tags: ufwall tags: firewall
- name: Start ufw - name: Start ufw
ufw: state=enabled ufw: state=enabled

4
ansible/setup_app.yml
View file

@ -1,11 +1,11 @@
--- ---
- name: SETUP -> app containers - name: SETUP -> app containers
hosts: app hosts: app
vars_files:
- env_vars/base.yml
vars: vars:
- update_apt_cache: yes - update_apt_cache: yes
- motd_role: app - motd_role: app
vars_files:
- env_vars/base.yml
roles: roles:
- {role: 'base', tags: 'base'} - {role: 'base', tags: 'base'}

2
ansible/setup_postgres.yml
View file

@ -1,12 +1,12 @@
--- ---
- name: SETUP -> postgresql containers - name: SETUP -> postgresql containers
hosts: postgres hosts: postgres
become: true
vars_files: vars_files:
- env_vars/base.yml - env_vars/base.yml
vars: vars:
- update_apt_cache: yes - update_apt_cache: yes
- motd_role: db - motd_role: db
roles: roles:
- {role: 'base', tags: 'base'} - {role: 'base', tags: 'base'}
- {role: 'docker', tags: 'docker'} - {role: 'docker', tags: 'docker'}