From 56cea73a9cf6dd5926fdd3824d54b43d1e3c913c Mon Sep 17 00:00:00 2001 From: Samuel Clay Date: Thu, 18 Feb 2021 18:59:00 -0500 Subject: [PATCH] Beginning to add consul to old servers. --- ansible.old.cfg | 15 ++++++++++++++ ansible/common.yml | 1 - ansible/deploy_app.yml | 1 - ansible/generate.py | 12 +++++++++--- ansible/inventories/digital_ocean.old.yml | 15 ++++++++++++++ ansible/roles/web/tasks/main.yml | 24 +++++++++++++---------- ansible/setup_app.yml | 1 - ansible/setup_consul_manager.yml | 1 - ansible/setup_elasticsearch.yml | 1 - ansible/setup_mongo.yml | 1 - ansible/setup_node.yml | 1 - ansible/setup_postgres.yml | 1 - ansible/setup_redis.yml | 1 - ansible/setup_task.yml | 1 - ansible/setup_www.yml | 1 - docker/newsblur_base_image.Dockerfile | 2 +- 16 files changed, 54 insertions(+), 25 deletions(-) create mode 100644 ansible.old.cfg create mode 100644 ansible/inventories/digital_ocean.old.yml diff --git a/ansible.old.cfg b/ansible.old.cfg new file mode 100644 index 000000000..fa5b9aee5 --- /dev/null +++ b/ansible.old.cfg @@ -0,0 +1,15 @@ +[defaults] +host_key_checking = False +remote_user = sclay +retry_files_enabled = False +inventory = /srv/newsblur/ansible/inventories/digital_ocean.old.ini, /srv/newsblur/ansible/inventories/digital_ocean.old.yml +private_key_file = /srv/secrets-newsblur/keys/newsblur.key +publickey = /srv/secrets-newsblur/keys/newsblur.key.pub +remote_tmp = ~/.ansible/tmp +forks = 20 + +[inventory] +enable_plugins = ini, constructed + +[connection] +pipelining = True diff --git a/ansible/common.yml b/ansible/common.yml index dbe0c3e40..197512190 100644 --- a/ansible/common.yml +++ b/ansible/common.yml @@ -1,6 +1,5 @@ --- - hosts: all - remote_user: nb vars: - update_apt_cache: yes vars_files: diff --git a/ansible/deploy_app.yml b/ansible/deploy_app.yml index b8d8618dc..a1adfce3e 100644 --- a/ansible/deploy_app.yml +++ b/ansible/deploy_app.yml @@ -1,6 +1,5 @@ --- - hosts: app,node - remote_user: nb gather_facts: false vars_files: - env_vars/base.yml diff --git a/ansible/generate.py b/ansible/generate.py index 99a9751a4..1a70a452c 100755 --- a/ansible/generate.py +++ b/ansible/generate.py @@ -6,8 +6,14 @@ import sys import subprocess import digitalocean -TOKEN_FILE = "/srv/secrets-newsblur/keys/digital_ocean.token" -# TOKEN_FILE = "/srv/secrets-newsblur/keys/digital_ocean.readprod.token" +OLD = False +# Uncomment below line to use existing servers +# OLD = True + +if OLD: + TOKEN_FILE = "/srv/secrets-newsblur/keys/digital_ocean.readprod.token" +else: + TOKEN_FILE = "/srv/secrets-newsblur/keys/digital_ocean.token" try: api_token = open(TOKEN_FILE, 'r').read().strip() @@ -15,7 +21,7 @@ except IOError: print(f" ---> Missing Digital Ocean API token: {TOKEN_FILE}") exit() -outfile = "/srv/newsblur/ansible/inventories/digital_ocean.ini" +outfile = f"/srv/newsblur/ansible/inventories/digital_ocean{'.old' if OLD else ''}.ini" # Install from https://github.com/do-community/do-ansible-inventory/releases ansible_inventory_cmd = f'do-ansible-inventory -t {api_token} --out {outfile}' diff --git a/ansible/inventories/digital_ocean.old.yml b/ansible/inventories/digital_ocean.old.yml new file mode 100644 index 000000000..2bd203b24 --- /dev/null +++ b/ansible/inventories/digital_ocean.old.yml @@ -0,0 +1,15 @@ +plugin: constructed +strict: False + +groups: + web: inventory_hostname.startswith('app') + app: inventory_hostname.startswith('app') + node: inventory_hostname.startswith('node') + db: inventory_hostname.startswith('db') + task: inventory_hostname.startswith('task') + search: inventory_hostname.startswith('db-elasticsearch') + elasticsearch: inventory_hostname.startswith('db-elasticsearch') + redis: inventory_hostname.startswith('db-redis') + postgres: inventory_hostname.startswith('db-postgres') + mongo: inventory_hostname.startswith('db-mongo') + consul: inventory_hostname.startswith('db-consul') diff --git a/ansible/roles/web/tasks/main.yml b/ansible/roles/web/tasks/main.yml index d6f2b4746..7b034d8c1 100644 --- a/ansible/roles/web/tasks/main.yml +++ b/ansible/roles/web/tasks/main.yml @@ -1,4 +1,16 @@ --- +- name: Allow haproxy stats port + ufw: rule=allow port={{ item }} + become: yes + tags: ufw + with_items: + - "8000" + +- name: Copy app secrets + copy: + src: /srv/secrets-newsblur/settings/docker_settings.py + dest: /srv/newsblur/newsblur_web/local_settings.py + - name: Start NewsBlur Web Docker container become: yes docker_container: @@ -6,22 +18,14 @@ image: newsblur/newsblur_python3 container_default_behavior: no_defaults env: - DOCKERBUILD: "True" + DOCKERBUILD: "" state: started command: gunicorn --bind :8000 newsblur_web.wsgi:application - ports: - - "8000:8000" - expose: - - "8000" + network_mode: host restart_policy: unless-stopped volumes: - /srv/newsblur:/srv/newsblur -- name: Copy app secrets - copy: - src: /srv/secrets-newsblur/settings/app_settings.py - dest: /srv/newsblur/newsblur_web/local_settings.py - - name: Register web app in consul become: yes template: diff --git a/ansible/setup_app.yml b/ansible/setup_app.yml index ddafbcdb0..9fdfdb772 100644 --- a/ansible/setup_app.yml +++ b/ansible/setup_app.yml @@ -1,7 +1,6 @@ --- - name: SETUP -> app containers hosts: app - remote_user: nb vars: - update_apt_cache: yes - motd_role: app diff --git a/ansible/setup_consul_manager.yml b/ansible/setup_consul_manager.yml index b81545391..dbc16efa9 100644 --- a/ansible/setup_consul_manager.yml +++ b/ansible/setup_consul_manager.yml @@ -1,7 +1,6 @@ --- - name: SETUP -> consul manager containers hosts: db-consul - remote_user: nb vars: - update_apt_cache: yes - motd_role: db diff --git a/ansible/setup_elasticsearch.yml b/ansible/setup_elasticsearch.yml index 0ab456431..063153add 100644 --- a/ansible/setup_elasticsearch.yml +++ b/ansible/setup_elasticsearch.yml @@ -1,7 +1,6 @@ --- - name: SETUP -> elasticsearch containers hosts: elasticsearch - remote_user: nb vars: - update_apt_cache: yes - motd_role: db diff --git a/ansible/setup_mongo.yml b/ansible/setup_mongo.yml index a0272e7fa..13574cbc1 100644 --- a/ansible/setup_mongo.yml +++ b/ansible/setup_mongo.yml @@ -1,7 +1,6 @@ --- - name: SETUP -> mongo containers hosts: mongo - remote_user: nb vars: - update_apt_cache: yes - motd_role: db diff --git a/ansible/setup_node.yml b/ansible/setup_node.yml index a5c92de80..bd5972982 100644 --- a/ansible/setup_node.yml +++ b/ansible/setup_node.yml @@ -1,7 +1,6 @@ --- - name: SETUP -> node containers hosts: node - remote_user: nb become: true vars_files: - env_vars/base.yml diff --git a/ansible/setup_postgres.yml b/ansible/setup_postgres.yml index 902e35c07..ad22dcb46 100644 --- a/ansible/setup_postgres.yml +++ b/ansible/setup_postgres.yml @@ -1,7 +1,6 @@ --- - name: SETUP -> postgresql containers hosts: postgres - remote_user: nb become: true vars_files: - env_vars/base.yml diff --git a/ansible/setup_redis.yml b/ansible/setup_redis.yml index 70b21b1bb..17d504b66 100644 --- a/ansible/setup_redis.yml +++ b/ansible/setup_redis.yml @@ -1,7 +1,6 @@ --- - name: SETUP -> redis containers hosts: redis - remote_user: nb vars: - update_apt_cache: yes - motd_role: db diff --git a/ansible/setup_task.yml b/ansible/setup_task.yml index 1d39cf9bd..ecfef7509 100644 --- a/ansible/setup_task.yml +++ b/ansible/setup_task.yml @@ -1,7 +1,6 @@ --- - name: SETUP -> task containers hosts: task - remote_user: nb vars_files: - env_vars/base.yml vars: diff --git a/ansible/setup_www.yml b/ansible/setup_www.yml index f0b5d5e2b..20df7cd39 100644 --- a/ansible/setup_www.yml +++ b/ansible/setup_www.yml @@ -1,7 +1,6 @@ --- - name: SETUP -> www containers hosts: www - remote_user: nb vars: - update_apt_cache: yes - motd_role: app diff --git a/docker/newsblur_base_image.Dockerfile b/docker/newsblur_base_image.Dockerfile index edd90a594..1a1f7a5e6 100644 --- a/docker/newsblur_base_image.Dockerfile +++ b/docker/newsblur_base_image.Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.7-slim +FROM python:3.9-slim WORKDIR /srv/newsblur ENV PYTHONPATH=/srv/newsblur COPY config/requirements.txt /srv/newsblur/