Beginning to add consul to old servers.

2025-04-13 09:42:01 +00:00 · 2021-02-18 18:59:00 -05:00 · 2021-02-18 18:59:00 -05:00 · 56cea73a9c
commit 56cea73a9c
parent d498cca9e1
16 changed files with 54 additions and 25 deletions
--- a/ansible.old.cfg
+++ b/ansible.old.cfg
@ -0,0 +1,15 @@
+[defaults]
+host_key_checking = False
+remote_user = sclay
+retry_files_enabled = False
+inventory = /srv/newsblur/ansible/inventories/digital_ocean.old.ini, /srv/newsblur/ansible/inventories/digital_ocean.old.yml
+private_key_file = /srv/secrets-newsblur/keys/newsblur.key
+publickey = /srv/secrets-newsblur/keys/newsblur.key.pub 
+remote_tmp = ~/.ansible/tmp
+forks = 20
+
+[inventory]
+enable_plugins = ini, constructed
+
+[connection]
+pipelining = True
--- a/ansible/common.yml
+++ b/ansible/common.yml
@ -1,6 +1,5 @@
 ---
 - hosts: all
-  remote_user: nb
  vars:
    - update_apt_cache: yes
  vars_files:
--- a/ansible/deploy_app.yml
+++ b/ansible/deploy_app.yml
@ -1,6 +1,5 @@
 ---
 - hosts: app,node
-  remote_user: nb
  gather_facts: false
  vars_files:
    - env_vars/base.yml
--- a/ansible/generate.py
+++ b/ansible/generate.py
@ -6,8 +6,14 @@ import sys
 import subprocess
 import digitalocean

+OLD = False
+# Uncomment below line to use existing servers
+# OLD = True
+
+if OLD:
+    TOKEN_FILE = "/srv/secrets-newsblur/keys/digital_ocean.readprod.token"
+else:
    TOKEN_FILE = "/srv/secrets-newsblur/keys/digital_ocean.token"
-# TOKEN_FILE = "/srv/secrets-newsblur/keys/digital_ocean.readprod.token"

 try:
    api_token = open(TOKEN_FILE, 'r').read().strip()
@ -15,7 +21,7 @@ except IOError:
    print(f" ---> Missing Digital Ocean API token: {TOKEN_FILE}")
    exit()

-outfile = "/srv/newsblur/ansible/inventories/digital_ocean.ini"
+outfile = f"/srv/newsblur/ansible/inventories/digital_ocean{'.old' if OLD else ''}.ini"

 # Install from https://github.com/do-community/do-ansible-inventory/releases
 ansible_inventory_cmd = f'do-ansible-inventory -t {api_token} --out {outfile}'
--- a/ansible/inventories/digital_ocean.old.yml
+++ b/ansible/inventories/digital_ocean.old.yml
@ -0,0 +1,15 @@
+plugin: constructed
+strict: False
+
+groups:
+  web: inventory_hostname.startswith('app')
+  app: inventory_hostname.startswith('app')
+  node: inventory_hostname.startswith('node')
+  db: inventory_hostname.startswith('db')
+  task: inventory_hostname.startswith('task')
+  search: inventory_hostname.startswith('db-elasticsearch')
+  elasticsearch: inventory_hostname.startswith('db-elasticsearch')
+  redis: inventory_hostname.startswith('db-redis')
+  postgres: inventory_hostname.startswith('db-postgres')
+  mongo: inventory_hostname.startswith('db-mongo')
+  consul: inventory_hostname.startswith('db-consul')
--- a/ansible/roles/web/tasks/main.yml
+++ b/ansible/roles/web/tasks/main.yml
@ -1,4 +1,16 @@
 ---
+- name: Allow haproxy stats port
+  ufw: rule=allow port={{ item }}
+  become: yes
+  tags: ufw
+  with_items:
+    - "8000"
+
+- name: Copy app secrets
+  copy:
+    src: /srv/secrets-newsblur/settings/docker_settings.py
+    dest: /srv/newsblur/newsblur_web/local_settings.py
+
 - name: Start NewsBlur Web Docker container
  become: yes
  docker_container:
@ -6,22 +18,14 @@
    image: newsblur/newsblur_python3
    container_default_behavior: no_defaults
    env:
-      DOCKERBUILD: "True"
+      DOCKERBUILD: ""
    state: started
    command: gunicorn --bind :8000 newsblur_web.wsgi:application
-    ports:
-      - "8000:8000"
-    expose:
-      - "8000"
+    network_mode: host
    restart_policy: unless-stopped
    volumes:
      - /srv/newsblur:/srv/newsblur

- name: Copy app secrets
-  copy:
-    src: /srv/secrets-newsblur/settings/app_settings.py
-    dest: /srv/newsblur/newsblur_web/local_settings.py
-
 - name: Register web app in consul
  become: yes
  template:
--- a/ansible/setup_app.yml
+++ b/ansible/setup_app.yml
@ -1,7 +1,6 @@
 ---
 - name: SETUP -> app containers
  hosts: app
-  remote_user: nb
  vars:
    - update_apt_cache: yes
    - motd_role: app
--- a/ansible/setup_consul_manager.yml
+++ b/ansible/setup_consul_manager.yml
@ -1,7 +1,6 @@
 ---
 - name: SETUP -> consul manager containers
  hosts: db-consul
-  remote_user: nb
  vars:
    - update_apt_cache: yes
    - motd_role: db
--- a/ansible/setup_elasticsearch.yml
+++ b/ansible/setup_elasticsearch.yml
@ -1,7 +1,6 @@
 ---
 - name: SETUP -> elasticsearch containers
  hosts: elasticsearch
-  remote_user: nb
  vars:
    - update_apt_cache: yes
    - motd_role: db
--- a/ansible/setup_mongo.yml
+++ b/ansible/setup_mongo.yml
@ -1,7 +1,6 @@
 ---
 - name: SETUP -> mongo containers
  hosts: mongo
-  remote_user: nb
  vars:
    - update_apt_cache: yes
    - motd_role: db
--- a/ansible/setup_node.yml
+++ b/ansible/setup_node.yml
@ -1,7 +1,6 @@
 ---
 - name: SETUP -> node containers
  hosts: node
-  remote_user: nb
  become: true
  vars_files:
    - env_vars/base.yml
--- a/ansible/setup_postgres.yml
+++ b/ansible/setup_postgres.yml
@ -1,7 +1,6 @@
 ---
 - name: SETUP -> postgresql containers
  hosts: postgres
-  remote_user: nb
  become: true
  vars_files:
    - env_vars/base.yml
--- a/ansible/setup_redis.yml
+++ b/ansible/setup_redis.yml
@ -1,7 +1,6 @@
 ---
 - name: SETUP -> redis containers
  hosts: redis
-  remote_user: nb
  vars:
    - update_apt_cache: yes
    - motd_role: db
--- a/ansible/setup_task.yml
+++ b/ansible/setup_task.yml
@ -1,7 +1,6 @@
 ---
 - name: SETUP -> task containers
  hosts: task
-  remote_user: nb
  vars_files:
    - env_vars/base.yml
  vars:
--- a/ansible/setup_www.yml
+++ b/ansible/setup_www.yml
@ -1,7 +1,6 @@
 ---
 - name: SETUP -> www containers
  hosts: www
-  remote_user: nb
  vars:
    - update_apt_cache: yes
    - motd_role: app
--- a/docker/newsblur_base_image.Dockerfile
+++ b/docker/newsblur_base_image.Dockerfile
@ -1,4 +1,4 @@
-FROM       python:3.7-slim
+FROM       python:3.9-slim
 WORKDIR   /srv/newsblur
 ENV       PYTHONPATH=/srv/newsblur
 COPY      config/requirements.txt /srv/newsblur/