apricote/home-cloud
1
0
Fork 0
mirror of https://github.com/apricote/home-cloud.git synced 2026-01-13 13:01:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

ansible setup

Browse source
This commit is contained in:
Julian Tölle 2019-05-12 20:57:52 +02:00
parent 42ec743a00
commit 2a2d951971
24 changed files with 167 additions and 430 deletions
Download patch file Download diff file Expand all files Collapse all files

42
main.tf
View file

@ -1,11 +1,37 @@
module bitwarden {
source = "services/bitwarden"
location = "${var.hcloud_location}"
ssh_key_id = "${hcloud_ssh_key.terraform.id}"
bitwarden_admin_email = "${var.admin_email}"
resource hcloud_server control {
count = 3
name = "control${count.index}"
image = "ubuntu-18.04"
server_type = "cx21"
}
variable admin_email {
type = "string"
resource hcloud_server compute {
count = 3
name = "compute${count.index}"
image = "ubuntu-18.04"
server_type = "cx21"
}
data "template_file" "ansible_inventory" {
template = "${file("${path.module}/templates/ansible_inventory.cfg")}"
depends_on = [
"hcloud_server.control",
"hcloud_server.compute",
]
vars {
control = "${join("\n", hcloud_server.control.*.ipv4_address)}"
compute = "${join("\n", hcloud_server.compute.*.ipv4_address)}"
}
}
resource "null_resource" "ansible_inventory" {
triggers {
template_rendered = "${data.template_file.ansible_inventory.rendered}"
}
provisioner "local-exec" {
command = "echo '${data.template_file.ansible_inventory.rendered}' > ansible_inventory"
}
}

20
modules/docker_node/main.tf
View file

@ -1,20 +0,0 @@
resource "hcloud_server" "node" {
name = "${var.name}"
image = "${var.image}"
server_type = "${var.server_type}"
location = "${var.location}"
ssh_keys = ["${var.ssh_key_id}"]
connection {
private_key = "${file("./keys/id_terraform")}"
}
provisioner "remote-exec" {
scripts = [
"modules/docker_node/scripts/wait-cloud-init.sh",
"modules/docker_node/scripts/install-docker.sh",
"modules/docker_node/scripts/install-docker-compose.sh",
]
}
}

7
modules/docker_node/outputs.tf
View file

@ -1,7 +0,0 @@
output ip {
value = "${hcloud_server.node.ipv4_address}"
}
output id {
value = "${hcloud_server.node.id}"
}

3
modules/docker_node/scripts/install-docker-compose.sh
View file

@ -1,3 +0,0 @@
curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version

28
modules/docker_node/scripts/install-docker.sh
View file

@ -1,28 +0,0 @@
#!/bin/bash
set -e
# Source: https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-using-the-repository
echo "# apt-get update"
apt-get update
echo "# apt-get upgrade -y"
DEBIAN_FRONTEND='noninteractive' apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade
# Add Repository
echo "# apt-get install"
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
echo "# apt-get update"
apt-get update
# Install Docker
echo "# apt-get install docker-ce"
apt-get install -y docker-ce

13
modules/docker_node/scripts/wait-cloud-init.sh
View file

@ -1,13 +0,0 @@
# cloud-init is running at boot time and blocking access to apt.
# Before doing anything we should wait for it to finish.
# cloud-init creates a file after finishing boot.
echo "Waiting for cloud-init to finish provisioning the instance."
while [ ! -f /var/lib/cloud/instance/boot-finished ]
do
echo "#"
sleep 2
done
# Wait some more to be sure
sleep 10

22
modules/docker_node/vars.tf
View file

@ -1,22 +0,0 @@
variable name {
type = "string"
}
variable image {
type = "string"
default = "ubuntu-18.04"
}
variable server_type {
type = "string"
default = "cx11"
}
variable location {
type = "string"
default = "nbg1"
}
variable ssh_key_id {
type = "string"
}

4
modules/floating_ip/files/99-floating.cfg
View file

@ -1,4 +0,0 @@
auto eth0:1
iface eth0:1 inet static
address ${FLOATING_IP}
netmask 255.255.255.255

48
modules/floating_ip/main.tf
View file

@ -1,48 +0,0 @@
#################
### IP ADDRESS ##
#################
resource hcloud_floating_ip main {
type = "${var.type}"
description = "${var.host}"
home_location = "${var.location}"
}
resource "hcloud_rdns" "main" {
floating_ip_id = "${hcloud_floating_ip.main.id}"
ip_address = "${hcloud_floating_ip.main.ip_address}"
dns_ptr = "${var.host}"
}
###################################
### ASSIGNMENT AND PROVISIONING ###
###################################
data "template_file" "network_config" {
template = "${file("modules/floating_ip/files/99-floating.cfg")}"
vars {
FLOATING_IP = "${hcloud_floating_ip.main.ip_address}"
}
}
resource hcloud_floating_ip_assignment main {
floating_ip_id = "${hcloud_floating_ip.main.id}"
server_id = "${var.server_id}"
connection = {
host = "${var.server_ip}"
private_key = "${file("keys/id_terraform")}"
}
provisioner file {
content = "${data.template_file.network_config.rendered}"
destination = "/etc/network/interfaces.d/99-floating.cfg"
}
provisioner remote-exec {
inline = [
"ifdown eth0:1 ; ifup eth0:1",
]
}
}

3
modules/floating_ip/outputs.tf
View file

@ -1,3 +0,0 @@
output ip {
value = "${hcloud_floating_ip.main.ip_address}"
}

21
modules/floating_ip/vars.tf
View file

@ -1,21 +0,0 @@
variable host {
type = "string"
}
variable type {
type = "string"
default = "ipv4"
}
variable server_id {
type = "string"
}
variable server_ip {
type = "string"
}
variable location {
type = "string"
default = "nbg1"
}

3
output.tf
View file

@ -1,3 +0,0 @@
output bitwarden_ip {
value = "${module.bitwarden.ip}"
}

46
services/bitwarden/files/docker-compose.yaml
View file

@ -1,46 +0,0 @@
version: "2.1"
services:
traefik:
image: traefik:1.7
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${INSTALL_DIR}/traefik.toml:/traefik.toml
- ${INSTALL_DIR}/acme.json:/acme.json
container_name: traefik
bitwarden:
image: mprasil/bitwarden:latest
restart: always
expose:
- "80"
- "3012"
networks:
- web
volumes:
- ${BITWARDEN_DATA_DIR}/:/data/
environment:
SIGNUPS_ALLOWED: "false"
SERVER_ADMIN_EMAIL: "${BITWARDEN_ADMIN_EMAIL}"
labels:
- "traefik.frontend.rule=Host:${HOST}"
- "traefik.docker.network=web"
- "traefik.port=80"
- "traefik.enable=true"
- "traefik.web.frontend.rule=Host:${HOST}"
- "traefik.web.port=80"
- "traefik.hub.frontend.rule=Path:/notifications/hub"
- "traefik.hub.port=3012"
- "traefik.negotiate.frontend.rule=Path:/notifications/hub/negotiate"
- "traefik.negotiate.port=80"
container_name: bitwarden
networks:
web:
name: web

28
services/bitwarden/files/traefik.toml
View file

@ -1,28 +0,0 @@
debug = true
logLevel = "INFO"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
[acme]
email = "julian.toelle97@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

134
services/bitwarden/main.tf
View file

@ -1,134 +0,0 @@
##########
## NODE ##
##########
module "node" {
source = "../../modules/docker_node"
name = "${var.name}"
ssh_key_id = "${var.ssh_key_id}"
}
############
## VOLUME ##
############
resource "hcloud_volume" "data" {
name = "${var.volume_name}"
size = "${var.volume_size}"
location = "${var.location}"
format = "ext4"
}
resource hcloud_volume_attachment "data" {
volume_id = "${hcloud_volume.data.id}"
server_id = "${module.node.id}"
automount = true
}
resource null_resource "start-stop-bitwarden" {
# This resource is responsible for starting and stopping Bitwarden before
# changing volume assignments. This should avoid data corruption.
depends_on = ["hcloud_volume_attachment.data", "null_resource.install-bitwarden"]
triggers = {
id = "${hcloud_volume_attachment.data.id}"
}
connection = {
host = "${module.node.ip}"
private_key = "${file("keys/id_terraform")}"
}
provisioner remote-exec {
# Stop bitwarden container before unmounting data volume
when = "destroy"
inline = [
"echo Stopping Bitwarden",
"docker stop bitwarden",
]
}
provisioner remote-exec {
# Start bitwarden after mounting new volume
inline = [
"echo Starting Bitwarden",
"cd ${local.install_dir}",
"docker-compose up -d",
]
}
}
################
## IP ADDRESS ##
################
module floating_ip {
source = "../../modules/floating_ip"
location = "${var.location}"
host = "${var.host}"
server_id = "${module.node.id}"
server_ip = "${module.node.ip}"
}
#################
## APPLICATION ##
#################
data "template_file" "compose" {
template = "${file("services/bitwarden/files/docker-compose.yaml")}"
vars = {
INSTALL_DIR = "${local.install_dir}"
BITWARDEN_DATA_DIR = "${local.bitwarden_data_dir}"
BITWARDEN_ADMIN_EMAIL = "${var.bitwarden_admin_email}"
HOST = "${var.host}"
}
}
resource "null_resource" "install-bitwarden" {
depends_on = ["module.node", "hcloud_volume_attachment.data"]
triggers {
node_id = "${module.node.id}"
volume_id = "${hcloud_volume.data.id}"
docker_compose = "${sha1(data.template_file.compose.rendered)}"
traefik_config = "${sha1(file("services/bitwarden/files/traefik.toml"))}"
}
connection = {
host = "${module.node.ip}"
private_key = "${file("keys/id_terraform")}"
}
provisioner remote-exec {
inline = [
"mkdir -p ${local.install_dir}",
"touch ${local.install_dir}/acme.json",
"chmod 600 ${local.install_dir}/acme.json",
]
}
provisioner file {
content = "${data.template_file.compose.rendered}"
destination = "${local.install_dir}/docker-compose.yaml"
}
provisioner file {
source = "services/bitwarden/files/traefik.toml"
destination = "${local.install_dir}/traefik.toml"
}
provisioner remote-exec {
inline = [
"cd ${local.install_dir}",
"docker-compose pull",
"docker-compose up -d",
]
}
}

3
services/bitwarden/output.tf
View file

@ -1,3 +0,0 @@
output ip {
value = "${module.floating_ip.ip}"
}

39
services/bitwarden/vars.tf
View file

@ -1,39 +0,0 @@
variable location {
type = "string"
default = "nbg1"
}
variable ssh_key_id {
type = "string"
}
variable volume_size {
type = "string"
default = 10
}
variable name {
type = "string"
default = "bitwarden"
}
variable volume_name {
type = "string"
default = "bitwarden-data"
}
variable host {
type = "string"
default = "bitwarden.apricote.de"
}
variable bitwarden_admin_email {
type = "string"
}
locals = {
volume_path = "/mnt/${var.volume_name}"
install_dir = "/opt/${var.name}"
bitwarden_data_dir = "${local.volume_path}"
}

8
templates/ansible_inventory.cfg Normal file
View file

@ -0,0 +1,8 @@
[kube-master]
${control}
[etcd]
${control}
[kube-node]
${compute}

14
terraform_provider_test/Makefile Normal file
View file

@ -0,0 +1,14 @@
TF=terraform
TFFLAGS=-var-file=credentials.tfvars
apply: init
$(TF) apply $(TFFLAGS)
plan: init
$(TF) plan $(TFFLAGS)
destroy: init
$(TF) destroy $(TFFLAGS)
init:
$(TF) init

60
terraform_provider_test/cluster.tf Normal file
View file

@ -0,0 +1,60 @@
resource "rancher2_cluster" "sandbox" {
name = "sandbox"
description = "home-cloud sandbox cluster"
kind = "rke"
rke_config {
network {
plugin = "canal"
}
kubernetes_version = "v1.13.4-rancher1-1"
addons = <<ADDONS
apiVersion: v1
kind: Secret
metadata:
name: hcloud-csi
namespace: kube-system
stringData:
token: ${var.hcloud_token}
---
apiVersion: v1
kind: Secret
metadata:
name: hcloud
namespace: kube-system
stringData:
token: ${var.hcloud_token}
ADDONS
addons_include = [
"https://raw.githubusercontent.com/kubernetes/csi-api/release-1.13/pkg/crd/manifests/csidriver.yaml",
"https://raw.githubusercontent.com/kubernetes/csi-api/release-1.13/pkg/crd/manifests/csinodeinfo.yaml",
"https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml",
"https://raw.githubusercontent.com/hetznercloud/hcloud-cloud-controller-manager/master/deploy/v1.2.0.yaml",
]
}
}
resource "rancher2_node_pool" "control" {
cluster_id = "${rancher2_cluster.sandbox.id}"
name = "control"
hostname_prefix = "control"
node_template_id = "user-x5qrl:nt-mdfr7"
quantity = 1
control_plane = true
etcd = true
worker = false
}
resource "rancher2_node_pool" "compute" {
cluster_id = "${rancher2_cluster.sandbox.id}"
name = "compute"
hostname_prefix = "compute"
node_template_id = "user-x5qrl:nt-mdfr7"
quantity = 1
control_plane = false
etcd = false
worker = true
}

19
terraform_provider_test/nodes.tf Normal file
View file

@ -0,0 +1,19 @@
resource rancher2_node_driver hcloud {
active = true
builtin = false
description = "Hetzner Cloud"
external_id = "hcloud"
name = "hetzner"
ui_url = "https://storage.googleapis.com/hcloud-rancher-v2-ui-driver/component.js"
url = "https://github.com/JonasProgrammer/docker-machine-driver-hetzner/releases/download/1.2.2/docker-machine-driver-hetzner_1.2.2_linux_amd64.tar.gz"
whitelist_domains = ["storage.googleapis.com"]
}
resource hcloud_floating_ip cluster {
type = "ipv4"
home_location = "${var.hcloud_location}"
}
output cluster_ip {
value = "${hcloud_floating_ip.cluster.ip_address}"
}

12
terraform_provider_test/provider_hcloud.tf Normal file
View file

@ -0,0 +1,12 @@
# Set the variable value in *.tfvars file
# or using -var="hcloud_token=..." CLI option
variable "hcloud_token" {}
variable "hcloud_location" {}
# Configure the Hetzner Cloud Provider
provider "hcloud" {
version = "~> 1.7.0"
token = "${var.hcloud_token}"
}

17
terraform_provider_test/provider_rancher2.tf Normal file
View file

@ -0,0 +1,17 @@
variable "rancher2_api_url" {
type = "string"
}
variable "rancher2_access_key" {
type = "string"
}
variable "rancher2_secret_key" {
type = "string"
}
provider "rancher2" {
api_url = "${var.rancher2_api_url}"
access_key = "${var.rancher2_access_key}"
secret_key = "${var.rancher2_secret_key}"
}

3
terraform_provider_test/terraform.tfvars Normal file
View file

@ -0,0 +1,3 @@
rancher2_api_url = "https://rancher.apricote.de/v3"
hcloud_location = "nbg1"