Commit a5b05fe8 authored by Carlos Torres's avatar Carlos Torres
Browse files

Allow sc_pack:v2, sc_pack:v1 remains on the sc_apck_v1 branch.

parent a5fc0dff
......@@ -8,6 +8,8 @@
when: "run_install_requirements == True"
- role: install_haproxy
when: "True == run_install_haproxy"
- role: install_sc_pack
when: "True == run_install_sc_pack"
- role: install_prometheus_node_exporter
when: "True == run_install_prometheus_node_exporter"
- role: install_haproxy_exporter
......
......@@ -5,6 +5,7 @@
- install_packages
- install_requirements
- install_haproxy
- install_sc_pack
- install_accelerator_client
- role: install_prometheus_node_exporter
when: "True == run_install_prometheus_node_exporter"
......
run_install_packages: True # True or False
run_install_requirements: True # True or False
run_install_sc_pack: True # True or False
run_install_haproxy: True # True or False
run_install_prometheus_node_exporter: False # True or False
run_install_haproxy_exporter: False # True or False
......@@ -13,12 +14,9 @@ domains:
api_access_token: <your_authentication_token>
deployment_tags: "<a comma separated string e.g demo-example,domain2>"
sc_pack_version: sc_pack-0.1.907-py3-none-any.whl
installers_dir: /srv/installers
haproxy_auth_pass: "<your haproxy pass>"
prometheus_node_exporter_port: 9112
haproxy_exporter_port: 9101
haproxyconfig_option: "option-2" # option-1 or option-2, or option-3, or option-4
deployments:
instance_1:
deployment_name: deployment_A # It is used for sc_pack service name, must be unique.
......@@ -48,3 +46,6 @@ deployments:
google_recaptcha_site_key: <your_google_recaptcha_site_key>
google_recaptcha_site_secret: <your_google_recaptcha_site_secret>
transit_encryption_key: <your_transit_encryption_key>
installers_dir: /srv/installers
prometheus_node_exporter_port: 9112
haproxy_exporter_port: 9101
#!/bin/bash
# checks that the deployment_name only contains letters, numbers and underscore.
set -e
DEPLOYMENTSNAME=$1
regexpDeploymentsNames="^[[:alnum:]_]*$"
if ! [[ $DEPLOYMENTSNAME =~ $regexpDeploymentsNames ]]; then
echo "FAILED: Checking variables, deployment_name: $DEPLOYMENTSNAME is incorrectly. Only letters, numbers and underscore are allowed. Example: deployment_A."
exit 0
fi
echo "Success"
exit 0
#!/bin/bash
# checks that the path deployments-install_dir only contains slash, letters, numbers and underscore.
# It should be an absolute path.
set -e
INSTALLDIR=$1
regexpINSTALLDIRS="^\/[[:alnum:]_\/]*$"
echo "data: $INSTALLDIR"
if ! [[ $INSTALLDIR =~ $regexpINSTALLDIRS ]]; then
echo "FAILED: Checking variables, install_dir: $INSTALLDIR is incorrectly. Should provide an absolute path, slash, letters, numbers and underscore are allowed. Example /srv/deployment_A."
exit 0
fi
echo "Success"
exit 0
......@@ -2,25 +2,25 @@
set -e
echo "Installing sc_pack"
echo "Creating deploy"
DEPLOY=$1
INSTALLERS_DIR=$2
INSTALL_DIR=$3
SC_PACK_VERSION=$4
HTTPPORT=$5
HTTPSPORT=$6
HUMANITYVALIDATORPORT=$7
APIACCESSSTOKEN=$8
DEPLOYMENTSITELONGNAME=$9
DEPLOYMENTSITELONGNAMESECRET=${10}
HTTPPORT=$4
HTTPSPORT=$5
HUMANITYVALIDATORPORT=$6
APIACCESSSTOKEN=$7
DEPLOYMENTSITELONGNAME=$8
DEPLOYMENTSITELONGNAMESECRET=$9
SERVICE_NAME=$1
SC_PACK_CONFIG="/srv/inventory/$DEPLOY"
chown shimmercat:shimmercat /srv
# TODO all inside try catch, error -> echo "FAILED: error.." and exit 0
sc_pack create -f $SC_PACK_CONFIG"/sc_pack.conf.yaml"
systemctl link $INSTALL_DIR"/.sc_pack-rkt/sc-"$SERVICE_NAME".service"
......@@ -69,7 +69,7 @@ echo "Http port: $HTTPPORT" >> $INVENTORYDIR/$SERVERINVENTORY
echo "Https port: $HTTPSPORT" >> $INVENTORYDIR/$SERVERINVENTORY
echo "Humanity validator port: $HUMANITYVALIDATORPORT" >> $INVENTORYDIR/$SERVERINVENTORY
echo "Api access token: $APIACCESSSTOKEN" >> $INVENTORYDIR/$SERVERINVENTORY
echo "Deployment site long name: $DEPLOYMENTSITELONGNAME" >> $INVENTORYDIR/$SERVERINVENTORY
echo "Deployment site long secret: $DEPLOYMENTSITELONGNAMESECRET" >> $INVENTORYDIR/$SERVERINVENTORY
echo $'\n' >> $INVENTORYDIR/$SERVERINVENTORY
echo "Success"
exit 0
---
# This task checks that the deployment_name only contains letters, numbers and underscore.
# If not, the whole process is stopped.
- name: checking_deployments_names
script: "{{ role_path }}/files/checking_deployments_names.sh '{{ item }}'"
register: check_deployment_names
- debug: var=check_deployment_names.stdout
- fail:
msg: "{{ check_deployment_names.stdout }}"
when: "'FAILED' in check_deployment_names.stdout"
---
# This task checks that the path deployments-install_dir only contains slash, letters, numbers and underscore.
# It should be an absolute path.
# If not, the whole process is stopped.
- name: checking_install_dirs
script: "{{ role_path }}/files/checking_install_dirs.sh '{{ item }}'"
register: check_install_dirs
- debug: var=check_install_dirs.stdout
- fail:
msg: "{{ check_install_dirs.stdout }}"
when: "'FAILED' in check_install_dirs.stdout"
......@@ -12,9 +12,19 @@
humanity_validator_port_list: "{{ humanity_validator_port_list | default([]) }} + [ '{{ item.value['humanity_validator_port'] }}' ]"
deployments_dirs: "{{ deployments_dirs | default([]) }} + [ '{{ item.value['install_dir'] }}' ]"
sc_pack_config_dir_list: "{{ sc_pack_config_dir_list | default([]) }} + [ '/srv/inventory/{{ item.value['deployment_name'] }}' ]"
services_name: "{{ services_name | default([]) }} + [ '{{ item.value['deployment_name'] }}' ]"
deployment_names: "{{ deployment_names | default([]) }} + [ '{{ item.value['deployment_name'] }}' ]"
with_dict: "{{ deployments }}"
- name: Include task checking_deployments_names
include_tasks: "{{ role_path }}/tasks/checking_deployments_names.yml"
with_items:
- "{{ deployment_names }}"
- name: Include task checking_install_dirs
include_tasks: "{{ role_path }}/tasks/checking_install_dirs.yml"
with_items:
- "{{ install_dir_list }}"
- name: Check variables
script: "{{ role_path }}/files/checking.sh '{{ ansible_host }}' '{{ domains|join(' ') }}' '{{ api_access_token }}'"
register: check_variables
......@@ -23,21 +33,17 @@
- fail:
msg: "{{check_variables.stdout}}"
when: "'FAILED' in check_vyariables.stdout"
when: "'FAILED' in check_variables.stdout"
- name: Check if allow install
script: "{{ role_path }}/files/check_variables.sh '{{ domains|join(' ') }}' '{{ install_dir_list|join(' ') }}' '{{ http_port_list|join(' ') }}' '{{ https_port_list|join(' ') }}' '{{ humanity_validator_port_list|join(' ') }}' '{{ api_access_token }}'"
register: check_result
register: check_if_allow_install
- debug: var=check_result.stdout
- debug: var=check_if_allow_install.stdout
- fail:
msg: "{{check_result.stdout}}"
when: "'FAILED' in check_result.stdout"
- name: Include task configure-haproxy
include_tasks: "{{ role_path }}/tasks/configure-haproxy.yml"
with_list: "{{domains}}"
msg: "{{check_if_allow_install.stdout}}"
when: "'FAILED' in check_if_allow_install.stdout"
- name: Creates directory to save primary deployments sc_pack.conf.yaml
file:
......@@ -56,9 +62,24 @@
- name: Create credentials
include_tasks: "{{ role_path }}/tasks/credentials.yml"
- name: Install sc_pack
script: "{{ role_path }}/files/install_sc_pack.sh {{ item.value.deployment_name | replace('.', '_') }} {{installers_dir}} {{item.value.install_dir}} {{sc_pack_version}} {{item.value.http_port}} {{item.value.https_port}} {{item.value.humanity_validator_port}} {{ api_access_token }}"
- name: Create deployments
script: "{{ role_path }}/files/create_deploy.sh {{ item.value.deployment_name | replace('.', '_') }} {{installers_dir}} {{item.value.install_dir}} {{item.value.http_port}} {{item.value.https_port}} {{item.value.humanity_validator_port}} {{ api_access_token }}"
with_dict: "{{ deployments }}"
register: create_deploy
- fail:
msg: "{{item.stdout}}"
when: "'FAILED' in item.stdout"
with_items: "{{ create_deploy.results }}"
- name: Create supervisor folder
file:
path: "{{ item }}/supervisor"
mode: 0775
recurse: yes
owner: shimmercat
group: shimmercat
with_list: "{{deployments_dirs}}"
- name: Upload devlove.yaml
template:
......@@ -136,3 +157,12 @@
daemon_reload: yes
name: "sc-{{item.value.deployment_name}}"
with_dict: "{{ deployments }}"
- name: Include task configure-haproxy
include_tasks: "{{ role_path }}/tasks/configure-haproxy.yml"
with_list: "{{domains}}"
- name: Restart haproxy
systemd:
state: restarted
name: haproxy
## Defaults for install_haproxy role
haproxyconfig_option: "option-2" # option-1 or option-2, or option-3, or option-4
......@@ -19,7 +19,7 @@ frontend http_to_https_redirects
mode http
# ShimmerCat can do HTTP to HTTPS redirects, and so can Haproxy
redirect scheme https code 301
redirect scheme https code 301 if !{ ssl_fc }
frontend https
bind *:443
......
......@@ -2,7 +2,7 @@
set -e
echo "Installing requirements"
echo "Installing haproxy requirements"
if ! [ -x "$(command -v pwgen)" ]; then
apt-get --yes --force-yes install pwgen
......
......@@ -13,21 +13,15 @@ listen stats
stats uri /haproxy_stats
stats auth shimmercat:{{ haproxy_auth_pass }}
frontend httpredirects
frontend http_to_https_redirects
bind *:80
timeout client 30m
timeout client 20s
mode http
#http-entry
#http-def-back
#http-backend-bare-entry
# ShimmerCat can do HTTP to HTTPS redirects, and so can Haproxy
redirect scheme https code 301 if !{ ssl_fc }
frontend https
# Temporary bind
bind *:443
timeout client 30m
mode tcp
......@@ -44,14 +38,29 @@ frontend https
# acl is-to-reject src 111.11.11.116 55.55.0.0/16
# tcp-request connection reject if is-to-reject
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
#https-entry
#https-def-back
#https-backend-bare-entry
frontend to_application
bind *:4430
timeout client 30m
timeout server 5m
timeout connect 5m
mode http
#https-redirect-entry
#https-redirect-def-back
#https-redirect-backend-bare-entry
......@@ -15,19 +15,11 @@ listen stats
frontend http_to_https_redirects
bind *:80
timeout client 30m
timeout client 20s
mode http
acl is_wellknown path -i -m beg /.well-known
#http-wellknown-entry
http-request allow if is_wellknown
# ShimmerCat can do HTTP to HTTPS redirects if not is_wellknown, and so can Haproxy
http-request redirect scheme https code 301 if ! is_wellknown
#redirect scheme https code 301 if !{ ssl_fc }
#http-wellknown-backend-bare-entry
# ShimmerCat can do HTTP to HTTPS redirects, and so can Haproxy
redirect scheme https code 301 if !{ ssl_fc }
frontend https
bind *:443
......
......@@ -13,21 +13,15 @@ listen stats
stats uri /haproxy_stats
stats auth shimmercat:{{ haproxy_auth_pass }}
frontend httpredirects
frontend http_to_https_redirects
bind *:80
timeout client 30m
timeout client 20s
mode http
#http-entry
#http-def-back
#http-backend-bare-entry
# ShimmerCat can do HTTP to HTTPS redirects, and so can Haproxy
redirect scheme https code 301 if !{ ssl_fc }
frontend https
# Temporary bind
bind *:443
timeout client 30m
mode tcp
......@@ -44,14 +38,29 @@ frontend https
# acl is-to-reject src 111.11.11.116 55.55.0.0/16
# tcp-request connection reject if is-to-reject
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
#https-entry
#https-def-back
#https-backend-bare-entry
frontend to_application
bind *:4430
timeout client 30m
timeout server 5m
timeout connect 5m
mode http
#https-redirect-entry
#https-redirect-def-back
#https-redirect-backend-bare-entry
......@@ -15,19 +15,11 @@ listen stats
frontend http_to_https_redirects
bind *:80
timeout client 30m
timeout client 20s
mode http
acl is_wellknown path -i -m beg /.well-known
#http-wellknown-entry
http-request allow if is_wellknown
# ShimmerCat can do HTTP to HTTPS redirects if not is_wellknown, and so can Haproxy
http-request redirect scheme https code 301 if ! is_wellknown
#redirect scheme https code 301 if !{ ssl_fc }
#http-wellknown-backend-bare-entry
# ShimmerCat can do HTTP to HTTPS redirects, and so can Haproxy
redirect scheme https code 301 if !{ ssl_fc }
frontend https
bind *:443
......
## Defaults for run_install_haproxy_exporter role
haproxy_exporter_port: 9101
......@@ -6,7 +6,8 @@ echo "Installing updating packages"
apt-get --yes --force-yes install locales
locale-gen en_US.UTF-8
export LANG="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
apt-get --yes --force-yes install wget
## Defaults for install_prometheus_node_exporter role
prometheus_node_exporter_port: 9112
## Defaults for install_requirements role
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment