From e5a072737555a1d8c7753b9c122eb7c7a7ed5672 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 22 May 2023 22:28:58 +0200 Subject: [PATCH] add VM and docker compose for concourse --- README.md => ansible/README.md | 0 ansible/inventory/hosts.yml | 4 ++ ansible/playbooks/concourse.yml | 15 ++++++++ ansible/{ => playbooks}/lewis.yml | 1 - ansible/roles/concourse/docker-compose.yml.j2 | 38 +++++++++++++++++++ ansible/roles/concourse/tasks/main.yml | 15 ++++++++ ansible/roles/concourse/vars/main.yml | 25 ++++++++++++ terraform/.gitignore | 6 ++- terraform/main.tf | 14 +++---- 9 files changed, 107 insertions(+), 11 deletions(-) rename README.md => ansible/README.md (100%) create mode 100644 ansible/playbooks/concourse.yml rename ansible/{ => playbooks}/lewis.yml (97%) create mode 100644 ansible/roles/concourse/docker-compose.yml.j2 create mode 100644 ansible/roles/concourse/tasks/main.yml create mode 100644 ansible/roles/concourse/vars/main.yml diff --git a/README.md b/ansible/README.md similarity index 100% rename from README.md rename to ansible/README.md diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index b4a1808..b682678 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -1,4 +1,8 @@ all: + hosts: + concourse: + ansible_user: root + ansible_host: concourse.dmz children: dataserver: hosts: diff --git a/ansible/playbooks/concourse.yml b/ansible/playbooks/concourse.yml new file mode 100644 index 0000000..fcfcd60 --- /dev/null +++ b/ansible/playbooks/concourse.yml @@ -0,0 +1,15 @@ +- name: Install Concourse + hosts: concourse + + pre_tasks: + - name: Delete externally managed environment file + shell: + cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED" + register: rm + changed_when: "rm.rc == 0" + failed_when: "false" + + roles: + - {role: apt, tags: apt} + - {role: docker, tags: docker} + - {role: concourse, tags: concourse} diff --git a/ansible/lewis.yml b/ansible/playbooks/lewis.yml similarity index 97% rename from ansible/lewis.yml rename to ansible/playbooks/lewis.yml index a8c426b..93da04a 100644 --- a/ansible/lewis.yml +++ b/ansible/playbooks/lewis.yml @@ -51,4 +51,3 @@ roles: - {role: apt, tags: apt} - {role: deploy_ssh_certificates, tags: deploy_ssh_certificates} - - {role: docker, tags: docker} diff --git a/ansible/roles/concourse/docker-compose.yml.j2 b/ansible/roles/concourse/docker-compose.yml.j2 new file mode 100644 index 0000000..ce9083b --- /dev/null +++ b/ansible/roles/concourse/docker-compose.yml.j2 @@ -0,0 +1,38 @@ +# vi: ft=yaml +version: '3' + +services: + concourse-db: + image: postgres + environment: + POSTGRES_DB: concourse + POSTGRES_PASSWORD: {{ postgres_password }} + POSTGRES_USER: concourse_user + PGDATA: /database + volumes: + - /mnt/data/concourse:/database + + concourse: + image: concourse/concourse + command: quickstart + privileged: true + depends_on: [concourse-db] + ports: ["3000:8080"] + environment: + CONCOURSE_POSTGRES_HOST: concourse-db + CONCOURSE_POSTGRES_USER: concourse_user + CONCOURSE_POSTGRES_PASSWORD: {{ postgres_password }} + CONCOURSE_POSTGRES_DATABASE: concourse + CONCOURSE_EXTERNAL_URL: https://concourse.pim.kunis.nl:444 + CONCOURSE_ADD_LOCAL_USER: admin:{{ admin_password }} + CONCOURSE_MAIN_TEAM_LOCAL_USER: test + # instead of relying on the default "detect" + CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER: overlay + CONCOURSE_CLIENT_SECRET: {{ client_secret }} + CONCOURSE_TSA_CLIENT_SECRET: {{ client_secret }} + CONCOURSE_X_FRAME_OPTIONS: allow + CONCOURSE_CONTENT_SECURITY_POLICY: "*" + CONCOURSE_CLUSTER_NAME: tutorial + CONCOURSE_WORKER_CONTAINERD_DNS_SERVER: "192.168.30.8" + # For ARM-based machine, change the Concourse runtime to "houdini" + CONCOURSE_WORKER_RUNTIME: "containerd" diff --git a/ansible/roles/concourse/tasks/main.yml b/ansible/roles/concourse/tasks/main.yml new file mode 100644 index 0000000..a38134f --- /dev/null +++ b/ansible/roles/concourse/tasks/main.yml @@ -0,0 +1,15 @@ +- name: Create working directory + file: + path: /srv/concourse + state: directory + +- name: Copy Docker compose + template: + src: "{{ role_path }}/docker-compose.yml.j2" + dest: /srv/concourse/docker-compose.yml + +- name: Start the Docker Compose + docker_compose: + project_src: /srv/concourse + pull: true + remove_orphans: true diff --git a/ansible/roles/concourse/vars/main.yml b/ansible/roles/concourse/vars/main.yml new file mode 100644 index 0000000..aba14a8 --- /dev/null +++ b/ansible/roles/concourse/vars/main.yml @@ -0,0 +1,25 @@ +admin_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64656535303535626562666132643334616133313463336437623732313265313963376234316630 + 3966346366383561333938613332326132623431376264360a343664386634626133346263633337 + 66643161393166303831303764623930633232666135303962616230613638303339396264396338 + 6230396530616466370a393036366434613933306161366661626138346236643238643130636337 + 62633861393338643639623866366161396232636465636163626233316663396665666435643836 + 6436346533356165646230643435366432313764326630343633 +client_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 34363932333537356530353931636537376364663431346136373834313638616266643238326265 + 3634316131636232336134666662356565386132326666300a363362663438636461626134376635 + 61653261383336313261626664373830313038366462613464356139386535613138313037643835 + 3630363033623434300a306263323163623766316238363635373834323165626533656330323535 + 36613833616538613864393735366137613631356538323533396437343566396138363636333136 + 62353636666639343037663230333961366565323839363362616239313133346666663634366662 + 643433346433616430646335383864643466 +postgres_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62616561343739636436323266306137653363313038636166303731383037613337643962313038 + 3066393231613665613836356638636166393638386432660a656134323633313963336331333262 + 30353065633264616161363661386466353665303561393337366666623239323734393831633439 + 3263653064313533330a383161366130633231356466663363643664343062323561623438663862 + 39333466386563336631346538383533623961653434343663653138306531333165646431376236 + 3864333365353437666566363266323932636533626530333466 diff --git a/terraform/.gitignore b/terraform/.gitignore index 3906290..33b954c 100644 --- a/terraform/.gitignore +++ b/terraform/.gitignore @@ -10,8 +10,8 @@ crash.log crash.*.log # Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject # to change depending on the environment. *.tfvars *.tfvars.json @@ -34,3 +34,5 @@ override.tf.json terraform.rc .terraform.lock.hcl *.tfbackend + +.vault_password diff --git a/terraform/main.tf b/terraform/main.tf index 68a5741..33e59bd 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,6 +1,6 @@ terraform { backend "pg" { - schema_name = "alexander" + schema_name = "concourse" conn_str = "postgres://terraform@10.42.0.1/terraform_state" } @@ -15,12 +15,10 @@ provider "libvirt" { uri = "qemu+ssh://root@lewis.hyp/system" } -module "alexander" { - source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" - name = "alexander" - domain_name = "tf-alexander" +module "concourse" { + source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" + name = "concourse" + domain_name = "tf-concourse" + memory = 1024 * 4 hypervisor_host = "lewis.hyp" - mac = "CA:FE:C0:FF:EE:0B" - memory = 1024 * 2 - insecure_password = true }