add VM and docker compose for concourse

This commit is contained in:
Pim Kunis 2023-05-22 22:28:58 +02:00
parent 4c35512e62
commit e5a0727375
9 changed files with 107 additions and 11 deletions

View file

@ -1,4 +1,8 @@
all: all:
hosts:
concourse:
ansible_user: root
ansible_host: concourse.dmz
children: children:
dataserver: dataserver:
hosts: hosts:

View file

@ -0,0 +1,15 @@
- name: Install Concourse
hosts: concourse
pre_tasks:
- name: Delete externally managed environment file
shell:
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
register: rm
changed_when: "rm.rc == 0"
failed_when: "false"
roles:
- {role: apt, tags: apt}
- {role: docker, tags: docker}
- {role: concourse, tags: concourse}

View file

@ -51,4 +51,3 @@
roles: roles:
- {role: apt, tags: apt} - {role: apt, tags: apt}
- {role: deploy_ssh_certificates, tags: deploy_ssh_certificates} - {role: deploy_ssh_certificates, tags: deploy_ssh_certificates}
- {role: docker, tags: docker}

View file

@ -0,0 +1,38 @@
# vi: ft=yaml
version: '3'
services:
concourse-db:
image: postgres
environment:
POSTGRES_DB: concourse
POSTGRES_PASSWORD: {{ postgres_password }}
POSTGRES_USER: concourse_user
PGDATA: /database
volumes:
- /mnt/data/concourse:/database
concourse:
image: concourse/concourse
command: quickstart
privileged: true
depends_on: [concourse-db]
ports: ["3000:8080"]
environment:
CONCOURSE_POSTGRES_HOST: concourse-db
CONCOURSE_POSTGRES_USER: concourse_user
CONCOURSE_POSTGRES_PASSWORD: {{ postgres_password }}
CONCOURSE_POSTGRES_DATABASE: concourse
CONCOURSE_EXTERNAL_URL: https://concourse.pim.kunis.nl:444
CONCOURSE_ADD_LOCAL_USER: admin:{{ admin_password }}
CONCOURSE_MAIN_TEAM_LOCAL_USER: test
# instead of relying on the default "detect"
CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER: overlay
CONCOURSE_CLIENT_SECRET: {{ client_secret }}
CONCOURSE_TSA_CLIENT_SECRET: {{ client_secret }}
CONCOURSE_X_FRAME_OPTIONS: allow
CONCOURSE_CONTENT_SECURITY_POLICY: "*"
CONCOURSE_CLUSTER_NAME: tutorial
CONCOURSE_WORKER_CONTAINERD_DNS_SERVER: "192.168.30.8"
# For ARM-based machine, change the Concourse runtime to "houdini"
CONCOURSE_WORKER_RUNTIME: "containerd"

View file

@ -0,0 +1,15 @@
- name: Create working directory
file:
path: /srv/concourse
state: directory
- name: Copy Docker compose
template:
src: "{{ role_path }}/docker-compose.yml.j2"
dest: /srv/concourse/docker-compose.yml
- name: Start the Docker Compose
docker_compose:
project_src: /srv/concourse
pull: true
remove_orphans: true

View file

@ -0,0 +1,25 @@
admin_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
64656535303535626562666132643334616133313463336437623732313265313963376234316630
3966346366383561333938613332326132623431376264360a343664386634626133346263633337
66643161393166303831303764623930633232666135303962616230613638303339396264396338
6230396530616466370a393036366434613933306161366661626138346236643238643130636337
62633861393338643639623866366161396232636465636163626233316663396665666435643836
6436346533356165646230643435366432313764326630343633
client_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
34363932333537356530353931636537376364663431346136373834313638616266643238326265
3634316131636232336134666662356565386132326666300a363362663438636461626134376635
61653261383336313261626664373830313038366462613464356139386535613138313037643835
3630363033623434300a306263323163623766316238363635373834323165626533656330323535
36613833616538613864393735366137613631356538323533396437343566396138363636333136
62353636666639343037663230333961366565323839363362616239313133346666663634366662
643433346433616430646335383864643466
postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62616561343739636436323266306137653363313038636166303731383037613337643962313038
3066393231613665613836356638636166393638386432660a656134323633313963336331333262
30353065633264616161363661386466353665303561393337366666623239323734393831633439
3263653064313533330a383161366130633231356466663363643664343062323561623438663862
39333466386563336631346538383533623961653434343663653138306531333165646431376236
3864333365353437666566363266323932636533626530333466

View file

@ -10,8 +10,8 @@ crash.log
crash.*.log crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as # Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version # password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject # control as they are data points which are potentially sensitive and subject
# to change depending on the environment. # to change depending on the environment.
*.tfvars *.tfvars
*.tfvars.json *.tfvars.json
@ -34,3 +34,5 @@ override.tf.json
terraform.rc terraform.rc
.terraform.lock.hcl .terraform.lock.hcl
*.tfbackend *.tfbackend
.vault_password

View file

@ -1,6 +1,6 @@
terraform { terraform {
backend "pg" { backend "pg" {
schema_name = "alexander" schema_name = "concourse"
conn_str = "postgres://terraform@10.42.0.1/terraform_state" conn_str = "postgres://terraform@10.42.0.1/terraform_state"
} }
@ -15,12 +15,10 @@ provider "libvirt" {
uri = "qemu+ssh://root@lewis.hyp/system" uri = "qemu+ssh://root@lewis.hyp/system"
} }
module "alexander" { module "concourse" {
source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
name = "alexander" name = "concourse"
domain_name = "tf-alexander" domain_name = "tf-concourse"
memory = 1024 * 4
hypervisor_host = "lewis.hyp" hypervisor_host = "lewis.hyp"
mac = "CA:FE:C0:FF:EE:0B"
memory = 1024 * 2
insecure_password = true
} }