add VM and docker compose for concourse
This commit is contained in:
parent
4c35512e62
commit
e5a0727375
9 changed files with 107 additions and 11 deletions
|
@ -1,4 +1,8 @@
|
||||||
all:
|
all:
|
||||||
|
hosts:
|
||||||
|
concourse:
|
||||||
|
ansible_user: root
|
||||||
|
ansible_host: concourse.dmz
|
||||||
children:
|
children:
|
||||||
dataserver:
|
dataserver:
|
||||||
hosts:
|
hosts:
|
||||||
|
|
15
ansible/playbooks/concourse.yml
Normal file
15
ansible/playbooks/concourse.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
- name: Install Concourse
|
||||||
|
hosts: concourse
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- name: Delete externally managed environment file
|
||||||
|
shell:
|
||||||
|
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
|
||||||
|
register: rm
|
||||||
|
changed_when: "rm.rc == 0"
|
||||||
|
failed_when: "false"
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- {role: apt, tags: apt}
|
||||||
|
- {role: docker, tags: docker}
|
||||||
|
- {role: concourse, tags: concourse}
|
|
@ -51,4 +51,3 @@
|
||||||
roles:
|
roles:
|
||||||
- {role: apt, tags: apt}
|
- {role: apt, tags: apt}
|
||||||
- {role: deploy_ssh_certificates, tags: deploy_ssh_certificates}
|
- {role: deploy_ssh_certificates, tags: deploy_ssh_certificates}
|
||||||
- {role: docker, tags: docker}
|
|
38
ansible/roles/concourse/docker-compose.yml.j2
Normal file
38
ansible/roles/concourse/docker-compose.yml.j2
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# vi: ft=yaml
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
concourse-db:
|
||||||
|
image: postgres
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: concourse
|
||||||
|
POSTGRES_PASSWORD: {{ postgres_password }}
|
||||||
|
POSTGRES_USER: concourse_user
|
||||||
|
PGDATA: /database
|
||||||
|
volumes:
|
||||||
|
- /mnt/data/concourse:/database
|
||||||
|
|
||||||
|
concourse:
|
||||||
|
image: concourse/concourse
|
||||||
|
command: quickstart
|
||||||
|
privileged: true
|
||||||
|
depends_on: [concourse-db]
|
||||||
|
ports: ["3000:8080"]
|
||||||
|
environment:
|
||||||
|
CONCOURSE_POSTGRES_HOST: concourse-db
|
||||||
|
CONCOURSE_POSTGRES_USER: concourse_user
|
||||||
|
CONCOURSE_POSTGRES_PASSWORD: {{ postgres_password }}
|
||||||
|
CONCOURSE_POSTGRES_DATABASE: concourse
|
||||||
|
CONCOURSE_EXTERNAL_URL: https://concourse.pim.kunis.nl:444
|
||||||
|
CONCOURSE_ADD_LOCAL_USER: admin:{{ admin_password }}
|
||||||
|
CONCOURSE_MAIN_TEAM_LOCAL_USER: test
|
||||||
|
# instead of relying on the default "detect"
|
||||||
|
CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER: overlay
|
||||||
|
CONCOURSE_CLIENT_SECRET: {{ client_secret }}
|
||||||
|
CONCOURSE_TSA_CLIENT_SECRET: {{ client_secret }}
|
||||||
|
CONCOURSE_X_FRAME_OPTIONS: allow
|
||||||
|
CONCOURSE_CONTENT_SECURITY_POLICY: "*"
|
||||||
|
CONCOURSE_CLUSTER_NAME: tutorial
|
||||||
|
CONCOURSE_WORKER_CONTAINERD_DNS_SERVER: "192.168.30.8"
|
||||||
|
# For ARM-based machine, change the Concourse runtime to "houdini"
|
||||||
|
CONCOURSE_WORKER_RUNTIME: "containerd"
|
15
ansible/roles/concourse/tasks/main.yml
Normal file
15
ansible/roles/concourse/tasks/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
- name: Create working directory
|
||||||
|
file:
|
||||||
|
path: /srv/concourse
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy Docker compose
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/docker-compose.yml.j2"
|
||||||
|
dest: /srv/concourse/docker-compose.yml
|
||||||
|
|
||||||
|
- name: Start the Docker Compose
|
||||||
|
docker_compose:
|
||||||
|
project_src: /srv/concourse
|
||||||
|
pull: true
|
||||||
|
remove_orphans: true
|
25
ansible/roles/concourse/vars/main.yml
Normal file
25
ansible/roles/concourse/vars/main.yml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
admin_password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
64656535303535626562666132643334616133313463336437623732313265313963376234316630
|
||||||
|
3966346366383561333938613332326132623431376264360a343664386634626133346263633337
|
||||||
|
66643161393166303831303764623930633232666135303962616230613638303339396264396338
|
||||||
|
6230396530616466370a393036366434613933306161366661626138346236643238643130636337
|
||||||
|
62633861393338643639623866366161396232636465636163626233316663396665666435643836
|
||||||
|
6436346533356165646230643435366432313764326630343633
|
||||||
|
client_secret: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
34363932333537356530353931636537376364663431346136373834313638616266643238326265
|
||||||
|
3634316131636232336134666662356565386132326666300a363362663438636461626134376635
|
||||||
|
61653261383336313261626664373830313038366462613464356139386535613138313037643835
|
||||||
|
3630363033623434300a306263323163623766316238363635373834323165626533656330323535
|
||||||
|
36613833616538613864393735366137613631356538323533396437343566396138363636333136
|
||||||
|
62353636666639343037663230333961366565323839363362616239313133346666663634366662
|
||||||
|
643433346433616430646335383864643466
|
||||||
|
postgres_password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
62616561343739636436323266306137653363313038636166303731383037613337643962313038
|
||||||
|
3066393231613665613836356638636166393638386432660a656134323633313963336331333262
|
||||||
|
30353065633264616161363661386466353665303561393337366666623239323734393831633439
|
||||||
|
3263653064313533330a383161366130633231356466663363643664343062323561623438663862
|
||||||
|
39333466386563336631346538383533623961653434343663653138306531333165646431376236
|
||||||
|
3864333365353437666566363266323932636533626530333466
|
6
terraform/.gitignore
vendored
6
terraform/.gitignore
vendored
|
@ -10,8 +10,8 @@ crash.log
|
||||||
crash.*.log
|
crash.*.log
|
||||||
|
|
||||||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
|
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
|
||||||
# password, private keys, and other secrets. These should not be part of version
|
# password, private keys, and other secrets. These should not be part of version
|
||||||
# control as they are data points which are potentially sensitive and subject
|
# control as they are data points which are potentially sensitive and subject
|
||||||
# to change depending on the environment.
|
# to change depending on the environment.
|
||||||
*.tfvars
|
*.tfvars
|
||||||
*.tfvars.json
|
*.tfvars.json
|
||||||
|
@ -34,3 +34,5 @@ override.tf.json
|
||||||
terraform.rc
|
terraform.rc
|
||||||
.terraform.lock.hcl
|
.terraform.lock.hcl
|
||||||
*.tfbackend
|
*.tfbackend
|
||||||
|
|
||||||
|
.vault_password
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
terraform {
|
terraform {
|
||||||
backend "pg" {
|
backend "pg" {
|
||||||
schema_name = "alexander"
|
schema_name = "concourse"
|
||||||
conn_str = "postgres://terraform@10.42.0.1/terraform_state"
|
conn_str = "postgres://terraform@10.42.0.1/terraform_state"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -15,12 +15,10 @@ provider "libvirt" {
|
||||||
uri = "qemu+ssh://root@lewis.hyp/system"
|
uri = "qemu+ssh://root@lewis.hyp/system"
|
||||||
}
|
}
|
||||||
|
|
||||||
module "alexander" {
|
module "concourse" {
|
||||||
source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
|
source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
|
||||||
name = "alexander"
|
name = "concourse"
|
||||||
domain_name = "tf-alexander"
|
domain_name = "tf-concourse"
|
||||||
|
memory = 1024 * 4
|
||||||
hypervisor_host = "lewis.hyp"
|
hypervisor_host = "lewis.hyp"
|
||||||
mac = "CA:FE:C0:FF:EE:0B"
|
|
||||||
memory = 1024 * 2
|
|
||||||
insecure_password = true
|
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue