diff --git a/bootstrap.yml b/bootstrap.yml index a45d636..b041528 100644 --- a/bootstrap.yml +++ b/bootstrap.yml @@ -1,6 +1,6 @@ --- - name: Creating compose from template - hosts: server + hosts: localhost gather_facts: false tasks: - name: Generate password for Keycloak password @@ -71,6 +71,32 @@ ansible.builtin.wait_for: timeout: 30 + # - name: Adding root cert to grafana image + # community.docker.docker_container_copy_into: + # container: infra-grafana + # path: files/mforcen.crt + # container_path: /etc/ssl/mforcen.crt + # + # - name: Creating ssl folder + # community.docker.docker_container_exec: + # container: infra-grafana + # command: mkdir /ssl + # user: 0 + # + # - name: Adding fullchain cert to grafana container + # community.docker.docker_container_copy_into: + # container: infra-grafana + # path: files/grafana.mforcen.dev.fullchain.pem + # container_path: /ssl/grafana.mforcen.dev.fullchain.pem + # mode: 0755 + # + # - name: Adding key to grafana container + # community.docker.docker_container_copy_into: + # container: infra-grafana + # path: files/grafana.mforcen.dev.key + # container_path: /ssl/grafana.mforcen.dev.key + # mode: 0755 + - name: Wait for keycloak to be ready ansible.builtin.wait_for: timeout: 60 @@ -109,3 +135,18 @@ client_authenticator_type: client-secret id: a6960246-4aa9-495f-8843-69d664dba0ea secret: "{{ grafana_kc_client_secret }}" + + # - name: Create grafana config ini file + # ansible.builtin.template: + # src: grafana.ini + # dest: ../grafana.ini + # + # - name: Stopping grafana container + # community.docker.docker_container: + # name: infra-grafana + # state: stopped + # + # - name: Starting grafana container + # community.docker.docker_container: + # name: infra-grafana + # state: started diff --git a/inventory.yml b/inventory.yml index 640f6f2..bd294ec 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,5 +1,3 @@ -server: - hosts: - mforcen.dev: - ansible_user: forcen - ansible_port: 9022 +mforcen.dev: + ansible_user: forcen + ansible_port: 9022 diff --git a/teardown.yml b/teardown.yml deleted file mode 100644 index bd76513..0000000 --- a/teardown.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Creating compose from template - hosts: server - gather_facts: false - tasks: - - name: Tearing down Compose file - community.docker.docker_compose_v2: - project_src: /opt/infra - files: - - compose.yml - state: absent - remove_volumes: true - - - name: Deleting infra folder contents - ansible.builtin.command: rm -r /opt/infra/* diff --git a/templates/compose.yml b/templates/compose.yml index 5e7a9b9..3fd1a37 100644 --- a/templates/compose.yml +++ b/templates/compose.yml @@ -1,5 +1,6 @@ services: database: + image: postgres:17 container_name: infra-db restart: unless-stopped @@ -42,14 +43,6 @@ services: KC_HTTPS_PORT: 443 depends_on: - database - labels: - - traefik.enable=true - - traefik.tcp.routers.keycloak.rule=HostSNI(`sso.mforcen.dev`) - - traefik.tcp.routers.keycloak.entrypoints=websecure - - traefik.tcp.routers.keycloak.service=keycloak - - traefik.tcp.routers.keycloak.tls=true - - traefik.tcp.routers.keycloak.tls.passthrough=true - - traefik.tcp.services.keycloak.loadbalancer.server.port=443 grafana: container_name: infra-grafana @@ -80,7 +73,7 @@ services: GF_SERVER_PORT: 443 GF_SERVER_DOMAIN: grafana.mforcen.dev GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem - GF_SERVER_CERT_KEY: /ssl/grafana.mforcen.dev.key + GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key GF_AUTH_GENERIC_OAUTH_NAME: SSO GF_AUTH_GENERIC_OAUTH_ENABLED: true GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana @@ -92,14 +85,6 @@ services: GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo - labels: - - traefik.enable=true - - traefik.tcp.routers.grafana.rule=HostSNI(`grafana.mforcen.dev`) - - traefik.tcp.routers.grafana.entrypoints=websecure - - traefik.tcp.routers.grafana.service=grafana - - traefik.tcp.routers.grafana.tls=true - - traefik.tcp.routers.grafana.tls.passthrough=true - - traefik.tcp.services.grafana.loadbalancer.server.port=443 volumes: psql-data: