From e50d1309af17f91f2428bbd13709875e3d79c37e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Forc=C3=A9n=20Mu=C3=B1oz?= Date: Sat, 19 Oct 2024 19:11:41 +0200 Subject: [PATCH 1/4] Added teardown --- teardown.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 teardown.yml diff --git a/teardown.yml b/teardown.yml new file mode 100644 index 0000000..bd76513 --- /dev/null +++ b/teardown.yml @@ -0,0 +1,15 @@ +--- +- name: Creating compose from template + hosts: server + gather_facts: false + tasks: + - name: Tearing down Compose file + community.docker.docker_compose_v2: + project_src: /opt/infra + files: + - compose.yml + state: absent + remove_volumes: true + + - name: Deleting infra folder contents + ansible.builtin.command: rm -r /opt/infra/* From 5cf348e699c4f320528b0ea877cc69fb97075c93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Forc=C3=A9n=20Mu=C3=B1oz?= Date: Sat, 19 Oct 2024 19:11:49 +0200 Subject: [PATCH 2/4] Fixed inventory --- inventory.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/inventory.yml b/inventory.yml index bd294ec..640f6f2 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,3 +1,5 @@ -mforcen.dev: - ansible_user: forcen - ansible_port: 9022 +server: + hosts: + mforcen.dev: + ansible_user: forcen + ansible_port: 9022 From 09385a685bb8fb2f6878c51d66fbe2839a07641a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Forc=C3=A9n=20Mu=C3=B1oz?= Date: Sat, 19 Oct 2024 19:12:01 +0200 Subject: [PATCH 3/4] Removed unnecesary comments --- bootstrap.yml | 43 +------------------------------------------ 1 file changed, 1 insertion(+), 42 deletions(-) diff --git a/bootstrap.yml b/bootstrap.yml index b041528..a45d636 100644 --- a/bootstrap.yml +++ b/bootstrap.yml @@ -1,6 +1,6 @@ --- - name: Creating compose from template - hosts: localhost + hosts: server gather_facts: false tasks: - name: Generate password for Keycloak password @@ -71,32 +71,6 @@ ansible.builtin.wait_for: timeout: 30 - # - name: Adding root cert to grafana image - # community.docker.docker_container_copy_into: - # container: infra-grafana - # path: files/mforcen.crt - # container_path: /etc/ssl/mforcen.crt - # - # - name: Creating ssl folder - # community.docker.docker_container_exec: - # container: infra-grafana - # command: mkdir /ssl - # user: 0 - # - # - name: Adding fullchain cert to grafana container - # community.docker.docker_container_copy_into: - # container: infra-grafana - # path: files/grafana.mforcen.dev.fullchain.pem - # container_path: /ssl/grafana.mforcen.dev.fullchain.pem - # mode: 0755 - # - # - name: Adding key to grafana container - # community.docker.docker_container_copy_into: - # container: infra-grafana - # path: files/grafana.mforcen.dev.key - # container_path: /ssl/grafana.mforcen.dev.key - # mode: 0755 - - name: Wait for keycloak to be ready ansible.builtin.wait_for: timeout: 60 @@ -135,18 +109,3 @@ client_authenticator_type: client-secret id: a6960246-4aa9-495f-8843-69d664dba0ea secret: "{{ grafana_kc_client_secret }}" - - # - name: Create grafana config ini file - # ansible.builtin.template: - # src: grafana.ini - # dest: ../grafana.ini - # - # - name: Stopping grafana container - # community.docker.docker_container: - # name: infra-grafana - # state: stopped - # - # - name: Starting grafana container - # community.docker.docker_container: - # name: infra-grafana - # state: started From 1ea1baa57c3809111174a2f64a63f8039b9d7060 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Forc=C3=A9n=20Mu=C3=B1oz?= Date: Sat, 19 Oct 2024 19:12:11 +0200 Subject: [PATCH 4/4] Added traefik router labels --- templates/compose.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/templates/compose.yml b/templates/compose.yml index 3fd1a37..5e7a9b9 100644 --- a/templates/compose.yml +++ b/templates/compose.yml @@ -1,6 +1,5 @@ services: database: - image: postgres:17 container_name: infra-db restart: unless-stopped @@ -43,6 +42,14 @@ services: KC_HTTPS_PORT: 443 depends_on: - database + labels: + - traefik.enable=true + - traefik.tcp.routers.keycloak.rule=HostSNI(`sso.mforcen.dev`) + - traefik.tcp.routers.keycloak.entrypoints=websecure + - traefik.tcp.routers.keycloak.service=keycloak + - traefik.tcp.routers.keycloak.tls=true + - traefik.tcp.routers.keycloak.tls.passthrough=true + - traefik.tcp.services.keycloak.loadbalancer.server.port=443 grafana: container_name: infra-grafana @@ -73,7 +80,7 @@ services: GF_SERVER_PORT: 443 GF_SERVER_DOMAIN: grafana.mforcen.dev GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem - GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key + GF_SERVER_CERT_KEY: /ssl/grafana.mforcen.dev.key GF_AUTH_GENERIC_OAUTH_NAME: SSO GF_AUTH_GENERIC_OAUTH_ENABLED: true GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana @@ -85,6 +92,14 @@ services: GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo + labels: + - traefik.enable=true + - traefik.tcp.routers.grafana.rule=HostSNI(`grafana.mforcen.dev`) + - traefik.tcp.routers.grafana.entrypoints=websecure + - traefik.tcp.routers.grafana.service=grafana + - traefik.tcp.routers.grafana.tls=true + - traefik.tcp.routers.grafana.tls.passthrough=true + - traefik.tcp.services.grafana.loadbalancer.server.port=443 volumes: psql-data: