Added traefik router labels

Removed unnecesary comments
Fixed inventory
2024-10-19 19:12:11 +02:00 · 2024-10-19 19:12:01 +02:00 · 2024-10-19 19:11:49 +02:00 · 2024-10-19 19:11:41 +02:00
4 changed files with 38 additions and 47 deletions
--- a/bootstrap.yml
+++ b/bootstrap.yml
@ -1,6 +1,6 @@
 ---
 - name: Creating compose from template
-  hosts: localhost
+  hosts: server
  gather_facts: false
  tasks:
  - name: Generate password for Keycloak password
@ -71,32 +71,6 @@
    ansible.builtin.wait_for:
      timeout: 30

-    #  - name: Adding root cert to grafana image
-    #    community.docker.docker_container_copy_into:
-    #      container: infra-grafana
-    #      path: files/mforcen.crt
-    #      container_path: /etc/ssl/mforcen.crt
-    #
-    #  - name: Creating ssl folder
-    #    community.docker.docker_container_exec:
-    #      container: infra-grafana
-    #      command: mkdir /ssl
-    #      user: 0
-    #
-    #  - name: Adding fullchain cert to grafana container
-    #    community.docker.docker_container_copy_into:
-    #      container: infra-grafana
-    #      path: files/grafana.mforcen.dev.fullchain.pem
-    #      container_path: /ssl/grafana.mforcen.dev.fullchain.pem
-    #      mode: 0755
-    #
-    #  - name: Adding key to grafana container
-    #    community.docker.docker_container_copy_into:
-    #      container: infra-grafana
-    #      path: files/grafana.mforcen.dev.key
-    #      container_path: /ssl/grafana.mforcen.dev.key
-    #      mode: 0755
-
  - name: Wait for keycloak to be ready
    ansible.builtin.wait_for:
      timeout: 60
@ -135,18 +109,3 @@
      client_authenticator_type: client-secret
      id: a6960246-4aa9-495f-8843-69d664dba0ea
      secret: "{{ grafana_kc_client_secret }}"
-
-    #  - name: Create grafana config ini file
-    #    ansible.builtin.template:
-    #      src: grafana.ini
-    #      dest: ../grafana.ini
-    #        
-    #  - name: Stopping grafana container
-    #    community.docker.docker_container:
-    #      name: infra-grafana
-    #      state: stopped
-    #
-    #  - name: Starting grafana container
-    #    community.docker.docker_container:
-    #      name: infra-grafana
-    #      state: started
--- a/inventory.yml
+++ b/inventory.yml
@ -1,3 +1,5 @@
-mforcen.dev:
-  ansible_user: forcen
-  ansible_port: 9022
+server:
+  hosts:
+    mforcen.dev:
+      ansible_user: forcen
+      ansible_port: 9022
--- a/teardown.yml
+++ b/teardown.yml
@ -0,0 +1,15 @@
+---
+- name: Creating compose from template
+  hosts: server
+  gather_facts: false
+  tasks:
+  - name: Tearing down Compose file
+    community.docker.docker_compose_v2:
+      project_src: /opt/infra
+      files:
+      - compose.yml
+      state: absent
+      remove_volumes: true
+
+  - name: Deleting infra folder contents
+    ansible.builtin.command: rm -r /opt/infra/*
--- a/templates/compose.yml
+++ b/templates/compose.yml
@ -1,6 +1,5 @@
 services:
  database:
-
    image: postgres:17
    container_name: infra-db
    restart: unless-stopped
@ -43,6 +42,14 @@ services:
      KC_HTTPS_PORT: 443
    depends_on:
      - database
+    labels:
+      - traefik.enable=true
+      - traefik.tcp.routers.keycloak.rule=HostSNI(`sso.mforcen.dev`)
+      - traefik.tcp.routers.keycloak.entrypoints=websecure
+      - traefik.tcp.routers.keycloak.service=keycloak
+      - traefik.tcp.routers.keycloak.tls=true
+      - traefik.tcp.routers.keycloak.tls.passthrough=true
+      - traefik.tcp.services.keycloak.loadbalancer.server.port=443
      
  grafana:
    container_name: infra-grafana
@ -73,7 +80,7 @@ services:
      GF_SERVER_PORT: 443
      GF_SERVER_DOMAIN: grafana.mforcen.dev
      GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem
-      GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key
+      GF_SERVER_CERT_KEY: /ssl/grafana.mforcen.dev.key
      GF_AUTH_GENERIC_OAUTH_NAME: SSO
      GF_AUTH_GENERIC_OAUTH_ENABLED: true
      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
@ -85,6 +92,14 @@ services:
      GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth
      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token
      GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo
+    labels:
+      - traefik.enable=true
+      - traefik.tcp.routers.grafana.rule=HostSNI(`grafana.mforcen.dev`)
+      - traefik.tcp.routers.grafana.entrypoints=websecure
+      - traefik.tcp.routers.grafana.service=grafana
+      - traefik.tcp.routers.grafana.tls=true
+      - traefik.tcp.routers.grafana.tls.passthrough=true
+      - traefik.tcp.services.grafana.loadbalancer.server.port=443

 volumes:
  psql-data:
Author	SHA1	Message	Date
Manuel Forcén Muñoz	1ea1baa57c	Added traefik router labels	2024-10-19 19:12:11 +02:00
Manuel Forcén Muñoz	09385a685b	Removed unnecesary comments	2024-10-19 19:12:01 +02:00
Manuel Forcén Muñoz	5cf348e699	Fixed inventory	2024-10-19 19:11:49 +02:00
Manuel Forcén Muñoz	e50d1309af	Added teardown	2024-10-19 19:11:41 +02:00