forcen/infra-iac
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: forcen:5a8faf7d566302f5b8a6c85aeb4c668f3ce07673
Branches Tags
forcen:main
..
compare: forcen:1ea1baa57c3809111174a2f64a63f8039b9d7060
Branches Tags
forcen:main

4 commits
5a8faf7d56 ... 1ea1baa57c

Author SHA1 Message Date
Manuel Forcén Muñoz
1ea1baa57c Added traefik router labels 2024-10-19 19:12:11 +02:00
Manuel Forcén Muñoz
09385a685b Removed unnecesary comments 2024-10-19 19:12:01 +02:00
Manuel Forcén Muñoz
5cf348e699 Fixed inventory 2024-10-19 19:11:49 +02:00
Manuel Forcén Muñoz
e50d1309af Added teardown 2024-10-19 19:11:41 +02:00
4 changed files with 38 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

43
bootstrap.yml
View file

@ -1,6 +1,6 @@
--- ---
- name: Creating compose from template - name: Creating compose from template
hosts: localhost hosts: server
gather_facts: false gather_facts: false
tasks: tasks:
- name: Generate password for Keycloak password - name: Generate password for Keycloak password
@ -71,32 +71,6 @@
ansible.builtin.wait_for: ansible.builtin.wait_for:
timeout: 30 timeout: 30
# - name: Adding root cert to grafana image
# community.docker.docker_container_copy_into:
# container: infra-grafana
# path: files/mforcen.crt
# container_path: /etc/ssl/mforcen.crt
#
# - name: Creating ssl folder
# community.docker.docker_container_exec:
# container: infra-grafana
# command: mkdir /ssl
# user: 0
#
# - name: Adding fullchain cert to grafana container
# community.docker.docker_container_copy_into:
# container: infra-grafana
# path: files/grafana.mforcen.dev.fullchain.pem
# container_path: /ssl/grafana.mforcen.dev.fullchain.pem
# mode: 0755
#
# - name: Adding key to grafana container
# community.docker.docker_container_copy_into:
# container: infra-grafana
# path: files/grafana.mforcen.dev.key
# container_path: /ssl/grafana.mforcen.dev.key
# mode: 0755
- name: Wait for keycloak to be ready - name: Wait for keycloak to be ready
ansible.builtin.wait_for: ansible.builtin.wait_for:
timeout: 60 timeout: 60
@ -135,18 +109,3 @@
client_authenticator_type: client-secret client_authenticator_type: client-secret
id: a6960246-4aa9-495f-8843-69d664dba0ea id: a6960246-4aa9-495f-8843-69d664dba0ea
secret: "{{ grafana_kc_client_secret }}" secret: "{{ grafana_kc_client_secret }}"
# - name: Create grafana config ini file
# ansible.builtin.template:
# src: grafana.ini
# dest: ../grafana.ini
#
# - name: Stopping grafana container
# community.docker.docker_container:
# name: infra-grafana
# state: stopped
#
# - name: Starting grafana container
# community.docker.docker_container:
# name: infra-grafana
# state: started

8
inventory.yml
View file

@ -1,3 +1,5 @@
mforcen.dev: server:
ansible_user: forcen hosts:
ansible_port: 9022 mforcen.dev:
ansible_user: forcen
ansible_port: 9022

15
teardown.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Creating compose from template
hosts: server
gather_facts: false
tasks:
- name: Tearing down Compose file
community.docker.docker_compose_v2:
project_src: /opt/infra
files:
- compose.yml
state: absent
remove_volumes: true
- name: Deleting infra folder contents
ansible.builtin.command: rm -r /opt/infra/*

19
templates/compose.yml
View file

@ -1,6 +1,5 @@
services: services:
database: database:
image: postgres:17 image: postgres:17
container_name: infra-db container_name: infra-db
restart: unless-stopped restart: unless-stopped
@ -43,6 +42,14 @@ services:
KC_HTTPS_PORT: 443 KC_HTTPS_PORT: 443
depends_on: depends_on:
- database - database
labels:
- traefik.enable=true
- traefik.tcp.routers.keycloak.rule=HostSNI(`sso.mforcen.dev`)
- traefik.tcp.routers.keycloak.entrypoints=websecure
- traefik.tcp.routers.keycloak.service=keycloak
- traefik.tcp.routers.keycloak.tls=true
- traefik.tcp.routers.keycloak.tls.passthrough=true
- traefik.tcp.services.keycloak.loadbalancer.server.port=443
grafana: grafana:
container_name: infra-grafana container_name: infra-grafana
@ -73,7 +80,7 @@ services:
GF_SERVER_PORT: 443 GF_SERVER_PORT: 443
GF_SERVER_DOMAIN: grafana.mforcen.dev GF_SERVER_DOMAIN: grafana.mforcen.dev
GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem
GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key GF_SERVER_CERT_KEY: /ssl/grafana.mforcen.dev.key
GF_AUTH_GENERIC_OAUTH_NAME: SSO GF_AUTH_GENERIC_OAUTH_NAME: SSO
GF_AUTH_GENERIC_OAUTH_ENABLED: true GF_AUTH_GENERIC_OAUTH_ENABLED: true
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
@ -85,6 +92,14 @@ services:
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token
GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo
labels:
- traefik.enable=true
- traefik.tcp.routers.grafana.rule=HostSNI(`grafana.mforcen.dev`)
- traefik.tcp.routers.grafana.entrypoints=websecure
- traefik.tcp.routers.grafana.service=grafana
- traefik.tcp.routers.grafana.tls=true
- traefik.tcp.routers.grafana.tls.passthrough=true
- traefik.tcp.services.grafana.loadbalancer.server.port=443
volumes: volumes:
psql-data: psql-data: