Adapt Drone recipes for VM setup, use PostgreSQL
This commit is contained in:
parent
a1b07dfb9e
commit
f35fb638d1
|
@ -1,23 +1,30 @@
|
|||
{
|
||||
"id": "drone",
|
||||
"client_id": {
|
||||
"encrypted_data": "PHC6f0UJwuaxnhMhxUVhHMqauCu9aYDp3IFqVzsxEoEodKhg8pgTWS14T5E7\nVm4xlcR/CuLcOA==\n",
|
||||
"iv": "on4hNp3g6pLsvfTE\n",
|
||||
"auth_tag": "ytx40h2fsBHhDpyhwKbHog==\n",
|
||||
"encrypted_data": "z2cWhmP46/LuBPslGiuEzRIZGbta+nAkfi2XaX0q4PA0SeWoTz3rX9P6XCaz\nDdjP/3RyN98sww==\n",
|
||||
"iv": "2SOtcpBRCZC9YI+D\n",
|
||||
"auth_tag": "C9PnsL3QsRBOKw1/k/p/mg==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"client_secret": {
|
||||
"encrypted_data": "HAKFqsrbL447wgropHz2rgHmyRl3G2d24svTT+TYMI0jtQFTQPZLxNZkl3ki\n42n7baNrfXN3IJeQRyxyihw0\n",
|
||||
"iv": "pmdiLiFgSPNNP7dl\n",
|
||||
"auth_tag": "4j98l+lZ0k4mLioJHS5VJw==\n",
|
||||
"encrypted_data": "9s33F5MmjEaUA+7ASxYMK5f23y1HffsV9b5rO4ezlisI3K/B/MgdBZeiIDs7\nanknoytcnRJiLNUlud6ohJ4s\n",
|
||||
"iv": "Vou+sM/jeOZc/VwJ\n",
|
||||
"auth_tag": "f2EPlHD2JDmSlSf3eu9WFg==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"rpc_secret": {
|
||||
"encrypted_data": "ll4f3ECLQTgJj47aeqnP0Ci1ncMYTwwFw1J46Qx3gPloA2YGPwlfa82Uck1k\neSHCTSNW\n",
|
||||
"iv": "hP5Iq9zOjELUb9d8\n",
|
||||
"auth_tag": "WJlme717tpgbWPcXwFzyvQ==\n",
|
||||
"encrypted_data": "VkvdD+8FTjPSfJANVPWkWGMjBU7xyqDOS2uH84fAijqkg0sS+lBej4VohHsL\nntuPAcOo\n",
|
||||
"iv": "Uod5WEkE2FXYnhVq\n",
|
||||
"auth_tag": "N8+wPuN/EXO5L57+uG0gsw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"postgresql_password": {
|
||||
"encrypted_data": "DMH34mpij84Pkalr3rcuPcp2ofiIZ6ONvDRchGbxyuJ2\n",
|
||||
"iv": "o9IDDyjp4aDB2/FB\n",
|
||||
"auth_tag": "rgLP7dQ4n6C1hHuG5t5sxw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
"kosmos_postgresql::primary",
|
||||
"kosmos_postgresql::firewall",
|
||||
"kosmos_gitea::pg_db",
|
||||
"kosmos_drone::pg_db",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
name "drone"
|
||||
|
||||
run_list %w(
|
||||
role[postgresql_client]
|
||||
kosmos_drone::default
|
||||
)
|
||||
|
|
|
@ -4,4 +4,5 @@ run_list %w(
|
|||
kosmos_postgresql::primary
|
||||
kosmos_postgresql::firewall
|
||||
kosmos_gitea::pg_db
|
||||
kosmos_drone::pg_db
|
||||
)
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
node.default["kosmos_drone"]["domain"] = "drone.kosmos.org"
|
||||
node.default["kosmos_drone"]["upstream_port"] = 80
|
|
@ -7,5 +7,6 @@ long_description 'Installs/Configures kosmos_drone'
|
|||
version '0.1.0'
|
||||
chef_version '>= 14.0'
|
||||
|
||||
depends "firewall"
|
||||
depends "kosmos-nginx"
|
||||
depends "kosmos_gitea"
|
||||
|
|
|
@ -4,10 +4,17 @@
|
|||
#
|
||||
|
||||
package "docker-compose"
|
||||
domain = "drone.kosmos.org"
|
||||
deploy_path = "/opt/drone"
|
||||
upstream_port = 3002
|
||||
credentials = data_bag_item("credentials", "drone")
|
||||
drone_credentials = data_bag_item('credentials', 'drone')
|
||||
|
||||
postgres_config = {
|
||||
username: "drone",
|
||||
password: drone_credentials["postgresql_password"],
|
||||
host: "pg.kosmos.local",
|
||||
port: 5432,
|
||||
database: "drone"
|
||||
}
|
||||
|
||||
directory deploy_path do
|
||||
action :create
|
||||
|
@ -17,13 +24,15 @@ template "#{deploy_path}/docker-compose.yml" do
|
|||
source "docker-compose.yml.erb"
|
||||
sensitive true
|
||||
mode 0640
|
||||
variables upstream_port: upstream_port,
|
||||
domain: domain,
|
||||
variables domain: node["kosmos_drone"]["domain"],
|
||||
upstream_port: node["kosmos_drone"]["upstream_port"],
|
||||
gitea_server: "https://#{node["kosmos_gitea"]["nginx"]["domain"]}",
|
||||
client_id: credentials['client_id'],
|
||||
client_secret: credentials['client_secret'],
|
||||
rpc_secret: credentials['rpc_secret'],
|
||||
postgres: postgres_config,
|
||||
max_procs: 4
|
||||
notifies :restart, "systemd_unit[drone.service]", :delayed
|
||||
end
|
||||
|
||||
systemd_unit "drone.service" do
|
||||
|
@ -45,20 +54,9 @@ systemd_unit "drone.service" do
|
|||
action [:create, :enable, :start]
|
||||
end
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source "nginx_conf.erb"
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables server_name: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
||||
upstream_port: upstream_port
|
||||
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
firewall_rule 'drone' do
|
||||
port [node["kosmos_drone"]["upstream_port"]]
|
||||
source "10.1.1.0/24"
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
#
|
||||
# Cookbook:: kosmos_drone
|
||||
# Recipe:: nginx
|
||||
#
|
||||
|
||||
domain = node["kosmos_drone"]["domain"]
|
||||
|
||||
upstream_ip_addresses = []
|
||||
search(:node, "role:drone").each do |n|
|
||||
upstream_ip_addresses << n["knife_zero"]["host"]
|
||||
end
|
||||
# No Discourse host, stop here
|
||||
return if upstream_ip_addresses.empty?
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source "nginx_conf.erb"
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables server_name: domain,
|
||||
upstream_ip_addresses: upstream_ip_addresses,
|
||||
upstream_port: node["kosmos_drone"]["upstream_port"],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
|
@ -0,0 +1,16 @@
|
|||
#
|
||||
# Cookbook:: kosmos_drone
|
||||
# Recipe:: pg_db
|
||||
#
|
||||
|
||||
drone_credentials = data_bag_item("credentials", "drone")
|
||||
|
||||
postgresql_user "drone" do
|
||||
action :create
|
||||
password drone_credentials["postgresql_password"]
|
||||
end
|
||||
|
||||
postgresql_database "drone" do
|
||||
owner "drone"
|
||||
action :create
|
||||
end
|
|
@ -2,7 +2,7 @@ version: '3'
|
|||
|
||||
services:
|
||||
drone-server:
|
||||
image: drone/drone:2.5
|
||||
image: drone/drone:2.11
|
||||
|
||||
ports:
|
||||
- "<%= @upstream_port %>:80"
|
||||
|
@ -17,6 +17,8 @@ services:
|
|||
- DRONE_SERVER_HOST=<%= @domain %>
|
||||
- DRONE_SERVER_PROTO=https # required for the Redirect URI to be built correctly
|
||||
- DRONE_RPC_SECRET=<%= @rpc_secret %>
|
||||
- DRONE_DATABASE_DRIVER=postgres
|
||||
- DRONE_DATABASE_DATASOURCE=postgres://<%= @postgres[:username] %>:<%= @postgres[:password] %>@<%= @postgres[:host] %>:<%= @postgres[:port] %>/<%= @postgres[:database] %>?sslmode=disable
|
||||
|
||||
drone-runner:
|
||||
image: drone/drone-runner-docker:1.8
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
# Generated by Chef
|
||||
upstream _drone {
|
||||
server localhost:<%= @upstream_port %>;
|
||||
<% @upstream_ip_addresses.each do |upstream_ip_address| -%>
|
||||
server <%= upstream_ip_address %>:<%= @upstream_port %>;
|
||||
<% end -%>
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
Loading…
Reference in New Issue