Add: muck playbook

5 files changed, 114 insertions, 0 deletions

diff --git a/hosts.muck b/hosts.muck
new file mode 100644
index 0000000..0e6fe10
--- /dev/null
+++ b/hosts.muck
@@ -0,0 +1 @@
+muck ansible_ssh_host=muck-muck.vm.liw.fi
diff --git a/muck.hz b/muck.hz
new file mode 100644
index 0000000..9b7729e
--- /dev/null
+++ b/muck.hz
@@ -0,0 +1,5 @@
+defaults:
+  type: cx11
+  image: debian-9
+hosts:
+  - name: muck
diff --git a/muck.yml b/muck.yml
new file mode 100644
index 0000000..593447a
--- /dev/null
+++ b/muck.yml
@@ -0,0 +1,52 @@
+- hosts: muck
+  remote_user: root
+  become: yes
+  roles:
+    - sane_debian_system
+    - unix_users
+    - comfortable
+    - haproxy
+    - qvisqve
+    - muck
+  vars:
+    hostname: muck
+
+    debian_codename: stretch
+    debian_mirror: deb.debian.org
+    debian_mirror_src: deb.debian.org
+
+    sources_lists:
+      - repo: "deb http://ci-prod-controller.vm.liw.fi/debian stretch-ci main ickhost"
+        signing_key: "{{ ci_prod_apt_signing_key }}"
+
+    letsencrypt_email: liw@liw.fi
+    letsencrypt_domain: "{{ muck_domain }}"
+
+    haproxy_domain: "{{ muck_domain }}"
+    haproxy_rules:
+      - name: qvisqve1
+        path: /token
+        backends: ["127.0.0.1:{{ qvisqve_port }}"]
+
+      - name: qvisqve2
+        path: /clients
+        backends: ["127.0.0.1:{{ qvisqve_port }}"]
+
+      - name: muck1
+        path: /status
+        backends: ["127.0.0.1:{{ muck_port }}"]
+
+      - name: muck2
+        path: /res
+        backends: ["127.0.0.1:{{ muck_port }}"]
+
+      - name: muck3
+        path: /search
+        backends: ["127.0.0.1:{{ muck_port }}"]
+
+    muck_port: 12765
+
+    qvisqve_port: 10000
+    qvisqve_domain: "{{ muck_domain }}"
+    qvisqve_token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}"
+    qvisqve_token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}"
diff --git a/roles/muck/tasks/main.yml b/roles/muck/tasks/main.yml
new file mode 100644
index 0000000..07347c9
--- /dev/null
+++ b/roles/muck/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: "install muck"
+  apt:
+    name: muck-poc
+
+- name: "install token signing public key"
+  copy:
+    content: "{{ qvisqve_token_public_key }}"
+    dest: /etc/muck.pub
+    owner: root
+    group: root
+    mode: 0644
+
+- name: "install muck config"
+  copy:
+    content: |
+      {
+          "log": "/var/log/muck/muck.log",
+          "store": "/var/lib/muck",
+          "signing-key-filename": "/etc/muck.pub"
+      }
+    dest: /etc/muck.json
+    owner: _muck
+    group: _muck
+    mode: 0744
+
+- name: "enable and start muck service"
+  systemd:
+    name: muck
+    daemon_reload: yes
+    enabled: yes
+    state: restarted
diff --git a/run-muck.sh b/run-muck.sh
new file mode 100755
index 0000000..f8ded27
--- /dev/null
+++ b/run-muck.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -eu
+
+
+getaddr()
+{
+    awk -v "name=$1" '$1 == name { print $2 }' "$hosts_in" |
+        sed 's/ansible_ssh_host=//'
+}
+
+
+mkhosts()
+{
+    cat <<EOF
+muck ansible_ssh_host=$(getaddr muck)
+EOF
+}
+
+hosts_in="$1"
+shift 1
+mkhosts > hosts.tmp
+ansible-playbook -i hosts.tmp muck.yml \
+                 -e "muck_domain=$(getaddr muck)" \
+                 "$@"