diff options
-rw-r--r-- | hosts.muck | 1 | ||||
-rw-r--r-- | muck.hz | 5 | ||||
-rw-r--r-- | muck.yml | 52 | ||||
-rw-r--r-- | roles/muck/tasks/main.yml | 31 | ||||
-rwxr-xr-x | run-muck.sh | 25 |
5 files changed, 114 insertions, 0 deletions
diff --git a/hosts.muck b/hosts.muck new file mode 100644 index 0000000..0e6fe10 --- /dev/null +++ b/hosts.muck @@ -0,0 +1 @@ +muck ansible_ssh_host=muck-muck.vm.liw.fi @@ -0,0 +1,5 @@ +defaults: + type: cx11 + image: debian-9 +hosts: + - name: muck diff --git a/muck.yml b/muck.yml new file mode 100644 index 0000000..593447a --- /dev/null +++ b/muck.yml @@ -0,0 +1,52 @@ +- hosts: muck + remote_user: root + become: yes + roles: + - sane_debian_system + - unix_users + - comfortable + - haproxy + - qvisqve + - muck + vars: + hostname: muck + + debian_codename: stretch + debian_mirror: deb.debian.org + debian_mirror_src: deb.debian.org + + sources_lists: + - repo: "deb http://ci-prod-controller.vm.liw.fi/debian stretch-ci main ickhost" + signing_key: "{{ ci_prod_apt_signing_key }}" + + letsencrypt_email: liw@liw.fi + letsencrypt_domain: "{{ muck_domain }}" + + haproxy_domain: "{{ muck_domain }}" + haproxy_rules: + - name: qvisqve1 + path: /token + backends: ["127.0.0.1:{{ qvisqve_port }}"] + + - name: qvisqve2 + path: /clients + backends: ["127.0.0.1:{{ qvisqve_port }}"] + + - name: muck1 + path: /status + backends: ["127.0.0.1:{{ muck_port }}"] + + - name: muck2 + path: /res + backends: ["127.0.0.1:{{ muck_port }}"] + + - name: muck3 + path: /search + backends: ["127.0.0.1:{{ muck_port }}"] + + muck_port: 12765 + + qvisqve_port: 10000 + qvisqve_domain: "{{ muck_domain }}" + qvisqve_token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}" + qvisqve_token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}" diff --git a/roles/muck/tasks/main.yml b/roles/muck/tasks/main.yml new file mode 100644 index 0000000..07347c9 --- /dev/null +++ b/roles/muck/tasks/main.yml @@ -0,0 +1,31 @@ +- name: "install muck" + apt: + name: muck-poc + +- name: "install token signing public key" + copy: + content: "{{ qvisqve_token_public_key }}" + dest: /etc/muck.pub + owner: root + group: root + mode: 0644 + +- name: "install muck config" + copy: + content: | + { + "log": "/var/log/muck/muck.log", + "store": "/var/lib/muck", + "signing-key-filename": "/etc/muck.pub" + } + dest: /etc/muck.json + owner: _muck + group: _muck + mode: 0744 + +- name: "enable and start muck service" + systemd: + name: muck + daemon_reload: yes + enabled: yes + state: restarted diff --git a/run-muck.sh b/run-muck.sh new file mode 100755 index 0000000..f8ded27 --- /dev/null +++ b/run-muck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -eu + + +getaddr() +{ + awk -v "name=$1" '$1 == name { print $2 }' "$hosts_in" | + sed 's/ansible_ssh_host=//' +} + + +mkhosts() +{ + cat <<EOF +muck ansible_ssh_host=$(getaddr muck) +EOF +} + +hosts_in="$1" +shift 1 +mkhosts > hosts.tmp +ansible-playbook -i hosts.tmp muck.yml \ + -e "muck_domain=$(getaddr muck)" \ + "$@" |