Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.package
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
2
Merge Requests
2
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
slapos.package
Compare Revisions
master...alain-kdbox
Source
alain-kdbox
Select Git revision
...
Target
master
Select Git revision
Compare
View open merge request
Commits (2)
playbook: automate kdbox configuration
· 8f1199ee
root
authored
Jan 11, 2019
8f1199ee
playbook: kdbox deployment automation with signed certificate
· 7d05cf4e
Alain Takoudjou
authored
Mar 13, 2019
7d05cf4e
Hide whitespace changes
Inline
Side-by-side
Showing
17 changed files
with
446 additions
and
0 deletions
+446
-0
kdbox-deploy.yml
playbook/kdbox-deploy.yml
+11
-0
kdbox-playbook.yml
playbook/kdbox-playbook.yml
+76
-0
challenge
playbook/roles/kdbox/files/challenge
+11
-0
kdbox-param
playbook/roles/kdbox/files/kdbox-param
+38
-0
port-forwarding
playbook/roles/kdbox/files/port-forwarding
+11
-0
main.yml
playbook/roles/kdbox/meta/main.yml
+15
-0
dehydrated.yml
playbook/roles/kdbox/tasks/dehydrated.yml
+45
-0
deploy.yml
playbook/roles/kdbox/tasks/deploy.yml
+57
-0
frontend-slave-instance.yml
playbook/roles/kdbox/tasks/frontend-slave-instance.yml
+33
-0
frontend.yml
playbook/roles/kdbox/tasks/frontend.yml
+24
-0
main.yml
playbook/roles/kdbox/tasks/main.yml
+49
-0
webrunner.yml
playbook/roles/kdbox/tasks/webrunner.yml
+24
-0
config.j2
playbook/roles/kdbox/templates/config.j2
+3
-0
kdbox-state.j2
playbook/roles/kdbox/templates/kdbox-state.j2
+12
-0
request-slave-frontend.j2
playbook/roles/kdbox/templates/request-slave-frontend.j2
+21
-0
main.yml
playbook/roles/slapos-client/tasks/main.yml
+7
-0
kdbox.yml
playbook/settings/kdbox.yml
+9
-0
No files found.
playbook/kdbox-deploy.yml
0 → 100644
Edit
View file @
7d05cf4e
---
-
name
:
a play that runs entirely on the ansible host
hosts
:
127.0.0.1
connection
:
local
vars_files
:
-
settings/kdbox.yml
roles
:
-
kdbox
playbook/kdbox-playbook.yml
0 → 100644
Edit
View file @
7d05cf4e
---
-
name
:
a play that runs entirely on the ansible host
hosts
:
127.0.0.1
connection
:
local
vars_files
:
-
settings/kdbox.yml
vars
:
-
interface_name
:
lo
-
computer_name
:
noname
vars_prompt
:
-
name
:
"
re6sttoken"
prompt
:
"
\n\n
You
are
running
the
KDBox
Installer
\n\n
Please
request
a
re6stnet
token
on
https://slapos.vifib.com.
\n\n
You
will
also
need
computer
and
account
token,
please
get
them
on
https://slapos.vifib.com.
\n\n
A
domain
name
will
be
required
for
kdbox
slave
frontend,
to
access
erp5
later.
\n\n
Enter
your
re6stnet
token:
"
private
:
no
default
:
"
notoken"
-
name
:
"
slapos_master_url"
prompt
:
"
What
is
the
url
to
the
SlapOS
Master
API?
(ignore
if
you
already
have
a
configured
re6st
and
slapos):"
private
:
no
default
:
"
https://slap.vifib.com/"
-
name
:
"
slapos_web_master_url"
prompt
:
"
What
is
the
url
to
the
SlapOS
Master
Website?
(ignore
if
you
already
have
a
configured
re6st
and
slapos):"
private
:
no
default
:
"
https://slapos.vifib.com/"
-
name
:
"
computer_name"
prompt
:
"
What
is
this
computer
name?
(ignore
if
you
already
have
a
configured
re6st
and
slapos):"
private
:
no
default
:
"
noname"
-
name
:
"
slapostoken"
prompt
:
"
What
is
the
server
token
?:"
private
:
no
default
:
"
notoken"
-
name
:
"
Token"
prompt
:
"
What
is
your
credential
account
token"
private
:
no
default
:
"
notoken"
-
name
:
"
domain_name"
prompt
:
"
Enter
domain
name
for
CDN
main
instance"
private
:
no
default
:
"
kdbox.slapos-example.com"
-
name
:
"
custom_domain"
prompt
:
"
Enter
custom
domain
name
for
CDN
slave
instance"
private
:
no
default
:
"
"
pre_tasks
:
-
file
:
path=/opt/kdbox state=directory mode=0755
-
copy
:
content="{{ domain_name }}" dest=/opt/kdbox/cdn_domain_name
when
:
domain_name != ""
-
copy
:
content="{{ custom_domain }}" dest=/opt/kdbox/cdn_custom_domain
when
:
custom_domain != ""
roles
:
-
re6stnet
-
role
:
routeadv
# desactiver le RADVD
when
:
enable_router_advertisement == True
-
{
role
:
slapos
,
package_state
:
present
}
-
{
role
:
package
,
package_name
:
ntp
,
package_state
:
present
}
-
slapos-client
-
kdbox
playbook/roles/kdbox/files/challenge
0 → 100755
Edit
View file @
7d05cf4e
#!/bin/bash
domain
=
$1
CODE
=
$(
curl
-s
-n
-k
-L
-o
/dev/null
-w
"%{http_code}"
"https://
$domain
/.well-known/manage_main"
)
if
[
"
$CODE
"
==
"200"
]
;
then
echo
"Code=
$CODE
, .well-know exists already!"
exit
0
else
curl
-k
-L
-n
-X
POST
-d
"id=.well-known&submit=Add"
http://
$domain
/portal_skins/custom/manage_addProduct/OFSP/manage_addFolder
fi
playbook/roles/kdbox/files/kdbox-param
0 → 100755
Edit
View file @
7d05cf4e
#!/bin/bash
if
[
-z
"
$1
"
]
;
then
echo
"Argument 1 should be instance name and Argument 2 should be 'url' or 'pwd'"
exit
3
fi
for
file
in
`
grep
-l
-R
"
$1
"
/srv/slapgrid/slappart
*
/buildout
*
.cfg 2>/dev/null
`
;
do
Folder
=
$(
dirname
$file
)
# search runner0 partition
if
[
-f
"
$Folder
/bin/exporter"
]
;
then
PARTITION
=
$Folder
fi
done
DB
=
"
$PARTITION
/srv/runner/proxy.db"
if
[
!
-f
"
$DB
"
]
;
then
echo
"ERP5 instance not ready"
exit
2
fi
# get parameters from database
DB_PARTITION_TABLE
=
$(
sqlite3
$DB
".table partition__"
)
CONNECTION
=
$(
sqlite3
$DB
"select connection_xml from
$DB_PARTITION_TABLE
where reference='slappart0';"
)
if
[
-z
"
$CONNECTION
"
]
;
then
echo
"ERP5 instance not ready"
exit
1
else
if
[
"
$2
"
==
"pwd"
]
;
then
echo
$CONNECTION
| egrep
-o
'inituser-password\"\:\s*\"[a-z,A-Z,0-9]+'
|
cut
-d
'"'
-f
3
elif
[
"
$2
"
==
"url"
]
;
then
echo
$CONNECTION
| egrep
-o
'family-default-v6\"\:\s*\"https\:\/\/\[.*\]:[0-9]+'
|
cut
-d
'"'
-f
3
else
echo
"Argument 1 should be instance name and Argument 2 should be 'url' or 'pwd'"
exit
3
fi
fi
playbook/roles/kdbox/files/port-forwarding
0 → 100755
Edit
View file @
7d05cf4e
#!/bin/bash
ps aux |
grep
socat |
grep
TCP:
$2
:
$3
>
/dev/null
if
[
$?
-eq
0
]
then
echo
"port forwarding process already running"
else
echo
"no process running ,executing port forwarding for selectet port"
socat TCP6-LISTEN:
$1
,fork TCP:
$2
:
$3
&
fi
#script for port forwarding
playbook/roles/kdbox/meta/main.yml
0 → 100644
Edit
View file @
7d05cf4e
---
dependencies
:
-
role
:
package
package_name
:
socat
package_state
:
present
-
role
:
package
package_name
:
sqlite3
package_state
:
present
-
role
:
package
package_name
:
curl
package_state
:
present
-
role
:
package
package_name
:
git
package_state
:
present
playbook/roles/kdbox/tasks/dehydrated.yml
0 → 100644
Edit
View file @
7d05cf4e
---
-
stat
:
path=/opt/kdbox/dehydrated
register
:
dehydrated
-
stat
:
path=/opt/kdbox/dehydrated/zope-hook.sh
register
:
hook_file
-
name
:
Get Dehydrated
shell
:
"
git
clone
https://github.com/lukas2511/dehydrated.git
/opt/kdbox/dehydrated"
when
:
dehydrated.stat.exists == False
-
copy
:
content="{{ custom_domain}}" dest=/opt/kdbox/dehydrated/domains.txt
-
template
:
src=config.j2 dest=/opt/kdbox/dehydrated/config mode=644
-
name
:
Get Dehydrated zope hook
get_url
:
url
:
https://lab.nexedi.com/nexedi/dehydrated-zope-hook/raw/master/zope-hook.sh
dest
:
/opt/kdbox/dehydrated/zope-hook.sh
mode
:
0755
when
:
hook_file.stat.exists == False
-
shell
:
"
{{
role_path
}}/files/kdbox-param
'{{
webrunner_instance_name
}}'
pwd"
register
:
erp5_pwd
-
name
:
Add .netrc file
blockinfile
:
dest
:
"
~/.netrc"
mode
:
0600
create
:
yes
state
:
present
block
:
|
machine {{ custom_domain }}
login zope
password {{ erp5_pwd.stdout }}
-
stat
:
path="/opt/kdbox/dehydrated/certs/{{ custom_domain }}"
register
:
cert_folder
-
name
:
Get signed certificate for slave instance
shell
:
./dehydrated -c --accept-terms
when
:
cert_folder.stat.exists == False
args
:
chdir
:
/opt/kdbox/dehydrated
playbook/roles/kdbox/tasks/deploy.yml
0 → 100644
Edit
View file @
7d05cf4e
---
-
stat
:
path=/opt/slapos.playbook/
register
:
playbook_folder
# temp part to use playbook from branch
-
name
:
Download playbook
shell
:
git clone https://lab.nexedi.com/nexedi/slapos.package.git /tmp/kdbox-playbook
when
:
playbook_folder.stat.exists == False
-
shell
:
cd /tmp/kdbox-playbook/; git checkout alain-kdbox
when
:
playbook_folder.stat.exists == False
-
name
:
Copy slapos.playbook
shell
:
cp -ax /tmp/kdbox-playbook/playbook /opt/slapos.playbook/
when
:
playbook_folder.stat.exists == False
# part to use
#- name: Download the playbook
# shell: slapcache-download --destination=/opt/kdbox/archive.tar.gz
#- name: Copy slapos.playbook
# unarchive: src=/opt/kdbox/archive.tar.gz dest=/opt/slapos.playbook
-
stat
:
path=/usr/local/bin/kdbox-deploy
register
:
bin_file
-
name
:
Set deploy script
copy
:
content
:
"
cd
/opt/slapos.playbook;
ansible-playbook
kdbox-deploy.yml
-i
hosts
--connection=local"
dest
:
/usr/local/bin/kdbox-deploy
mode
:
0755
when
:
bin_file.stat.exists == False
-
name
:
Remove kdbox deploy
file
:
path=/usr/local/bin/kdbox-deploy state=absent
when
:
kdbox_ok == True
-
name
:
Start deploy cron
cron
:
job="bash -lc /usr/local/bin/kdbox-deploy >> /var/log/kdbox.log 2>&1"
cron_file=ansible-kdbox-deploy
user="root"
name="Start kdbox deploy"
minute="*/1"
-
name
:
Remove cron task
cron
:
name="Start kdbox deploy"
cron_file=ansible-kdbox-deploy
state=absent
when
:
kdbox_ok == True
-
stat
:
path=/usr/local/bin/kdbox-state
register
:
kdbox_state
-
name
:
Add check state script
template
:
src=kdbox-state.j2 dest=/usr/local/bin/kdbox-state mode=755
when
:
kdbox_state.stat.exists == False
playbook/roles/kdbox/tasks/frontend-slave-instance.yml
0 → 100644
Edit
View file @
7d05cf4e
---
# get ERP5 URL will fail if erp5 instance is not ready
-
name
:
Get ERP5 backend URL
shell
:
"
{{
role_path
}}/files/kdbox-param
'{{
webrunner_instance_name
}}'
url"
register
:
erp5_url
-
stat
:
path="/opt/kdbox/dehydrated/certs/{{ custom_domain }}"
register
:
cert_folder
-
name
:
requesting CDN slave instance for ERP5
shell
:
echo "request('{{ frontend_software_release_url }}', '{{ custom_domain }}-slave',filter_kw={'computer_guid':'{{ computer_id }}'},partition_parameter_kw={'custom_domain':'{{ custom_domain }}','enable_cache':'true','type':'zope','url':'{{ erp5_url.stdout }}', 'path':'erp5/',},shared=True, software_type='custom-personal',)" | slapos console
when
:
cert_folder.stat.exists == False
register
:
request_slave
failed_when
:
"
'error'
in
request_slave.stdout"
-
template
:
src=request-slave-frontend.j2 dest=/opt/kdbox/request_slave_frontend.py mode=644
vars
:
ssl_key_content
:
"
{{
lookup('file',
'/opt/kdbox/dehydrated/certs/{{
custom_domain
}}/privkey.pem')
}}"
ssl_crt_content
:
"
{{
lookup('file',
'/opt/kdbox/dehydrated/certs/{{
custom_domain
}}/cert.pem')
}}"
ssl_ca_crt_content
:
"
{{
lookup('file',
'/opt/kdbox/dehydrated/certs/{{
custom_domain
}}/chain.pem')
}}"
when
:
cert_folder.stat.exists == True
-
name
:
Update slave frontend certificate
shell
:
"
cat
/opt/kdbox/request_slave_frontend.py
|
slapos
console"
register
:
output
when
:
cert_folder.stat.exists == True and kdbox_ok == False
failed_when
:
"
'error'
in
output.stderr.lower()"
-
debug
:
msg="{{ output }}"
-
file
:
path=/opt/kdbox/kdbox_ok state=touch
when
:
cert_folder.stat.exists == True
playbook/roles/kdbox/tasks/frontend.yml
0 → 100644
Edit
View file @
7d05cf4e
---
-
stat
:
path=/opt/kdbox/frontend_requested
register
:
frontend_requested
-
stat
:
path=/opt/kdbox/frontend_supplied
register
:
frontend_supplied
-
name
:
Caddy frontend supply
shell
:
slapos supply {{ frontend_software_release_url }} {{ computer_id }}
when
:
slapos_cfg.stat.exists == True and frontend_supplied.stat.exists == False
-
name
:
Frontend is supplied
file
:
path=/opt/kdbox/frontend_supplied state=touch
-
name
:
Requesting Caddy frontend instance
shell
:
echo "request('{{ frontend_software_release_url }}', '{{ frontend_instance_name }}', filter_kw={'computer_guid':'{{ computer_id}}'}, partition_parameter_kw={'-sla-1-computer_guid':'{{ computer_id }}','domain':'{{ domain_name }}','public-ipv4':'{{ ansible_default_ipv4.address }}',}, software_type='custom-personal',)" | slapos console
when
:
frontend_supplied.stat.exists == True and frontend_requested.stat.exists == False
register
:
output
failed_when
:
"
'error'
in
output.stderr.lower()"
-
name
:
Frontend is requested
file
:
path=/opt/kdbox/frontend_requested state=touch
playbook/roles/kdbox/tasks/main.yml
0 → 100644
Edit
View file @
7d05cf4e
---
-
file
:
path=/opt/kdbox state=directory mode=0755
-
stat
:
path="/opt/kdbox/kdbox_ok"
register
:
kdbox_is_ok
-
name
:
register needed variables
set_fact
:
computer_id
:
"
{{
lookup('ini','computer_id
section=slapos
file=/etc/opt/slapos/slapos.cfg')
}}"
domain_name
:
"
{{
lookup('file',
'/opt/kdbox/cdn_domain_name')
}}"
custom_domain
:
"
{{
lookup('file',
'/opt/kdbox/cdn_custom_domain')
}}"
kdbox_ok
:
"
{{
kdbox_is_ok.stat.exists
}}"
-
include
:
deploy.yml
-
name
:
Check if client configuration exists already
stat
:
path=/etc/opt/slapos/slapos.cfg
register
:
slapos_cfg
failed_when
:
slapos_cfg.stat.exists == False
-
name
:
check if request is done
stat
:
path=/opt/kdbox/request_is_done
register
:
request_done
-
include
:
webrunner.yml
-
include
:
frontend.yml
-
include
:
frontend-slave-instance.yml
# find Caddy ip to be used for port forwarding
-
name
:
Get Caddy local IP
shell
:
grep bind /srv/slapgrid/slappart*/etc/Caddyfile | cut -d ' ' -f4 | head -n1
register
:
caddy_ip
failed_when
:
caddy_ip.stdout == ""
# execute port-forwarding script in /files/port-forwarding
-
name
:
"
port
80
forwarding
to
{{
caddy_ip.stdout
}}:8080"
shell
:
"
{{
role_path
}}/files/port-forwarding
80
{{
caddy_ip.stdout
}}
8080"
register
:
forward_result
changed_when
:
forward_result.stdout != "port forwarding process already running"
-
name
:
"
port
443
forwarding
to
{{
caddy_ip.stdout
}}:4443"
shell
:
"
{{
role_path
}}/files/port-forwarding
443
{{
caddy_ip.stdout
}}
4443"
register
:
forward_result
changed_when
:
forward_result.stdout != "port forwarding process already running"
# generate signed certificate with letsencrypt
-
include
:
dehydrated.yml
playbook/roles/kdbox/tasks/webrunner.yml
0 → 100644
Edit
View file @
7d05cf4e
---
-
stat
:
path=/opt/kdbox/webrunner_requested
register
:
webrunner_requested
-
stat
:
path=/opt/kdbox/webrunner_supplied
register
:
webrunner_supplied
-
name
:
webrunner supply
shell
:
slapos supply {{ webrunner_software_release_url }} {{ computer_id }}
when
:
slapos_cfg.stat.exists == True and webrunner_supplied.stat.exists == False
-
name
:
Webrunner is supplied
file
:
path=/opt/kdbox/webrunner_supplied state=touch
-
name
:
requesting webrunner instance
shell
:
echo "request('{{ webrunner_software_release_url }}', '{{ webrunner_instance_name }}', partition_parameter_kw={'-sla-runner0-computer_guid':'{{ computer_id }}','-sla-runner1-computer_guid':'{{ computer_id }}', 'auto-deploy':'true', 'auto-deploy-instance':'true', 'autorun':'true', 'slapos-software':'software/erp5',}, software_type='resilient',)" | slapos console
when
:
webrunner_supplied.stat.exists == True and webrunner_requested.stat.exists == False
failed_when
:
"
'error'
in
output.stderr.lower()"
register
:
output
-
name
:
webrunner is requested
file
:
path=/opt/kdbox/webrunner_requested state=touch
when
:
output is defined
playbook/roles/kdbox/templates/config.j2
0 → 100644
Edit
View file @
7d05cf4e
WELLKNOWN="${BASEDIR}"
HOOK="${BASEDIR}/zope-hook.sh"
DOMAINS_TXT="${BASEDIR}/domains.txt"
playbook/roles/kdbox/templates/kdbox-state.j2
0 → 100644
Edit
View file @
7d05cf4e
#!/bin/bash
PWD
=
$(
{{
role_path
}}
/files/kdbox-param
'{{ webrunner_instance_name }}'
pwd
)
if
[
-z
"
$PWD
"
]
;
then
echo
"ERP5 KDBox is not ready yet!"
exit
1
fi
echo
"KDBOX is ready"
echo
"URL: https://{{ custom_domain }}/"
echo
"Init username: zope"
echo
"Init password:
$PWD
"
playbook/roles/kdbox/templates/request-slave-frontend.j2
0 → 100644
Edit
View file @
7d05cf4e
parameters = {
"custom_domain": "{{ custom_domain }}",
"enable_cache": "true",
"path": "erp5/",
"type": "zope",
"url": "{{ erp5_url.stdout }}",
"https-only": "true"
}
parameters["ssl_key"] = """{{ ssl_key_content }}"""
parameters["ssl_crt"] = """{{ ssl_crt_content }}"""
parameters["ssl_ca_crt"] = """{{ ssl_ca_crt_content }}"""
request(
"{{ frontend_software_release_url }}",
"{{ custom_domain }}-slave",
partition_parameter_kw=parameters,
shared=True,
software_type='custom-personal',
filter_kw={'computer_guid':'{{ computer_id }}'}
)
playbook/roles/slapos-client/tasks/main.yml
0 → 100644
Edit
View file @
7d05cf4e
---
-
name
:
Check if client configuration exists already
stat
:
path=~/.slapos/slapos-client.cfg
register
:
client_cfg
-
name
:
"
install
slapos
client"
shell
:
slapos configure client --token {{Token}}
when
:
client_cfg.stat.exists == False and "{{Token}}" != "notoken"
playbook/settings/kdbox.yml
0 → 100644
Edit
View file @
7d05cf4e
frontend_software_release_url
:
https://lab.node.vifib.com/nexedi/slapos/raw/1.0.95.2/software/caddy-frontend/software.cfg
re6st_annon
:
False
#variable crée pour desactiver le RADVD
enable_router_advertisement
:
False
re6st_fingerprint
:
sha256:499a44702d687e968c047d28e33f59e5c3bae71a38619dc730152a3557c20301
re6st_registry_url
:
http://re6stnet.gnet.erp5.cn/
webrunner_software_release_url
:
https://lab.nexedi.com/nexedi/slapos/raw/1.0.100/software/slaprunner/software.cfg
frontend_instance_name
:
kdbox-main-FRONTEND
webrunner_instance_name
:
kdbox-resilient-webrunner