jegomez/ansible-role-odoo14-launch-container
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial version, based on Odoo8 scripts

Browse Source
This commit is contained in:
Jorge Enrique Gómez Gómez 2020-12-15 22:36:08 -05:00
commit 35cd457986
10 changed files with 306 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md Normal file
View File

@ -0,0 +1,26 @@
# Ansible role to launch a new Odoo 14 LXD container
To be used in the LXD host (currently **servidora1e0.bogota.agofer**), using
`ansible-pull`.
```sh
ansible-pull \
-U ssh://git@gitea.agofer.net:22001/jegomez/ansible-role-odoo14-launch-container \
-e nombre=<newodoocontainer> \
--vault-password-file ~/.vault_pass.txt \
-l localhost,nginx \
-i hosts
```
* Launches a new LXD container called **newodoocontainer**, that uses a LXD profile to download
and setup Odoo v14.
* Creates a DNS alias for **externo.agofer.net** called
**newodoocontainer.agofer.net**.
* Registers this container in the existing Nginx Proxy container.
* Requests an SSL certificate to _Let's Encrypt_ for the new domain, storing
the certificates in the Nginx Proxy container.
The file ~/.vault_pass.txt contains the cleartext password to the vault
file where the Dreamhost API key and the Gitea deploy keys are stored
encrypted.

2
hosts Normal file
View File

@ -0,0 +1,2 @@
localhost ansible_connection=local ansible_python_interpreter=python3
nginx ansible_connection=lxd

28
local.yml Normal file
View File

@ -0,0 +1,28 @@
- hosts: localhost
gather_facts: no
tasks:
- name: Verify correct usage of parameter
assert:
that:
- nombre is defined
- nombre|length > 3
fail_msg: 'Debe definir una variable "nombre"'
- hosts: localhost
gather_facts: yes
user: sistemas
roles:
- lxchost
vars:
dominio: agofer.net
- hosts: nginx
gather_facts: yes
roles:
- nginxproxy
vars:
dominio: agofer.net
ansible_python_interpreter: python3
ansible_connection: lxd
ansible_host: local:nginx

50
roles/lxchost/tasks/lxd_profile.yml Normal file
View File

@ -0,0 +1,50 @@
---
- name: Create or verify Odoo LXD profile
lxd_profile:
name: odoo14
description: LXD profile for Odoo v14
config:
user.vendor-data: |
#cloud-config
package_upgrade: true
packages:
- python3-pip
- python3-venv
users:
- name: root
ssh-import-id: gh:jorgeegomez
write_files:
- owner: root:root
path: /root/.vault_pass.txt
permissions: '0600'
content: '{{ vaultpass }}'
- encoding: gzip
owner: root:root
path: /root/.ssh/id_ed25519
permissions: '0600'
content: !!binary |
'{{ privkey | string | b64encode }}'
- encoding: gzip
owner: root:root
path: /root/.ssh/id_ed25519.pub
permissions: '0644'
content: !!binary |
'{{ pubkey | string | b64encode }}'
- encoding: gzip
owner: root:root
path: /root/.ssh/known_hosts
permissions: '0644'
content: !!binary |
'{{ known_hosts | string | b64encode }}'
runcmd:
- [ ansible-pull, -U, "ssh://git@gitea.agofer.net:22001/jegomez/ansible-role-odoo14-lxd.git" ]
devices:
nat01:
nictype: bridged
parent: nat01
type: nic
root:
path: /
pool: default
type: disk

31
roles/lxchost/tasks/main.yml Normal file
View File

@ -0,0 +1,31 @@
---
- set_fact:
container: '{{ nombre | urlencode | lower | regex_replace("_", "-") }}'
- import_playbook: lxd_profile.yml
- name: Launch LXD container
lxd_container:
name: '{{ container }}'
ephemeral: no
profiles: ['odoo14']
source:
type: image
mode: pull
server: https://cloud-images.ubuntu.com/releases
protocol: simplestreams
fingerprint: 39a93d0b3552
# alias: ubuntu/20.04
- name: Announce expected container deployment time
debug:
msg:
- 'El nuevo contenedor {{ container }} ha sido lanzado.'
- 'El tiempo de carga de Odoo es de 3.5 horas aproximadamente.'
- name: Register DNS CNAME alias using Dreamhost API
uri:
url: 'https://api.dreamhost.com/?key={{ apikey }}&cmd=dns-add_record&record={{ container }}.{{ dominio }}&type=CNAME&value=externo.{{ dominio }}.'

15
roles/lxchost/vars/main.yml Normal file
View File

@ -0,0 +1,15 @@
---
# Encrypted variables
# Ansible Vault password
vaultpass: '{{ vault_vaultpass }}'
# Dreamhost API key
apikey: '{{ vault_apikey }}'
# SSH deploy keys, gzipped and base64-encoded
privkey: '{{ vault_privkey }}'
pubkey: '{{ vault_pubkey }}'
# SSH host hashes for Gitea, gzipped and base64-encoded
knownhosts: '{{ vault_knownhosts }}'

82
roles/lxchost/vars/vault.yml Normal file
View File

@ -0,0 +1,82 @@
$ANSIBLE_VAULT;1.1;AES256
32343538636337626161313638396661316338646364303263333138393565633837353232353536
6539373337396264636336366436336163353030306531370a313635306237633865326661333930
39386238366630326230383632646139653166346333343439306232323732663965663566383863
3366356265383163300a303062623233383764343761643432613336306433373537386461326462
31663763393433356233366166386534396335313832346634633231623565346637366339363662
64646132616266343762336335353965333864306432336335636266393434326365633331396262
35336662313531613235363162316630356466333332666162636238643839653066356635323662
39646561653731356233633362303661643437353137633830326438393736366232323939346238
66373863666363323761666664363562663934393063623161346163663330323364613261323061
63663863303736383630613666623736633838356131353364643565333337363938383630333863
61343231313732353831306131383233633937633634306263346466646438623263363736666465
35656534366263633666613662376136313937376263326364623834313531363865643636633661
63393931363862366364393437623339653361393631383664323765393863623239326231386133
30303532633062613564656431346466396236613361616433376236626234613338636334376334
62386662396134626532623237633936383437383039343261616465356464326230666365376230
30663463393064356639386135623132656666366336633438663062383432386337313063313038
39343430616531336662346532303862346538306339326433653635336163373932373663306365
31646265643435643637336662356162326133613634613836313933346363373336383235333630
39363235336534313131326364386131393163323732336530373034386462303764643661316533
63303264643965313666653639613161363638663239313935663133646334646665313662373739
32383635623961663332333839386539353432316330666337343464313462643065396435613363
63346161613436366437346264346534333364333636326365383137396462336330633761633632
35663435396133376262386163653734616637363266343763623632646631386163653739383966
62666565326637663736663233643335613136646562323331373566373634343837613733616533
38393239303166363537313639626434336239303037613133646562326635346263363033376535
62313037356635656536323237623739353262366438303235613030353235306539653431343935
63383562303035623035323363363939303332636661376366333963333363373337663732653833
31653461303965396263346237653734656134356138333536303633646563313162646639316361
64363038323431383035353331663265663963303936396663353135663137366437393465333239
31313738356231306631613262623132343433323533623631353838386633373637653239373738
65363032336261613262636433393161366538303231653836323038326330393234376331353238
33356630616631396337663662383564643664613936393330613363313263373535303237316561
36383135313961656164303561656234383330376563306663383733363638663830323637396164
61643666323233623936616663656466323863333261336336333733643633636265646565323532
66653766303730633332326663363834353662613037326537663364393962633464386433396338
61336561623263643365643134653966353033363235663038376361383262623961623165656261
63316139343530333431303233316631323634366539363232613136323839313135386562663133
36333232356337316332313731393930363664363266663765303766373331393136366663666337
62396432373364643930313430373732613166656262306333633963633361616165313830633939
37373565626131326637383065633337336665636235353835333939306365333134393438613366
39303162326436303862666639643839633330366562666437376638333635613730643563353730
38643139333433613761343436663933636365666162336435643334306533323266336664626163
35366237366161626463383734376232636661333532666664633637623535393262386430376166
37373066373330646335623033613038346663393234393966373535656264393664386361326435
64326236356330353332326662373533636163366335316266343837616466353262356637666534
31656465333833343635363362346632383334393934666232643736363637386638636130376333
34643131663336383632313566623031363964373131623834346235356366616165626538316534
37366230313366616432356230373431633364313439393131393732616265346437633364316639
35366133306535646137353035663264666133393465356464613537653334303531303162633631
32306333323034366461636435323565613432313364643264373639663735303130323030383363
34376430333531323637346138383064306336373230396633323161323938343935303365353463
63616239363362393233616361333761666332366266373434343034643362616261363765633031
65616364383765636330386264373732363937373264313233373339333937323937306663393163
37633931623333373331303530383164313665636262623139616231326166623336333766336639
30393961353730376132653234313532643437356664326333323433366438646562666335323461
31303334333130306638636238363335656663663132653030303262376434333965356463336366
30366164356632316232363836313039613038313063626162633637343234643638313937313463
39326465373961383261303833363863316262383564366131326666353438326333313231376364
31346135376230373733353066663363353364366333373466343539393138373937376463656639
38393136313862613130303262656366366265393737643961353937616366643437373436393539
38376334393237343437643637366531313662643661666462353439653931663363666466666536
64346162343965393635613939353766326137333938376262373065323730306539336163623866
32383739303638613631616633393863336430623036643264353363613361393239383566306433
32383762396139343264643639653434393364373533306433663239366434343261323033313266
37376134333033656239663236646533656433666161306337666465353539373264656538363263
35383165343339383036326565313834613062333330386230663433616332363866323237376234
63343330616466323630353735326231343230366562306536623466663936646631353832333732
34353037376338396234626563323534353737396536363839666336386435363465363564326131
39663264343234656339663931383664616364386530373362386631613461353461386139653661
39316362616138373835383064613762666565386531626138336136363732633162346364346564
37366233333663326130333965613661643932343133323537396265376133366563306130626236
37366133353164393134336466653736376366333563376436633264326237386535303162336266
62333266653538663562633332303030313633343235303037393562326338626136363464643665
32303263306638613537623365343830393838326165346631613061646364623330303762353730
37326362356261393261636636373264363130386166633835383561333664366162333865616261
63313165346362383132393137636535646330346164343632333439626637666266373433326333
61343032646438313038396538336534373061623766353932333231323938666661373031613433
64313431306163373664613931353630633833656634376263303336343732643364613936653166
34636538333064356230316266393538343663333235646666393963323032663937373937653464
62646630626239343632616330303331613261613164366562373831346634613361373237316132
6430

48
roles/nginxproxy/tasks/main.yml Normal file
View File

@ -0,0 +1,48 @@
---
# Tasks to be run inside the Nginx proxy container
- set_fact:
container: '{{ nombre | urlencode | lower | regex_replace("_", "-") }}'
- name: Create basic Nginx config for new container
template:
src: newsite.conf.j2
dest: '/etc/nginx/conf.d/{{ container }}.{{ dominio }}.conf'
- name: Create folder for Let's Encrypt files
file:
path: '/var/www/{{ container }}'
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Restart Nginx
systemd:
name: nginx
state: restarted
- name: Request Let's Encrypt certificate
command:
cmd: 'certbot --redirect --agree-tos -m {{ email }} --hsts --nginx -n -d {{ container }}.{{ dominio }}'
# Certbot doesn't add proxy_protocol.
# (https://github.com/certbot/certbot/issues/8057)
- name: Use Proxy protocol in port 443
lineinfile:
path: '/etc/nginx/conf.d/{{ container }}.{{ dominio }}.conf'
line: ' listen 443 ssl proxy_protocol;'
regexp: '^ listen 443'
- name: Use Proxy protocol in port 443 IPv6
lineinfile:
path: '/etc/nginx/conf.d/{{ container }}.{{ dominio }}.conf'
line: ' listen [::]:443 ssl proxy_protocol;'
regexp: '^ listen .....443'
- name: Restart Nginx again
systemd:
name: nginx
state: restarted

22
roles/nginxproxy/templates/newsite.conf.j2 Normal file
View File

@ -0,0 +1,22 @@
server {
listen 80 proxy_protocol;
listen [::]:80 proxy_protocol;
server_name {{ container }}.{{ dominio }};
root /var/www/{{ container }};
location / {
resolver 10.0.3.1 valid=1h;
set $container "http://{{ container }}.lxd";
proxy_pass $container;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /.well-known {
alias /var/www/{{ container }}/.well-known;
}
}

2
roles/nginxproxy/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
email: sistemas@agofer.com.co