41 lines
1.4 KiB
Markdown
41 lines
1.4 KiB
Markdown
# Ansible role to launch a new Odoo 14 LXD container
|
|
|
|
To be used in the LXD host (currently **servidora1e0.bogota.agofer**), using
|
|
`ansible-pull`.
|
|
|
|
```sh
|
|
ansible-pull \
|
|
-U ssh://git@gitea.agofer.net:22001/jegomez/ansible-role-odoo14-launch-container \
|
|
-e nombre=<newodoocontainer> \
|
|
--vault-password-file ~/.vault_pass.txt \
|
|
-l localhost,nginx \
|
|
-i hosts
|
|
|
|
```
|
|
|
|
* Launches a new LXD container called **newodoocontainer**, that uses a LXD profile to download
|
|
and setup Odoo v14.
|
|
* Creates a DNS alias for **externo.agofer.net** or **externo2.agofer.net**
|
|
(see role variables in `local.yml` file), called
|
|
**<newodoocontainer>.agofer.net**.
|
|
* Registers this container in the existing Nginx Proxy container.
|
|
* Requests an SSL certificate to _Let's Encrypt_ for the new domain, storing
|
|
the certificates in the Nginx Proxy container.
|
|
|
|
The file ~/.vault_pass.txt contains the cleartext password to the vault
|
|
file where the Dreamhost API key and the Gitea deploy keys are stored
|
|
encrypted.
|
|
|
|
## Prerequisites
|
|
|
|
A container called **nginx** should exist, with these packages already installed:
|
|
|
|
```sh
|
|
lxc exec nginx -- apt -y install nginx certbot python3-certbot-nginx
|
|
```
|
|
|
|
This container should listen to external connections, in order to allow
|
|
**Let's Encrypt** certificates to be assigned and renewed. It's strongly
|
|
suggested to protect it using **fail2ban**, Geo-IP restrictions, or
|
|
other security measures.
|