Merge pull request #11 from Diesel-Net/development

tomdaley92 · web-flow · commit 4eb06ca5a187 · 2022-08-12T17:48:13.000-07:00
Promotion
diff --git a/.ansible/ansible.cfg b/.ansible/ansible.cfg
diff --git a/.ansible/deploy.yaml b/.ansible/deploy.yaml
@@ -1,13 +1,12 @@
-# ansible-playbook deploy.yaml -i inventories/dev/hosts --vault-id ~/.tokens/master_id
-
 - hosts: all
   roles:
-    - common
+    - application
+    - traefik
 
   tasks:
 
     - include_role:
-        name: common
+        name: application
         tasks_from: make_config_dir
 
     - name: 'Ensure {{ config_dir }}/config/ exists'
@@ -66,15 +65,15 @@
         dest: '{{ config_dir }}/secrets/password'
         mode: 'u=rwx,g=rwx,o=rwx'
 
-    - name: 'Render ca.json.j2 to {{ config_dir }}/config/ca.json'
+    - name: 'Render ca.json to {{ config_dir }}/config/ca.json'
       template:
-        src: ca.json.j2
+        src: ca.json
         dest: '{{ config_dir }}/config/ca.json'
         mode: 'u=rwx,g=rwx,o=rwx'
 
-    - name: 'Render defaults.json.j2 to {{ config_dir }}/config/defaults.json'
+    - name: 'Render defaults.json to {{ config_dir }}/config/defaults.json'
       template:
-        src: defaults.json.j2
+        src: defaults.json
         dest: '{{ config_dir }}/config/defaults.json'
         mode: 'u=rwx,g=rwx,o=rwx'
 
diff --git a/.ansible/inventories/prod/group_vars/all/certs.yaml b/.ansible/inventories/prod/group_vars/all/certs.yaml
diff --git a/.ansible/inventories/prod/group_vars/all/config.yaml b/.ansible/inventories/prod/group_vars/all/config.yaml
@@ -1,5 +1,3 @@
-env: prod
-
 domain: ca.diesel.net
 fingerprint: c4dfdfdece152139fe58280eebaa142ef25b0a19f0984ca5e5338d0d8522f7d8
 
diff --git a/.ansible/inventories/prod/hosts b/.ansible/inventories/prod/hosts
@@ -1,8 +1,10 @@
 all:
   children:
-    tools:
+
+    swarm_manager:
       hosts:
-        tools.diesel.net
+        tools.diesel.net:
+
   vars:
     ansible_user: automation
     ansible_python_interpreter: /usr/bin/python3
diff --git a/.ansible/roles/requirements.yaml b/.ansible/roles/requirements.yaml
@@ -1,9 +1,14 @@
-- name: common
+- name: application
   scm: git
-  src: "git@github.com:Diesel-Net/ansible-role-common.git"
-  version: 1.1.0
+  src: "git@github.com:Diesel-Net/ansible-role-application.git"
+  version: 2.0.0
 
 - name: docker
   scm: git
   src: "git@github.com:Diesel-Net/ansible-role-docker.git"
-  version: 1.3.0
+  version: 2.0.0
+
+- name: traefik
+  scm: git
+  src: "git@github.com:Diesel-Net/ansible-role-traefik.git"
+  version: 2.0.0
diff --git a/.ansible/templates/ca.json b/.ansible/templates/ca.json
diff --git a/.ansible/templates/defaults.json b/.ansible/templates/defaults.json
diff --git a/.ansible/templates/docker-compose.yaml b/.ansible/templates/docker-compose.yaml
@@ -7,10 +7,10 @@ services:
     image: smallstep/step-ca:0.16.0
     volumes:
       - /etc/localtime:/etc/localtime
-      - {{ ssl_cert_dir }}/:/etc/ssl/certs/
+      - /etc/ssl/certs/:/etc/ssl/certs/
       - {{ config_dir }}/:/home/step/
     networks:
-      - {{ docker_network }}
+      - {{ traefik_network }}
     #environment:
       #- STEPDEBUG=1
     deploy:
@@ -20,6 +20,6 @@ services:
         - traefik.tcp.routers.{{ git_repository }}.rule=HostSNI(`{{ domain }}`)
         - traefik.tcp.routers.{{ git_repository }}.tls.passthrough=true
 networks:
-  {{ docker_network }}:
+  {{ traefik_network }}:
     external:
-      name: {{ docker_network }}
+      name: {{ traefik_network }}
diff --git a/.drone.yaml b/.drone.yaml
@@ -1,26 +1,26 @@
 ---
 kind: pipeline
 type: docker
-name: Install Step CA Server
+name: Install Step CA Server (prod)
 
 clone:
   depth: 1
 
+concurrency:
+  limit: 1
+
 steps:
 
   - name: deploy
-    image: plugins/ansible:3
-    environment:
-      ANSIBLE_CONFIG: .ansible/ansible.cfg
+    image: docker.nexus.diesel.net/drone-ansible:2.13
     settings:
       galaxy: .ansible/roles/requirements.yaml
-      inventory: .ansible/inventories/production
+      inventory: .ansible/inventories/prod
       playbook: .ansible/deploy.yaml
       private_key:
         from_secret: automation_id_rsa
       vault_password:
         from_secret: ansible_vault_password 
-      extra_vars: version=production
 
 trigger:
   branch:
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,4 @@
 .ansible/roles/common
+.ansible/roles/application
+.ansible/roles/traefik
 .ansible/roles/docker
diff --git a/README.md b/README.md
@@ -2,17 +2,3 @@
 
 # step-ca
 Private (internal) ACME-based Certificate Authority on docker swarm. Using [Smallstep's step-ca](https://smallstep.com/docs/step-ca).
-
-## Dependencies
-- Tested with ansible-core 2.11.2
-
-## Installing Dependencies
-```bash
-ansible-galaxy install -r .ansible/roles/requirements.yaml -p .ansible/roles --force
-```
-
-## Deploy
-Right now each environment is defined as an independent Virtual Machine (single-node swarm leaders)
-```bash
-ansible-playbook .ansible/deploy.yaml -i .ansible/inventories/production/hosts --vault-id ~/.tokens/master_id
-```

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-env: prod`
`2`		`-`
`3`	`1`	`domain: ca.diesel.net`
`4`	`2`	`fingerprint: c4dfdfdece152139fe58280eebaa142ef25b0a19f0984ca5e5338d0d8522f7d8`
`5`	`3`