diff --git a/.env.dist b/.env.dist index 58bf4aa..ade2e49 100644 --- a/.env.dist +++ b/.env.dist @@ -1 +1,3 @@ +APP_NAME=myos +APP_TYPE=myos DOCKER_SERVICE=cli diff --git a/ansible/ansible.mk b/ansible/ansible.mk index 4420183..0519633 100644 --- a/ansible/ansible.mk +++ b/ansible/ansible.mk @@ -1,11 +1,11 @@ # target ansible: Fire docker-build-ansible, Call ansible ANSIBLE_ARGS ARGS or ansible-run target .PHONY: ansible -ansible: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible) +ansible: $(if $(ANSIBLE_DOCKER_RUN),docker-build-ansible,install-ansible) $(call ansible,$(ANSIBLE_ARGS) $(ARGS)) # target ansible-playbook: Call ansible-playbook ANSIBLE_ARGS ARGS .PHONY: ansible-playbook -ansible-playbook: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible) +ansible-playbook: $(if $(ANSIBLE_DOCKER_RUN),docker-build-ansible,install-ansible) $(call ansible-playbook,$(ANSIBLE_ARGS) $(ARGS)) # target ansible-pull: Call ansible-pull ANSIBLE_GIT_REPOSITORY ANSIBLE_PLAYBOOK @@ -24,7 +24,7 @@ ansible-run: ansible-run-localhost # target ansible-run-%: Fire docker-build-ansible, Call ansible-playbook ANSIBLE_PLAYBOOK .PHONY: ansible-run-% -ansible-run-%: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible) +ansible-run-%: $(if $(ANSIBLE_DOCKER_RUN),docker-build-ansible,install-ansible) $(call ansible-playbook,$(if $(ANSIBLE_TAGS),--tags $(ANSIBLE_TAGS)) $(if $(ANSIBLE_EXTRA_VARS),--extra-vars '$(patsubst target=localhost,target=$*,$(ANSIBLE_EXTRA_VARS))') $(if $(findstring true,$(DRYRUN)),--check) $(if $(ANSIBLE_INVENTORY),--inventory $(ANSIBLE_INVENTORY)) $(ANSIBLE_PLAYBOOK)) # target ansible-tests: Fire ssh-add ansible-tests-localhost diff --git a/ansible/def.ansible.mk b/ansible/def.ansible.mk index 0c5296e..6ccbf01 100644 --- a/ansible/def.ansible.mk +++ b/ansible/def.ansible.mk @@ -1,3 +1,4 @@ +ANSIBLE_APP_NAME ?= myos ANSIBLE_APP_TYPE ?= myos ANSIBLE_ARGS ?= $(if $(filter-out 0,$(UID)),$(if $(shell sudo -l 2>/dev/null |grep 'NOPASSWD: ALL'),,--ask-become-pass))$(if $(DOCKER_RUN),$(if $(shell ssh-add -l >/dev/null 2>&1 || echo false), --ask-pass)) ANSIBLE_AWS_ACCESS_KEY_ID ?= $(AWS_ACCESS_KEY_ID) @@ -8,6 +9,10 @@ ANSIBLE_CONFIG ?= ansible/ansible.cfg ANSIBLE_DISKS_NFS_DISK ?= $(NFS_DISK) ANSIBLE_DISKS_NFS_OPTIONS ?= $(NFS_OPTIONS) ANSIBLE_DISKS_NFS_PATH ?= $(NFS_PATH) +# running ansible in docker requires sshd running on localhost, +# to allow ansible to escape docker and apply changes to localhost +ANSIBLE_DOCKER ?= false +ANSIBLE_DOCKER_RUN ?= $(if $(filter-out false False FALSE,$(ANSIBLE_DOCKER)),$(ANSIBLE_DOCKER)) ANSIBLE_DOCKER_IMAGE_TAG ?= $(DOCKER_IMAGE_TAG) ANSIBLE_DOCKER_REGISTRY ?= $(DOCKER_REGISTRY) ANSIBLE_EXTRA_VARS ?= target=localhost @@ -29,28 +34,27 @@ ANSIBLE_SERVER_NAME ?= $(SERVER_NAME) ANSIBLE_USERNAME ?= $(USER) ANSIBLE_VERBOSE ?= $(if $(DEBUG),-vvvv,$(if $(VERBOSE),-v)) CMDS += ansible ansible-playbook -DOCKER_RUN_OPTIONS += $(if $(DOCKER_INTERNAL_DOCKER_HOST),--add-host=host.docker.internal:$(DOCKER_INTERNAL_DOCKER_HOST)) -ENV_VARS += ANSIBLE_APP_TYPE ANSIBLE_AWS_ACCESS_KEY_ID ANSIBLE_AWS_DEFAULT_OUTPUT ANSIBLE_AWS_DEFAULT_REGION ANSIBLE_AWS_SECRET_ACCESS_KEY ANSIBLE_CONFIG ANSIBLE_DISKS_NFS_DISK ANSIBLE_DISKS_NFS_OPTIONS ANSIBLE_DISKS_NFS_PATH ANSIBLE_DOCKER_IMAGE_TAG ANSIBLE_DOCKER_REGISTRY ANSIBLE_EXTRA_VARS ANSIBLE_GIT_DIRECTORY ANSIBLE_GIT_KEY_FILE ANSIBLE_GIT_REPOSITORY ANSIBLE_GIT_VERSION ANSIBLE_INVENTORY ANSIBLE_MYOS ANSIBLE_PLAYBOOK ANSIBLE_SSH_AUTHORIZED_KEYS ANSIBLE_SSH_BASTION_HOSTNAME ANSIBLE_SSH_BASTION_USERNAME ANSIBLE_SSH_PRIVATE_IP_RANGE ANSIBLE_SSH_PRIVATE_KEYS ANSIBLE_SSH_PUBLIC_HOSTS ANSIBLE_SSH_USERNAME ANSIBLE_USERNAME ANSIBLE_VERBOSE +DOCKER_RUN_OPTIONS_ANSIBLE ?= -it $(if $(DOCKER_INTERNAL_DOCKER_HOST),--add-host=host.docker.internal:$(DOCKER_INTERNAL_DOCKER_HOST)) +ENV_VARS += ANSIBLE_APP_NAME ANSIBLE_APP_TYPE ANSIBLE_AWS_ACCESS_KEY_ID ANSIBLE_AWS_DEFAULT_OUTPUT ANSIBLE_AWS_DEFAULT_REGION ANSIBLE_AWS_SECRET_ACCESS_KEY ANSIBLE_CONFIG ANSIBLE_DISKS_NFS_DISK ANSIBLE_DISKS_NFS_OPTIONS ANSIBLE_DISKS_NFS_PATH ANSIBLE_DOCKER_IMAGE_TAG ANSIBLE_DOCKER_REGISTRY ANSIBLE_EXTRA_VARS ANSIBLE_GIT_DIRECTORY ANSIBLE_GIT_KEY_FILE ANSIBLE_GIT_REPOSITORY ANSIBLE_GIT_VERSION ANSIBLE_INVENTORY ANSIBLE_MYOS ANSIBLE_PLAYBOOK ANSIBLE_SSH_AUTHORIZED_KEYS ANSIBLE_SSH_BASTION_HOSTNAME ANSIBLE_SSH_BASTION_USERNAME ANSIBLE_SSH_PRIVATE_IP_RANGE ANSIBLE_SSH_PRIVATE_KEYS ANSIBLE_SSH_PUBLIC_HOSTS ANSIBLE_SSH_USERNAME ANSIBLE_USERNAME ANSIBLE_VERBOSE # function ansible: Call run ansible ANSIBLE_ARGS with arg 1 define ansible $(call INFO,ansible,$(1)) - $(RUN) $(call run,ansible $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(if $(DOCKER_RUN),-i $(ANSIBLE_INVENTORY)/.host.docker.internal) $(1),$(DOCKER_REPOSITORY)/) + $(RUN) $(call $(if $(ANSIBLE_DOCKER_RUN),run,env-run),$(if $(ANSIBLE_DOCKER_RUN),,$(RUN) )ansible $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(if $(ANSIBLE_DOCKER_RUN),-i $(ANSIBLE_INVENTORY)/.host.docker.internal) $(1),$(DOCKER_RUN_OPTIONS_ANSIBLE) $(DOCKER_REPOSITORY)/) endef # function ansible-playbook: Call run ansible-playbook ANSIBLE_ARGS with arg 1 define ansible-playbook $(call INFO,ansible-playbook,$(1)) - $(RUN) $(call run,ansible$(if $(DOCKER_RUN),,-playbook) $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(if $(DOCKER_RUN),-i $(ANSIBLE_INVENTORY)/.host.docker.internal) $(1),--entrypoint=ansible-playbook $(DOCKER_REPOSITORY)/) + $(RUN) $(call $(if $(ANSIBLE_DOCKER_RUN),run,env-run),$(if $(ANSIBLE_DOCKER_RUN),,$(RUN) )ansible$(if $(ANSIBLE_DOCKER_RUN),,-playbook) $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(if $(ANSIBLE_DOCKER_RUN),-i $(ANSIBLE_INVENTORY)/.host.docker.internal) $(1),$(DOCKER_RUN_OPTIONS_ANSIBLE) --entrypoint=ansible-playbook $(DOCKER_REPOSITORY)/) endef # function ansible-pull: Call run ansible-pull ANSIBLE_ARGS with arg 1 -## TODO: run ansible in docker and target localhost outside docker when DOCKER=true define ansible-pull $(call INFO,ansible-pull,$(1)) - $(call env-run,$(RUN) ansible-pull $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(1)) + $(call $(if $(ANSIBLE_DOCKER_RUN),run,env-run),$(if $(ANSIBLE_DOCKER_RUN),,$(RUN) )ansible-pull $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(1)) endef # function ansible-user-add-groups: Call ansible to add user 1 in groups 2 define ansible-user-add-groups $(call INFO,ansible-user-add-groups,$(1)$(comma) $(2)) - $(if $(DOCKER_RUN),$(call make,docker-build-ansible),$(call make,install-ansible)) + $(if $(ANSIBLE_DOCKER_RUN),$(call make,docker-build-ansible),$(call make,install-ansible)) $(call ansible,-b -m user -a 'name=$(1) groups=$(2) append=yes' localhost) endef diff --git a/ansible/roles/disks/tasks/services.yml b/ansible/roles/disks/tasks/services.yml index 85908be..898bd7d 100644 --- a/ansible/roles/disks/tasks/services.yml +++ b/ansible/roles/disks/tasks/services.yml @@ -27,5 +27,10 @@ name: "{{item.name}}" state: "{{item.state}}" enabled: "{{item.enabled}}" + runlevels: + - 2 + - 3 + - 4 + - 5 become: yes diff --git a/ansible/roles/docker/README.md b/ansible/roles/docker/README.md index b44dad6..9771219 100644 --- a/ansible/roles/docker/README.md +++ b/ansible/roles/docker/README.md @@ -24,10 +24,16 @@ docker_daemon_config_directory: '/etc/docker' docker_daemon_config_file: "{{docker_daemon_config_directory}}/daemon.json" ``` -* `docker_daemon_config_file` - Docker daemon configuration file +* `docker_daemon_config_data_root` - Docker daemon data root directory ``` yaml -docker_daemon_config_storage: 'overlay2' +docker_daemon_config_data_root: '/var/lib/docker' +``` + +* `docker_daemon_config_storage_driver` - Docker daemon storage driver + +``` yaml +docker_daemon_config_storage_driver: 'overlay2' ``` * `docker_daemon_config` - docker daemon yaml config diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml index e28f1b8..6d2add4 100644 --- a/ansible/roles/docker/defaults/main.yml +++ b/ansible/roles/docker/defaults/main.yml @@ -5,16 +5,19 @@ docker_check_kernel: '3.10' # location of configuration files of docker daemon -docker_daemon_config_directory: "/etc/docker" +# docker_daemon_config_directory: "/etc/docker" # configuration files of docker daemon -docker_daemon_config_file: "{{docker_daemon_config_directory}}/daemon.json" +# docker_daemon_config_file: "{{docker_daemon_config_directory}}/daemon.json" + +# configure docker daemon data root directory +# docker_daemon_config_data_root: "/var/lib/docker" # configure docker daemon storage driver -docker_daemon_config_storage: "overlay2" +# docker_daemon_config_storage: "overlay2" # docker daemon configuration -docker_daemon_config: {} +# docker_daemon_config: {} # docker package name docker_package: docker diff --git a/ansible/roles/docker/tasks/config.yml b/ansible/roles/docker/tasks/config.yml index 5dc1713..92c072d 100644 --- a/ansible/roles/docker/tasks/config.yml +++ b/ansible/roles/docker/tasks/config.yml @@ -1,27 +1,27 @@ --- # file: tasks/config.yml -- name: config - add docker storage setup - when: docker_package|length > 0 and ansible_service_mgr == "systemd" and ansible_os_family|lower == "redhat" - lineinfile: dest="{{docker_init_config_directory}}/{{docker_package}}-storage-setup" state="present" line="STORAGE_DRIVER=\"\"" - become: yes - notify: restart docker +# - name: config - add docker storage setup +# when: docker_package|length > 0 and ansible_service_mgr == "systemd" and ansible_os_family|lower == "redhat" +# lineinfile: dest="{{docker_init_config_directory}}/{{docker_package}}-storage-setup" state="present" line="STORAGE_DRIVER=\"\"" +# become: yes +# notify: restart docker -- name: config - register docker_daemon_config - set_fact: - docker_daemon_config: "{{ lookup('file',docker_daemon_config_file)|default('{}')|from_json}}" - ignore_errors: true +# - name: config - register docker_daemon_config +# set_fact: +# docker_daemon_config: "{{ lookup('file',docker_daemon_config_file)|default('{}')|from_json}}" +# ignore_errors: true -- name: config - add docker daemon storage configuration - when: docker_package|length > 0 - template: - src: daemon.json.j2 - dest: "{{docker_daemon_config_file}}" - owner: root - group: docker - mode: "0640" - become: yes - notify: restart docker +# - name: config - add docker daemon storage configuration +# when: docker_package|length > 0 +# template: +# src: daemon.json.j2 +# dest: "{{docker_daemon_config_file}}" +# owner: root +# group: docker +# mode: "0640" +# become: yes +# notify: restart docker # - name: config - disable docker iptables setup # when: docker_package|length > 0 and ansible_service_mgr == "systemd" diff --git a/ansible/roles/docker/tasks/services.yml b/ansible/roles/docker/tasks/services.yml index 194724a..89c7945 100644 --- a/ansible/roles/docker/tasks/services.yml +++ b/ansible/roles/docker/tasks/services.yml @@ -33,6 +33,11 @@ name: "{{item.name}}" state: "{{item.state}}" enabled: "{{item.enabled}}" + runlevels: + - 2 + - 3 + - 4 + - 5 become: yes - name: services - force service restart - openrc diff --git a/ansible/roles/hosts/defaults/main.yml b/ansible/roles/hosts/defaults/main.yml index 5f930e1..ff33e8a 100644 --- a/ansible/roles/hosts/defaults/main.yml +++ b/ansible/roles/hosts/defaults/main.yml @@ -105,6 +105,7 @@ hosts_packages_distro: [] # services to enable/disable hosts_services: - { "name": "ansible", "state": "stopped", "enabled": "no" } + - { "name": "myos", "state": "stopped", "enabled": "no" } - { "name": "zram", "state": "stopped", "enabled": "no" } # list of urls to get public keys to add to ~/.ssh/authorized_keys diff --git a/ansible/roles/hosts/files/.bash_profile b/ansible/roles/hosts/files/.bash_profile index fafc60b..ebf1f8b 100644 --- a/ansible/roles/hosts/files/.bash_profile +++ b/ansible/roles/hosts/files/.bash_profile @@ -1,8 +1,6 @@ # shellcheck shell=bash source=/dev/null # ~/.bash_profile: executed by the command interpreter for bash login shell. -[ -f ~/.sh_profile ] && . ~/.sh_profile - # bash-completion if ! shopt -oq posix && [ -z "${BASH_COMPLETION_VERSINFO-}" ]; then if [ "${BASH_VERSINFO[0]}" -gt 4 ] \ @@ -17,3 +15,5 @@ if ! shopt -oq posix && [ -z "${BASH_COMPLETION_VERSINFO-}" ]; then . "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" fi fi + +[ -f ~/.sh_profile ] && . ~/.sh_profile diff --git a/ansible/roles/hosts/files/.sh_profile b/ansible/roles/hosts/files/.sh_profile index 9345639..0506b86 100644 --- a/ansible/roles/hosts/files/.sh_profile +++ b/ansible/roles/hosts/files/.sh_profile @@ -1,6 +1,5 @@ # shellcheck shell=sh source=/dev/null # ~/.sh_profile: executed by the command interpreter for login shells. -# set -x # source ~/.*aliases and ~/.*functions files for source in aliases functions; do @@ -36,3 +35,5 @@ for path in /*/local/sbin /*/local/bin /*/local/*/bin "${HOME}"/.*/bin; do *) export PATH="${path}:$PATH" ;; esac done + +[ -f ~/.profile ] && . ~/.profile diff --git a/ansible/roles/hosts/files/etc/init.d/myos b/ansible/roles/hosts/files/etc/init.d/myos index 1303c65..499c951 100755 --- a/ansible/roles/hosts/files/etc/init.d/myos +++ b/ansible/roles/hosts/files/etc/init.d/myos @@ -9,11 +9,51 @@ # Description: MYOS system calls ### END INIT INFO +NAME="$(basename "$0")" + # check system config [ -r /etc/default/myos ] && . /etc/default/myos 2>/dev/null -type make >/dev/null 2>&1 && [ -d "${MYOS}" ] || exit 1 +type make >/dev/null 2>&1 && [ -d "${MYOS}" ] && cd "${MYOS}" || exit 1 case "$1" in + force-stop) + HOOK="stop stack-node-stop" + shift + ;; + force-reload) + HOOK="recreate stack-node-recreate" + shift + ;; + force-restart) + HOOK="restart stack-node-restart" + shift + ;; + force-shutdown) + HOOK="down stack-node-down" + shift + ;; + reload) + HOOK="recreate" + shift + ;; + shutdown) + HOOK="down" + shift + ;; + start) + echo "Starting $NAME..." + HOOK="up" + shift + ;; + status) + HOOK="ps" + shift + ;; + stop) + echo "Stopping $NAME..." + ;; *) - IFS=$'\n'; cd "${MYOS}"; exec env $(cat /etc/default/myos ~/.myos 2>/dev/null) make "$@" + ;; esac + +IFS=$'\n'; exec env $(cat /etc/default/myos ~/.myos 2>/dev/null) make ${HOOK:-} "${@}" diff --git a/ansible/roles/hosts/files/etc/init.d/myos-openrc b/ansible/roles/hosts/files/etc/init.d/myos-openrc index a86eff2..2bcbab0 100755 --- a/ansible/roles/hosts/files/etc/init.d/myos-openrc +++ b/ansible/roles/hosts/files/etc/init.d/myos-openrc @@ -10,7 +10,7 @@ start() { } status() { - /etc/init.d/myos ps + /etc/init.d/myos status } stop() { diff --git a/ansible/roles/hosts/files/etc/init.d/zram-openrc b/ansible/roles/hosts/files/etc/init.d/zram-openrc index c9ae514..cb249f6 100755 --- a/ansible/roles/hosts/files/etc/init.d/zram-openrc +++ b/ansible/roles/hosts/files/etc/init.d/zram-openrc @@ -9,10 +9,10 @@ start() { /etc/init.d/zram start } -stop() { - /etc/init.d/zram stop -} - status() { /etc/init.d/zram status } + +stop() { + /etc/init.d/zram stop +} diff --git a/ansible/roles/hosts/files/etc/profile.d/rc_functions.sh b/ansible/roles/hosts/files/etc/profile.d/rc_functions.sh index bc2cedb..c6a4a4a 100644 --- a/ansible/roles/hosts/files/etc/profile.d/rc_functions.sh +++ b/ansible/roles/hosts/files/etc/profile.d/rc_functions.sh @@ -2,7 +2,7 @@ # file rc_functions.sh: Define shell functions ## author: Yann "aya" Autissier ## license: GPL -## version: 20210714 +## version: 20220620 # function force: Run a command sine die force() { @@ -135,8 +135,8 @@ ps1_set() { fi )" PS1_GIT="${COLOR_CYAN}${PS1_GIT}${COLOR_RESET}" - PS1_HOSTNAME_COLOR="\`case \"\${ENV}\" in - [Pp][Rr][0Oo][Dd]*) + PS1_HOSTNAME_COLOR="\`case \"\${ENV}${HOSTNAME%%.*}\" in + *[Pp][Rr][0Oo][Dd]*|*[Pp][Rr][Dd]*) printf \"${COLOR_RED}\";; *) if [ -n \"\${ENV}\" ]; then diff --git a/ansible/roles/hosts/files/etc/sv/myos/finish b/ansible/roles/hosts/files/etc/sv/myos/finish new file mode 100755 index 0000000..4094edf --- /dev/null +++ b/ansible/roles/hosts/files/etc/sv/myos/finish @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +NAME="$(basename "$(pwd)")" +[ "$1" = -1 ] && echo "ERROR: unexpected error" + +[ "$1" = 1 ] && echo "ERROR: $NAME config error" \ + && sv d "$NAME" && exit 0 + +[ "$1" = 2 ] && echo "ERROR: $NAME exit error" \ + && sv d "$NAME" && exit 0 + +exec /etc/init.d/"$NAME" stop 2>&1 diff --git a/ansible/roles/hosts/files/etc/sv/myos/log/run b/ansible/roles/hosts/files/etc/sv/myos/log/run new file mode 100755 index 0000000..cbc73c5 --- /dev/null +++ b/ansible/roles/hosts/files/etc/sv/myos/log/run @@ -0,0 +1,15 @@ +#!/bin/sh +set -e + +NAME="$(basename "$(dirname "$(pwd)")")" +LOG_DIR="/var/log/runit/$NAME" +LOG_GROUP=adm +LOG_USER=nobody +SUPERVISE_DIR="/var/run/runit/supervise/${NAME}.log" + +mkdir -p "$SUPERVISE_DIR" && chmod 700 "$SUPERVISE_DIR" +[ ! -h supervise ] && rm -rf supervise && ln -s "$SUPERVISE_DIR" supervise +mkdir -p "$LOG_DIR" && chmod 750 "$LOG_DIR" +chown -R "$LOG_USER":"$LOG_GROUP" "$LOG_DIR" + +exec chpst -u "$LOG_USER" svlogd -tt "$LOG_DIR" diff --git a/ansible/roles/hosts/files/etc/sv/myos/run b/ansible/roles/hosts/files/etc/sv/myos/run new file mode 100755 index 0000000..c7d8858 --- /dev/null +++ b/ansible/roles/hosts/files/etc/sv/myos/run @@ -0,0 +1,12 @@ +#!/usr/bin/env /lib/runit/invoke-run +# shellcheck shell=sh +set -e + +NAME="$(basename "$(dirname "$0")")" +SUPERVISE_DIR="/var/run/runit/supervise/$NAME" + +mkdir -p "$SUPERVISE_DIR" && chmod 700 "$SUPERVISE_DIR" +[ ! -h supervise ] && rm -rf supervise && ln -s "$SUPERVISE_DIR" supervise + +sv once "$NAME" +exec /etc/init.d/"$NAME" start 2>&1 diff --git a/ansible/roles/hosts/tasks/config.yml b/ansible/roles/hosts/tasks/config.yml index 2b617b0..d76521f 100644 --- a/ansible/roles/hosts/tasks/config.yml +++ b/ansible/roles/hosts/tasks/config.yml @@ -3,6 +3,7 @@ - name: config - set MYOS config in /etc/default/myos with_items: + - APP_NAME={{ lookup('env','ANSIBLE_APP_NAME') }} - APP_TYPE={{ lookup('env','ANSIBLE_APP_TYPE') }} - MYOS={{ lookup('env','ANSIBLE_MYOS') }} lineinfile: diff --git a/ansible/roles/hosts/tasks/services.yml b/ansible/roles/hosts/tasks/services.yml index adf2915..3c97ac7 100644 --- a/ansible/roles/hosts/tasks/services.yml +++ b/ansible/roles/hosts/tasks/services.yml @@ -27,5 +27,10 @@ name: "{{item.name}}" state: "{{item.state}}" enabled: "{{item.enabled}}" + runlevels: + - 2 + - 3 + - 4 + - 5 become: yes diff --git a/ansible/roles/hosts/tasks/user.yml b/ansible/roles/hosts/tasks/user.yml index 5cad9e3..c76d365 100644 --- a/ansible/roles/hosts/tasks/user.yml +++ b/ansible/roles/hosts/tasks/user.yml @@ -46,11 +46,6 @@ - unset user_count process_count lineinfile: dest=~/.bashrc create=yes line='{{item}}' -- name: user - update ~/.profile - with_items: - - source ~/.sh_profile - lineinfile: dest=~/.profile create=yes line='{{item}}' - - name: user - update ~/.config/git/ignore with_items: - '.nfs*' diff --git a/ansible/roles/remotes/tasks/services.yml b/ansible/roles/remotes/tasks/services.yml index d1ea94a..bd56a91 100644 --- a/ansible/roles/remotes/tasks/services.yml +++ b/ansible/roles/remotes/tasks/services.yml @@ -27,5 +27,10 @@ name: "{{item.name}}" state: "{{item.state}}" enabled: "{{item.enabled}}" + runlevels: + - 2 + - 3 + - 4 + - 5 become: yes diff --git a/docker/ipfs/Dockerfile b/docker/ipfs/Dockerfile index 4e82a45..2dd2641 100644 --- a/docker/ipfs/Dockerfile +++ b/docker/ipfs/Dockerfile @@ -1,4 +1,4 @@ -ARG IPFS_VERSION=0.13.0-rc1 +ARG IPFS_VERSION=0.13.0 FROM ipfs/go-ipfs:v${IPFS_VERSION} as dist LABEL maintainer aynic.os ARG DOCKER_BUILD_DIR diff --git a/docker/ipfs/ipfs-config.sh b/docker/ipfs/ipfs-config.sh index 0effb7a..c5d5454 100644 --- a/docker/ipfs/ipfs-config.sh +++ b/docker/ipfs/ipfs-config.sh @@ -1,6 +1,7 @@ #!/bin/sh -## fix following error on arm64/linux with 2Gb RAM +## fix resource manager fatal error on arm64/linux with 2Gb RAM +# ipfs config --json Swarm.ResourceMgr.Enabled false # ERROR p2pnode libp2p/rcmgr_defaults.go:107 ===> OOF! go-libp2p changed DefaultServiceLimits # => changes ('test' represents the old value): # {"op":"test","path":"/SystemLimits/Memory","value":1073741824} @@ -8,4 +9,12 @@ # => go-libp2p SetDefaultServiceLimits update needs a review: # Please inspect if changes impact go-ipfs users, and update expectedDefaultServiceLimits in rcmgr_defaults.go to remove this message # FATAL p2pnode libp2p/rcmgr_defaults.go:115 daemon will refuse to run with the resource manager until this is resolved -ipfs config --json Swarm.ResourceMgr.Enabled false + +## Astroport.One +ipfs config Pubsub.Router gossipsub +ipfs config --json Experimental.Libp2pStreamMounting true +ipfs config --json Experimental.P2pHttpProxy true +ipfs config Addresses.Gateway "/ip4/0.0.0.0/tcp/8080" + +## REMOVE IPFS BOOTSTRAP +ipfs bootstrap rm --all diff --git a/make/apps/def.docker.mk b/make/apps/def.docker.mk index b77778f..763873e 100644 --- a/make/apps/def.docker.mk +++ b/make/apps/def.docker.mk @@ -11,7 +11,7 @@ else COMPOSE_FILE_APP ?= true endif COMPOSE_IGNORE_ORPHANS ?= false -COMPOSE_PROJECT_NAME ?= $(PROJECT_ENV)$(subst /,,$(subst -,,$(APP_PATH))) +COMPOSE_PROJECT_NAME ?= $(PROJECT_NAME)$(addprefix _,$(subst /,,$(subst -,,$(APP_PATH)))) COMPOSE_SERVICE_NAME ?= $(subst _,-,$(COMPOSE_PROJECT_NAME)) COMPOSE_VERSION ?= 2.5.0 CONTEXT += COMPOSE_FILE DOCKER_REPOSITORY @@ -43,10 +43,10 @@ DOCKER_PLUGIN_VARS ?= S3FS_ACCESSKEY S3FS_OPTIONS S3FS_SECRETKEY S3 DOCKER_REGISTRY ?= my.os DOCKER_REGISTRY_USERNAME ?= $(USER) DOCKER_REGISTRY_REPOSITORY ?= $(addsuffix /,$(DOCKER_REGISTRY))$(subst $(USER),$(DOCKER_REGISTRY_USERNAME),$(DOCKER_REPOSITORY)) -DOCKER_REPOSITORY ?= $(subst _,/,$(COMPOSE_PROJECT_NAME)) +DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(COMPOSE_PROJECT_NAME))) DOCKER_SERVICE ?= $(lastword $(DOCKER_SERVICES)) -DOCKER_SERVICES ?= $(eval IGNORE_DRYRUN := true)$(shell $(call docker-compose,config --services 2>/dev/null))$(eval IGNORE_DRYRUN := false) -DOCKER_SHELL ?= $(SHELL) +DOCKER_SERVICES ?= $(eval IGNORE_DRYRUN := true)$(eval IGNORE_VERBOSE := true)$(shell $(call docker-compose,config --services) 2>/dev/null)$(eval IGNORE_DRYRUN := false)$(eval IGNORE_VERBOSE := false) +DOCKER_SHELL ?= /bin/sh ENV_VARS += COMPOSE_PROJECT_NAME COMPOSE_SERVICE_NAME DOCKER_BUILD_TARGET DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_REPOSITORY DOCKER_SHELL ifeq ($(DRONE), true) diff --git a/make/apps/def.mk b/make/apps/def.mk index 233e243..1ec8b9c 100644 --- a/make/apps/def.mk +++ b/make/apps/def.mk @@ -23,7 +23,7 @@ ENV_VARS += APP_DIR APP_DOMAIN APP_HOST APP_PATH APP_URL MOUNT_NFS ?= false NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime,nocto,nodiratime,nolock,soft,rsize=32768,wsize=32768,tcp,rw,vers=3 NFS_HOST ?= host.docker.internal -PROJECT_ENV ?= $(USER)_$(APP)_$(ENV) +PROJECT_NAME ?= $(USER)_$(ENV)_$(APP) SERVICE_NAME ?= $(COMPOSE_SERVICE_NAME) SERVICE_VERSION ?= $(BUILD_DATE)-$(VERSION) SERVICES ?= $(DOCKER_SERVICES) diff --git a/make/apps/docker.mk b/make/apps/docker.mk index 5e6e881..63d191f 100644 --- a/make/apps/docker.mk +++ b/make/apps/docker.mk @@ -26,6 +26,7 @@ docker-commit-%: # target docker-compose-build: Fire docker-images-myos, Call docker-compose build SERVICE .PHONY: docker-compose-build +docker-compose-build: DOCKER_RUN_OPTIONS += -it docker-compose-build: docker-images-myos $(call docker-compose,build $(DOCKER_BUILD_ARGS) $(if $(filter $(SERVICE),$(SERVICES)),$(SERVICE))) @@ -37,11 +38,13 @@ docker-compose-config: # target docker-compose-connect: Call docker-compose exec SERVICE DOCKER_SHELL .PHONY: docker-compose-connect docker-compose-connect: SERVICE ?= $(DOCKER_SERVICE) +docker-compose-connect: DOCKER_RUN_OPTIONS += -it docker-compose-connect: $(call docker-compose,exec $(SERVICE) $(DOCKER_SHELL)) || true # target docker-compose-down: Call docker-compose rm SERVICE or docker-compose down .PHONY: docker-compose-down +docker-compose-down: DOCKER_RUN_OPTIONS += -it docker-compose-down: $(if $(filter $(SERVICE),$(SERVICES)),$(call docker-compose,rm -fs $(SERVICE)),$(call docker-compose,down $(DOCKER_COMPOSE_DOWN_OPTIONS))) @@ -77,12 +80,14 @@ docker-compose-restart: # target docker-compose-rm: Call docker-compose rm SERVICE .PHONY: docker-compose-rm +docker-compose-rm: DOCKER_RUN_OPTIONS += -it docker-compose-rm: $(call docker-compose,rm -fs $(if $(filter $(SERVICE),$(SERVICES)),$(SERVICE))) # target docker-compose-run: Call docker-compose run SERVICE ARGS .PHONY: docker-compose-run docker-compose-run: SERVICE ?= $(DOCKER_SERVICE) +docker-compose-run: DOCKER_RUN_OPTIONS += -it docker-compose-run: $(call docker-compose,run $(SERVICE) $(ARGS)) @@ -104,6 +109,7 @@ docker-compose-stop: # target docker-compose-up: Fire docker-image-myos, Call docker-compose up SERVICE .PHONY: docker-compose-up +docker-compose-up: DOCKER_RUN_OPTIONS += -it docker-compose-up: docker-images-myos $(call docker-compose,up $(DOCKER_COMPOSE_UP_OPTIONS) $(if $(filter $(SERVICE),$(SERVICES)),$(SERVICE))) diff --git a/make/apps/myos/ssh.mk b/make/apps/myos/ssh.mk index 95dd507..7aa1016 100644 --- a/make/apps/myos/ssh.mk +++ b/make/apps/myos/ssh.mk @@ -8,6 +8,7 @@ ssh: ssh-get-PrivateIpAddress-$(SERVER_NAME) ## Connect to first remote host # target ssh-add: Fire ssh-key and ssh-add file SSH_PRIVATE_KEYS in folder SSH_DIR .PHONY: ssh-add +ssh-add: DOCKER_RUN_OPTIONS += -it ssh-add: ssh-key $(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file))))) $(call run,sh -c '$(foreach file,$(patsubst %,$(SSH_DIR)/%,$(SSH_PRIVATE_KEYS)),ssh-add -l |grep -qw $$(ssh-keygen -lf $(file) 2>/dev/null |awk '\''{print $$2}'\'') 2>/dev/null || $(RUN) ssh-add $(file) ||: &&) true',-v $(SSH_DIR):$(SSH_DIR) $(DOCKER_IMAGE_CLI) ) diff --git a/make/def.docker.mk b/make/def.docker.mk index 90713d4..77fb73d 100644 --- a/make/def.docker.mk +++ b/make/def.docker.mk @@ -1,5 +1,5 @@ COMPOSE_PROJECT_NAME_NODE ?= node -COMPOSE_PROJECT_NAME_USER ?= $(USER)_myos_$(ENV) +COMPOSE_PROJECT_NAME_USER ?= $(USER_ENV)_myos DOCKER_ENV_ARGS ?= $(docker_env_args) DOCKER_EXEC_OPTIONS ?= DOCKER_GID ?= $(call gid,docker) @@ -12,12 +12,12 @@ DOCKER_NAME_SSH ?= $(COMPOSE_PROJECT_NAME_USER)_ssh DOCKER_NETWORK ?= $(DOCKER_NETWORK_PRIVATE) DOCKER_NETWORK_PRIVATE ?= $(USER_ENV) DOCKER_NETWORK_PUBLIC ?= $(COMPOSE_PROJECT_NAME_NODE) -DOCKER_REPOSITORY_USER ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_USER)) -DOCKER_REPOSITORY_NODE ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_NODE)) +DOCKER_REPOSITORY_USER ?= $(subst -,/,$(subst _,/,$(COMPOSE_PROJECT_NAME_USER))) +DOCKER_REPOSITORY_NODE ?= $(subst -,/,$(subst _,/,$(COMPOSE_PROJECT_NAME_NODE))) # DOCKER_RUN: if empty, run system command, else run it in a docker DOCKER_RUN ?= $(if $(filter-out false False FALSE,$(DOCKER)),$(DOCKER)) # DOCKER_RUN_OPTIONS: default options of `docker run` command -DOCKER_RUN_OPTIONS += --rm -it +DOCKER_RUN_OPTIONS += --rm # DOCKER_RUN_VOLUME: options -v of `docker run` command to mount additionnal volumes DOCKER_RUN_VOLUME += -v /var/run/docker.sock:/var/run/docker.sock DOCKER_RUN_WORKDIR ?= -w $(PWD) diff --git a/make/def.mk b/make/def.mk index 53244f3..b78bad0 100644 --- a/make/def.mk +++ b/make/def.mk @@ -62,9 +62,9 @@ GIT_COMMIT ?= $(shell git rev-parse $(BRANCH) 2>/dev/null) GIT_REPOSITORY ?= $(if $(SUBREPO),$(shell awk -F ' = ' '$$1 ~ /^[[\s\t]]*remote$$/ {print $$2}' .gitrepo 2>/dev/null),$(shell git config --get remote.origin.url 2>/dev/null)) GIT_STATUS ?= $(shell git status -uno --porcelain 2>/dev/null |wc -l) GIT_TAG ?= $(shell git tag -l --points-at $(BRANCH) 2>/dev/null) -GIT_UPSTREAM_REPOSITORY ?= $(if $(findstring ://,$(GIT_REPOSITORY)),$(call pop,$(call pop,$(GIT_REPOSITORY)))/,$(call pop,$(GIT_REPOSITORY),:):)$(GIT_UPSTREAM_USER)/$(lastword $(subst /, ,$(GIT_REPOSITORY))) +GIT_UPSTREAM_REPOSITORY ?= $(if $(GIT_REPOSITORY),$(if $(findstring ://,$(GIT_REPOSITORY)),$(call pop,$(call pop,$(GIT_REPOSITORY)))/,$(call pop,$(GIT_REPOSITORY),:):)$(or $(GIT_UPSTREAM_USER),$(GIT_USER))/$(lastword $(subst /, ,$(GIT_REPOSITORY)))) GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPOSITORY)))) -GIT_USER ?= $(GIT_AUTHOR_NAME) +GIT_USER ?= $(USER) GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null) HOSTNAME ?= $(shell hostname 2>/dev/null |sed 's/\..*//') IGNORE_DRYRUN ?= false @@ -82,7 +82,7 @@ MAKE_ENV_VARS ?= $(strip $(foreach var, $(filter-out .VARIABLE MAKE_FILE_ARGS ?= $(foreach var,$(filter $(ENV_VARS),$(MAKE_FILE_VARS)),$(var)='$($(var))') MAKE_FILE_VARS ?= $(strip $(foreach var, $(filter-out .VARIABLES,$(.VARIABLES)), $(if $(filter file,$(origin $(var))),$(var)))) MAKE_OLDFILE ?= $@ -MAKE_TARGETS ?= $(filter-out $(.VARIABLES),$(shell $(MAKE) -qp 2>/dev/null |awk -F':' '/^[a-zA-Z0-9][^$$\#\/\t=]*:([^=]|$$)/ {print $$1}' |sort -u)) +MAKE_TARGETS ?= $(filter-out $(.VARIABLES),$(shell $(MAKE) -qp 2>/dev/null |awk -F':' '/^[a-zA-Z0-9][^$$\#\/\t=]*:([^=]|$$)/ {print $$1}' 2>/dev/null |sort -u)) MAKE_UNIXTIME_START := $(shell date -u +'%s' 2>/dev/null) MAKE_UNIXTIME_CURRENT = $(shell date -u "+%s" 2>/dev/null) MAKE_VARS ?= ENV diff --git a/packer/def.packer.mk b/packer/def.packer.mk index 05d01fb..aec0fda 100644 --- a/packer/def.packer.mk +++ b/packer/def.packer.mk @@ -1,5 +1,5 @@ CMDS += packer -DOCKER_RUN_OPTIONS_PACKER ?= -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT) +DOCKER_RUN_OPTIONS_PACKER ?= -it -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT) ENV_VARS += PACKER_CACHE_DIR PACKER_KEY_INTERVAL PACKER_LOG KVM_GID ?= $(call gid,kvm) PACKER_ARCH ?= $(PACKER_ALPINE_ARCH) diff --git a/stack/User/User.yml b/stack/User/User.yml index 66c0844..6053c2a 100644 --- a/stack/User/User.yml +++ b/stack/User/User.yml @@ -13,7 +13,7 @@ services: - SSH_BASTION_HOSTNAME=${SSH_BASTION_HOSTNAME} - SSH_BASTION_USERNAME=${SSH_BASTION_USERNAME} - SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS} - - SSH_PRIVATE_IP_RANGE=${SSH_RIVATE_IP_RANGE} + - SSH_PRIVATE_IP_RANGE=${SSH_PRIVATE_IP_RANGE} context: ../.. dockerfile: docker/cli/Dockerfile command: tail -f /dev/null diff --git a/stack/node/node.yml b/stack/node/node.yml index 2923199..815eeab 100644 --- a/stack/node/node.yml +++ b/stack/node/node.yml @@ -79,7 +79,7 @@ services: build: args: - DOCKER_BUILD_DIR=docker/ipfs - - IPFS_VERSION=0.13.0-rc1 + - IPFS_VERSION=0.13.0 context: ../.. dockerfile: docker/ipfs/Dockerfile command: daemon --migrate=true --mount