This commit is contained in:
aynic.os 2021-06-16 12:19:52 +01:00
parent f0c10a3082
commit ce449b3966
80 changed files with 828 additions and 448 deletions

View File

@ -2,4 +2,4 @@
## v1.0-alpha ## v1.0-alpha
First public release. Code as Doc. First public release. Code is doc.

View File

@ -10,6 +10,6 @@ app-build: base install-build-config
$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call make,app-build-$(service))) $(foreach service,$(or $(SERVICE),$(SERVICES)),$(call make,app-build-$(service)))
$(call make,docker-commit) $(call make,docker-commit)
app-install: base node app-install: ansible-run base node
app-start: ssh-add app-start: ssh-add

View File

@ -20,9 +20,9 @@ ansible-pull@%: ssh-get-PrivateIpAddress-$(SERVER_NAME)
# target ansible-run: Fire ssh-add ansible-run-localhost # target ansible-run: Fire ssh-add ansible-run-localhost
.PHONY: ansible-run .PHONY: ansible-run
ansible-run: ssh-add ansible-run-localhost ansible-run: ansible-run-localhost
# target ansible-run-%: Fire docker-build-ansible, Call ansible-playbook ANSIBLE_PLAYBOOK # target ansible-run-%: Fire docker-build-ansible, Call ansible-playbook ANSIBLE_PLAYBOOK
.PHONY: ansible-run-% .PHONY: ansible-run-%
ansible-run-%: $(if $(DOCKER_RUN),docker-build-ansible) ansible-run-%: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible)
$(call ansible-playbook,$(if $(ANSIBLE_TAGS),--tags $(ANSIBLE_TAGS)) $(if $(ANSIBLE_EXTRA_VARS),--extra-vars '$(patsubst target=localhost,target=$*,$(ANSIBLE_EXTRA_VARS))') $(if $(findstring true,$(DRYRUN)),--check) $(if $(ANSIBLE_INVENTORY),--inventory $(ANSIBLE_INVENTORY)) $(ANSIBLE_PLAYBOOK)) $(call ansible-playbook,$(if $(ANSIBLE_TAGS),--tags $(ANSIBLE_TAGS)) $(if $(ANSIBLE_EXTRA_VARS),--extra-vars '$(patsubst target=localhost,target=$*,$(ANSIBLE_EXTRA_VARS))') $(if $(findstring true,$(DRYRUN)),--check) $(if $(ANSIBLE_INVENTORY),--inventory $(ANSIBLE_INVENTORY)) $(ANSIBLE_PLAYBOOK))

View File

@ -1,3 +1,4 @@
ANSIBLE_ARGS ?= $(if $(filter-out 0,$(UID)),$(if $(shell sudo -l 2>/dev/null |grep 'NOPASSWD: ALL'),,-K))$(if $(DOCKER_RUN),$(if $(shell ssh-add -l >/dev/null 2>&1 || echo false), -k))
ANSIBLE_AWS_ACCESS_KEY_ID ?= $(AWS_ACCESS_KEY_ID) ANSIBLE_AWS_ACCESS_KEY_ID ?= $(AWS_ACCESS_KEY_ID)
ANSIBLE_AWS_DEFAULT_OUTPUT ?= $(AWS_DEFAULT_OUTPUT) ANSIBLE_AWS_DEFAULT_OUTPUT ?= $(AWS_DEFAULT_OUTPUT)
ANSIBLE_AWS_DEFAULT_REGION ?= $(AWS_DEFAULT_REGION) ANSIBLE_AWS_DEFAULT_REGION ?= $(AWS_DEFAULT_REGION)
@ -9,19 +10,25 @@ ANSIBLE_DISKS_NFS_PATH ?= $(NFS_PATH)
ANSIBLE_DOCKER_IMAGE_TAG ?= $(DOCKER_IMAGE_TAG) ANSIBLE_DOCKER_IMAGE_TAG ?= $(DOCKER_IMAGE_TAG)
ANSIBLE_DOCKER_REGISTRY ?= $(DOCKER_REGISTRY) ANSIBLE_DOCKER_REGISTRY ?= $(DOCKER_REGISTRY)
ANSIBLE_EXTRA_VARS ?= target=localhost ANSIBLE_EXTRA_VARS ?= target=localhost
ANSIBLE_GIT_DIRECTORY ?= /src/$(subst git@,,$(subst ssh://,,$(GIT_REPOSITORY))) ANSIBLE_GIT_DIRECTORY ?= /src/$(subst $(space),/,$(strip $(call reverse,$(subst ., ,$(APP_REPOSITORY_HOST)))))/$(APP_REPOSITORY_PATH)
ANSIBLE_GIT_KEY_FILE ?= $(if $(ANSIBLE_SSH_PRIVATE_KEYS),~$(ANSIBLE_USERNAME)/.ssh/$(notdir $(firstword $(ANSIBLE_SSH_PRIVATE_KEYS)))) ANSIBLE_GIT_KEY_FILE ?= $(if $(ANSIBLE_SSH_PRIVATE_KEYS),~$(ANSIBLE_USERNAME)/.ssh/$(notdir $(firstword $(ANSIBLE_SSH_PRIVATE_KEYS))))
ANSIBLE_GIT_REPOSITORY ?= $(GIT_REPOSITORY) ANSIBLE_GIT_REPOSITORY ?= $(GIT_REPOSITORY)
ANSIBLE_GIT_VERSION ?= $(BRANCH) ANSIBLE_GIT_VERSION ?= $(BRANCH)
ANSIBLE_INVENTORY ?= ansible/inventories ANSIBLE_INVENTORY ?= ansible/inventories
ANSIBLE_PLAYBOOK ?= ansible/playbook.yml ANSIBLE_PLAYBOOK ?= ansible/playbook.yml
ANSIBLE_SSH_PRIVATE_KEYS ?= $(SSH_PRIVATE_KEYS) ANSIBLE_SSH_AUTHORIZED_KEYS ?= $(strip $(SSH_AUTHORIZED_KEYS))
ANSIBLE_SSH_BASTION_HOSTNAME ?= $(firstword $(SSH_BASTION_HOSTNAME))
ANSIBLE_SSH_BASTION_USERNAME ?= $(firstword $(SSH_BASTION_USERNAME))
ANSIBLE_SSH_PRIVATE_IP_RANGE ?= $(strip $(SSH_PRIVATE_IP_RANGE))
ANSIBLE_SSH_PRIVATE_KEYS ?= $(strip $(SSH_PRIVATE_KEYS))
ANSIBLE_SSH_PUBLIC_HOSTS ?= $(strip $(SSH_PUBLIC_HOSTS))
ANSIBLE_SSH_USERNAME ?= $(firstword $(SSH_USER))
ANSIBLE_SERVER_NAME ?= $(SERVER_NAME) ANSIBLE_SERVER_NAME ?= $(SERVER_NAME)
ANSIBLE_USERNAME ?= root ANSIBLE_USERNAME ?= $(USER)
ANSIBLE_VERBOSE ?= $(if $(DEBUG),-vvvv,$(if $(VERBOSE),-v)) ANSIBLE_VERBOSE ?= $(if $(DEBUG),-vvvv,$(if $(VERBOSE),-v))
CMDS += ansible ansible-playbook CMDS += ansible ansible-playbook
DOCKER_RUN_OPTIONS += --add-host=host.docker.internal:$(DOCKER_INTERNAL_DOCKER_HOST) DOCKER_RUN_OPTIONS += --add-host=host.docker.internal:$(DOCKER_INTERNAL_DOCKER_HOST)
ENV_VARS += ANSIBLE_AWS_ACCESS_KEY_ID ANSIBLE_AWS_DEFAULT_OUTPUT ANSIBLE_AWS_DEFAULT_REGION ANSIBLE_AWS_SECRET_ACCESS_KEY ANSIBLE_CONFIG ANSIBLE_DISKS_NFS_DISK ANSIBLE_DISKS_NFS_OPTIONS ANSIBLE_DISKS_NFS_PATH ANSIBLE_DOCKER_IMAGE_TAG ANSIBLE_DOCKER_REGISTRY ANSIBLE_EXTRA_VARS ANSIBLE_GIT_DIRECTORY ANSIBLE_GIT_KEY_FILE ANSIBLE_GIT_REPOSITORY ANSIBLE_GIT_VERSION ANSIBLE_INVENTORY ANSIBLE_PLAYBOOK ANSIBLE_SSH_PRIVATE_KEYS ANSIBLE_USERNAME ANSIBLE_VERBOSE ENV_VARS += ANSIBLE_AWS_ACCESS_KEY_ID ANSIBLE_AWS_DEFAULT_OUTPUT ANSIBLE_AWS_DEFAULT_REGION ANSIBLE_AWS_SECRET_ACCESS_KEY ANSIBLE_CONFIG ANSIBLE_DISKS_NFS_DISK ANSIBLE_DISKS_NFS_OPTIONS ANSIBLE_DISKS_NFS_PATH ANSIBLE_DOCKER_IMAGE_TAG ANSIBLE_DOCKER_REGISTRY ANSIBLE_EXTRA_VARS ANSIBLE_GIT_DIRECTORY ANSIBLE_GIT_KEY_FILE ANSIBLE_GIT_REPOSITORY ANSIBLE_GIT_VERSION ANSIBLE_INVENTORY ANSIBLE_PLAYBOOK ANSIBLE_SSH_AUTHORIZED_KEYS ANSIBLE_SSH_BASTION_HOSTNAME ANSIBLE_SSH_BASTION_USERNAME ANSIBLE_SSH_PRIVATE_IP_RANGE ANSIBLE_SSH_PRIVATE_KEYS ANSIBLE_SSH_PUBLIC_HOSTS ANSIBLE_SSH_USERNAME ANSIBLE_USERNAME ANSIBLE_VERBOSE
# function ansible: Call run ansible ANSIBLE_ARGS with arg 1 # function ansible: Call run ansible ANSIBLE_ARGS with arg 1
define ansible define ansible
@ -37,5 +44,5 @@ endef
## TODO: run ansible in docker and target localhost outside docker when DOCKER=true ## TODO: run ansible in docker and target localhost outside docker when DOCKER=true
define ansible-pull define ansible-pull
$(call INFO,ansible-pull,$(1)) $(call INFO,ansible-pull,$(1))
$(RUN) $(call env-run,ansible-pull $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(1)) $(call env-run,$(RUN) ansible-pull $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(1))
endef endef

8
ansible/install.mk Normal file
View File

@ -0,0 +1,8 @@
##
# INSTALL
# target install-ansible; Install ansible on local host
.PHONY: install-ansible
install-ansible:
$(if $(shell type -p ansible),,$(RUN) $(INSTALL) ansible)

View File

@ -16,21 +16,12 @@ hosts_git_repositories:
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" } - { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
hosts_packages: hosts_packages:
- { "name": "ansible", "state": "present" } - { "name": "ansible", "state": "present" }
- { "name": "coreutils", "state": "present" } hosts_rc_functions:
- { "name": "curl", "state": "present" } - 10_prompt_set
- { "name": "git", "state": "present" } - 10_ps1_set
- { "name": "groff", "state": "present" } - 30_pfetch
- { "name": "htop", "state": "present" } - 30_screen_attach
- { "name": "less", "state": "present" } - 40_ssh_add
- { "name": "lsof", "state": "present" }
- { "name": "make", "state": "present" }
- { "name": "openssh-client", "state": "present" }
- { "name": "util-linux", "state": "present" }
- { "name": "vim", "state": "present" }
- { "name": "zsh", "state": "present" }
hosts_ssh_private_keys: "{{ lookup('env','ANSIBLE_SSH_PRIVATE_KEYS').split(' ').default([]) }}"
hosts_ssh_users:
- aya
hosts_user_env: hosts_user_env:
- ANSIBLE_AWS_ACCESS_KEY_ID - ANSIBLE_AWS_ACCESS_KEY_ID
- ANSIBLE_AWS_SECRET_ACCESS_KEY - ANSIBLE_AWS_SECRET_ACCESS_KEY

View File

@ -1,25 +1,23 @@
--- ---
# file: inventories/host_vars/localhost # file: inventories/host_vars/localhost
aws_access_key_id: "{{ lookup('env','ANSIBLE_AWS_ACCESS_KEY_ID') }}"
aws_output_format: "{{ lookup('env','ANSIBLE_AWS_DEFAULT_OUTPUT') or 'json' }}"
aws_region: "{{ lookup('env','ANSIBLE_AWS_DEFAULT_REGION') or 'eu-west-1' }}"
aws_secret_access_key: "{{ lookup('env','ANSIBLE_AWS_SECRET_ACCESS_KEY') }}"
disks_additional_disks:
- disk: /dev/xvdb
disable_periodic_fsck: true
fstype: ext4
mount_options: defaults
mount: /var/lib/docker
service: docker
- disk: "{{ lookup('env','ANSIBLE_DISKS_NFS_DISK') }}"
fstype: nfs
mount_options: "{{ lookup('env','ANSIBLE_DISKS_NFS_OPTIONS') }}"
mount: "{{ lookup('env','ANSIBLE_DISKS_NFS_PATH') }}"
disks_additional_services:
- rpc.statd
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}" docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}" docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
hosts_enable_local: true hosts_enable_local: true
hosts_enable_rc: true hosts_enable_rc: true
hosts_enable_zram: true hosts_enable_zram: true
hosts_git_repositories:
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
hosts_packages:
- { "name": "ansible", "state": "present" }
hosts_user_env:
- ANSIBLE_CONFIG
- ANSIBLE_DOCKER_IMAGE_TAG
- ANSIBLE_DOCKER_REGISTRY
- ANSIBLE_EXTRA_VARS
- ANSIBLE_GIT_DIRECTORY
- ANSIBLE_GIT_KEY_FILE
- ANSIBLE_GIT_REPOSITORY
- ANSIBLE_INVENTORY
- ANSIBLE_PLAYBOOK
- ENV

View File

@ -0,0 +1,49 @@
---
# file: inventories/host_vars/myos
aws_access_key_id: "{{ lookup('env','ANSIBLE_AWS_ACCESS_KEY_ID') }}"
aws_output_format: "{{ lookup('env','ANSIBLE_AWS_DEFAULT_OUTPUT') or 'json' }}"
aws_region: "{{ lookup('env','ANSIBLE_AWS_DEFAULT_REGION') or 'eu-west-1' }}"
aws_secret_access_key: "{{ lookup('env','ANSIBLE_AWS_SECRET_ACCESS_KEY') }}"
disks_additional_disks:
- disk: /dev/xvdb
disable_periodic_fsck: true
fstype: ext4
mount_options: defaults
mount: /var/lib/docker
service: docker
- disk: "{{ lookup('env','ANSIBLE_DISKS_NFS_DISK') }}"
fstype: nfs
mount_options: "{{ lookup('env','ANSIBLE_DISKS_NFS_OPTIONS') }}"
mount: "{{ lookup('env','ANSIBLE_DISKS_NFS_PATH') }}"
disks_additional_services:
- rpc.statd
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
hosts_enable_local: true
hosts_enable_rc: true
hosts_enable_zram: true
hosts_packages:
- { "name": "ansible", "state": "present" }
hosts_rc_functions:
- 10_prompt_set
- 10_ps1_set
- 30_pfetch
- 30_screen_attach
- 40_ssh_add
hosts_user_env:
- ANSIBLE_AWS_ACCESS_KEY_ID
- ANSIBLE_AWS_SECRET_ACCESS_KEY
- ANSIBLE_CONFIG
- ANSIBLE_DISKS_NFS_DISK
- ANSIBLE_DISKS_NFS_OPTIONS
- ANSIBLE_DISKS_NFS_PATH
- ANSIBLE_DOCKER_IMAGE_TAG
- ANSIBLE_DOCKER_REGISTRY
- ANSIBLE_EXTRA_VARS
- ANSIBLE_GIT_DIRECTORY
- ANSIBLE_GIT_KEY_FILE
- ANSIBLE_GIT_REPOSITORY
- ANSIBLE_INVENTORY
- ANSIBLE_PLAYBOOK
- ENV

View File

@ -1,6 +1,6 @@
--- ---
# file: playbooks/aws-cli.yml # file: playbooks/aws-cli.yml
- hosts: '{{ target | default("all") }}' - hosts: '{{ target | default("aws") }}'
roles: roles:
- aws-cli - aws-cli

View File

@ -1,6 +1,6 @@
--- ---
# file: playbooks/disks.yml # file: playbooks/disks.yml
- hosts: '{{ target | default("all") }}' - hosts: '{{ target | default("disks") }}'
roles: roles:
- disks - disks

View File

@ -101,16 +101,17 @@
tags: 'aws' tags: 'aws'
when: ec2_tags.tags is defined when: ec2_tags.tags is defined
- name: aws - prune docker objects (including non-dangling images) # ansible v2.8
docker_prune: # - name: aws - prune docker objects
containers: yes # docker_prune:
images: yes # containers: yes
images_filters: # images: yes
dangling: false # images_filters:
networks: yes # dangling: false
volumes: yes # networks: yes
builder_cache: yes # volumes: yes
tags: 'aws' # builder_cache: yes
# tags: 'aws'
- name: aws - launch docker containers - name: aws - launch docker containers
docker_container: docker_container:

View File

@ -3,23 +3,27 @@
name=py3-pip name=py3-pip
state=present state=present
when: ansible_os_family|lower == "alpine" when: ansible_os_family|lower == "alpine"
become: yes
- name: 'Install Python PIP' - name: 'Install Python PIP'
package: > package: >
name=python-pip name=python-pip
state=present state=present
when: ansible_os_family|lower != "alpine" when: ansible_os_family|lower != "alpine"
become: yes
- name: 'Install python-pathlib' - name: 'Install python-pathlib'
pip: > pip: >
name=pathlib name=pathlib
state=present state=present
become: yes
- name: "Discover NVMe EBS" - name: "Discover NVMe EBS"
disks_ebs_config: disks_ebs_config:
config: "{{ disks_additional_disks }}" config: "{{ disks_additional_disks }}"
register: __disks_ebs_config register: __disks_ebs_config
when: disks_discover_aws_nvme_ebs | default(True) | bool when: disks_discover_aws_nvme_ebs | default(True) | bool
become: yes
- set_fact: - set_fact:
disks_additional_disks: "{{ disks_additional_disks|defaut([]) + __disks_ebs_config['ansible_facts']['config'] }}" disks_additional_disks: "{{ disks_additional_disks|defaut([]) + __disks_ebs_config['ansible_facts']['config'] }}"
@ -32,6 +36,7 @@
use: '{{ disks_package_use }}' use: '{{ disks_package_use }}'
when: disks_additional_disks when: disks_additional_disks
tags: ['disks', 'pkgs'] tags: ['disks', 'pkgs']
become: yes
- name: "Install additional fs progs" - name: "Install additional fs progs"
package: package:
@ -40,6 +45,7 @@
with_items: "{{ disks_additional_packages|default([]) }}" with_items: "{{ disks_additional_packages|default([]) }}"
when: disks_additional_packages is defined when: disks_additional_packages is defined
tags: ['disks', 'pkgs'] tags: ['disks', 'pkgs']
become: yes
- name: disks - start additional services - name: disks - start additional services
service: service:
@ -48,6 +54,7 @@
state: started state: started
with_items: "{{ disks_additional_services|default([]) }}" with_items: "{{ disks_additional_services|default([]) }}"
tags: ['disks', 'pkgs'] tags: ['disks', 'pkgs']
become: yes
- name: "Get disk alignment for disks" - name: "Get disk alignment for disks"
shell: | shell: |
@ -85,6 +92,7 @@
executable: '/bin/bash' executable: '/bin/bash'
with_items: '{{ disks_additional_disks }}' with_items: '{{ disks_additional_disks }}'
tags: ['disks'] tags: ['disks']
become: yes
- name: "Create filesystem on the first partition" - name: "Create filesystem on the first partition"
filesystem: filesystem:
@ -97,6 +105,7 @@
- '{{ disks_stat.results }}' - '{{ disks_stat.results }}'
when: item.1.stat.exists when: item.1.stat.exists
tags: ['disks'] tags: ['disks']
become: yes
- name: "Disable periodic fsck and reserved space on ext3 or ext4 formatted disks" - name: "Disable periodic fsck and reserved space on ext3 or ext4 formatted disks"
environment: environment:
@ -107,6 +116,7 @@
- '{{ disks_stat.results }}' - '{{ disks_stat.results }}'
when: "disks_additional_disks and ( item.0.fstype == 'ext4' or item.0.fstype == 'ext3' ) and item.0.disable_periodic_fsck|default(false)|bool and item.1.stat.exists" when: "disks_additional_disks and ( item.0.fstype == 'ext4' or item.0.fstype == 'ext3' ) and item.0.disable_periodic_fsck|default(false)|bool and item.1.stat.exists"
tags: ['disks'] tags: ['disks']
become: yes
- name: "Ensure the mount directory exists" - name: "Ensure the mount directory exists"
file: file:
@ -114,6 +124,7 @@
state: directory state: directory
with_items: '{{ disks_additional_disks }}' with_items: '{{ disks_additional_disks }}'
tags: ['disks'] tags: ['disks']
become: yes
- name: "Get UUID for partition" - name: "Get UUID for partition"
environment: environment:
@ -145,6 +156,7 @@
register: disks_additional_disks_handler_notify register: disks_additional_disks_handler_notify
notify: notify:
- restart services - restart services
become: yes
- name: "Mount additional disks - nfs" - name: "Mount additional disks - nfs"
mount: mount:
@ -159,6 +171,7 @@
register: disks_additional_disks_nfs_handler_notify register: disks_additional_disks_nfs_handler_notify
notify: notify:
- restart services - nfs - restart services - nfs
become: yes
- name: "Ensure the permissions are set correctly" - name: "Ensure the permissions are set correctly"
file: file:
@ -168,6 +181,7 @@
state: directory state: directory
with_items: '{{ disks_additional_disks }}' with_items: '{{ disks_additional_disks }}'
when: item.user is defined or item.group is defined when: item.user is defined or item.group is defined
tags: ['disk'] tags: ['disks']
become: yes
- meta: flush_handlers - meta: flush_handlers

View File

@ -4,9 +4,6 @@
# minimum kernel version # minimum kernel version
docker_check_kernel: '3.10' docker_check_kernel: '3.10'
# architecture
docker_check_machine: 'x86_64'
# The docker package name # The docker package name
docker_package: docker docker_package: docker

View File

@ -7,10 +7,3 @@
docker requires a minimum kernel version of {{docker_check_kernel}} docker requires a minimum kernel version of {{docker_check_kernel}}
on {{ansible_distribution}} {{ansible_distribution_version}} on {{ansible_distribution}} {{ansible_distribution_version}}
when: ansible_kernel is version(docker_check_kernel, "<") when: ansible_kernel is version(docker_check_kernel, "<")
- name: check - machine architecture
fail:
msg: >
docker requires a {{docker_check_machine}} version
of {{ansible_distribution}} {{ansible_distribution_version}}
when: ansible_machine != docker_check_machine

View File

@ -9,11 +9,17 @@
- name: package - add docker GPG key - name: package - add docker GPG key
apt_key: url=https://download.docker.com/linux/debian/gpg apt_key: url=https://download.docker.com/linux/debian/gpg
when: ansible_os_family|lower == "debian" when: ansible_os_family|lower == "debian"
become: yes
- name: package - define arch
set_fact:
docker_apt_arch: "{% if ansible_machine == 'aarch64' %}arm64{% endif %}{% if ansible_machine == 'x86_64' %}amd64{% endif %}"
- name: add docker APT repository - name: add docker APT repository
apt_repository: apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable repo: deb [arch={{docker_apt_arch}}] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable
when: ansible_os_family|lower == "debian" when: ansible_os_family|lower == "debian"
become: yes
- name: package - add docker package - name: package - add docker package
package: name="{{docker_package}}" state=present package: name="{{docker_package}}" state=present

View File

@ -1,21 +1,21 @@
# Ansible role to customize servers # Ansible role to customize servers
An ansible role to customize your servers after a fresh install An ansible role to customize servers after a fresh install
## Role Variables ## Role Variables
* `hosts_ssh_users` - A list of github usernames. We will fetch ssh keys from their github account and add it to the authorized_keys of the ansible user. * `hosts_enable_cloudinit` - Install and configure cloud-init
``` yaml ``` yaml
# a list of github usernames to get public keys # enable cloud-init
hosts_ssh_users: [] hosts_enable_cloudinit: false
``` ```
* `hosts_enable_zram` - Activate zram swap devices. This option allows to create virtual swap devices compressed in RAM. It can increase hosts performances, specially on hosts without physical swap. * `hosts_enable_local` - Run ansible pull at boot
``` yaml ``` yaml
# Activate zram swap devices # enable rc.local script
hosts_enable_zram: false hosts_enable_local: false
``` ```
* `hosts_enable_rc` - Run user specific functions on ssh connection. This allow a user to customize his session when connecting to a server, like attaching automaticaly a screen session for example. * `hosts_enable_rc` - Run user specific functions on ssh connection. This allow a user to customize his session when connecting to a server, like attaching automaticaly a screen session for example.
@ -25,37 +25,19 @@ hosts_enable_zram: false
hosts_enable_rc: false hosts_enable_rc: false
``` ```
* `hosts_rc_functions` - List of user specific functions to run on ssh connection. Here you can add any function to be called when you connect to the host. Default functions are available in the /etc/profile.d/rc_functions.sh file. * `hosts_enable_zram` - Activate zram swap devices. This option allows to create virtual swap devices compressed in RAM. It can increase hosts performances, specially on hosts without physical swap.
``` yaml ``` yaml
# list of rc functions to call at user connection # Activate zram swap devices
hosts_rc_functions: hosts_enable_zram: false
# customize PS1 variable
- 01_custom_ps1
# customize PROMPT variable
# - 02_custom_prompt
# launch a ssh agent and load all private keys located in ~/.ssh
# - 03_ssh_agent
# create and/or attach a tmux session
# - 04_attach_tmux
# create and/or attach a screen session
- 05_attach_screen
``` ```
* `hosts_rc_cleanup` - List of rc functions you do not want to run anymore. If you had previously activated a rc function in `hosts_rc_functions`, you can add it to `hosts_rc_cleanup` to disable it. * `hosts_git_repositories` - Clone git repositories.
``` yaml ``` yaml
# list of rc functions to cleanup (remove files) # git repositories to clone
# hosts_rc_cleanup: hosts_git_repositories:
# - 03_ssh_agent - { "repo": "https://github.com/aya/myos", "dest": "/src/com/github/aya/myos", "key_file": "~/.ssh/id_rsa", "version": "master" }
# - 04_attach_tmux
```
* `hosts_etc_bashrc` - The location of the /etc/bashrc file on the current distro
``` yaml
# location of /etc/bashrc
hosts_etc_bashrc: /etc/bashrc
``` ```
* `hosts_packages` - A list of packages to install on your servers. This list should be overrided for a specific distro. * `hosts_packages` - A list of packages to install on your servers. This list should be overrided for a specific distro.
@ -70,11 +52,101 @@ hosts_packages: []
``` yaml ``` yaml
# packages common to all distributions # packages common to all distributions
hosts_packages_common: hosts_packages_common:
- { "name": "bash", "state": "present" } - { "name": "bash", "state": "present" }
- { "name": "ca-certificates", "state": "present" } ```
- { "name": "rsync", "state": "present" }
- { "name": "screen", "state": "present" } * `hosts_packages_distro` - A list of packages to install on your servers. This list is specific to your distro.
- { "name": "tzdata", "state": "present" }
``` yaml
# packages specific to a distribution
hosts_packages_distro:
- { "name": "vim-nox", "state": "present" }
```
* `hosts_rc_functions` - List of user specific functions to run on ssh connection. Here you can add any function to be called when you connect to the host. Default functions are available in the /etc/profile.d/rc_functions.sh file.
``` yaml
# list of rc functions to call at user connection
hosts_rc_functions:
# load shell functions
- 00_source
# customize PROMPT variable
- 10_prompt_set
# customize PS1 variable
- 10_ps1_set
# create and/or attach a tmux session
- 20_tmux_attach
# display host infos
- 30_pfetch
# create and/or attach a screen session
- 30_screen_attach
# launch ssh agent and load private keys in ~/.ssh
- 40_ssh_add
```
* `hosts_rc_cleanup` - List of rc functions you do not want to run anymore. If you had previously activated a rc function in `hosts_rc_functions`, you can add it to `hosts_rc_cleanup` to disable it.
``` yaml
# list of rc functions to cleanup (remove files)
hosts_rc_cleanup:
- 01_custom_ps1
- 02_custom_prompt
- 03_ssh_agent
- 04_attach_tmux
- 05_attach_screen
```
* `hosts_ssh_authorized_keys` - A list of urls. Fetch ssh public keys from urls and add them to file ~/.ssh/authorized_keys of the ansible user.
``` yaml
# a list of urls to get ssh public keys
hosts_ssh_authorized_keys:
- https://github.com/aya.keys
```
* `hosts_ssh_bastion_hostname` - Hostname of ssh bastion. Needed to add myos-bastion to file ~/.ssh/myos/config of the ansible user.
``` yaml
# hostname of myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_bastion_hostname: 8.4.2.1
```
* `hosts_ssh_bastion_username` - Username of ssh bastion. Needed to add myos-bastion to file ~/.ssh/myos/config of the ansible user.
``` yaml
# hostname of myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_bastion_username: root
```
* `hosts_ssh_private_ip_range` - Ip range to pass through ssh bastion.
``` yaml
# ip range proxyfied through myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_private_ip_range: 10.* 192.168.42.*
```
* `hosts_ssh_private_keys` - A list of ssh private keys to copy. Default to ~/.ssh/id_rsa
``` yaml
# a list of urls to get ssh public keys
hosts_ssh_private_keys:
- ~/.ssh/id_rsa
```
* `hosts_ssh_public_hosts` - A list of host names to get ssh fingerprint
``` yaml
# a list of public hosts to add to ~/.ssh/known_hosts
hosts_ssh_public_hosts:
- github.com
- gitlab.com
```
* `hosts_ssh_username` - ssh user used to ssh on remote hosts
``` yaml
# ssh username to ssh on remote hosts
hosts_ssh_username: root
``` ```
## Example ## Example
@ -85,22 +157,6 @@ To launch this role on your `hosts` servers, run the default playbook.
$ ansible-playbook playbook.yml $ ansible-playbook playbook.yml
``` ```
It will install the following packages : bash, ca-certificates, rsync, screen, tzdata and vim (plus libselinux-python on redhat).
## Common configurations
This example configuration will add the [ssh keys from aya's github user](https://github.com/aya.keys) to your remote ~/.ssh/authorized_keys.
It will create a ~/.rc.d and touch 01_custom_ps1 and 02_attach_screen files into this directory, resulting in a customized PS1 and automaticaly attaching a screen on (re)connection on the remote server.
``` yaml
hosts_ssh_users:
- aya
hosts_enable_rc: true
hosts_rc_functions:
- 01_custom_ps1
- 02_attach_screen
```
## Tests ## Tests
To test this role on your `hosts` servers, run the tests/playbook.yml playbook. To test this role on your `hosts` servers, run the tests/playbook.yml playbook.

View File

@ -1,72 +1,7 @@
--- ---
# file: defaults/main.yml # file: defaults/main.yml
# enable cloud-init # cloud-init config
hosts_enable_cloudinit: false
# enable rc.local script
hosts_enable_local: false
# run user specific rc functions on ssh connection
hosts_enable_rc: false
# Activate zram swap devices on host
hosts_enable_zram: false
# git repositories to clone
hosts_git_repositories: []
# - { "repo": "ssh://git@github.com/aya/infra", "dest": "/src" }
# list of rc functions to call at user connection
hosts_rc_functions:
# customize PS1 variable
- 01_custom_ps1
# customize PROMPT variable
- 02_custom_prompt
# launch a ssh agent and load all private keys located in ~/.ssh
- 03_ssh_agent
# create and/or attach a tmux session
# - 04_attach_tmux
# create and/or attach a screen session
- 05_attach_screen
# display system information
- 06_pfetch
# list of rc functions to cleanup (remove files)
# hosts_rc_cleanup:
# - 03_ssh_agent
# - 04_attach_tmux
# packages to install
hosts_packages: []
# packages specific to a distribution
hosts_packages_distro: []
# packages common to all distributions
hosts_packages_common:
- { "name": "bash", "state": "present" }
- { "name": "ca-certificates", "state": "present" }
- { "name": "rsync", "state": "present" }
- { "name": "screen", "state": "present" }
- { "name": "tzdata", "state": "present" }
# a list of SSH private keys to copy
hosts_ssh_private_keys: []
# - ~/.ssh/id_rsa
# a list of public hosts keys to add to known_hosts
hosts_ssh_public_hosts_keys:
- { "name": "github.com", "key": "files/etc/ssh/github.com.pub" }
# a list of github usernames to get public keys
hosts_ssh_users: []
# - aya
# a list of environment variables to write to user ~/.env
hosts_user_env: []
# - SHELL
hosts_cloudinit_config: hosts_cloudinit_config:
users: users:
- default - default
@ -140,3 +75,72 @@ hosts_cloudinit_config:
templates_dir: /etc/cloud/templates/ templates_dir: /etc/cloud/templates/
ssh_svcname: sshd ssh_svcname: sshd
# enable cloud-init
hosts_enable_cloudinit: false
# enable rc.local script
hosts_enable_local: false
# run user specific rc functions on ssh connection
hosts_enable_rc: false
# Activate zram swap devices on host
hosts_enable_zram: false
# git repositories to clone
hosts_git_repositories: []
# packages to install
hosts_packages: []
# packages common to all distributions
hosts_packages_common:
- { "name": "bash", "state": "present" }
- { "name": "ca-certificates", "state": "present" }
- { "name": "curl", "state": "present" }
- { "name": "git", "state": "present" }
- { "name": "htop", "state": "present" }
- { "name": "less", "state": "present" }
- { "name": "lsof", "state": "present" }
- { "name": "make", "state": "present" }
- { "name": "rsync", "state": "present" }
- { "name": "screen", "state": "present" }
- { "name": "tmux", "state": "present" }
- { "name": "tzdata", "state": "present" }
# packages specific to a distribution
hosts_packages_distro: []
# list of rc functions to cleanup (remove files)
hosts_rc_cleanup: []
# list of rc functions to call at user connection
hosts_rc_functions:
- 10_prompt_set
- 10_ps1_set
- 30_pfetch
- 40_ssh_add
# a list of urls to get public keys to add to ~/.ssh/authorized_keys
hosts_ssh_authorized_keys: "{{ lookup('env','ANSIBLE_SSH_AUTHORIZED_KEYS').split(' ') }}"
# hostname of myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_bastion_hostname: "{{ lookup('env','ANSIBLE_SSH_BASTION_HOSTNAME') }}"
# username of myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_bastion_username: "{{ lookup('env','ANSIBLE_SSH_BASTION_USERNAME') or ansible_user }}"
# ip range proxyfied through myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_private_ip_range: "{{ lookup('env','ANSIBLE_SSH_PRIVATE_IP_RANGE') }}"
# a list of SSH private keys to copy
hosts_ssh_private_keys: "{{ lookup('env','ANSIBLE_SSH_PRIVATE_KEYS').split(' ') }}"
# a list of public hosts to add to known_hosts
hosts_ssh_public_hosts: "{{ lookup('env','ANSIBLE_SSH_PUBLIC_HOSTS').split(' ') }}"
# remote ssh user
hosts_ssh_username: "{{ lookup('env','ANSIBLE_SSH_USERNAME') or ansible_user }}"
# a list of environment variables to write to user ~/.env
hosts_user_env: []

View File

@ -0,0 +1,18 @@
# ~/.bash_profile: executed by the command interpreter for bash login shell.
[ -f ~/.profile ] && source ~/.profile
# bash-completion
if ! shopt -oq posix && [ -z "${BASH_COMPLETION_VERSINFO-}" ]; then
if [ ${BASH_VERSINFO[0]} -gt 4 ] \
|| [ ${BASH_VERSINFO[0]} -eq 4 -a ${BASH_VERSINFO[1]} -ge 1 ]; then
shopt -q progcomp && for file in \
/{*/local,usr}/share/bash-completion/bash_completion \
/etc/bash_completion; do
[ -r "$file" ] && . "$file"
done
fi
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ]; then
. "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion"
fi
fi

View File

@ -0,0 +1,7 @@
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
alias dir='dir --color=auto'
alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'

View File

@ -0,0 +1 @@
alias ctop='docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop:latest'

View File

@ -0,0 +1,38 @@
# ~/.profile: executed by the command interpreter for login shells.
# set -x
umask 027
# source ~/.*aliases and ~/.*functions files
for source in aliases functions; do
for file in "$HOME"/.*"$source"; do
[ -f "$file" ] || continue
# remove $HOME/. prefix from file
file="${file#${HOME}/.}"
# remove _$source suffix from $file
command="${file%_$source}"
# source file if command exists, ie ~/.bash_aliases
command -v "$command" >/dev/null 2>&1 && . "${HOME}/.$file"
# remove $source suffix from $file, ie ~/.aliases
command="${file%$source}"
# source file if command empty, ie ~/.aliases
[ -z "$command" ] && . "${HOME}/.$file"
done
done
# source ~/.*shrc
for file in "$HOME"/.*shrc; do
[ -f "$file" ] || continue
# remove $HOME/. prefix from file
file="${file#${HOME}/.}"
# source file if match current shell
[ "$(basename ${SHELL})" = "${file%rc}" ] && . "${HOME}/.$file"
done
# set PATH to include user's bin
for path in /*/local/sbin /*/local/bin /*/local/*/bin "${HOME}"/.*/bin; do
[ -d "$path" ] || continue
case ":${PATH}:" in
*:"$path":*) ;;
*) export PATH="${path}:$PATH" ;;
esac
done

View File

@ -0,0 +1,8 @@
alias DELETE='resty-delete'
alias GET='resty-get'
alias HEAD='resty-head'
alias OPTIONS='resty-options'
alias PATCH='resty-patch'
alias POST='resty-post'
alias PUT='resty-put'
alias TRACE='resty-trace'

View File

@ -0,0 +1,2 @@
gam () { "~/.gam/gam" "$@" ; }
gyb () { "~/.gyb/gyb" "$@" ; }

View File

@ -0,0 +1,5 @@
export EDITOR=vim
export GIT_PS1_SHOWUPSTREAM=auto
export GIT_PS1_SHOWDIRTYSTATE=true
export GIT_PS1_HIDE_IF_PWD_IGNORED=true
export PAGER=less

View File

@ -0,0 +1 @@
alias vi='vim'

View File

@ -1,11 +1,11 @@
# shellcheck shell=sh # shellcheck shell=sh
## rc.sh calls user defined functions # file rc.sh: Call user defined functions
# author: Yann "aya" Autissier ## author: Yann "aya" Autissier
# license: MIT ## license: MIT
# updated: 2021/03/04 ## version: 20210620
case $- in case $- in
# if we are in an interactive shell # if this is an interactive shell
*i*) *i*)
# load user stuff from ~/.rc.d/* files # load user stuff from ~/.rc.d/* files
for file in "${HOME}"/.rc.d/*; do for file in "${HOME}"/.rc.d/*; do
@ -41,3 +41,5 @@ case $- in
unset IFS unset IFS
;; ;;
esac esac
# vim:ts=2:sw=2:sts=2:et

View File

@ -1,10 +1,10 @@
# shellcheck shell=sh # shellcheck shell=sh
## rc_function.sh defines customs shell functions # file rc_functions.sh: Define shell functions
# author: Yann "aya" Autissier ## author: Yann "aya" Autissier
# license: MIT ## license: MIT
# updated: 2021/03/04 ## version: 20210620
## force() runs a command sine die # function force: Run a command sine die
force() { force() {
if [ $# -gt 0 ]; then if [ $# -gt 0 ]; then
while true; do while true; do
@ -14,7 +14,7 @@ force() {
fi fi
} }
## force8() runs a command sine die if not already running # function force8: Run a command sine die if not already running
force8() { force8() {
if [ $# -gt 0 ]; then if [ $# -gt 0 ]; then
while true; do while true; do
@ -38,13 +38,13 @@ force8() {
fi fi
} }
## load_average() prints the current load average # function load_average; Print the current load average
load_average() { load_average() {
awk '{printf "%.1f\n" $1}' /proc/loadavg 2>/dev/null\ awk '{printf "%.1f\n" $1}' /proc/loadavg 2>/dev/null\
|| uptime 2>/dev/null |awk '{printf "%.1f\n", $(NF-2)}' || uptime 2>/dev/null |awk '{printf "%.1f\n", $(NF-2)}'
} }
## process_count() prints number of "processes"/"running processes"/"D-state" # function process_count: Print number of "processes"/"running processes"/"D-state"
process_count() { process_count() {
ps ax -o stat 2>/dev/null |awk ' ps ax -o stat 2>/dev/null |awk '
$1 ~ /R/ {process_running++}; $1 ~ /R/ {process_running++};
@ -52,7 +52,7 @@ process_count() {
END { print NR-1"/"process_running+0"/"process_dstate+0; }' END { print NR-1"/"process_running+0"/"process_dstate+0; }'
} }
## prompt_set() exports custom PROMPT_COMMAND # function prompt_set: Export custom PROMPT_COMMAND
prompt_set() { prompt_set() {
case "${TERM}" in case "${TERM}" in
screen*) screen*)
@ -81,7 +81,7 @@ prompt_set() {
unset ESCAPE_CODE_DCS ESCAPE_CODE_ST unset ESCAPE_CODE_DCS ESCAPE_CODE_ST
} }
## ps1_set() exports custom PS1 # function ps1_set: Export custom PS1
ps1_set() { ps1_set() {
case "$0" in case "$0" in
*sh) *sh)
@ -164,7 +164,7 @@ ps1_set() {
PS1_USER PS1_USER_COLOR PS1_STATUS PS1_WORKDIR PS1_USER PS1_USER_COLOR PS1_STATUS PS1_WORKDIR
} }
## screen_attach() attaches existing screen session or creates a new one # function screen_attach: Attach existing screen session or Create a new one
screen_attach() { screen_attach() {
command -v screen >/dev/null 2>&1 || return command -v screen >/dev/null 2>&1 || return
SCREEN_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')" SCREEN_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')"
@ -182,12 +182,12 @@ screen_attach() {
unset SCREEN_SESSION unset SCREEN_SESSION
} }
## screen_detach() detaches current screen session # function screen_detach: Detach current screen session
screen_detach() { screen_detach() {
screen -d screen -d
} }
## ssh_add() loads all private keys in ~/.ssh/ to ssh agent # function ssh_add: Load all private keys in ~/.ssh/ to ssh agent
ssh_add() { ssh_add() {
command -v ssh-agent >/dev/null 2>&1 && command -v ssh-add >/dev/null 2>&1 || return command -v ssh-agent >/dev/null 2>&1 && command -v ssh-add >/dev/null 2>&1 || return
SSH_AGENT_DIR="/tmp/ssh-$(id -u)" SSH_AGENT_DIR="/tmp/ssh-$(id -u)"
@ -224,7 +224,7 @@ ssh_add() {
unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_AGENT_DIR SSH_AGENT_SOCK SSH_PRIVATE_KEYS unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_AGENT_DIR SSH_AGENT_SOCK SSH_PRIVATE_KEYS
} }
## ssh_del() removes all private keys in ~/.ssh/ from ssh agent # function ssh_del: removes all private keys in ~/.ssh/ from ssh agent
ssh_del() { ssh_del() {
command -v ssh-add >/dev/null 2>&1 || return command -v ssh-add >/dev/null 2>&1 || return
# attach to agent # attach to agent
@ -250,7 +250,7 @@ ssh_del() {
unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_PRIVATE_KEYS unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_PRIVATE_KEYS
} }
## tmux_attach() attaches existing tmux session or creates a new one # function tmux_attach: Attach existing tmux session or Create a new one
tmux_attach() { tmux_attach() {
command -v tmux >/dev/null 2>&1 || return command -v tmux >/dev/null 2>&1 || return
TMUX_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')" TMUX_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')"
@ -263,12 +263,12 @@ tmux_attach() {
unset TMUX_SESSION unset TMUX_SESSION
} }
## tmux_detach() detaches current tmux session # function tmux_detach: Detach current tmux session
tmux_detach() { tmux_detach() {
tmux detach tmux detach
} }
## user_count() prints number of "users sessions"/"users"/"logged users" # function user_count: Print number of "users sessions"/"users"/"logged users"
user_count() { user_count() {
ps ax -o user,tty 2>/dev/null |awk ' ps ax -o user,tty 2>/dev/null |awk '
$2 ~ /^(pts|tty)/ { users_session++; logged[$1]++; }; $2 ~ /^(pts|tty)/ { users_session++; logged[$1]++; };

View File

@ -1 +0,0 @@
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

View File

@ -7,10 +7,9 @@
when: hosts_enable_cloudinit|default(false) and ansible_os_family|lower != "alpine" when: hosts_enable_cloudinit|default(false) and ansible_os_family|lower != "alpine"
- name: cloudinit - install cloud-init packages - name: cloudinit - install cloud-init packages
apk: name="{{item.name}}" state="{{item.state}}"
apk: apk:
name: cloud-init name: "{{ item.name}}"
state: present state: "{{ item.state }}"
repository: repository:
- http://dl-cdn.alpinelinux.org/alpine/edge/main - http://dl-cdn.alpinelinux.org/alpine/edge/main
- http://dl-cdn.alpinelinux.org/alpine/edge/testing - http://dl-cdn.alpinelinux.org/alpine/edge/testing
@ -25,7 +24,7 @@
- name: cloudinit - update /etc/cloud/cloud.cfg - name: cloudinit - update /etc/cloud/cloud.cfg
template: template:
src: etc/cloud/cloud.cfg.j2 src: cloud.cfg.j2
dest: /etc/cloud/cloud.cfg dest: /etc/cloud/cloud.cfg
force: yes force: yes
when: hosts_enable_cloudinit|default(false) when: hosts_enable_cloudinit|default(false)

View File

@ -0,0 +1,15 @@
---
# file: tasks/dir.yml
- name: dir - create directories
with_items:
- ~/.config
- ~/.config/git
- ~/.ssh
- ~/.ssh/myos
- ~/.tmux
- ~/.tmux/myos
file:
path: "{{item}}"
state: directory

View File

@ -8,3 +8,4 @@
dest: "{{ item.dest|default('/src') }}" dest: "{{ item.dest|default('/src') }}"
key_file: "{{ item.key_file|default('~/.ssh/id_rsa') }}" key_file: "{{ item.key_file|default('~/.ssh/id_rsa') }}"
version: "{{ item.version|default('HEAD') }}" version: "{{ item.version|default('HEAD') }}"
become: yes

View File

@ -10,21 +10,24 @@
- import_tasks: cloudinit.yml - import_tasks: cloudinit.yml
tags: tags:
- cloudinit - cloudinit
- import_tasks: packages.yml - import_tasks: dir.yml
tags: tags:
- packages - dir
- import_tasks: ssh.yml
tags:
- ssh
- import_tasks: files.yml - import_tasks: files.yml
tags: tags:
- files - files
- import_tasks: git.yml - import_tasks: git.yml
tags: tags:
- git - git
- import_tasks: packages.yml
tags:
- packages
- import_tasks: service.yml - import_tasks: service.yml
tags: tags:
- service - service
- import_tasks: ssh.yml
tags:
- ssh
- import_tasks: user.yml - import_tasks: user.yml
tags: tags:
- user - user

View File

@ -1,24 +1,30 @@
--- ---
# file: tasks/ssh.yml # file: tasks/ssh.yml
- name: ssh - add keys to file ~/.ssh/authorized_keys - name: ssh - add ssh_authorized_keys to file ~/.ssh/authorized_keys
authorized_key: user="root" key=https://github.com/{{item}}.keys authorized_key: user="{{ ansible_user|default('root') }}" key="{{ item }}"
with_items: "{{hosts_ssh_users|default([])}}" with_items: "{{ hosts_ssh_authorized_keys|default([]) }}"
become: yes ignore_errors: true
- name: ssh - copy ssh private keys - name: ssh - add ssh_public_hosts keys to known_hosts
with_items: "{{hosts_ssh_private_keys|default([])}}" with_items: "{{ hosts_ssh_public_hosts|default([]) }}"
copy: src={{item}} dest=~/.ssh/ mode=0400
become: yes
- name: ssh - add public hosts keys to known_hosts
with_items: "{{hosts_ssh_public_hosts_keys|default([])}}"
known_hosts: known_hosts:
name: "{{item.name}}" name: "{{ item }}"
key: "{{ lookup('file', '{{item.key}}') }}" key: "{{ lookup('pipe', 'ssh-keyscan -t rsa -H ' + item) }}"
become: yes ignore_errors: true
- name: ssh - define configuration - name: ssh - copy ssh_private_keys to ~/.ssh/
with_items: "{{ hosts_ssh_private_keys|default([]) }}"
copy: src="{{ item }}" dest=~/.ssh/ mode=0400
ignore_errors: true
- name: ssh - update ~/.ssh/myos/config
template:
src: ssh_config.j2
dest: ~/.ssh/myos/config
mode: 0400
- name: ssh - define sshd configuration
set_fact: set_fact:
sshd_config: sshd_config:
- dest: /etc/conf.d/dropbear - dest: /etc/conf.d/dropbear
@ -27,22 +33,25 @@
- dest: /etc/ssh/sshd_config - dest: /etc/ssh/sshd_config
line: Banner /etc/issue.net line: Banner /etc/issue.net
regex: ^#?Banner regex: ^#?Banner
- dest: /etc/ssh/sshd_config
line: PermitRootLogin prohibit-password
regex: ^#?PermitRootLogin
- name: ssh - stat configuration file - name: ssh - stat sshd configuration file
changed_when: false changed_when: false
register: sshd_config_stat register: sshd_config_stat
stat: stat:
path: '{{item.dest}}' path: "{{ item.dest }}"
with_items: '{{sshd_config|default([])}}' with_items: "{{ sshd_config|default([]) }}"
- name: ssh - configure sshd - name: ssh - configure sshd
become: yes become: yes
lineinfile: lineinfile:
backrefs: true backrefs: true
dest: '{{item.0.dest}}' dest: "{{ item.0.dest }}"
line: '{{item.0.line}}' line: "{{ item.0.line }}"
regex: '{{item.0.regex}}' regex: "{{ item.0.regex }}"
with_together: with_together:
- '{{sshd_config|default([])}}' - "{{ sshd_config|default([]) }}"
- '{{sshd_config_stat.results}}' - "{{ sshd_config_stat.results }}"
when: item.1.stat.exists when: item.1.stat.exists

View File

@ -3,7 +3,7 @@
- name: user - create ~/.env - name: user - create ~/.env
template: template:
src: .env.j2 src: env.j2
dest: ~/.env dest: ~/.env
force: no force: no
mode: 0400 mode: 0400
@ -11,40 +11,49 @@
- name: user - create ~/.rc.d - name: user - create ~/.rc.d
file: path=~/.rc.d/ state={{hosts_enable_rc|default(false)|ternary('directory', 'absent')}} mode="0700" file: path=~/.rc.d/ state={{hosts_enable_rc|default(false)|ternary('directory', 'absent')}} mode="0700"
- name: user - activate rc functions - name: user - source /etc/profile.d/rc_functions.sh
with_items:
- /etc/profile.d/rc_functions.sh
lineinfile: dest=~/.rc.d/00_source create=yes line="{{ item }}" mode="0600"
when: hosts_enable_rc|default(false)
- name: user - enable rc functions
with_items: "{{hosts_rc_functions|default([])}}" with_items: "{{hosts_rc_functions|default([])}}"
file: path="~/.rc.d/{{item}}" state="touch" mode="0600" file: path="~/.rc.d/{{item}}" state="touch" mode="0600"
when: hosts_enable_rc|default(false) when: hosts_enable_rc|default(false)
- name: user - disable rc functions - name: user - disable rc functions
with_items: "{{hosts_rc_cleanup|default([])}}" with_items: "{{hosts_rc_cleanup|default([])}}"
file: path="~/.rc.d/{{item}}" state="absent" mode="0600" file: path="~/.rc.d/{{item}}" state="absent"
when: hosts_enable_rc|default(false) when: hosts_enable_rc|default(false)
- name: user - create directories - name: user - copy ~/.*aliases ~/.*functions ~/.*profile ~/.shrc
with_items: with_items:
- ~/.config - ".dircolors_aliases"
- ~/.config/git - ".docker_aliases"
file: - ".resty_aliases"
path: "{{item}}" - ".vim_aliases"
state: directory - ".sh_functions"
- ".bash_profile"
- ".profile"
- ".shrc"
copy: src=../files/{{item}} dest=~/{{item}} mode="0640" backup="yes"
- name: user - update ~/.bashrc
with_items:
- PS1="╭∩╮$PS1"
- unset user_count process_count
lineinfile: dest=~/.bashrc create=yes line='{{item}}'
- name: user - update ~/.config/git/ignore - name: user - update ~/.config/git/ignore
with_items: with_items:
- '.nfs*' - '.nfs*'
- '*~' - '*~'
- '*.log' - '*.log'
- '*.pyc'
- '*.swp' - '*.swp'
lineinfile: dest=~/.config/git/ignore create=yes line='{{item}}' lineinfile: dest=~/.config/git/ignore create=yes line='{{item}}'
- name: user - update ~/.profile
with_items:
- alias ctop='docker run --rm -ti --volume /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop:latest'
- alias vi='vim'
- export EDITOR='vim'
- export PAGER='less'
lineinfile: dest=~/.profile create=yes line='{{item}}'
- name: user - update ~/.screenrc - name: user - update ~/.screenrc
with_items: with_items:
- defscrollback 1024 - defscrollback 1024
@ -52,9 +61,31 @@
- shell -$SHELL - shell -$SHELL
lineinfile: dest=~/.screenrc create=yes line='{{item}}' lineinfile: dest=~/.screenrc create=yes line='{{item}}'
- name: user - update ~/.ssh/config
with_items:
- include myos/config
lineinfile: dest=~/.ssh/config create=yes line='{{item}}'
- name: user - update ~/.tmux.conf
with_items:
- source-file ~/.tmux/myos/config
lineinfile: dest=~/.tmux.conf create=yes line='{{item}}'
- name: user - update ~/.tmux/myos/config
template:
src: tmux_config.j2
dest: ~/.tmux/myos/config
mode: 0400
- name: user - update ~/.tmux/myos/session
template:
src: tmux_session.j2
dest: ~/.tmux/myos/session
mode: 0400
- name: user - update ~/.vimrc - name: user - update ~/.vimrc
with_items: with_items:
- :set et ai bg=dark sw=4 ts=4 encoding=utf-8 mouse="" - :set et ai bg=dark sw=2 ts=2 encoding=utf-8 mouse=""
- :syn on - :syn on
- :filetype plugin indent on - :filetype plugin indent on
lineinfile: dest=~/.vimrc create=yes line='{{item}}' lineinfile: dest=~/.vimrc create=yes line='{{item}}'

View File

@ -1,5 +1,4 @@
{% for var in hosts_user_env|default([]) %} {% for var in hosts_user_env|default([]) %}
{{var}}={{ lookup('env',var) }} {{var}}={{ lookup('env',var) }}
{% endfor %} {% endfor %}
ENV_USER_VARS={{hosts_user_env |default([]) |join(' ')}} DOCKER ENV_USER_VARS={{hosts_user_env |default([]) |join(' ')}}
DOCKER=false

View File

@ -0,0 +1,22 @@
Host *
LogLevel quiet
Compression yes
{% if hosts_ssh_bastion_hostname|length %}
Host myos-bastion
HostName {{ hosts_ssh_bastion_hostname }}
{% if hosts_ssh_bastion_username|length %}
User {{ hosts_ssh_bastion_username }}
{% endif %}
{% endif %}
{% if hosts_ssh_private_ip_range|length %}
Host {{ hosts_ssh_private_ip_range }}
{% if hosts_ssh_bastion_hostname|length %}
ProxyCommand ssh -q myos-bastion nc -q0 %h 22
{% endif %}
HostName %h
{% if hosts_ssh_username|length %}
User {{ hosts_ssh_username }}
{% endif %}
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
{% endif %}

View File

@ -0,0 +1,31 @@
# this is myos's tmux configuration !
bind r source-file ~/.tmux.conf\; display-message "tmux.conf reloaded!"
bind R move-window -r
bind C-s source ~/.tmux/myos/session
bind C-n switch-client -n\; refresh-client -S
bind C-p switch-client -p\; refresh-client -S
bind Escape copy-mode
bind Y run "tmux save-buffer - |xsel -i"
bind P run "xsel -o |tmux load-buffer -; tmux paste-buffer"
bind C-c run "tmux save-buffer - | xclip -i -sel clipboard >/dev/null"
bind C-v run "tmux set-buffer \"$(xclip -o -sel clipboard)\"; tmux paste-buffer"
bind -n S-down new-window
bind -n S-left prev
bind -n S-right next
bind -n C-left swap-window -t -1
bind -n C-right swap-window -t +1
set -g aggressive-resize on
set -g status-keys vi
set -g mode-keys vi
set -g monitor-activity on
set -g visual-activity on
set -g allow-rename on
set -g default-terminal "screen"
set -g history-limit 4242
set -g status-bg black
set -g status-fg white
set -g status-interval 60
set -g status-left-length 30
set -g status-left '<#[fg=green]#S#[default]> '
set -g status-right '#[fg=yellow] %d/%m %H:%M#[default]'
set -g update-environment "SSH_ASKPASS SSH_AUTH_SOCK SSH_CONNECTION"

View File

@ -0,0 +1 @@
run-shell "aws --region eu-west-1 ec2 describe-instances --no-paginate --query 'Reservations[*].Instances[*].[Tags[?Key==\`Name\`].Value,PrivateIpAddress]' --output text |sed '$!N;s/\\n/ /;/^None/d;' |awk '$2 ~ /^myos\.[0-9a-z]+\.\${USER}$/' |while read ip host; do env_user=\${host%myos.}; env=\$(host#.*); num=\$(echo \${ip} |tr . '\n' |awk '{n = n*256 + \$1} END {print n}'); tmux neww -t myos-\${env}:\${num} -n \${ip} '/bin/bash -cli \"force ssh \${ip}\"'; done"

View File

@ -1,10 +0,0 @@
file:
/etc/bashrc:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains:
- "source /etc/profile.d/bashrc.sh"

View File

@ -1,12 +0,0 @@
file:
/etc/profile.d/bashrc.sh:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains:
- /^function git_branch/
- /^function process_count/
- /^function load_average/

View File

@ -1,13 +0,0 @@
file:
/etc/bash.bashrc:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains:
- "source /etc/profile.d/bashrc.sh"
gossfile:
bash_common.yml: {}

View File

@ -0,0 +1,14 @@
file:
/etc/profile.d/rc.sh:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
/etc/profile.d/rc_functions.sh:
exists: true
mode: "0644"
owner: root
group: root
filetype: file

View File

@ -1,5 +1,4 @@
gossfile: gossfile:
file.yml: {}
package.yml: {} package.yml: {}
bash.yml: {} ssh.yml: {}
root.yml: {}
# ssh.yml: {}

View File

@ -0,0 +1,4 @@
gossfile:
file.yml: {}
package_alpine.yml: {}
ssh.yml: {}

View File

@ -1,5 +1,4 @@
gossfile: gossfile:
file.yml: {}
package_debian.yml: {} package_debian.yml: {}
bash_debian.yml: {} ssh.yml: {}
root.yml: {}
# ssh.yml: {}

View File

@ -1,5 +1,4 @@
gossfile: gossfile:
file.yml: {}
package_redhat.yml: {} package_redhat.yml: {}
bash.yml: {} ssh.yml: {}
root.yml: {}
# ssh.yml: {}

View File

@ -1,5 +1,25 @@
gossfile:
package_common.yml: {}
package: package:
vim: bash:
installed: true
ca-certificates:
installed: true
curl:
installed: true
git:
installed: true
htop:
installed: true
less:
installed: true
lsof:
installed: true
make:
installed: true
rsync:
installed: true
screen:
installed: true
tmux:
installed: true
tzdata:
installed: true installed: true

View File

@ -1,11 +1,13 @@
gossfile:
package.yml: {}
package: package:
bash: coreutils:
installed: true installed: true
ca-certificates: groff:
installed: true installed: true
screen: openssh-client:
installed: true installed: true
rsync: util-linux:
installed: true installed: true
tzdata: vim:
installed: true installed: true

View File

@ -1,5 +1,13 @@
gossfile: gossfile:
package_common.yml: {} package.yml: {}
package: package:
coreutils:
installed: true
groff:
installed: true
openssh-client:
installed: true
util-linux:
installed: true
vim-nox: vim-nox:
installed: true installed: true

View File

@ -1,5 +1,11 @@
gossfile: gossfile:
package_common.yml: {} package.yml: {}
package: package:
groff-base:
installed: true
libselinux-python:
installed: true
openssh-clients:
installed: true
vim-minimal: vim-minimal:
installed: true installed: true

View File

@ -1,9 +0,0 @@
file:
/root/.screenrc:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains:
- /^hardstatus alwayslastline/

View File

@ -7,11 +7,3 @@ file:
filetype: file filetype: file
contains: contains:
- /^PermitRootLogin prohibit-password/ - /^PermitRootLogin prohibit-password/
/root/.ssh/authorized_keys:
exists: true
mode: "0600"
owner: root
group: root
filetype: file
contains:
- "Jpb0EeFEebgvi7Kpp6gpIXKFEeuuE"

View File

@ -0,0 +1,10 @@
---
# file vars/alpine.yml
hosts_packages_distro:
- { "name": "coreutils", "state": "present" }
- { "name": "groff", "state": "present" }
- { "name": "openssh-client", "state": "present" }
- { "name": "util-linux", "state": "present" }
- { "name": "vim", "state": "present" }

View File

@ -2,5 +2,9 @@
# file vars/debian.yml # file vars/debian.yml
hosts_packages_distro: hosts_packages_distro:
- { "name": "coreutils", "state": "present" }
- { "name": "groff", "state": "present" }
- { "name": "openssh-client", "state": "present" }
- { "name": "util-linux", "state": "present" }
- { "name": "vim-nox", "state": "present" } - { "name": "vim-nox", "state": "present" }

View File

@ -1,4 +1,4 @@
hosts_packages_distro: [] hosts_packages_distro: []
hosts_packages_common: [] hosts_packages_common: []
hosts_ssh_users: [] hosts_ssh_authorized_keys: []

View File

@ -2,6 +2,8 @@
# file vars/redhat.yml # file vars/redhat.yml
hosts_packages_distro: hosts_packages_distro:
- { "name": "vim", "state": "present" } - { "name": "groff-base", "state": "present" }
- { "name": "libselinux-python", "state": "present" } - { "name": "libselinux-python", "state": "present" }
- { "name": "openssh-clients", "state": "present" }
- { "name": "vim-minimal", "state": "present" }

View File

@ -17,7 +17,7 @@ aws-deploy:
.PHONY: aws-docker-login .PHONY: aws-docker-login
aws-docker-login: aws-ecr-get-login aws-docker-login: aws-ecr-get-login
# target aws-ecr-get-login: Exec 'Call aws ecr get-login' # target aws-ecr-get-login: Call aws ecr get-login
.PHONY: aws-ecr-get-login .PHONY: aws-ecr-get-login
aws-ecr-get-login: aws-ecr-get-login:
$(eval IGNORE_DRYRUN := true) $(eval IGNORE_DRYRUN := true)

View File

@ -43,7 +43,7 @@ ARG SHELL=/bin/bash
ARG SSH_BASTION_HOSTNAME ARG SSH_BASTION_HOSTNAME
ARG SSH_BASTION_USERNAME ARG SSH_BASTION_USERNAME
ARG SSH_PRIVATE_IP_RANGE ARG SSH_PRIVATE_IP_RANGE
ARG SSH_PUBLIC_HOST_KEYS ARG SSH_PUBLIC_HOSTS
ARG UID ARG UID
ARG USER ARG USER
ENV UID=${UID} ENV UID=${UID}
@ -110,7 +110,7 @@ WORKDIR /home/$USER
# git config # git config
RUN mkdir -p ~/.ssh ~/.config/git \ RUN mkdir -p ~/.ssh ~/.config/git \
&& ssh-keyscan -t rsa -H ${SSH_PUBLIC_HOST_KEYS} >> ~/.ssh/known_hosts \ && ssh-keyscan -t rsa -H ${SSH_PUBLIC_HOSTS} >> ~/.ssh/known_hosts \
&& echo -e "\ && echo -e "\
.DS_Store\n\ .DS_Store\n\
.idea/\n\ .idea/\n\

View File

@ -14,16 +14,17 @@ WORKDIR /go/src/github.com/gliderlabs/registrator/
RUN \ RUN \
apk add --no-cache curl git \ apk add --no-cache curl git \
&& git clone https://github.com/gliderlabs/registrator/ . \ && git clone https://github.com/gliderlabs/registrator/ . \
&& git reset --hard da90d170da9dd7e1a8d9a13429d44686dc3d118f \ # TEMPORARY DISABLED - TODO: check with new upstream master
# -useIpFromNetwork command line option \ # && git reset --hard da90d170da9dd7e1a8d9a13429d44686dc3d118f \
&& git fetch origin pull/596/head \ # # -useIpFromNetwork command line option \
&& git merge --no-edit 8d904c60949e310893a25c8af3636b0151334dd4 \ # && git fetch origin pull/596/head \
# convert check.Script to check.Args \ # && git merge --no-edit 8d904c60949e310893a25c8af3636b0151334dd4 \
&& git fetch origin pull/627/head \ # # convert check.Script to check.Args \
&& git merge --no-edit ed053c364e3ba941aeca9ab0d8791b051ff4dede \ # && git fetch origin pull/627/head \
# skip tls verification \ # && git merge --no-edit ed053c364e3ba941aeca9ab0d8791b051ff4dede \
&& git fetch origin pull/661/head \ # # skip tls verification \
&& git merge --no-edit 38fc83ac07b4a070be71079cb810429d94a60205 \ # && git fetch origin pull/661/head \
# && git merge --no-edit 38fc83ac07b4a070be71079cb810429d94a60205 \
&& curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh \ && curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh \
&& dep ensure -vendor-only \ && dep ensure -vendor-only \
&& CGO_ENABLED=0 GOOS=linux go build \ && CGO_ENABLED=0 GOOS=linux go build \

View File

@ -166,7 +166,7 @@ ARG UID
ARG GID ARG GID
ARG SSH_BASTION_HOSTNAME ARG SSH_BASTION_HOSTNAME
ARG SSH_BASTION_USERNAME ARG SSH_BASTION_USERNAME
ARG SSH_PUBLIC_HOST_KEYS ARG SSH_PUBLIC_HOSTS
ARG SSH_PRIVATE_IP_RANGE ARG SSH_PRIVATE_IP_RANGE
ARG USER ARG USER
ENV UID=${UID} ENV UID=${UID}
@ -237,7 +237,7 @@ RUN yarn --cache-folder ./ycache && rm -rf ./ycache \
# git config # git config
RUN mkdir -p ~/.ssh ~/.config/git \ RUN mkdir -p ~/.ssh ~/.config/git \
&& ssh-keyscan -t rsa -H ${SSH_PUBLIC_HOST_KEYS} >> ~/.ssh/known_hosts \ && ssh-keyscan -t rsa -H ${SSH_PUBLIC_HOSTS} >> ~/.ssh/known_hosts \
&& echo -e "\ && echo -e "\
.DS_Store\n\ .DS_Store\n\
.idea/\n\ .idea/\n\

View File

@ -9,20 +9,11 @@ bootstrap: bootstrap-git bootstrap-docker app-bootstrap ## Update application fi
# target bootstrap-docker: Build and start application dockers # target bootstrap-docker: Build and start application dockers
# on local host # on local host
.PHONY: boostrap-docker .PHONY: boostrap-docker
bootstrap-docker: docker-network-create bootstrap-docker: install-bin-docker docker-network-create
$(call make,docker-compose-up)
# target bootstrap-git: Fire update-app # target bootstrap-git: Fire update-app
.PHONY: bootstrap-git .PHONY: bootstrap-git
bootstrap-git: update-app bootstrap-git: install-bin-git
# target bootstrap-git-%: Clone GIT_REPOSITORY in folder %
# on local host
.PHONY: bootstrap-git-%
bootstrap-git-%:
if ! git config remote.origin.url > /dev/null ; \
then git clone $(QUIET) $(GIT_REPOSITORY) $*; \
fi
# target build: Build application docker images to run # target build: Build application docker images to run
# on local host # on local host
@ -45,7 +36,7 @@ build@%: myos-base
# target clean: Clean application and docker images # target clean: Clean application and docker images
# on local host # on local host
.PHONY: clean app-clean .PHONY: clean app-clean
clean: app-clean docker-rm docker-image-rm docker-volume-rm .env-clean ## Clean application and docker stuffs clean: app-clean docker-rm docker-images-rm docker-volume-rm .env-clean ## Clean application and docker stuffs
# target clean@%: Clean deployed application and docker images of % ENV # target clean@%: Clean deployed application and docker images of % ENV
# on local host # on local host
@ -98,7 +89,7 @@ exec@%:
# target install app-install: Install application # target install app-install: Install application
# on local host # on local host
.PHONY: install app-install .PHONY: install app-install
install: update-app app-install ## Install application install: bootstrap app-install ## Install application
# target logs: Display application dockers logs # target logs: Display application dockers logs
# on local host # on local host

View File

@ -1,8 +1,8 @@
BUILD_AUTHOR ?= $(DOCKER_AUTHOR) BUILD_AUTHOR ?= $(DOCKER_AUTHOR)
BUILD_DATE ?= $(shell TZ=UTC date "+%Y%m%dT%H%M%SZ" 2>/dev/null) BUILD_DATE ?= $(shell TZ=UTC date "+%Y%m%dT%H%M%SZ" 2>/dev/null)
BUILD_DESCRIPTION ?= Lot of Love BUILD_DESCRIPTION ?= Lot of Love
BUILD_DOCUMENTATION ?= $(if $(wildcard README.md),$(APP_REPOSITORY)/blob/$(COMMIT)/README.md) BUILD_DOCUMENTATION ?= $(if $(wildcard README.md),$(APP_REPOSITORY_URL)/blob/$(COMMIT)/README.md)
BUILD_ENV_VARS ?= APP BRANCH BUILD_DATE BUILD_STATUS COMMIT DEPLOY_HOOK_URL ENV VERSION BUILD_ENV_VARS ?= APP BRANCH BUILD_DATE BUILD_STATUS COMMIT DEPLOY_HOOK_URL ENV UID USER VERSION
BUILD_LABEL_VARS ?= org.label-schema.% org.opencontainers.% os.my.% BUILD_LABEL_VARS ?= org.label-schema.% org.opencontainers.% os.my.%
BUILD_LABEL_ARGS ?= $(foreach var,$(filter $(BUILD_LABEL_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),$(var)='$($(var))')) BUILD_LABEL_ARGS ?= $(foreach var,$(filter $(BUILD_LABEL_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),$(var)='$($(var))'))
BUILD_LICENSE ?= GPL-3.0 BUILD_LICENSE ?= GPL-3.0
@ -19,17 +19,17 @@ org.label-schema.schema-version ?= 1.0
org.label-schema.url ?= $(APP_URL) org.label-schema.url ?= $(APP_URL)
org.label-schema.usage ?= $(BUILD_DOCUMENTATION) org.label-schema.usage ?= $(BUILD_DOCUMENTATION)
org.label-schema.vcs-ref ?= $(COMMIT) org.label-schema.vcs-ref ?= $(COMMIT)
org.label-schema.vcs-url ?= $(APP_REPOSITORY) org.label-schema.vcs-url ?= $(APP_REPOSITORY_URL)
org.label-schema.vendor ?= $(BUILD_AUTHOR) org.label-schema.vendor ?= $(BUILD_AUTHOR)
org.label-schema.version ?= $(VERSION) org.label-schema.version ?= $(VERSION)
org.opencontainers.image.created ?= $(BUILD_DATE) org.opencontainers.image.created ?= $(BUILD_DATE)
org.opencontainers.image.revision ?= $(COMMIT) org.opencontainers.image.revision ?= $(COMMIT)
org.opencontainers.image.source ?= $(APP_REPOSITORY) org.opencontainers.image.source ?= $(APP_REPOSITORY_URL)
org.opencontainers.image.url ?= $(APP_URL) org.opencontainers.image.url ?= $(APP_URL)
org.opencontainers.image.vendor ?= $(BUILD_AUTHOR) org.opencontainers.image.vendor ?= $(BUILD_AUTHOR)
org.opencontainers.image.version ?= $(VERSION) org.opencontainers.image.version ?= $(VERSION)
org.opencontainers.image.url ?= $(APP_URL) org.opencontainers.image.url ?= $(APP_URL)
org.opencontainers.image.source ?= $(APP_REPOSITORY) org.opencontainers.image.source ?= $(APP_REPOSITORY_URL)
org.opencontainers.image.version ?= $(VERSION) org.opencontainers.image.version ?= $(VERSION)
org.opencontainers.image.revision ?= $(COMMIT) org.opencontainers.image.revision ?= $(COMMIT)
org.opencontainers.image.vendor ?= $(BUILD_AUTHOR) org.opencontainers.image.vendor ?= $(BUILD_AUTHOR)

View File

@ -47,7 +47,7 @@ DOCKER_SERVICES ?= $(eval IGNORE_DRYRUN := true)$(shell $(call d
DOCKER_SHELL ?= $(SHELL) DOCKER_SHELL ?= $(SHELL)
ENV_VARS += COMPOSE_PROJECT_NAME COMPOSE_SERVICE_NAME DOCKER_BUILD_TARGET DOCKER_GID DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_REPOSITORY DOCKER_SHELL ENV_VARS += COMPOSE_PROJECT_NAME COMPOSE_SERVICE_NAME DOCKER_BUILD_TARGET DOCKER_GID DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_REPOSITORY DOCKER_SHELL
ifeq ($(DOCKER), true) ifneq ($(DOCKER_RUN),)
DOCKER_COMPOSE ?= docker/compose:$(COMPOSE_VERSION) DOCKER_COMPOSE ?= docker/compose:$(COMPOSE_VERSION)
else else
DOCKER_COMPOSE ?= $(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose) DOCKER_COMPOSE ?= $(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)

View File

@ -5,13 +5,19 @@ APP_HOST ?= $(APP)$(addprefix .,$(APP_DOMAIN))
APP_INSTALLED ?= $(APPS) APP_INSTALLED ?= $(APPS)
APP_PARENT ?= $(MONOREPO) APP_PARENT ?= $(MONOREPO)
APP_PARENT_DIR ?= $(MONOREPO_DIR) APP_PARENT_DIR ?= $(MONOREPO_DIR)
APP_PATH ?= /$(APP_PATH_PREFIX) APP_PATH += $(APP_PATH_PREFIX)
APP_REPOSITORY ?= $(GIT_REPOSITORY) APP_REPOSITORY ?= $(APP_REPOSITORY_URL)
APP_REPOSITORY_HOST ?= $(shell printf '$(APP_REPOSITORY_URI)\n' |sed 's|/.*||;s|.*@||')
APP_REPOSITORY_PATH ?= $(shell printf '$(APP_REPOSITORY_URI)\n' |sed 's|[^/]*/||;')
APP_REPOSITORY_SCHEME ?= $(shell printf '$(APP_REPOSITORY_URL)\n' |sed 's|://.*||;')
APP_REPOSITORY_URI ?= $(shell printf '$(APP_REPOSITORY_URL)\n' |sed 's|.*://||;')
APP_REPOSITORY_URL ?= $(GIT_REPOSITORY)
APP_REQUIRED ?= $(APP_REPOSITORY) APP_REQUIRED ?= $(APP_REPOSITORY)
APP_SCHEME ?= https APP_SCHEME ?= https
APP_UPSTREAM_REPOSITORY ?= $(or $(shell git config --get remote.upstream.url 2>/dev/null),$(GIT_UPSTREAM_REPOSITORY)) APP_UPSTREAM_REPOSITORY ?= $(or $(shell git config --get remote.upstream.url 2>/dev/null),$(GIT_UPSTREAM_REPOSITORY))
APP_URI ?= $(APP_HOST)$(APP_PATH) APP_URI ?= $(APP_HOST)/$(APP_PATH)
APP_URL ?= $(APP_SCHEME)://$(APP_URI) APP_URL ?= $(APP_SCHEME)://$(APP_URI)
CONTEXT += APP APPS BRANCH DOMAIN VERSION RELEASE
CONTEXT_DEBUG += APP_DIR APP_URL APP_REPOSITORY APP_UPSTREAM_REPOSITORY ENV_DEPLOY CONTEXT_DEBUG += APP_DIR APP_URL APP_REPOSITORY APP_UPSTREAM_REPOSITORY ENV_DEPLOY
ENV_DEPLOY ?= $(shell ls .git/refs/remotes/origin/ 2>/dev/null) ENV_DEPLOY ?= $(shell ls .git/refs/remotes/origin/ 2>/dev/null)
ENV_VARS += APP_DIR APP_DOMAIN APP_HOST APP_PATH APP_URL CONSUL_HTTP_TOKEN $(if $(filter true,$(MOUNT_NFS)),NFS_CONFIG) ENV_VARS += APP_DIR APP_DOMAIN APP_HOST APP_PATH APP_URL CONSUL_HTTP_TOKEN $(if $(filter true,$(MOUNT_NFS)),NFS_CONFIG)

View File

@ -122,7 +122,7 @@ docker-images-rm:
docker-images-rm-%: docker-images-rm-%:
docker images |awk '$$1 ~ /^$(subst /,\/,$*)/ {print $$3}' |sort -u |while read image; do $(RUN) docker rmi -f $$image; done docker images |awk '$$1 ~ /^$(subst /,\/,$*)/ {print $$3}' |sort -u |while read image; do $(RUN) docker rmi -f $$image; done
# target docker-login: Exec 'docker login' # target docker-login: Run 'docker login'
.PHONY: docker-login .PHONY: docker-login
docker-login: myos-base docker-login: myos-base
$(RUN) docker login $(RUN) docker login
@ -131,7 +131,7 @@ docker-login: myos-base
.PHONY: docker-network-create .PHONY: docker-network-create
docker-network-create: docker-network-create-$(DOCKER_NETWORK) docker-network-create: docker-network-create-$(DOCKER_NETWORK)
# target docker-network-create-%: Exec 'docker network create %' # target docker-network-create-%: Run 'docker network create %'
.PHONY: docker-network-create-% .PHONY: docker-network-create-%
docker-network-create-%: docker-network-create-%:
if [ -z "$(shell docker network ls -q --filter name='^$*$$' 2>/dev/null)" ]; then \ if [ -z "$(shell docker network ls -q --filter name='^$*$$' 2>/dev/null)" ]; then \
@ -142,18 +142,25 @@ docker-network-create-%:
.PHONY: docker-network-rm .PHONY: docker-network-rm
docker-network-rm: docker-network-rm-$(DOCKER_NETWORK) docker-network-rm: docker-network-rm-$(DOCKER_NETWORK)
# target docker-network-rm-%: Remove docker network % # target docker-network-rm-%: Run 'docker network rm %'
.PHONY: docker-network-rm-% .PHONY: docker-network-rm-%
docker-network-rm-%: docker-network-rm-%:
if [ -n "$(shell docker network ls -q --filter name='^$*$$' 2>/dev/null)" ]; then \ if [ -n "$(shell docker network ls -q --filter name='^$*$$' 2>/dev/null)" ]; then \
$(RUN) docker network rm $* >/dev/null \ $(RUN) docker network rm $* >/dev/null \
&& $(or $(call INFO,docker network $* removed), true); fi \ && $(or $(call INFO,docker network $* removed), true); fi \
# target docker-plugin-install: Exec 'docker plugin install DOCKER_PLUGIN_OPTIONS DOCKER_PLUGIN' # target docker-plugin-install: Run 'docker plugin install DOCKER_PLUGIN_OPTIONS DOCKER_PLUGIN'
.PHONY: docker-plugin-install .PHONY: docker-plugin-install
docker-plugin-install: docker-plugin-install:
$(eval docker_plugin_state := $(shell docker plugin ls | awk '$$2 == "$(DOCKER_PLUGIN)" {print $$NF}') ) $(eval docker_plugin_state := $(shell docker plugin ls | awk '$$2 == "$(DOCKER_PLUGIN)" {print $$NF}') )
$(if $(docker_plugin_state),$(if $(filter $(docker_plugin_state),false),printf "Enabling docker plugin $(DOCKER_PLUGIN) ... " && $(RUN) docker plugin enable $(DOCKER_PLUGIN) >/dev/null 2>&1 && printf "done\n" || printf "ERROR\n"),printf "Installing docker plugin $(DOCKER_PLUGIN) ... " && $(RUN) docker plugin install $(DOCKER_PLUGIN_OPTIONS) $(DOCKER_PLUGIN) $(DOCKER_PLUGIN_ARGS) >/dev/null 2>&1 && printf "done\n" || printf "ERROR\n") $(if $(docker_plugin_state),\
$(if $(filter $(docker_plugin_state),false),\
$(RUN) docker plugin enable $(DOCKER_PLUGIN) >/dev/null 2>&1 \
&& $(or $(call INFO,docker plugin $(DOCKER_PLUGIN) enabled), true) \
), \
$(RUN) docker plugin install $(DOCKER_PLUGIN_OPTIONS) $(DOCKER_PLUGIN) $(DOCKER_PLUGIN_ARGS) >/dev/null 2>&1 \
&& $(or $(call INFO,docker plugin $(DOCKER_PLUGIN) installed), true) \
)
# target docker-push: Call docker-push for each SERVICES # target docker-push: Call docker-push for each SERVICES
.PHONY: docker-push .PHONY: docker-push
@ -205,7 +212,7 @@ docker-run-%: docker-build-%
$(eval path := $(patsubst %/,%,$*)) $(eval path := $(patsubst %/,%,$*))
$(eval image := $(DOCKER_REPOSITORY)/$(lastword $(subst /, ,$(path)))$(if $(findstring :,$*),,:$(DOCKER_IMAGE_TAG))) $(eval image := $(DOCKER_REPOSITORY)/$(lastword $(subst /, ,$(path)))$(if $(findstring :,$*),,:$(DOCKER_IMAGE_TAG)))
$(eval image_id := $(shell docker images -q $(image) 2>/dev/null)) $(eval image_id := $(shell docker images -q $(image) 2>/dev/null))
$(call docker-run,$(command),$(if $(image_id),$(image),$(path))) $(call docker-run,$(RUN) $(command),$(if $(image_id),$(image),$(path)))
# target docker-tag: Call docker-tag for each SERVICES # target docker-tag: Call docker-tag for each SERVICES
.PHONY: docker-tag .PHONY: docker-tag

View File

@ -9,11 +9,11 @@
.PHONY: install-mysql-database-% .PHONY: install-mysql-database-%
install-mysql-database-%: $(if $(DOCKER_RUN),myos-base) install-mysql-database-%: $(if $(DOCKER_RUN),myos-base)
$(call exec,mysql -h mysql -u root -proot $* -e "use $*" >/dev/null 2>&1) \ $(call exec,mysql -h mysql -u root -proot $* -e "use $*" >/dev/null 2>&1) \
|| $(RUN) $(call exec,mysql -h mysql -u root -proot mysql -e "create database $* character set utf8 collate utf8_unicode_ci;") || $(call exec,$(RUN) mysql -h mysql -u root -proot mysql -e "create database $* character set utf8 collate utf8_unicode_ci;")
$(call exec,mysql -h mysql -u $* -p$* $* -e "use $*" >/dev/null 2>&1) \ $(call exec,mysql -h mysql -u $* -p$* $* -e "use $*" >/dev/null 2>&1) \
|| $(RUN) $(call exec,mysql -h mysql -u root -proot mysql -e "grant all privileges on $*.* to '$*'@'%' identified by '$*'; flush privileges;") || $(call exec,$(RUN) mysql -h mysql -u root -proot mysql -e "grant all privileges on $*.* to '$*'@'%' identified by '$*'; flush privileges;")
$(call exec,sh -c '[ $$(mysql -h mysql -u $* -p$* $* -e "show tables" 2>/dev/null |wc -l) -eq 0 ] && [ -f "${APP_DIR}/$*.mysql.gz" ]') \ $(call exec,sh -c '[ $$(mysql -h mysql -u $* -p$* $* -e "show tables" 2>/dev/null |wc -l) -eq 0 ] && [ -f "${APP_DIR}/$*.mysql.gz" ]') \
&& $(RUN) $(call exec,sh -c 'gzip -cd "${APP_DIR}/$*.mysql.gz" |mysql -h mysql -u root -proot $*') \ && $(call exec,$(RUN) sh -c 'gzip -cd "${APP_DIR}/$*.mysql.gz" |mysql -h mysql -u root -proot $*') \
||: ||:
# target install-pgsql-database-%: Import %.pgsql.gz to database % # target install-pgsql-database-%: Import %.pgsql.gz to database %
@ -24,14 +24,14 @@ install-mysql-database-%: $(if $(DOCKER_RUN),myos-base)
.PHONY: install-pgsql-database-% .PHONY: install-pgsql-database-%
install-pgsql-database-%: myos-base install-pgsql-database-%: myos-base
$(call exec,PGPASSWORD=$* psql -h postgres -U $* template1 -c "\q" >/dev/null 2>&1) \ $(call exec,PGPASSWORD=$* psql -h postgres -U $* template1 -c "\q" >/dev/null 2>&1) \
|| $(RUN) $(call exec,PGPASSWORD=postgres psql -h postgres -U postgres -c "create user $* with createdb password '$*';") || $(call exec,$(RUN) PGPASSWORD=postgres psql -h postgres -U postgres -c "create user $* with createdb password '$*';")
$(call exec,PGPASSWORD=$* psql -h postgres -U $* -d $* -c "" >/dev/null 2>&1) \ $(call exec,PGPASSWORD=$* psql -h postgres -U $* -d $* -c "" >/dev/null 2>&1) \
|| $(RUN) $(call exec,PGPASSWORD=postgres psql -h postgres -U postgres -c "create database $* owner $* ;") || $(call exec,$(RUN) PGPASSWORD=postgres psql -h postgres -U postgres -c "create database $* owner $* ;")
$(call exec,[ $$(PGPASSWORD=$* psql -h postgres -U $* -d $* -c "\d" 2>/dev/null |wc -l) -eq 0 ] && [ -f "${APP_DIR}/$*.pgsql.gz" ]) \ $(call exec,[ $$(PGPASSWORD=$* psql -h postgres -U $* -d $* -c "\d" 2>/dev/null |wc -l) -eq 0 ] && [ -f "${APP_DIR}/$*.pgsql.gz" ]) \
&& $(RUN) $(call exec,sh -c 'gzip -cd "${APP_DIR}/$*.pgsql.gz" |PGPASSWORD="postgres" psql -h postgres -U postgres -d $*') \ && $(call exec,$(RUN) sh -c 'gzip -cd "${APP_DIR}/$*.pgsql.gz" |PGPASSWORD="postgres" psql -h postgres -U postgres -d $*') \
||: ||:
$(call exec,[ $$(PGPASSWORD=$* psql -h postgres -U $* -d $* -c "\d" 2>/dev/null |wc -l) -eq 0 ] && [ -f "${APP_DIR}/$*.pgsql" ]) \ $(call exec,[ $$(PGPASSWORD=$* psql -h postgres -U $* -d $* -c "\d" 2>/dev/null |wc -l) -eq 0 ] && [ -f "${APP_DIR}/$*.pgsql" ]) \
&& $(RUN) $(call exec,sh -c 'PGPASSWORD="postgres" psql -h postgres -U postgres -c "ALTER ROLE $* WITH SUPERUSER" && PGPASSWORD="postgres" pg_restore -h postgres --no-owner --role=$* -U postgres -d $* ${APP_DIR}/$*.pgsql && PGPASSWORD="postgres" psql -h postgres -U postgres -c "ALTER ROLE $* WITH NOSUPERUSER"') \ && $(call exec,$(RUN) sh -c 'PGPASSWORD="postgres" psql -h postgres -U postgres -c "ALTER ROLE $* WITH SUPERUSER" && PGPASSWORD="postgres" pg_restore -h postgres --no-owner --role=$* -U postgres -d $* ${APP_DIR}/$*.pgsql && PGPASSWORD="postgres" psql -h postgres -U postgres -c "ALTER ROLE $* WITH NOSUPERUSER"') \
||: ||:
# target install-build-config: Call install-config with file * and dest build # target install-build-config: Call install-config with file * and dest build

View File

@ -4,6 +4,6 @@ ENV_VARS += COMPOSE_IGNORE_ORPHANS DOCKER_IMAGE_CLI DOCKE
HOME ?= /home/$(USER) HOME ?= /home/$(USER)
NFS_DISK ?= $(NFS_HOST):/$(notdir $(SHARED)) NFS_DISK ?= $(NFS_HOST):/$(notdir $(SHARED))
NFS_OPTIONS ?= rw,rsize=8192,wsize=8192,bg,hard,intr,nfsvers=3,noatime,nodiratime,actimeo=3 NFS_OPTIONS ?= rw,rsize=8192,wsize=8192,bg,hard,intr,nfsvers=3,noatime,nodiratime,actimeo=3
NFS_PATH ?= /srv/$(subst :,,$(NFS_DISK)) NFS_PATH ?= /srv/$(subst $(space),/,$(strip $(call reverse,$(subst ., ,$(NFS_HOST)))))$(subst ..,,$(SHARED))
SHELL ?= /bin/sh SHELL ?= /bin/sh
STACK ?= base STACK ?= base

View File

@ -1,11 +1,15 @@
DOCKER_BUILD_VARS += $(SSH_ENV_VARS) DOCKER_BUILD_VARS += $(SSH_ENV_VARS)
ENV_VARS += $(SSH_ENV_VARS) ENV_VARS += $(SSH_ENV_VARS)
SSH_AUTHORIZED_KEYS ?= $(SSH_GITHUB_AUTHORIZED_KEYS)
SSH_BASTION_HOSTNAME ?= SSH_BASTION_HOSTNAME ?=
SSH_BASTION_USERNAME ?= SSH_BASTION_USERNAME ?= $(SSH_USER)
SSH_ENV_VARS ?= SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PUBLIC_HOST_KEYS SSH_PRIVATE_IP_RANGE SSH_ENV_VARS ?= SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PUBLIC_HOSTS SSH_PRIVATE_IP_RANGE SSH_USER
SSH_PUBLIC_HOST_KEYS ?= $(SSH_REMOTE_HOSTS) $(SSH_BASTION_HOSTNAME) SSH_GITHUB_AUTHORIZED_KEYS ?= $(patsubst %,https://github.com/%,$(patsubst %,%.keys,$(SSH_USER)))
SSH_PUBLIC_HOSTS ?= $(CONFIG_REPOSITORY_HOST) $(SSH_BASTION_HOSTNAME) $(SSH_REMOTE_HOSTS)
SSH_PRIVATE_IP_RANGE ?= SSH_PRIVATE_IP_RANGE ?=
SSH_PRIVATE_KEYS ?= $(wildcard $(SSH_DIR)/id_rsa)
SSH_REMOTE_HOSTS ?= github.com gitlab.com SSH_REMOTE_HOSTS ?= github.com gitlab.com
SSH_USER ?= $(call slugify,$(GIT_USER))
# function ssh-connect: Exec command 2 on remote hosts 1 with tty # function ssh-connect: Exec command 2 on remote hosts 1 with tty
define ssh-connect define ssh-connect

View File

@ -17,6 +17,11 @@ install-app install-apps: myos-base install-app-required
install-app-required: myos-base install-app-required: myos-base
$(foreach url,$(APP_REQUIRED),$(call install-app,$(url))) $(foreach url,$(APP_REQUIRED),$(call install-app,$(url)))
# target install-bin-%; Call ansible-run-localhost when bin % is not available
.PHONY: install-bin-%
install-bin-%:;
$(if $(shell type $* 2>/dev/null),,$(call make,ansible-run-localhost))
# target $(SHARED): Create SHARED folder # target $(SHARED): Create SHARED folder
$(SHARED): $(SHARED):
$(RUN) mkdir -p $(SHARED) $(RUN) mkdir -p $(SHARED)
@ -36,8 +41,6 @@ update-app-%: % ;
# target update-config: Update config files # target update-config: Update config files
.PHONY: update-config .PHONY: update-config
update-config: SSH_PUBLIC_HOST_KEYS := $(CONFIG_REMOTE_HOST) $(SSH_BASTION_HOSTNAME) $(SSH_REMOTE_HOSTS)
update-config: MAKE_VARS += SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PRIVATE_IP_RANGE SSH_PUBLIC_HOST_KEYS
update-config: myos-base update-config: myos-base
$(call update-app,$(CONFIG_REPOSITORY),$(CONFIG)) $(call update-app,$(CONFIG_REPOSITORY),$(CONFIG))
@ -47,27 +50,32 @@ update-config: myos-base
.PHONY: update-hosts .PHONY: update-hosts
update-hosts: update-hosts:
ifneq (,$(filter $(ENV),local)) ifneq (,$(filter $(ENV),local))
cat .env */.env 2>/dev/null |grep -Eo 'urlprefix-[^/]+' |sed 's/urlprefix-//' |while read host; do grep $$host /etc/hosts >/dev/null 2>&1 || { printf "Adding $$host to /etc/hosts\n"; printf "127.0.0.1 $$host\n" |$(RUN) sudo tee -a /etc/hosts >/dev/null; }; done cat .env */.env 2>/dev/null |grep -Eo 'urlprefix-[^/]+' |sed 's/urlprefix-//' |while read host; do \
grep $$host /etc/hosts >/dev/null 2>&1 || { \
printf "Adding $$host to /etc/hosts\n"; \
printf "127.0.0.1 $$host\n" |$(RUN) sudo tee -a /etc/hosts >/dev/null; \
}; \
done
endif endif
# target update-remote-%: fetch git remote % # target update-remote-%: fetch git remote %
.PHONY: update-remote-% .PHONY: update-remote-%
update-remote-%: myos-base update-remote-%: myos-base
$(RUN) $(call exec,git fetch --prune --tags $*) $(RUN) git fetch --prune --tags $*
# target update-remotes: fetch all git remotes # target update-remotes: fetch all git remotes
.PHONY: update-remotes .PHONY: update-remotes
update-remotes: myos-base update-remotes: myos-base
$(RUN) $(call exec,git fetch --all --prune --tags) $(RUN) git fetch --all --prune --tags
# target update-upstream: fetch git remote upstream # target update-upstream: fetch git remote upstream
.PHONY: update-upstream .PHONY: update-upstream
update-upstream: myos-base .git/refs/remotes/upstream/master update-upstream: myos-base .git/refs/remotes/upstream/master
$(RUN) $(call exec,git fetch --prune --tags upstream) $(RUN) git fetch --prune --tags upstream
# target .git/refs/remotes/upstream/master: git add upstream APP_UPSTREAM_REPOSITORY # target .git/refs/remotes/upstream/master: add git upstream APP_UPSTREAM_REPOSITORY
.git/refs/remotes/upstream/master: .git/refs/remotes/upstream/master:
$(RUN) git remote add upstream $(APP_UPSTREAM_REPOSITORY) 2>/dev/null ||: $(RUN) git remote add upstream $(APP_UPSTREAM_REPOSITORY)
# target shared: Fire SHARED # target shared: Fire SHARED
.PHONY: update-shared .PHONY: update-shared

View File

@ -14,7 +14,6 @@ DOCKER_NETWORK_PRIVATE ?= $(USER_ENV)
DOCKER_NETWORK_PUBLIC ?= node DOCKER_NETWORK_PUBLIC ?= node
DOCKER_REPOSITORY_MYOS ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_MYOS)) DOCKER_REPOSITORY_MYOS ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_MYOS))
DOCKER_REPOSITORY_NODE ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_NODE)) DOCKER_REPOSITORY_NODE ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_NODE))
DOCKER_RUN ?= $(filter true,$(DOCKER))
# DOCKER_RUN_OPTIONS: default options of `docker run` command # DOCKER_RUN_OPTIONS: default options of `docker run` command
DOCKER_RUN_OPTIONS += --rm -it DOCKER_RUN_OPTIONS += --rm -it
# DOCKER_RUN_VOLUME: options -v of `docker run` command to mount additionnal volumes # DOCKER_RUN_VOLUME: options -v of `docker run` command to mount additionnal volumes
@ -33,7 +32,7 @@ else
DOCKER_RUN_VOLUME += -v $(or $(APP_PARENT_DIR),$(APP_DIR),$(PWD)):$(or $(WORKSPACE_DIR),$(APP_PARENT_DIR),$(APP_DIR),$(PWD)) DOCKER_RUN_VOLUME += -v $(or $(APP_PARENT_DIR),$(APP_DIR),$(PWD)):$(or $(WORKSPACE_DIR),$(APP_PARENT_DIR),$(APP_DIR),$(PWD))
endif endif
ifeq ($(DOCKER), true) ifneq ($(DOCKER_RUN),)
DOCKER_SSH_AUTH := -e SSH_AUTH_SOCK=/tmp/ssh-agent/socket -v $(DOCKER_VOLUME_SSH):/tmp/ssh-agent DOCKER_SSH_AUTH := -e SSH_AUTH_SOCK=/tmp/ssh-agent/socket -v $(DOCKER_VOLUME_SSH):/tmp/ssh-agent

View File

@ -12,6 +12,10 @@ APP_TYPE ?= $(if $(SUBREPO),subrepo) $(if $(filter .,$(MY
APPS ?= $(if $(MONOREPO),$(sort $(patsubst $(MONOREPO_DIR)/%/.git,%,$(wildcard $(MONOREPO_DIR)/*/.git)))) APPS ?= $(if $(MONOREPO),$(sort $(patsubst $(MONOREPO_DIR)/%/.git,%,$(wildcard $(MONOREPO_DIR)/*/.git))))
APPS_NAME ?= $(foreach app,$(APPS),$(or $(shell awk -F '=' '$$1 == "APP" {print $$2}' $(or $(wildcard $(MONOREPO_DIR)/$(app)/.env),$(wildcard $(MONOREPO_DIR)/$(app)/.env.$(ENV)),$(MONOREPO_DIR)/$(app)/.env.dist) 2>/dev/null),$(app))) APPS_NAME ?= $(foreach app,$(APPS),$(or $(shell awk -F '=' '$$1 == "APP" {print $$2}' $(or $(wildcard $(MONOREPO_DIR)/$(app)/.env),$(wildcard $(MONOREPO_DIR)/$(app)/.env.$(ENV)),$(MONOREPO_DIR)/$(app)/.env.dist) 2>/dev/null),$(app)))
BRANCH ?= $(GIT_BRANCH) BRANCH ?= $(GIT_BRANCH)
CMD_APK_INSTALL ?= $(if $(shell type -p apk),apk --no-cache --update add)
CMD_APK_REMOVE ?= $(if $(shell type -p apk),apk --no-cache del)
CMD_APT_INSTALL ?= $(if $(shell type -p apt-get),apt-get update && apt-get -fy install)
CMD_APT_REMOVE ?= $(if $(shell type -p apt-get),apt-get -fy remove)
CMDS ?= exec exec:% exec@% install-app install-apps run run:% run@% CMDS ?= exec exec:% exec@% install-app install-apps run run:% run@%
COLOR_INFO ?= $(COLOR_BROWN) COLOR_INFO ?= $(COLOR_BROWN)
COLOR_HIGHLIGHT ?= $(COLOR_GREEN) COLOR_HIGHLIGHT ?= $(COLOR_GREEN)
@ -28,17 +32,24 @@ COLOR_CYAN ?= \033[36m
COLOR_GRAY ?= \033[37m COLOR_GRAY ?= \033[37m
COMMIT ?= $(or $(SUBREPO_COMMIT),$(GIT_COMMIT)) COMMIT ?= $(or $(SUBREPO_COMMIT),$(GIT_COMMIT))
CONFIG ?= $(RELATIVE)config CONFIG ?= $(RELATIVE)config
CONFIG_REPOSITORY ?= $(call pop,$(or $(APP_UPSTREAM_REPOSITORY),$(GIT_UPSTREAM_REPOSITORY)))/$(notdir $(CONFIG)) CONFIG_REPOSITORY ?= $(CONFIG_REPOSITORY_URL)
CONTEXT ?= $(if $(APP),APP BRANCH DOMAIN VERSION) $(shell awk 'BEGIN {FS="="}; $$1 !~ /^(\#|$$)/ {print $$1}' .env.dist 2>/dev/null) CONFIG_REPOSITORY_HOST ?= $(shell printf '$(CONFIG_REPOSITORY_URI)\n' |sed 's|/.*||;s|.*@||')
CONFIG_REPOSITORY_PATH ?= $(shell printf '$(CONFIG_REPOSITORY_URI)\n' |sed 's|[^/]*/||;')
CONFIG_REPOSITORY_SCHEME ?= $(shell printf '$(CONFIG_REPOSITORY_URL)\n' |sed 's|://.*||;')
CONFIG_REPOSITORY_URI ?= $(shell printf '$(CONFIG_REPOSITORY_URL)\n' |sed 's|.*://||;')
CONFIG_REPOSITORY_URL ?= $(call pop,$(APP_UPSTREAM_REPOSITORY))/$(notdir $(CONFIG))
CONTEXT ?= ENV $(shell awk 'BEGIN {FS="="}; $$1 !~ /^(\#|$$)/ {print $$1}' .env.dist 2>/dev/null)
CONTEXT_DEBUG ?= MAKEFILE_LIST env env.docker APPS GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MAKE_DIR MAKE_SUBDIRS MAKE_CMD_ARGS MAKE_ENV_ARGS UID USER CONTEXT_DEBUG ?= MAKEFILE_LIST env env.docker APPS GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MAKE_DIR MAKE_SUBDIRS MAKE_CMD_ARGS MAKE_ENV_ARGS UID USER
DEBUG ?= DEBUG ?=
DOCKER ?= $(if $(BUILD),false,true) DOCKER ?= $(shell type -p docker)
DOCKER_RUN ?= $(if $(filter-out false False FALSE,$(DOCKER)),$(DOCKER))
DOMAIN ?= localhost DOMAIN ?= localhost
DRONE ?= false DRONE ?= false
DRYRUN ?= false DRYRUN ?= false
DRYRUN_RECURSIVE ?= false DRYRUN_RECURSIVE ?= false
ELAPSED_TIME = $(shell $(call TIME)) ELAPSED_TIME = $(shell $(call TIME))
ENV ?= local ENV ?= local
ENV_ARGS = $(if $(DOCKER_RUN),$(env.docker.args) $(env.docker.dist),$(env.args) $(env.dist))
ENV_FILE ?= $(wildcard $(CONFIG)/$(ENV)/$(APP)/.env .env) ENV_FILE ?= $(wildcard $(CONFIG)/$(ENV)/$(APP)/.env .env)
ENV_LIST ?= $(shell ls .git/refs/heads/ 2>/dev/null) ENV_LIST ?= $(shell ls .git/refs/heads/ 2>/dev/null)
ENV_RESET ?= false ENV_RESET ?= false
@ -53,10 +64,14 @@ GIT_STATUS ?= $(shell git status -uno --porcelain 2>/dev/nu
GIT_TAG ?= $(shell git tag -l --points-at $(BRANCH) 2>/dev/null) GIT_TAG ?= $(shell git tag -l --points-at $(BRANCH) 2>/dev/null)
GIT_UPSTREAM_REPOSITORY ?= $(if $(findstring ://,$(GIT_REPOSITORY)),$(call pop,$(call pop,$(GIT_REPOSITORY)))/,$(call pop,$(GIT_REPOSITORY),:):)$(GIT_UPSTREAM_USER)/$(lastword $(subst /, ,$(GIT_REPOSITORY))) GIT_UPSTREAM_REPOSITORY ?= $(if $(findstring ://,$(GIT_REPOSITORY)),$(call pop,$(call pop,$(GIT_REPOSITORY)))/,$(call pop,$(GIT_REPOSITORY),:):)$(GIT_UPSTREAM_USER)/$(lastword $(subst /, ,$(GIT_REPOSITORY)))
GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPOSITORY)))) GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPOSITORY))))
GIT_USER ?= $(GIT_AUTHOR_NAME)
GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null) GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null)
HOSTNAME ?= $(shell hostname 2>/dev/null |sed 's/\..*//') HOSTNAME ?= $(shell hostname 2>/dev/null |sed 's/\..*//')
IGNORE_DRYRUN ?= false IGNORE_DRYRUN ?= false
IGNORE_VERBOSE ?= false IGNORE_VERBOSE ?= false
INSTALL ?= $(SUDO) $(subst &&,&& $(SUDO),$(INSTALL_CMD))
INSTALL_CMDS ?= APK_INSTALL APT_INSTALL
$(foreach cmd,$(INSTALL_CMDS),$(if $(CMD_$(cmd)),$(eval INSTALL_CMD ?= $(CMD_$(cmd)))))
LOG_LEVEL ?= $(if $(DEBUG),debug,$(if $(VERBOSE),info,error)) LOG_LEVEL ?= $(if $(DEBUG),debug,$(if $(VERBOSE),info,error))
MAKE_ARGS ?= $(foreach var,$(MAKE_VARS),$(if $($(var)),$(var)='$($(var))')) MAKE_ARGS ?= $(foreach var,$(MAKE_VARS),$(if $($(var)),$(var)='$($(var))'))
MAKE_SUBDIRS ?= $(if $(filter myos,$(MYOS)),monorepo,$(if $(APP),apps $(foreach type,$(APP_TYPE),$(if $(wildcard $(MAKE_DIR)/apps/$(type)),apps/$(type))))) MAKE_SUBDIRS ?= $(if $(filter myos,$(MYOS)),monorepo,$(if $(APP),apps $(foreach type,$(APP_TYPE),$(if $(wildcard $(MAKE_DIR)/apps/$(type)),apps/$(type)))))
@ -83,6 +98,7 @@ SHARED ?= $(RELATIVE)shared
SSH_DIR ?= ${HOME}/.ssh SSH_DIR ?= ${HOME}/.ssh
STATUS ?= $(GIT_STATUS) STATUS ?= $(GIT_STATUS)
SUBREPO ?= $(if $(wildcard .gitrepo),$(notdir $(CURDIR))) SUBREPO ?= $(if $(wildcard .gitrepo),$(notdir $(CURDIR)))
SUDO ?= $(if $(filter-out 0,$(UID)),$(shell type -p sudo))
TAG ?= $(GIT_TAG) TAG ?= $(GIT_TAG)
UID ?= $(shell id -u 2>/dev/null) UID ?= $(shell id -u 2>/dev/null)
USER ?= $(shell id -nu 2>/dev/null) USER ?= $(shell id -nu 2>/dev/null)
@ -90,18 +106,13 @@ USER_ENV ?= $(USER)_$(ENV)
VERBOSE ?= $(if $(DEBUG),true) VERBOSE ?= $(if $(DEBUG),true)
VERSION ?= $(GIT_VERSION) VERSION ?= $(GIT_VERSION)
ifeq ($(DOCKER), true)
ENV_ARGS = $(env.docker.args) $(env.docker.dist)
else
ENV_ARGS = $(env.args) $(env.dist)
endif
ifneq ($(DEBUG),) ifneq ($(DEBUG),)
CONTEXT += $(CONTEXT_DEBUG) CONTEXT += $(CONTEXT_DEBUG)
else else
.SILENT: .SILENT:
endif endif
# Guess RUN
ifeq ($(DRYRUN),true) ifeq ($(DRYRUN),true)
RUN = $(if $(filter-out true,$(IGNORE_DRYRUN)),echo) RUN = $(if $(filter-out true,$(IGNORE_DRYRUN)),echo)
ifeq ($(RECURSIVE), true) ifeq ($(RECURSIVE), true)
@ -124,14 +135,12 @@ HOST_SYSTEM := DARWIN
endif endif
endif endif
# include .env files
include $(wildcard $(ENV_FILE))
ifeq ($(HOST_SYSTEM),DARWIN) ifeq ($(HOST_SYSTEM),DARWIN)
ifneq ($(DOCKER),true)
SED_SUFFIX := '' SED_SUFFIX := ''
endif endif
endif
# include .env files
include $(wildcard $(ENV_FILE))
# function conf: Extract variable=value line from configuration files # function conf: Extract variable=value line from configuration files
## it prints the line with variable 3 definition from block 2 in file 1 ## it prints the line with variable 3 definition from block 2 in file 1
@ -165,7 +174,20 @@ endef
# macro force: Run command 1 sine die # macro force: Run command 1 sine die
## it starts command 1 if it is not already running ## it starts command 1 if it is not already running
## it returns never ## it returns never
force = $$(while true; do [ $$(ps x |awk 'BEGIN {nargs=split("'"$$*"'",args)} $$field == args[1] { matched=1; for (i=1;i<=NF-field;i++) { if ($$(i+field) == args[i+1]) {matched++} } if (matched == nargs) {found++} } END {print found+0}' field=4) -eq 0 ] && $(RUN) $(1) || sleep 1; done) force = $$(while true; do \
[ $$(ps x |awk '\
BEGIN {nargs=split("'"$$*"'",args)} \
$$field == args[1] { \
matched=1; \
for (i=1;i<=NF-field;i++) { \
if ($$(i+field) == args[i+1]) {matched++} \
} \
if (matched == nargs) {found++} \
} \
END {print found+0}' field=4) -eq 0 \
] \
&& $(RUN) $(1) || sleep 1; done \
)
# macro gid: Return GID of group 1 # macro gid: Return GID of group 1
gid = $(shell grep '^$(1):' /etc/group 2>/dev/null |awk -F: '{print $$3}') gid = $(shell grep '^$(1):' /etc/group 2>/dev/null |awk -F: '{print $$3}')
@ -188,14 +210,14 @@ ${COLOR_HIGHLIGHT}$@${COLOR_RESET}:${COLOR_RESET} ' >&$(INFO_FD) \
&& printf '\n' >&$(INFO_FD) \ && printf '\n' >&$(INFO_FD) \
)) ))
# function install-app: Exec 'git clone url 1 dir 2' or Call update-app with url 1 dir 2 # function install-app: Run 'git clone url 1 dir 2' or Call update-app with url 1 dir 2
define install-app define install-app
$(call INFO,install-app,$(1)$(comma) $(2)) $(call INFO,install-app,$(1)$(comma) $(2))
$(eval url := $(or $(1), $(APP_REPOSITORY))) $(eval url := $(or $(1), $(APP_REPOSITORY_URL)))
$(eval dir := $(or $(2), $(RELATIVE)$(lastword $(subst /, ,$(url))))) $(eval dir := $(or $(2), $(RELATIVE)$(lastword $(subst /, ,$(url)))))
$(if $(wildcard $(dir)/.git), \ $(if $(wildcard $(dir)/.git), \
$(call update-app,$(url),$(dir)), \ $(call update-app,$(url),$(dir)), \
$(RUN) $(call exec,git clone $(QUIET) $(url) $(dir)) \ $(RUN) git clone $(QUIET) $(url) $(dir) \
) )
endef endef
@ -228,21 +250,21 @@ endef
# macro pop: Return last word of string 1 according to separator 2 # macro pop: Return last word of string 1 according to separator 2
pop = $(patsubst %$(or $(2),/)$(lastword $(subst $(or $(2),/), ,$(1))),%,$(1)) pop = $(patsubst %$(or $(2),/)$(lastword $(subst $(or $(2),/), ,$(1))),%,$(1))
# macro sed: Exec sed script 1 on file 2 # macro sed: Run sed script 1 on file 2
sed = $(call env-exec,$(RUN) sed -i $(SED_SUFFIX) '$(1)' $(2)) sed = $(RUN) sed -i $(SED_SUFFIX) '$(1)' $(2)
# macro TIME: Print time elapsed since unixtime 1 # macro TIME: Print time elapsed since unixtime 1
TIME = awk '{printf "%02d:%02d:%02d\n",int($$1/3600),int(($$1%3600)/60),int($$1%60)}' \ TIME = awk '{printf "%02d:%02d:%02d\n",int($$1/3600),int(($$1%3600)/60),int($$1%60)}' \
<<< $(shell bc <<< "$(or $(2),$(MAKE_UNIXTIME_CURRENT))-$(or $(1),$(MAKE_UNIXTIME_START))" 2>/dev/null) <<< $(shell awk 'BEGIN {current=$(or $(2),$(MAKE_UNIXTIME_CURRENT)); start=$(or $(1),$(MAKE_UNIXTIME_START)); print (current - start)}' 2>/dev/null)
# function update-app: Exec 'cd dir 1 && git pull' or Call install-app # function update-app: Run 'cd dir 1 && git pull' or Call install-app
define update-app define update-app
$(call INFO,update-app,$(1)$(comma) $(2)) $(call INFO,update-app,$(1)$(comma) $(2))
$(eval url := $(or $(1), $(APP_REPOSITORY))) $(eval url := $(or $(1), $(APP_REPOSITORY_URL)))
$(eval dir := $(or $(2), $(APP_DIR))) $(eval dir := $(or $(2), $(APP_DIR)))
$(if $(wildcard $(dir)/.git), \ $(if $(wildcard $(dir)/.git), \
$(RUN) $(call exec,sh -c 'cd $(dir) && git pull $(QUIET)'), \ $(RUN) sh -c 'cd $(dir) && git pull $(QUIET)', \
$(call install-app,$(url),$(dir)) \ $(call install-app,$(url),$(dir)) \
) )
endef endef

View File

@ -90,5 +90,5 @@ define .env_update
awk '{while(match($$0,"[$$]{[^}]*}")) {var=substr($$0,RSTART+2,RLENGTH-3);gsub("[$$]{"var"}",ENVIRON[var])} print}') \ awk '{while(match($$0,"[$$]{[^}]*}")) {var=substr($$0,RSTART+2,RLENGTH-3);gsub("[$$]{"var"}",ENVIRON[var])} print}') \
|sed -e /^$$/d -e /^#/d \ |sed -e /^$$/d -e /^#/d \
|sort \ |sort \
>> $(env_file) >> $(env_file);
endef endef

View File

@ -1,5 +1,5 @@
CMDS += copy master-tag release release-check release-create release-finish subrepo-push subrepo-update CMDS += copy master-tag release release-check release-create release-finish subrepo-push subrepo-update
CONTEXT += APPS ENV RELEASE CONTEXT += APPS DOMAIN RELEASE
DIRS ?= $(CONFIG) $(MAKE_DIR) $(SHARED) DIRS ?= $(CONFIG) $(MAKE_DIR) $(SHARED)
RELEASE_UPGRADE ?= $(filter v%, $(shell git tag -l 2>/dev/null |sort -V |awk '/$(RELEASE)/,0')) RELEASE_UPGRADE ?= $(filter v%, $(shell git tag -l 2>/dev/null |sort -V |awk '/$(RELEASE)/,0'))
RELEASE_VERSION ?= $(firstword $(subst -, ,$(VERSION))) RELEASE_VERSION ?= $(firstword $(subst -, ,$(VERSION)))

View File

@ -3,10 +3,10 @@
# target subrepo-branch-delete: Delete branch $(BRANCH) on remote $(SUBREPO) # target subrepo-branch-delete: Delete branch $(BRANCH) on remote $(SUBREPO)
.PHONY: subrepo-branch-delete .PHONY: subrepo-branch-delete
subrepo-branch-delete: $(if $(DOCKER_RUN),myos-base) subrepo-check subrepo-branch-delete: myos-base subrepo-check
ifneq ($(words $(BRANCH)),0) ifneq ($(words $(BRANCH)),0)
$(call exec,[ $$(git ls-remote --heads $(REMOTE) $(BRANCH) 2>/dev/null |wc -l) -eq 1 ]) \ [ $$(git ls-remote --heads $(REMOTE) $(BRANCH) 2>/dev/null |wc -l) -eq 1 ] \
&& $(call exec,$(RUN) git push $(REMOTE) :$(BRANCH)) && $(RUN) git push $(REMOTE) :$(BRANCH)
endif endif
# target subrepo-check: Define SUBREPO and REMOTE # target subrepo-check: Define SUBREPO and REMOTE
@ -28,21 +28,21 @@ endif
.PHONY: subrepo-git-diff .PHONY: subrepo-git-diff
subrepo-git-diff: myos-base subrepo-check subrepo-git-diff: myos-base subrepo-check
$(eval IGNORE_DRYRUN := true) $(eval IGNORE_DRYRUN := true)
$(eval DIFF = $(shell $(call exec,git diff --quiet $(shell $(call exec,git rev-list --ancestry-path $(shell awk '$$1 == "parent" {print $$3}' $(SUBREPO)/.gitrepo)..HEAD |tail -n 1)) -- $(SUBREPO); printf '$$?\n')) ) $(eval DIFF = $(shell git diff --quiet $(shell git rev-list --ancestry-path $(shell awk '$$1 == "parent" {print $$3}' $(SUBREPO)/.gitrepo)..HEAD |tail -n 1) -- $(SUBREPO); printf '$$?\n') )
$(eval IGNORE_DRYRUN := false) $(eval IGNORE_DRYRUN := false)
# target subrepo-git-fetch: Fetch git remote # target subrepo-git-fetch: Fetch git remote
.PHONY: subrepo-git-fetch .PHONY: subrepo-git-fetch
subrepo-git-fetch: myos-base subrepo-check subrepo-git-fetch: myos-base subrepo-check
$(call exec,$(RUN) git fetch --prune $(REMOTE)) $(RUN) git fetch --prune $(REMOTE)
# target subrepo-tag-create-%: Create tag TAG to reference branch REMOTE/% # target subrepo-tag-create-%: Create tag TAG to reference branch REMOTE/%
.PHONY: subrepo-tag-create-% .PHONY: subrepo-tag-create-%
subrepo-tag-create-%: myos-base subrepo-check subrepo-git-fetch subrepo-tag-create-%: myos-base subrepo-check subrepo-git-fetch
ifneq ($(words $(TAG)),0) ifneq ($(words $(TAG)),0)
$(call exec,[ $$(git ls-remote --tags $(REMOTE) $(TAG) |wc -l) -eq 0 ]) \ [ $$(git ls-remote --tags $(REMOTE) $(TAG) |wc -l) -eq 0 ] \
|| $(call exec,$(RUN) git push $(REMOTE) :refs/tags/$(TAG)) || $(call exec,$(RUN) git push $(REMOTE) :refs/tags/$(TAG))
$(call exec,$(RUN) git push $(REMOTE) refs/remotes/subrepo/$(SUBREPO)/$*:refs/tags/$(TAG)) $(RUN) git push $(REMOTE) refs/remotes/subrepo/$(SUBREPO)/$*:refs/tags/$(TAG)
endif endif
# target subrepo-push: Push to subrepo # target subrepo-push: Push to subrepo
@ -55,7 +55,7 @@ endif
# if specific branch name, delete remote branch before push and recreate it from master # if specific branch name, delete remote branch before push and recreate it from master
ifneq ($(findstring $(firstword $(subst /, ,$(BRANCH))),feature hotfix release story),) ifneq ($(findstring $(firstword $(subst /, ,$(BRANCH))),feature hotfix release story),)
$(eval IGNORE_DRYRUN := true) $(eval IGNORE_DRYRUN := true)
$(eval DELETE = $(shell $(call exec,sh -c 'git ls-remote --heads $(REMOTE) $(BRANCH) |wc -l')) ) $(eval DELETE = $(shell sh -c 'git ls-remote --heads $(REMOTE) $(BRANCH) |wc -l') )
$(eval IGNORE_DRYRUN := false) $(eval IGNORE_DRYRUN := false)
else else
$(eval DELETE = 0) $(eval DELETE = 0)
@ -64,12 +64,12 @@ endif
$(call INFO,subrepo $(SUBREPO) already up to date); \ $(call INFO,subrepo $(SUBREPO) already up to date); \
else \ else \
if [ $(DELETE) -eq 1 ]; then \ if [ $(DELETE) -eq 1 ]; then \
$(call exec,$(RUN) git push $(REMOTE) :$(BRANCH)); \ $(RUN) git push $(REMOTE) :$(BRANCH); \
$(call exec,$(RUN) git push $(REMOTE) refs/remotes/$(REMOTE)/master:refs/heads/$(BRANCH)); \ $(RUN) git push $(REMOTE) refs/remotes/$(REMOTE)/master:refs/heads/$(BRANCH); \
fi; \ fi; \
$(call exec,$(RUN) git subrepo fetch $(SUBREPO) -b $(BRANCH)); \ $(RUN) git subrepo fetch $(SUBREPO) -b $(BRANCH); \
$(call exec,$(RUN) git subrepo push $(SUBREPO) -b $(BRANCH) $(UPDATE_SUBREPO_OPTIONS)); \ $(RUN) git subrepo push $(SUBREPO) -b $(BRANCH) $(UPDATE_SUBREPO_OPTIONS); \
$(call exec,$(RUN) git subrepo clean $(SUBREPO)); \ $(RUN) git subrepo clean $(SUBREPO); \
fi fi
# target subrepos-branch-delete: Fire APPS target # target subrepos-branch-delete: Fire APPS target
@ -83,7 +83,7 @@ subrepos-tag-create-%: $(APPS) ;
# target subrepos-update: Fire APPS target and push updates to upstream # target subrepos-update: Fire APPS target and push updates to upstream
.PHONY: subrepos-update .PHONY: subrepos-update
subrepos-update: myos-base git-stash $(APPS) git-unstash ## Update subrepos subrepos-update: myos-base git-stash $(APPS) git-unstash ## Update subrepos
$(call exec,$(RUN) git push upstream $(BRANCH)) $(RUN) git push upstream $(BRANCH)
# target subrepo-update-%: Call subrepo-update target in folder % # target subrepo-update-%: Call subrepo-update target in folder %
.PHONY: subrepo-update-% .PHONY: subrepo-update-%

View File

@ -69,6 +69,7 @@ reverse = $(if $(1),$(call reverse,$(wordlist 2,$(words $(1)),$(1))) $(firstword
# and in rules. Particularly useful for VCS version strings, that can contain # and in rules. Particularly useful for VCS version strings, that can contain
# slashes, colons (OK in filenames but not in rules), and spaces. # slashes, colons (OK in filenames but not in rules), and spaces.
sanitize = $(subst $(space),_,$(subst :,_,$(subst /,_,$(strip $(1))))) sanitize = $(subst $(space),_,$(subst :,_,$(subst /,_,$(strip $(1)))))
slugify = $(subst $(space),,$(subst :,,$(subst /,,$(subst .,,$(1)))))
# MESSAGE Macro -- display a message in bold type # MESSAGE Macro -- display a message in bold type
MESSAGE = echo "$(TERM_BOLD)>>> $($(PKG)_NAME) $($(PKG)_VERSION) $(call qstrip,$(1))$(TERM_RESET)" MESSAGE = echo "$(TERM_BOLD)>>> $($(PKG)_NAME) $($(PKG)_VERSION) $(call qstrip,$(1))$(TERM_RESET)"

View File

@ -1,4 +0,0 @@
PACKER_BUILD_VARS += ansible_extra_vars ansible_user ansible_verbose
ansible_extra_vars ?= $(patsubst target=%,target=default,$(ANSIBLE_EXTRA_VARS))
ansible_user ?= $(ANSIBLE_USERNAME)
ansible_verbose ?= $(ANSIBLE_VERBOSE)

View File

@ -6,6 +6,7 @@ PACKER_ARCH ?= $(PACKER_ALPINE_ARCH)
PACKER_BOOT_WAIT ?= 11s PACKER_BOOT_WAIT ?= 11s
PACKER_BUILD_ARGS ?= -on-error=cleanup $(foreach var,$(PACKER_BUILD_VARS),$(if $($(var)),-var $(var)='$($(var))')) PACKER_BUILD_ARGS ?= -on-error=cleanup $(foreach var,$(PACKER_BUILD_VARS),$(if $($(var)),-var $(var)='$($(var))'))
PACKER_BUILD_VARS += accelerator boot_wait hostname iso_name iso_size output password qemuargs ssh_wait_timeout template username PACKER_BUILD_VARS += accelerator boot_wait hostname iso_name iso_size output password qemuargs ssh_wait_timeout template username
PACKER_BUILD_VARS += ansible_extra_vars ansible_user ansible_verbose
PACKER_CACHE_DIR ?= build/cache PACKER_CACHE_DIR ?= build/cache
PACKER_HOSTNAME ?= $(PACKER_TEMPLATE) PACKER_HOSTNAME ?= $(PACKER_TEMPLATE)
PACKER_ISO_DATE ?= $(shell stat -c %y $(PACKER_ISO_FILE) 2>/dev/null) PACKER_ISO_DATE ?= $(shell stat -c %y $(PACKER_ISO_FILE) 2>/dev/null)
@ -41,6 +42,9 @@ PACKER_BUILD_ARGS += -var ssh_port_max=$(PACKER_SSH_PORT) -var vnc
endif endif
accelerator ?= $(PACKER_QEMU_ACCELERATOR) accelerator ?= $(PACKER_QEMU_ACCELERATOR)
ansible_extra_vars ?= $(patsubst target=%,target=default,$(ANSIBLE_EXTRA_VARS))
ansible_user ?= $(PACKER_USERNAME)
ansible_verbose ?= $(ANSIBLE_VERBOSE)
boot_wait ?= $(PACKER_BOOT_WAIT) boot_wait ?= $(PACKER_BOOT_WAIT)
hostname ?= $(PACKER_HOSTNAME) hostname ?= $(PACKER_HOSTNAME)
iso_name ?= $(PACKER_ISO_NAME) iso_name ?= $(PACKER_ISO_NAME)
@ -73,8 +77,8 @@ endif
# function packer: Call run packer with arg 1 # function packer: Call run packer with arg 1
## it needs an empty local ssh agent (ssh-add -D) ## it needs an empty local ssh agent (ssh-add -D)
## it needs ANSIBLE_SSH_PRIVATE_KEYS set to a key giving access to ANSIBLE_GIT_REPOSITORY without password ## it needs SSH_PRIVATE_KEYS to get access without password to GIT_REPOSITORY
## it needs ANSIBLE_AWS_ACCESS_KEY_ID and ANSIBLE_AWS_SECRET_ACCESS_KEY ## it needs AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY when deploying to AWS
define packer define packer
$(RUN) $(call run,packer $(1),$(DOCKER_RUN_OPTIONS_PACKER) $(DOCKER_REPOSITORY)/) $(RUN) $(call run,packer $(1),$(DOCKER_RUN_OPTIONS_PACKER) $(DOCKER_REPOSITORY)/)
endef endef
@ -110,4 +114,4 @@ define packer-build
echo 'user: $(username)' >> $(PACKER_ISO_INFO) echo 'user: $(username)' >> $(PACKER_ISO_INFO)
endef endef
arrays_of_dquoted_args = [ $(subst $(dquote) $(dquote),$(dquote)$(comma) $(dquote),$(subst $(dquote) $(dquote)-,$(dquote) ]$(comma) [ $(dquote)-,$(patsubst %,$(dquote)%$(dquote),$1))) ] arrays_of_dquoted_args = $(subst $(dquote) $(dquote),$(dquote)$(comma) $(dquote),$(subst $(dquote) $(dquote)-,$(dquote) ]$(comma) [ $(dquote)-,$(patsubst %,$(dquote)%$(dquote),$1)))

View File

@ -1,3 +1,3 @@
# target base: Fire docker-network-create stack-base-up base-ssh-add # target base: Fire ssh-add
.PHONY: base .PHONY: base
base: docker-network-create $(if $(DOCKER_RUN),stack-base-up) ssh-add base: $(if $(DOCKER_RUN),install-bin-docker docker-network-create stack-base-up) ssh-add

View File

@ -5,6 +5,13 @@ services:
build: build:
args: args:
- DOCKER_BUILD_DIR=docker/cli - DOCKER_BUILD_DIR=docker/cli
- GID=${GID}
- UID=${UID}
- USER=${USER}
- SSH_BASTION_HOSTNAME=${SSH_BASTION_HOSTNAME}
- SSH_BASTION_USERNAME=${SSH_BASTION_USERNAME}
- SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS}
- SSH_PRIVATE_IP_RANGE=${SSH_RIVATE_IP_RANGE}
context: ../.. context: ../..
dockerfile: docker/cli/Dockerfile dockerfile: docker/cli/Dockerfile
target: ${DOCKER_BUILD_TARGET} target: ${DOCKER_BUILD_TARGET}
@ -26,6 +33,9 @@ services:
build: build:
args: args:
- DOCKER_BUILD_DIR=docker/ssh - DOCKER_BUILD_DIR=docker/ssh
- GID=${GID}
- UID=${UID}
- USER=${USER}
context: ../.. context: ../..
dockerfile: docker/ssh/Dockerfile dockerfile: docker/ssh/Dockerfile
target: ${DOCKER_BUILD_TARGET} target: ${DOCKER_BUILD_TARGET}