aynic.os 1 year ago
parent ce449b3966
commit d6d1299ae2
  1. 4
      Makefile
  2. 17
      ansible/ansible.mk
  3. 6
      ansible/def.ansible.mk
  4. 5
      ansible/inventories/host_vars/localhost
  5. 80
      ansible/roles/aws-cli/tasks/main.yml
  6. 31
      ansible/roles/aws-cli/tasks/myos.yml
  7. 14
      ansible/roles/disks/tasks/main.yml
  8. 19
      ansible/roles/docker/defaults/main.yml
  9. 7
      ansible/roles/docker/handlers/main.yml
  10. 18
      ansible/roles/docker/tasks/config.yml
  11. 2
      ansible/roles/docker/tasks/group.yml
  12. 9
      ansible/roles/docker/tasks/main.yml
  13. 61
      ansible/roles/docker/tasks/myos.yml
  14. 20
      ansible/roles/docker/tasks/myos_ec2.yml
  15. 1
      ansible/roles/docker/tasks/package.yml
  16. 1
      ansible/roles/docker/templates/daemon.json.j2
  17. 1
      ansible/roles/hosts/tasks/files.yml
  18. 1
      ansible/roles/hosts/tasks/git.yml
  19. 20
      ansible/roles/hosts/tasks/ssh.yml
  20. 18
      ansible/roles/hosts/tasks/user.yml
  21. 19
      ansible/roles/hosts/tests/goss/file.yml
  22. 2
      ansible/roles/hosts/tests/goss/package_alpine.yml
  23. 2
      ansible/roles/hosts/tests/goss/package_debian.yml
  24. 2
      ansible/roles/hosts/tests/goss/package_redhat.yml
  25. 1
      ansible/roles/hosts/vars/alpine.yml
  26. 1
      ansible/roles/hosts/vars/debian.yml
  27. 1
      ansible/roles/hosts/vars/redhat.yml
  28. 4
      make/apps/common.mk
  29. 5
      make/apps/def.docker.mk
  30. 4
      make/apps/def.setup.mk
  31. 8
      make/apps/docker.mk
  32. 30
      make/apps/install.mk
  33. 20
      make/apps/myos/def.setup.mk
  34. 31
      make/apps/myos/setup.mk
  35. 1
      make/def.docker.mk
  36. 69
      make/def.mk
  37. 4
      make/monorepo/common.mk
  38. 6
      packer/def.packer.mk
  39. 4
      packer/packer.mk
  40. 2
      stack/base.mk
  41. 2
      stack/node.mk

@ -3,7 +3,7 @@ include make/include.mk
##
# APP
app-bootstrap: setup-sysctl setup-nfsd
app-bootstrap: setup-docker-group setup-nfsd setup-sysctl
app-build: base install-build-config
$(call make,docker-compose-build docker-compose-up)
@ -12,4 +12,6 @@ app-build: base install-build-config
app-install: ansible-run base node
app-tests: ansible-tests
app-start: ssh-add

@ -1,16 +1,16 @@
# target ansible: Fire docker-build-ansible, Call ansible ANSIBLE_ARGS ARGS or ansible-run target
.PHONY: ansible
ansible: $(if $(DOCKER_RUN),docker-build-ansible)
ansible: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible)
$(call ansible,$(ANSIBLE_ARGS) $(ARGS))
# target ansible-playbook: Call ansible-playbook ANSIBLE_ARGS ARGS
.PHONY: ansible-playbook
ansible-playbook: $(if $(DOCKER_RUN),docker-build-ansible)
ansible-playbook: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible)
$(call ansible-playbook,$(ANSIBLE_ARGS) $(ARGS))
# target ansible-pull: Call ansible-pull ANSIBLE_GIT_REPOSITORY ANSIBLE_PLAYBOOK
.PHONY: ansible-pull
ansible-pull:
ansible-pull: install-ansible
$(call ansible-pull,--url $(ANSIBLE_GIT_REPOSITORY) $(if $(ANSIBLE_GIT_KEY_FILE),--key-file $(ANSIBLE_GIT_KEY_FILE)) $(if $(ANSIBLE_GIT_VERSION),--checkout $(ANSIBLE_GIT_VERSION)) $(if $(ANSIBLE_GIT_DIRECTORY),--directory $(ANSIBLE_GIT_DIRECTORY)) $(if $(ANSIBLE_TAGS),--tags $(ANSIBLE_TAGS)) $(if $(ANSIBLE_EXTRA_VARS),--extra-vars '$(ANSIBLE_EXTRA_VARS)') $(if $(findstring true,$(FORCE)),--force) $(if $(findstring true,$(DRYRUN)),--check) --full $(if $(ANSIBLE_INVENTORY),--inventory $(ANSIBLE_INVENTORY)) $(ANSIBLE_PLAYBOOK))
# target ansible-pull@%: Fire ssh-get-PrivateIpAddress-% for SERVER_NAME, Call ssh-exec make ansible-pull DOCKER_IMAGE_TAG
@ -24,5 +24,14 @@ ansible-run: ansible-run-localhost
# target ansible-run-%: Fire docker-build-ansible, Call ansible-playbook ANSIBLE_PLAYBOOK
.PHONY: ansible-run-%
ansible-run-%: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible)
ansible-run-%: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible) debug-ANSIBLE_PLAYBOOK
$(call ansible-playbook,$(if $(ANSIBLE_TAGS),--tags $(ANSIBLE_TAGS)) $(if $(ANSIBLE_EXTRA_VARS),--extra-vars '$(patsubst target=localhost,target=$*,$(ANSIBLE_EXTRA_VARS))') $(if $(findstring true,$(DRYRUN)),--check) $(if $(ANSIBLE_INVENTORY),--inventory $(ANSIBLE_INVENTORY)) $(ANSIBLE_PLAYBOOK))
# target ansible-tests: Fire ssh-add ansible-tests-localhost
.PHONY: ansible-tests
ansible-tests: ansible-tests-localhost
# target ansible-tests-%: Fire docker-run-% with ANSIBLE_PLAYBOOK ansible/roles/*/tests/playbook.yml
.PHONY: ansible-tests-%
ansible-tests-%: ANSIBLE_PLAYBOOK := $(wildcard ansible/roles/*/tests/playbook.yml)
ansible-tests-%: ansible-run-%;

@ -46,3 +46,9 @@ define ansible-pull
$(call INFO,ansible-pull,$(1))
$(call env-run,$(RUN) ansible-pull $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(1))
endef
# function ansible-user-add-groups: Call ansible to add user 1 in groups 2
define ansible-user-add-groups
$(call INFO,ansible-user-add-groups,$(1)$(comma) $(2))
$(if $(DOCKER_RUN),$(call make,docker-build-ansible),$(call make,install-ansible))
$(call ansible,-b -m user -a 'name=$(1) groups=$(2) append=yes' localhost)
endef

@ -1,6 +1,11 @@
---
# file: inventories/host_vars/localhost
disks_additional_disks:
- disk: none
fstype: btrfs
mount: /var/lib/docker
service: docker
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
hosts_enable_local: true

@ -67,79 +67,7 @@
mode=0600
force=yes
- name: aws - check AWS meta-data URI
uri:
url: http://169.254.169.254/latest/meta-data
timeout: 1
register: aws_uri_check
tags: 'aws'
failed_when: False
- name: aws - get instance metadata
tags: 'aws'
ec2_metadata_facts:
when: aws_uri_check.status == 200
- name: aws - get instance tags
tags: 'aws'
ec2_tag:
aws_access_key: "{{ aws_access_key_id }}"
aws_secret_key: "{{ aws_secret_access_key }}"
region: "{{ ansible_ec2_placement_region }}"
resource: "{{ ansible_ec2_instance_id }}"
state: list
register: ec2_tags
when: ansible_ec2_instance_id is defined
- name: aws - set hostname
hostname: name="{{ ec2_tags.tags.hostname }}{% if ec2_tags.tags.domainname is defined %}.{{ ec2_tags.tags.domainname }}{% endif %}"
tags: 'aws'
when: ec2_tags.tags is defined and ec2_tags.tags.hostname is defined
- name: aws - ecr login
shell: "$(aws ecr get-login --no-include-email --region {{ aws_region }})"
tags: 'aws'
when: ec2_tags.tags is defined
# ansible v2.8
# - name: aws - prune docker objects
# docker_prune:
# containers: yes
# images: yes
# images_filters:
# dangling: false
# networks: yes
# volumes: yes
# builder_cache: yes
# tags: 'aws'
- name: aws - launch docker containers
docker_container:
image: "{{docker_registry|default(ec2_tags.tags.user)}}/{{ec2_tags.tags.user}}/{{ec2_tags.tags.env}}/{% if ':' in item %}{{item}}{% else %}{{item}}:{{docker_image_tag|default('latest')}}{% endif %}"
name: "{{ec2_tags.tags.user}}_{{ec2_tags.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
network_mode: host
pull: yes
restart_policy: always
volumes:
- "{{ lookup('env','ANSIBLE_DISKS_NFS_PATH') }}:/shared"
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
tags: 'aws'
with_items: '{{ec2_tags.tags.services.split(" ")}}'
when: ec2_tags.tags is defined and ec2_tags.tags.env is defined and ec2_tags.tags.services is defined and ec2_tags.tags.user is defined
- name: aws - add docker containers to inventory
add_host:
name: "{{ec2_tags.tags.user}}_{{ec2_tags.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
ansible_connection: docker
changed_when: false
tags: 'aws'
with_items: '{{ec2_tags.tags.services.split(" ")}}'
when: ec2_tags.tags is defined and ec2_tags.tags.env is defined and ec2_tags.tags.services is defined and ec2_tags.tags.user is defined
- name: aws - run make deploy-hook in docker containers
delegate_to: "{{ec2_tags.tags.user}}_{{ec2_tags.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
raw: "command -v make || exit 0 && make deploy-hook CONTAINER={{ec2_tags.tags.user}}_{{ec2_tags.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}} HOST={{ansible_ec2_local_ipv4}}"
tags: 'aws'
with_items: '{{ec2_tags.tags.services.split(" ")}}'
when: ec2_tags.tags is defined and ec2_tags.tags.env is defined and ec2_tags.tags.services is defined and ec2_tags.tags.user is defined
- import_tasks: myos.yml
tags:
- aws
- myos

@ -0,0 +1,31 @@
---
# file: tasks/myos.yml
- name: myos - check AWS meta-data URI
uri:
url: http://169.254.169.254/latest/meta-data
timeout: 1
register: aws_uri_check
tags: 'aws'
failed_when: False
- name: myos - get instance metadata
tags: 'aws'
ec2_metadata_facts:
when: aws_uri_check.status == 200
- name: myos - get instance tags
tags: 'aws'
ec2_tag:
aws_access_key: "{{ aws_access_key_id }}"
aws_secret_key: "{{ aws_secret_access_key }}"
region: "{{ ansible_ec2_placement_region }}"
resource: "{{ ansible_ec2_instance_id }}"
state: list
register: ec2_tags
when: ansible_ec2_instance_id is defined
- name: myos - set hostname
hostname: name="{{ ec2_tags.tags.hostname }}{% if ec2_tags.tags.domainname is defined %}.{{ ec2_tags.tags.domainname }}{% endif %}"
tags: 'aws'
when: ec2_tags.tags is defined and ec2_tags.tags.hostname is defined

@ -1,17 +1,3 @@
- name: 'Install Python PIP'
package: >
name=py3-pip
state=present
when: ansible_os_family|lower == "alpine"
become: yes
- name: 'Install Python PIP'
package: >
name=python-pip
state=present
when: ansible_os_family|lower != "alpine"
become: yes
- name: 'Install python-pathlib'
pip: >
name=pathlib

@ -4,6 +4,18 @@
# minimum kernel version
docker_check_kernel: '3.10'
# Location of configuration files of docker daemon
docker_daemon_config_directory: "/etc/docker"
# Configuration files of docker daemon
docker_daemon_config_file: "{{docker_daemon_config_directory}}/daemon.json"
# Configure docker daemon storage driver
docker_daemon_config_storage: "{% if ansible_cmdline.fstype == 'btrfs'%}btrfs{% endif %}"
# Docker daemon configuration
docker_daemon_config: {}
# The docker package name
docker_package: docker
@ -21,13 +33,6 @@ docker_opts: "OPTIONS"
docker_services:
- docker
# dockers
# dockers:
# - nginx
# docker cluster
# docker_cluster: ""
# Start docker
docker_start: true

@ -2,7 +2,8 @@
# file handlers/main.yml
- name: restart docker
with_items: "{{docker_services|default([])}}"
service:
name: "{{docker_service}}"
state: "restarted"
name: "{{item}}"
state: restarted
become: yes

@ -2,10 +2,27 @@
# file: tasks/config.yml
- name: config - add docker storage setup
notify: restart docker
lineinfile: dest="{{docker_init_config_directory}}/{{docker_package}}-storage-setup" state="present" line="STORAGE_DRIVER=\"\""
when: docker_package|length > 0 and ansible_service_mgr == "systemd" and ansible_os_family|lower == "redhat"
become: yes
- name: config - register docker_daemon_config
set_fact:
docker_daemon_config: "{{ lookup('file',docker_daemon_config_file)|default('{}')|from_json}}"
ignore_errors: true
- name: config - add docker daemon storage configuration for btrfs
notify: restart docker
template:
src: daemon.json.j2
dest: "{{docker_daemon_config_file}}"
owner: root
group: docker
mode: "0640"
when: docker_package|length > 0
become: yes
# - name: config - disable docker iptables setup
# lineinfile: dest="/lib/systemd/system/docker.service" state="present" regex="^ExecStart=" line="ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=false"
# notify: restart docker
@ -13,6 +30,7 @@
# become: yes
- name: config - setup docker mtu on Openstack VMs
notify: restart docker
lineinfile: dest="{{docker_init_config_directory}}/{{docker_package}}" state="present" backrefs=true regexp='^{{docker_opts}}=(?:\'|\")?((?:\s*[\w=\/\-\.](?<!--mtu=1450)\s*)*)(?:\'|\")?$' line='{{docker_opts}}="\1 --mtu=1450"'
when: docker_package|length > 0 and ansible_product_name == "OpenStack Nova"
become: yes

@ -9,4 +9,4 @@
- name: group - add me to the docker group
user: name="{{ansible_user_id}}" groups=docker append=yes
become: yes
when: ansible_os_family|lower != "alpine" and ansible_user_id != "root"
when: ansible_os_family|lower != "alpine" and ansible_user_uid != "0"

@ -7,15 +7,15 @@
- import_tasks: check.yml
tags:
- check
- import_tasks: config.yml
tags:
- config
- import_tasks: files.yml
tags:
- files
- import_tasks: package.yml
tags:
- package
- import_tasks: config.yml
tags:
- config
- import_tasks: service.yml
tags:
- service
@ -28,3 +28,6 @@
- import_tasks: run.yml
tags:
- run
- import_tasks: myos.yml
tags:
- myos

@ -0,0 +1,61 @@
---
# file: tasks/myos.yml
- name: myos - register myos
lookup:
file: ~/.env
register: myos
- name: myos - check AWS meta-data URI
uri:
url: http://169.254.169.254/latest/meta-data
timeout: 1
register: aws_uri_check
tags:
- aws
failed_when: False
- import_tasks: myos_ec2.yml
tags:
- aws
- ec2
when: aws_uri_check.status == 200
# ansible v2.8
# - name: myos - prune docker objects
# docker_prune:
# containers: yes
# images: yes
# images_filters:
# dangling: false
# networks: yes
# volumes: yes
# builder_cache: yes
- name: myos - launch docker containers
docker_container:
image: "{{docker_registry|default(myos.tags.user)}}/{{myos.tags.user}}/{{myos.tags.env}}/{% if ':' in item %}{{item}}{% else %}{{item}}:{{docker_image_tag|default('latest')}}{% endif %}"
name: "{{myos.tags.user}}_{{myos.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
network_mode: host
pull: yes
restart_policy: always
volumes:
- "{{ lookup('env','ANSIBLE_DISKS_NFS_PATH') }}:/shared"
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
with_items: '{{myos.tags.services.split(" ")}}'
when: myos.tags is defined and myos.tags.env is defined and myos.tags.services is defined and myos.tags.user is defined
- name: myos - add docker containers to inventory
add_host:
name: "{{myos.tags.user}}_{{myos.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
ansible_connection: docker
changed_when: false
with_items: '{{myos.tags.services.split(" ")}}'
when: myos.tags is defined and myos.tags.env is defined and myos.tags.services is defined and myos.tags.user is defined
- name: myos - run make deploy-hook in docker containers
delegate_to: "{{myos.tags.user}}_{{myos.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}}"
raw: "command -v make || exit 0 && make deploy-hook CONTAINER={{myos.tags.user}}_{{myos.tags.env}}_{{item|replace('/','_')|regex_replace(':.*','')}} HOST={{ansible_ec2_local_ipv4}}"
with_items: '{{myos.tags.services.split(" ")}}'
when: myos.tags is defined and myos.tags.env is defined and myos.tags.services is defined and myos.tags.user is defined

@ -0,0 +1,20 @@
---
# file: tasks/myos_ec2.yml
- name: myos_ec2 - get instance metadata
ec2_metadata_facts:
- name: myos_ec2 - get instance tags
ec2_tag:
aws_access_key: "{{ aws_access_key_id }}"
aws_secret_key: "{{ aws_secret_access_key }}"
region: "{{ ansible_ec2_placement_region }}"
resource: "{{ ansible_ec2_instance_id }}"
state: list
register: myos
when: ansible_ec2_instance_id is defined
- name: myos_ec2 - ecr login
shell: "$(aws ecr get-login --no-include-email --region {{ aws_region }})"
when: myos.tags is defined

@ -9,6 +9,7 @@
- name: package - add docker GPG key
apt_key: url=https://download.docker.com/linux/debian/gpg
when: ansible_os_family|lower == "debian"
ignore_errors: true
become: yes
- name: package - define arch

@ -0,0 +1 @@
{{ docker_daemon_config|combine([{ "storage-driver": docker_daemon_config_storage }])|to_nice_json }}

@ -35,3 +35,4 @@
- https://raw.githubusercontent.com/dylanaraps/pfetch/master/pfetch
get_url: url={{item}} dest=/usr/local/bin owner=root group=root mode=0755
become: yes
ignore_errors: true

@ -8,4 +8,5 @@
dest: "{{ item.dest|default('/src') }}"
key_file: "{{ item.key_file|default('~/.ssh/id_rsa') }}"
version: "{{ item.version|default('HEAD') }}"
ignore_errors: true
become: yes

@ -1,29 +1,15 @@
---
# file: tasks/ssh.yml
- name: ssh - add ssh_authorized_keys to file ~/.ssh/authorized_keys
authorized_key: user="{{ ansible_user|default('root') }}" key="{{ item }}"
with_items: "{{ hosts_ssh_authorized_keys|default([]) }}"
ignore_errors: true
- name: ssh - add ssh_public_hosts keys to known_hosts
- name: ssh - add hosts_ssh_public_hosts keys to known_hosts
with_items: "{{ hosts_ssh_public_hosts|default([]) }}"
known_hosts:
path: /etc/ssh/ssh_known_hosts
name: "{{ item }}"
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa -H ' + item) }}"
become: true
ignore_errors: true
- name: ssh - copy ssh_private_keys to ~/.ssh/
with_items: "{{ hosts_ssh_private_keys|default([]) }}"
copy: src="{{ item }}" dest=~/.ssh/ mode=0400
ignore_errors: true
- name: ssh - update ~/.ssh/myos/config
template:
src: ssh_config.j2
dest: ~/.ssh/myos/config
mode: 0400
- name: ssh - define sshd configuration
set_fact:
sshd_config:

@ -1,6 +1,16 @@
---
# file: tasks/user.yml
- name: user - add hosts_ssh_authorized_keys to ~/.ssh/authorized_keys
authorized_key: user="{{ ansible_user|default('root') }}" key="{{ item }}"
with_items: "{{ hosts_ssh_authorized_keys|default([]) }}"
ignore_errors: true
- name: user - copy hosts_ssh_private_keys to ~/.ssh/
with_items: "{{ hosts_ssh_private_keys|default([]) }}"
copy: src="{{ item }}" dest=~/.ssh/ mode=0400
ignore_errors: true
- name: user - create ~/.env
template:
src: env.j2
@ -56,7 +66,7 @@
- name: user - update ~/.screenrc
with_items:
- defscrollback 1024
- defscrollback 4096
- hardstatus alwayslastline "%{= kw}[%{G}$USER@%H%{-}] \# %?%-Lw%?[%{G}%n%f %t%{-}]%?%+Lw%?%?%=%-17< [%{B}%l%{-}]"
- shell -$SHELL
lineinfile: dest=~/.screenrc create=yes line='{{item}}'
@ -66,6 +76,12 @@
- include myos/config
lineinfile: dest=~/.ssh/config create=yes line='{{item}}'
- name: ssh - update ~/.ssh/myos/config
template:
src: ssh_config.j2
dest: ~/.ssh/myos/config
mode: 0400
- name: user - update ~/.tmux.conf
with_items:
- source-file ~/.tmux/myos/config

@ -1,4 +1,10 @@
file:
/etc/issue.net:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
/etc/profile.d/rc.sh:
exists: true
mode: "0644"
@ -11,4 +17,15 @@ file:
owner: root
group: root
filetype: file
/usr/local/bin/goss:
exists: true
mode: "0755"
owner: root
group: root
filetype: file
/usr/local/bin/pfetch:
exists: true
mode: "0755"
owner: root
group: root
filetype: file

@ -7,6 +7,8 @@ package:
installed: true
openssh-client:
installed: true
py3-pip:
installed: true
util-linux:
installed: true
vim:

@ -7,6 +7,8 @@ package:
installed: true
openssh-client:
installed: true
python-pip:
installed: true
util-linux:
installed: true
vim-nox:

@ -7,5 +7,7 @@ package:
installed: true
openssh-clients:
installed: true
python-pip:
installed: true
vim-minimal:
installed: true

@ -5,6 +5,7 @@ hosts_packages_distro:
- { "name": "coreutils", "state": "present" }
- { "name": "groff", "state": "present" }
- { "name": "openssh-client", "state": "present" }
- { "name": "py3-pip", "state": "present" }
- { "name": "util-linux", "state": "present" }
- { "name": "vim", "state": "present" }

@ -5,6 +5,7 @@ hosts_packages_distro:
- { "name": "coreutils", "state": "present" }
- { "name": "groff", "state": "present" }
- { "name": "openssh-client", "state": "present" }
- { "name": "python-pip", "state": "present" }
- { "name": "util-linux", "state": "present" }
- { "name": "vim-nox", "state": "present" }

@ -5,5 +5,6 @@ hosts_packages_distro:
- { "name": "groff-base", "state": "present" }
- { "name": "libselinux-python", "state": "present" }
- { "name": "openssh-clients", "state": "present" }
- { "name": "python-pip", "state": "present" }
- { "name": "vim-minimal", "state": "present" }

@ -9,7 +9,7 @@ bootstrap: bootstrap-git bootstrap-docker app-bootstrap ## Update application fi
# target bootstrap-docker: Build and start application dockers
# on local host
.PHONY: boostrap-docker
bootstrap-docker: install-bin-docker docker-network-create
bootstrap-docker: install-bin-docker setup-docker-group
# target bootstrap-git: Fire update-app
.PHONY: bootstrap-git
@ -215,4 +215,4 @@ upgrade: update app-upgrade release-upgrade ## Upgrade application
# target %-rule-exists: Print a warning message if % target does not exists
%-rule-exists:
$(if $(filter $*,$(MAKECMDGOALS)),$(if $(filter-out $*,$(MAKE_TARGETS)),$(call WARNING,no target,$*,$(APP))))
$(if $(filter $*,$(MAKECMDGOALS)),$(if $(filter-out $*,$(MAKE_TARGETS)),$(call WARNING,target,$*,unavailable in app,$(APP))))

@ -27,7 +27,6 @@ DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY)
DOCKER_BUILD_VARS ?= APP BRANCH DOCKER_GID DOCKER_REPOSITORY GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PRIVATE_IP_RANGE SSH_PUBLIC_HOST_KEYS SSH_REMOTE_HOSTS UID USER VERSION
DOCKER_COMPOSE_DOWN_OPTIONS ?=
DOCKER_COMPOSE_UP_OPTIONS ?= -d
DOCKER_GID ?= $(call gid,docker)
DOCKER_IMAGE_TAG ?= $(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
DOCKER_IMAGES ?= $(patsubst %/,%,$(patsubst docker/%,%,$(dir $(wildcard docker/*/Dockerfile))))
DOCKER_PLUGIN ?= rexray/s3fs:latest
@ -45,7 +44,7 @@ DOCKER_REPOSITORY ?= $(subst _,/,$(COMPOSE_PROJECT_NAME))
DOCKER_SERVICE ?= $(lastword $(DOCKER_SERVICES))
DOCKER_SERVICES ?= $(eval IGNORE_DRYRUN := true)$(shell $(call docker-compose,--log-level critical config --services))$(eval IGNORE_DRYRUN := false)
DOCKER_SHELL ?= $(SHELL)
ENV_VARS += COMPOSE_PROJECT_NAME COMPOSE_SERVICE_NAME DOCKER_BUILD_TARGET DOCKER_GID DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_REPOSITORY DOCKER_SHELL
ENV_VARS += COMPOSE_PROJECT_NAME COMPOSE_SERVICE_NAME DOCKER_BUILD_TARGET DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_REPOSITORY DOCKER_SHELL
ifneq ($(DOCKER_RUN),)
DOCKER_COMPOSE ?= docker/compose:$(COMPOSE_VERSION)
@ -61,7 +60,7 @@ DOCKER_COMPOSE_UP_OPTIONS := -d --build
endif
# https://github.com/docker/libnetwork/pull/2348
ifeq ($(HOST_SYSTEM), DARWIN)
ifeq ($(OPERATING_SYSTEM),Darwin)
DOCKER_HOST_IFACE ?= $(shell docker run --rm -it --net=host alpine /sbin/ip -4 route list match 0/0 2>/dev/null |awk '{print $$5}' |awk '!seen[$$0]++' |head -1)
DOCKER_HOST_INET ?= $(shell docker run --rm -it --net=host alpine /sbin/ip -4 addr show $(DOCKER_HOST_IFACE) 2>/dev/null |awk '$$1 == "inet" {sub(/\/.*/,"",$$2); print $$2}')
DOCKER_INTERNAL_DOCKER_GATEWAY ?= $(shell docker run --rm -it alpine getent hosts gateway.docker.internal |awk '{print $$1}' |head -1)

@ -1,4 +0,0 @@
SETUP_NFSD ?= false
SETUP_NFSD_OSX_CONFIG ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
SETUP_SYSCTL ?= false
SETUP_SYSCTL_CONFIG ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.somaxconn=1024

@ -168,7 +168,7 @@ docker-push:
ifneq ($(filter $(DEPLOY),true),)
$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call docker-push,$(service)))
else
$(call WARNING,disabled target,$@,$(APP))
$(call WARNING,target,$@,disabled in app,$(APP))
endif
# target docker-push-%: Call docker-push with tag % for each SERVICES
@ -177,7 +177,7 @@ docker-push-%:
ifneq ($(filter $(DEPLOY),true),)
$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call docker-push,$(service),,$*))
else
$(call WARNING,disabled target,$@,$(APP))
$(call WARNING,target,$@,disabled in app,$(APP))
endif
# target docker-rebuild: Call docker-build target with DOCKER_BUILD_CAHE=false
@ -220,7 +220,7 @@ docker-tag:
ifneq ($(filter $(DEPLOY),true),)
$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call docker-tag,$(service)))
else
$(call WARNING,disabled target,$@,$(APP))
$(call WARNING,target,$@,disabled in app,$(APP))
endif
# target docker-tag-%: Call docker-tag with target tag % for each SERVICES
@ -229,7 +229,7 @@ docker-tag-%:
ifneq ($(filter $(DEPLOY),true),)
$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call docker-tag,$(service),,,,$*))
else
$(call WARNING,disabled target,$@,$(APP))
$(call WARNING,target,$@,disabled in app,$(APP))
endif
# target docker-volume-rm: Fire docker-volume-rm-% for COMPOSE_PROJECT_NAME

@ -1,6 +1,21 @@
##
# INSTALL
# target install-build-config: Call install-config with file * and dest build
.PHONY: install-build-config
install-build-config:
$(call install-config,,*,build)
# target install-config: Call install-config
.PHONY: install-config
install-config:
$(call install-config)
# target install-config-%: Call install-config with app %
.PHONY: install-config-%
install-config-%:
$(call install-config,$*)
# target install-mysql-database-%: Import %.mysql.gz to database %
# on local host
## it creates database %
@ -33,18 +48,3 @@ install-pgsql-database-%: myos-base
$(call exec,[ $$(PGPASSWORD=$* psql -h postgres -U $* -d $* -c "\d" 2>/dev/null |wc -l) -eq 0 ] && [ -f "${APP_DIR}/$*.pgsql" ]) \
&& $(call exec,$(RUN) sh -c 'PGPASSWORD="postgres" psql -h postgres -U postgres -c "ALTER ROLE $* WITH SUPERUSER" && PGPASSWORD="postgres" pg_restore -h postgres --no-owner --role=$* -U postgres -d $* ${APP_DIR}/$*.pgsql && PGPASSWORD="postgres" psql -h postgres -U postgres -c "ALTER ROLE $* WITH NOSUPERUSER"') \
||:
# target install-build-config: Call install-config with file * and dest build
.PHONY: install-build-config
install-build-config:
$(call install-config,,*,build)
# target install-config: Call install-config
.PHONY: install-config
install-config:
$(call install-config)
# target install-config-%: Call install-config with app %
.PHONY: install-config-%
install-config-%:
$(call install-config,$*)

@ -1,19 +1,7 @@
##
# SETUP
.PHONY: setup-sysctl
setup-sysctl:
ifeq ($(SETUP_SYSCTL),true)
$(foreach config,$(SETUP_SYSCTL_CONFIG),$(call docker-run,sysctl -q -w $(config),--privileged alpine) &&) true
endif
.PHONY: setup-nfsd
setup-nfsd:
ifeq ($(SETUP_NFSD),true)
ifeq ($(HOST_SYSTEM),DARWIN)
$(call setup-nfsd-osx)
endif
endif
SETUP_NFSD ?= false
SETUP_NFSD_OSX_CONFIG ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
SETUP_SYSCTL ?= false
SETUP_SYSCTL_CONFIG ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.somaxconn=1024
define setup-nfsd-osx
$(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3))

@ -0,0 +1,31 @@
##
# SETUP
# target setup-docker-group: Call ansible to add user in docker group if needed
.PHONY: setup-docker-group
setup-docker-group:
ifneq ($(DOCKER),)
ifeq ($(or $(filter $(USER),$(subst $(comma), ,$(shell awk -F':' '$$1 == "docker" {print $$4}' /etc/group))),$(filter 0,$(UID))),)
$(call ansible-user-add-groups,$(USER),docker)
$(call WARNING,user,$(USER),added in group,docker)
endif
ifeq ($(filter 0 $(DOCKER_GID),$(shell id -G)),)
$(call ERROR,YOU MUST LOGOUT NOW AND LOGIN BACK TO GET DOCKER GROUP MEMBERSHIP)
endif
endif
# target setup-nfsd: Call setup-nfsd-osx if SETUP_NFSD=true and OPERATING_SYSTEM=Darwin
.PHONY: setup-nfsd
setup-nfsd:
ifeq ($(SETUP_NFSD),true)
ifeq ($(OPERATING_SYSTEM),Darwin)
$(call setup-nfsd-osx)
endif
endif
# target setup-sysctl: Add sysctl config for each SETUP_SYSCTL_CONFIG
.PHONY: setup-sysctl
setup-sysctl:
ifeq ($(SETUP_SYSCTL),true)
$(foreach config,$(SETUP_SYSCTL_CONFIG),$(call docker-run,sysctl -q -w $(config),--privileged alpine) &&) true
endif

@ -3,6 +3,7 @@ COMPOSE_PROJECT_NAME_NODE ?= node
COMPOSE_VERSION ?= 1.29.2
DOCKER_ENV ?= $(env.docker)
DOCKER_EXEC_OPTIONS ?=
DOCKER_GID ?= $(call gid,docker)
DOCKER_IMAGE ?= $(DOCKER_IMAGE_CLI)
DOCKER_IMAGE_CLI ?= $(DOCKER_REPOSITORY_MYOS)/cli
DOCKER_IMAGE_SSH ?= $(DOCKER_REPOSITORY_MYOS)/ssh

@ -17,19 +17,20 @@ CMD_APK_REMOVE ?= $(if $(shell type -p apk),apk --no-cache del)
CMD_APT_INSTALL ?= $(if $(shell type -p apt-get),apt-get update && apt-get -fy install)
CMD_APT_REMOVE ?= $(if $(shell type -p apt-get),apt-get -fy remove)
CMDS ?= exec exec:% exec@% install-app install-apps run run:% run@%
COLOR_INFO ?= $(COLOR_BROWN)
COLOR_BLUE ?= \033[01;34m
COLOR_BROWN ?= \033[33m
COLOR_CYAN ?= \033[36m
COLOR_DGRAY ?= \033[30m
COLOR_ERROR ?= $(COLOR_RED)
COLOR_GRAY ?= \033[37m
COLOR_GREEN ?= \033[32m
COLOR_HIGHLIGHT ?= $(COLOR_GREEN)
COLOR_INFO ?= $(COLOR_BROWN)
COLOR_RED ?= \033[31m
COLOR_RESET ?= \033[0m
COLOR_VALUE ?= $(COLOR_CYAN)
COLOR_WARNING ?= $(COLOR_YELLOW)
COLOR_RESET ?= \033[0m
COLOR_DGRAY ?= \033[30m
COLOR_RED ?= \033[31m
COLOR_GREEN ?= \033[32m
COLOR_BROWN ?= \033[33m
COLOR_YELLOW ?= \033[01;33m
COLOR_BLUE ?= \033[01;34m
COLOR_CYAN ?= \033[36m
COLOR_GRAY ?= \033[37m
COMMIT ?= $(or $(SUBREPO_COMMIT),$(GIT_COMMIT))
CONFIG ?= $(RELATIVE)config
CONFIG_REPOSITORY ?= $(CONFIG_REPOSITORY_URL)
@ -122,20 +123,20 @@ endif
# Guess OS
ifeq ($(OSTYPE),cygwin)
HOST_SYSTEM := CYGWIN
OPERATING_SYSTEM := cygwin
else ifeq ($(OS),Windows_NT)
HOST_SYSTEM := WINDOWS
OPERATING_SYSTEM := Windows_NT
else
UNAME_S := $(shell uname -s 2>/dev/null)
ifeq ($(UNAME_S),Linux)
HOST_SYSTEM := LINUX
OPERATING_SYSTEM := Linux
endif
ifeq ($(UNAME_S),Darwin)
HOST_SYSTEM := DARWIN
OPERATING_SYSTEM := Darwin
endif
endif
ifeq ($(HOST_SYSTEM),DARWIN)
ifeq ($(OPERATING_SYSTEM),Darwin)
SED_SUFFIX := ''
endif
@ -171,6 +172,19 @@ define conf
done < "$(file)"
endef
ERROR_FD := 2
# macro ERROR: print colorized warning
ERROR = \
printf '${COLOR_ERROR}ERROR:${COLOR_RESET} ${COLOR_INFO}$(APP)${COLOR_RESET}[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}]$(if $@, ${COLOR_VALUE}$@${COLOR_RESET}):${COLOR_RESET} ' >&$(ERROR_FD) \
$(if $(2), \
&& printf '$(1) ${COLOR_HIGHLIGHT}$(2)${COLOR_RESET}' >&$(ERROR_FD) \
$(if $(3),&& printf ' $(3)$(if $(4), ${COLOR_VALUE}$(4)${COLOR_RESET})' >&$(ERROR_FD)) \
, \
&& $(strip $(call PRINTF,$(1)) >&$(ERROR_FD)) \
) \
&& printf '\n' >&$(ERROR_FD) \
&& exit 2
# macro force: Run command 1 sine die
## it starts command 1 if it is not already running
## it returns never
@ -190,15 +204,12 @@ force = $$(while true; do \
)
# macro gid: Return GID of group 1
gid = $(shell grep '^$(1):' /etc/group 2>/dev/null |awk -F: '{print $$3}')
gid = $(shell awk -F':' '$$1 == "$(1)" {print $$3}' /etc/group 2>/dev/null)
INFO_FD := 2
# macro INFO: customized info
INFO = \
$(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
printf '${COLOR_INFO}$(APP)${COLOR_RESET}\
[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}] \
${COLOR_HIGHLIGHT}$@${COLOR_RESET}:${COLOR_RESET} ' >&$(INFO_FD) \
# macro INFO: print colorized info
INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
printf '${COLOR_INFO}$(APP)${COLOR_RESET}[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}]$(if $@, ${COLOR_VALUE}$@${COLOR_RESET}):${COLOR_RESET} ' >&$(INFO_FD) \
$(if $(2), \
&& printf 'Call ${COLOR_HIGHLIGHT}$(1)${COLOR_RESET}$(lbracket)' >&$(INFO_FD) \
&& $(or $(strip $(call PRINTF,$(2))),printf '$(2)') >&$(INFO_FD) \
@ -207,7 +218,7 @@ ${COLOR_HIGHLIGHT}$@${COLOR_RESET}:${COLOR_RESET} ' >&$(INFO_FD) \
, \
&& $(strip $(call PRINTF,$(1)) >&$(INFO_FD)) \
) \
&& printf '\n' >&$(INFO_FD) \
&& printf '\n' >&$(INFO_FD) \
))
# function install-app: Run 'git clone url 1 dir 2' or Call update-app with url 1 dir 2
@ -279,18 +290,16 @@ $(TARGET):
endef
WARNING_FD := 2
# macro WARNING: customized warning
WARNING = printf '${COLOR_WARNING}WARNING:${COLOR_RESET} ${COLOR_INFO}$(APP)${COLOR_RESET}\
[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}] \
${COLOR_HIGHLIGHT}$@${COLOR_RESET}:${COLOR_RESET} ' >&$(WARNING_FD) \
# macro WARNING: print colorized warning
WARNING = \
printf '${COLOR_WARNING}WARNING:${COLOR_RESET} ${COLOR_INFO}$(APP)${COLOR_RESET}[${COLOR_VALUE}$(MAKELEVEL)${COLOR_RESET}]$(if $@, ${COLOR_VALUE}$@${COLOR_RESET}):${COLOR_RESET} ' >&$(WARNING_FD) \
$(if $(2), \
&& printf '$(1) ' >&$(WARNING_FD) \
&& printf '${COLOR_HIGHLIGHT}$(2)${COLOR_RESET}' >&$(WARNING_FD) \
$(if $(3),&& printf ' in ${COLOR_VALUE}$(3)${COLOR_RESET}' >&$(WARNING_FD)) \
&& printf '$(1) ${COLOR_HIGHLIGHT}$(2)${COLOR_RESET}' >&$(WARNING_FD) \
$(if $(3),&& printf ' $(3)$(if $(4), ${COLOR_VALUE}$(4)${COLOR_RESET})' >&$(WARNING_FD)) \
, \
&& $(strip $(call PRINTF,$(1)) >&$(WARNING_FD)) \
) \
&& printf '\n' >&$(WARNING_FD)
&& printf '\n' >&$(WARNING_FD)
# set ENV=env for targets ending with :env
## for each env in ENV_LIST

@ -24,7 +24,7 @@ config: $(APPS)
# target copy: Copy files and folders to all APPS
.PHONY: copy
copy:
$(foreach app,$(APPS),$(foreach file,$(ARGS),$(if $(wildcard $(file)),$(RUN) $(if $(filter LINUX,$(HOST_SYSTEM)),cp -a --parents $(file) $(app)/,rsync -a $(file) $(app)/$(file)) &&)) true &&) true
$(foreach app,$(APPS),$(foreach file,$(ARGS),$(if $(wildcard $(file)),$(RUN) $(if $(filter Linux,$(OPERATING_SYSTEM)),cp -a --parents $(file) $(app)/,rsync -a $(file) $(app)/$(file)) &&)) true &&) true
# target deploy: Fire APPS target
.PHONY: deploy
@ -95,7 +95,7 @@ upgrade: upgrade-apps release-upgrade ## Upgrade applications
$(APPS):
$(if $(wildcard $@/Makefile), \
$(call make,$(patsubst apps-%,%,$(MAKECMDGOALS)) STATUS=0,$(patsubst %/,%,$@),APP_PATH_PREFIX), \
$(call WARNING,no Makefile in,$@) \
$(call WARNING,no,Makefile,available in app,$@) \
)
# target apps-%: Fire $(APPS) target to call target % in $(APPS)

@ -62,16 +62,16 @@ password := $(or $(shell pwgen -csy -r\' 64 1 2>/dev/null
endif
endif
ifeq ($(HOST_SYSTEM),DARWIN)
ifeq ($(OPERATING_SYSTEM),Darwin)
ifneq ($(DOCKER), true)
PACKER_QEMU_ACCELERATOR := hvf
else
PACKER_QEMU_ACCELERATOR := tcg
PACKER_QEMU_ARGS += -cpu max,vendor=GenuineIntel,vmware-cpuid-freq=on,+invtsc,+aes,+vmx
endif
else ifeq ($(HOST_SYSTEM),LINUX)
else ifeq ($(OPERATING_SYSTEM),Linux)
DOCKER_RUN_OPTIONS_PACKER += $(if $(KVM_GID),--group-add $(KVM_GID)) --device /dev/kvm
else ifeq ($(HOST_SYSTEM),WINDOWS)
else ifeq ($(OPERATING_SYSTEM),Windows_NT)
PACKER_QEMU_ACCELERATOR := hax
endif

@ -18,7 +18,7 @@ packer-build-templates: $(PACKER_TEMPLATES) ## Build all packer templates
# target $(PACKER_TEMPLATES): Call packer-build $@
.PHONY: $(PACKER_TEMPLATES)
ifeq ($(HOST_SYSTEM),DARWIN)
ifeq ($(OPERATING_SYSTEM),Darwin)
$(PACKER_TEMPLATES): DOCKER ?= false
endif
$(PACKER_TEMPLATES):
@ -36,7 +36,7 @@ packer-qemu: packer-qemu-$(PACKER_ISO_NAME) ## Launch iso image in qemu
# target packer-qemu-%: Call packer-qemu PACKER_OUTPUT/%.iso
.PHONY: packer-qemu-%
ifeq ($(HOST_SYSTEM),DARWIN)
ifeq ($(OPERATING_SYSTEM),Darwin)
packer-qemu-%: DOCKER ?= false
endif
packer-qemu-%: docker-build-packer ## Run iso image in qemu

@ -1,3 +1,3 @@
# target base: Fire ssh-add
.PHONY: base
base: $(if $(DOCKER_RUN),install-bin-docker docker-network-create stack-base-up) ssh-add
base: $(if $(DOCKER_RUN),bootstrap-docker docker-network-create stack-base-up) ssh-add

@ -2,4 +2,4 @@ ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET
# target node: Fire docker-network-create-% for DOCKER_NETWORK_PUBLIC ssl-certs stack-node-up
.PHONY: node
node: docker-network-create-$(DOCKER_NETWORK_PUBLIC) ssl-certs stack-node-up
node: bootstrap-docker docker-network-create-$(DOCKER_NETWORK_PUBLIC) ssl-certs stack-node-up

Loading…
Cancel
Save