ddosug
/
ansible-anwendertreffen
3
0
Fork 0
Code Issues Pull Requests Releases Activity

initial commit

Browse Source
main
dschier 2 years ago
commit 6f8358cc98
14 changed files with 493 additions and 0 deletions
Show Stats Download Patch File Download Diff File

53
.gitignore vendored
Unescape View File

@ -0,0 +1,53 @@
# reference: https://git-scm.com/docs/gitignore
# ansible
*.retry
.cache/
# compiled source
bin/
*.com
*.class
*.dll
*.exe
*.o
*.so
# database
*.sql
*.sqlite
# lock files
*.lock
package-lock.json
# logs
logs/
*.log
# OS generated files
.DS_Store*
ehthumbs.db
Icon?
Thumbs.db
# packages
*.7z
*.dmg
*.gz
*.iso
*.rar
*.tar
*.zip
# python
*.py[cod]
__pycache__/
# temporary files
*.swp
*.swo
*~
# Vagrant
.vagrant/

10
container-web/Containerfile
Unescape View File

@ -0,0 +1,10 @@
FROM registry.fedoraproject.org/fedora-minimal:34
RUN microdnf install -y httpd && \
microdnf clean all
COPY files/ /var/www/html/
EXPOSE 80
CMD ["httpd", "-DFOREGROUND"]

9
container-web/files/css/main.css
Unescape View File

@ -0,0 +1,9 @@
header{
padding-bottom: 2rem;
padding-top: 2rem;
}
article{
border-bottom: 1px dashed #000;
padding-bottom: 2rem;
padding-top: 2rem;
}

BIN
container-web/files/img/ansible_podman.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

127
container-web/files/index.html
Unescape View File

@ -0,0 +1,127 @@
<!doctype html>
<html lang="de">
<head>
<!-- meta -->
<meta charset="utf-8" />
<meta http-equiv="x-ua-compatible" content="ie=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="HandheldFriendly" content="True" />
<!-- identity -->
<title>Ansible Anwendertreffen</title>
<meta name="Ansible + Podman for IoT, Edge and Tinkering" content="meta-description" />
<link rel="apple-touch-icon" href="img/favicon.png" />
<link rel="shortcut icon" href="img/favicon.png" />
<!-- use Style-Cheat CSS-->
<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/style-cheat/css@1.0/dist/style-cheat.min.css" />
<!-- <link rel="stylesheet" href="../css/dist/style-cheat.min.css" /> -->
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.2/css/all.css" />
<link rel="stylesheet" href="css/main.css" />
</head>
<body>
<header id="header" class="bg-primary fg-light" role="banner">
<div class="container text-center">
<h1 class="page-heading">Ansible Anwendertreffen</h1>
<p>Ansible + Podman for IoT, Edge and Tinkering</p>
</div>
</header> <!-- /#header -->
<main>
<article id="intro" class="bg-light">
<div class="container">
<h2>Intro</h2>
<p>IoT and edge devices like home servers, machine controller or IPCs
are somewhat special. They can be located in some factory corner, on
a car or ship. But they also need some love.
</p>
<p><a href="https://ww.ansible.com">Ansible</a> and
<a href="https://podman.io">Podman</a> can help with many of the
challeges, that one if facing with this kind of devices.</p>
</div>
</article> <!-- /#intro -->
<article id="challenges">
<div class="container">
<h2>Challenges</h2>
<ul>
<li>Is it on/off?</li>
<li>Is connectivity given?</li>
<li>Is latency and timeouts an issue?</li>
<li>Do I have a line of sight?</li>
<li>Is technical staff on site?</li>
<li>Is there an easy way to update?</li>
<li>What about recovery?</li>
</ul>
</div>
</article> <!-- /#challenges -->
<article id="solution" class="bg-light">
<div class="container">
<h2>Ansible and Podman to the rescue</h2>
<p>We need something simple, easy to debug, stateless, idempotent and
powerful enough to run without humans. Podman takes care of your
machine controller, application and whatever needs to be deployed
on site. Ansible configures the machine, the environment and takes
care of regular patching.
</p>
</div>
</article> <!-- /#solution -->
<article id="diagram">
<div class="container">
<h2>Diagram</h2>
<img src="img/ansible_podman.jpg">
</div>
</article> <!-- /#digram -->
</main>
<footer id="footer" class="bg-primary fg-light">
<div class="container">
<div class="row">
<div class="col">
<div class="box">
<h5 class="section-heading">Important Links</h5>
<p><a href="https://while-true-do.io"><i class="fas fa-fw fa-home"></i> Home</a></p>
<p><a href="https://code.while-true-do.io"><i class="fab fa-fw fa-github"></i> Code</a></p>
</div>
</div> <!-- /.col -->
<div class="col">
<div class="box">
<h5 class="section-heading">Contact</h5>
<p><a href="mailto:hello@while-true-do.io"><i class="fas fa-fw fa-envelope"></i> Mail</a></p>
</div>
</div> <!-- /.col -->
<div class="col">
<div class="box">
<h5 class="section-heading">Work</h5>
<p><a href="https://proficom.de">profi.com AG Web</a></p>
<p><a href="https://www.youtube.com/user/TheProficom">profi.com AG Youtube</a></p>
<p><a href="mailto:dschier@proficom.de">profi.com AG Mail</a></p>
</div>
</div> <!-- /.col -->
<div class="col">
<div class="box">
<h5 class="section-heading">Partners</h5>
<p><a href="https://while-true-do.io">while-true-do.io</a></p>
<p><a href="https://style-cheat.io">style-cheat.io</a></p>
<p><a href="https://gerri.io">gerri.io</a></p>
<p><a href="https://kudos-txt.io">kudos-txt.io</a></p>
</div>
</div> <!-- /.col -->
</div> <!-- /.row -->
<div class="row">
<div class="col">
<div class="box">
<p>Made with <span class="fg-alert"></span>, <a href="#">Font Awesome</a> and <a href="https://style-cheat.io">Style-Cheat</a>.</p>
</div>
</div> <!-- /.col -->
</div> <!-- /.row -->
</div> <!-- /.container -->
</footer> <!-- /#footer -->
</body>
</html>

27
server/Vagrantfile vendored
Unescape View File

@ -0,0 +1,27 @@
Vagrant.configure("2") do |config|
# libvirt
config.vm.provider "libvirt" do |lv|
lv.cpus = 4
lv.memory = 4096
end
# virtualbox
config.vm.provider "virtualbox" do |vb|
vb.cpus = 4
vb.memory = 4096
vb.linked_clone = true
end
# provision
config.vm.provision "ansible" do |site|
site.playbook = "site.yml"
end
# machine
config.vm.define "edge01" do |edge01|
edge01.vm.box = "fedora/33-cloud-base"
edge01.vm.hostname = "edge01"
end
end

124
server/configure.yml
Unescape View File

@ -0,0 +1,124 @@
#!/usr/bin/env ansible-playbook
---
- name: "Configure host"
hosts: "all"
handlers:
- name: "Restart Podman Services"
ansible.builtin.service:
name: "{{ item }}"
state: "restarted"
become: true
loop:
- "podman.socket"
- "podman-auto-update.timer"
- name: "Restart Cockpit Service"
ansible.builtin.service:
name: "cockpit.socket"
state: "restarted"
become: true
tasks:
# Users
- name: "Manage Admin User"
ansible.builtin.user:
name: "admin"
password: "{{ 'password' | password_hash('sha512', 'NotSoSalty') }}"
groups: "wheel"
state: "present"
become: true
# Ansible
- name: "Manage Ansible Packages"
ansible.builtin.package:
name: "ansible"
state: "present"
become: true
- name: "Manage ansible-pull Service File"
template:
src: "ansible-pull.service.j2"
dest: "/etc/systemd/system/ansible-pull.service"
owner: "root"
group: "root"
mode: 0644
become: true
- name: "Manage ansible-pull Timer File"
template:
src: "ansible-pull.timer.j2"
dest: "/etc/systemd/system/ansible-pull.timer"
owner: "root"
group: "root"
mode: 0644
become: true
- name: "Manage ansible-pull Timer"
ansible.builtin.systemd:
name: "ansible-pull.timer"
state: "started"
enabled: true
daemon_reload: true
become: true
# Podman
- name: "Manage Podman Packages"
ansible.builtin.package:
name: "podman"
state: "present"
become: true
- name: "Manage podman-auto-update.d Directory"
file:
path: "/etc/systemd/system/podman-auto-update.timer.d"
state: "directory"
owner: "root"
group: "root"
mode: 0755
become: true
- name: "Manage podman-auto-update Timer File"
template:
src: "podman-auto-update.timer.override.conf.j2"
dest: "/etc/systemd/system/podman-auto-update.timer.d/override.conf"
owner: "root"
group: "root"
mode: 0644
become: true
- name: "Manage Podman Services"
ansible.builtin.systemd:
name: "{{ item }}"
state: "started"
enabled: true
daemon_reload: true
become: true
loop:
- "podman.socket"
- "podman-auto-update.timer"
# Cockpit
- name: "Manage Cockpit Packages"
ansible.builtin.package:
name:
- "cockpit"
- "cockpit-podman"
- "polkit"
state: "present"
become: true
- name: "Manage Cockpit Services"
ansible.builtin.service:
name: "cockpit.socket"
state: "started"
enabled: true
become: true
...

37
server/deploy.yml
Unescape View File

@ -0,0 +1,37 @@
#!/usr/bin/env ansible-playbook
---
- name: "Deploy Container Services"
hosts: "all"
handlers:
- name: "Restart container-web Service"
ansible.builtin.systemd:
name: "container-web.service"
state: "restarted"
daemon_reload: true
become: true
tasks:
# container-web
- name: "Manage container-web Service File"
ansible.builtin.template:
src: "container-web.service.j2"
dest: "/etc/systemd/system/container-web.service"
owner: "root"
group: "root"
mode: 0644
become: true
notify: "Restart container-web Service"
- name: "Manage container-web Service"
ansible.builtin.systemd:
name: "container-web.service"
state: "started"
enabled: true
daemon_reload: true
become: true
...

13
server/site.yml
Unescape View File

@ -0,0 +1,13 @@
---
- name: "Import configure.yml"
import_playbook: "configure.yml"
- name: "Import deploy.yml"
import_playbook: "deploy.yml"
- hosts: "all"
tasks:
- name: "Connect information"
debug:
msg: "https://{{ ansible_default_ipv4.address }}:9090"
...

20
server/templates/ansible-pull.service.j2
Unescape View File

@ -0,0 +1,20 @@
{{ ansible_managed | comment }}
[Unit]
Description=Ansible Pull Service
Wants=network.target
After=network-online.target
[Service]
EnvironmentFile=/etc/ansible/ansible-pull.env
ExecStart=/usr/bin/ansible-pull \
-U https://code.while-true-do.io/ddosug/ansible-anwendertreffen.git \
-C main \
-t stable \
-d server \
-c local \
site.yml
Type=oneshot
[Install]
WantedBy=multi-user.target

12
server/templates/ansible-pull.timer.j2
Unescape View File

@ -0,0 +1,12 @@
{{ ansible_managed | comment }}
[Unit]
Description=Ansible Pull Timer
[Timer]
# OnCalendar=weekly
OnCalendar=*:0/5
Persistent=true
[Install]
WantedBy=timers.target

32
server/templates/container-web.service.j2
Unescape View File

@ -0,0 +1,32 @@
{{ ansible_managed | comment }}
[Unit]
Description=Podman container-web.service
Wants=network.target
After=network-online.target
RequiresMountsFor=/var/lib/containers/storage /run/containers/storage
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-web.pid %t/container-web.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-web.pid \
--cidfile %t/container-web.ctr-id \
--cgroups=no-conmon \
--replace \
--detach \
--name web \
--publish 8080:80 \
docker.io/library/httpd:2
ExecStartPost=/bin/sleep 1
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-web.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-web.ctr-id
PIDFile=%t/container-web.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

6
server/templates/podman-auto-update.timer.override.conf.j2
Unescape View File

@ -0,0 +1,6 @@
{{ ansible_managed | comment }}
[Timer]
# OnCalendar=weekly
OnCalendar=*:0/5
Persistent=true

23
server/update.yml
Unescape View File

@ -0,0 +1,23 @@
#!/usr/bin/env ansible-playbook
---
- name: "Update Server"
hosts: "all"
handlers:
- name: "Reboot System"
ansible.builtin.command:
cmd: "systemctl reboot --message='System Upgrade'"
become: true
tasks:
- name: "Update System"
ansible.builtin.package:
name: "*"
state: "latest"
become: true
notify:
- "Reboot System"
...
Write Preview
Loading…
Cancel
Save