├── .ansible-lint ├── .github └── workflows │ └── ci.yml ├── .gitignore ├── .yamllint ├── README.md ├── ansible.cfg ├── config_files └── logging.yml ├── group_vars ├── all │ └── vars.yml ├── molecule │ ├── vars.yml │ └── vault.yml ├── production │ ├── vars.yml │ └── vault.yml └── staging │ ├── vars.yml │ └── vault.yml ├── hosts.example ├── molecule └── default │ ├── converge.yml │ ├── molecule.yml │ ├── prepare.yml │ └── tests │ ├── test_docker.py │ ├── test_dokku.py │ └── test_http.py ├── playbook.yml ├── requirements.txt └── requirements.yml /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | parseable: true 3 | skip_list: 4 | - '204' 5 | use_default_rules: true 6 | verbosity: 1 7 | exclude_paths: 8 | - ./roles/ 9 | - ./.github/ 10 | - ./requirements.yml 11 | - ./molecule/ 12 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: CI 3 | on: [push, pull_request] 4 | jobs: 5 | linter: 6 | runs-on: ubuntu-18.04 7 | strategy: 8 | matrix: 9 | python-version: [3.9] 10 | 11 | steps: 12 | - uses: actions/checkout@v2 13 | - name: Set up python ${{ matrix.python-version }} 14 | uses: actions/setup-python@v2 15 | with: 16 | python-version: ${{ matrix.python-version }} 17 | - name: Install dependencies 18 | run: | 19 | sudo apt install docker 20 | python3 -m pip install --upgrade pip 21 | python3 -m pip install -r requirements.txt 22 | ansible-galaxy install -r requirements.yml 23 | - name: Create secrets file 24 | run: | 25 | echo ${{ secrets.VAULT_SECRET }} >> /tmp/vault_password_file 26 | - name: Run Ansible Lint 27 | run: | 28 | ansible-lint 29 | - name: Run Yaml Lint 30 | run: | 31 | yamllint . 32 | 33 | molecule: 34 | runs-on: ubuntu-18.04 35 | strategy: 36 | matrix: 37 | python-version: [3.9] 38 | 39 | steps: 40 | - uses: actions/checkout@v2 41 | - name: Set up python ${{ matrix.python-version }} 42 | uses: actions/setup-python@v2 43 | with: 44 | python-version: ${{ matrix.python-version }} 45 | - name: Install dependencies 46 | run: | 47 | python3 -m pip install --upgrade pip 48 | python3 -m pip install -r requirements.txt 49 | ansible-galaxy install -r requirements.yml 50 | - name: Create vault password file 51 | run: | 52 | echo "MY_AWESOME_PASSWORD" > /tmp/vault_password_file 53 | - name: Encrypt the variable file 54 | run: | 55 | cd $GITHUB_WORKSPACE/group_vars/molecule/ 56 | ansible-vault encrypt vault.yml --vault-password-file /tmp/vault_password_file 57 | - name: Test with molecule 58 | run: molecule test 59 | env: 60 | PY_COLORS: "1" 61 | ANSIBLE_FORCE_COLOR: "1" 62 | 63 | staging-deploy: 64 | runs-on: ubuntu-18.04 65 | if: github.ref == 'refs/heads/main' 66 | 67 | steps: 68 | - uses: actions/checkout@v2 69 | - name: Set up python 3 70 | uses: actions/setup-python@v2 71 | with: 72 | python-version: "3.x" 73 | - name: Install dependencies 74 | run: | 75 | python3 -m pip install --upgrade pip 76 | python3 -m pip install -r requirements.txt 77 | ansible-galaxy install -r requirements.yml 78 | - name: Create secrets file 79 | run: | 80 | echo ${{ secrets.VAULT_SECRET }} > /tmp/vault_password_file 81 | - name: Setup SSH private Key 82 | env: 83 | SSH_AUTH_SOCK: /tmp/ssh_agent.sock 84 | run: | 85 | mkdir -p ~/.ssh 86 | ssh-agent -a $SSH_AUTH_SOCK > /dev/null 87 | ssh-add - <<< "${{ secrets.PRIVATE_KEY }}" 88 | - name: Create ansible inventory 89 | run: | 90 | echo "[staging]" >> hosts 91 | echo ${{ secrets.INVENTORY_HOSTS_STAGING }} >> hosts 92 | - name: Execute ansible playbook 93 | run: ansible-playbook playbook.yml -i hosts -l staging -v --vault-password-file /tmp/vault_password_file 94 | env: 95 | SSH_AUTH_SOCK: /tmp/ssh_agent.sock 96 | 97 | needs: [linter, molecule] 98 | 99 | production-deploy: 100 | runs-on: ubuntu-18.04 101 | if: startsWith(github.ref, 'refs/tags/v') 102 | 103 | steps: 104 | - uses: actions/checkout@v2 105 | - name: Set up python 3 106 | uses: actions/setup-python@v2 107 | with: 108 | python-version: "3.x" 109 | - name: Install dependencies 110 | run: | 111 | python3 -m pip install --upgrade pip 112 | python3 -m pip install -r requirements.txt 113 | ansible-galaxy install -r requirements.yml 114 | - name: Create secrets file 115 | run: | 116 | echo ${{ secrets.VAULT_SECRET }} > /tmp/vault_password_file 117 | - name: Setup SSH private Key 118 | env: 119 | SSH_AUTH_SOCK: /tmp/ssh_agent.sock 120 | run: | 121 | mkdir -p ~/.ssh 122 | ssh-agent -a $SSH_AUTH_SOCK > /dev/null 123 | ssh-add - <<< "${{ secrets.PRIVATE_KEY }}" 124 | - name: Create ansible inventory 125 | run: | 126 | echo "[production]" >> hosts 127 | echo ${{ secrets.INVENTORY_HOSTS }} >> hosts 128 | - name: Execute ansible playbook 129 | run: ansible-playbook playbook.yml -i hosts -l production -v --vault-password-file /tmp/vault_password_file 130 | env: 131 | SSH_AUTH_SOCK: /tmp/ssh_agent.sock 132 | 133 | needs: [linter, molecule] 134 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | hosts 2 | .venv 3 | roles 4 | molecule/*/tests/__pycache__ -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | ignore: | 4 | .github/ 5 | meta/ 6 | roles/ 7 | .venv/ 8 | group_vars/staging/vault.yml 9 | group_vars/production/vault.yml 10 | 11 | rules: 12 | braces: 13 | max-spaces-inside: 1 14 | level: error 15 | brackets: 16 | max-spaces-inside: 1 17 | level: error 18 | line-length: disable 19 | truthy: 20 | allowed-values: [ 21 | 'False', 22 | 'false', 23 | 'true', 24 | 'True', 25 | 'no', 26 | 'yes' 27 | ] 28 | check-keys: true 29 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IaC 2 | 3 | Esse repositório por hora servirá de espaço para organização do time de infra para o projeto Dados Abertos De Feira. 4 | 5 | Aqui teremos a lista de tarefas e qualquer documento necessário pra ajudar pessoas a começarem a ajudar. 6 | 7 | Sua contribuição é muito bem-vinda! Leia o nosso [manifesto](https://dadosabertosdefeira.medium.com/manifesto-a9cb9207820d) 8 | para entender os nossos valores e também o nosso [código de conduta](https://github.com/DadosAbertosDeFeira/guias/blob/main/CODIGO_DE_CONDUTA.md) 9 | e o [guia de contribuição](https://github.com/DadosAbertosDeFeira/guias/blob/main/GUIA_DE_CONTRIBUICAO.md). 10 | 11 | # Como testar 12 | 13 | ## Requisitos: 14 | Instale o Python 3 15 | 16 | - Instale o [Python 3](https://www.python.org/downloads/) 17 | - Instale o [Molecule](https://molecule.readthedocs.io/en/latest/installation.html): 18 | 19 | ``` 20 | python3 -m venv .venv 21 | source .venv/bin/activate 22 | pip install "molecule[docker,lint]" pytest-testinfra 23 | ``` 24 | 25 | - Testando a role: 26 | 27 | ``` 28 | molecule test 29 | ``` 30 | 31 | - Testando rapidamente após modificação: 32 | 33 | ``` 34 | molecule create 35 | molecule converge 36 | molecule verify 37 | ``` 38 | 39 | # Como executar o playbook 40 | 41 | ## Requisitos: 42 | Instale o Python 3 43 | 44 | - Instale o [Python 3](https://www.python.org/downloads/) 45 | - Instale o ansible usando venv: 46 | 47 | ``` 48 | python3 -m venv .venv 49 | source .venv/bin/activate 50 | pip install -r requirements.txt 51 | ``` 52 | Pra testar, execute os seguintes comandos: 53 | 54 | ``` 55 | molecule create 56 | molecule converge 57 | molecule verify 58 | ``` 59 | 60 | Primeiro é necessário instalar as roles necessárias com o comando: 61 | 62 | ``` 63 | ansible-galaxy install -r requirements.yml 64 | ``` 65 | 66 | Depois, crie um inventário para a máquina de teste. No repositório há um inventário de exemplo em *hosts.example*. Recomenda-se utilizar uma máquina com Ubuntu 18.04. 67 | 68 | ``` 69 | ansible-playbook -i hosts playbook.yml 70 | ``` 71 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | # Arquivo de configuração do ansible -- http://ansible.com/ 2 | # ============================================== 3 | 4 | [defaults] 5 | log_path = ~/iac-ansible.log 6 | 7 | forks = 20 8 | host_key_checking = False 9 | retry_files_enabled = False 10 | retry_files_save_path = ~/ansible-installer-retries 11 | nocows = True 12 | remote_user = root 13 | roles_path = roles/ 14 | # Evita do get fact rode duas vezes para o mesmo host 15 | gathering = smart 16 | fact_caching = jsonfile 17 | fact_caching_connection = $HOME/ansible/facts 18 | fact_caching_timeout = 600 19 | callback_whitelist = profile_tasks 20 | inventory_ignore_extensions = secrets.py, .pyc, .cfg, .crt, .ini 21 | timeout = 30 22 | # define o arquivo acesso ao segredo do vault 23 | #vault_password_file = /tmp/vault_password_file 24 | 25 | # Descomente para usar o inventário exemplo 26 | inventory = hosts.example 27 | 28 | [inventory] 29 | # Falha quando o parse do inventário não passar (Ansible 2.4+) 30 | unparsed_is_failed=true 31 | 32 | [ssh_connection] 33 | retries = 2 34 | pipelining = True 35 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s 36 | timeout = 10 37 | # O valor padrão pode causar problemas por conta do tamanho 38 | control_path = %(directory)s/%%h-%%r 39 | 40 | # Referência: https://github.com/openshift/openshift-ansible/blob/master/ansible.cfg -------------------------------------------------------------------------------- /config_files/logging.yml: -------------------------------------------------------------------------------- 1 | --- 2 | logs: 3 | - name: alternatives.log 4 | file: /var/log/alternatives.log 5 | 6 | - name: auth.log 7 | file: /var/log/auth.log 8 | 9 | - name: dpkg.log 10 | file: /var/log/dpkg.log 11 | 12 | - name: docker-logs 13 | file: /var/lib/docker/containers/*/*.log 14 | attributes: 15 | logtype: docker 16 | 17 | - name: nginx-access-logs 18 | file: /var/log/nginx/access.log* 19 | 20 | - name: nginx-error-logs 21 | file: /var/log/nginx/error.log* 22 | -------------------------------------------------------------------------------- /group_vars/all/vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # file: group_vars/all/vars.yml 3 | dokku_version: 0.22.3 4 | sshcommand_version: 0.12.0 5 | dokku_hostname: dadosabertosdefeira.com.br 6 | dokku_users: 7 | - name: gomex 8 | username: gomex 9 | ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYc9rlj0wKka5t31T4EiTanSmXpswDg00dYmuwdvEW3bAovcdzt6p3kgFxpPaZj7X6oFfvSCXpoL+/yjngujEW9CGbqfdVyvCodIuIaGuoUsxo7dtMCLzqZtGGe1m6xoTyNqZQzv68nF1fZ/ku7YNK9HGKKcjNJVvs6ocqK5Jbdb6IGRF64kP4hx8IX5n8CU8APn5esrh6BNhViKHWYIGDYoFkd54Z4CeD156BYl1OhWbla6u1vOntpj1uw3Lp+haAWbXSJMCpztsYPeynrQ14GUbHPRAsO4IILD5CtZWsp16VnEIAhsIqrnzp1BGTduwbX5VVzY3K7JdFNEWThFhd" 10 | dokku_plugins: 11 | - name: clone 12 | url: https://github.com/crisward/dokku-clone.git 13 | - name: letsencrypt 14 | url: https://github.com/dokku/dokku-letsencrypt.git 15 | -------------------------------------------------------------------------------- /group_vars/molecule/vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # file: group_vars/molecule/vars.yml 3 | env: "molecule" 4 | task_name: "molecule environment configuration" 5 | app: "molecule.dadosabertosdefeira.com.br" 6 | # specify a email for dokku-letsencrypt 7 | dokku_letsencrypt_email: "linux.rafa@gmail.com" 8 | # specify port so `domains` can setup the port mapping properly 9 | port: "5000" 10 | database_url: "{{ vault_database_url }}" 11 | cloudamqp_url: "{{ vault_cloudamqp_url }}" 12 | cloudamqp_apikey: "{{ vault_cloudamqp_apikey }}" 13 | city_council_webservice: "https://www.transparencia.feiradesantana.ba.leg.br/" 14 | django_allowed_hosts: "0.0.0.0,molecule.dadosabertosdefeira.com.br,.gomex.me" 15 | django_configuration: "Prod" 16 | django_secret_key: "{{ vault_django_secret_key }}" 17 | django_settings_module: "web.settings" 18 | enable_autothrottle_debug: "true" 19 | new_relic_log: "stdout" 20 | 21 | # NEWRELIC INFRA 22 | nrinfragent_integrations: 23 | - { name: nri-nginx, state: "latest" } 24 | - { name: nri-postgresql, state: "latest" } 25 | nrinfragent_config: 26 | license_key: "{{ vault_newrelic_key }}" 27 | log_file: /var/log/newrelic-infra/nr-infra.log 28 | log_to_stdout: false 29 | -------------------------------------------------------------------------------- /group_vars/molecule/vault.yml: -------------------------------------------------------------------------------- 1 | --- 2 | vault_database_url: "" 3 | vault_cloudamqp_url: "" 4 | vault_cloudamqp_apikey: "" 5 | vault_django_secret_key: "" 6 | vault_newrelic_key: "" 7 | -------------------------------------------------------------------------------- /group_vars/production/vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # file: group_vars/production/vars.yml 3 | env: "production" 4 | app: "mq.dadosabertosdefeira.com.br" 5 | # specify a email for dokku-letsencrypt 6 | 7 | apps_config: 8 | DOKKU_LETSENCRYPT_EMAIL: "linux.rafa@gmail.com" 9 | PORT: "5000" 10 | # DATABASE_URL: "{{ database_url }}" 11 | # CLOUDAMQP_URL: "{{ cloudamqp_url }}" 12 | # CLOUDAMQP_APIKEY: "{{ cloudamqp_apikey }}" 13 | CITY_COUNCIL_WEBSERVICE: "https://www.transparencia.feiradesantana.ba.leg.br/" 14 | CITY_COUNCIL_WEBSERVICE_ENDPOINT: "http://transparencia.feiradesantana.ba.leg.br/webservice" 15 | DJANGO_ALLOWED_HOSTS: ".mq.dadosabertosdefeira.com.br" 16 | DJANGO_CONFIGURATION: "Prod" 17 | DJANGO_SETTINGS_MODULE: "web.settings" 18 | DOKKU_APP_TYPE: "dockerfile" 19 | DOKKU_PROXY_PORT: "80" 20 | DOKKU_PROXY_PORT_MAP: "http:80:5000" 21 | ENABLE_AUTOTHROTTLE_DEBUG: "true" 22 | NEW_RELIC_LOG: "stdout" 23 | SENTRY_ENVIRONMENT: "Prod" 24 | SPIDERMON_SENTRY_ENVIRONMENT_TYPE: "Prod" 25 | TIKA_CLIENT_ONLY: "1" 26 | 27 | # NEWRELIC INFRA 28 | nrinfragent_integrations: 29 | - { name: nri-nginx, state: "latest" } 30 | - { name: nri-postgresql, state: "latest" } 31 | nrinfragent_config: 32 | license_key: "{{ vault_newrelic_key }}" 33 | log_file: /var/log/newrelic-infra/nr-infra.log 34 | log_to_stdout: false 35 | -------------------------------------------------------------------------------- /group_vars/production/vault.yml: -------------------------------------------------------------------------------- 1 | $ANSIBLE_VAULT;1.1;AES256 2 | 61323331303034353666643834653531356138623335383933313866613235376133303530356563 3 | 3636363666643764303639646464626435343131626134660a653830303464623936646532663036 4 | 37323639613134333665353962643135376662623864393965323039303965326463646537353761 5 | 6165373833336537620a396234373464666139383765346132383438613435373538653536616230 6 | 36613738643532393461356234333638636666613532656232393762326132336439346632633638 7 | 65346235373038356466393234343131626231333537383661386662653133343439396534333761 8 | 65663133303061623533613231383933653737373765666166616437633163393539623864333463 9 | 65303136346135666164323163633538396536343637386639303739653665363836636533643535 10 | 37363564626562616264346533386531663336613332333330326165613930343934376239313638 11 | 34393135336439613465386366363635323662616662346361333737356166653961626666663835 12 | 33343832653465383437663762326163303766323439613430323365393337346430663833313937 13 | 64353736626339663137393031376462623938353730313130626433313837633432663562373163 14 | 37666135333832376335613236626238633731303937333462313262306465646132346139633465 15 | 30613031626334316139333730623161383934613265316331663935303063383436313535636565 16 | 32353230326433613063643634613761396564386165313938303430303934343465363436343037 17 | 63386332336537633939393266346639353030376333383164643930396134373164636431393863 18 | 34373137623064363232366337323564643562386231373335383236333034633639303333363836 19 | 36386139616365653164303530626239643532383335646566626662343837333563653864626263 20 | 34316530373339616537313265376336356161656531383030646636373239353935323838306565 21 | 33376162333064366631613965356538326361393864663437366437356261376662643162316633 22 | 34653566643136643138386132336430623131303537323336636630356434376236343961323038 23 | 66383931306463393332646565383038393863666139303435623538383564396239303830643433 24 | 65396161626565646266343239646663353963393435313562376432366665353635623766343336 25 | 36613261313631616433353865626630623461393233343361333039666231383231613832386534 26 | 32336163333665343665643365386333633739313633643333313663373961616532613765636562 27 | 38303363623232356262316665613764646662383235373937626235663438313133373832336337 28 | 62343337653766356266616236313434396137373265643039663662666135366335373730663162 29 | 66333931613035636363643261393432393061336534343035616230343937343563376462316438 30 | 31333934636364376631663234356535643339653738633335643264356433383238396134353664 31 | 38323565316239366662323133303832356664653262623533616233306335663731303464333432 32 | 38346165623036613231343837653361306532306438323138316431663839623065316536326531 33 | 34376262663031633563396337373030326233623761303038613439333530636232396262336462 34 | 63373265323338643865336566353061643434626138663361356563306632343362373839653561 35 | 61373732626235356631666130373537656462663534643937366331356462633736303230346162 36 | 38376338373966306263643266393261643530376231643734366333363363633866383730346334 37 | 63393238653039663063643665383166643438643736373661343332356233346636366563333730 38 | 34383438636336393163323338303462336665326161323664313630326561333830646530643938 39 | 37653764363265323038633538613561626365663661316266306266353932383531626665383364 40 | 34613166333831336161386565626431663165613361376434643764626639313831353637323338 41 | 38333962646434303936343237633162663863316332623236386132646634396630613064336238 42 | 36333762363331626664663632353963386132633636363437383239616436386633376432383535 43 | 61353464376336336237363064666533363061303236616264326461636364323462633933643935 44 | 38613232373234313138323031366235663331333066396332643330663038656338336436303061 45 | 34613238303130353436313739306134643032326336363664323962343066356134373730656535 46 | 65656138383730666332666635623231653334346636383139633234383636346334623636373038 47 | 35323765323539323762633339353739353732643766613036353565656437643739326664333930 48 | 65643030633135333332326135613631333464643264396663303930343431353238393832396661 49 | 33663236353334376366666235373633623066303263653761333330663764643664383736373039 50 | 33626533643937336430633436656333636237313631326230383362363037643036396565646137 51 | 37643731623766303631306364643331393735643065313164616639343837633366613163653637 52 | 36323537303237343536663864616362363837353961336231313334343964613563366261653664 53 | 30663231346261366632653933663537663230366665623865393239653132643266663934613736 54 | 61363361343136313439336261613838356563656231633265373134653839353033353631306632 55 | 36313261656461356562393737303266633639386639666566633230633639653731373632613733 56 | 30383738353262656664343430323031316339626434656237336165396666633034326237353735 57 | 32326665353831623164656238363436343265653234633034343132633362326530313236633934 58 | 30366337396239393931326236656463323961623430383034653362343366646631383365326233 59 | 64366232613633363731373336326537373934323662373665623537343233666631656533346437 60 | 39386537613334346638356132303664663339303431646665373634376462303738396634633665 61 | 39643261313932383436333835356531393736323139666166373039643935663135363763653239 62 | 39363535386466643930643630316665366361313566333461303431656361333038656534326331 63 | 31306238363538663161393463333638343030353866623431633935616565376432623566626461 64 | 61336135316538316430653232366437353233303765613732343861353638663938353739346464 65 | 64323234316435333133376462396364666438346133356137633765313330643765383038616139 66 | 36366636633533656438613936613132363863313330323565393766316239333832633631333638 67 | 61386336663436303262383666366434343638333438396431356232383031323336356435306164 68 | 31613333313034356661316138386662383237636432353463666162666436316138306130333762 69 | 66336562316366393739666130306436663634656537323237333566373134373165653436666433 70 | 39353533653439363263303432393930333566376636316664653731393163626539626639633033 71 | 62363534333835383062653330376633326661363033346263353232346639313665386136346539 72 | 61366336653934363865613365383161616137333739373032666233383365656233383361333939 73 | 62343538363866633236316633376635396235306361343034646433333034663439636130633862 74 | 63623636393437323163393730363763323135666637373965346563326439626631613263633031 75 | 3063303837613565373961353531376463366365343061633330 76 | -------------------------------------------------------------------------------- /group_vars/staging/vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # file: group_vars/staging/vars.yml 3 | env: "staging" 4 | task_name: "staging environment configuration" 5 | app: "staging.dadosabertosdefeira.com.br" 6 | # specify a email for dokku-letsencrypt 7 | dokku_letsencrypt_email: "linux.rafa@gmail.com" 8 | # specify port so `domains` can setup the port mapping properly 9 | port: "5000" 10 | database_url: "{{ vault_database_url }}" 11 | cloudamqp_url: "{{ vault_cloudamqp_url }}" 12 | cloudamqp_apikey: "{{ vault_cloudamqp_apikey }}" 13 | city_council_webservice: "https://www.transparencia.feiradesantana.ba.leg.br/" 14 | django_allowed_hosts: ".dadosabertosdefeira.com.br" 15 | django_configuration: "Prod" 16 | django_secret_key: "{{ vault_django_secret_key }}" 17 | django_settings_module: "web.settings" 18 | enable_autothrottle_debug: "true" 19 | new_relic_log: "stdout" 20 | 21 | # NEWRELIC INFRA 22 | nrinfragent_integrations: 23 | - { name: nri-nginx, state: "latest" } 24 | - { name: nri-postgresql, state: "latest" } 25 | nrinfragent_config: 26 | license_key: "{{ vault_newrelic_key }}" 27 | log_file: /var/log/newrelic-infra/nr-infra.log 28 | log_to_stdout: false 29 | -------------------------------------------------------------------------------- /group_vars/staging/vault.yml: -------------------------------------------------------------------------------- 1 | $ANSIBLE_VAULT;1.1;AES256 2 | 38623866373638663963396665626536383334303835393865303431343939343065656362633339 3 | 3632613631343630653233623732643832663435383731620a356438653463353231343838633938 4 | 30343631393737616636303765373439643937306536623265303239346330373463616237386262 5 | 6232386665616136310a616434636139343864393939613161653038633438336235373562336235 6 | 38663334333739376563303961363263336634323964356439613730393563643637393931306662 7 | 36346434343037643735306262663264313539646461306634323338633932323536666332636432 8 | 39353263366232383266353164666538303134326136633439326537623466306132333837386566 9 | 62353534316531313164366233396464306531393139343363373063316238343834386530353938 10 | 33326464363664353534383239663265373539363230656165626362383138663632323431623336 11 | 31633938636139393734386163333062653137303830303031643034353834666537373633306463 12 | 64313439383438356538646535363562646539326633386231663536653135663131663130613733 13 | 63323561633130316164393161346265343936633336343536636365633865643765656633353134 14 | 34336334376264306632643238666232306534663032643732303939313432323563 15 | -------------------------------------------------------------------------------- /hosts.example: -------------------------------------------------------------------------------- 1 | [staging] 2 | web_staging ansible_host=nome_do_host_aqui ansible_port=porta_aqui 3 | 4 | [production] 5 | web_production ansible_host=nome_do_host_aqui ansible_port=porta_aqui 6 | -------------------------------------------------------------------------------- /molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | import_playbook: ../../playbook.yml 4 | -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | options: 5 | ignore-certs: True 6 | ignore-errors: True 7 | role-file: requirements.yml 8 | driver: 9 | name: docker 10 | platforms: 11 | - name: ubuntu-18.04 12 | image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1804}-ansible:latest" 13 | command: ${MOLECULE_DOCKER_COMMAND:-""} 14 | published_ports: 15 | - 80:80/tcp 16 | - 2222:22/tcp 17 | volumes: 18 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 19 | privileged: true 20 | pre_build_image: true 21 | groups: 22 | - molecule 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | prepare: prepare.yml 27 | converge: converge.yml 28 | config_options: 29 | defaults: 30 | vault_password_file: /tmp/vault_password_file 31 | verifier: 32 | name: testinfra 33 | env: 34 | PYTHONWARNINGS: "ignore:.*U.*mode is deprecated:DeprecationWarning" 35 | -------------------------------------------------------------------------------- /molecule/default/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | tasks: 4 | - name: Atualiza o cache 5 | ansible.builtin.apt: 6 | update_cache: yes 7 | cache_valid_time: 3600 8 | name: "{{ item }}" 9 | loop: 10 | - jq 11 | - gpg-agent 12 | when: ansible_os_family == 'Debian' 13 | 14 | - name: Cria pasta de configuração do docker 15 | ansible.builtin.file: 16 | dest: /etc/docker 17 | owner: root 18 | group: root 19 | mode: u=rw,g=r,o=r 20 | state: directory 21 | recurse: true 22 | - name: Cria arquivo de configuração do docker 23 | ansible.builtin.copy: 24 | dest: /etc/docker/daemon.json 25 | owner: root 26 | group: root 27 | mode: u=rw,g=r,o=r 28 | content: "{}" 29 | force: False 30 | - name: Configuração do docker 31 | ansible.builtin.shell: | 32 | if [ -z $(jq -r '."storage-driver" // ""' /etc/docker/daemon.json) ]; 33 | then 34 | cp /etc/docker/daemon.json /etc/docker/daemon.json.bkp 35 | jq -M '."storage-driver"="vfs"' /etc/docker/daemon.json.bkp > /etc/docker/daemon.json 36 | echo modificado 37 | fi 38 | register: resultado 39 | changed_when: 'resultado.stdout == "modificado"' 40 | -------------------------------------------------------------------------------- /molecule/default/tests/test_docker.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | import testinfra.utils.ansible_runner 4 | 5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 7 | 8 | 9 | def test_is_docker_installed(host): 10 | package_docker = host.package('docker-ce') 11 | 12 | assert package_docker.is_installed -------------------------------------------------------------------------------- /molecule/default/tests/test_dokku.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | import testinfra.utils.ansible_runner 4 | 5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 7 | 8 | 9 | def test_is_docker_installed(host): 10 | cmd = host.run("dokku apps:list") 11 | 12 | assert cmd.rc == 0 -------------------------------------------------------------------------------- /molecule/default/tests/test_http.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | import testinfra.utils.ansible_runner 4 | 5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 7 | 8 | 9 | def test_is_http_listening(host): 10 | socket_http = host.socket("tcp://0.0.0.0:80") 11 | 12 | assert socket_http.is_listening -------------------------------------------------------------------------------- /playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | become: yes 4 | pre_tasks: 5 | - name: Atualizando apt cache 6 | ansible.builtin.apt: 7 | update_cache: yes 8 | cache_valid_time: 600 9 | when: ansible_os_family == 'Debian' 10 | roles: 11 | - newrelic.newrelic-infra 12 | - dokku_bot.ansible_dokku 13 | - iac-role-basica 14 | - iac-role-services 15 | tasks: 16 | - name: copying log files config 17 | ansible.builtin.copy: 18 | src: config_files/logging.yml 19 | dest: /etc/newrelic-infra/logging.d 20 | mode: 0644 21 | - name: create app 22 | dokku_app: 23 | # change this name in your template! 24 | app: "{{ app }}" 25 | - name: environment configuration 26 | dokku_config: 27 | app: "{{ app }}" 28 | config: 29 | "{{ apps_config }}" 30 | when: apps_config is defined 31 | # ignore_errors: yes 32 | - name: environment configuration vault 33 | dokku_config: 34 | app: "{{ app }}" 35 | config: 36 | "{{ apps_config_vault }}" 37 | when: apps_config_vault is defined 38 | # ignore_errors: yes 39 | - name: Add dokku_service network to mariaquiteria 40 | ansible.builtin.command: "dokku network:set {{ app }} attach-post-create dokku_services" 41 | args: 42 | creates: "/tmp/network_dokku_services_mariaquiteria_{{ env }}" 43 | changed_when: "'molecule-idempotence-notest' not in ansible_skip_tags" 44 | - name: Configurar o crawl production diário 45 | ansible.builtin.cron: 46 | name: "Crawl diario" 47 | minute: "0" 48 | hour: "6" 49 | job: "dokku run {{ app }} python manage.py crawl" 50 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | ansible==5.3.0 2 | docker==4.4.4 3 | pytest-testinfra==6.1.0 4 | molecule==3.6.1 5 | molecule-docker==1.1.0 6 | ansible-lint==6.0.1 7 | yamllint==1.25.0 8 | ansible-core==2.12.2 -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Do galaxy 4 | - src: dokku_bot.ansible_dokku 5 | version: v2020.11.25 6 | 7 | # Do repositório github que tem a role básica 8 | - src: https://github.com/DadosAbertosDeFeira/iac-role-basica.git 9 | scm: git 10 | version: "0.1" 11 | 12 | # Do repositório github que tem a role service 13 | - src: https://github.com/DadosAbertosDeFeira/iac-role-services.git 14 | scm: git 15 | version: "0.2" 16 | 17 | # Do galaxy 18 | - src: newrelic.newrelic-infra 19 | version: "0.8.2" 20 | --------------------------------------------------------------------------------