diff options
39 files changed, 2246 insertions, 0 deletions
@@ -0,0 +1,81 @@ +# The Bike Project Visitor Log Playbook # +This repository contains the content needed to run the bike project visitor log. + +- Ansible is used to configure the host server +- The visitor logging software runs in a docker container +- The logs themselves are stored in text files in /var/tbp +- Reporting is available via tbpReport.sh + +# Ansible # +Ansible is a tool for configuring a server. The setup.yml and accompanying yml +files in the tasks/ directory tell ansible how to configure the server (create +users, copy files, run docker, etc) + +## Getting started +### Configuration +First, server specific variables must be set in the localhosts file: + +domainname: The domainname of the server (e.g. google.com) +letsencrypt_test: Typically false. Set to true when testing to avoid + LetsEncrypt ratelimiting. +tbp_server: URL to access the visitor log from. Should be subdomain.domainname + (e.g. tbp.google.com) +tbp_username: User that will own log files. The user will be created if it does + not exist. Container will run as this user. +tbp_uid: UID to use for the user. + +### Installing ansible +From this directory, run: + + $ pip install -r requirements.txt + +### Running ansible +Simply run this command: + + $ ansible-playbook -i localhosts setup.yml + +# The Vistor Log and Docker +The docker container is just a lighttpd image with cgi enabled and the bash +script that runs the logging webpage. I wrote it mainly for my enjoyment years +ago, so I can't make many promises on readability. It's probably good to keep +CGI stuff containerized. + +## File structure +The following files are created on the host filesystem and mounted in the tbp +container: + +- /var/tbp/firsttime.txt: Hashed list of first visits. Used to determine if a + visitor has used there "one free visit" +- /var/tbp/members.csv: The LittleGreenLight member list. CSV with the + following columns + +"LGL Constituent ID","External Constituent ID","First Name","Last Name","LGL +membership ID","Membership level","Membership status","Membership end" + +- /var/tbp/visits.csv: Record of visitors + +## Member Update +Ansible creates a cronjob in `tbp_username`'s crontab to update the member list every 6 hours. + +## Reporting +./docker/tbp/tbpReport.sh is a script that can generate a report. + +One week report + + $ tbpReport.sh -w /var/tbp/visits.csv + +One month report + + $ tbpReport.sh -m /var/tbp/visits.csv + +One year report + + $ tbpReport.sh -y /var/tbp/visits.csv + +The server can send this report via email: + + $ tbpReport.sh -w /var/tbp/visits.csv | mutt -s "Weekly TBP Visit Report" -- foo@gmail.com + +Scheduled reporting is not configured by ansible as email configurations will +vary. + diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..13f19ae --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = False +inventory = ./hosts +roles_path = ./roles diff --git a/docker/tbp/Dockerfile b/docker/tbp/Dockerfile new file mode 100644 index 0000000..5b47402 --- /dev/null +++ b/docker/tbp/Dockerfile @@ -0,0 +1,34 @@ +# Dockerfile for lighttpd + +FROM alpine + +ENV TZ=America/Chicago +COPY bashlib-current.tar.gz /root +RUN apk add --update --no-cache \ + bash \ + lighttpd \ + lighttpd-mod_auth \ + tzdata \ + && cd /root \ + && tar zxvf bashlib-current.tar.gz \ + && cd bashlib-0.4 \ + && ./configure \ + && cp bashlib /usr/local/bin \ + && rm -rf /root/* \ + && mkdir -p /var/www/localhost/cgi-bin \ + && rm -rf /var/cache/apk/* \ + && cp /usr/share/zoneinfo/America/Chicago /etc/localtime + +## workaround for bug preventing sync between VirtualBox and host +# http://serverfault.com/questions/240038/lighttpd-broken-when-serving-from-virtualbox-shared-folder +RUN echo server.network-backend = \"writev\" >> /etc/lighttpd/lighttpd.conf + +COPY etc/lighttpd/* /etc/lighttpd/ + +EXPOSE 80 + +COPY visitlog/visitlog.sh /var/www/localhost/cgi-bin/visitlog.cgi +COPY visitlog/style.css /var/www/localhost/htdocs/ +RUN chmod 555 /var/www/localhost/cgi-bin/visitlog.cgi + +CMD ["lighttpd", "-D", "-f", "/etc/lighttpd/lighttpd.conf"] diff --git a/docker/tbp/LICENSE b/docker/tbp/LICENSE new file mode 100644 index 0000000..11bac33 --- /dev/null +++ b/docker/tbp/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2015 Sébastien Pujadas + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/docker/tbp/README.md b/docker/tbp/README.md new file mode 100644 index 0000000..85dc4b1 --- /dev/null +++ b/docker/tbp/README.md @@ -0,0 +1,74 @@ +# lighttpd Docker image + +Security, speed, compliance, and flexibility -- all of these describe [lighttpd](http://www.lighttpd.net/) + +### Contents + + - Usage + - Start a container with Docker + - Start a container with Docker Compose + - Build + - Build with Docker + - Build with Docker Compose + - About + +## Usage + +In the instructions that follow, replace: + +- `<home-directory>` with the path of the local directory you want to serve content from. + +- `<config-directory>` with the path of the local directory containing lighttpd configuration files that you want to use instead of the default ones. + + To make it easier to create custom configuration files, the default configuration files are included in the `etc/lighttpd` directory of the Git repository. + +- `<http-port>` with the HTTP port you want the HTTP server to serve content to (e.g. `80` for the standard HTTP port if not already in use on the host). + +### Start a container with Docker + +With the default configuration files: + + $ sudo docker run --rm -t -v <home-directory>:/var/www/localhost/htdocs -p <http-port>:80 sebp/lighttpd + +With custom configuration files: + + $ sudo docker run --rm -t -v <home-directory>:/var/www/localhost/htdocs -v <config-directory>:/etc/lighttpd -p <http-port>:80 sebp/lighttpd + +### Start a container with Docker Compose + +Add the following lines in an existing or a new `docker-compose.yml` file: + + lighttpd: + image: sebp/lighttpd + volumes: + - <home-directory>:/var/www/localhost/htdocs + - <config-directory>:/etc/lighttpd + ports: + - "<http-port>:80" + +**Note** – The `- <config-directory>:…` line is optional, it can be used to override the default configuration files with your own. + +Then start a lighttpd container with: + + $ sudo docker-compose up lighttpd + + +## Build + +First clone or download the [spujadas/lighttpd-docker](https://github.com/spujadas/lighttpd-docker) GitHub repository, open a shell in the newly created `lighttpd-docker` directory, then build the image and run a container using Docker or Docker Compose, as explained below. + +### Build with Docker + +This command will build the image: + + $ sudo docker build . + +### Build with Docker Compose + +Build the image with this command: + + $ sudo docker-compose build + +## About + +Written by [Sébastien Pujadas](http://pujadas.net), released under the [MIT license](http://opensource.org/licenses/MIT). diff --git a/docker/tbp/bashlib-current.tar.gz b/docker/tbp/bashlib-current.tar.gz Binary files differnew file mode 100644 index 0000000..eec2e78 --- /dev/null +++ b/docker/tbp/bashlib-current.tar.gz diff --git a/docker/tbp/docker-compose.yml b/docker/tbp/docker-compose.yml new file mode 100644 index 0000000..8fc1a08 --- /dev/null +++ b/docker/tbp/docker-compose.yml @@ -0,0 +1,15 @@ +# Docker Compose YAML file for lighttpd + +# build with: +# $ sudo docker-compose build + +# start with: +# $ sudo docker-compose up + +# after start, enter shell with: +# $ sudo docker exec -it lighttpddocker_lighttpd_1 ash + +lighttpd: + build: . + ports: + - "8001:80" # for testing purposes, (un)comment as required diff --git a/docker/tbp/etc/lighttpd/lighttpd.conf b/docker/tbp/etc/lighttpd/lighttpd.conf new file mode 100644 index 0000000..cb0297d --- /dev/null +++ b/docker/tbp/etc/lighttpd/lighttpd.conf @@ -0,0 +1,329 @@ +############################################################################### +# Default lighttpd.conf for Gentoo. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/lighttpd.conf,v 1.3 2005/09/01 14:22:35 ka0ttic Exp $ +############################################################################### + +# {{{ variables +var.basedir = "/var/www/localhost" +var.logdir = "/var/log/lighttpd" +var.statedir = "/var/lib/lighttpd" +# }}} + +# {{{ modules +# At the very least, mod_access and mod_accesslog should be enabled. +# All other modules should only be loaded if necessary. +# NOTE: the order of modules is important. +server.modules = ( + "mod_rewrite", +# "mod_redirect", + "mod_alias", + "mod_access", +# "mod_cml", +# "mod_trigger_b4_dl", +# "mod_auth", +# "mod_status", +# "mod_setenv", +# "mod_proxy", +# "mod_simple_vhost", +# "mod_evhost", +# "mod_userdir", +# "mod_compress", +# "mod_ssi", +# "mod_usertrack", +# "mod_expire", +# "mod_secdownload", +# "mod_rrdtool", +# "mod_webdav", + "mod_accesslog" +) +# }}} + +# {{{ includes +include "mime-types.conf" +# uncomment for cgi support + include "mod_cgi.conf" +# uncomment for php/fastcgi support +# include "mod_fastcgi.conf" +# uncomment for php/fastcgi fpm support +# include "mod_fastcgi_fpm.conf" +# }}} + +# {{{ server settings +server.username = "lighttpd" +server.groupname = "lighttpd" + +server.document-root = var.basedir + "/htdocs" +server.pid-file = "/run/lighttpd.pid" + +server.errorlog = var.logdir + "/error.log" +# log errors to syslog instead +# server.errorlog-use-syslog = "enable" + +server.indexfiles = ("index.php", "index.html", + "index.htm", "default.htm") + +# server.tag = "lighttpd" + +server.follow-symlink = "enable" + +# event handler (defaults to "poll") +# see performance.txt +# +# for >= linux-2.4 +# server.event-handler = "linux-rtsig" +# for >= linux-2.6 +# server.event-handler = "linux-sysepoll" +# for FreeBSD +# server.event-handler = "freebsd-kqueue" + +# chroot to directory (defaults to no chroot) +# server.chroot = "/" + +# bind to port (defaults to 80) +# server.port = 81 + +# bind to name (defaults to all interfaces) +# server.bind = "grisu.home.kneschke.de" + +# error-handler for status 404 +# server.error-handler-404 = "/error-handler.html" +# server.error-handler-404 = "/error-handler.php" + +# Format: <errorfile-prefix><status-code>.html +# -> ..../status-404.html for 'File not found' +# server.errorfile-prefix = var.basedir + "/error/status-" + +# FAM support for caching stat() calls +# requires that lighttpd be built with USE=fam +# server.stat-cache-engine = "fam" +# }}} + +# {{{ mod_staticfile + +# which extensions should not be handled via static-file transfer +# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc). +static-file.exclude-extensions = (".cgi") +# }}} + +# {{{ mod_accesslog +accesslog.filename = var.logdir + "/access.log" +# }}} + +# {{{ mod_dirlisting +# enable directory listings +# dir-listing.activate = "enable" +# +# don't list hidden files/directories +# dir-listing.hide-dotfiles = "enable" +# +# use a different css for directory listings +# dir-listing.external-css = "/path/to/dir-listing.css" +# +# list of regular expressions. files that match any of the +# specified regular expressions will be excluded from directory +# listings. +# dir-listing.exclude = ("^\.", "~$") +# }}} + +# {{{ mod_access +# see access.txt + +url.access-deny = ("~", ".inc") +# }}} + +# {{{ mod_userdir +# see userdir.txt +# +# userdir.path = "public_html" +# userdir.exclude-user = ("root") +# }}} + +# {{{ mod_ssi +# see ssi.txt +# +# ssi.extension = (".shtml") +# }}} + +# {{{ mod_ssl +# see ssl.txt +# +# ssl.engine = "enable" +# ssl.pemfile = "server.pem" +# }}} + +# {{{ mod_status +# see status.txt +# +# status.status-url = "/server-status" +# status.config-url = "/server-config" +# }}} + +# {{{ mod_simple_vhost +# see simple-vhost.txt +# +# If you want name-based virtual hosting add the next three settings and load +# mod_simple_vhost +# +# document-root = +# virtual-server-root + virtual-server-default-host + virtual-server-docroot +# or +# virtual-server-root + http-host + virtual-server-docroot +# +# simple-vhost.server-root = "/home/weigon/wwwroot/servers/" +# simple-vhost.default-host = "grisu.home.kneschke.de" +# simple-vhost.document-root = "/pages/" +# }}} + +# {{{ mod_compress +# see compress.txt +# +# compress.cache-dir = var.statedir + "/cache/compress" +# compress.filetype = ("text/plain", "text/html") +# }}} + +# {{{ mod_proxy +# see proxy.txt +# +# proxy.server = ( ".php" => +# ( "localhost" => +# ( +# "host" => "192.168.0.101", +# "port" => 80 +# ) +# ) +# ) +# }}} + +# {{{ mod_auth +# see authentication.txt +# +# auth.backend = "plain" +# auth.backend.plain.userfile = "lighttpd.user" +# auth.backend.plain.groupfile = "lighttpd.group" + +# auth.backend.ldap.hostname = "localhost" +# auth.backend.ldap.base-dn = "dc=my-domain,dc=com" +# auth.backend.ldap.filter = "(uid=$)" + +# auth.require = ( "/server-status" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "user=jan" +# ), +# "/server-info" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "valid-user" +# ) +# ) +# }}} + +# {{{ mod_rewrite +# see rewrite.txt +# +# url.rewrite = ( +# "^/$" => "/server-status" +# ) +# }}} + +# {{{ mod_redirect +# see redirect.txt +# +# url.redirect = ( +# "^/wishlist/(.+)" => "http://www.123.org/$1" +# ) +# }}} + +# {{{ mod_evhost +# define a pattern for the host url finding +# %% => % sign +# %0 => domain name + tld +# %1 => tld +# %2 => domain name without tld +# %3 => subdomain 1 name +# %4 => subdomain 2 name +# +# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" +# }}} + +# {{{ mod_expire +# expire.url = ( +# "/buggy/" => "access 2 hours", +# "/asdhas/" => "access plus 1 seconds 2 minutes" +# ) +# }}} + +# {{{ mod_rrdtool +# see rrdtool.txt +# +# rrdtool.binary = "/usr/bin/rrdtool" +# rrdtool.db-name = var.statedir + "/lighttpd.rrd" +# }}} + +# {{{ mod_setenv +# see setenv.txt +# +# setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) +# setenv.add-response-header = ( "X-Secret-Message" => "42" ) +# }}} + +# {{{ mod_trigger_b4_dl +# see trigger_b4_dl.txt +# +# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" +# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) +# trigger-before-download.trigger-url = "^/trigger/" +# trigger-before-download.download-url = "^/download/" +# trigger-before-download.deny-url = "http://127.0.0.1/index.html" +# trigger-before-download.trigger-timeout = 10 +# }}} + +# {{{ mod_cml +# see cml.txt +# +# don't forget to add index.cml to server.indexfiles +# cml.extension = ".cml" +# cml.memcache-hosts = ( "127.0.0.1:11211" ) +# }}} + +# {{{ mod_webdav +# see webdav.txt +# +# $HTTP["url"] =~ "^/dav($|/)" { +# webdav.activate = "enable" +# webdav.is-readonly = "enable" +# } +# }}} + +# {{{ extra rules +# +# set Content-Encoding and reset Content-Type for browsers that +# support decompressing on-thy-fly (requires mod_setenv) +# $HTTP["url"] =~ "\.gz$" { +# setenv.add-response-header = ("Content-Encoding" => "x-gzip") +# mimetype.assign = (".gz" => "text/plain") +# } + +# $HTTP["url"] =~ "\.bz2$" { +# setenv.add-response-header = ("Content-Encoding" => "x-bzip2") +# mimetype.assign = (".bz2" => "text/plain") +# } +# +# }}} +# +url.rewrite-once = ( + "^/style.css" => "", # get style.css from htdocs + "^/(.*)$" => "/cgi-bin/visitlog.cgi/$1" # forward others to cgi +) + +# {{{ debug +# debug.log-request-header = "enable" +# debug.log-response-header = "enable" +# debug.log-request-handling = "enable" +# debug.log-file-not-found = "enable" +# }}} + +# vim: set ft=conf foldmethod=marker et : +server.network-backend = "writev" diff --git a/docker/tbp/etc/lighttpd/mime-types.conf b/docker/tbp/etc/lighttpd/mime-types.conf new file mode 100644 index 0000000..f24d4d8 --- /dev/null +++ b/docker/tbp/etc/lighttpd/mime-types.conf @@ -0,0 +1,79 @@ +############################################################################### +# Default mime-types.conf for Gentoo. +# include'd from lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mime-types.conf,v 1.4 2010/03/14 21:45:18 bangert Exp $ +############################################################################### + +# {{{ mime types +mimetype.assign = ( + ".svg" => "image/svg+xml", + ".svgz" => "image/svg+xml", + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".dmg" => "application/x-apple-diskimage", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".h" => "text/plain", + ".cc" => "text/plain", + ".cpp" => "text/plain", + ".hh" => "text/plain", + ".hpp" => "text/plain", + ".conf" => "text/plain", + ".log" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".diff" => "text/plain", + ".patch" => "text/plain", + ".ebuild" => "text/plain", + ".eclass" => "text/plain", + ".rtf" => "application/rtf", + ".bmp" => "image/bmp", + ".tif" => "image/tiff", + ".tiff" => "image/tiff", + ".ico" => "image/x-icon", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar" + ) +# }}} + +# vim: set ft=conf foldmethod=marker et : diff --git a/docker/tbp/etc/lighttpd/mod_cgi.conf b/docker/tbp/etc/lighttpd/mod_cgi.conf new file mode 100644 index 0000000..f56415f --- /dev/null +++ b/docker/tbp/etc/lighttpd/mod_cgi.conf @@ -0,0 +1,32 @@ +############################################################################### +# mod_cgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_cgi.conf,v 1.1 2005/08/27 12:36:13 ka0ttic Exp $ +############################################################################### + +# +# see cgi.txt for more information on using mod_cgi +# + +server.modules += ("mod_cgi") + +# NOTE: this requires mod_alias +alias.url = ( + "/cgi-bin/" => var.basedir + "/cgi-bin/" +) + +# +# Note that you'll also want to enable the +# cgi-bin alias via mod_alias (above). +# + +$HTTP["url"] =~ "^/cgi-bin/" { + # disable directory listings + dir-listing.activate = "disable" + # only allow cgi's in this directory + cgi.assign = ( + ".cgi" => "/bin/bash" + ) +} + +# vim: set ft=conf foldmethod=marker et : diff --git a/docker/tbp/etc/lighttpd/mod_fastcgi.conf b/docker/tbp/etc/lighttpd/mod_fastcgi.conf new file mode 100644 index 0000000..549b84c --- /dev/null +++ b/docker/tbp/etc/lighttpd/mod_fastcgi.conf @@ -0,0 +1,17 @@ +############################################################################### +# mod_fastcgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2,v 1.1 2007/04/01 23:22:00 robbat2 Exp $ +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/docker/tbp/etc/lighttpd/mod_fastcgi_fpm.conf b/docker/tbp/etc/lighttpd/mod_fastcgi_fpm.conf new file mode 100644 index 0000000..926137a --- /dev/null +++ b/docker/tbp/etc/lighttpd/mod_fastcgi_fpm.conf @@ -0,0 +1,16 @@ +############################################################################### +# mod_fastcgi_fpm.conf +# include'd by lighttpd.conf. +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "host" => "127.0.0.1", + "port" => "9000" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/docker/tbp/tbpReport.sh b/docker/tbp/tbpReport.sh new file mode 100755 index 0000000..bb7bc44 --- /dev/null +++ b/docker/tbp/tbpReport.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# tbpReport.sh +# 2020/12/08 +# Write a report for the last week, month, or year. +USAGE="Usage: $0 [-w] [-m] [-y] visitFile" + +if [ "$#" == "0" ]; then + echo $USAGE + exit 1 +fi + +# Get start time from arguments +startTime=0 +while [ $# -gt 1 ]; do + case $1 in + -w) + startTime=`date --date="1 week ago" +%s` + ;; + -m) + startTime=`date --date="1 month ago" +%s` + ;; + -y) + startTime=`date --date="1 year ago" +%s` + ;; + *) + echo $USAGE + exit 1 + ;; + esac + shift +done + +# Test if visits file exists +if [ ! -f $1 ]; then + echo "File $1 does not exist." + echo $USAGE + exit 1 +fi +visitFile=$1 + +# Process the visits file +echo Shop report for `date +%D` +echo Shop access since `date --date=@$startTime +%D` +awk -F, -v t=$startTime '($1>t) { + dow=strftime("%w", $1); + counter[dow,$6]+=1; + counter[$6]+=1; + counter[$4]+=1; + counter[$5]+=1; + numVisitors+=1; +} +END { + printf("%-10s\tDowntown\tCampus\n", ""); + printf("%-10s\t%3d\t\t%3d\n", "Sunday", counter[0, "downtown"], counter[0,"campus"]); + printf("%-10s\t%3d\t\t%3d\n", "Monday", counter[1, "downtown"], counter[1,"campus"]); + printf("%-10s\t%3d\t\t%3d\n", "Tuesday", counter[2, "downtown"], counter[2,"campus"]); + printf("%-10s\t%3d\t\t%3d\n", "Wednesday", counter[3, "downtown"], counter[3,"campus"]); + printf("%-10s\t%3d\t\t%3d\n", "Thursday", counter[4, "downtown"], counter[4,"campus"]); + printf("%-10s\t%3d\t\t%3d\n", "Friday", counter[5, "downtown"], counter[5,"campus"]); + printf("%-10s\t%3d\t\t%3d\n", "Saturday", counter[6, "downtown"], counter[6,"campus"]); + printf("-------------------------------------\n") + printf("%-10s\t%3d\t\t%3d\n", "TOTAL", counter["downtown"], counter["campus"]); + printf("\n") + printf("Total volunteer visits: %d\n", counter["volunteer"]); + printf("Total first visits: %d (%0.1f%%)\n", counter["First Visit"], + 100*counter["First Visit"]/numVisitors); +}' $visitFile diff --git a/docker/tbp/visitlog/Makefile b/docker/tbp/visitlog/Makefile new file mode 100644 index 0000000..cca34cd --- /dev/null +++ b/docker/tbp/visitlog/Makefile @@ -0,0 +1,30 @@ +INSTALLDIR = /usr/lib/cgi-bin +CSSDIR = /home/marty/public_html +LOGDIR = /var/www/visitlog +FIRSTTIME = firsttime.txt +PAGE = visitlog.sh +VISITS = visits.csv +MEMBERS = members.csv +WWWUSER = www-data +WWWGROUP = www-data + +.PHONY install: +install: + touch $(LOGDIR)/$(VISITS) + touch $(LOGDIR)/$(FIRSTTIME) + cp $(MEMBERS) $(LOGDIR) + cp $(PAGE) $(INSTALLDIR) + cp style.css $(CSSDIR) + chmod 400 $(CSSDIR)/style.css + chmod 400 $(LOGDIR)/$(MEMBERS) + chmod 600 $(LOGDIR)/$(VISITS) + chmod 600 $(LOGDIR)/$(FIRSTTIME) + chmod 500 $(INSTALLDIR)/$(PAGE) + chown $(WWWUSER).$(WWWGROUP) $(LOGDIR)/$(MEMBERS) + chown $(WWWUSER).$(WWWGROUP) $(LOGDIR)/$(VISITS) + chown $(WWWUSER).$(WWWGROUP) $(LOGDIR)/$(FIRSTTIME) + chown $(WWWUSER).$(WWWGROUP) $(INSTALLDIR)/$(PAGE) + chown $(WWWUSER).$(WWWGROUP) $(CSSDIR)/style.css + +.PHONY clean: +clean: diff --git a/docker/tbp/visitlog/style.css b/docker/tbp/visitlog/style.css new file mode 100644 index 0000000..57c7e97 --- /dev/null +++ b/docker/tbp/visitlog/style.css @@ -0,0 +1,10 @@ + +h1 { + text-transform: capitalize; +} + +h2,h3,tr { + text-transform: capitalize; +} + + diff --git a/docker/tbp/visitlog/visitlog.sh b/docker/tbp/visitlog/visitlog.sh new file mode 100644 index 0000000..b169ee5 --- /dev/null +++ b/docker/tbp/visitlog/visitlog.sh @@ -0,0 +1,191 @@ +#!/usr/bin/env bash +# visitlog.sh +# Martin Miller +# Created: 2017/09/04 +# A CGI script for the bike project visitors log +. /usr/local/bin/bashlib +memberFile=/var/www/visitlog/members.csv +visitorLog=/var/www/visitlog/visits.csv +firstVisitLog=/var/www/visitlog/firsttime.txt + +# Determine if we know the location +location=`cookie location` +locationp=`param location` +if [ -z ${location} ] +then + if [ -z ${locationp} ] + then + # Ask for location + /bin/echo "Content-Type: text/html; charset=utf-8" + /bin/echo "" +/bin/cat <<EOF +<body> +<h1>Please select your location</h1> +<form method="post" autocomplete="off"> +Downtown<input type="radio" name="location" value="downtown" checked> +Campus<input type="radio" name="location" value="campus" ><br /> +<input type="submit" value="Submit"> +</form> +EOF +exit + else + /bin/echo "Set-Cookie: location=${locationp}" + location=${locationp} + fi +fi +/bin/echo "Content-Type: text/html; charset=utf-8" +/bin/echo "" + +d0=$(/bin/date +%Y-%m-%d) +datestring=$(/bin/date +"%B %d, %Y") +t0=$(/bin/date --date="$d0" +%s) +/bin/cat <<EOF +<html> +<head> +<link rel="stylesheet" type="text/css" href="style.css" /> +<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> +</head> +<body> +<div class="container-fluid"> +<div class="col-xs-12 col-sm-6"> +<h1>The Bike Project Visitor Log</h1> +</div> +<div class="col-xs-12 col-sm-6"> +<h3><span class="glyphicon glyphicon-map-marker" aria-hidden="true"></span> ${location} Shop</h3> +<h3><span class="glyphicon glyphicon-calendar" aria-hidden="true"></span> ${datestring}</h3> +</div> +<div class="clearfix"></div> +EOF +# Check for sign in +cardno=`param cardno` +visittype=`param visittype` +if [ ${#cardno} -ge 4 ] +then + # check if cardno is valid member + awk -F, -v cn=$cardno -v vl=$visitorLog -v loc=$location -v vt=$visittype ' + BEGIN { + intid=0; + found=0; + valid=0; + goodtil=0; + now=systime(); + first=""; + lastI="" + } + # The second field of the member file stores the external constituent ID + # surrounded by double quotes. + ($2=="\""cn"\"") { + # The eighth field stores the membership expiration in YYYY-MM-DD, + # convert to YYYY MM DD + found=1 + gsub("\"","",$1) + intid=$1 + gsub("\"","",$3) + first=$3 + gsub("\"","",$4) + lastI=substr($4,1,3) + gsub("\"","",$8) + goodtil=$8; + gsub("-"," ",$8) + exptime=mktime($8" 23 59 59") + if (exptime>now) { + valid=1 + } + } + END { + if (found==0) { + exit 1 + } + if (valid==1) { + gsub("\"","",$1); + printf("<div class=\"alert alert-success\">Hello %s %s! Your membership is valid until %s.</div>", first, lastI, goodtil); + printf("%d,%s,%s,%s,%s,%s\n",now,cn,intid,first" "lastI".",vt,loc) >> vl + exit 0 + } else { + printf("<div class=\"alert alert-danger\">Hello %s %s. your membership expired on %s. Please see a staff member to renew.</div>", first, lastI, goodtil); + exit 2 + } + }' $memberFile +fi + +if [ $? -eq 1 ] # User not found in member database +then + hashed=$(echo $cardno | sha256sum | cut -d' ' -f1) + grep "${hashed}" $firstVisitLog > /dev/null + if [ $? -eq 0 ] + then +/bin/cat <<EOF +<div class="alert alert-danger">You have used your one free visit. If you would like to +use the shop, please contact a staff member to become a member</div> +EOF + else +/bin/cat <<EOF +<div class="alert alert-warning">Welcome to The Bike Project. Please enjoy your free trial +visit.</div> +EOF + echo ${hashed} >> $firstVisitLog + now=$(date +"%s") + echo ${now},-1,-1,First Visit,visitor,$location >> $visitorLog + fi +fi + +if [ -z $cardno ] && [ $visittype = "volunteer" ] +then +/bin/cat <<EOF +<div class="alert alert-warning">I didn't quite catch that. Could you scan your +card again? In the future, you can avoid this message by clicking the text box +after you click "Volunteering".</div> +EOF +fi + +# Display visitors and form +/bin/cat <<EOF +<div class="row"> +<div class="col-xs-12 col-sm-4"> +<div class="panel panel-default"> +<div class="panel-heading">Sign in</div> +<div class="panel-body"> +<form method="post" autocomplete="off"> +<div class="form-group"> +<p class="col-xs-3">I am</p> +EOF +if [ -z $cardno ] && [ $visittype = "volunteer" ] +then +/bin/cat <<EOF +<input type="radio" name="visittype" value="visitor" >Visiting<br> +<input type="radio" name="visittype" value="volunteer" checked>Volunteering +EOF +else +/bin/cat <<EOF +<input type="radio" name="visittype" value="visitor" checked>Visiting<br> +<input type="radio" name="visittype" value="volunteer" >Volunteering +EOF +fi +/bin/cat <<EOF +<input type="text" class="form-control" name="cardno" autofocus=autofocus> +</div> +<button type="submit" class="btn btn-primary">Submit</button> +</form> +</div> +</div> +</div> +<div class="col-xs-12 col-sm-8"> +<table class="table table-striped"> +<tr> +<th>Time</th> +<th>Name</th> +<th>Visit Type</th> +</tr> +EOF +/usr/bin/tac $visitorLog | /usr/bin/awk -F, -v to=$t0 -v loc=$location '($1>to && $6==loc) { + printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>\n", strftime("%r", $1), + $4,$5) +}' + +/bin/cat <<EOF +</table> +</div> +</body> +</html> +EOF + diff --git a/localhosts b/localhosts new file mode 100644 index 0000000..7eedb4c --- /dev/null +++ b/localhosts @@ -0,0 +1,10 @@ +[local] +localhost + +[local:vars] +ansible_connection=local +domainname=witsquash.com +letsencrypt_test=false +tbp_server=tbp.witsquash.com +tbp_username=tbp +tbp_uid=2001 diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..575298a --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +ansible==2.6.4 diff --git a/roles/docker.ubuntu/.editorconfig b/roles/docker.ubuntu/.editorconfig new file mode 100644 index 0000000..3fee862 --- /dev/null +++ b/roles/docker.ubuntu/.editorconfig @@ -0,0 +1,8 @@ +root = true + +# default configuration +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 diff --git a/roles/docker.ubuntu/.gitignore b/roles/docker.ubuntu/.gitignore new file mode 100644 index 0000000..817dda8 --- /dev/null +++ b/roles/docker.ubuntu/.gitignore @@ -0,0 +1,4 @@ +.vagrant/ +*.log +env/ +venv/ diff --git a/roles/docker.ubuntu/.travis.yml b/roles/docker.ubuntu/.travis.yml new file mode 100644 index 0000000..d3fff98 --- /dev/null +++ b/roles/docker.ubuntu/.travis.yml @@ -0,0 +1,19 @@ +--- +language: python +python: "2.7" +env: + - ANSIBLE_VERSION='ansible<2' + - ANSIBLE_VERSION='ansible>2' + +before_install: + - sudo apt-get update -qq + #- sudo apt-get install -qq python-apt python-pycurl +install: + # Install Ansible. + - sudo pip install $ANSIBLE_VERSION +script: + - ansible --version + - export ANSIBLE_ROLES_PATH="../" +# - echo localhost > inventory + - ansible-playbook -i hosts --syntax-check docker.yml + - ansible-playbook -i hosts --connection=local --sudo -vvvv docker.yml diff --git a/roles/docker.ubuntu/CODE_OF_CONDUCT.md b/roles/docker.ubuntu/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..58a4f06 --- /dev/null +++ b/roles/docker.ubuntu/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at pauldurivage@gmail.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/docker.ubuntu/CONTRIBUTING.md b/roles/docker.ubuntu/CONTRIBUTING.md new file mode 100644 index 0000000..b289de8 --- /dev/null +++ b/roles/docker.ubuntu/CONTRIBUTING.md @@ -0,0 +1,14 @@ +# Contributing + +I'm very welcoming of PRs, and I'm happy to have anyone open a PR, but it _always_ helps to have a discussion before you open something. + +When you discover an issue or believe the this needs to move in a different direction, open an issue and we can discuss. I don't always respond immediately - but my primary goal is to facilitate PRs to make sure the project is useful. I'll respond, we'll talk about whether it benefits the group, and I'll handle PRs as necessary. + +Quick things to remember: + +* I love PRs and I'm happy to merge +* Major changes to the role interface are going to be a problem - we should discuss +* Not breaking existing envs is highest consideration; backwards compatibility is next +* Breaking changes upstream are an ongoing problem, so let's minimize them +* Modification of existing installs should require explicit permission +* Use idempotent operations diff --git a/roles/docker.ubuntu/LICENSE b/roles/docker.ubuntu/LICENSE new file mode 100644 index 0000000..e06d208 --- /dev/null +++ b/roles/docker.ubuntu/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/roles/docker.ubuntu/README.md b/roles/docker.ubuntu/README.md new file mode 100644 index 0000000..0c7de61 --- /dev/null +++ b/roles/docker.ubuntu/README.md @@ -0,0 +1,69 @@ +docker_ubuntu +======== + +Installs Docker on: + +* Ubuntu 14.04+ +* Debian Jessie (8.5+) and Stretch + +This role attempts to make every reasonable effort to follow Docker's official installation instructions for Ubuntu and Debian. + +**Example Play**: + +Very basic install utilizing the role defaults: + +``` +--- +- name: Run docker.ubuntu + hosts: docker + roles: + - angstwad.docker_ubuntu +``` + +Overriding the default configration is done by overriding the role's default variables: + +``` +- name: Install Docker + hosts: all + roles: + - role: angstwad.docker_ubuntu + ssh_port: 2222 + kernel_pkg_state: present +``` + + +Requirements +------------ + +Requires python-pycurl for apt modules. + +Role Variables +-------------- + +Please see [defaults/main.yml](https://github.com/angstwad/docker.ubuntu/blob/master/defaults/main.yml) for a comprehensive list of variables that can be overridden. + +Dependencies +------------ + +None. + +Testing +------- + +To test the role in a Vagrant environment just run `vagrant up`. This will +create some VMs: + +* Ubuntu 12.04 +* Ubuntu 14.04 +* Ubuntu 16.04 +* Debian Jessie 8.5 +* Debian Stretch 9.0 + +and it will provision them by applying this role with Ansible. + +Requires `ansible-playbook` to be in the path. + +License +------- + +Apache v2.0 diff --git a/roles/docker.ubuntu/Vagrantfile b/roles/docker.ubuntu/Vagrantfile new file mode 100644 index 0000000..7350ac1 --- /dev/null +++ b/roles/docker.ubuntu/Vagrantfile @@ -0,0 +1,74 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby ts=2 sw=2 tw=0 et : + +role = File.basename(File.expand_path(File.dirname(__FILE__))) + +ENV['ANSIBLE_ROLES_PATH'] = "../" + +boxes = [ + { + :name => "ubuntu-1404", + :box => "ubuntu/trusty64", + :ip => '10.0.77.12', + :cpu => "20", + :ram => "256" + }, + { + :name => "ubuntu-1604", + :box => "ubuntu/xenial64", + :ip => '10.0.77.13', + :cpu => "20", + :ram => "512" + }, + { + :name => "debian-jessie", + :box => "debian/jessie64", + :ip => '10.0.77.14', + :cpu => "20", + :ram => "256" + }, + { + :name => "debian-stretch", + :box => "debian/stretch64", + :ip => '10.0.77.16', + :cpu => "20", + :ram => "256" + }, + { + :name => "ubuntu-1604-python3", + :box => "ubuntu/xenial64", + :ip => '10.0.77.15', + :cpu => "20", + :ram => "512" + }, +] + +Vagrant.configure("2") do |config| + boxes.each do |box| + config.vm.define box[:name] do |vms| + vms.vm.box = box[:box] + vms.vm.box_url = box[:url] + + vms.vm.provider "virtualbox" do |v| + v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]] + v.customize ["modifyvm", :id, "--memory", box[:ram]] + end + + vms.vm.network :private_network, ip: box[:ip] + + vms.vm.provision :ansible do |ansible| + ansible.playbook = "tests/vagrant.yml" + ansible.verbose = "vv" + ansible.host_vars = { + "ubuntu-1604-python3" => { + "ansible_python_interpreter" => "/usr/bin/python3", + # "ansible_user" => "ubuntu" + } + } + ansible.raw_arguments = [ + "--diff", + ] + end + end + end +end diff --git a/roles/docker.ubuntu/defaults/main.yml b/roles/docker.ubuntu/defaults/main.yml new file mode 100644 index 0000000..1b338d0 --- /dev/null +++ b/roles/docker.ubuntu/defaults/main.yml @@ -0,0 +1,94 @@ +--- +# uninstall previous versions of docker, but not by default +# https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#uninstall-old-versions +uninstall_previous_docker_versions: false + +# assume that the desired version is community edition +docker_edition: ce + +# docker-ce is the default package name +docker_pkg_name: "{{ 'docker-ee' if docker_edition == 'ee' else 'docker-ce' }}" +docker_apt_cache_valid_time: 600 +docker_aufs_enabled: true + +# docker dns path for docker.io package ( changed at ubuntu 14.04 from docker to docker.io ) +docker_defaults_file_path: /etc/default/docker + +# The package name required for dirmngr (required key installation to work on some deb systems) +apt_dirmngr_pkg: dirmngr + +# Important if running Ubuntu 12.04-13.10 and ssh on a non-standard port +ssh_port: 22 +# Place to get apt repository key +apt_key_url: "hkp://ha.pool.sks-keyservers.net" +# apt repository key signature +apt_key_sig: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 +# apt keyring file +keyring: "/etc/apt/trusted.gpg.d/docker.gpg" +# Name of the apt repository for Docker CE or EE +apt_repository: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release|lower }} stable" + +# daemon_json allows you to configure the daemon with the daemon.json file. +# https://docs.docker.com/engine/reference/commandline/dockerd/#on-linux +#daemon_json: +# hosts: +# - "fd://" +# - "tcp://0.0.0.0:2376" +# log-level: debug +# log-driver: json-file +# log-opts: +# max-file: "3" +# max-size: "10m" +daemon_json: + +# List of users to be added to 'docker' system group (disabled by default) +# SECURITY WARNING: +# Be aware that granted users can easily get full root access on the docker host system! +docker_group_members: [] + +# configurable proxies: a reasonable default is to re-use the proxy from ansible_env: +# docker_http_proxy: "{{ ansible_env.http_proxy|default('') }}" +# Notes: +# if docker_http_proxy=="" the role sets HTTP_PROXY="" (useful to 'empty' existing ENV var) +# if docker_http_proxy is undefined the role will not set/modify any ENV vars +docker_http_proxy: +docker_https_proxy: +docker_no_proxy: + +# Flags for whether to install pip packages +pip_install_pip: true +pip_install_setuptools: true +# pip_install_docker is ignored if pip_install_docker_compose is true as docker-compose as a dependency over docker. +# See var/main.yml for more information. +pip_install_docker: true +pip_install_docker_compose: true + +# Versions for the python packages that are installed +pip_version_pip: latest +pip_version_setuptools: latest +# pip_version_docker is ignored if pip_install_docker_compose is true as docker-compose as a dependency over docker. +# See var/main.yml for more information. +pip_version_docker: latest +pip_version_docker_compose: latest + +# If this variable is set to true kernel updates and host restarts are permitted. +# Warning: Use with caution in production environments. +kernel_update_and_reboot_permitted: no + +# Set to 'yes' or 'true' to enable updates (sets 'latest' in apt module) +update_docker_package: no + +# Change these to 'present' if you're running Ubuntu 12.04-13.10 and are fine with less-than-latest packages +kernel_pkg_state: latest +cgroup_lite_pkg_state: latest +dmsetup_pkg_state: latest +# Force an install of the kernel extras, in case you're suffering from some issue related to the +# static binary provided by upstream Docker. For example, see this GitHub Issue in Docker: +# https://github.com/docker/docker/issues/12750 +# Warning: Installing kernel extras is potentially interruptive/destructive and will install backported +# kernel if running 12.04. +install_kernel_extras: false +# Install Xorg packages for backported kernels. This is usually unnecessary except for environments +# where an X/Unit desktop is actively being used. If you're not using an X/Unity on 12.04, you +# won't need to enable this. +install_xorg_pkgs: false diff --git a/roles/docker.ubuntu/docker.yml b/roles/docker.ubuntu/docker.yml new file mode 100644 index 0000000..6f030d4 --- /dev/null +++ b/roles/docker.ubuntu/docker.yml @@ -0,0 +1,9 @@ +--- +- hosts: all + become: yes + roles: + - { role: ./, + docker_opts: "-H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock --dns 8.8.8.8 --dns 8.8.4.4" + } + +#- include: integration-tests.yml diff --git a/roles/docker.ubuntu/handlers/main.yml b/roles/docker.ubuntu/handlers/main.yml new file mode 100644 index 0000000..5c45210 --- /dev/null +++ b/roles/docker.ubuntu/handlers/main.yml @@ -0,0 +1,13 @@ +--- +# handlers file for docker.ubuntu +- name: Start Docker + service: name=docker state=started + +- name: Reload systemd + command: systemctl daemon-reload + +- name: Restart docker + service: name=docker state=restarted + +- name: Restart dockerio + service: name=docker.io state=restarted diff --git a/roles/docker.ubuntu/hosts b/roles/docker.ubuntu/hosts new file mode 100644 index 0000000..8bb7ba6 --- /dev/null +++ b/roles/docker.ubuntu/hosts @@ -0,0 +1,2 @@ +[local] +localhost diff --git a/roles/docker.ubuntu/meta/main.yml b/roles/docker.ubuntu/meta/main.yml new file mode 100644 index 0000000..9079b05 --- /dev/null +++ b/roles/docker.ubuntu/meta/main.yml @@ -0,0 +1,25 @@ +--- +galaxy_info: + author: Paul Durivage + description: A comprehensive and (ideally) sane way to install Docker on Ubuntu 14.04+ + license: Apache v2.0 + min_ansible_version: 2.2 + platforms: + - name: Debian + versions: + - jessie + - stretch + - name: Ubuntu + versions: + - trusty + - xenial + - zesty + categories: + - development + - packaging + - system +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. diff --git a/roles/docker.ubuntu/tasks/kernel_check_and_update.yml b/roles/docker.ubuntu/tasks/kernel_check_and_update.yml new file mode 100644 index 0000000..cdf3460 --- /dev/null +++ b/roles/docker.ubuntu/tasks/kernel_check_and_update.yml @@ -0,0 +1,65 @@ +- name: Install backported trusty kernel onto 12.04 + apt: + pkg: "{{ item }}" + state: "{{ kernel_pkg_state }}" + update_cache: yes + cache_valid_time: 600 + with_items: + - linux-image-generic-lts-trusty + - linux-headers-generic-lts-trusty + register: kernel_result + when: "ansible_distribution_version|version_compare('12.04', '=')" + +- name: Install Xorg packages for backported kernels (very optional) + apt: + pkg: "{{ item }}" + state: installed + update_cache: yes + cache_valid_time: 600 + with_items: + - xserver-xorg-lts-trusty + - libgl1-mesa-glx-lts-trusty + register: xorg_pkg_result + when: "install_xorg_pkgs and (kernel_result|changed or kernel_result|success)" + +- name: Install latest kernel for Ubuntu 13.04+ + apt: + pkg: "{{ item }}" + state: "{{ kernel_pkg_state }}" + update_cache: yes + cache_valid_time: 600 + with_items: + - "linux-image-extra-{{ ansible_kernel }}" + - linux-image-extra-virtual + when: "ansible_distribution_version|version_compare('13.04', '=') + or ansible_distribution_version|version_compare('13.10', '=') + or install_kernel_extras" + +# Fix for https://github.com/dotcloud/docker/issues/4568 +- name: Install cgroup-lite for Ubuntu 13.10 + apt: + pkg: cgroup-lite + state: "{{ cgroup_lite_pkg_state }}" + update_cache: yes + cache_valid_time: 600 + register: cgroup_lite_result + when: "ansible_distribution_version|version_compare('13.10', '=')" + +- name: Reboot instance + command: /sbin/shutdown -r now + register: reboot_result + when: "(ansible_distribution_version|version_compare('12.04', '=') and kernel_result|changed) + or (ansible_distribution_version|version_compare('13.10', '=') and cgroup_lite_result|changed) + or xorg_pkg_result|changed" + +- name: Wait for instance to come online (10 minute timeout) + become: no + local_action: + module: wait_for + host: "{{ ansible_ssh_host|default(inventory_hostname) }}" + port: "{{ ansible_ssh_port|default(ssh_port) }}" + delay: 30 + timeout: 600 + state: started + when: "(ansible_distribution_version|version_compare('12.04', '=') and reboot_result|changed) + or (ansible_distribution_version|version_compare('13.10', '=') and cgroup_lite_result|changed)" diff --git a/roles/docker.ubuntu/tasks/main.yml b/roles/docker.ubuntu/tasks/main.yml new file mode 100644 index 0000000..ca00437 --- /dev/null +++ b/roles/docker.ubuntu/tasks/main.yml @@ -0,0 +1,331 @@ +--- +# tasks file for docker.ubuntu +- name: "Include proper python vars file" + include_vars: "{{ python_vars_file }}" + +- name: Fail if not a supported release of Ubuntu + fail: + msg: "{{ ansible_distribution_version }} is not an acceptable version of Ubuntu for this role" + when: ansible_lsb.id|lower == "ubuntu" and ansible_distribution_version|version_compare('14.04', '<') + +- name: Fail if not a new release of Debian + fail: + msg: "{{ ansible_distribution_version }} is not an acceptable version of Debian for this role" + when: ansible_lsb.id|lower == "debian" and ansible_distribution_version|version_compare('8.5', '<') + +- name: Fail if using python3 with Ansible<2.3 + fail: + msg: "Ansible 2.3+ is required to use Python3 interpreter." + when: ansible_version.full | version_compare('2.3', '<') and ansible_python_interpreter is defined and 'python3' in ansible_python_interpreter + +- name: Update kernel, kernel extras, Xorg pkgs, and related tasks + include: kernel_check_and_update.yml + when: kernel_update_and_reboot_permitted or install_kernel_extras + +- name: Uninstall old versions of Docker + apt: + name: "{{ item }}" + state: absent + with_items: + - docker + - docker-engine + - docker.io + when: uninstall_previous_docker_versions + +- name: Install linux-image-extra-* packages to enable AuFS driver + apt: + pkg: "{{ item }}" + state: present + update_cache: yes + cache_valid_time: "{{ docker_apt_cache_valid_time }}" + with_items: + - linux-image-extra-{{ ansible_kernel }} + - linux-image-extra-virtual + when: docker_aufs_enabled and ansible_distribution_version|version_compare('14.04', '==') + register: linux_image_extra_install + ignore_errors: yes + +- name: Try again to install linux-image-extra if previous attempt failed + apt: + pkg: "linux-image-extra-{{ ansible_kernel.split('-')[:-1]|join('-') }}*" + state: present + update_cache: yes + cache_valid_time: "{{ docker_apt_cache_valid_time }}" + when: linux_image_extra_install|failed + +- name: Ensure dirmngr is available + apt: + pkg: "{{ apt_dirmngr_pkg }}" + state: present + update_cache: yes + cache_valid_time: "{{ docker_apt_cache_valid_time }}" + +- name: Add Docker repository key + apt_key: + id: "{{ apt_key_sig }}" + keyserver: "{{ apt_key_url }}" + state: present + register: add_repository_key + ignore_errors: true + +- name: Alternative | Add Docker repository key + shell: "apt-key adv --fetch-keys {{ apt-key-url }}" + when: add_repository_key|failed + +- name: HTTPS APT transport for Docker repository + apt: + name: apt-transport-https + state: present + +- name: Add Docker repository and update apt cache + apt_repository: + repo: "{{ apt_repository }}" + mode: '644' + update_cache: yes + state: present + +- name: Install (or update) docker package + apt: + name: "{{ docker_pkg_name }}" + state: "{{ 'latest' if update_docker_package else 'present' }}" + update_cache: "{{ update_docker_package }}" + cache_valid_time: "{{ docker_apt_cache_valid_time }}" + +- name: Set systemd playbook var + set_fact: + is_systemd: false + changed_when: false + tags: always + +- name: Set systemd playbook var + set_fact: + is_systemd: true + when: ( ansible_distribution == "Ubuntu" and ansible_distribution_version|version_compare('15.04', '>=') or ansible_distribution == "Debian" ) + tags: always + +- name: Set docker_http_proxy_defined flag + set_fact: + docker_http_proxy_defined: "{{ docker_http_proxy is defined and docker_http_proxy is not none and docker_http_proxy != '' }}" + tags: proxy + +- name: Set docker_https_proxy_defined flag + set_fact: + docker_https_proxy_defined: "{{ docker_https_proxy is defined and docker_https_proxy is not none and docker_https_proxy != '' }}" + tags: proxy + +# https://github.com/moby/moby/issues/25471#issuecomment-263101090 +- name: Creates override directory (systemd) + file: + path: /etc/systemd/system/docker.service.d + state: "{{ (daemon_json is not none or docker_http_proxy_defined or docker_https_proxy_defined) | ternary('directory', 'absent') }}" + owner: root + group: root + mode: 0755 + when: + - is_systemd + tags: proxy + +- name: Set docker daemon override (systemd) + copy: + content: | + [Service] + ExecStart= + ExecStart=/usr/bin/dockerd + dest: /etc/systemd/system/docker.service.d/override.conf + owner: root + group: root + mode: 0644 + notify: + - Reload systemd + - Restart docker + when: daemon_json is not none and is_systemd + +- name: Set /etc/docker/daemon.json + copy: + content: "{{ daemon_json | to_nice_json }}" + dest: /etc/docker/daemon.json + owner: root + group: root + mode: 0644 + notify: + - Restart docker + when: daemon_json is not none + +- name: Fix DNS in docker.io + lineinfile: + dest: "{{ docker_defaults_file_path }}" + regexp: "DOCKER_OPTS=" + line: 'DOCKER_OPTS="--dns {{ ansible_docker0.ipv4.address }}"' + register: dns_fix + notify: Restart dockerio + when: docker_pkg_name == 'docker.io' + +- meta: flush_handlers + when: "dns_fix|changed" + +- pause: + seconds: 1 + when: "dns_fix|changed" + +# We must install pip via apt before we can use the pip module below +- name: "Install {{ _python_packages | join(', ') }} packages with apt" + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: "{{ docker_apt_cache_valid_time }}" + with_items: "{{ _python_packages }}" + +# Display an informative message if the docker-compose version needs to be downgraded +- name: Docker-compose version downgrade + debug: + msg: >- + Downgrading docker-compose version to {{ _pip_version_docker_compose }} because of docker-compose > 1.10 + requiring docker python package (instead of the docker-py one) which is incompatible with the docker_container + module in Ansible < 2.3 + when: pip_install_docker_compose and _pip_version_docker_compose != pip_version_docker_compose + +# See vars/main.yml for more information on this. +- name: Clean previous docker-py package if installing docker. + pip: + name: docker-py + state: absent + executable: "{{ _pip_executable }}" + when: (_pip_install_docker or pip_install_docker_compose) and _pip_docker_package_name == 'docker' + +# See vars/main.yml for more information on this. +- name: Clean previous docker package if installing docker-py. + pip: + name: docker + state: absent + executable: "{{ _pip_executable }}" + when: (_pip_install_docker or pip_install_docker_compose) and _pip_docker_package_name == 'docker-py' + +# Upgrade pip with pip to fix angstwad/docker.ubuntu/pull/35 and docker-py/issues/525 +- name: Install pip, setuptools, docker-py and docker-compose with pip + pip: + name: "{{ item.name }}" + state: "{{ 'latest' if item.version=='latest' else 'present' }}" + version: "{{ item.version if item.version!='latest' else omit }}" + executable: "{{ _pip_executable }}" + with_items: + - name: pip + version: "{{ pip_version_pip }}" + install: "{{ pip_install_pip }}" + - name: setuptools + version: "{{ pip_version_setuptools }}" + install: "{{ pip_install_setuptools }}" + - name: "{{ _pip_docker_package_name }}" + version: "{{ pip_version_docker }}" + install: "{{ _pip_install_docker }}" + - name: docker-compose + version: "{{ _pip_version_docker_compose }}" + install: "{{ pip_install_docker_compose }}" + when: item.install|bool + +- name: Check if /etc/updatedb.conf exists + stat: + path: /etc/updatedb.conf + register: updatedb_conf_exists + +- name: Ensure updatedb does not index /var/lib/docker + lineinfile: + dest: /etc/updatedb.conf + state: present + backrefs: yes + regexp: '^PRUNEPATHS="(/var/lib/docker )?(.*)"$' + line: 'PRUNEPATHS="/var/lib/docker \2"' + when: updatedb_conf_exists.stat.exists + +- name: Check if /etc/default/ufw exists + stat: + path: /etc/default/ufw + register: ufw_default_exists + +- name: Change ufw default forward policy from drop to accept + lineinfile: + dest: /etc/default/ufw + regexp: "^DEFAULT_FORWARD_POLICY=" + line: "DEFAULT_FORWARD_POLICY=\"ACCEPT\"" + when: ufw_default_exists.stat.exists + +- name: Set docker HTTP_PROXY if docker_http_proxy defined + lineinfile: + dest: /etc/default/docker + regexp: "^export http_proxy=" + line: "export http_proxy=\"{{docker_http_proxy}}\"" + state: "{{ docker_http_proxy_defined | ternary('present', 'absent') }}" + when: + - not is_systemd + notify: + - Restart docker + tags: proxy + +- name: Set docker HTTPS_PROXY if docker_https_proxy defined + lineinfile: + dest: /etc/default/docker + regexp: "^export https_proxy=" + line: "export https_proxy=\"{{docker_https_proxy}}\"" + state: "{{ docker_https_proxy_defined | ternary('present', 'absent') }}" + when: + - not is_systemd + notify: + - Restart docker + tags: proxy + +- name: Set docker HTTP(S)_PROXY if docker_http(s)_proxy defined (systemd) + copy: + content: | + [Service] + Environment="{% if docker_http_proxy_defined %}http_proxy={{ docker_http_proxy }}{% endif %}" + Environment="{% if docker_https_proxy_defined %}https_proxy={{ docker_https_proxy }}{% endif %}" + Environment="no_proxy={{ docker_no_proxy | default('') }}" + dest: /etc/systemd/system/docker.service.d/proxy.conf + owner: root + group: root + mode: 0644 + notify: + - Reload systemd + - Restart docker + when: + - is_systemd + - docker_http_proxy_defined or docker_https_proxy_defined + tags: proxy + +- name: Remove docker HTTP(S)_PROXY if docker_http(s)_proxy undefined (systemd) + file: + path: /etc/systemd/system/docker.service.d/proxy.conf + state: absent + notify: + - Reload systemd + - Restart docker + when: + - is_systemd + - not docker_http_proxy_defined and not docker_https_proxy_defined + tags: proxy + +- name: Start docker + service: + name: docker + state: started + when: docker_pkg_name.find('lxc-docker') != -1 or docker_pkg_name.find('docker-engine') != -1 + +- name: Start docker.io + service: + name: docker.io + state: started + when: docker_pkg_name == 'docker.io' + + # ATTENTION: this task can potentially create new users! +- name: Add users to the docker group + user: + name: "{{ item }}" + groups: docker + append: yes + with_items: "{{docker_group_members}}" + when: docker_group_members is defined + +- name: update facts if docker0 is not defined + setup: + filter: "ansible_docker0" + when: ansible_docker0 is not defined diff --git a/roles/docker.ubuntu/tests/vagrant.yml b/roles/docker.ubuntu/tests/vagrant.yml new file mode 100644 index 0000000..febaed4 --- /dev/null +++ b/roles/docker.ubuntu/tests/vagrant.yml @@ -0,0 +1,39 @@ +--- +# test file for docker.ubuntu role on vagrant +- hosts: ubuntu-1604 + become: yes + gather_facts: no + tasks: + - name: Install python + raw: export DEBIAN_FRONTEND=noninteractive && apt-get -y install python python-simplejson + +- hosts: all + become: yes + vars: + docker_group_members: + - "{{ ansible_user }}" + roles: + - role: docker.ubuntu + kernel_update_and_reboot_permitted: yes + + tasks: + - name: Create a dummy container + docker_container: + name: foobar + pull: true + image: busybox + state: started + when: _pip_install_docker or pip_install_docker_compose + register: container_creation + + - name: Remove the dummy container + docker_container: + name: foobar + state: absent + when: container_creation.changed + + - name: Remove the dummy image + docker_image: + name: busybox + state: absent + when: container_creation.changed diff --git a/roles/docker.ubuntu/vars/main.yml b/roles/docker.ubuntu/vars/main.yml new file mode 100644 index 0000000..5a1f70a --- /dev/null +++ b/roles/docker.ubuntu/vars/main.yml @@ -0,0 +1,47 @@ +--- +# Select python variable file according to the ansible_python_interpreter. +python_vars_file: >- + {{ 'python3.yml' if ansible_python_interpreter is defined + and 'python3' in ansible_python_interpreter + else 'python2.yml' }} + +# To use Docker Ansible modules, managed nodes require some Docker Python packages : +# * `docker-py` (renamed into `docker` since the 2.0.0 version); +# * `docker-compose` which is required by the docker_service Ansible module. +# +# The `docker` python package introduces some backward incompatible changes is version 2.0.0. +# Ansible 2.3+ is required to run this new version. Previous Ansible versions have to use docker-py<=1.10.6. +# The `docker-compose` python package has a dependency over the docker/docker-py package. +# The `docker-compose` 1.9.0 is the latest version to be compatible with the docker<2.0.0. +# +# To sum up: +# * with Ansible < 2.3: +# * you have to use docker-py<=1.10.6 due to backward incompatibilities of next versions +# * you have to use docker-compose<=1.9.0 due to docker-compose>1.9.0 using newer versions of docker-py. + +# Compute Ansible version or latest +_ansible_version_latest: "{{ ansible_version.full | version_compare('2.3', '<') }}" + +# Compute Python Docker component version or latest +_pip_version_docker_latest: >- + {{ pip_version_docker=='latest' or (pip_version_docker | version_compare('1.10.6', '>')) }} + +# Compute Python Docker-compose component version or latest +_pip_version_docker_compose_latest: >- + {{ pip_version_docker_compose=='latest' or (pip_version_docker_compose | version_compare('1.9.0', '>')) }} + +# Compute the `docker` Python package's version to use. +_pip_version_docker: >- + {{ '1.10.6' if (_ansible_version_latest and _pip_version_docker_latest) else pip_version_docker }} + +# Compute the `docker` Python package's name according to its version. +_pip_docker_package_name: "{{ 'docker-py' if not _pip_version_docker_latest else 'docker' }}" + +# Determine whether to install the `docker` package or not. The `docker-compose` Python package has a dependency over +# the `docker` Python package. So when installing the `docker-compose` package we'd rather let it handle the `docker` +# package version to prevent version mismatches. +_pip_install_docker: "{{ not pip_install_docker_compose and pip_install_docker }}" + +# Compute the `docker-compose` Python package's version to use. +_pip_version_docker_compose: >- + {{ '1.9.0' if (_ansible_version_latest and _pip_version_docker_compose_latest) else pip_version_docker_compose }} diff --git a/roles/docker.ubuntu/vars/python2.yml b/roles/docker.ubuntu/vars/python2.yml new file mode 100644 index 0000000..f3de98b --- /dev/null +++ b/roles/docker.ubuntu/vars/python2.yml @@ -0,0 +1,7 @@ +# Python2 specific variables. + +_python_packages: + - python-dev + - python-pip + +_pip_executable: pip diff --git a/roles/docker.ubuntu/vars/python3.yml b/roles/docker.ubuntu/vars/python3.yml new file mode 100644 index 0000000..e7785a9 --- /dev/null +++ b/roles/docker.ubuntu/vars/python3.yml @@ -0,0 +1,7 @@ +# Python3 specific variables. + +_python_packages: + - python3-dev + - python3-pip + +_pip_executable: pip3 diff --git a/setup.yml b/setup.yml new file mode 100644 index 0000000..195774d --- /dev/null +++ b/setup.yml @@ -0,0 +1,14 @@ +--- +- hosts: + - local + remote_user: root + become_user: root + become: yes + roles: + - role: docker.ubuntu + tasks: + - include_tasks: tasks/docker.yml + tags: + - tbp + - include_tasks: tasks/tbp.yml + tags: tbp diff --git a/tasks/tbp.yml b/tasks/tbp.yml new file mode 100644 index 0000000..6df071a --- /dev/null +++ b/tasks/tbp.yml @@ -0,0 +1,146 @@ +- name: Create certs directory + tags: + - nginx + - tbp + file: + path: /etc/nginx/certs + state: directory + +- name: Create vhost directory + tags: + - nginx + - tbp + file: + path: /etc/nginx/vhost.d + state: directory + +- name: Create nginxhtml directory + tags: + - nginx + - tbp + file: + path: /usr/share/nginx/html + state: directory + +- name: Pull and Start nginx-proxy + tags: + - nginx + - tbp + docker_container: + name: nginx-proxy + image: jwilder/nginx-proxy + published_ports: + - 80:80 + - 443:443 + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - /etc/nginx/certs:/etc/nginx/certs:ro + - /etc/nginx/vhost.d + - /usr/share/nginx/html + labels: + com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" + +- name: Pull and start nginx letsencrypt companion + tags: + - nginx + - tbp + docker_container: + name: nginx-letsencrypt + image: jrcs/letsencrypt-nginx-proxy-companion + volumes: + - /etc/nginx/certs:/etc/nginx/certs:rw + - /var/run/docker.sock:/var/run/docker.sock:ro + volumes_from: + - nginx-proxy + +- name: Create the tbp user + tags: tbp + user: + name: "{{ tbp_username }}" + uid: "{{ tbp_uid }}" + createhome: no + state: present + +- name: create tbp directory on host + file: + path: /var/tbp + owner: "{{ tbp_username }}" + group: "{{ tbp_username }}" + mode: 0775 + state: directory + tags: + - docker + - tbp + +- name: create tbp visits log + file: + path: /var/tbp/visits.csv + owner: "{{ tbp_username }}" + group: "{{ tbp_username }}" + mode: 0666 + state: touch + tags: + - docker + - tbp + +- name: create tbp first time visitor log + file: + path: /var/tbp/firsttime.txt + owner: "{{ tbp_username }}" + group: "{{ tbp_username }}" + mode: 0666 + state: touch + tags: + - docker + - tbp + +- name: get the tbp member roll + get_url: + dest: /var/tbp/members.csv + url: https://thebikeproject.littlegreenlight.com/rptlink/7c83ba52-a75f-4fdb-b5ec-b8f97ec72f3a + mode: 0644 + owner: "{{ tbp_username }}" + group: "{{ tbp_username }}" + tags: + - docker + - tbp + +- name: Copying docker dir to target + synchronize: + src: ./docker + dest: / + tags: + - docker + - tbp + +- name: Build TBP docker container + docker_image: + name: tbp + path: /docker/tbp + +- name: Run TBP docker container + docker_container: + name: tbp + image: tbp + user: "{{ tbp_uid }}" + env: + # For nginx-proxy to use. + VIRTUAL_HOST: "{{ tbp_server }}" + LETSENCRYPT_HOST: "{{ tbp_server }}" + LETSENCRYPT_EMAIL: marty@millermart.in + LETSENCRYPT_TEST: "{{ letsencrypt_test }}" + volumes: + - /var/tbp/:/var/www/visitlog + tags: + - docker + - tbp +- name: Create cronjob to update the member roll + cron: + name: "Update member rolls" + user: "{{ tbp_username }}" + hour: "*/6" + minute: 15 + state: present + job: curl https://thebikeproject.littlegreenlight.com/rptlink/7c83ba52-a75f-4fdb-b5ec-b8f97ec72f3a -o /var/tbp/members.csv + tags: tbp + |