Merge pull request #1 from Diesel-Net/development

Promotion

Author: tomdaley92

.ansible/ansible.cfg

@@ -0,0 +1,9 @@
+[defaults]
+
+stdout_callback = debug
+host_key_checking = False
+retry_files_enabled = False
+
+# Fixes ansible variable precedence issue: Makes inventory group_vars override playbook group_vars
+# https://github.com/ansible/ansible/issues/18154
+precedence = all_plugins_play, all_inventory, all_plugins_inventory, groups_plugins_play, groups_inventory, groups_plugins_inventory

.ansible/deploy.yaml

@@ -0,0 +1,22 @@
+# ansible-playbook deploy.yaml -i inventories/prod/hosts --vault-id ~/.tokens/master_id
+
+- hosts: tools
+  strategy: linear
+  roles:
+    - common
+
+  tasks:
+
+    - include_role:
+        name: common
+        tasks_from: make_config_dir
+
+    - include_role:
+        name: common
+        tasks_from: make_data_dir
+
+    - include_role:
+        name: docker
+        tasks_from: stack_deploy
+
+

.ansible/inventory/development/group_vars/tools/config.yaml

@@ -0,0 +1,2 @@
+domain: ldap.dev.diesel.net
+admin_password: ldap

.ansible/inventory/development/hosts

@@ -0,0 +1,8 @@
+all:
+  children:
+    tools:
+      hosts:
+        ldap.dev.diesel.net
+  vars:
+    ansible_user: automation
+    ansible_python_interpreter: /usr/bin/python3

.ansible/inventory/stable/group_vars/tools/config.yaml

@@ -0,0 +1,8 @@
+domain: ldap.diesel.net
+admin_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  32333234346638666436326665663963616137363031303339653538653737653033353861336661
+  3430653763353765316530373635313334636636316464310a393935653236666638663962306432
+  65646438666261646265363034643033633139666161656635623239663731336366353165356533
+  3964393537373032380a643838623761633931343037333864633530306463643832383664613737
+  3230

.ansible/inventory/stable/hosts

@@ -0,0 +1,8 @@
+all:
+  children:
+    tools:
+      hosts:
+        ldap.diesel.net
+  vars:
+    ansible_user: automation
+    ansible_python_interpreter: /usr/bin/python3

.ansible/roles/requirements.yaml

@@ -0,0 +1,9 @@
+- name: common
+  scm: git
+  src: "git@github.com:Diesel-Net/ansible-role-common.git"
+  version: 1.0.1
+
+- name: docker
+  scm: git
+  src: "git@github.com:Diesel-Net/ansible-role-docker.git"
+  version: 1.2.1

.ansible/templates/docker-compose.yaml.j2

@@ -0,0 +1,31 @@
+# docker-compose.yaml
+
+version: '3.8'
+services: 
+
+
+  main:
+    image: osixia/phpldapadmin:0.9.0
+    volumes:
+      - /etc/localtime:/etc/localtime
+      - {{ ssl_cert_dir }}:/container/service/phpldapadmin/assets/apache2/certs
+    environment:
+      PHPLDAPADMIN_HTTPS: 'false'
+      PHPLDAPADMIN_LDAP_CLIENT_TLS: 'true'
+      PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: {{ ssl_cert_filename }}
+      PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: try
+      PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'{{ domain }}': [{'server': [{'tls': False}, {'port': 389}]},{'login': [{'bind_id': 'cn=admin,dc=diesel,dc=net'},{'bind_pass': '{{ admin_password }}'}]}]}]"
+    command: >
+      --loglevel debug
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.services.{{ git_repository }}.loadbalancer.server.port=80
+        - traefik.http.routers.{{ git_repository }}.rule=Host(`{{ domain }}`)
+        - traefik.http.routers.{{ git_repository }}.tls.certresolver=step-ca
+    networks:
+      - {{ docker_network }}
+
+networks:
+  {{ docker_network }}:
+    external: true

.drone.yaml

@@ -0,0 +1,33 @@
+---
+kind: pipeline
+type: docker
+name: Install phpLDAPadmin
+
+clone:
+  depth: 1
+
+steps:
+  - name: deploy
+    image: plugins/ansible:3
+    environment:
+      ANSIBLE_CONFIG: .ansible/ansible.cfg
+    settings:
+      playbook: .ansible/deploy.yaml
+      galaxy: .ansible/roles/requirements.yaml
+      private_key:
+        from_secret: ansible_private_key
+      vault_password:
+        from_secret: ansible_vault_password
+    commands:
+      # dynamically select inventory based on Git branch/tag
+      - version=$DRONE_BRANCH
+      - if [ ! -z $DRONE_TAG ]; then version=production; fi
+      - /bin/drone-ansible --inventory .ansible/inventory/$$version/hosts
+
+trigger:
+  branch:
+    - development
+    - stable
+  event:
+    - push
+...

.gitignore

@@ -0,0 +1,2 @@
+.ansible/roles/docker
+.ansible/roles/common