From 0cedf15ad9246e32caf338dbd28c6ecaf8a6c47a Mon Sep 17 00:00:00 2001 From: Dan Anglin Date: Wed, 22 Apr 2020 19:21:59 +0100 Subject: [PATCH] feat: add Dockerfile to Dockerise the playbook - Add Dockerfile to install Ansible and the playbook. - Add Makefile target to build the image. - Add Makefile target to run the playbook. - Add the playbook that ansible will run. - Add .dockerignore to limit the files added to the context. - Added a pipeline job to test the image build. - Added a pipeline job to lint the Dockerfile. This closes dananglin/pleroma-ansible-playbook#13 --- .dockerignore | 5 ++++ .gitlab-ci.yml | 56 +++++++++++++++++++++++++++++++++++++++++--- Dockerfile | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++ Makefile | 14 ++++++++++- playbook.yml | 34 +++++++++++++++++++++++++++ 5 files changed, 168 insertions(+), 4 deletions(-) create mode 100644 .dockerignore create mode 100644 Dockerfile create mode 100644 playbook.yml diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..da1fb81 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +* +!roles +!library +!Makefile +!playbook.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 86c1774..1a3703b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,13 +1,63 @@ --- -image: python:3.7.6-slim-buster - stages: - test -test: +.use-python: + image: python:3.7.6-slim-buster + +.docker-dind-service: + services: + - docker:19.03.8-dind + +.use-docker: + image: docker:19.03.8 + +.install-deps: &install-deps +- apk add --no-cache make + +test:dockerfile-lint: + image: hadolint/hadolint:v1.17.5-alpine + script: + - hadolint ./Dockerfile + only: + refs: + - merge_requests + changes: + - Dockerfile + except: + refs: + - master + +test:docker-image-build: + extends: + - .docker-dind-service + - .use-docker + script: + - *install-deps + - make image + stage: test + only: + refs: + - merge_requests + changes: + - Dockerfile + except: + refs: + - master + +test:custom-modules: + extends: .use-python stage: test before_script: - apt-get update && apt-get install make - pip install ansible==2.9.6 script: - make test_modules_unit + only: + refs: + - merge_requests + changes: + - library/* + except: + refs: + - master diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..8d9152c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,63 @@ +FROM alpine:3.11 + +ARG ANSIBLE_UID=1200 +ARG ANSIBLE_USER=ansible +ARG ANSIBLE_VERSION=2.9.7 +ARG PLEROMA_PLAYBOOK_DIRECTORY=/ansible/pleroma-playbook +ARG BUILD_TIME +ARG BUILD_TAG + +# Annotation (label) schema based on the OCI image specification. +# https://github.com/opencontainers/image-spec/blob/master/annotations.md +LABEL org.opencontainers.image.authors="Dan Anglin " \ + org.opencontainers.image.created=${BUILD_TIME} \ + org.opencontainers.image.documentation="https://gitlab.com/dananglin/pleroma-ansible-playbook/-/blob/master/README.md" \ + org.opencontainers.image.source="https://gitlab.com/dananglin/pleroma-ansible-playbook.git" \ + org.opencontainers.image.version=${BUILD_TAG} \ + org.opencontainers.image.vendor="Dan Anglin" \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.title="Pleroma Ansible Playbook" \ + org.opencontainers.image.description="Ansible playbook that installs, configures and customizes Pleroma on a Alpine host." + +RUN \ + apk add --no-cache \ + ca-certificates=20191127-r1 \ + make=4.2.1-r2 \ + openssh-client=8.1_p1-r0 \ + openssl=1.1.1g-r0 \ + python3=3.8.2-r0 \ + && \ + apk add --no-cache --virtual .build-deps \ + python3-dev=3.8.2-r0 \ + libffi-dev=3.2.1-r6 \ + openssl-dev=1.1.1g-r0 \ + build-base=0.5-r1 \ + && \ + pip3 install --upgrade \ + pip==20.0.2 \ + cffi==1.14.0 \ + && \ + pip install \ + ansible==${ANSIBLE_VERSION} \ + && \ + apk del \ + .build-deps \ + && \ + adduser -u ${ANSIBLE_UID} -s /bin/sh -D ${ANSIBLE_USER} + +COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} library ${PLEROMA_PLAYBOOK_DIRECTORY}/library/ +COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} roles ${PLEROMA_PLAYBOOK_DIRECTORY}/roles/ +COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} playbook.yml ${PLEROMA_PLAYBOOK_DIRECTORY}/playbook.yml +COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} Makefile ${PLEROMA_PLAYBOOK_DIRECTORY}/Makefile + +ENV ANSIBLE_HOST_KEY_CHECKING=False \ + ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3 \ + ANSIBLE_SSH_PIPELINING=False \ + ANSIBLE_GATHERING=smart \ + ANSIBLE_RETRY_FILES_ENABLED=False \ + ANSIBLE_PERSISTENT_CONNECT_TIMEOUT=30 \ + ANSIBLE_PERSISTENT_COMMAND_TIMEOUT=60 + +USER ${ANSIBLE_USER} +WORKDIR ${PLEROMA_PLAYBOOK_DIRECTORY} +CMD [ "make", "pleroma" ] diff --git a/Makefile b/Makefile index b0abff3..51f70d7 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,12 @@ VAPID_PRIVATE_KEY_FILE := vapid-private-key.pem +INVENTORY ?= "hosts.yml" +PLAYBOOK_TAGS ?= "all" +PLAYBOOK_FILE ?= "playbook.yml" +DOCKERFILE = Dockerfile +IMAGE_NAME ?= pleroma-ansible-playbook +IMAGE_TAG ?= latest -PHONY: secret_key_base signing_salt vapid_private_key vapid_public_key +PHONY: secret_key_base signing_salt vapid_private_key vapid_public_key test_modules_unit image pleroma all: secret_key_base signing_salt vapid_key_pair @@ -27,3 +33,9 @@ vapid_public_key: $(VAPID_PRIVATE_KEY_FILE) test_modules_unit: @find ./library -mindepth 1 -maxdepth 1 -type f -name test_*.py | xargs python3 + +image: + @docker build -f $(DOCKERFILE) -t $(IMAGE_NAME):$(IMAGE_TAG) . + +pleroma: + ansible-playbook --inventory $(INVENTORY) --tags $(PLAYBOOK_TAGS) $(EXTRA_ARGS) $(PLAYBOOK_FILE) diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..b1c037e --- /dev/null +++ b/playbook.yml @@ -0,0 +1,34 @@ +--- +- name: Initialising the playbook. + hosts: all + roles: + - init + tags: + - always + +- name: Setting up the Pleroma database. + hosts: pleroma_database + become: yes + become_method: sudo + roles: + - pleroma-database + tags: + - pleroma-database + +- name: Setting up Pleroma. + hosts: pleroma_main + become: yes + become_method: sudo + roles: + - pleroma-main + tags: + - pleroma-main + +- name: Setting up the Pleroma proxy layer. + hosts: pleroma_proxy + become: yes + become_method: sudo + roles: + - pleroma-proxy + tags: + - pleroma-proxy