Commit 3791db0d authored by Mehdi Khadir's avatar Mehdi Khadir
Browse files

Role sonarqube

parent 51a62176
WEBLATE
=======
Weblate deployement using docker and docker compose
See : https://docs.weblate.org/en/latest/admin/install/docker.html
Requirements
------------
Needs paquerette ansible utility rôles : https://git.paquerette.eu/paquerette/infrastructure/ansible-paquerette
docker must be available on the machine
Role Variables
--------------
```yml
- role: weblate
app_instance_id: weblate_main
app_user: weblate_user
app_user_password: $6$w0Xq3Ebrn$kFq................
app_domain: weblate.domain.fr
app_admin_password: "sdj....."
database_password: "psp....;"
description: weblate
```
Default variables
Can be changed in instance configuration
```yml
app_admin: "admin"
app_admin_email: "{{ smtp_user }}"
WEBLATE_MT_MYMEMORY_ENABLED: 1
WEBLATE_REGISTRATION_OPEN: 1
```
Dependencies
------------
- base_server
- base_platform
- docker
Using the rôle
--------------
Installation :
--------------
`./play.py --inv hosts yourhost weblate_main reinstall`
Uninstallation :
----------------
WARNING: Uninsall will remove volumes
`/play.py --inv hosts yourhost weblate_main uninstall -e 'app_instance_to_uninstall=weblate_main'`
License
-------
GPL V3
Author Information
------------------
Jean-Yves LEBLEU jlebleu@gmail.com / contact@paquerette.eu
---
# defaults file for sonarqube
app_main_port: "9000"
app_group: "{{ app_user }}"
database_user : "{{ app_instance_id }}_usr"
database_name : "sonar"
version: "3"
services:
sonarqube:
image: sonarqube:community
depends_on:
- db
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/${POSTGRES_DATABASE}
SONAR_JDBC_USERNAME: ${POSTGRES_USER}
SONAR_JDBC_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- sonarqube_data:/opt/sonarqube/data
- sonarqube_extensions:/opt/sonarqube/extensions
- sonarqube_logs:/opt/sonarqube/logs
ports:
- 127.0.0.1:${APP_MAIN_PORT:-9000}:9000
- ::1:${APP_MAIN_PORT:-9000}:9000
db:
image: postgres:12
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- postgresql:/var/lib/postgresql
- postgresql_data:/var/lib/postgresql/data
volumes:
sonarqube_data:
sonarqube_extensions:
sonarqube_logs:
postgresql:
postgresql_data:
\ No newline at end of file
---
# handlers file for sonarqube
- name: reload nginx sonarqube
service: name=nginx state=reloaded
---
- name: update vm.max_map_count
ansible.posix.sysctl:
name: vm.max_map_count
value: '262144'
state: present
- name: update or check inventory
import_role:
name: _app_log_inventory
vars:
log_type: "install"
- name: Create of update let'encrypt certificate
import_role:
name: _letsencrypt_certificate
when: app_domain is defined and app_domain != ""
- name: create user {{ app_user }}
import_role:
name: _user
vars:
user_name: "{{ app_user }}"
user_password: "{{ app_user_password }}"
when: app_user is defined
- import_tasks: nginx.yml
- import_tasks: install_sonarqube.yml
- name: log rotate
import_role:
name: _app_logrotate
- name: "enable site for {{ app_domain }}"
file:
state: link
path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf"
src: "/etc/nginx/sites-available/{{ app_instance_id }}.conf"
notify: reload nginx sonarqube
- name: Add monit
import_role:
name: _app_monit
when: monit_request is defined and monit_request != ''
---
- name: "copy docker-compose {{ app_instance_id }}"
copy:
src: "docker-compose.yml"
dest: "{{ app_instance_root }}/docker-compose.yml"
tags:
- sonarqube
- name: "template .env file {{ app_instance_id }}"
template:
src: ".env.j2"
dest: "{{ app_instance_root }}/.env"
tags:
- sonarqube
- name: "start sonarqube environment"
docker_compose:
project_src: "{{ app_instance_root }}"
state: present
tags:
- sonarqube
\ No newline at end of file
---
# tasks file for sonarqube
- name: "set user home var "
set_fact:
app_user_home: "/home/{{ app_user }}"
tags:
- setpath
- name: "set instance root"
set_fact:
app_instance_root: "{{ app_user_home }}/{{ app_instance_id }}"
tags:
- setpath
- name: "set instance root"
set_fact:
run_user: "{{ app_user }}"
tags:
- setpath
- import_tasks: install.yml
when: app_run in ['install', 'reinstall']
- import_tasks: uninstall.yml
when: app_run == 'uninstall'
\ No newline at end of file
---
- name: "directory for www logs mounted in jail"
file:
state: directory
path: "{{ app_instance_root }}/../logs"
mode: 0711
owner: "{{ app_user }}"
group: "{{ app_group }}"
when: app_user is defined
- name: "template nginx_app.j2 {{ app_instance_id }}"
template:
src: "nginx_app.j2"
dest: "/etc/nginx/sites-available/{{ app_instance_id }}.conf"
notify: reload nginx sonarqube
tags:
- rev_proxy
\ No newline at end of file
---
- name: log inventory role
import_role:
name: _app_log_inventory
vars:
log_type: "uninstall"
- name: uninstall ningx and logs
block:
- name: "disable site for {{ app_domain }}"
file:
state: absent
path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf"
when: app_domain is defined and app_domain != ""
register: disable_site
- import_role:
name: _app_monit
when: monit_request is defined and monit_request != ''
- name: reload monit
service: name=monit state=reloaded
when: disable_site.changed
- name: "remove nginx configuration for {{ app_instance_id }}"
file:
state: absent
path: "/etc/nginx/sites-available/{{ app_instance_id }}.conf"
- name: reload nginx
service: name=nginx state=reloaded
when: disable_site.changed
- import_role:
name: _letsencrypt_certificate
- import_role:
name: _app_logrotate
- name: "umount {{ app_instance_id }} logs"
shell: "umount {{ app_instance_root }}/../logs/{{ app_instance_id }}"
failed_when: False
changed_when: false
when: app_user is defined
- name: "Remove mount line in fstab for {{ app_user }}"
lineinfile:
path: "/etc/fstab"
regexp: "^{{ www_log }}/{{ app_instance_id }}"
state: absent
when: app_user is defined
- name: "remove mount point for {{ app_instance_id }} logs "
file:
state: absent
path: "{{ app_instance_root }}/../logs/{{ app_instance_id }}"
when: app_user is defined
when: app_domain != ""
- import_tasks: uninstall_sonarqube.yml
- name: "remove {{ app_instance_root }}"
file:
state: absent
path: "{{ app_instance_root }}"
- name: remove user {{ app_user }}
import_role:
name: _user
vars:
user_name: "{{ app_user }}"
user_password: "{{ app_user_password }}"
user_to_remove: "{{ app_user }}"
when: app_user is defined
---
- name: "test docker compose presence"
stat:
path: "{{ app_instance_root }}/docker-compose.yml"
register: compose
- name: "remove {{ app_service_name }} services and volumes"
docker_compose:
project_src: "{{ app_instance_root }}"
remove_volumes: yes
state: absent
when: compose.stat.exists
- name: "docker-compose.yml {{ app_service_name }}"
file:
state: absent
path: "{{ app_instance_root }}/docker-compose.yml"
- name: "remove .env file {{ app_service_name }}"
file:
state: absent
path: "{{ app_instance_root }}/.env"
\ No newline at end of file
APP_MAIN_PORT={{ app_main_port }}
POSTGRES_PASSWORD={{ database_password }}
POSTGRES_USER={{ database_user }}
POSTGRES_DATABASE={{ database_user }}
map $http_user_agent $log_ua {
~Monit 0;
default 1;
}
server {
listen 80;
listen [::]:80;
server_name {{ app_domain | mandatory }};
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ app_domain }};
ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag all; # https://developers.google.com/search/docs/advanced/robots/robots_meta_tag
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Strict-Transport-Security "max-age=15768000";
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
access_log {{ www_log }}/{{ app_instance_id }}/access.log combined if=$log_ua;
error_log {{ www_log }}/{{ app_instance_id }}/error.log;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://localhost:{{ app_main_port }};
}
}
---
# vars file for cvat
app_program: "cvat"
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment