diff --git a/.github/workflows/ansible.yml b/.github/workflows/ansible.yml index db4e680..0124e9c 100644 --- a/.github/workflows/ansible.yml +++ b/.github/workflows/ansible.yml @@ -19,6 +19,8 @@ on: options: - a11yvillage-be - a11yvillage-fe + - coseeing-fe + - coseeing-be jobs: deploy: diff --git a/ansible_yaml/coseeing-be-playbook.yml b/ansible_yaml/coseeing-be-playbook.yml new file mode 100644 index 0000000..f9839a8 --- /dev/null +++ b/ansible_yaml/coseeing-be-playbook.yml @@ -0,0 +1,189 @@ +- name: Show Docker Compose Running Status + hosts: all + become: true + become_user: root + vars: + deploy_tag: ${{ github.event.inputs.deployTag }} + docker_compose_dir: /data/coseeing-server + secret_name: prod/rdsuser/coseeing + secret_region: ap-northeast-1 + webroot_path: '/var/www/html' # the root path of your site + certbot_source_directory: /usr/local/certbot-src + certbot_executable_path: "{{ certbot_source_directory }}/venv/bin/certbot" + domain: api.coseeing.org + email: tsengwoody@coseeing.org + ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com + image_name: "{{ ecr_location }}/coseeing-be:{{ deploy_tag }}" + collections: + - community.docker + - community.aws + tasks: + + - name: Set ansible_python_interpreter to use the installed Python + set_fact: + ansible_python_interpreter: /usr/bin/python3 + + - name: Update apt repo and cache on all Debian/Ubuntu boxes + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 + become: true + + - name: Upgrade all apt packages + apt: upgrade=yes force_apt_get=yes + become: true + + - name: Install Python pip + apt: name={{ item }} update_cache=true state=present force_apt_get=yes + with_items: + - python3-pip + become: true + + - name: Install Python packages using apt + apt: + name: + - python3-docker + - python3-boto3 + - python3-botocore + - python3-venv + - gcc + - libaugeas0 + - libssl-dev + - libffi-dev + - ca-certificates + - openssl + - git + state: present + update_cache: yes + become: true + + - name: Get info from AWS secret manager + set_fact: + secret_data: "{{ lookup('amazon.aws.aws_secret', secret_name, region=secret_region) | from_json }}" + + - name: Set fact from secret_json + set_fact: + SECRET_KEY: "{{ secret_data.SECRET_KEY }}" + MARIADB_USER: "{{ secret_data.username }}" + MARIADB_PASSWORD: "{{ secret_data.password }}" + MARIADB_HOST: "{{ secret_data.host }}" + MARIADB_PORT: "{{ secret_data.port }}" + MARIADB_DATABASE: "{{ secret_data.database }}" + + - name: Ensure docker compose directory exists + file: + path: "{{ docker_compose_dir }}" + state: directory + mode: '0755' + become: true + + - name: Ensure docker compose directory exists + file: + path: "{{ docker_compose_dir }}/data" + state: directory + mode: '0755' + become: true + + - name: Create .env file + copy: + dest: "{{ docker_compose_dir }}/.env" + content: | + SECRET_KEY={{ SECRET_KEY }} + MARIADB_USER={{ MARIADB_USER }} + MARIADB_PASSWORD={{ MARIADB_PASSWORD }} + MARIADB_HOST={{ MARIADB_HOST }} + MARIADB_PORT={{ MARIADB_PORT }} + MARIADB_DATABASE={{ MARIADB_DATABASE }} + ALLOWED_HOSTS=* + HOST=https://coseeing.org + + - name: Copy docker-compose.yml Document + copy: + dest: "{{ docker_compose_dir }}/docker-compose.yml" + content: | + services: + coseeing-server: + container_name: coseeing-server + image: {{ image_name }} + restart: always + volumes: + - my-volume:/app/data + networks: + - default + - entry + labels: + - "traefik.enable=true" + - "traefik.http.routers.api-coseeing.rule=Host(`api.coseeing.org`)" + - "traefik.http.routers.api-coseeing.entrypoints=websecure" + - "traefik.http.routers.api-coseeing.tls.certresolver=api-coseeing" + - "traefik.docker.network=entry" + deploy: + resources: + limits: + cpus: '0.20' + memory: 0.3G + command: ["sh", "-c", "python manage.py runserver 0.0.0.0:8000"] + environment: + - SECRET_KEY=${SECRET_KEY} + - MARIADB_USER=${MARIADB_USER} + - MARIADB_PASSWORD=${MARIADB_PASSWORD} + - MARIADB_HOST=${MARIADB_HOST} + - MARIADB_PORT=${MARIADB_PORT} + - MARIADB_DATABASE=${MARIADB_DATABASE} + - ALLOWED_HOSTS=${ALLOWED_HOSTS} + - HOST=${HOST} + + volumes: + my-volume: + driver: local + driver_opts: + type: none + device: data + o: bind + + networks: + entry: + driver: bridge + name: entry + + - name: Update the repository cache and update package "unzip" to latest version using default + apt: + name: unzip + state: latest + update_cache: yes + + - name: Install AWS CLI v2 + shell: | + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" + unzip /tmp/awscliv2.zip -d /tmp + sudo /tmp/aws/install + rm -f /tmp/awscliv2.zip + rm -rf /tmp/aws + args: + creates: /usr/local/bin/aws + + - name: Login ECR using AWS CLI + shell: | + aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin {{ ecr_location }} + register: ecr_login + no_log: false + + - name: Check if image exists + docker_image_info: + name: "{{ image_name }}" + register: image_info + + - name: Untag existing image if it exists + docker_image: + name: "{{ image_name }}" + state: absent + force_absent: true + when: image_info.images | length > 0 + + - name: Run + docker_compose_v2: + project_src: "{{ docker_compose_dir }}" + state: present + register: compose_result + + - name: Show compose_result Detail info + debug: + var: compose_result diff --git a/ansible_yaml/coseeing-fe-playbook.yml b/ansible_yaml/coseeing-fe-playbook.yml new file mode 100644 index 0000000..7a22fc9 --- /dev/null +++ b/ansible_yaml/coseeing-fe-playbook.yml @@ -0,0 +1,140 @@ +- name: Show Docker Compose Running Status + hosts: all + become: true + become_user: root + vars: + deploy_tag: ${{ github.event.inputs.deployTag }} + docker_compose_dir: /data/coseeing-web + secret_name: prod/rdsuser/coseeing + secret_region: ap-northeast-1 + webroot_path: '/var/www/html' # the root path of your site + certbot_source_directory: /usr/local/certbot-src + certbot_executable_path: "{{ certbot_source_directory }}/venv/bin/certbot" + domain: coseeing.org + email: tsengwoody@coseeing.org + ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com + image_name: "{{ ecr_location }}/coseeing-fe:{{ deploy_tag }}" + collections: + - community.docker + - community.aws + tasks: + + - name: Set ansible_python_interpreter to use the installed Python + set_fact: + ansible_python_interpreter: /usr/bin/python3 + + - name: Update apt repo and cache on all Debian/Ubuntu boxes + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 + become: true + + - name: Upgrade all apt packages + apt: upgrade=yes force_apt_get=yes + become: true + + - name: Install Python pip + apt: name={{ item }} update_cache=true state=present force_apt_get=yes + with_items: + - python3-pip + become: true + + - name: Install Python packages using apt + apt: + name: + - python3-docker + - python3-boto3 + - python3-botocore + - python3-venv + - gcc + - libaugeas0 + - libssl-dev + - libffi-dev + - ca-certificates + - openssl + - git + state: present + update_cache: yes + become: true + + - name: Ensure docker compose directory exists + file: + path: "{{ docker_compose_dir }}" + state: directory + mode: '0755' + become: true + + - name: Copy docker-compose.yml Document + copy: + dest: "{{ docker_compose_dir }}/docker-compose.yml" + content: | + version: "3.7" + services: + coseeing-web: + container_name: coseeing-web + image: {{ image_name }} + restart: always + deploy: + resources: + limits: + cpus: '0.70' + memory: 1G + labels: + - "traefik.enable=true" + - "traefik.http.routers.coseeing.rule=Host(`coseeing.org`)" + - "traefik.http.routers.coseeing.entrypoints=websecure" + - "traefik.http.routers.coseeing.tls.certresolver=coseeing" + - "traefik.docker.network=entry" + networks: + - default + - entry + environment: + - NEXT_PUBLIC_BASE_URL=https://api.coseeing.org/about/api + - NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID=GTM-NQQ79V67 + + networks: + entry: + driver: bridge + name: entry + + - name: Update the repository cache and update package "unzip" to latest version using default + apt: + name: unzip + state: latest + update_cache: yes + + - name: Install AWS CLI v2 + shell: | + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" + unzip /tmp/awscliv2.zip -d /tmp + sudo /tmp/aws/install + rm -f /tmp/awscliv2.zip + rm -rf /tmp/aws + args: + creates: /usr/local/bin/aws + + - name: Login ECR using AWS CLI + shell: | + aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin {{ ecr_location }} + register: ecr_login + no_log: false + + - name: Check if image exists + docker_image_info: + name: "{{ image_name }}" + register: image_info + + - name: Untag existing image if it exists + docker_image: + name: "{{ image_name }}" + state: absent + force_absent: true + when: image_info.images | length > 0 + + - name: Run + docker_compose_v2: + project_src: "{{ docker_compose_dir }}" + state: present + register: compose_result + + - name: Show compose_result Detail info + debug: + var: compose_result