From b7544a04a7d1533ca1297d18480994d57564edc5 Mon Sep 17 00:00:00 2001 From: Anson Shie Date: Sun, 6 Jul 2025 08:20:26 +0000 Subject: [PATCH 1/6] Add coseeing-fe --- ansible_yaml/coseeing-fe-playbook.yml | 140 ++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 ansible_yaml/coseeing-fe-playbook.yml diff --git a/ansible_yaml/coseeing-fe-playbook.yml b/ansible_yaml/coseeing-fe-playbook.yml new file mode 100644 index 0000000..bc03d9f --- /dev/null +++ b/ansible_yaml/coseeing-fe-playbook.yml @@ -0,0 +1,140 @@ +- name: Show Docker Compose Running Status + hosts: all + become: true + become_user: root + vars: + deploy_tag: ${{ github.event.inputs.deployTag }} + docker_compose_dir: /data/coseeing-web + secret_name: prod/rdsuser/coseeing + secret_region: ap-northeast-1 + webroot_path: '/var/www/html' # the root path of your site + certbot_source_directory: /usr/local/certbot-src + certbot_executable_path: "{{ certbot_source_directory }}/venv/bin/certbot" + domain: coseeing.org + email: tsengwoody@coseeing.org + ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com + image_name: "{{ ecr_location }}/coseeing-fe:{{ deploy_tag }}" + collections: + - community.docker + - community.aws + tasks: + + - name: Set ansible_python_interpreter to use the installed Python + set_fact: + ansible_python_interpreter: /usr/bin/python3 + + - name: Update apt repo and cache on all Debian/Ubuntu boxes + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 + become: true + + - name: Upgrade all apt packages + apt: upgrade=yes force_apt_get=yes + become: true + + - name: Install Python pip + apt: name={{ item }} update_cache=true state=present force_apt_get=yes + with_items: + - python3-pip + become: true + + - name: Install Python packages using apt + apt: + name: + - python3-docker + - python3-boto3 + - python3-botocore + - python3-venv + - gcc + - libaugeas0 + - libssl-dev + - libffi-dev + - ca-certificates + - openssl + - git + state: present + update_cache: yes + become: true + + - name: Ensure docker compose directory exists + file: + path: "{{ docker_compose_dir }}" + state: directory + mode: '0755' + become: true + + - name: Copy docker-compose.yml Document + copy: + dest: "{{ docker_compose_dir }}/docker-compose.yml" + content: | + version: "3.7" + services: + a11yvillage-web: + container_name: a11yvillage-web + image: {{ image_name }} + restart: always + deploy: + resources: + limits: + cpus: '0.70' + memory: 1G + labels: + - "traefik.enable=true" + - "traefik.http.routers.a11yvillage.rule=Host(`coseeing.org`)" + - "traefik.http.routers.a11yvillage.entrypoints=websecure" + - "traefik.http.routers.a11yvillage.tls.certresolver=coseeing" + - "traefik.docker.network=entry" + networks: + - default + - entry + environment: + - NEXT_PUBLIC_BASE_URL=https://api.coseeing.org/about/api + - NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID=GTM-NQQ79V67 + + networks: + entry: + driver: bridge + name: entry + + - name: Update the repository cache and update package "unzip" to latest version using default + apt: + name: unzip + state: latest + update_cache: yes + + - name: Install AWS CLI v2 + shell: | + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" + unzip /tmp/awscliv2.zip -d /tmp + sudo /tmp/aws/install + rm -f /tmp/awscliv2.zip + rm -rf /tmp/aws + args: + creates: /usr/local/bin/aws + + - name: Login ECR using AWS CLI + shell: | + aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin {{ ecr_location }} + register: ecr_login + no_log: false + + - name: Check if image exists + docker_image_info: + name: "{{ image_name }}" + register: image_info + + - name: Untag existing image if it exists + docker_image: + name: "{{ image_name }}" + state: absent + force_absent: true + when: image_info.images | length > 0 + + - name: Run + docker_compose_v2: + project_src: "{{ docker_compose_dir }}" + state: present + register: compose_result + + - name: Show compose_result Detail info + debug: + var: compose_result From 28e02534e5cfa27fe10691ef47eae002d69d36dc Mon Sep 17 00:00:00 2001 From: Anson Shie Date: Sun, 6 Jul 2025 08:22:13 +0000 Subject: [PATCH 2/6] Update --- .github/workflows/ansible.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ansible.yml b/.github/workflows/ansible.yml index db4e680..0124e9c 100644 --- a/.github/workflows/ansible.yml +++ b/.github/workflows/ansible.yml @@ -19,6 +19,8 @@ on: options: - a11yvillage-be - a11yvillage-fe + - coseeing-fe + - coseeing-be jobs: deploy: From 5c2d187880bf8cf770506db39bade8b106d47e1f Mon Sep 17 00:00:00 2001 From: Anson Shie Date: Sun, 6 Jul 2025 08:28:42 +0000 Subject: [PATCH 3/6] Fix typo --- ansible_yaml/coseeing-fe-playbook.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible_yaml/coseeing-fe-playbook.yml b/ansible_yaml/coseeing-fe-playbook.yml index bc03d9f..7a22fc9 100644 --- a/ansible_yaml/coseeing-fe-playbook.yml +++ b/ansible_yaml/coseeing-fe-playbook.yml @@ -68,8 +68,8 @@ content: | version: "3.7" services: - a11yvillage-web: - container_name: a11yvillage-web + coseeing-web: + container_name: coseeing-web image: {{ image_name }} restart: always deploy: @@ -79,9 +79,9 @@ memory: 1G labels: - "traefik.enable=true" - - "traefik.http.routers.a11yvillage.rule=Host(`coseeing.org`)" - - "traefik.http.routers.a11yvillage.entrypoints=websecure" - - "traefik.http.routers.a11yvillage.tls.certresolver=coseeing" + - "traefik.http.routers.coseeing.rule=Host(`coseeing.org`)" + - "traefik.http.routers.coseeing.entrypoints=websecure" + - "traefik.http.routers.coseeing.tls.certresolver=coseeing" - "traefik.docker.network=entry" networks: - default From f28ab54303a827a6be07bd7d2df54b8bc1776baf Mon Sep 17 00:00:00 2001 From: Anson Shie Date: Sun, 6 Jul 2025 08:48:59 +0000 Subject: [PATCH 4/6] Update --- ansible_yaml/coseeing-be-playbook.yml | 188 ++++++++++++++++++++++++++ 1 file changed, 188 insertions(+) create mode 100644 ansible_yaml/coseeing-be-playbook.yml diff --git a/ansible_yaml/coseeing-be-playbook.yml b/ansible_yaml/coseeing-be-playbook.yml new file mode 100644 index 0000000..a49e4d2 --- /dev/null +++ b/ansible_yaml/coseeing-be-playbook.yml @@ -0,0 +1,188 @@ +- name: Show Docker Compose Running Status + hosts: all + become: true + become_user: root + vars: + deploy_tag: ${{ github.event.inputs.deployTag }} + docker_compose_dir: /data/coseeing-server + secret_name: prod/rdsuser/coseeing + secret_region: ap-northeast-1 + webroot_path: '/var/www/html' # the root path of your site + certbot_source_directory: /usr/local/certbot-src + certbot_executable_path: "{{ certbot_source_directory }}/venv/bin/certbot" + domain: api.coseeing.org + email: tsengwoody@coseeing.org + ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com + image_name: "{{ ecr_location }}/coseeing-be:{{ deploy_tag }}" + collections: + - community.docker + - community.aws + tasks: + + - name: Set ansible_python_interpreter to use the installed Python + set_fact: + ansible_python_interpreter: /usr/bin/python3 + + - name: Update apt repo and cache on all Debian/Ubuntu boxes + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 + become: true + + - name: Upgrade all apt packages + apt: upgrade=yes force_apt_get=yes + become: true + + - name: Install Python pip + apt: name={{ item }} update_cache=true state=present force_apt_get=yes + with_items: + - python3-pip + become: true + + - name: Install Python packages using apt + apt: + name: + - python3-docker + - python3-boto3 + - python3-botocore + - python3-venv + - gcc + - libaugeas0 + - libssl-dev + - libffi-dev + - ca-certificates + - openssl + - git + state: present + update_cache: yes + become: true + + - name: Get info from AWS secret manager + set_fact: + secret_data: "{{ lookup('amazon.aws.aws_secret', secret_name, region=secret_region) | from_json }}" + + - name: Set fact from secret_json + set_fact: + SECRET_KEY: "{{ secret_data.SECRET_KEY }}" + MARIADB_USER: "{{ secret_data.username }}" + MARIADB_PASSWORD: "{{ secret_data.password }}" + MARIADB_HOST: "{{ secret_data.host }}" + MARIADB_PORT: "{{ secret_data.port }}" + MARIADB_DATABASE: "{{ secret_data.database }}" + + - name: Ensure docker compose directory exists + file: + path: "{{ docker_compose_dir }}" + state: directory + mode: '0755' + become: true + + - name: Ensure docker compose directory exists + file: + path: "{{ docker_compose_dir }}/data" + state: directory + mode: '0755' + become: true + + - name: Create .env file + copy: + dest: "{{ docker_compose_dir }}/.env" + content: | + SECRET_KEY={{ SECRET_KEY }} + MARIADB_USER={{ MARIADB_USER }} + MARIADB_PASSWORD={{ MARIADB_PASSWORD }} + MARIADB_HOST={{ MARIADB_HOST }} + MARIADB_PORT={{ MARIADB_PORT }} + MARIADB_DATABASE={{ MARIADB_DATABASE }} + ALLOWED_HOSTS=* + HOST=https://coseeing.org + + - name: Copy docker-compose.yml Document + copy: + dest: "{{ docker_compose_dir }}/docker-compose.yml" + content: | + services: + coseeing-server: + container_name: coseeing-server + image: {{ image_name }} + restart: always + volumes: + - my-volume:/app/data + networks: + - default + - entry + labels: + - "traefik.enable=true" + - "traefik.http.routers.api-coseeing.rule=Host(`api.coseeing.org`)" + - "traefik.http.routers.api-coseeing.entrypoints=websecure" + - "traefik.http.routers.api-coseeing.tls.certresolver=api-coseeingresolver" + - "traefik.docker.network=entry" + deploy: + resources: + limits: + cpus: '0.20' + memory: 0.3G + command: ["sh", "-c", "python manage.py runserver 0.0.0.0:8000"] + environment: + - SECRET_KEY=${SECRET_KEY} + - MARIADB_USER=${MARIADB_USER} + - MARIADB_PASSWORD=${MARIADB_PASSWORD} + - MARIADB_HOST=${MARIADB_HOST} + - MARIADB_PORT=${MARIADB_PORT} + - MARIADB_DATABASE=${MARIADB_DATABASE} + - ALLOWED_HOSTS=${ALLOWED_HOSTS} + + volumes: + my-volume: + driver: local + driver_opts: + type: none + device: data + o: bind + + networks: + entry: + driver: bridge + name: entry + + - name: Update the repository cache and update package "unzip" to latest version using default + apt: + name: unzip + state: latest + update_cache: yes + + - name: Install AWS CLI v2 + shell: | + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" + unzip /tmp/awscliv2.zip -d /tmp + sudo /tmp/aws/install + rm -f /tmp/awscliv2.zip + rm -rf /tmp/aws + args: + creates: /usr/local/bin/aws + + - name: Login ECR using AWS CLI + shell: | + aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin {{ ecr_location }} + register: ecr_login + no_log: false + + - name: Check if image exists + docker_image_info: + name: "{{ image_name }}" + register: image_info + + - name: Untag existing image if it exists + docker_image: + name: "{{ image_name }}" + state: absent + force_absent: true + when: image_info.images | length > 0 + + - name: Run + docker_compose_v2: + project_src: "{{ docker_compose_dir }}" + state: present + register: compose_result + + - name: Show compose_result Detail info + debug: + var: compose_result From 8b18e8a71e5d89972aa95fd5d20ad28fcb6f7f07 Mon Sep 17 00:00:00 2001 From: Anson Shie Date: Sun, 6 Jul 2025 13:29:11 +0000 Subject: [PATCH 5/6] Update --- ansible_yaml/coseeing-be-playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible_yaml/coseeing-be-playbook.yml b/ansible_yaml/coseeing-be-playbook.yml index a49e4d2..2c2bca1 100644 --- a/ansible_yaml/coseeing-be-playbook.yml +++ b/ansible_yaml/coseeing-be-playbook.yml @@ -113,7 +113,7 @@ - "traefik.enable=true" - "traefik.http.routers.api-coseeing.rule=Host(`api.coseeing.org`)" - "traefik.http.routers.api-coseeing.entrypoints=websecure" - - "traefik.http.routers.api-coseeing.tls.certresolver=api-coseeingresolver" + - "traefik.http.routers.api-coseeing.tls.certresolver=api-coseeing" - "traefik.docker.network=entry" deploy: resources: From f516c879015887e8efee0a3410247330b6f2d048 Mon Sep 17 00:00:00 2001 From: Anson Shie Date: Sun, 6 Jul 2025 13:37:03 +0000 Subject: [PATCH 6/6] Update env --- ansible_yaml/coseeing-be-playbook.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible_yaml/coseeing-be-playbook.yml b/ansible_yaml/coseeing-be-playbook.yml index 2c2bca1..f9839a8 100644 --- a/ansible_yaml/coseeing-be-playbook.yml +++ b/ansible_yaml/coseeing-be-playbook.yml @@ -129,6 +129,7 @@ - MARIADB_PORT=${MARIADB_PORT} - MARIADB_DATABASE=${MARIADB_DATABASE} - ALLOWED_HOSTS=${ALLOWED_HOSTS} + - HOST=${HOST} volumes: my-volume: