Commit 0b21fd55 authored by Christophe Benz's avatar Christophe Benz

Use ansible playbook to install validata

parent bd0ad224
......@@ -20,19 +20,25 @@ Configuration is done by editing environment variables of [./development/docker-
## Deploy to production
### Install requirements
```bash
git clone https://git.opendatafrance.net/validata/validata-docker.git
cd validata-docker/production
cp api.secrets.env.template api.secrets.env
cp ui.secrets.env.template ui.secrets.env
cd production
ansible-galaxy install -r requirements.yml
```
Edit `api.secrets.env` and `ui.secrets.env`. Read [validata-api](https://git.opendatafrance.net/validata/validata-api) and [validata-ui](https://git.opendatafrance.net/validata/validata-ui) documentation for more information about environment variables.
### Install Validata on server
The following depends on your server provider. Here are the instructions used by a server hosted at Scaleway:
```bash
docker-compose up -d
cd production
export SCW_TOKEN="..." # secret from Jailbrak KeePassX passwords file
ansible-playbook --inventory scaleway_inventory.yml --limit validata-next --user root playbooks/validata.yml
```
Then copy [api.secrets.env.template](./production/api.secrets.env.template) and [ui.secrets.env.template](./production/ui.secrets.env.template) to `/etc/docker/compose/validata` on server (removing the `.template` extension), and fill-in the values. Read [validata-api](https://git.opendatafrance.net/validata/validata-api) and [validata-ui](https://git.opendatafrance.net/validata/validata-ui) documentation for more information about environment variables.
## See also
- https://git.opendatafrance.net/validata/validata-ui
......
[defaults]
nocows = true
docker_compose: /usr/local/bin/docker-compose
docker_compose_stacks_dir: /etc/docker/compose
acme_email: admin-validata@jailbreak.paris
validata_docker_compose_stack_dir: "{{ docker_compose_stacks_dir }}/validata"
validata_hostname: go-next.validata.fr
validata_api_base_path: /api/v1
\ No newline at end of file
- name: Create directory to store Docker stack
file:
path: "{{ validata_docker_compose_stack_dir }}"
state: directory
mode: 0755
- name: Create docker-compose stack
template:
src: docker-compose.yml.j2
dest: "{{ validata_docker_compose_stack_dir }}/docker-compose.yml"
mode: 0644
- name: Create traefik config
template:
src: traefik.toml.j2
dest: "{{ validata_docker_compose_stack_dir }}/traefik.toml"
mode: 0644
- name: Create api.env
template:
src: api.env.j2
dest: "{{ validata_docker_compose_stack_dir }}/api.env"
mode: 0644
- name: Create ui.env
template:
src: ui.env.j2
dest: "{{ validata_docker_compose_stack_dir }}/ui.env"
mode: 0644
- name: Ensure acme file exists, with right permissions
file:
path: "{{ validata_docker_compose_stack_dir }}/acme.json"
mode: 0600
state: touch
- name: Create docker-compose@ systemd service
template:
src: docker-compose@.service.j2
dest: /etc/systemd/system/docker-compose@.service
mode: 0644
- name: Create, enable and start systemd service based on docker-compose@
systemd:
state: restarted
name: docker-compose@validata.service
enabled: yes
daemon_reload: yes
......@@ -2,4 +2,4 @@ BADGE_CONFIG_URL=https://git.opendatafrance.net/validata/validata-badge/raw/mast
LOG_LEVEL=INFO
MATOMO_BASE_URL=https://analytics.validata.fr
MATOMO_SITE_ID=2
SCRIPT_NAME=/api/v1
SCRIPT_NAME={{ validata_api_base_path }}
version: '3'
version: "3"
services:
reverse-proxy:
......@@ -9,27 +9,29 @@ services:
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
- "{{ validata_docker_compose_stack_dir }}/traefik.toml:/traefik.toml"
- "{{ validata_docker_compose_stack_dir }}/acme.json:/acme.json"
api:
image: git.opendatafrance.net:4567/validata/validata-api:latest
image: git.opendatafrance.net:4567/validata/validata-api:next
restart: always
env_file:
- ./api.env
- ./api.secrets.env
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=PathPrefix:/api/v1"
- "traefik.frontend.rule=Host:{{ validata_hostname }};PathPrefix:{{ validata_api_base_path }}"
ui:
image: git.opendatafrance.net:4567/validata/validata-ui:latest
image: git.opendatafrance.net:4567/validata/validata-ui:next
restart: always
links:
- api
depends_on:
- api
env_file:
- ./ui.env
- ./ui.secrets.env
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=PathPrefix:/"
- "traefik.frontend.rule=Host:{{ validata_hostname }}"
[Unit]
Description=%i service with docker compose
Requires=docker.service
After=docker.service
[Service]
WorkingDirectory={{ docker_compose_stacks_dir }}/%i
ExecStart={{ docker_compose }} up
ExecStop={{ docker_compose }} down -v
[Install]
WantedBy=multi-user.target
debug = false
logLevel = "ERROR"
# defaultEntryPoints = ["https", "http"]
defaultEntryPoints = ["http"]
defaultEntryPoints = ["https", "http"]
[entryPoints]
[entryPoints.http]
address = ":80"
# [entryPoints.http.redirect]
# entryPoint = "https"
# permanent = true
# [entryPoints.https]
# address = ":443"
# [entryPoints.https.tls]
[entryPoints.http.redirect]
entryPoint = "https"
permanent = true
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "go-next.validata.fr"
domain = "{{ validata_hostname }}"
watch = true
exposedByDefault = false
# [acme]
# email = "admin-validata@jailbreak.paris"
# storage = "acme.json"
# entryPoint = "https"
# onHostRule = true
# [acme.httpChallenge]
# entryPoint = "http"
[acme]
email = "{{ acme_email }}"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
API_VALIDATE_ENDPOINT=http://api:5000/validate
API_VALIDATE_ENDPOINT=http://api:5000{{ validata_api_base_path }}/validate
HOMEPAGE_CONFIG_FILE=homepage_config.json.example
LOG_LEVEL=INFO
MATOMO_BASE_URL=https://analytics.validata.fr
......
- name: Install Validata via Docker
hosts: all
become: true
roles:
- geerlingguy.docker
- validata
\ No newline at end of file
- src: geerlingguy.docker
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment