-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5ab33d2
commit a37408d
Showing
16 changed files
with
444 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
terraform { | ||
required_providers { | ||
google = { | ||
source = "hashicorp/google" | ||
version = "3.5.0" | ||
} | ||
} | ||
} | ||
|
||
|
||
variable "SSH_PUBLIC_KEY" { | ||
type = string | ||
} | ||
|
||
provider "google" { | ||
|
||
project = "quay-devel" | ||
region = "us-central1" | ||
zone = "us-central1-c" | ||
|
||
} | ||
|
||
resource "google_compute_network" "vpc_network" { | ||
name = "terraform-network" | ||
} | ||
|
||
resource "google_compute_instance" "vm_instance" { | ||
name = "mirror-ci-rhel" | ||
machine_type = "e2-medium" | ||
|
||
boot_disk { | ||
initialize_params { | ||
image = "rhel-8" | ||
} | ||
} | ||
|
||
tags = ["mirror-ci-rhel"] | ||
|
||
network_interface { | ||
network = google_compute_network.vpc_network.name | ||
access_config { | ||
} | ||
} | ||
|
||
metadata = { | ||
ssh-keys = "jonathan:${var.SSH_PUBLIC_KEY}" | ||
} | ||
} | ||
|
||
resource "google_compute_firewall" "ssh-rule" { | ||
name = "vm-ssh" | ||
network = google_compute_network.vpc_network.name | ||
allow { | ||
protocol = "tcp" | ||
ports = ["22", "80", "8080", "443", "8443"] | ||
} | ||
allow { | ||
protocol = "icmp" | ||
} | ||
target_tags = ["mirror-ci-rhel"] | ||
source_ranges = ["0.0.0.0/0"] | ||
} | ||
|
||
output "ip" { | ||
value = google_compute_instance.vm_instance.network_interface.0.access_config.0.nat_ip | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
name: "Terraform" | ||
|
||
on: | ||
push: | ||
branches: | ||
- master | ||
pull_request: | ||
|
||
jobs: | ||
terraform: | ||
name: "Terraform" | ||
runs-on: ubuntu-latest | ||
env: | ||
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | ||
TF_VAR_SSH_PUBLIC_KEY: ${{ secrets.TF_VAR_SSH_PUBLIC_KEY }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: Install SSH Key | ||
uses: webfactory/[email protected] | ||
with: | ||
ssh-private-key: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }} | ||
|
||
# - name: Setup Terraform | ||
# uses: hashicorp/setup-terraform@v1 | ||
# with: | ||
# # terraform_version: 0.13.0: | ||
# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | ||
|
||
# - name: Terraform Format | ||
# id: fmt | ||
# run: terraform fmt -check | ||
# working-directory: ".github/workflows" | ||
|
||
# - name: Terraform Init | ||
# id: init | ||
# run: terraform init | ||
# working-directory: ".github/workflows" | ||
|
||
# - name: Terraform Plan | ||
# id: plan | ||
# run: terraform plan | ||
# working-directory: ".github/workflows" | ||
|
||
# - name: Terraform Apply | ||
# run: terraform apply --auto-approve | ||
# working-directory: ".github/workflows" | ||
|
||
# - name: Get IP Address | ||
# run: output=$(terraform output ip); echo $output | ||
# working-directory: ".github/workflow" | ||
|
||
- name: Run playbook | ||
uses: dawidd6/action-ansible-playbook@v2 | ||
with: | ||
playbook: p_install-mirror-appliance.yml | ||
key: ${{secrets.TF_VAR_SSH_PRIVATE_KEY}} | ||
inventory: | | ||
[mirror] | ||
35.224.210.102 | ||
# - name: Terraform Destroy | ||
# run: terraform destroy --auto-approve | ||
# working-directory: ".github/workflows" | ||
|
||
# - uses: actions/[email protected] | ||
# if: github.event_name == 'pull_request' | ||
# env: | ||
# PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" | ||
# with: | ||
# github-token: ${{ secrets.GITHUB_TOKEN }} | ||
# script: | | ||
# const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | ||
# #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | ||
# #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | ||
# <details><summary>Show Plan</summary> | ||
# \`\`\`${process.env.PLAN}\`\`\` | ||
# </details> | ||
# *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | ||
|
||
# github.issues.createComment({ | ||
# issue_number: context.issue.number, | ||
# owner: context.repo.owner, | ||
# repo: context.repo.repo, | ||
# body: output | ||
# }) | ||
# working-directory: ".github/workflows" | ||
|
||
# - name: Terraform Plan Status | ||
# if: steps.plan.outcome == 'failure' | ||
# run: exit 1 | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
- name: "Install Mirror Appliance" | ||
gather_facts: yes | ||
hosts: mirror | ||
tags: | ||
- quay | ||
roles: | ||
- r_mirror-appliance |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
redis_image: docker.io/centos/redis-5-centos8 | ||
postgres_image: docker.io/centos/postgresql-10-centos8 | ||
quay_image: quay.io/projectquay/quay:latest | ||
image_archive_path: "{{playbook_dir }}/files/image-archive.yaml" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
AUTHENTICATION_TYPE: Database | ||
BUILDLOGS_REDIS: | ||
host: localhost | ||
password: password | ||
port: 6379 | ||
DATABASE_SECRET_KEY: "81541057085600720484162638317561463611194901378275494293746615390984668417511" | ||
DB_URI: postgresql://user:password@localhost/quay | ||
DEFAULT_TAG_EXPIRATION: 2w | ||
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: [] | ||
DISTRIBUTED_STORAGE_PREFERENCE: | ||
- default | ||
DISTRIBUTED_STORAGE_CONFIG: | ||
default: | ||
- LocalStorage | ||
- storage_path: /datastorage | ||
ENTERPRISE_LOGO_URL: /static/img/quay-horizontal-color.svg | ||
FEATURE_ACI_CONVERSION: false | ||
FEATURE_ANONYMOUS_ACCESS: true | ||
FEATURE_APP_REGISTRY: false | ||
FEATURE_APP_SPECIFIC_TOKENS: true | ||
FEATURE_BUILD_SUPPORT: false | ||
FEATURE_CHANGE_TAG_EXPIRATION: true | ||
FEATURE_DIRECT_LOGIN: true | ||
FEATURE_PARTIAL_USER_AUTOCOMPLETE: true | ||
FEATURE_REPO_MIRROR: false | ||
FEATURE_MAILING: false | ||
FEATURE_REQUIRE_TEAM_INVITE: true | ||
FEATURE_RESTRICTED_V1_PUSH: true | ||
FEATURE_SECURITY_NOTIFICATIONS: true | ||
FEATURE_SECURITY_SCANNER: false | ||
FEATURE_USERNAME_CONFIRMATION: true | ||
FEATURE_USER_CREATION: true | ||
FEATURE_USER_LOG_ACCESS: true | ||
GITHUB_LOGIN_CONFIG: {} | ||
GITHUB_TRIGGER_CONFIG: {} | ||
GITLAB_TRIGGER_KIND: {} | ||
LOGS_MODEL: database | ||
LOGS_MODEL_CONFIG: {} | ||
LOG_ARCHIVE_LOCATION: default | ||
PREFERRED_URL_SCHEME: http | ||
REGISTRY_TITLE: Red Hat Quay | ||
REGISTRY_TITLE_SHORT: Red Hat Quay | ||
REPO_MIRROR_SERVER_HOSTNAME: null | ||
REPO_MIRROR_TLS_VERIFY: true | ||
SECRET_KEY: "30824339799025335633887256663000123118247018465144108496567331049820667127217" | ||
SECURITY_SCANNER_ISSUER_NAME: security_scanner | ||
SERVER_HOSTNAME: quay:8080 | ||
SETUP_COMPLETE: true | ||
SUPER_USERS: | ||
- admin | ||
TAG_EXPIRATION_OPTIONS: | ||
- 0s | ||
- 1d | ||
- 1w | ||
- 2w | ||
- 4w | ||
TEAM_RESYNC_STALE_TIME: 60m | ||
TESTING: false | ||
USERFILES_LOCATION: default | ||
USERFILES_PATH: userfiles/ | ||
USER_EVENTS_REDIS: | ||
host: localhost | ||
password: password | ||
port: 6379 | ||
USE_CDN: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
[Unit] | ||
Description=PostgreSQL Podman Container for Quay | ||
Wants=network.target | ||
After=network-online.target | ||
|
||
[Service] | ||
Type=simple | ||
TimeoutStartSec=5m | ||
ExecStartPre=-/bin/rm -f %t/%n-pid %t/%n-cid | ||
ExecStart=/usr/bin/podman run \ | ||
--name quay-postgresql-service \ | ||
-v /etc/quay-install/pg-data:/var/lib/pgsql/data:Z \ | ||
-e POSTGRESQL_USER=user \ | ||
-e POSTGRESQL_PASSWORD=password \ | ||
-e POSTGRESQL_DATABASE=quay \ | ||
--pod=quay-pod \ | ||
--conmon-pidfile %t/%n-pid \ | ||
--cidfile %t/%n-cid \ | ||
--cgroups=no-conmon \ | ||
--replace \ | ||
docker.io/centos/postgresql-10-centos8 | ||
|
||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%n-cid -t 10 | ||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%n-cid | ||
PIDFile=%t/%n-pid | ||
KillMode=none | ||
Restart=always | ||
RestartSec=30 | ||
|
||
[Install] | ||
WantedBy=multi-user.target default.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
[Unit] | ||
Description=Quay Container | ||
Wants=network.target | ||
After=network-online.target | ||
|
||
[Service] | ||
Type=simple | ||
TimeoutStartSec=5m | ||
ExecStartPre=-/bin/rm -f %t/%n-pid %t/%n-cid | ||
ExecStart=/usr/bin/podman run \ | ||
--name quay-app-service \ | ||
-v /etc/quay-install/quay-config:/conf/stack:Z \ | ||
-v /etc/quay-install/quay-storage:/datastorage:Z \ | ||
--pod=quay-pod \ | ||
--conmon-pidfile %t/%n-pid \ | ||
--cidfile %t/%n-cid \ | ||
--cgroups=no-conmon \ | ||
--replace \ | ||
quay.io/projectquay/quay:latest | ||
|
||
ExecStop=-/usr/bin/podman stop --ignore --cidfile %t/%n-cid -t 10 | ||
ExecStopPost=-/usr/bin/podman rm --ignore -f --cidfile %t/%n-cid | ||
PIDFile=%t/%n-pid | ||
KillMode=none | ||
Restart=always | ||
RestartSec=30 | ||
|
||
[Install] | ||
WantedBy=multi-user.target default.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
[Unit] | ||
Description=Redis Podman Container for Quay | ||
Wants=network.target | ||
After=network-online.target | ||
|
||
[Service] | ||
Type=simple | ||
TimeoutStartSec=5m | ||
ExecStartPre=-/bin/rm -f %t/%n-pid %t/%n-cid | ||
ExecStart=/usr/bin/podman run \ | ||
--name quay-redis-service \ | ||
-e REDIS_PASSWORD=password \ | ||
--pod=quay-pod \ | ||
--conmon-pidfile %t/%n-pid \ | ||
--cidfile %t/%n-cid \ | ||
--cgroups=no-conmon \ | ||
--replace \ | ||
docker.io/centos/redis-5-centos8 | ||
|
||
ExecStop=-/usr/bin/podman stop --ignore --cidfile %t/%n-cid -t 10 | ||
ExecStopPost=-/usr/bin/podman rm --ignore -f --cidfile %t/%n-cid | ||
PIDFile=%t/%n-pid | ||
KillMode=none | ||
Restart=always | ||
RestartSec=30 | ||
|
||
[Install] | ||
WantedBy=multi-user.target default.target | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
allow_duplicates: false | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
- name: Ansible check file exists. | ||
stat: | ||
path: "{{ image_archive_path }}" | ||
register: p | ||
- name: Image Archive Found. Loading Images. | ||
command: "podman load -i {{ image_archive_path }}" | ||
when: p.stat.exists |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
- name: Create podman pod for shared network namespace | ||
containers.podman.podman_pod: | ||
name: quay-pod | ||
state: started | ||
ports: | ||
- 80:8080 | ||
- 443:8443 |
32 changes: 32 additions & 0 deletions
32
roles/r_mirror-appliance/tasks/install-postgres-service.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
- name: Create necessary directory for Postgres persistent data | ||
ansible.builtin.file: | ||
path: /etc/quay-install/pg-data | ||
state: directory | ||
recurse: yes | ||
|
||
- name: Set permissions on data directory | ||
ansible.posix.acl: | ||
path: /etc/quay-install/pg-data | ||
entry: u:26:-wx | ||
state: present | ||
|
||
- name: Copy Postgres systemd service file | ||
template: src=../files/systemd/postgres.service dest=/etc/systemd/system/quay-postgres.service | ||
|
||
- name: Pull Postgres image | ||
containers.podman.podman_image: | ||
name: "{{ postgres_image }}" | ||
|
||
- name: Start Postgres service | ||
systemd: | ||
name: quay-postgres.service | ||
enabled: yes | ||
daemon_reload: yes | ||
state: started | ||
|
||
- name: Wait for pg_trgm to be installed | ||
command: podman exec -it quay-postgresql-service /bin/bash -c "echo 'CREATE EXTENSION IF NOT EXISTS pg_trgm' | psql -d quay -U postgres" | ||
register: result | ||
until: result.rc == 0 | ||
retries: 20 | ||
delay: 5 |
Oops, something went wrong.