From d5a41badcfc8561334303e590e6823ff42198009 Mon Sep 17 00:00:00 2001 From: reqwizz Date: Mon, 4 Nov 2024 18:53:55 +0300 Subject: [PATCH] start --- .gitignore | 2 + ansible/Jenkinsfile | 80 ++++++++++++++ ansible/hosts.ini | 6 ++ ansible/id_ed25519_vault | 26 +++++ ansible/playbook.yml | 225 +++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 30 ++++++ 6 files changed, 369 insertions(+) create mode 100644 .gitignore create mode 100644 ansible/Jenkinsfile create mode 100644 ansible/hosts.ini create mode 100644 ansible/id_ed25519_vault create mode 100644 ansible/playbook.yml create mode 100644 docker-compose.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..42f83d0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +gitea-data +jenkins-data \ No newline at end of file diff --git a/ansible/Jenkinsfile b/ansible/Jenkinsfile new file mode 100644 index 0000000..934ca9c --- /dev/null +++ b/ansible/Jenkinsfile @@ -0,0 +1,80 @@ +pipeline { + agent any + + environment { + VAULT_PASSWORD = credentials('vault_password') + } + + parameters { + choice(name: 'SITE_OPTION', choices: ['SiteA', 'SiteB', 'SiteA&B'], description: 'Select which site to deploy') + string(name: 'ADDITIONAL_CONTENT', defaultValue: 'Новое сообщение', description: 'Additional content to be included in the site') + } + + stages { + stage('Decrypt SSH Key') { + steps { + script { + def tempDir = '/tmp/' + UUID.randomUUID().toString() + env.TEMP_DIR = tempDir + sh "mkdir -p ${tempDir}" + + def decryptedKeyFile = "${tempDir}/id_ed25519" + def vaultPassFile = "${tempDir}/vault_pass" + + writeFile file: vaultPassFile, text: VAULT_PASSWORD + + sh """ + ansible-vault decrypt ./ansible/id_ed25519_vault --output=${decryptedKeyFile} --vault-password-file=${vaultPassFile} + """ + + def hostsFile = "${tempDir}/hosts.ini" + def hostsFileContent = """ + [SiteA] + 192.168.0.61 ansible_user=ansible ansible_ssh_private_key_file=${decryptedKeyFile} + + [SiteB] + 192.168.0.62 ansible_user=ansible ansible_ssh_private_key_file=${decryptedKeyFile} + + [proxy] + 192.168.0.63 ansible_user=ansible ansible_ssh_private_key_file=${decryptedKeyFile} + """ + writeFile file: hostsFile, text: hostsFileContent + + env.HOSTS_FILE = hostsFile + } + } + } + + stage('Deploy Site') { + steps { + script { + def sanitized_content = params.ADDITIONAL_CONTENT.replaceAll("'", "\\'").replaceAll('"', '\\"') + + if (params.SITE_OPTION == 'SiteA') { + sh "export PATH=/usr/local/bin:\$PATH && ansible-playbook /coursework/ansible/playbook.yml -i ${env.HOSTS_FILE} -l SiteA -e \"additional_content='${sanitized_content}'\"" + } else if (params.SITE_OPTION == 'SiteB') { + sh "export PATH=/usr/local/bin:\$PATH && ansible-playbook /coursework/ansible/playbook.yml -i ${env.HOSTS_FILE} -l SiteB -e \"additional_content='${sanitized_content}'\"" + } else if (params.SITE_OPTION == 'SiteA&B') { + sh "export PATH=/usr/local/bin:\$PATH && ansible-playbook /coursework/ansible/playbook.yml -i ${env.HOSTS_FILE} -l SiteA,SiteB,proxy -e \"additional_content='${sanitized_content}'\"" + } + } + } + } + } + + post { + always { + script { + if (env.TEMP_DIR) { + sh "rm -rf ${env.TEMP_DIR}" + } + } + } + success { + echo 'Deployment completed successfully.' + } + failure { + echo 'Deployment failed. Please check the logs for more details.' + } + } +} diff --git a/ansible/hosts.ini b/ansible/hosts.ini new file mode 100644 index 0000000..7330d19 --- /dev/null +++ b/ansible/hosts.ini @@ -0,0 +1,6 @@ +[SiteA] +192.168.0.61 ansible_user=ansible +[SiteB] +192.168.0.62 ansible_user=ansible +[proxy] +192.168.0.63 ansible_user=ansible \ No newline at end of file diff --git a/ansible/id_ed25519_vault b/ansible/id_ed25519_vault new file mode 100644 index 0000000..ecd5ea2 --- /dev/null +++ b/ansible/id_ed25519_vault @@ -0,0 +1,26 @@ +$ANSIBLE_VAULT;1.1;AES256 +63306262646434323632386463373239336566633737636235653430333132386537366564666234 +6461393163343265306366313736313961373630313234340a323534616566666137616431386461 +65373333643664633833613431666531353935646562396661623163343464663262396264643537 +6261363038363062640a616431336162386465316639376662333066396535623735383032316538 +36613839386139363661636536306361373231623432663331623766346262366230353432373538 +34353032303461323533396438306561386332396266316565393930653038623361333163323736 +63663734333034336337373632333565333633306361633335663365336161636439386563393736 +33613262623862626161653466626339623861353566323864363231343365333666326163396538 +30353265613330626261363038633762373531623864333937366361616465313961363536636430 +37333739333661303865376137343931363563656362316339383033326539343135663936393931 +36653363656535656334613264653932666231663930353931306662333833366534343365386136 +61336538356164653433613930343137373534653732613830366439343061313166656533323230 +65353938383563646162373232613632313332643765313135653730383864643539333732623739 +32393239373735616463633830333136616438316361613336613336613766356538313534303939 +64646262323164643336653761663338613036376365613565373561626366643765396564383665 +38303135356639373762303139633862313833313063373737633336363939336438376239613536 +65636539653335396464653363613339383862653862336630353364636162663237383163666134 +30643865383533623461303630356631396135663265376264663637326136663161656638616332 +32626636613138313232396636343032343666343039353533626131663235393235343966303662 +30336364363361356339303466633165316330376336306130336536656134336130376137613663 +34333136306638306332356363616165343536666239366532333630306535626532656438613030 +37626535316532623134633238313733353566373630333834616132353061656530373763303531 +33366536363333303966663663353865613532353164623762636531366535393465623239643765 +39626662633164623734626433313132633532336161363036633434393432393934396663633531 +6333 diff --git a/ansible/playbook.yml b/ansible/playbook.yml new file mode 100644 index 0000000..949c0bb --- /dev/null +++ b/ansible/playbook.yml @@ -0,0 +1,225 @@ +- hosts: SiteA + become: true + + tasks: + - name: Refresh repositories + command: 'zypper refresh' + ignore_errors: yes + + - name: Install Nginx + zypper: + name: nginx + state: present + force: yes + update_cache: yes + + - name: Create site directories + file: + path: /var/www/SiteA + state: directory + mode: '0755' + + - name: Deploy site content + copy: + content: | + + + + SiteA + + +

SiteA

+

{{ additional_content | string }}

+ + + dest: /var/www/SiteA/index.html + + - name: Configure Nginx for SiteA + copy: + content: | + server { + listen 80; + server_name SiteA; + + location / { + root /var/www/SiteA; + index index.html; + } + } + dest: /etc/nginx/conf.d/SiteA.conf + + - name: Restart Nginx + service: + name: nginx + state: restarted + + - name: Start and enable firewalld + service: + name: firewalld + state: started + enabled: true + + - name: Open port 80 for HTTP + ansible.builtin.firewalld: + port: 80/tcp + permanent: true + state: enabled + immediate: yes + + - name: Open port 443 for HTTPS + ansible.builtin.firewalld: + port: 443/tcp + permanent: true + state: enabled + immediate: yes + + - name: Reload firewalld to apply changes + ansible.builtin.service: + name: firewalld + state: reloaded + +- hosts: SiteB + become: true + + tasks: + - name: Refresh repositories + command: 'zypper refresh' + ignore_errors: yes + + - name: Install Nginx + zypper: + name: nginx + state: present + force: yes + update_cache: yes + + - name: Create site directories + file: + path: /var/www/SiteB + state: directory + mode: '0755' + + - name: Deploy site content + copy: + content: | + + + + SiteB + + +

SiteB

+

{{ additional_content | string }}

+ + + dest: /var/www/SiteB/index.html + + - name: Configure Nginx for SiteB + copy: + content: | + server { + listen 80; + server_name SiteB; + + location / { + root /var/www/SiteB; + index index.html; + } + } + dest: /etc/nginx/conf.d/SiteB.conf + + - name: Restart Nginx + service: + name: nginx + state: restarted + + - name: Start and enable firewalld + service: + name: firewalld + state: started + enabled: true + + - name: Open port 80 for HTTP + ansible.builtin.firewalld: + port: 80/tcp + permanent: true + state: enabled + immediate: yes + + - name: Open port 443 for HTTPS + ansible.builtin.firewalld: + port: 443/tcp + permanent: true + state: enabled + immediate: yes + + - name: Reload firewalld to apply changes + ansible.builtin.service: + name: firewalld + state: reloaded + +- hosts: proxy + become: true + + tasks: + - name: Refresh repositories + command: 'zypper refresh' + ignore_errors: yes + + - name: Install Nginx + zypper: + name: nginx + state: present + force: yes + update_cache: yes + + - name: Configure Nginx as proxy + copy: + content: | + upstream backend_servers { + server 192.168.0.61:80; + server 192.168.0.62:80; + } + + server { + listen 80; + + location / { + proxy_pass http://backend_servers; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + dest: /etc/nginx/conf.d/proxy.conf + + - name: Restart Nginx + service: + name: nginx + state: restarted + + - name: Start and enable firewalld + service: + name: firewalld + state: started + enabled: true + + - name: Open port 80 for HTTP + ansible.builtin.firewalld: + port: 80/tcp + permanent: true + state: enabled + immediate: yes + + - name: Open port 443 for HTTPS + ansible.builtin.firewalld: + port: 443/tcp + permanent: true + state: enabled + immediate: yes + + - name: Reload firewalld to apply changes + ansible.builtin.service: + name: firewalld + state: reloaded diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..ca3f4ce --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,30 @@ +services: + jenkins: + image: jenkins/jenkins:latest + container_name: jenkins + privileged: true + user: root + volumes: + - ./jenkins-data:/var/jenkins_home + - ./ansible:/ansible + ports: + - "8080:8080" + - "50000:50000" + restart: always + + gitea: + image: gitea/gitea:latest + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + volumes: + - ./gitea-data:/data + ports: + - "3000:3000" + - "222:22" + restart: always + +volumes: + jenkins-data: + gitea-data: \ No newline at end of file