mvp-1-no (EticaAI/aguia-pescadora#26): importado arquivos usados na C…

…harlie (fititnt/cplp-aiops#58) e os do passo a passo do MVP sem ansible (EticaAI/aguia-pescadora#5)
EticaAI · Jun 30, 2019 · d451edb · d451edb
1 parent db2e410
commit d451edb
Show file tree

Hide file tree

Showing 19 changed files with 445 additions and 0 deletions.
diff --git a/1-node.yml b/1-node.yml
@@ -1,4 +1,9 @@
 ---
+
+# @see https://github.com/EticaAI/aguia-pescadora/issues/5
+# @see https://github.com/EticaAI/aguia-pescadora/tree/master/diario-de-bordo/tsuru-inicializacao++
+# @see https://github.com/fititnt/cplp-aiops/blob/master/logbook/aguia-pescadora-charlie.sh
+
 - name: Águia Pescadora tudo-em-um (1 VPS)
   hosts: all
   remote_user: root

diff --git a/inventory/1-node-testserver/inventory.ini b/inventory/1-node-testserver/inventory.ini
@@ -0,0 +1,2 @@
+[all]
+aguia-pescadora-foxtrot.etica.ai
diff --git a/inventory/1-node/README.md b/inventory/1-node/README.md
@@ -0,0 +1,3 @@
+# 1-node
+Neste momento não temos uma documentação reusável. Você pode fazer sua
+customização baseado no 1-node-testserver.
diff --git a/inventory/1-node/inventory.ini b/inventory/1-node/inventory.ini
@@ -0,0 +1,3 @@
+#
+[all]
+aguia-pescadora-foxtrot.etica.ai
diff --git a/roles/1-node-testserver/README.md b/roles/1-node-testserver/README.md
@@ -0,0 +1,49 @@
+Role Name
+=========
+
+Um guia sem automação de ansible de como fazer algo parecido pode ser lido em
+<https://github.com/EticaAI/aguia-pescadora/blob/master/diario-de-bordo/tsuru-inicializacao/seu-computador.sh>.
+
+Veja também
+
+- https://github.com/fititnt/cplp-aiops/issues/58
+- https://github.com/fititnt/cplp-aiops/issues/59
+- https://github.com/fititnt/cplp-aiops/tree/master/logbook/aguia-pescadora-charlie/__external-configs
+- https://github.com/EticaAI/aguia-pescadora/issues/26
+
+Requirements
+------------
+
+- Chave SSH sem senha (requerimento do Tsuru)
+- Tsuru Client
+- Docker
+- Docker Machine
+
+Em <https://github.com/EticaAI/aguia-pescadora/blob/master/diario-de-bordo/tsuru-inicializacao/seu-computador.sh>
+explica como instalar tais requerimentos
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+Public Domain
diff --git a/roles/1-node-testserver/defaults/main.yml b/roles/1-node-testserver/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for 1-node-testserver
diff --git a/roles/1-node-testserver/files/_tsuru-initialization/install-compose.yml b/roles/1-node-testserver/files/_tsuru-initialization/install-compose.yml
diff --git a/roles/1-node-testserver/files/_tsuru-initialization/install-config.yml b/roles/1-node-testserver/files/_tsuru-initialization/install-config.yml
@@ -0,0 +1,20 @@
+name: 'aguia-pescadora'
+hosts:
+    core:
+        size: 1
+        driver:
+            options:
+                generic-ip-address: ["192.99.69.2"]
+                generic-ssh-key: ["/home/fititnt/.ssh/id_rsa-aguia-pescadora-tsuru"]
+    apps:
+        size: 1
+        dedicated: false
+        driver:
+            options:
+                generic-ip-address: ["192.99.69.2"]
+                generic-ssh-key: ["/home/fititnt/.ssh/id_rsa-aguia-pescadora-tsuru"]
+driver:
+    name: generic
+    options:
+        generic-ssh-port: 22
+        generic-ssh-user: root
diff --git a/roles/1-node-testserver/files/usr/local/openresty/nginx/conf/nginx.conf b/roles/1-node-testserver/files/usr/local/openresty/nginx/conf/nginx.conf
@@ -0,0 +1,247 @@
+# FILE:             /etc/openresty/nginx.conf
+# SERVER:           aguia-pescadora-delta.etica.ai
+
+user  www-data;
+worker_processes  1;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    more_clear_headers Server;
+    server_tokens off;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    # The "auto_ssl" shared dict should be defined with enough storage space to
+    # hold your certificate data. 1MB of storage holds certificates for
+    # approximately 100 separate domains.
+    lua_shared_dict auto_ssl 1m;
+    # The "auto_ssl_settings" shared dict is used to temporarily store various settings
+    # like the secret used by the hook server on port 8999. Do not change or
+    # omit it.
+    lua_shared_dict auto_ssl_settings 64k;
+
+    # A DNS resolver must be defined for OCSP stapling to function.
+    #
+    # This example uses Google's DNS server. You may want to use your system's
+    # default DNS servers, which can be found in /etc/resolv.conf. If your network
+    # is not IPv6 compatible, you may wish to disable IPv6 results by using the
+    # "ipv6=off" flag (like "resolver 8.8.8.8 ipv6=off").
+    resolver 8.8.8.8;
+
+    # Initial setup tasks.
+    init_by_lua_block {
+      auto_ssl = (require "resty.auto-ssl").new()
+
+      -- Define a function to determine which SNI domains to automatically handle
+      -- and register new certificates for. Defaults to not allowing any domains,
+      -- so this must be configured.
+      auto_ssl:set("allow_domain", function(domain)
+        return true
+      end)
+
+      auto_ssl:init()
+    }
+
+    init_worker_by_lua_block {
+      auto_ssl:init_worker()
+    }
+
+    # HTTPS server
+    server {
+      listen 443 ssl;
+
+      # Dynamic handler for issuing or returning certs for SNI domains.
+      ssl_certificate_by_lua_block {
+        auto_ssl:ssl_certificate()
+      }
+
+      # You must still define a static ssl_certificate file for nginx to start.
+      #
+      # You may generate a self-signed fallback with:
+      #
+      # openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
+      #   -subj '/CN=sni-support-required-for-valid-ssl' \
+      #   -keyout /etc/ssl/resty-auto-ssl-fallback.key \
+      #   -out /etc/ssl/resty-auto-ssl-fallback.crt
+      ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
+      ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
+    }
+
+    # HTTP server
+    server {
+      listen 80;
+
+      # Endpoint used for performing domain verification with Let's Encrypt.
+      location /.well-known/acme-challenge/ {
+        content_by_lua_block {
+          auto_ssl:challenge_server()
+        }
+      }
+    }
+
+    # Internal server running on port 8999 for handling certificate tasks.
+    server {
+      listen 127.0.0.1:8999;
+
+      # Increase the body buffer size, to ensure the internal POSTs can always
+      # parse the full POST contents into memory.
+      client_body_buffer_size 128k;
+      client_max_body_size 128k;
+
+      location / {
+        content_by_lua_block {
+          auto_ssl:hook_server()
+        }
+      }
+    }
+
+    # Aqui repassamos *.app.etica.dev e *.nip.io para o Tsuru apps criados pelo usuario
+    server {
+        listen 443 ssl;
+        server_name  *.app.etica.dev *.nip.io;
+
+        location = /favicon.ico { access_log off; log_not_found off; }
+        location = /robots.txt  { access_log off; log_not_found off; }
+
+        # Dynamic handler for issuing or returning certs for SNI domains.
+        ssl_certificate_by_lua_block {
+          auto_ssl:ssl_certificate()
+        }
+        ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
+        ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
+
+        location / {
+            add_header X-Served-By $hostname;
+            proxy_ignore_client_abort on;
+            proxy_set_header Host $host;
+            proxy_pass   http://127.0.0.1:82;
+        }
+    }
+
+    # Aqui repassamos *.nip.io para o Tsuru apps criados pelo usuario
+    # Note que dominios *.dev nem tem como ser acessados via HTTP comum
+    server {
+        listen 80;
+        server_name *.nip.io;
+
+        location = /favicon.ico { access_log off; log_not_found off; }
+        location = /robots.txt  { access_log off; log_not_found off; }
+
+        location / {
+            add_header X-Served-By $hostname;
+            proxy_ignore_client_abort on;
+            proxy_set_header Host $host;
+            proxy_pass   http://127.0.0.1:82;
+        }
+    }
+
+    # Configuração que estava antes no NGinx
+    server {
+        listen       80;
+        server_name  localhost;
+
+        #charset koi8-r;
+
+        #access_log  logs/host.access.log  main;
+
+        location / {
+            root   html;
+            index  index.html index.htm;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }
+
+
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+
+    # HTTPS server
+    #
+    #server {
+    #    listen       443 ssl;
+    #    server_name  localhost;
+
+    #    ssl_certificate      cert.pem;
+    #    ssl_certificate_key  cert.key;
+
+    #    ssl_session_cache    shared:SSL:1m;
+    #    ssl_session_timeout  5m;
+
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_prefer_server_ciphers  on;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+}
diff --git a/roles/1-node-testserver/files/usr/local/openresty/nginx/html/50x.html b/roles/1-node-testserver/files/usr/local/openresty/nginx/html/50x.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Error</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>An error occurred.</h1>
+<p>Sorry, the page you are looking for is currently unavailable.<br/>
+Please try again later.</p>
+<p>If you are the system administrator of this resource then you should check
+the <a href="http://nginx.org/r/error_log">error log</a> for details.</p>
+<p><em>Faithfully yours, OpenResty.</em></p>
+</body>
+</html>
diff --git a/roles/1-node-testserver/files/usr/local/openresty/nginx/html/favico.ico b/roles/1-node-testserver/files/usr/local/openresty/nginx/html/favico.ico
diff --git a/roles/1-node-testserver/files/usr/local/openresty/nginx/html/index.html b/roles/1-node-testserver/files/usr/local/openresty/nginx/html/index.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>aguia-pescadora-delta.etica.ai</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>aguia-pescadora-delta.etica.ai</h1>
+<p>If you see this page, the OpenResty web platform is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="https://openresty.org/">openresty.org</a>.<br/>
+Commercial support is available at
+<a href="https://openresty.com/">openresty.com</a>.</p>
+
+<p><em>Thank you for flying OpenResty.</em></p>
+</body>
+</html>