diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index 598404b9c45478c51b50e81e59537086d1489ec8..14781ff28ab282363b9bd0301401534e3c7068b6 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -1,5 +1,9 @@
# Default OAS config dir on the cluster
-configuration_directory: "/oas/config"
+configuration_directory: "/etc/OpenAppStack"
+# Directory to store generated configuration and cluster state.
+data_directory: "/var/lib/OpenAppStack"
+# Directory to store logs.
+log_directory: "/var/log/OpenAppStack"
# Use python3 on cluster nodes for ansible
ansible_python_interpreter: "/usr/bin/env python3"
@@ -22,7 +26,7 @@ git_nextcloud_version: '897c800f7a1d632784d8dc721f34362d4e789743'
helmfile:
# At the moment, helmfile doesn't provide sha256 sums,
# see https://github.com/roboll/helmfile/issues/654
- version: '0.79.3'
+ version: '0.80.1'
krew:
version: '0.2.1'
diff --git a/ansible/roles/get_control/tasks/main.yml b/ansible/roles/get_control/tasks/main.yml
index bd3dfc88ab8bd90b244d1efcc33702356c599f21..aeda760aa770c84da2d998d82f3714faf81a5144 100644
--- a/ansible/roles/get_control/tasks/main.yml
+++ b/ansible/roles/get_control/tasks/main.yml
@@ -6,11 +6,12 @@
state: directory
become: true
with_items:
- - "/oas/control/local"
- - "/oas/bin"
- - "/oas/logs"
+ - "{{ configuration_directory }}"
+ - "{{ data_directory }}"
+ - "{{ data_directory }}/ssh"
+ - "{{ data_directory }}/rke"
+ - "{{ log_directory }}"
- "/usr/local/share/bash-completion/completions"
- - "/var/cache/oas"
- name: Create directory for values
file:
@@ -18,15 +19,21 @@
state: directory
become: true
+- name: Create README in configuration directory
+ template:
+ src: configuration_README.md
+ dest: "{{ configuration_directory }}/README.md"
+ become: true
+
- name: Generate SSH keys for rke
- shell: ssh-keygen -f {{ configuration_directory }}/ssh_key -C "oas-control@${hostname}" -q -N ""
+ shell: ssh-keygen -f {{ data_directory }}/ssh/ssh_key -C "oas-control@${hostname}" -q -N ""
args:
- creates: "{{ configuration_directory }}/ssh_key"
+ creates: "{{ data_directory }}/ssh/ssh_key"
become: true
- name: Retrieve new public key
slurp:
- src: "{{ configuration_directory }}/ssh_key.pub"
+ src: "{{ data_directory }}/ssh/ssh_key.pub"
register: ssh_key
become: true
@@ -40,7 +47,7 @@
- name: Store external ip on the node itself
copy:
content: "{{ ip_address }}"
- dest: "{{ configuration_directory }}/ip"
+ dest: "{{ data_directory }}/ip"
- name: Install bash-completion
tags:
diff --git a/ansible/roles/get_control/templates/configuration_README.md b/ansible/roles/get_control/templates/configuration_README.md
new file mode 100644
index 0000000000000000000000000000000000000000..452c13040f54bad685ab481a50d7a9b081466f97
--- /dev/null
+++ b/ansible/roles/get_control/templates/configuration_README.md
@@ -0,0 +1,38 @@
+This directory contains configuration for the OpenAppStack instance running on
+this machine. For general information, see [https://openappstack.net].
+
+## Helm values
+
+We use [Helm](https://helm.sh) charts to install applications to the Kubernetes
+cluster running on this machine. On top of that, we use
+[helmfile](https://github.com/roboll/helmfile/) to record which Helm charts
+should be installed on the system, and with which settings (called "values").
+
+After changing any of these values, you will need to re-run Helmfile, which
+will make all applications aware of these changes and restart them if necessary.
+To do so, run
+```
+helmfile -e oas -f /var/lib/OpenAppStack/helmfiles/helmfile.d apply
+```
+
+### Cluster values
+
+In `local.yaml`, there are some settings that were generated during the
+OpenAppStack installation process, including essential ones such as this
+machine's external ip address, and the domain name where the applications are
+served.
+
+### Application values
+
+Inside the `apps` directory, you can provide values to configure the Helm charts
+that make up this OpenAppStack instance. These values will override both the
+defaults provided by the chart authors, and the settings the OpenAppStack
+maintainers put in place.
+
+A separate values file has been pre-created per application. Please note that
+these files are referenced specifically by the corresponding OpenAppStack
+helmfile configuration, so renaming them will break the system, and creating new
+ones will not have any effect by itself.
+
+To see what values can be specified for an application, please check the
+documentation of the corresponding Helm chart.
diff --git a/ansible/roles/rke_configuration/defaults/main.yml b/ansible/roles/rke_configuration/defaults/main.yml
index 3f16abed4f38fcbc828a0839ddee0a8e79e193aa..ad9de7c102005628cbd3a1ebb76e35284c90ac2d 100644
--- a/ansible/roles/rke_configuration/defaults/main.yml
+++ b/ansible/roles/rke_configuration/defaults/main.yml
@@ -1,5 +1,5 @@
-rke_configuration_location: "/oas/control/local/rke/cluster.yml"
-rke_ssh_key_path: "/oas/config/ssh_key"
+rke_configuration_location: "{{ data_directory }}/rke/cluster.yml"
+rke_ssh_key_path: "{{ data_directory }}/ssh/ssh_key"
rke_ssh_agent_auth: "false"
# Whether to support customer flexvolume driver plugins, by mounting the path
# /usr/libexec/kubernetes/kubelet-plugins/volume/exec into kubelet.
diff --git a/ansible/roles/rke_configuration/tasks/main.yml b/ansible/roles/rke_configuration/tasks/main.yml
index d74874004a99693f5b5d7612fe098ef6a9db3e51..8dbac5beb167783029b9910467a8a748b0f4dc51 100644
--- a/ansible/roles/rke_configuration/tasks/main.yml
+++ b/ansible/roles/rke_configuration/tasks/main.yml
@@ -29,13 +29,8 @@
become: true
-- name: Create directory to contain rke configuration
- file:
- path: "/oas/control/local/rke"
- state: directory
- become: true
-
- name: Copy rke cluster configuration file
template:
src: "cluster.yml.j2"
dest: "{{ rke_configuration_location }}"
+ become: true
diff --git a/ansible/roles/setup/tasks/helmfiles.yml b/ansible/roles/setup/tasks/helmfiles.yml
index e7374dcd4ea59bca16747125ecb87d036f7ad562..1ea7ac43409953183baf82c8dd6225ed00c25ef6 100644
--- a/ansible/roles/setup/tasks/helmfiles.yml
+++ b/ansible/roles/setup/tasks/helmfiles.yml
@@ -1,13 +1,5 @@
---
-- name: Remove old helmfiles repo
- tags:
- - helm
- - helmfile
- file:
- path: '/oas/source/repos/helmfiles'
- state: absent
-
- name: Synchronize helmfiles directory
tags:
- git
@@ -15,23 +7,25 @@
- helmfile
synchronize:
src: '../../helmfiles'
- dest: '/oas/source'
+ dest: '{{ data_directory }}/source'
delete: true
+ become: true
- name: Clone charts repo
tags:
- git
git:
repo: 'https://open.greenhost.net/openappstack/charts'
- dest: '/oas/source/repos/charts'
+ dest: '{{ data_directory }}/source/repos/charts'
version: '{{ git_charts_version }}'
+ become: true
- name: Clone nextcloud repo
tags:
- git
git:
repo: 'https://open.greenhost.net/openappstack/nextcloud'
- dest: '/oas/source/repos/nextcloud'
+ dest: '{{ data_directory }}/source/repos/nextcloud'
version: '{{ git_nextcloud_version }}'
- name: Clone local-storage repo
@@ -39,7 +33,7 @@
- git
git:
repo: 'https://open.greenhost.net/openappstack/local-storage'
- dest: '/oas/source/repos/local-storage'
+ dest: '{{ data_directory }}/source/repos/local-storage'
version: '{{ git_local_storage_version }}'
- name: Create OAS namespaces
@@ -56,22 +50,22 @@
- 'oas-apps'
-- name: Ensure /oas/config/values/apps directory
+- name: Create value overrides directory
tags:
- config
- oas
file:
state: directory
- path: /oas/config/values/apps
+ path: '{{ configuration_directory }}/values/apps'
-- name: Touch config file locations
+- name: Create value override files
tags:
- config
- helmfile
- oas
file:
state: touch
- path: "/oas/config/values/apps/{{ item }}.yaml.gotmpl"
+ path: "{{ configuration_directory }}/values/apps/{{ item }}.yaml.gotmpl"
mode: '0600'
with_items:
- "nginx"
@@ -101,4 +95,4 @@
- NEXTCLOUD_MARIADB_PASSWORD: "{{ nextcloud_mariadb_password }}"
- NEXTCLOUD_MARIADB_ROOT_PASSWORD: "{{ nextcloud_mariadb_root_password }}"
- GRAFANA_ADMIN_PASSWORD: "{{ grafana_admin_password }}"
- command: '/usr/local/bin/helmfile -b /snap/bin/helm -e oas -f /oas/source/helmfiles/helmfile.d/ apply --suppress-secrets'
+ command: '/usr/local/bin/helmfile -b /snap/bin/helm -e oas -f {{ data_directory }}/source/helmfiles/helmfile.d/ apply --suppress-secrets'
diff --git a/ansible/roles/setup/tasks/rke.yml b/ansible/roles/setup/tasks/rke.yml
index b572502ce8a5ad922b6ae528ba6b8a4217ad24c6..2229aee443634be973939402a5612b23f3c21ccf 100644
--- a/ansible/roles/setup/tasks/rke.yml
+++ b/ansible/roles/setup/tasks/rke.yml
@@ -2,7 +2,7 @@
- name: Build Cluster
tags:
- rke
- shell: /usr/local/bin/rke up --config=/oas/control/local/rke/cluster.yml >> /oas/logs/rke.log
+ shell: /usr/local/bin/rke up --config={{ data_directory }}/rke/cluster.yml >> {{ log_directory }}/rke.log
- name: Ensure /root/.kube directory
tags:
@@ -18,7 +18,7 @@
- kubectl
file:
state: link
- src: /oas/control/local/rke/kube_config_cluster.yml
+ src: "{{ data_directory }}/rke/kube_config_cluster.yml"
dest: /root/.kube/config
- name: Copy cluster information to local folder
@@ -31,9 +31,9 @@
dest: "{{ item.dest }}"
flat: yes
loop:
- - src: /oas/control/local/rke/kube_config_cluster.yml
+ - src: "{{ data_directory }}/rke/kube_config_cluster.yml"
dest: "{{ secret_directory }}/kube_config_cluster.yml"
- - src: /oas/logs/rke.log
+ - src: "{{ log_directory }}/rke.log"
dest: cluster_data/rke.log
- - src: /oas/control/local/rke/cluster.yml
+ - src: "{{ data_directory }}/rke/cluster.yml"
dest: cluster_data/rke_cluster.yml
diff --git a/ansible/roles/setup/tasks/ssh.yml b/ansible/roles/setup/tasks/ssh.yml
index 3df750fa8e4b03591946193030deae6b3b6c68e5..a1f2621e21435decd46173a2d09dba1b5ebb991b 100644
--- a/ansible/roles/setup/tasks/ssh.yml
+++ b/ansible/roles/setup/tasks/ssh.yml
@@ -9,9 +9,9 @@
changed_when: false
register: master_rsa_pub_hostkey
-- name: Create /oas/config/ssh_known_hosts
+- name: Create ssh_known_hosts
tags:
- ssh
copy:
- dest: /oas/config/ssh_known_hosts
+ dest: "{{ data_directory }}/ssh/ssh_known_hosts"
content: "{{ ip_address }} {{ master_rsa_pub_hostkey.stdout }}"
diff --git a/helmfiles/helmfile.d/00-storage.yaml b/helmfiles/helmfile.d/00-storage.yaml
index aea03b10af5e2895f05d52d713d20e6b6d5e0348..f9ce001f0a3c66d7e2a3b3279d898f64084fd7f8 100644
--- a/helmfiles/helmfile.d/00-storage.yaml
+++ b/helmfiles/helmfile.d/00-storage.yaml
@@ -1,7 +1,7 @@
environments:
oas:
values:
- - "../../../config/values/local.yaml"
+ - "/etc/OpenAppStack/values/local.yaml"
releases:
- name: "oas-{{ .Environment.Values.releaseName }}-local-storage"
diff --git a/helmfiles/helmfile.d/05-cert-manager.yaml b/helmfiles/helmfile.d/05-cert-manager.yaml
index d45c0b1f052f848987d171dae0bf935cbb9fc9ec..bee3cf9626f9fc449b68f5b7d4f7bc101c66ed57 100644
--- a/helmfiles/helmfile.d/05-cert-manager.yaml
+++ b/helmfiles/helmfile.d/05-cert-manager.yaml
@@ -1,7 +1,7 @@
environments:
oas:
values:
- - "../../../config/values/local.yaml"
+ - "/etc/OpenAppStack/values/local.yaml"
repositories:
- name: jetstack
diff --git a/helmfiles/helmfile.d/10-nginx.yaml b/helmfiles/helmfile.d/10-nginx.yaml
index e9a8cfe2a2bca2207e5a2ab3074aba76f7bfbf09..3e89ef640fc8f824cf48c092352c8480266f5d11 100644
--- a/helmfiles/helmfile.d/10-nginx.yaml
+++ b/helmfiles/helmfile.d/10-nginx.yaml
@@ -1,7 +1,7 @@
environments:
oas:
values:
- - "../../../config/values/local.yaml"
+ - "/etc/OpenAppStack/values/local.yaml"
releases:
- name: "oas-{{ .Environment.Values.releaseName }}-proxy"
@@ -9,5 +9,5 @@ releases:
chart: "stable/nginx-ingress"
values:
- "../values/nginx.yaml.gotmpl"
- - "/oas/config/values/apps/nginx.yaml.gotmpl"
+ - "/etc/OpenAppStack/values/apps/nginx.yaml.gotmpl"
wait: false
diff --git a/helmfiles/helmfile.d/15-monitoring.yaml b/helmfiles/helmfile.d/15-monitoring.yaml
index 888521b34906c0cdb52d2039a1ba88ac0920d541..221d81d3bbdc7b0954bd9fa35230218e135277cc 100644
--- a/helmfiles/helmfile.d/15-monitoring.yaml
+++ b/helmfiles/helmfile.d/15-monitoring.yaml
@@ -1,7 +1,7 @@
environments:
oas:
values:
- - "../../../config/values/local.yaml"
+ - "/etc/OpenAppStack/values/local.yaml"
releases:
- name: "oas-{{ .Environment.Values.releaseName }}-prometheus"
@@ -9,5 +9,5 @@ releases:
chart: "stable/prometheus-operator"
values:
- "../values/prometheus.yaml.gotmpl"
- - "/oas/config/values/apps/prometheus.yaml.gotmpl"
+ - "/etc/OpenAppStack/values/apps/prometheus.yaml.gotmpl"
wait: false
diff --git a/helmfiles/helmfile.d/20-nextcloud.yaml b/helmfiles/helmfile.d/20-nextcloud.yaml
index 1ba9bb1bbe8a0d1eda037a30a47975a6de5d1443..0b7438bc9f03edebddcd7f6cbee2d32fae09bf2d 100644
--- a/helmfiles/helmfile.d/20-nextcloud.yaml
+++ b/helmfiles/helmfile.d/20-nextcloud.yaml
@@ -1,7 +1,7 @@
environments:
oas:
values:
- - "../../../config/values/local.yaml"
+ - "/etc/OpenAppStack/values/local.yaml"
# Note: needs helm-git plugin (https://github.com/aslafy-z/helm-git)
repositories:
@@ -17,6 +17,6 @@ releases:
chart: "../../repos/nextcloud/nextcloud-onlyoffice"
values:
- "../values/nextcloud.yaml.gotmpl"
- - "/oas/config/values/apps/nextcloud.yaml.gotmpl"
+ - "/etc/OpenAppStack/values/apps/nextcloud.yaml.gotmpl"
wait: true
timeout: 600