Merge branch '65-move-files-from-oas-to-other-locations-on-master-node' into 'master'

Resolve "Move files from /oas to other locations on master node" Closes #65 See merge request openappstack/openappstack!55

Merge branch '65-move-files-from-oas-to-other-locations-on-master-node' into 'master'
78900cbc · Mark · 001408a9 · 3975593b · 78900cbc · 78900cbc
Commit 78900cbc authored 5 years ago by Mark
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
 # Default OAS config dir on the cluster
-configuration_directory: "/oas/config"
+configuration_directory: "/etc/OpenAppStack"
+# Directory to store generated configuration and cluster state.
+data_directory: "/var/lib/OpenAppStack"
+# Directory to store logs.
+log_directory: "/var/log/OpenAppStack"

 # Use python3 on cluster nodes for ansible
 ansible_python_interpreter: "/usr/bin/env python3"
@@ -22,7 +26,7 @@ git_nextcloud_version: '897c800f7a1d632784d8dc721f34362d4e789743'
 helmfile:
  # At the moment, helmfile doesn't provide sha256 sums,
  # see https://github.com/roboll/helmfile/issues/654
-  version: '0.79.3'
+  version: '0.80.1'

 krew:
  version: '0.2.1'

--- a/ansible/roles/get_control/tasks/main.yml
+++ b/ansible/roles/get_control/tasks/main.yml
@@ -6,11 +6,12 @@
    state: directory
  become: true
  with_items:
-    - "/oas/control/local"
-    - "/oas/bin"
-    - "/oas/logs"
+    - "{{ configuration_directory }}"
+    - "{{ data_directory }}"
+    - "{{ data_directory }}/ssh"
+    - "{{ data_directory }}/rke"
+    - "{{ log_directory }}"
    - "/usr/local/share/bash-completion/completions"
-    - "/var/cache/oas"

 - name: Create directory for values
  file:
@@ -18,15 +19,21 @@
    state: directory
  become: true

+- name: Create README in configuration directory
+  template:
+    src: configuration_README.md
+    dest: "{{ configuration_directory }}/README.md"
+  become: true
+
 - name: Generate SSH keys for rke
-  shell: ssh-keygen -f {{ configuration_directory }}/ssh_key -C "oas-control@${hostname}" -q -N ""
+  shell: ssh-keygen -f {{ data_directory }}/ssh/ssh_key -C "oas-control@${hostname}" -q -N ""
  args:
-    creates: "{{ configuration_directory }}/ssh_key"
+    creates: "{{ data_directory }}/ssh/ssh_key"
  become: true

 - name: Retrieve new public key
  slurp:
-    src: "{{ configuration_directory }}/ssh_key.pub"
+    src: "{{ data_directory }}/ssh/ssh_key.pub"
  register: ssh_key
  become: true

@@ -40,7 +47,7 @@
 - name: Store external ip on the node itself
  copy:
    content: "{{ ip_address }}"
-    dest: "{{ configuration_directory }}/ip"
+    dest: "{{ data_directory }}/ip"

 - name: Install bash-completion
  tags:

--- a/ansible/roles/get_control/templates/configuration_README.md
+++ b/ansible/roles/get_control/templates/configuration_README.md
+This directory contains configuration for the OpenAppStack instance running on
+this machine. For general information, see [https://openappstack.net].
+
+## Helm values
+
+We use [Helm](https://helm.sh) charts to install applications to the Kubernetes
+cluster running on this machine. On top of that, we use
+[helmfile](https://github.com/roboll/helmfile/) to record which Helm charts
+should be installed on the system, and with which settings (called "values").
+
+After changing any of these values, you will need to re-run Helmfile, which
+will make all applications aware of these changes and restart them if necessary.
+To do so, run
+```
+helmfile -e oas -f /var/lib/OpenAppStack/helmfiles/helmfile.d apply
+```
+
+### Cluster values
+
+In `local.yaml`, there are some settings that were generated during the
+OpenAppStack installation process, including essential ones such as this
+machine's external ip address, and the domain name where the applications are
+served.
+
+### Application values
+
+Inside the `apps` directory, you can provide values to configure the Helm charts
+that make up this OpenAppStack instance. These values will override both the
+defaults provided by the chart authors, and the settings the OpenAppStack
+maintainers put in place.
+
+A separate values file has been pre-created per application. Please note that
+these files are referenced specifically by the corresponding OpenAppStack
+helmfile configuration, so renaming them will break the system, and creating new
+ones will not have any effect by itself.
+
+To see what values can be specified for an application, please check the
+documentation of the corresponding Helm chart.
--- a/ansible/roles/rke_configuration/defaults/main.yml
+++ b/ansible/roles/rke_configuration/defaults/main.yml
-rke_configuration_location: "/oas/control/local/rke/cluster.yml"
-rke_ssh_key_path: "/oas/config/ssh_key"
+rke_configuration_location: "{{ data_directory }}/rke/cluster.yml"
+rke_ssh_key_path: "{{ data_directory }}/ssh/ssh_key"
 rke_ssh_agent_auth: "false"
 # Whether to support customer flexvolume driver plugins, by mounting the path
 # /usr/libexec/kubernetes/kubelet-plugins/volume/exec into kubelet.

--- a/ansible/roles/rke_configuration/tasks/main.yml
+++ b/ansible/roles/rke_configuration/tasks/main.yml
@@ -29,13 +29,8 @@
  become: true


- name: Create directory to contain rke configuration
-  file:
-    path: "/oas/control/local/rke"
-    state: directory
-  become: true
-
 - name: Copy rke cluster configuration file
  template:
    src: "cluster.yml.j2"
    dest: "{{ rke_configuration_location }}"
+  become: true
--- a/ansible/roles/setup/tasks/helmfiles.yml
+++ b/ansible/roles/setup/tasks/helmfiles.yml
 ---

- name: Remove old helmfiles repo
-  tags:
-    - helm
-    - helmfile
-  file:
-    path: '/oas/source/repos/helmfiles'
-    state: absent
-
 - name: Synchronize helmfiles directory
  tags:
    - git
@@ -15,23 +7,25 @@
    - helmfile
  synchronize:
    src: '../../helmfiles'
-    dest: '/oas/source'
+    dest: '{{ data_directory }}/source'
    delete: true
+  become: true

 - name: Clone charts repo
  tags:
    - git
  git:
    repo: 'https://open.greenhost.net/openappstack/charts'
-    dest: '/oas/source/repos/charts'
+    dest: '{{ data_directory }}/source/repos/charts'
    version: '{{ git_charts_version }}'
+  become: true

 - name: Clone nextcloud repo
  tags:
    - git
  git:
    repo: 'https://open.greenhost.net/openappstack/nextcloud'
-    dest: '/oas/source/repos/nextcloud'
+    dest: '{{ data_directory }}/source/repos/nextcloud'
    version: '{{ git_nextcloud_version }}'

 - name: Clone local-storage repo
@@ -39,7 +33,7 @@
    - git
  git:
    repo: 'https://open.greenhost.net/openappstack/local-storage'
-    dest: '/oas/source/repos/local-storage'
+    dest: '{{ data_directory }}/source/repos/local-storage'
    version: '{{ git_local_storage_version }}'

 - name: Create OAS namespaces
@@ -56,22 +50,22 @@
    - 'oas-apps'


- name: Ensure /oas/config/values/apps directory
+- name: Create value overrides directory
  tags:
    - config
    - oas
  file:
    state: directory
-    path: /oas/config/values/apps
+    path: '{{ configuration_directory }}/values/apps'

- name: Touch config file locations
+- name: Create value override files
  tags:
    - config
    - helmfile
    - oas
  file:
    state: touch
-    path: "/oas/config/values/apps/{{ item }}.yaml.gotmpl"
+    path: "{{ configuration_directory }}/values/apps/{{ item }}.yaml.gotmpl"
    mode: '0600'
  with_items:
    - "nginx"
@@ -101,4 +95,4 @@
    - NEXTCLOUD_MARIADB_PASSWORD: "{{ nextcloud_mariadb_password }}"
    - NEXTCLOUD_MARIADB_ROOT_PASSWORD: "{{ nextcloud_mariadb_root_password }}"
    - GRAFANA_ADMIN_PASSWORD: "{{ grafana_admin_password }}"
-  command: '/usr/local/bin/helmfile -b /snap/bin/helm -e oas -f /oas/source/helmfiles/helmfile.d/ apply --suppress-secrets'
+  command: '/usr/local/bin/helmfile -b /snap/bin/helm -e oas -f {{ data_directory }}/source/helmfiles/helmfile.d/ apply --suppress-secrets'
--- a/ansible/roles/setup/tasks/rke.yml
+++ b/ansible/roles/setup/tasks/rke.yml
@@ -2,7 +2,7 @@
 - name: Build Cluster
  tags:
    - rke
-  shell: /usr/local/bin/rke up --config=/oas/control/local/rke/cluster.yml >> /oas/logs/rke.log
+  shell: /usr/local/bin/rke up --config={{ data_directory }}/rke/cluster.yml >> {{ log_directory }}/rke.log

 - name: Ensure /root/.kube directory
  tags:
@@ -18,7 +18,7 @@
    - kubectl
  file:
    state: link
-    src: /oas/control/local/rke/kube_config_cluster.yml
+    src: "{{ data_directory }}/rke/kube_config_cluster.yml"
    dest: /root/.kube/config

 - name: Copy cluster information to local folder
@@ -31,9 +31,9 @@
    dest: "{{ item.dest }}"
    flat: yes
  loop:
-    - src: /oas/control/local/rke/kube_config_cluster.yml
+    - src: "{{ data_directory }}/rke/kube_config_cluster.yml"
      dest: "{{ secret_directory }}/kube_config_cluster.yml"
-    - src: /oas/logs/rke.log
+    - src: "{{ log_directory }}/rke.log"
      dest: cluster_data/rke.log
-    - src: /oas/control/local/rke/cluster.yml
+    - src: "{{ data_directory }}/rke/cluster.yml"
      dest: cluster_data/rke_cluster.yml
--- a/ansible/roles/setup/tasks/ssh.yml
+++ b/ansible/roles/setup/tasks/ssh.yml
@@ -9,9 +9,9 @@
  changed_when: false
  register: master_rsa_pub_hostkey

- name: Create /oas/config/ssh_known_hosts
+- name: Create ssh_known_hosts
  tags:
    - ssh
  copy:
-    dest: /oas/config/ssh_known_hosts
+    dest: "{{ data_directory }}/ssh/ssh_known_hosts"
    content: "{{ ip_address }} {{ master_rsa_pub_hostkey.stdout }}"
--- a/helmfiles/helmfile.d/00-storage.yaml
+++ b/helmfiles/helmfile.d/00-storage.yaml
 environments:
  oas:
    values:
-      - "../../../config/values/local.yaml"
+      - "/etc/OpenAppStack/values/local.yaml"

 releases:
  - name: "oas-{{ .Environment.Values.releaseName }}-local-storage"

--- a/helmfiles/helmfile.d/05-cert-manager.yaml
+++ b/helmfiles/helmfile.d/05-cert-manager.yaml
 environments:
  oas:
    values:
-      - "../../../config/values/local.yaml"
+      - "/etc/OpenAppStack/values/local.yaml"

 repositories:
  - name: jetstack

--- a/helmfiles/helmfile.d/10-nginx.yaml
+++ b/helmfiles/helmfile.d/10-nginx.yaml
 environments:
  oas:
    values:
-      - "../../../config/values/local.yaml"
+      - "/etc/OpenAppStack/values/local.yaml"

 releases:
  - name: "oas-{{ .Environment.Values.releaseName }}-proxy"
@@ -9,5 +9,5 @@ releases:
    chart: "stable/nginx-ingress"
    values:
    - "../values/nginx.yaml.gotmpl"
-    - "/oas/config/values/apps/nginx.yaml.gotmpl"
+    - "/etc/OpenAppStack/values/apps/nginx.yaml.gotmpl"
    wait: false
--- a/helmfiles/helmfile.d/15-monitoring.yaml
+++ b/helmfiles/helmfile.d/15-monitoring.yaml
 environments:
  oas:
    values:
-      - "../../../config/values/local.yaml"
+      - "/etc/OpenAppStack/values/local.yaml"

 releases:
  - name: "oas-{{ .Environment.Values.releaseName }}-prometheus"
@@ -9,5 +9,5 @@ releases:
    chart: "stable/prometheus-operator"
    values:
    - "../values/prometheus.yaml.gotmpl"
-    - "/oas/config/values/apps/prometheus.yaml.gotmpl"
+    - "/etc/OpenAppStack/values/apps/prometheus.yaml.gotmpl"
    wait: false
--- a/helmfiles/helmfile.d/20-nextcloud.yaml
+++ b/helmfiles/helmfile.d/20-nextcloud.yaml
 environments:
  oas:
    values:
-      - "../../../config/values/local.yaml"
+      - "/etc/OpenAppStack/values/local.yaml"

 # Note: needs helm-git plugin (https://github.com/aslafy-z/helm-git)
 repositories:
@@ -17,6 +17,6 @@ releases:
    chart: "../../repos/nextcloud/nextcloud-onlyoffice"
    values:
    - "../values/nextcloud.yaml.gotmpl"
-    - "/oas/config/values/apps/nextcloud.yaml.gotmpl"
+    - "/etc/OpenAppStack/values/apps/nextcloud.yaml.gotmpl"
    wait: true
    timeout: 600