first version of rocketchat working installation

ba187873 · Maarten de Waard · 9c2b3a32 · ba187873 · ba187873 · ba187873
Verified Commit ba187873 authored 5 years ago by Maarten de Waard
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -20,6 +20,12 @@ onlyoffice_jwt_secret: "{{ lookup('password', '{{ cluster_dir }}/secrets/onlyoff
 onlyoffice_postgresql_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/onlyoffice_postgresql_password chars=ascii_letters') }}"
 onlyoffice_rabbitmq_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/onlyoffice_rabbitmq_password chars=ascii_letters') }}"

+# Rocketchat credentials
+rocketchat_mongodb_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/rocketchat_mongodb_password chars=ascii_letters') }}"
+rocketchat_mongodb_root_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/rocketchat_mongodb_root_password chars=ascii_letters') }}"
+rocketchat_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/rocketchat_admin_password chars=ascii_letters') }}"
+
+# Grafana credentials
 grafana_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/grafana_admin_password chars=ascii_letters') }}"

 # git repo versions

--- a/ansible/group_vars/all/settings.yml.example
+++ b/ansible/group_vars/all/settings.yml.example
@@ -19,6 +19,10 @@ helmfiles:
  - 05-cert-manager
  - 10-nginx
  - 15-monitoring
+# This setting makes Flux use a local git repository to see if apps need
+# updated. In the future this should only be enabled on development machines,
+# but at the moment it's te only option
+local_flux: true

 # Optional, custom rke config.
 # I.e. you can set the desired Kubernetes version but please be aware of

--- a/ansible/roles/apps/tasks/init.yml
+++ b/ansible/roles/apps/tasks/init.yml
@@ -20,7 +20,6 @@
 - name: Create value overrides directory
  tags:
    - config
-    - oas
    - nextcloud
    - prometheus
    - nginx
@@ -32,7 +31,6 @@
  tags:
    - config
    - helmfile
-    - oas
    - nextcloud
    - prometheus
    - nginx

--- a/ansible/roles/apps/tasks/main.yml
+++ b/ansible/roles/apps/tasks/main.yml
@@ -28,5 +28,8 @@
  tags: [ helmfile ]
  when: '"15-monitoring" in helmfiles'

+- name: Tasks pertaining to Rocket.chat
+  import_tasks: rocketchat.yml
+
 - name: Tasks pertaining to NextCloud
  import_tasks: nextcloud.yml
--- a/ansible/roles/apps/tasks/nextcloud.yml
+++ b/ansible/roles/apps/tasks/nextcloud.yml
@@ -4,7 +4,6 @@
  tags:
    - config
    - flux
-    - oas
    - nextcloud
  k8s:
    state: present

--- a/ansible/roles/apps/tasks/rocketchat.yml
+++ b/ansible/roles/apps/tasks/rocketchat.yml
+---
+
+- name: Create Kubernetes secret with Rocketchat values
+  tags:
+    - config
+    - flux
+    - rocketchat
+  k8s:
+    state: present
+    definition:
+      api_version: v1
+      kind: Secret
+      metadata:
+        namespace: "oas-apps"
+        name: "oas"
+      data:
+        rocketchat.yaml: "{{ lookup('template','secrets.rocketchat.yaml') | b64encode }}"
+
--- a/ansible/roles/apps/templates/secrets.rocketchat.yaml
+++ b/ansible/roles/apps/templates/secrets.rocketchat.yaml
+# Hostname for Rocket.chat
+host: "chat.{{ domain }}"
+
+# Extra environment variables for Rocket.Chat. Used with tpl function, so this
+# needs to be a string
+extraEnv: |
+  ADMIN_USERNAME: admin
+  ADMIN_PASS: "{{ rocketchat_admin_password }}"
+  ADMIN_EMAIL: "{{ admin_email }}"
+
+ingress:
+  enabled: true
+  annotations:
+    # Tell cert-manager to automatically get a TLS certificate
+    kubernetes.io/tls-acme: "true"
+  tls:
+    - hosts:
+        - "chat.{{ domain }}"
+      secretName: oas-rocketchat
+
+# Use 2 GB of storage for NC storage (maybe make configurable later?)
+persistence:
+  enabled: true
+  size: 2Gi
+
+mongodb:
+  mongodbRootPassword: "{{ rocketchat_mongodb_root_password }}"
+  mongodbPassword: "{{ rocketchat_mongodb_password }}"
--- a/ansible/roles/local-flux/tasks/main.yml
+++ b/ansible/roles/local-flux/tasks/main.yml
@@ -66,7 +66,7 @@
  - name: Install local-flux helm chart
    tags:
      - flux
-    shell: helm install --namespace=oas --name=local-flux /var/lib/OpenAppStack/source/local-flux
+    shell: helm upgrade --install --namespace=oas local-flux /var/lib/OpenAppStack/source/local-flux
  
  vars:
    repo: "/var/lib/OpenAppStack/local-flux"
--- a/flux/rocketchat.yaml
+++ b/flux/rocketchat.yaml
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: rocketchat
+  namespace: oas-apps
+  annotations:
+    flux.weave.works/automated: "false"
+spec:
+  releaseName: rocketchat
+  chart:
+    repository: https://kubernetes-charts.storage.googleapis.com/
+    name: rocketchat
+    version: 2.0.0
+  valuesFrom:
+    - secretKeyRef:
+        name: oas
+        key: rocketchat.yaml
+  timeout: 300
+