Add ara and its related secrets

2022-04-23 10:54:26 -05:00 · 2022-04-23 10:54:26 -05:00 · d483eaa07b
commit d483eaa07b
parent e91c0e7710
5 changed files with 46 additions and 0 deletions
--- a/inventories/production/group_vars/all.yml
+++ b/inventories/production/group_vars/all.yml
@ -66,6 +66,24 @@ zerotier_management_network_id: !vault |
          3430303130303766610a633131656431396332626336653562616363666433366664373635613934
          30316335396166633361666466346232323630396534386332613937366232613965

+# For ara
+secret_ara_db_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63353066316533303030366138323937313163366363303836633330616464623166343739373436
+          3562613639613966613365666462666633643336383034390a383239383335623735613135386532
+          34383135313436383963383133336237343566303665633337626361613164303264393736616461
+          6133663463333033610a636463393833306539666538626361313062396666363130393334316137
+          34363064613232336238336630616530313661346264323537393434303264653930
+secret_ara_secret_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          38653361623431376163613762646262363734623239383330326331663434333031313137353561
+          3936316562623537363164626561333139633664643264340a336334333265663530663765376534
+          30356564353461343232343634383739373262643834313035396131303066666639383639376536
+          3638623035363939640a363332653234666630346166356537623735656639356137643833333939
+          65316437326137666461646366633731333639326139666333366133633836383931356564393131
+          31346465336361316433383865613233373836643366346538633330616232386132636662643963
+          303938396531623561653335646231616239
+
 # For GVM
 secret_gvm_db_pass: !vault |
          $ANSIBLE_VAULT;1.1;AES256
--- a/playbooks/local_dns.yml
+++ b/playbooks/local_dns.yml
@ -113,6 +113,8 @@
          value: web1.dallas.mgmt.desu.ltd
        - record: netbox.desu.ltd
          value: web3.dallas.mgmt.desu.ltd
+        - record: ara.desu.ltd
+          value: web3.dallas.mgmt.desu.ltd
        # Local
        - record: homeauto.local.desu.ltd
          value: pi-homeauto-1.home.mgmt.desu.ltd
--- a/playbooks/prod_db.yml
+++ b/playbooks/prod_db.yml
@ -23,6 +23,8 @@
            # Used for internal access from other nodes
          - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 }
        postgresql_users:
+          - name: ara-desultd
+            password: "{{ secret_ara_db_pass }}"
          - name: gitea-desultd
            password: "{{ secret_gitea_db_pass }}"
          - name: gulagbot-test
@ -40,6 +42,8 @@
          - name: synapse-desultd
            password: "{{ secret_synapse_db_pass }}"
        postgresql_databases:
+          - name: ara-desultd
+            owner: ara-desultd
          - name: gitea-desultd
            owner: gitea-desultd
          - name: gulagbot-test
--- a/playbooks/prod_web.yml
+++ b/playbooks/prod_web.yml
@ -145,6 +145,7 @@
        - app/redis.yml
        - web/movienight.yml
        - web/netbox.yml
+        - web/ara.yml
      tags: [ always ]
  roles:
    - role: backup
@ -318,6 +319,8 @@
    - role: ingress
      vars:
        ingress_servers:
+          - name: ara.desu.ltd
+            proxy_pass: http://ara:8000
          - name: netbox.desu.ltd
            proxy_pass: http://netbox:8080
          - name: nagios.desu.ltd
--- a/playbooks/tasks/web/ara.yml
+++ b/playbooks/tasks/web/ara.yml
@ -0,0 +1,19 @@
+# vim:ft=ansible:
+- name: docker deploy ara
+  docker_container:
+    name: ara
+    image: recordsansible/ara-api:centos8-stream-pypi-latest
+    env:
+      ARA_DATABASE_ENGINE: django.db.backends.postgresql
+      ARA_DATABASE_NAME: ara-desultd
+      ARA_DATABASE_USER: ara-desultd
+      ARA_DATABASE_PASSWORD: "{{ secret_ara_db_pass }}"
+      ARA_DATABASE_HOST: 192.168.164.156
+    networks:
+      - name: web
+        aliases: [ "ara" ]
+    volumes:
+      - /data/ara/server:/opt/ara:z
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+  tags: [ docker, ara ]