deplacement dans ansible des fichiers docker

2026-02-13 16:48:19 +01:00
parent 7fe633c476
commit fda23a778e
17 changed files with 429 additions and 84 deletions
--- a/ansible/files/apache.conf.j2
+++ b/ansible/files/apache.conf.j2
@@ -0,0 +1,17 @@
+<VirtualHost *:{{ http_port }}>
+    ServerAdmin webmaster@localhost
+    ServerName {{ http_host }}
+    ServerAlias www.{{ http_host }}
+    DocumentRoot /var/www/{{ http_host }}
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+    <Directory /var/www/{{ http_host }}>
+          Options -Indexes
+    </Directory>
+
+    <IfModule mod_dir.c>
+        DirectoryIndex index.php index.html index.cgi index.pl  index.xhtml index.htm
+    </IfModule>
+
+</VirtualHost>
--- a/ansible/files/dockercompose/docker-compose.yml
+++ b/ansible/files/dockercompose/docker-compose.yml
@@ -0,0 +1,95 @@
+services:
+  front:
+    build:
+      context: ..
+      dockerfile: dockerfiles/front/Dockerfile
+    ports:
+      - "80:80"
+    volumes:
+      - ../../../doodlestudent/front:/app
+      - ./certbot/www:/var/www/certbot:ro
+      - ./certbot/conf:/etc/letsencrypt:ro
+    environment:
+      - FLASK_ENV=development
+    depends_on:
+      - back
+      - db
+      - etherpad
+      - mail
+    networks:
+      - app-network
+
+# https://stackoverflow.com/questions/57591868/how-correctly-install-ssl-certificate-using-certbot-in-docker
+  certbot:
+    image: certbot/certbot:latest
+    container_name: certbot
+    depends_on:
+      - front
+    volumes:
+      - ./certbot/www/:/var/www/certbot/:rw
+      - ./certbot/conf/:/etc/letsencrypt/:rw
+
+  back:
+    build:
+      context: ..
+      dockerfile: dockerfiles/back/DockerfileUsingApiNative
+    ports:
+      - "8080:8080"
+    volumes:
+      - ../../../doodlestudent/api:/app
+    environment:
+      - FLASK_ENV=development
+    depends_on:
+      db:
+        condition: service_healthy
+      etherpad:
+        condition: service_healthy
+    networks:
+      - app-network
+    restart: 
+      unless-stopped
+
+  db:
+    image: mysql
+    ports:
+      - "3306:3306"
+    environment:
+      - MYSQL_ROOT_PASSWORD=root
+      - MYSQL_DATABASE=tlc
+      - MYSQL_USER=tlc
+      - MYSQL_PASSWORD=tlc
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-uroot", "-proot"]
+      interval: 10s
+      timeout: 1m
+      retries: 5
+    networks:
+      - app-network
+
+  etherpad:
+    image: etherpad/etherpad:1.9.7
+    ports:
+      - "9001:9001"
+    volumes:
+      - ../../../doodlestudent/api/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt
+    networks:
+      - app-network
+    healthcheck:
+      test: ["CMD-SHELL", "node -e \"require('http').get('http://127.0.0.1:9001', res => { process.exit(res.statusCode===200?0:1) }).on('error', ()=>process.exit(1))\""]
+      interval: 30s
+      timeout: 10s
+      start_period: 15s
+      retries: 5
+
+  mail:
+    image: bytemark/smtp
+    restart: always
+    ports:
+      - "2525:25"
+    networks:
+      - app-network
+
+networks: # Declare the network to be used by the services
+  app-network: # Is a user-defined network
+    #external: false # If true, Docker Compose will look for an existing network with the same name and use it. If false or not specified, Docker Compose will create a new network.
+    name: app-network #Name of the network (optional, Docker Compose will generate one if not provided)
--- a/ansible/files/dockerfiles/back/Dockerfile
+++ b/ansible/files/dockerfiles/back/Dockerfile
@@ -0,0 +1,18 @@
+FROM alpine:3.23
+
+RUN apk --no-cache add curl bash
+
+# java 17 car c'est la version utilise dans maven (voir pom.xml)
+RUN apk --no-cache add openjdk17-jdk maven
+
+COPY doodlestudent/api /app
+
+RUN mvn install -Dpackaging=jar
+RUN mvn package -DskipTests
+
+RUN ls -l target
+
+# Quarkus semble utilise le port 8080 par defaut
+EXPOSE 8080
+
+ENTRYPOINT [ "java", "-jar", "/app/target/tlcdemoApp-1.0.0-SNAPSHOT.jar" ]
--- a/ansible/files/dockerfiles/back/Dockerfile2
+++ b/ansible/files/dockerfiles/back/Dockerfile2
@@ -0,0 +1,31 @@
+FROM maven:3.9.6-eclipse-temurin-17 AS build
+
+WORKDIR /app
+
+# Copy only pom.xml first (better layer caching)
+COPY doodlestudent/api/pom.xml .
+
+# Download dependencies
+RUN mvn dependency:go-offline
+
+# Copy the rest of the source code
+COPY doodlestudent/api/src ./src
+
+# Build the application
+RUN mvn package -DskipTests
+
+# ---------------------------
+# Stage 2 - Runtime
+# ---------------------------
+FROM eclipse-temurin:17-jre-alpine
+
+WORKDIR /app
+
+# Copy the built application from the build stage
+COPY --from=build /app/target/quarkus-app/ ./quarkus-app/
+
+# Quarkus default port
+EXPOSE 8080
+
+# Run the application
+ENTRYPOINT ["java", "-jar", "quarkus-app/quarkus-run.jar"]
--- a/ansible/files/dockerfiles/back/DockerfileUsingApiNative
+++ b/ansible/files/dockerfiles/back/DockerfileUsingApiNative
@@ -0,0 +1,40 @@
+FROM quay.io/quarkus/ubi-quarkus-mandrel-builder-image:23.0-java17 AS builder
+
+# a executer a la racine du projet
+
+USER root
+RUN microdnf install -y maven
+
+COPY doodlestudent/api /app
+
+WORKDIR /app
+
+RUN ./mvnw dependency:resolve
+
+COPY doodlestudent/api/src /app/src
+RUN ./mvnw package -Pnative -DskipTests
+
+RUN ls -l target
+
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8
+
+WORKDIR /work/
+
+COPY --from=builder --chown=1001:root /app/target/*-runner /work/application
+
+RUN chown 1001 /work \
+    && chmod "g+rwX" /work \
+    && chown 1001:root /work
+
+EXPOSE 8080
+USER 1001
+
+ENV quarkus_datasource_jdbc_url "jdbc:mysql://db:3306/tlc?allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&createDatabaseIfNotExist=true&serverTimezone=Europe/Paris"
+ENV quarkus_datasource_username tlc
+ENV quarkus_datasource_password tlc
+ENV QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION update
+ENV doodle_internalPadUrl "http://etherpad:9001/"
+ENV doodle_externalPadUrl "http://etherpad:9001/"
+ENV mailer_host mail
+ENV mailer_port 25
+CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]
--- a/ansible/files/dockerfiles/front/Dockerfile
+++ b/ansible/files/dockerfiles/front/Dockerfile
@@ -0,0 +1,20 @@
+FROM node:20 AS build
+
+WORKDIR /app
+
+
+COPY doodlestudent/front .
+
+RUN npm install
+
+RUN npx ng build
+
+
+FROM nginx:alpine
+
+COPY --from=build /app/dist/tlcfront /usr/share/nginx/html
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]
--- a/ansible/files/info.php.j2
+++ b/ansible/files/info.php.j2
@@ -0,0 +1,2 @@
+<?php
+phpinfo();
--- a/ansible/hosts
+++ b/ansible/hosts
@@ -0,0 +1,7 @@
+[webservers]
+192.168.56.141 ansible_ssh_user=vagrant ansible_become_pass=vagrant ansible_python_interpreter=/usr/bin/python3
+
+[webservers:vars]
+ansible_connection=ssh
+ansible_ssh_user=vagrant
+ansible_ssh_pass=vagrant
--- a/ansible/playbook.yml
+++ b/ansible/playbook.yml
@@ -0,0 +1,97 @@
+##################################################
+# DO Community Playbooks: LAMP on Ubuntu 18.04
+##################################################
+---
+- hosts: all
+  become: true
+  vars_files:
+    - vars/default.yml
+
+  tasks:
+    - name: Install prerequisites
+      apt: 
+        name: 'aptitude'
+        update_cache: true
+
+  #Apache Configuration
+    - name: Install LAMP Packages
+      apt: 
+        name: [ 'apache2', 'python3-pip', 'mysql-server', 'php', 'php-mysql', 'libapache2-mod-php' ]
+        state: present
+
+    - name: Make sure pymysql is present
+      become: true # needed if the other tasks are not played as root
+      pip:
+        name: pymysql
+        state: present
+
+    - name: Create document root
+      file:
+        path: "/var/www/{{ http_host }}"
+        state: directory
+        owner: "{{ app_user }}"
+        mode: '0755'
+
+    - name: Set up Apache virtualhost
+      template:
+        src: "files/apache.conf.j2"
+        dest: "/etc/apache2/sites-available/{{ http_conf }}"
+      notify: Reload Apache
+
+    - name: Enable new site
+      shell: /usr/sbin/a2ensite {{ http_conf }}
+      notify: Reload Apache
+
+    - name: Disable default Apache site
+      shell: /usr/sbin/a2dissite 000-default.conf
+      when: disable_default
+      notify: Reload Apache
+
+  # MySQL Configuration
+    - name: Sets the root password
+      mysql_user:
+        name: root
+        password: "{{ mysql_root_password }}"
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: Removes all anonymous user accounts
+      mysql_user:
+        name: ''
+        host_all: yes
+        state: absent
+        login_user: root
+        login_password: "{{ mysql_root_password }}"
+
+    - name: Removes the MySQL test database
+      mysql_db:
+        name: test
+        state: absent
+        login_user: root
+        login_password: "{{ mysql_root_password }}"
+
+  # UFW Configuration
+    - name: "UFW - Allow HTTP on port {{ http_port }}"
+      ufw:
+        rule: allow
+        port: "{{ http_port }}"
+        proto: tcp
+
+
+    - name : configure docker-compose
+      copy:
+        src: "files/docker-compose.yml"
+        dest: "/home/{{ app_user }}/docker-compose.yml"
+        owner: "{{ app_user }}"
+        mode: '0644'
+
+
+  handlers:
+    - name: Reload Apache
+      service:
+        name: apache2
+        state: reloaded
+
+    - name: Restart Apache
+      service:
+        name: apache2
+        state: restarted
--- a/ansible/vars/default.yml
+++ b/ansible/vars/default.yml
@@ -0,0 +1,7 @@
+---
+mysql_root_password: "mysql_root_password"
+app_user: "vagrant"
+http_host: "demotlc"
+http_conf: "demotlc.conf"
+http_port: "80"
+disable_default: true