baserock_trove: Add files needed for deploying the Trovebaserock/pedroalvarez/trove-ssl

Change-Id: I988f8b51405aa1a157802507233698770dc268ff
author: Pedro Alvarez <pedro.alvarez@codethink.co.uk> 2015-11-11 16:19:58 +0000
committer: Pedro Alvarez <pedro.alvarez@codethink.co.uk> 2015-11-11 17:43:43 +0000
commit: fda75d3b8fbba41143cd028e0d07944546d548c7 (patch)
tree: aafddfd4eeb8994eb53c47e6a72d2e8ac94b7218
parent: ca0ce747665efec582a1ce9685faec31238c573a (diff)
download: infrastructure-baserock/pedroalvarez/trove-ssl.tar.gz
5 files changed, 141 insertions, 0 deletions
diff --git a/baserock_trove/baserock_trove.morph b/baserock_trove/baserock_trove.morph
new file mode 100644
index 00000000..ed93896f
--- /dev/null
+++ b/baserock_trove/baserock_trove.morph
@@ -0,0 +1,25 @@
+name: trove.baserock.org-upgrade
+kind: cluster
+description: |
+  Deployment .morph for baserock.org Trove system.
+
+  Configuration of the system is handled separately, with a series of
+  Ansible playbooks that should be run after an instance of the system
+  is up and running. See the README for instructions.
+
+systems:
+- morph: systems/trove-system-x86_64.morph
+  deploy-defaults:
+  deploy:
+    gbo:
+      type: extensions/openstack
+      location: https://compute.datacentred.io:5000/v2.0
+
+      upgrade-type: extensions/ssh-rsync
+      upgrade-location: root@git.baserock.org
+
+      TROVE_GENERIC: yes
+      OPENSTACK_IMAGENAME: baserock_trove
+      CLOUD_INIT: true
+      DISK_SIZE: 3G
+      KERNEL_ARGS: console=tty0 console=ttyS0
diff --git a/baserock_trove/configure-trove.yml b/baserock_trove/configure-trove.yml
new file mode 100644
index 00000000..bac19736
--- /dev/null
+++ b/baserock_trove/configure-trove.yml
@@ -0,0 +1,43 @@
+# Instance configuration for Baserock Trove server.
+#
+# This script expects a volume to be available at /dev/vdb.
+---
+- hosts: git
+  gather_facts: False
+  sudo: yes
+  tasks:
+
+  # To create the .pem file, simply concatenate
+  # certs/baserock.org-ssl-certificate-temporary-dsilverstone.full.cert with
+  # the private key for that certificate (which is not committed to Git, of
+  # course).
+    - name: Install SSL certificate
+      copy:
+        src: ../private/baserock.org-ssl-certificate-temporary-dsilverstone.pem
+        dest: /etc/trove/baserock.pem
+        mode: 400
+
+    - name: Install CA chain certificate
+      copy:
+        src: ../certs/startcom-class2-ca-chain-certificate.cert
+        dest: /etc/trove/startcom-ca.pem
+
+    - name: Install trove.conf configuration file
+      copy:
+        src: trove.conf
+        dest: /etc/trove/trove.conf
+
+    - name: Copy ssh keys
+      copy:
+        src: ../private/{{ item }}
+        dest: /etc/trove/{{ item }}
+      with_items:
+        - admin.key.pub
+        - lorry.key
+        - lorry.key.pub
+        - worker.key.pub
+
+    - name: Restart the trove-setp service to configure the trove
+      service:
+        name: trove-setup
+        state: restarted
diff --git a/baserock_trove/image-config.yml b/baserock_trove/image-config.yml
new file mode 100644
index 00000000..32795e28
--- /dev/null
+++ b/baserock_trove/image-config.yml
@@ -0,0 +1,31 @@
+# System configuration for Baserock database server.
+#
+# This Ansible playbook expects to be run on a Fedora 21 Cloud image.
+---
+- hosts: database-mariadb
+  gather_facts: False
+  sudo: True
+  tasks:
+  - name: enable persistant journal
+    shell: mkdir /var/log/journal
+    args:
+      creates: /var/log/journal
+
+  - name: install lvm2 tools
+    yum: name=lvm2 state=latest
+
+  - name: install MariaDB
+    yum: name={{ item }} state=latest
+    with_items:
+        - mariadb
+        - mariadb-server
+        - MySQL-python
+
+  - name: install libselinux-python, so Ansible can control selinux
+    yum: name=libselinux-python state=latest
+
+  - name: disable SELinux on subsequent boots
+    selinux: state=disabled
+
+  - name: disable SELinux on current boot
+    command: setenforce 0
diff --git a/baserock_trove/instance-config.yml b/baserock_trove/instance-config.yml
new file mode 100644
index 00000000..d8006fc2
--- /dev/null
+++ b/baserock_trove/instance-config.yml
@@ -0,0 +1,28 @@
+# Instance configuration for Baserock Trove server.
+#
+# This script expects a volume to be available at /dev/vdb.
+---
+- hosts: git
+  gather_facts: False
+  sudo: yes
+  tasks:
+
+    - name: Create an ext4 filesystem in /dev/vdb
+      filesystem:
+        fstype: ext4
+        dev: /dev/vdb
+        opts: -L home
+
+    - name: mount home volume
+      mount:
+        src: LABEL=home
+        name: /home
+        fstype: ext4
+        state: mounted
+      register: home_mounted
+
+# Ansible doesn't remount /home properly, so reboot system here
+    - name: Reboot server to mount everything properly
+      shell: reboot
+      when: home_mounted|changed
+      ignore_errors: true
diff --git a/baserock_trove/trove.conf b/baserock_trove/trove.conf
new file mode 100644
index 00000000..4de7cd19
--- /dev/null
+++ b/baserock_trove/trove.conf
@@ -0,0 +1,14 @@
+HOSTNAME: firehose1
+LORRY_CONTROLLER_MINIONS: '4'
+LORRY_SSH_KEY: /etc/trove/lorry.key
+LORRY_SSH_PUBKEY: /etc/trove/lorry.key.pub
+TROVE_ADMIN_EMAIL: daniel.silverstone@codethink.co.uk
+TROVE_ADMIN_NAME: Daniel Silverstone
+TROVE_ADMIN_SSH_PUBKEY: /etc/trove/admin.key.pub
+TROVE_ADMIN_USER: danielsilverstone
+TROVE_COMPANY: Baserock
+TROVE_HOSTNAME: git.baserock.org
+TROVE_ID: baserock
+WORKER_SSH_PUBKEY: /etc/trove/worker.key.pub
+TROVE_SSL_PEMFILE: /etc/trove/baserock.pem
+TROVE_SSL_CA_FILE: /etc/trove/startcom-ca.pem
author	Pedro Alvarez <pedro.alvarez@codethink.co.uk>	2015-11-11 16:19:58 +0000
committer	Pedro Alvarez <pedro.alvarez@codethink.co.uk>	2015-11-11 17:43:43 +0000
commit	fda75d3b8fbba41143cd028e0d07944546d548c7 (patch)
tree	aafddfd4eeb8994eb53c47e6a72d2e8ac94b7218
parent	ca0ce747665efec582a1ce9685faec31238c573a (diff)
download	infrastructure-baserock/pedroalvarez/trove-ssl.tar.gz