diff --git a/ansible_yaml/a11yvillage-be-playbook.yml b/ansible_yaml/a11yvillage-be-playbook.yml index 51ddb3f..9a9105a 100644 --- a/ansible_yaml/a11yvillage-be-playbook.yml +++ b/ansible_yaml/a11yvillage-be-playbook.yml @@ -12,9 +12,12 @@ certbot_source_directory: /usr/local/certbot-src certbot_executable_path: "{{ certbot_source_directory }}/venv/bin/certbot" domain: api.a11yvillage.coseeing.org + traefik_certresolver: a11yvillage-api + traefik_router_prefix: a11yvillage-api-service-- email: tsengwoody@coseeing.org ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com image_name: "{{ ecr_location }}/a11yvillage-be:{{ deploy_tag }}" + traefik_path: /data/entry/entry collections: - community.docker - community.aws @@ -83,6 +86,17 @@ mode: '0755' become: true + - name: Load Traefik source config (a11yvillage-be) + set_fact: + traefik_source_config: "{{ lookup('file', playbook_dir + '/extra/a11yvillage-be.yml') | from_yaml }}" + + - name: Transform Traefik config (placeholders -> prefix -> labels) + set_fact: + traefik_labels_list: "{{ (traefik_source_config + | replace_placeholders(domain, traefik_certresolver) + | apply_prefix(traefik_router_prefix) + ) | flatten_to_labels }}" + - name: Create .env file copy: dest: "{{ docker_compose_dir }}/.env" @@ -109,12 +123,7 @@ networks: - default - entry - labels: - - "traefik.enable=true" - - "traefik.http.routers.api-a11yvillage.rule=Host(`api.a11yvillage.coseeing.org`)" - - "traefik.http.routers.api-a11yvillage.entrypoints=websecure" - - "traefik.http.routers.api-a11yvillage.tls.certresolver=api-a11yvillageresolver" - - "traefik.docker.network=entry" + labels: {{ (['traefik.enable=true', 'traefik.docker.network=entry'] + traefik_labels_list) | to_json }} deploy: resources: limits: @@ -137,6 +146,45 @@ driver: bridge name: entry + - name: Ensure Traefik config directory exists + file: + path: "{{ traefik_path }}" + state: directory + mode: '0755' + become: true + + - name: Check if Traefik config exists + stat: + path: "{{ traefik_path }}/traefik.yml" + register: traefik_file + + - name: Load Traefik config when present + slurp: + src: "{{ traefik_path }}/traefik.yml" + register: traefik_slurp + when: traefik_file.stat.exists + + - name: Initialize Traefik config fact + set_fact: + traefik_config: "{{ (traefik_slurp.content | b64decode | from_yaml) if traefik_file.stat.exists else {} }}" + + - name: Ensure certificatesResolvers map exists + set_fact: + traefik_config: "{{ traefik_config | combine({'certificatesResolvers': (traefik_config.certificatesResolvers | default({}))}, recursive=True) }}" + + - name: Ensure resolver block exists in Traefik config + set_fact: + traefik_config: "{{ traefik_config | combine({'certificatesResolvers': { (traefik_certresolver): { 'acme': { 'tlsChallenge': {}, 'email': email, 'storage': '/letsencrypt/' + traefik_certresolver + '.json' } }}}, recursive=True) }}" + when: traefik_certresolver not in (traefik_config.certificatesResolvers | default({})) + + - name: Write back Traefik config + copy: + dest: "{{ traefik_path }}/traefik.yml" + content: "{{ traefik_config | to_nice_yaml }}" + mode: '0644' + become: true + register: traefik_write_result + - name: Update the repository cache and update package "unzip" to latest version using default apt: name: unzip @@ -180,3 +228,17 @@ - name: Show compose_result Detail info debug: var: compose_result + + - name: Restart traefik service + docker_compose_v2: + project_src: "{{ traefik_path }}" + state: restarted + services: + - traefik + register: traefik_result + when: traefik_write_result.changed + + - name: Show traefik_result Detail info + debug: + var: traefik_result + when: traefik_write_result.changed \ No newline at end of file diff --git a/ansible_yaml/a11yvillage-fe-playbook.yml b/ansible_yaml/a11yvillage-fe-playbook.yml index 8ab8315..83aeb54 100644 --- a/ansible_yaml/a11yvillage-fe-playbook.yml +++ b/ansible_yaml/a11yvillage-fe-playbook.yml @@ -17,6 +17,7 @@ email: tsengwoody@coseeing.org ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com image_name: "{{ ecr_location }}/a11yvillage-fe:{{ deploy_tag }}" + traefik_path: /data/entry/entry collections: - community.docker - community.aws @@ -110,6 +111,45 @@ driver: bridge name: entry + - name: Ensure Traefik config directory exists + file: + path: "{{ traefik_path }}" + state: directory + mode: '0755' + become: true + + - name: Check if Traefik config exists + stat: + path: "{{ traefik_path }}/traefik.yml" + register: traefik_file + + - name: Load Traefik config when present + slurp: + src: "{{ traefik_path }}/traefik.yml" + register: traefik_slurp + when: traefik_file.stat.exists + + - name: Initialize Traefik config fact + set_fact: + traefik_config: "{{ (traefik_slurp.content | b64decode | from_yaml) if traefik_file.stat.exists else {} }}" + + - name: Ensure certificatesResolvers map exists + set_fact: + traefik_config: "{{ traefik_config | combine({'certificatesResolvers': (traefik_config.certificatesResolvers | default({}))}, recursive=True) }}" + + - name: Ensure resolver block exists in Traefik config (a11yvillage-fe) + set_fact: + traefik_config: "{{ traefik_config | combine({'certificatesResolvers': { (traefik_certresolver): { 'acme': { 'tlsChallenge': {}, 'email': email, 'storage': '/letsencrypt/' + traefik_certresolver + '.json' } }}}, recursive=True) }}" + when: traefik_certresolver not in (traefik_config.certificatesResolvers | default({})) + + - name: Write back Traefik config + copy: + dest: "{{ traefik_path }}/traefik.yml" + content: "{{ traefik_config | to_nice_yaml }}" + mode: '0644' + become: true + register: traefik_write_result + - name: Update the repository cache and update package "unzip" to latest version using default apt: name: unzip @@ -153,3 +193,17 @@ - name: Show compose_result Detail info debug: var: compose_result + + - name: Restart traefik service + docker_compose_v2: + project_src: "{{ traefik_path }}" + state: restarted + services: + - traefik + register: traefik_result + when: traefik_write_result.changed + + - name: Show traefik_result Detail info + debug: + var: traefik_result + when: traefik_write_result.changed diff --git a/ansible_yaml/coseeing-be-playbook.yml b/ansible_yaml/coseeing-be-playbook.yml index a8a005d..53db7fb 100644 --- a/ansible_yaml/coseeing-be-playbook.yml +++ b/ansible_yaml/coseeing-be-playbook.yml @@ -12,9 +12,12 @@ certbot_source_directory: /usr/local/certbot-src certbot_executable_path: "{{ certbot_source_directory }}/venv/bin/certbot" domain: api.coseeing.org + traefik_certresolver: coseeing-api + traefik_router_prefix: coseeing-api-service-- email: tsengwoody@coseeing.org ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com image_name: "{{ ecr_location }}/coseeing-be:{{ deploy_tag }}" + traefik_path: /data/entry/entry collections: - community.docker - community.aws @@ -83,6 +86,17 @@ mode: '0755' become: true + - name: Load Traefik source config (coseeing-be) + set_fact: + traefik_source_config: "{{ lookup('file', playbook_dir + '/extra/coseeing-be.yml') | from_yaml }}" + + - name: Transform Traefik config (placeholders -> prefix -> labels) + set_fact: + traefik_labels_list: "{{ (traefik_source_config + | replace_placeholders(domain, traefik_certresolver) + | apply_prefix(traefik_router_prefix) + ) | flatten_to_labels }}" + - name: Create .env file copy: dest: "{{ docker_compose_dir }}/.env" @@ -110,12 +124,7 @@ networks: - default - entry - labels: - - "traefik.enable=true" - - "traefik.http.routers.api-coseeing.rule=Host(`api.coseeing.org`)" - - "traefik.http.routers.api-coseeing.entrypoints=websecure" - - "traefik.http.routers.api-coseeing.tls.certresolver=api-coseeing" - - "traefik.docker.network=entry" + labels: {{ (['traefik.enable=true', 'traefik.docker.network=entry'] + traefik_labels_list) | to_json }} deploy: resources: limits: @@ -139,6 +148,43 @@ driver: bridge name: entry + - name: Ensure Traefik config directory exists + file: + path: "{{ traefik_path }}" + state: directory + mode: '0755' + + - name: Check if Traefik config exists + stat: + path: "{{ traefik_path }}/traefik.yml" + register: traefik_file + + - name: Load Traefik config when present + slurp: + src: "{{ traefik_path }}/traefik.yml" + register: traefik_slurp + when: traefik_file.stat.exists + + - name: Initialize Traefik config fact + set_fact: + traefik_config: "{{ (traefik_slurp.content | b64decode | from_yaml) if traefik_file.stat.exists else {} }}" + + - name: Ensure certificatesResolvers map exists + set_fact: + traefik_config: "{{ traefik_config | combine({'certificatesResolvers': (traefik_config.certificatesResolvers | default({}))}, recursive=True) }}" + + - name: Ensure resolver block exists in Traefik config + set_fact: + traefik_config: "{{ traefik_config | combine({'certificatesResolvers': { (traefik_certresolver): { 'acme': { 'tlsChallenge': {}, 'email': email, 'storage': '/letsencrypt/' + traefik_certresolver + '.json' } }}}, recursive=True) }}" + when: traefik_certresolver not in (traefik_config.certificatesResolvers | default({})) + + - name: Write back Traefik config + copy: + dest: "{{ traefik_path }}/traefik.yml" + content: "{{ traefik_config | to_nice_yaml }}" + mode: '0644' + register: traefik_write_result + - name: Update the repository cache and update package "unzip" to latest version using default apt: name: unzip @@ -182,3 +228,17 @@ - name: Show compose_result Detail info debug: var: compose_result + + - name: Restart traefik service + docker_compose_v2: + project_src: "{{ traefik_path }}" + state: restarted + services: + - traefik + register: traefik_result + when: traefik_write_result.changed + + - name: Show traefik_result Detail info + debug: + var: traefik_result + when: traefik_write_result.changed diff --git a/ansible_yaml/coseeing-fe-playbook.yml b/ansible_yaml/coseeing-fe-playbook.yml index 1d3529a..d8cbb33 100644 --- a/ansible_yaml/coseeing-fe-playbook.yml +++ b/ansible_yaml/coseeing-fe-playbook.yml @@ -17,6 +17,7 @@ email: tsengwoody@coseeing.org ecr_location: 622913514517.dkr.ecr.ap-northeast-1.amazonaws.com image_name: "{{ ecr_location }}/coseeing-fe:{{ deploy_tag }}" + traefik_path: /data/entry/entry collections: - community.docker - community.aws @@ -110,6 +111,45 @@ driver: bridge name: entry + - name: Ensure Traefik config directory exists + file: + path: "{{ traefik_path }}" + state: directory + mode: '0755' + become: true + + - name: Check if Traefik config exists + stat: + path: "{{ traefik_path }}/traefik.yml" + register: traefik_file + + - name: Load Traefik config when present + slurp: + src: "{{ traefik_path }}/traefik.yml" + register: traefik_slurp + when: traefik_file.stat.exists + + - name: Initialize Traefik config fact + set_fact: + traefik_config: "{{ (traefik_slurp.content | b64decode | from_yaml) if traefik_file.stat.exists else {} }}" + + - name: Ensure certificatesResolvers map exists + set_fact: + traefik_config: "{{ traefik_config | combine({'certificatesResolvers': (traefik_config.certificatesResolvers | default({}))}, recursive=True) }}" + + - name: Ensure resolver block exists in Traefik config (coseeing-fe) + set_fact: + traefik_config: "{{ traefik_config | combine({'certificatesResolvers': { (traefik_certresolver): { 'acme': { 'tlsChallenge': {}, 'email': email, 'storage': '/letsencrypt/' + traefik_certresolver + '.json' } }}}, recursive=True) }}" + when: traefik_certresolver not in (traefik_config.certificatesResolvers | default({})) + + - name: Write back Traefik config + copy: + dest: "{{ traefik_path }}/traefik.yml" + content: "{{ traefik_config | to_nice_yaml }}" + mode: '0644' + become: true + register: traefik_write_result + - name: Update the repository cache and update package "unzip" to latest version using default apt: name: unzip @@ -153,3 +193,17 @@ - name: Show compose_result Detail info debug: var: compose_result + + - name: Restart traefik service + docker_compose_v2: + project_src: "{{ traefik_path }}" + state: restarted + services: + - traefik + register: traefik_result + when: traefik_write_result.changed + + - name: Show traefik_result Detail info + debug: + var: traefik_result + when: traefik_write_result.changed diff --git a/ansible_yaml/extra/a11yvillage-be.yml b/ansible_yaml/extra/a11yvillage-be.yml new file mode 100644 index 0000000..0ce3ff8 --- /dev/null +++ b/ansible_yaml/extra/a11yvillage-be.yml @@ -0,0 +1,10 @@ +http: + routers: + https: + rule: Host(`(`host`)`) + entrypoints: websecure + tls: + certresolver: (`certresolver`) + http: + rule: Host(`(`host`)`) + entrypoints: webinsecure \ No newline at end of file diff --git a/ansible_yaml/extra/coseeing-be.yml b/ansible_yaml/extra/coseeing-be.yml new file mode 100644 index 0000000..0ce3ff8 --- /dev/null +++ b/ansible_yaml/extra/coseeing-be.yml @@ -0,0 +1,10 @@ +http: + routers: + https: + rule: Host(`(`host`)`) + entrypoints: websecure + tls: + certresolver: (`certresolver`) + http: + rule: Host(`(`host`)`) + entrypoints: webinsecure \ No newline at end of file