[upd] merge project

8294c4ab · MUNIER Florian · 5ab56d56 · 8294c4ab · 8294c4ab · 8294c4ab
Commit 8294c4ab authored 2 years ago by MUNIER Florian
--- a/Ansible/roles/docker/tasks/destroy.yml
+++ b/Ansible/roles/docker/tasks/destroy.yml
@@ -7,6 +7,30 @@
    env_file: "{{ENV_FILE}}"
    stopped: true
  register: output
+- name: Suppression des containers vapormap
+  become: true
+  docker_container:
+    name: "{{item}}"
+    state: absent
+  loop:
+    - vapormap_api_1
+    - vapormap_web_1
+    - vapormap_db_1
+- name: Suppression des images vapormap
+  become: true
+  docker_image:
+    name: "{{item}}"
+    tag: latest
+    state: absent
+  loop:
+    - gitlab-registry.imt-atlantique.fr/f21munie/vapormap/app_api
+    - gitlab-registry.imt-atlantique.fr/f21munie/vapormap/app_front
+    - gitlab-registry.imt-atlantique.fr/f21munie/vapormap/mariadb
+- name: Suppression du volume vapormap
+  become: true
+  docker_volume:
+    name: vapormap_data_db
+    state: absent
 - name: Déconnexion à la registry docker
  become: true
  community.docker.docker_login:

--- a/Ansible/roles/environment/tasks/main.yml
+++ b/Ansible/roles/environment/tasks/main.yml
@@ -42,3 +42,14 @@
    owner: "{{VAPORMAP_USER}}"
    group: "{{VAPORMAP_GROUP}}"
    mode: "755"
+- name: Configuration du fichier .env.front
+  become: true
+  ansible.builtin.template:
+    src: .env.front.j2
+    dest: "{{VAPORMAP_DIR}}/env/.env.front"
+    owner: "{{VAPORMAP_USER}}"
+    group: "{{VAPORMAP_GROUP}}"
+    mode: "755"
+- name: Ajout de l'IP API à la variable no_proxy
+  become: true
+  ansible.builtin.shell: export no_proxy=$no_proxy,"{{PUB_API_IP}}"
--- a/Ansible/roles/environment/templates/.env.front.j2
+++ b/Ansible/roles/environment/templates/.env.front.j2
+#Configuration de l'accès à l'API
+VAPORMAP_BACKEND={{ PUB_API_IP }}
+VAPORMAP_BACKEND_PORT=8082
+#Génération du fichier de configuration du serveur Nginx
+VAPORMAP_URL_SERVERNAME=0.0.0.0
+VAPORMAP_URL_PORT=8000
+VAPORMAP_FRONTEND_ROOT=/app_fe
--- a/Terraform/mod-os-private-network/ansible.tf
+++ b/Terraform/mod-os-private-network/ansible.tf
@@ -2,9 +2,9 @@
 resource "null_resource" "ansible" {
  provisioner "local-exec" {
    interpreter = ["/bin/bash", "-c"]
-    command = "source /home/user/TP/Ansible/venv/ansible/bin/activate; ANSIBLE_HOST_KEY_CHECKING=False ansible -i ../Ansible/hosts.ini all -m ping; deactivate"    
+    #command = "source /home/user/TP/Ansible/venv/ansible/bin/activate; ANSIBLE_HOST_KEY_CHECKING=False ansible -i ../Ansible/hosts.ini all -m ping --private-key .ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem -e pub_key=.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pub; deactivate"
    #command = "source /home/user/TP/Ansible/venv/ansible/bin/activate; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../Ansible/hosts.ini ../Ansible/deploy.yml; deactivate"
-    #command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../Ansible/hosts.ini ../Ansible/deploy.yml"
+    command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../Ansible/hosts.ini ../Ansible/deploy.yml"
  }
  depends_on = [
    openstack_compute_instance_v2.bastion_instance,

--- a/Terraform/mod-os-private-network/instance.tf
+++ b/Terraform/mod-os-private-network/instance.tf
@@ -14,11 +14,12 @@ resource "openstack_compute_instance_v2" "bastion_instance" {
  # Copie des IP locales dans un fichier .txt sur la machine hébergeante
  # Inventaire Ansible
  provisioner "local-exec" {
-    command = "echo '${self.name} : ${self.access_ip_v4}' > ip_files/private_ips.txt; echo '[admin]' > ../Ansible/hosts.ini; echo ${self.name} ansible_host=${openstack_networking_floatingip_v2.floatip_admin.address} ansible_user=ubuntu ansible_ssh_private_key_file='../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem' >> ../Ansible/hosts.ini; echo [node] >> ../Ansible/hosts.ini"  
+    command = "echo '${self.name} : ${self.access_ip_v4}' > ip_files/private_ips.txt; echo '[admin]' > ../Ansible/hosts.ini; echo ${self.name} ansible_host=${openstack_networking_floatingip_v2.floatip_admin.address} PUB_API_IP=${openstack_networking_floatingip_v2.floatip_admin.address} ansible_user=ubuntu ansible_ssh_private_key_file='../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem' >> ../Ansible/hosts.ini; echo '[node]' >> ../Ansible/hosts.ini"  
  }
  depends_on = [openstack_compute_keypair_v2.keypair_project,
    openstack_networking_floatingip_v2.floatip_admin,
+    openstack_networking_floatingip_v2.floatip_application,
    openstack_networking_subnet_v2.internal_subnet]
 }
@@ -40,7 +41,7 @@ resource "openstack_compute_instance_v2" "orchestration_instance" {
  # Copie des IP locales dans un fichier .txt sur la machine hébergeante
  # Inventaire Ansible
  provisioner "local-exec" {
-    command = "echo '${self.name} : ${self.access_ip_v4}' >> ip_files/private_ips.txt; echo ${self.name} ansible_host=${self.access_ip_v4} ansible_user=ubuntu ansible_ssh_private_key_file='${var.INSTANCE_ORCHEST_KEY_PAIR}.pem'>> ../Ansible/hosts.ini"  
+    command = "echo '${self.name} : ${self.access_ip_v4}' >> ip_files/private_ips.txt; echo ${self.name} ansible_host=${self.access_ip_v4} >> ../Ansible/hosts.ini"  
  }
  depends_on = [openstack_compute_instance_v2.bastion_instance,

--- a/Terraform/mod-os-private-network/keypair.tf
+++ b/Terraform/mod-os-private-network/keypair.tf
@@ -16,6 +16,8 @@ resource "openstack_compute_keypair_v2" "keypair_cluster" {
  provisioner "local-exec" {
    command = "echo '${self.private_key}' > ../.ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pem; echo '${self.public_key}' > ../.ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pub; chmod 600 ../.ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pem; chmod 600 ../.ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pub"
  }
+  depends_on = [openstack_compute_keypair_v2.keypair_project]
 }
 # Copie de la paire de clés du cluster sur l'instance bastion

--- a/Terraform/mod-os-private-network/secgroup.tf
+++ b/Terraform/mod-os-private-network/secgroup.tf
@@ -43,6 +43,50 @@ resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http_egress" {
  security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
 }
+# Rule port 8081 entrant
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_port_8081_ingress" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8081
+  port_range_max    = 8081
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
+}
+# Rule port 8081 sortant
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_port_8081_egress" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8081
+  port_range_max    = 8081
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
+}
+# Rule port 8082 entrant
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_port_8082_ingress" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8082
+  port_range_max    = 8082
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
+}
+# Rule port 8082 sortant
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_port_8082_egress" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8082
+  port_range_max    = 8082
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
+}
 # Security group pour réseau interne
 resource "openstack_networking_secgroup_v2" "secgroup_internal_network" {
  name        = var.SECGROUP_INTERNAL_NETWORK_NAME

--- a/Terraform/mod-os-private-network/variable.tf
+++ b/Terraform/mod-os-private-network/variable.tf
@@ -65,7 +65,7 @@ variable "INSTANCE_BASTION_KEY_PAIR" {
 variable "INSTANCE_ORCHEST_KEY_PAIR" {
  type    = string
-  default = "cluster_key2"
+  default = "cluster_key"
 }
 variable "SECGROUP_BASTION_NAME" {