Skip to content

Commit

Permalink
nginx and nginx_exporter roles were added (#62)
Browse files Browse the repository at this point in the history
* nginx and nginx_exporter roles were added

Signed-off-by: kogeler <roman.gavrilov@parity.io>
  • Loading branch information
kogeler authored Nov 22, 2023
1 parent 5e2acea commit 1b2565d
Show file tree
Hide file tree
Showing 55 changed files with 1,182 additions and 36 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/branch-main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ jobs:
fail-fast: false
matrix:
role-names: [node, ws_health_exporter]
molecule-drivers: [docker, lxd]
molecule-drivers: [docker]
# We test the latest version and minimum supported version
ansible-versions: [8.0.0, 8.6.1]
ansible-versions: [8.0.0, 9.0.1]
uses: ./.github/workflows/reusable-molecule.yml
with:
role-name: ${{ matrix.role-names }}
Expand Down
18 changes: 18 additions & 0 deletions .github/workflows/pr-nginx-exporter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: check PR (nginx_exporter)

on:
pull_request:
paths:
- roles/nginx_exporter/**
- .github/**

jobs:
run-molecule-tests:
strategy:
fail-fast: false
matrix:
molecule-driver: [docker]
uses: ./.github/workflows/reusable-molecule.yml
with:
role-name: nginx_exporter
molecule-driver: ${{ matrix.molecule-driver }}
18 changes: 18 additions & 0 deletions .github/workflows/pr-nginx.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: check PR (nginx)

on:
pull_request:
paths:
- roles/nginx/**
- .github/**

jobs:
run-molecule-tests:
strategy:
fail-fast: false
matrix:
molecule-driver: [docker]
uses: ./.github/workflows/reusable-molecule.yml
with:
role-name: nginx
molecule-driver: ${{ matrix.molecule-driver }}
2 changes: 1 addition & 1 deletion .github/workflows/pr-node-backup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
strategy:
fail-fast: false
matrix:
molecule-driver: [lxd, docker]
molecule-driver: [docker]
uses: ./.github/workflows/reusable-molecule.yml
with:
role-name: node
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-node.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
strategy:
fail-fast: false
matrix:
molecule-driver: [lxd, docker]
molecule-driver: [docker]
uses: ./.github/workflows/reusable-molecule.yml
with:
role-name: node
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-ws-health-exporter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
strategy:
fail-fast: false
matrix:
molecule-driver: [lxd, docker]
molecule-driver: [docker]
uses: ./.github/workflows/reusable-molecule.yml
with:
role-name: ws_health_exporter
Expand Down
6 changes: 2 additions & 4 deletions .github/workflows/reusable-galaxy-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
ansible-version:
required: false
type: string
default: 8.4.0
default: 9.0.1
secrets:
api-token:
required: true
Expand All @@ -21,9 +21,7 @@ jobs:
with:
python-version: '3.x'
- name: Setup Python modules
# PyYAML==5.3.1 fixes the 'The license_file parameter is deprecated, use license_files instead.' error
# the 5.4.1 version still has the issue
run: pip3 install --no-cache-dir PyYAML==5.3.1 ansible==${{ inputs.ansible-version }} yq
run: pip3 install --no-cache-dir ansible==${{ inputs.ansible-version }} yq
- name: Print Ansible version
run: ansible --version
- name: Build collection
Expand Down
31 changes: 25 additions & 6 deletions .github/workflows/reusable-molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ on:
ansible-version:
required: false
type: string
default: 8.4.0
default: 9.0.1
jobs:
molecule:
runs-on: ubuntu-22.04
Expand All @@ -25,18 +25,37 @@ jobs:
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Setup Python modules
# PyYAML==5.3.1 fixes the 'The license_file parameter is deprecated, use license_files instead.' error
# 5.4.1 version still has the issue
run: pip3 install --no-cache-dir PyYAML==5.3.1 yamllint ansible==${{ inputs.ansible-version }} ansible-lint molecule molecule-plugins[docker] molecule-lxd docker
- name: Check molecule
run: |
if [ -d "molecule" ]; then
echo "MOLECULE_IS_PRESENT=PRESENT" >> "${GITHUB_ENV}"
fi
working-directory: "${{ github.repository }}/roles/${{ inputs.role-name }}"
- name: Setup molecule
run: |
pip3 install --no-cache-dir yamllint ansible==${{ inputs.ansible-version }} ansible-lint \
molecule molecule-plugins[docker] docker \
jmespath
- name: Print Ansible version
run: ansible --version
- name: Setup LXD
if: ${{ inputs.molecule-driver == 'lxd' }}
if: ${{ env.MOLECULE_IS_PRESENT && inputs.molecule-driver == 'lxd' }}
# https://github.com/canonical/setup-lxd
uses: canonical/setup-lxd@v0.1.1
with:
channel: latest/stable
- name: Setup LXD molecule module
if: ${{ env.MOLECULE_IS_PRESENT && inputs.molecule-driver == 'lxd' }}
run: |
pip3 install --no-cache-dir molecule-lxd
# enable and fix issues as separate PR
# - name: Run lint
# run: |
# set -e
# yamllint .
# ansible-lint
# working-directory: "${{ github.repository }}/roles/${{ inputs.role-name }}"
- name: Run molecule tests
if: ${{ env.MOLECULE_IS_PRESENT }}
run: molecule test --all
working-directory: "${{ github.repository }}/roles/${{ inputs.role-name }}"
2 changes: 1 addition & 1 deletion galaxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ namespace: paritytech
name: chain

# The version of the collection. Must be compatible with semantic versioning
version: 1.6.1
version: 1.7.0

# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
Expand Down
1 change: 1 addition & 0 deletions roles/key_inject/README.md
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
# key_inject ansible role

33 changes: 33 additions & 0 deletions roles/nginx/.yamllint
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
# Based on ansible-lint config
extends: default

rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: disable
truthy: disable
1 change: 1 addition & 0 deletions roles/nginx/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# nginx ansible role
50 changes: 50 additions & 0 deletions roles/nginx/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
nginx_letsencrypt_email: "devops-team@parity.io"
nginx_letsencrypt_mock: false
nginx_dhparam_size: 4096
nginx_worker_rlimit_nofile: 30000
# requests per second
nginx_max_request_rate: 2
nginx_burst_request_rate: 5


# print extended data about clients
nginx_log_extended_enable: false

nginx_http_context_directives: []
# - "server_names_hash_bucket_size 128"

# flow
## Remove nginx, letsencrypt. Wipe all configs and , certificates.
nginx_remove_enable: false

# 'nginx_sites':
## - 'template' - a name of a site template file, including '.j2'.
## - 'domain' - a real domain name as is, without placeholders etc.
## - 'ssl_issuer' - defines how TLS certificates are managed. Can be 'manual' or 'letsencrypt'.
## - 'ssl_manual_cert_file' - it must be specified if 'ssl_issuer'='manual'.
## It defines the name of a custom certificate file.
## Custom certificates have to be stored in the 'files' directories on the role or playbook levels.
## But it's better to store them on the playbook level.
## - 'params' - optional. But, it must be specified if the template of the site uses any custom variables inside.
## The dictionary contains user variables that are used in site templates.
##
## 'template', 'domain', 'ssl_manual_cert_file' variables can have the same values
## in more than one item of the 'nginx_sites' list, the role can manage it.
## But, a pair of 'template' and 'domain' variables must be unique for each item of the list.

#nginx_sites:
# - template: site-rpc.j2
# domain: "a.r-test-2.parity-lab.parity.io"
# ssl_issuer: letsencrypt
# params:
# rpc_port: 9933
# rpc_ws_port: 9944
# no_host_external_port: 8081 # it accepts any host in headers. It's useful for health checks.
# - template: site-rpc.j2
# domain: "b.r-test-2.parity-lab.parity.io"
# ssl_issuer: letsencrypt
# params: {}
# - template: site-connect.j2
# domain: "c.r-test-2.parity-lab.parity.io"
# ssl_issuer: manual
# ssl_manual_cert_file: "ws.polkadot.io.pem"
2 changes: 2 additions & 0 deletions roles/nginx/files/reload-nginx-config
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#!/bin/bash
/bin/systemctl reload nginx
8 changes: 8 additions & 0 deletions roles/nginx/handlers/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---

- name: reload nginx config
ansible.builtin.systemd:
name: "nginx"
state: reloaded
enabled: yes
daemon_reload: yes
18 changes: 18 additions & 0 deletions roles/nginx/molecule/default/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
### Molecule
#### Docker
Test role with docker driver
```shell
molecule create
molecule converge
molecule verify
molecule destroy
```

#### LXD
Test role with LXD driver
```shell
DRIVER=lxd molecule create
DRIVER=lxd molecule converge
DRIVER=lxd molecule verify
DRIVER=lxd molecule destroy
```
9 changes: 9 additions & 0 deletions roles/nginx/molecule/default/converge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
- name: converge
hosts: all
tasks:
- name: converge | deploy nginx without wipe
ansible.builtin.include_role:
name: "nginx"
vars:
nginx_remove_enable: false
19 changes: 19 additions & 0 deletions roles/nginx/molecule/default/files/pebble/cert.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDGzCCAgOgAwIBAgIIbEfayDFsBtwwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgMjRlMmRiMCAXDTE3MTIwNjE5NDIxMFoYDzIxMDcx
MjA2MTk0MjEwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCbFMW3DXXdErvQf2lCZ0qz0DGEWadDoF0O2neM5mVa
VQ7QGW0xc5Qwvn3Tl62C0JtwLpF0pG2BICIN+DHdVaIUwkf77iBS2doH1I3waE1I
8GkV9JrYmFY+j0dA1SwBmqUZNXhLNwZGq1a91nFSI59DZNy/JciqxoPX2K++ojU2
FPpuXe2t51NmXMsszpa+TDqF/IeskA9A/ws6UIh4Mzhghx7oay2/qqj2IIPjAmJj
i73kdUvtEry3wmlkBvtVH50+FscS9WmPC5h3lDTk5nbzSAXKuFusotuqy3XTgY5B
PiRAwkZbEY43JNfqenQPHo7mNTt29i+NVVrBsnAa5ovrAgMBAAGjYzBhMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
AQH/BAIwADAiBgNVHREEGzAZgglsb2NhbGhvc3SCBnBlYmJsZYcEfwAAATANBgkq
hkiG9w0BAQsFAAOCAQEAYIkXff8H28KS0KyLHtbbSOGU4sujHHVwiVXSATACsNAE
D0Qa8hdtTQ6AUqA6/n8/u1tk0O4rPE/cTpsM3IJFX9S3rZMRsguBP7BSr1Lq/XAB
7JP/CNHt+Z9aKCKcg11wIX9/B9F7pyKM3TdKgOpqXGV6TMuLjg5PlYWI/07lVGFW
/mSJDRs8bSCFmbRtEqc4lpwlrpz+kTTnX6G7JDLfLWYw/xXVqwFfdengcDTHCc8K
wtgGq/Gu6vcoBxIO3jaca+OIkMfxxXmGrcNdseuUCa3RMZ8Qy03DqGu6Y6XQyK4B
W8zIG6H9SVKkAznM2yfYhW8v2ktcaZ95/OBHY97ZIw==
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions roles/nginx/molecule/default/files/pebble/key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAmxTFtw113RK70H9pQmdKs9AxhFmnQ6BdDtp3jOZlWlUO0Blt
MXOUML5905etgtCbcC6RdKRtgSAiDfgx3VWiFMJH++4gUtnaB9SN8GhNSPBpFfSa
2JhWPo9HQNUsAZqlGTV4SzcGRqtWvdZxUiOfQ2TcvyXIqsaD19ivvqI1NhT6bl3t
redTZlzLLM6Wvkw6hfyHrJAPQP8LOlCIeDM4YIce6Gstv6qo9iCD4wJiY4u95HVL
7RK8t8JpZAb7VR+dPhbHEvVpjwuYd5Q05OZ280gFyrhbrKLbqst104GOQT4kQMJG
WxGONyTX6np0Dx6O5jU7dvYvjVVawbJwGuaL6wIDAQABAoIBAGW9W/S6lO+DIcoo
PHL+9sg+tq2gb5ZzN3nOI45BfI6lrMEjXTqLG9ZasovFP2TJ3J/dPTnrwZdr8Et/
357YViwORVFnKLeSCnMGpFPq6YEHj7mCrq+YSURjlRhYgbVPsi52oMOfhrOIJrEG
ZXPAwPRi0Ftqu1omQEqz8qA7JHOkjB2p0i2Xc/uOSJccCmUDMlksRYz8zFe8wHuD
XvUL2k23n2pBZ6wiez6Xjr0wUQ4ESI02x7PmYgA3aqF2Q6ECDwHhjVeQmAuypMF6
IaTjIJkWdZCW96pPaK1t+5nTNZ+Mg7tpJ/PRE4BkJvqcfHEOOl6wAE8gSk5uVApY
ZRKGmGkCgYEAzF9iRXYo7A/UphL11bR0gqxB6qnQl54iLhqS/E6CVNcmwJ2d9pF8
5HTfSo1/lOXT3hGV8gizN2S5RmWBrc9HBZ+dNrVo7FYeeBiHu+opbX1X/C1HC0m1
wJNsyoXeqD1OFc1WbDpHz5iv4IOXzYdOdKiYEcTv5JkqE7jomqBLQk8CgYEAwkG/
rnwr4ThUo/DG5oH+l0LVnHkrJY+BUSI33g3eQ3eM0MSbfJXGT7snh5puJW0oXP7Z
Gw88nK3Vnz2nTPesiwtO2OkUVgrIgWryIvKHaqrYnapZHuM+io30jbZOVaVTMR9c
X/7/d5/evwXuP7p2DIdZKQKKFgROm1XnhNqVgaUCgYBD/ogHbCR5RVsOVciMbRlG
UGEt3YmUp/vfMuAsKUKbT2mJM+dWHVlb+LZBa4pC06QFgfxNJi/aAhzSGvtmBEww
xsXbaceauZwxgJfIIUPfNZCMSdQVIVTi2Smcx6UofBz6i/Jw14MEwlvhamaa7qVf
kqflYYwelga1wRNCPopLaQKBgQCWsZqZKQqBNMm0Q9yIhN+TR+2d7QFjqeePoRPl
1qxNejhq25ojE607vNv1ff9kWUGuoqSZMUC76r6FQba/JoNbefI4otd7x/GzM9uS
8MHMJazU4okwROkHYwgLxxkNp6rZuJJYheB4VDTfyyH/ng5lubmY7rdgTQcNyZ5I
majRYQKBgAMKJ3RlII0qvAfNFZr4Y2bNIq+60Z+Qu2W5xokIHCFNly3W1XDDKGFe
CCPHSvQljinke3P9gPt2HVdXxcnku9VkTti+JygxuLkVg7E0/SWwrWfGsaMJs+84
fK+mTZay2d3v24r9WKEKwLykngYPyZw5+BdWU0E+xx5lGUd3U4gG
-----END RSA PRIVATE KEY-----
55 changes: 55 additions & 0 deletions roles/nginx/molecule/default/files/test1.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
-----BEGIN CERTIFICATE-----
MIIEWjCCA7ugAwIBAgIUFi6dt6Ljwt7usmsFraZQkHbBR+4wCgYIKoZIzj0EAwIw
XTELMAkGA1UEBhMCRVUxDTALBgNVBAgMBFRFU1QxDTALBgNVBAcMBFRFU1QxDTAL
BgNVBAoMBFRFU1QxDTALBgNVBAsMBFRFU1QxEjAQBgNVBAMMCSoucnBjLmxhbjAe
Fw0yMjA0MjUxODExMzZaFw0zMjA0MjIxODExMzZaMF0xCzAJBgNVBAYTAkVVMQ0w
CwYDVQQIDARURVNUMQ0wCwYDVQQHDARURVNUMQ0wCwYDVQQKDARURVNUMQ0wCwYD
VQQLDARURVNUMRIwEAYDVQQDDAkqLnJwYy5sYW4wggJdMIIB0AYHKoZIzj0CATCC
AcMCAQEwTQYHKoZIzj0BAQJCAf//////////////////////////////////////
////////////////////////////////////////////////MIGfBEIB////////
////////////////////////////////////////////////////////////////
//////////////wEQgBRlT65YY4cmh+SmiGgtoVA7qLacluZsxXzuLSJkY7xCeFW
GTlR7H6TexZSwL07sb8HNXPfiD0sNPHvRR/Ua1A/AAMVANCeiAApHLhTlsxnFzky
hKqg2mS6BIGFBADGhY4GtwQE6c2ePstmI5W0QpxkgTkFP7Uh+CivYGtNPbqhS153
7+dZKP4dwSei/6jeM0izwYVqQpv5fn4xwuW9ZgEYOSlqeJo7wARcil+0LH0b2Zj1
RElXm0RoF6+9Fyc+ZiyX7nKZXvQmQMVQuQE/rQdhNTxwhqJywkCIvpR2n9FmUAJC
Af//////////////////////////////////////////+lGGh4O/L5Zrf8wBSPcJ
pdA7tcm4iZxHrrtvtx6ROGQJAgEBA4GGAAQBexiUvRext+wPweeabtxEBGRhrUHY
AVVOVGJNZajY4cs1fFj6ibC7hRDx/zoe1K8/8JfPjIErpGGUDddwDPGO9BsAaxnw
9Zjsqcg7eVZ80FCcV7NkidCWowW+2vNGJVz+H7Uvni/nP8EV/rirPkikJ7GLZo+i
2GFlbyd5aiXjpXmiuBejUzBRMB0GA1UdDgQWBBTDRA1ZGMG/Mug+UA/FpXbxKhIt
+TAfBgNVHSMEGDAWgBTDRA1ZGMG/Mug+UA/FpXbxKhIt+TAPBgNVHRMBAf8EBTAD
AQH/MAoGCCqGSM49BAMCA4GMADCBiAJCARjvVk6dGYDkBNzwyGOOP9MzWnsNgaDg
HPnpBFMM5Ut/P/P9ApWcc4HDOv+zp22KkgVfoIyF1J3S6djA/3qHMV5XAkIBjlfr
LznARSA19eeU69LHSd4+kfZ/45eE48bfC/pxkgmRMdIFqb5r72z5quj/W/SM4F8s
l3LHQFWzwMex/DVwU/I=
-----END CERTIFICATE-----
-----BEGIN EC PARAMETERS-----
MIIBwwIBATBNBgcqhkjOPQEBAkIB////////////////////////////////////
//////////////////////////////////////////////////8wgZ8EQgH/////
////////////////////////////////////////////////////////////////
/////////////////ARCAFGVPrlhjhyaH5KaIaC2hUDuotpyW5mzFfO4tImRjvEJ
4VYZOVHsfpN7FlLAvTuxvwc1c9+IPSw08e9FH9RrUD8AAxUA0J6IACkcuFOWzGcX
OTKEqqDaZLoEgYUEAMaFjga3BATpzZ4+y2YjlbRCnGSBOQU/tSH4KK9ga009uqFL
Xnfv51ko/h3BJ6L/qN4zSLPBhWpCm/l+fjHC5b1mARg5KWp4mjvABFyKX7QsfRvZ
mPVESVebRGgXr70XJz5mLJfucple9CZAxVC5AT+tB2E1PHCGonLCQIi+lHaf0WZQ
AkIB///////////////////////////////////////////6UYaHg78vlmt/zAFI
9wml0Du1ybiJnEeuu2+3HpE4ZAkCAQE=
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIICngIBAQRCAdg/rpMq12SkpeFecWlMaOjp1Xrd7TKCyHyrz5m5W7MEDowo80h3
wBFdrCtauwzSz6UBzBvk4QMdaAhVlCngel/woIIBxzCCAcMCAQEwTQYHKoZIzj0B
AQJCAf//////////////////////////////////////////////////////////
////////////////////////////MIGfBEIB////////////////////////////
//////////////////////////////////////////////////////////wEQgBR
lT65YY4cmh+SmiGgtoVA7qLacluZsxXzuLSJkY7xCeFWGTlR7H6TexZSwL07sb8H
NXPfiD0sNPHvRR/Ua1A/AAMVANCeiAApHLhTlsxnFzkyhKqg2mS6BIGFBADGhY4G
twQE6c2ePstmI5W0QpxkgTkFP7Uh+CivYGtNPbqhS1537+dZKP4dwSei/6jeM0iz
wYVqQpv5fn4xwuW9ZgEYOSlqeJo7wARcil+0LH0b2Zj1RElXm0RoF6+9Fyc+ZiyX
7nKZXvQmQMVQuQE/rQdhNTxwhqJywkCIvpR2n9FmUAJCAf//////////////////
////////////////////////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6R
OGQJAgEBoYGJA4GGAAQBexiUvRext+wPweeabtxEBGRhrUHYAVVOVGJNZajY4cs1
fFj6ibC7hRDx/zoe1K8/8JfPjIErpGGUDddwDPGO9BsAaxnw9Zjsqcg7eVZ80FCc
V7NkidCWowW+2vNGJVz+H7Uvni/nP8EV/rirPkikJ7GLZo+i2GFlbyd5aiXjpXmi
uBc=
-----END EC PRIVATE KEY-----
Loading

0 comments on commit 1b2565d

Please sign in to comment.