Deploy lxc-sftp container on fsicos3.#79
Conversation
jonathanthiry
left a comment
jonathanthiry
left a comment
There was a problem hiding this comment.
Very nice to see and it looks good!
In general, it would be nice to limit the number of things changed per pull request to make it easier to review. The title of this one is Deploy lxc-sftp container on fsicos3 and it does that, as well as, set up Dokku and trajectory_viewer.
I think @ZogopZ could also take a look.
| - name: Install GitHub public key for dokku admin access | ||
| tags: dokku_keys | ||
| copy: | ||
| content: "{{ dokku_github_public_key }}\n" |
There was a problem hiding this comment.
We should use vault_dokku_root_keys here, and I see that you provide it in the inventory.
| - name: Install GitHub private key when provided | ||
| tags: dokku_keys | ||
| copy: | ||
| content: "{{ dokku_github_private_key }}" | ||
| dest: /root/.ssh/id_rsa_github | ||
| mode: "0600" | ||
| no_log: true | ||
| when: dokku_github_private_key is defined |
There was a problem hiding this comment.
It would be nice if we could get rid of this. If we need to have this, we should document how to get and provide the key.
| DOKKU_PROXY_PORT: "80" | ||
| ICOS_CHROME: "0" | ||
| ICOS_CHROME_ENABLED: "1" | ||
| MATOMO_AUTH_TOKEN: 0fcf14d8c6125a74ee621ccf6cf66dc1 |
There was a problem hiding this comment.
Should be changed and put in a vault.
There was a problem hiding this comment.
It would be nice to separate the trajectory_viewer config from this playbook, probably in a separate role.
You are also using many shell tasks to run Dokku commands. Is there a Dokku plugin for Ansible that could be used instead?
| --dport {{ lxd_forward_port }} | ||
| -j DNAT --to-destination {{ lxd_forward_ip }}:22 | ||
| when: lxd_forward_port | ||
| when: lxd_forward_port | int > 0 |
There was a problem hiding this comment.
What does int > 0 do?
| dokku: | ||
| root_keys: "{{ vault_dokku_root_keys }}" | ||
| ansible_port: 60595 |
There was a problem hiding this comment.
We're going to keep running Dokku on fsicos3 for now and should keep this.
There was a problem hiding this comment.
Is this script still needed? It feels like this setup should be handled by the playbook/role.
| dokku_github_public_key: >- | ||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQZTvlk/bboloJVMfjGmy2kgbqig8Zop0f47nV0TNjArYTpqMq3gGIfNM9Ae+WbBCdpyIEq/4sxRbMyQXMmH42rvXiAM7ArJhyKMswGWYAVxUi4U7EFhGqTi4hyaA3b0/tm1vN4IisjKxleXthPOUvbcSDx210r6kZ5azu1WdBBBAwCDzi7FJhalPPj6QH7+5lmueeIzc4qRPJaAB3FINxS9PnUd+AxtVNJMqoi6nfDhQGhzhbfQs5vfilxlXNnp4XbpCK9xHhAHUGas/uaGvqV06WIm7VWQX1Lmbr4bjpVMXOTXVA7hjokGFkh6vDVe28UeCNQjw6PdQ6ErwxblxuMYMC7CNGXYHxLxpZb+It2S0VEUhqls4vsMnYSk1rY0i3bdeyG3k1llTDRV+yLluoG/h0puWnqHXFszO1kTx258vJku3HR44+nuGmoTuBAsnLe8LxPPlbr0KKZlBsN6ng0S6SIP8dvgGlYTis7Ce/waXygGC68bkkbKgOqPFx3VebWujFi+RamLsof/EFS4ezWj1fYHIgV3KSVH/QuE/Oe3wwJPYHFfH6JngfBumZZRcGUMTl4Y19Ut6c1/l4ARy1ETG9KKSnrb8KOd4zeihBzaIkzHaEfGdS6pXQ8slKqrTcdCc6Sv+tobUq3JjRF/ilVx5DRi0jOCH/+7N//9adlQ== | ||
| Roberts Github ssh key |
There was a problem hiding this comment.
Should be removed as suggested in https://github.com/ICOS-Carbon-Portal/infrastructure/pull/79/changes#r3231621334
| - name: robert | ||
| pubkey: "{{ vault_sftp_robert_pubkey }}" |
There was a problem hiding this comment.
It would be nice if at least a couple of us would have access. In this case, probably Zois and me as well.
| dokku_trajectory_viewer_name: trajectory-viewer | ||
| dokku_trajectory_viewer_repo: git@github.com:ICOS-Carbon-Portal/trajectory-viewer.git | ||
| dokku_trajectory_viewer_branch: main | ||
| dokku_trajectory_viewer_repo_dir: /opt/trajectory-viewer | ||
| dokku_trajectory_viewer_domain: trajectory.icos-cp.eu | ||
| dokku_trajectory_viewer_storage_mount: /root/data:/data:ro | ||
| dokku_trajectory_viewer_port_map: http:80:8050 | ||
| dokku_trajectory_viewer_env: | ||
| APP_URL: "https://trajectory.icos-cp.eu/" | ||
| DATA_DIR: /data/trj | ||
| DOKKU_APP_RESTORE: "1" | ||
| DOKKU_PROXY_PORT: "80" | ||
| ICOS_CHROME: "0" | ||
| ICOS_CHROME_ENABLED: "1" | ||
| MATOMO_AUTH_TOKEN: 0fcf14d8c6125a74ee621ccf6cf66dc1 | ||
| MATOMO_SITE_ID: "12" | ||
| MATOMO_URL: https://matomo.icos-cp.eu/matomo.php | ||
| PORT: "8050" | ||
| URL_BASE_PATH: / |
There was a problem hiding this comment.
These variables, like the tasks in the playbook, should be probably be moved to separate role.
2 participants
Deploy fsicos3 lxc-sftp container playbook.