ECN>> ansible-webtools-installer>> 返回
项目作者: jaimesf

项目描述 :
Install Nextcloud + Collabora + Onlyoffice + E-mail server + LDAP server + Gitlab + Jenkins + Nexus +Sonar via Ansible and docker on your own server
高级语言: Shell
项目地址: git://github.com/jaimesf/ansible-webtools-installer.git
创建时间: 2019-11-05T12:18:25Z
项目社区:https://github.com/jaimesf/ansible-webtools-installer
开源协议:
下载


Ansible Web Tools Installer

You can install easily the basic service for a little startup, that doesn’t need a big infrastructure to work.
Change vars to your needs, the target host, and just execute 

  1. ./install_cloud.sh

You will have a private cloud, instant messaging, online document editor and an e-mail server.

Additionaly, if you need an CI/CD environment for software development startup, your command is

  1. ./install_devtools.sh

This give you Gitlab, Jenkins, Nexus installations automatically.

Or if you need all of them, the magic words are:

  1. ./install_all.sh

Features at a Glance

  • Private cloud to store all you need via Nextcloud
  • Instant messaging and videoconference without 3rd party solutions.
  • Online document editor with MS Office (OnlyOffice) and Libreoffice (Collabora) compat.
  • E-mail server to manage your domain, with SPAM filter included, via Poste.io
  • Ldap server to manage your users, via OpenLDAP
  • Gitlab as your main VCS.
  • Jenkins as CI/CD manager.
  • Nexus as your main artifact repository.
  • Sonar as your code quality server.
  • Nginx as your main channel to serve all data.
  • Auto generation https certs, via Let’s Encrypt
  • Use your own https certs instead generated
  • Ansible install all your services on unattended way.
  • All services, deployed via Docker to simplify the installations and update processes.

Requirements

Hardware

  • Cloud tools
    • RAM: 4 GB minimum. 8 GB recommended.
    • CPU cores: 2 cores minimum. 4 recommended
    • Storage free space: 10 GB minimum. Try to get all free space you can: Your storage space on the cloud, and e-mail data, depends on this.
  • Development tools
    • RAM: 8 GB minimum. 16 GB recommended.
    • CPU cores: 4 cores minimum. 6 recommended
    • Storage free space: 15 GB minimum. Try to get all free space you can: Your artifact repository data, VCS repositories and compilations, depends on this.
  • All web tools
    • RAM: 16 GB minimum.
    • CPU cores: 6 cores minimum.
    • Storage free space: 25 GB minimum. Try to get all free space you can: All your data, depends on this.

      Software

  • Supported OS
    • Debian (10 recommended)
    • Ubuntu server (LTS recommended)
  • Access
    • SSH server installed
    • Root user or user with sudo permissions

Network

  • Access to Internet required from server.
  • Access from Internet if the server has to be accessed from outside.
    • If the server, it’s a server with public IP on it’s network interface, that’s all you need.
    • If the server is behind NAT, you need to forward this ports:
      • 80 (HTTP)
      • 443 (HTTPS)
      • 25 (SMTP)
      • 110 (POP3)
      • 143 (IMAP)
      • 465 (SMTP)
      • 587 (SMTP)
      • 993 (IMAP)
      • 995 (POP3)
      • 636 (LDAPS)

DNS

All names for the subdomains could be customize via ansible vars at the installation time.

  • Root domain pointing to your public IP with A registry.
  • cloud.yourdomain.com as CNAME registry to your root domain (If Nextcloud will be installed)
  • mail.yourdomain.com as CNAME registry to your root domain (If E-mail server will be installed)
  • ldap.yourdomain.com as CNAME registry to your root domain (If OpenLDAP will be installed)
  • collabora.yourdomain.com as CNAME registry to your root domain (If Collabora will be installed)
  • onlyoffice.yourdomain.com as CNAME registry to your root domain (If OnlyOffice will be installed)
  • gitlab.yourdomain.com as CNAME registry to your root domain (If Gitlab will be installed)
  • jenkins.yourdomain.com as CNAME registry to your root domain (If Jenkins will be installed)
  • nexus.yourdomain.com as CNAME registry to your root domain (If Nexus will be installed)
  • sonar.yourdomain.com as CNAME registry to your root domain (If Sonar will be installed)
  • MX register pointing to mail.yourdomain.com with priority 10.

Variables

Vars are distributed among multiple files on the repository.

global_vars.yml

Name Description Change required Default Value
public_server The server is public and use letsencrypt to generate certs, and check domains. False value required to put your certs on their own directories No True
install_proxy_base Create proxy base. Mandatory to True if there is no previous installation. No True
install_root Create root domain with https cert. Usefull if you deploy some other service on root directory on the future. No True
install_nextcloud Install nextcloud server. No True
install_email Install email server. No True
install_ldap Install LDAP server. No True
install_collabora Install collabora server. No True
install_onlyoffice Install onlyoffice server. No True
install_gitlab Install gitlab server. No True
install_jenkins Install jenkins server. No True
install_nexus Install nexus server. No True
install_sonar Install sonar server. No True
root_domain Your root domain (And email domain name). Yes mydomain.com
cloud_domain Subdomain for nextcloud installation. No cloud.{{root_domain}}
ldap_domain Subdomain for LDAP installation. No ldap.{{root_domain}}
mail_domain Subdomain for email server installation. No mail.{{root_domain}}
collabora_domain Subdomain for collabora server installation. No. collabora.{{root_domain}}
onlyoffice_domain Subdomain for onlyoffice server installation. No onlyoffice.{{root_domain}}
gitlab_domain Subdomain for gitlab installation. No gitlab.{{root_domain}}
jenkins_domain Subdomain for jenkins installation. No jenkins.{{root_domain}}
nexus_domain Subdomain for nexus installation. No nexus.{{root_domain}}
sonar_domain Subdomain for sonar installation. No sonar.{{root_domain}}
email_certbot Email to use on letsencrypt cert generator. Yes admin@mydomain.com
root_directory_deploy Root installation directory. No /opt
directory_deploy_cloud Installation directory cloud services. No {{root_directory_deploy}}/cloud
directory_volumes_cloud Installation directory for data cloud services. No {{directory_deploy_cloud}}/dockervolumes
directory_scripts_cloud Installation directory for scripts cloud services. No {{directory_deploy_cloud}}/dockerscripts
directory_deploy_devtools Installation directory devtools services. No {{root_directory_deploy}}/devtools
directory_volumes_devtools Installation directory for data devtools services. No {{directory_deploy_devtools}}/dockervolumes
directory_scripts_devtools Installation directory for scripts devtools services. No {{directory_deploy_devtools}}/dockerscripts
directory_deploy_proxy Installation directory proxy. No {{root_directory_deploy}}/proxy

roles/checkdocker/vars/main.yml

Name Description Change required Default Value
docker_compose_version Docker compose version to install No 1.25.4

roles/openldap/vars/main.yml

Name Description Change required Default Value
initial_openldap_admin_password Password for LDAP admin user Yes changemenow
openldap_organisation_name Name of your organisation to LDAP server Yes organisation

roles/collabora/vars/main.yml

Name Description Change required Default Value
secret_collabora Secret for Collabora admin user Yes longsecretfornoonefigureout

roles/onlyoffice/vars/main.yml

Name Description Change required Default Value
secret_onlyoffice Secret for Onlyoffice Yes longsecretfornoonefigureout

roles/nextcloud/vars/main.yml

Name Description Change required Default Value
initial_nextcloud_admin_password Password for Nextcloud admin user Yes changemenow

HTTPS certificates

All services will be deployed over HTTPS, and certificates are needed.

Auto generated

If your server will have access from Internet, you can use the free https certs generator Let’s Encrypt, setting up public_server var to True. This option generate https certs for all services subdomains to install, and you don’t pay attention to renovate it.

Manual certificates

If your server won’t be accessed from Internet, or if it’s public and you have certs for all subdomains, you can put your certs on their directories, and these will be installed.

Your certs have to be named as:

  • Certificate: cert.pem
  • Private key: privkey.pem
  • CA cert: chain.pem

Directories to save your certs:

  • roles/proxy/files/root_certs for root certs, to you main domain {{rootdomain}} (Only if you set up install_root var to _True)
  • roles/proxycloud/files/cloud_certs for Nextcloud certs, to default subdomain cloud.{{root_domain}}
  • roles/proxycloud/files/collabora_certs for Collabora certs, to default subdomain collabora.{{root_domain}}
  • roles/proxycloud/files/onlyoffice_certs for Onlyoffice certs, to default subdomain onlyoffice.{{root_domain}}
  • roles/proxycloud/files/mail_certs for e-mail certs, to default subdomain mail.{{root_domain}}
  • roles/proxycloud/files/ldap_certs for LDAP certs, to default subdomain ldap.{{root_domain}}
  • roles/proxydevtools/files/gitlab_certs for Gitlab certs, to default subdomain gitlab.{{root_domain}}
  • roles/proxydevtools/files/jenkins_certs for Jenkins certs, to default subdomain jenkins.{{root_domain}}
  • roles/proxydevtools/files/nexus_certs for Nexus certs, to default subdomain nexus.{{root_domain}}
  • roles/proxydevtools/files/sonar_certs for Sonar certs, to default subdomain sonar.{{root_domain}}

Playbooks and installers

Ansible playbook is a list of independent complex tasks (Named as roles), to execute consecutively to reach you target.

Three playbooks exist:

  • install_cloud.yml: Define list of roles to install all cloud services (E-mail, OpenLDAP, Nextcloud, Collabora, Onlyoffice).
  • install_devtools.yml: Define list of roles to install all development services (Gitlab, Jenkins, Nexus).
  • install_all.yml: Define list of roles to install all cloud and development services.

Related to these playbook, exists three script to launch easily the playbooks:

  • install_cloud.sh: Install cloud services via install_cloud.yml playbook.
  • install_devtools.sh: Install devtools services via install_cloud.yml playbook.
  • install_all.sh: Install all services via install_all.yml playbook.

Roles

List of roles and their description

roles/nextcloud/vars/main.yml

Name Description Included on playbook
checkdocker Check and install docker and it’s dependencies on the target host. All
checkdomainscloud Check Nextcloud, e-mail, collabora and onlyoffice subdomains with their public IPs (Only with public server var active). install_all, install_cloud
checkdomainsdevtools Check Gitlab, Jenkins and Neux subdomains with their public IPs(Only with public server var active). install_all, install_devtools
proxy Install proxy (Only with install_proxy_base var active) and the root certificate (Only with install_root var active). All
proxycloud Install proxy config, generate certs https (Only with public_server var active), copy your own https cert certificates (Only with public_server var to False) to Nextcloud, E-mail, Collabora and Onlyoffice install_all, install_cloud
proxydevtools Install proxy config, generate certs https (Only with public_server var active), copy your own https cert certificates (Only with public_server var to False) to Gitlab, Jenkins and Nexus install_all, install_devtools
email Install e-mail server (Only with install_email var to True) install_all, install_cloud
collabora Install Collabora server (Only with install_collabora var to True) install_all, install_cloud
onlyoffice Install Onlyoffice server (Only with install_onlyoffice var to True) install_all, install_cloud
nextcloud Install Nextcloud server (Only with install_nextcloud var to True) install_all, install_cloud
openldap Install LDAP server (Only with install_ldap var to True) install_all, install_cloud
gitlab Install Gitlab server (Only with install_gitlab var to True) install_all, install_devtools
jenkins Install Jenkins server (Only with install_jenkins var to True) install_all, install_devtools
nexus Install Nexus server (Only with install_nexus var to True) install_all, install_devtools
sonar Install Sonar server (Only with install_sonar var to True) install_all, install_devtools
showadminpasswords Show initial admin passwords auto generated by Jenkins and Nexus install_all, install_devtools

Hosts

To execute installer, you will need modify hosts.cfg to enter your access data.

Example: 

  1. 10.0.0.12      ansible_ssh_user=myuser  ansible_ssh_pass=mypassword ansible_become_pass=mypassword

If your user, it’s not the root user, you need sudo permissions to execute this installer and ansible_become_pass is required.

Installation

First of all, you need to install Ansible on your machine (Not the server, you own computer) to execute installer. Ansible can be installed on many ways, described on it’s website.

Steps to install:

  1. Set up DNS config
  2. Forward ports to your server if needed.
  3. Set up you target host on hosts.cfg.
  4. Set up root_domain var on global-vars.yml
  5. Setup for https certs
    1. Auto generated certs: Set up email_certbot var on global-vars.yml and public_server to True
    2. Own certs: Copy all your certs properly named to their directories
  6. Set up other vars, as admin passwords.
  7. Execute the installer you need:
    1. ./install_cloud.sh to install all cloud services.
    2. ./install_devtools.sh to install all dev tools services.
    3. ./install_all.sh to install all services
  8. If you installed Jenkins and Nexus, last role, show you admin passwords.

After the installation process you can access services on this URIs if you didn’t change subdomains

Problems on installation

  • If you can’t connect to your server at execute playbooks, first log in to your server manually and accept ssh cert. Ex:ssh root@10.0.0.15

Pull requests are wellcome ;)