Added roles server/drone.io/{runner,server}

group_vars/all/vault.yml

@@ -1,26 +1,38 @@
 $ANSIBLE_VAULT;1.1;AES256
-34633138346432303237333963303466366164373662623533336335303030643137303363616466
-6631383863383262313537393762306233653234323734330a633966366166373835333165396432
-32326565373637356530623061353431306464316531623632663934653238376265636230613462
-3266353262313031310a353630303530303866643539333563363733343261663838343363646638
-35363535336133336136323430666134326435343734643061366132383362636132306638643239
-65313733393265363535306635396432366664663933333966653933373635653035363865386365
-31333536343463626165316434636530323663393636353739306633353462623264386531373566
-34633963643466323463383532646163393461653764646434643863643437373132343262306532
-66383362393133663165393263623435396461356164613930353938333830383536666139366365
-35376331333733343739646164623839623336386630323965333536353938303962376662386666
-37313366366436646663353135623534666661353633383161376632386130353337333861623730
-31666462643934633337373937653035663931386464303838323034633563313562633439303430
-31306365356633366564313464633164343662366364366235633430313166376537633337303231
-32393139616264323531393032626336613237613033363666396134626238626663343338666630
-39633838653138313230313732663035376566653532363965326465623231646363643631636530
-34376634306134346534356665326633366331666662613266643966646135363333336431343863
-64663863623936353734626162343937356239626565316135626534386161393064373264646164
-36323636363163353432373532363561643863616431653536373537653536363062326263316161
-32363639306235613466393836346561643930383564316638383264303263366364663364343534
-34373635383033333166636137363363393937366335326562336232386566343430373664666465
-63373531336237323465396538343465363061623663656630663566613233326132313333316430
-65363936303134303463383761326163383830326263336339383434623561336534363565303937
-33363164316466343764353738366437626634376233633137303939616364363739326161666336
-66346333613532366438363630636266326633386130323134626265363561363366313264643636
-3366
+30616130383135316563356661666430316236656436663961303633643539656631656339306335
+3636663936306536373161666235306165353935393132630a383930646665616161626136383138
+31623336323035303933346439313234343261306530656131346139656439636465646239623863
+6237323831623132640a316566383633396637383437303537356536333363386262333032623231
+63333139626462376464303933363832303638323235383063353763313531366264613133613532
+63656666333330633238366330306435323336373063316232366332643639303537663934366166
+62373464333238636436663530653931646433646437393635633533643262633963346333316132
+64396136383239306435663961383136613064363934343036336162663264653562313063666237
+31356237656166353536316533653833636537326430376264396531656534646366366363396466
+61653730633463306666383332666536303133633061333131306261383930663762353239643863
+61326538353864333733636135356562386261323130346331323435376262643839653237613066
+36343637666338383635306638626437363739393431393961323931383461363439363833313434
+64393665663137373031366361373835306436333533363933663932663235383166643063633831
+35646537336436663461386365616433353964306434343162316530643737373665386165303634
+33323434373763623131306135303837373332313238313265623034333638653938393431613539
+63656164333130396130343763353365393636383233363139326436363839353232613866346165
+33383065656432333430323263613932303834323630323530343535633534666636313830653364
+33666466326162653237306463636439313739643833656638353136386238323461353432336633
+32363662616364306230633466616434373139373833346632326563653439613062353833663836
+30656464383537323566303237646465303935663935626238363063313732343132393235663133
+65663039376466653162643465633731643562663863653065323731303466613966386463393434
+30636362656131333638383630333737623736333534646461336430656138396132346432633163
+64346632353134643361653337306633393931333664366234636261663263306162373466353965
+63323563343165663965636665643236633830303036393731613633313264323265323166353339
+33353364623130323762643537346134646238626633303333303934666438366239623735383339
+35666366316333373935333864366337643164353538366332373163623730633865316638666364
+66616162656432616563623536343365383265666130656139663362323636363336383339323164
+33653666356138633464326337643538323532636632656632636438343434636433663630633464
+39386662313035383532343439323061653131313932626564386361666637333862363535333963
+32623538336464306239643265623031386563343233373765653466326236393139316130393866
+31633137633138306266313832623666316534643132323765613432373133376336313130333864
+39623062376339316130386432373463336662356265636263393166313839353836363963643439
+31373735316265313235313862616531313538643131616332336232643137643833333063366332
+36363730633434646239653335373263383861643165646532323063613932363334393665656462
+39386461396338666539336339646137636230303537613464323233656366356430326536333830
+66306231316464343863616661393230363035323032653133636262363565613765343762393739
+63613763356236646236316630363064326266316430323730323662636232343334

roles/server/drone.io/runner/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+
+instance_name: "drone-runner" # must be unique if multiple runners deployed to machine
+docker_image: "drone/drone-runner-docker:1"
+
+# drone_server_host: ci.example.com
+drone_rpc_secret: "{{ lookup('file', 'credentials/' + drone_server_host + '/rpc_secret') }}" # sync with server/drone.io/server, because must be known to all runners
+drone_runner_capacity: 4
+drone_runner_name: "{{ inventory_hostname }}"

roles/server/drone.io/runner/meta/main.yml

@@ -0,0 +1,6 @@
+---
+
+allow_duplicates: yes
+
+dependencies:
+  - role: docker/application

roles/server/drone.io/runner/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Start drone runner using docker-compose
+  docker_compose:
+    state: present
+    project_name: "{{ instance_name }}"
+    definition:
+      version: '2'
+      services:
+        drone-runner:
+          image: "{{ docker_image }}"
+          restart: always
+          environment:
+            DRONE_RPC_PROTO: https
+            DRONE_RPC_HOST: "{{ drone_server_host }}"
+            DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
+            DRONE_RUNER_CAPACITY: "{{ drone_runner_capacity }}"
+            DRONE_RUNNER_NAME: "{{ drone_runner_name }}"
+            DOCKER_API_VERSION: "1.39"
+          volumes:
+            - "/var/run/docker.sock:/var/run/docker.sock"

roles/server/drone.io/server/defaults/main.yml

@@ -0,0 +1,21 @@
+---
+
+# domain: ci.example.com
+docker_image: "drone/drone:1"
+
+# TODO Bind to socket path
+# bind_port
+#!socket_directory: "{{ user_directory }}/socket"
+#!socket_path: "{{ socket_directory }}/socket"
+
+# gitea_server_url: https://git.example.com/gitea
+# gitea_client_id generated by gitea
+# gitea_client_secret generated by gitea
+
+instance_directory: "{{ global_webservers_directory }}/{{ domain }}"
+data_directory: "{{ instance_directory }}/data"
+drone_data_directory: "{{ data_directory }}/drone_volume"
+
+drone_admin_user: "{{ global_username }}"
+drone_rpc_secret: "{{ lookup('password', 'credentials/' + domain + '/rpc_secret chars=digits,ascii_letters length=80') }}" # sync with server/drone.io/runner, because must be known to all runners
+drone_database_secret: "{{ lookup('password', 'credentials/' + domain + '/database_secret length=32 chars=0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f') }}"

roles/server/drone.io/server/meta/main.yml

@@ -0,0 +1,15 @@
+---
+
+allow_duplicates: yes
+
+dependencies:
+  - role: docker/application
+  - role: misc/backup_files
+    # domain
+    backup_directory: "{{ data_directory }}"
+  - role: misc/hdd_dir
+    # domain
+    hdd_source_dir: "{{ data_directory }}"
+  - role: nginx/proxy
+    # domain
+    backend_port: "{{ bind_port }}"

roles/server/drone.io/server/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+
+- name: Create instance directory
+  file:
+    state: directory
+    path: "{{ instance_directory }}"
+    owner: root
+    group: root
+    mode: u=rwx,g=rx,o=
+
+- name: Create general data directory
+  file:
+    state: directory
+    path: "{{ data_directory }}"
+    owner: root
+    group: root
+    mode: u=rwx,g=rx,o=
+
+- name: Create data directory for drone volume
+  file:
+    state: directory
+    path: "{{ drone_data_directory }}"
+    # let docker/drone.io manage control permissions
+
+- name: Start drone server using docker-compose
+  docker_compose:
+    state: present
+    project_name: "{{ domain }}"
+    definition:
+      version: '2'
+      services:
+        drone-server:
+          image: "{{ docker_image }}"
+          restart: always
+          environment:
+            DRONE_DATABASE_SECRET: "{{ drone_database_secret }}"
+            DRONE_GITEA_SERVER: "{{ gitea_server_url }}"
+            DRONE_GITEA_CLIENT_ID: "{{ gitea_client_id }}"
+            DRONE_GITEA_CLIENT_SECRET: "{{ gitea_client_secret }}"
+            DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
+            DRONE_SERVER_HOST: "{{ domain }}"
+            DRONE_SERVER_PROTO: https
+            DRONE_USER_CREATE: "username:{{ drone_admin_user }},admin:true"
+          ports:
+            - "127.0.0.1:{{ bind_port }}:80" # for nginx reverse proxy
+          volumes:
+            - "{{ data_directory }}:/data"