CodeNow · thejsj · Feb 1, 2017 · Feb 2, 2017 · Feb 2, 2017 · Feb 2, 2017
diff --git a/ansible/base.yml b/ansible/base.yml
@@ -1,4 +1,6 @@
 ---
+- hosts: registry
+
 - hosts: localhost
   connection: local
   tasks:

diff --git a/ansible/default-hosts/docks.js b/ansible/default-hosts/docks.js
@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+
+'use strict';
+
+var aws = require('aws-sdk');
+var ec2 = new aws.EC2({
+  accessKeyId: '${AWS_ACCESS_KEY_ID_1}',
+  secretAccessKey: '${AWS_SECRET_ACCESS_KEY_1}',
+  region: '${AWS_REGION}'
+});
+
+var params = {
+  Filters: [
+    // Only search for docks in the cluster security group
+    {
+      Name: 'instance.group-id',
+      Values: ['${AWS_DOCK_SG}'] // This script is the same for all environments
+    },
+    // Only fetch instances that are tagged as docks
+    {
+      Name: 'tag:role',
+      Values: ['dock']
+    },
+    // Only fetch running instances
+    {
+      Name: 'instance-state-name',
+      Values: ['running']
+    }
+  ]
+};
+
+ec2.describeInstances(params, function (err, data) {
+  if (err) {
+    console.error("An error occurred: ", err);
+    process.exit(1);
+  }
+
+  // Get a set of instances from the describe response
+  var instances = [];
+  data.Reservations.forEach(function (res) {
+    res.Instances.forEach(function (instance) {
+      instances.push(instance);
+    });
+  });
+
+  // Map the instances to their private ip addresses
+  // NOTE This will work locally because of the wilcard ssh proxy in the config
+  var hosts = instances.map(function (instance) {
+    return instance.PrivateIpAddress;
+  });
+
+  var hostVars = {};
+  instances.forEach(function (instance) {
+    for (var i = 0; i < instance.Tags.length; i++) {
+      if (instance.Tags[i].Key === 'org') {
+        hostVars[instance.PrivateIpAddress] = {
+          host_tags: instance.Tags[i].Value + ',build,run'
+        };
+      }
+    }
+  });
+
+  // Output the resulting JSON
+  // NOTE http://docs.ansible.com/ansible/developing_inventory.html
+  console.log(JSON.stringify(
+    {
+      docks: {
+        hosts: hosts
+      },
+     _meta : {
+       hostvars : hostVars
+      }
+    }
+  ));
+});
diff --git a/ansible/default-hosts/hosts b/ansible/default-hosts/hosts
@@ -0,0 +1,159 @@
+[bastion]
+dafault-bastion
+
+[hipache]
+default-main httpsCheckForBackend80=false prependIncomingPort=true subDomainDepth=4
+
+[userland]
+default-main
+
+[mongodb]
+default-main
+
+[api_group:children]
+worker
+api
+socket-server
+
+[api]
+default-main
+
+[big-poppa]
+default-main
+
+[cream]
+default-main
+
+[consul]
+default-main
+
+[docker-listener]
+default-main
+
+[vault]
+default-main
+
+[worker]
+default-main
+
+[navi]
+default-main
+
+[ingress]
+default-main
+
+[link]
+default-main
+
+[mongo-navi]
+default-main
+
+[charon]
+default-main
+
+[khronos]
+default-main
+
+[optimus]
+default-main
+
+[detention]
+default-main
+
+[palantiri]
+default-main
+
+[rabbitmq]
+default-main
+
+[web]
+default-main
+
+[redis]
+default-main
+
+[redis-slave]
+default-main
+
+[sauron]
+default-main
+
+[shiva]
+default-main
+
+[socket-server]
+default-main
+
+[socket-server-proxy]
+default-main
+
+[registry]
+default-main
+
+[swarm-manager]
+default-main
+
+[metis]
+default-main
+
+[drake]
+default-main
+
+[pheidi]
+default-main
+
+[github-varnish]
+default-main
+
+[single-host-proxy]
+default-main
+
+[docks]
+
+[dock]
+
+[prometheus]
+default-main
+
+[bear-clone:children]
+api
+bastion
+big-poppa
+charon
+consul
+cream
+dock
+docker-listener
+docks
+drake
+hipache
+ingress
+khronos
+metis
+mongodb
+navi
+optimus
+pheidi
+prometheus
+rabbitmq
+redis
+redis-slave
+registry
+sauron
+shiva
+single-host-proxy
+socket-server
+socket-server-proxy
+swarm-manager
+userland
+web
+worker
+
+[local]
+127.0.0.1
+
+[ec2]
+local
+
+[targets]
+localhost ansible_connection=local bastion_name=default-bastion
diff --git a/ansible/default-hosts/variables b/ansible/default-hosts/variables
@@ -0,0 +1,134 @@
+[api_group:vars]
+api_aws_access_key_id=${AWS_ACCESS_KEY_ID_1}
+api_aws_secret_access_key=${AWS_SECRET_ACCESS_KEY_1}
+api_github_client_id=${GITHUB_CLIEND_ID}
+api_github_client_secret=${GITHUB_CLIENT_SECRET}
+api_github_deploy_keys_bucket=runnable.deploykeys.${ENV}
+api_mongo_auth=${MONGO_USERNAME}:${MONGO_PASSWORD}
+api_mongo_database=${ENV}
+api_mongo_replset_name=${ENV}-rs0
+api_s3_context_bucket=runnable.context.resources.${ENV}
+
+[big-poppa:vars]
+big_poppa_pg_pass=${POSTGRES_PASSWORD}
+big_poppa_pg_host=${POSTGRES_HOST}:${POSTGRES_PORT}
+big_poppa_pg_port=${POSTGRES_PORT}
+big_poppa_pg_user=big_poppa
+big_poppa_github_token=${GITHUB_ACCESS_TOKEN}
+big_poppa_mongo_auth=${MONGO_USERNAME}:${MONGO_PASSWORD}
+big_poppa_mongo_database=${MONGO_DATABASE}
+big_poppa_mongo_replset_name=${MONGO_DATABASE}-rs0
+big_poppa_pg_pool_min=10
+big_poppa_pg_pool_max=20
+
+[cream:vars]
+cream_hello_runnable_github_token=${GITHUB_ACCESS_TOKEN}
+cream_stripe_secret_key=${STRIPE_SECRET_KEY}
+cream_stripe_publishable_key=${STRIPE_PUBLISHABLE_KEY}
+
+[docks:vars]
+docker_config=docks
+docks_rollbar_key=${ROLLBAR_TOKEN_DOCKS}
+
+[dock:vars]
+docks_rollbar_key=${ROLLBAR_TOKEN_DOCKS}
+
+[drake:vars]
+drake_port=80
+
+[khronos:vars]
+khronos_mongo_auth=${MONGO_USER}:${MONGO_PASSWORD}
+khronos_mongo_database=${MONGO_DATABASE}
+khronos_mongo_replset_name=${MONGO_DATABASE}
+
+[metis:vars]
+
+[navi:vars]
+navi_cookie_secret=${COOKIE_SECRET}
+_navi_proxy_port=65100
+_navi_proxy_ssl_port=65101
+
+[optimus:vars]
+optimus_aws_access_id=${AWS_ACCESS_KEY_ID_1}
+optimus_aws_secret_id=${AWS_SECRET_ACCESS_KEY_1}
+optimus_github_deploy_keys_bucket=runnable.deploykeys.${ENV}
+
+[palantiri:vars]
+
+[pheidi:vars]
+pheidi_mongo_auth=${MONGO_USER}:${MONGO_PASSWORD}
+pheidi_mongo_database=${MONGO_DATABASE}
+pheidi_mongo_replset_name=${MONGO_DATABASE}
+pheidi_runnabot_tokens=${GITHUB_ACCESS_TOKEN}
+
+[sauron:vars]
+
+[registry:vars]
+registry_s3_access_key=${AWS_ACCESS_KEY_ID_1}
+registry_s3_secret_key=${AWS_SECRET_ACCESS_KEY_1}
+registry_s3_bucket=runnableimages.${ENV}
+registry_s3_region=${AWS_REGION}
+
+[shiva:vars]
+aws_access_key_id=${AWS_ACCESS_KEY_ID_1}
+aws_secret_access_key=${AWS_ACCESS_KEY_ID_1}
+shiva_aws_region=${AWS_REGION}
+shiva_dock_security_groups=${AWS_DOCK_SG}
+shiva_ssh_key_name=${AWS_SSH_KEY_NAME}
+shiva_aws_instance_image_id=${AWS_DOCK_AMI_ID}
+shiva_aws_instance_image_name=${AWS_DOCK_AMI_NAME}
+shiva_aws_instance_type=t2.medium
+shiva_dock_pool_asg_name=${ENV}-asg-dock-pool
+shiva_aws_launch_configuration_name=${ENV}-lc-${AWS_LC_VERSION}
+shiva_aws_auto_scaling_group_subnets=${AWS_ASG_SUBNET}
+shiva_aws_auto_scaling_group_max=29
+shiva_aws_auto_scaling_group_prefix=asg-${ENV}-
+
+[swarm-manager:vars]
+aws_access_key=${AWS_ACCESS_KEY_ID_1}
+aws_secret_key=${AWS_SECRET_ACCESS_KEY_1}
+environment_name=${ENV}
+
+[vault:vars]
+vault_hello_runnable_github_token=${GITHUB_ACCESS_TOKEN_HELLO_RUNNABLE}
+vault_aws_access_key_id=${AWS_ACCESS_KEY_ID_1}
+vault_aws_secret_key=${AWS_SECRET_ACCESS_KEY_1}
+vault_aws_region=${AWS_REGION}
+vault_root_token=${LOCAL_VAULT_ROOT_TOKEN}
+vault_unseal_tokens={'one':'${LOCAL_VAULT_TOKEN_1}', 'two': '${LOCAL_VAULT_TOKEN_2}', 'three': '${LOCAL_VAULT_TOKEN_3}', 'four': '${LOCAL_VAULT_TOKEN_4}', 'five': '${LOCAL_VAULT_TOKEN_5}'}
+_vault_port=65240
+_vault_ssl_port=65241
+
+[${ENV}:vars]
+bastion_sshd_port=60709
+datadog_tags=env:${ENV}
+datadog_mongodb_user=datadog
+datadog_mongodb_pwd=
+domain=${DOMAIN}
+mongo_port=27017
+node_env=${ENV}
+pg_user=astral
+pg_pass=${POSTGRES_PASSWORD}
+pg_host=${POSTGRES_HOST}:${POSTGRES_PORT}
+rabbit_password=${RABBIT_PASSWORD}
+rabbit_username=${RABBIT_USERNAME}
+_registry_port=65001
+_consul_api_port=65200
+_consul_https_port=65201
+_swarm_master_port=65250
+user_content_domain=${USER_CONTENT_DOMAIN}
+max_navi_port=65000
+_redis_port=65075
+_redis_tls_port=65076
+api_hello_runnable_github_token=${GITHUB_ACCESS_TOKEN_HELLO_RUNNABLE}
+vault_auth_token=${REMOTE_VAULT_ROOT_TOKEN}
+vault_token_01=${REMOTE_VAULT_TOKEN_1}
+vault_token_02=${REMOTE_VAULT_TOKEN_2}
+vault_token_03=${REMOTE_VAULT_TOKEN_3}
+vault_token_04=${REMOTE_VAULT_TOKEN_4}
+vault_token_05=${REMOTE_VAULT_TOKEN_5}
+github_domain=api.github.com
+is_github_enterprise=false
+github_protocol=https
+proxy_container_image=runnable/sticky-nginx
+proxy_container_image_version=v1.8.1
diff --git a/ansible/dock.yml b/ansible/dock.yml
@@ -11,12 +11,13 @@
       name={{ dock }}
       groups=dock
 
+- include: image-builder.yml git_branch="v4.2.3"
 - include: charon.yml git_branch="v4.0.0"
-- include: dock-init.yml git_branch="v10.1.0"
+- include: dock-init.yml git_branch="v10.1.1"
 - include: krain.yml git_branch="v0.3.0"
 
 - hosts: "{{ dock }}"
-  tasks: 
+  tasks:
   - name: remove datadog agent
     become: true
     apt:
@@ -29,3 +30,4 @@
   - { role: install-ssm }
   - { role: dock-images }
   - { role: docks-psad }
+