:wrench: add container setup

deploy/README.md

@@ -18,11 +18,11 @@ ssh-copy-id -i .ssh/id_ed25519 USER@HOST
 
 ```bash
 # test ssh connections
-peony -i clients/CLUSTER JOB.yml
-# run on all hosts
-peony -i clients/CLUSTER JOB.yml
-# run on only group
-peony -i clients/CLUSTER JOB.yml -l GROUP
+peony -i clients/CLUSTER ping.yml
+# setup base system
+peony -i clients/CLUSTER ec2.yml
+# setup redis cluster nodes
+peony -i clients/CLUSTER redis.yml -l redis
 ```
 
 ## System image

deploy/ec2.yml

@@ -7,6 +7,7 @@
     - web
     - task
   roles:
-    - os
-    - ubuntu
+    # - os
+    # - ubuntu
+    - container
     - random-passwords

deploy/group_vars/all.yml

@@ -4,5 +4,8 @@ ansible_ssh_private_key_file: "{{ inventory_dir }}/.ssh/id_ed25519"
 
 app_deploy_target: "/var/www/{{ inventory_hostname }}"
 app_downloads: "{{ ansible_env.HOME }}/downloads"
+
 app_dashboard_base_path: "/pcd"
 app_postgresql_version: "15"
+open_search_version: "2.17.0"
+open_search_arch: "arm64"

deploy/open-search.yml

@@ -0,0 +1,4 @@
+- name: OpenSearch node
+  hosts: all
+  roles:
+    - open-search

deploy/roles/container/files/registries.conf

@@ -0,0 +1 @@
+unqualified-search-registries = ["docker.io"]

deploy/roles/container/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: Create container data folder
+  become: true
+  ansible.builtin.file:
+    path: "/mnt/{{ ansible_user }}"
+    state: directory
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: "0700"
+
+- name: Create containers config folder
+  ansible.builtin.file:
+    path: "{{ ansible_env.HOME }}/.config/containers"
+    state: directory
+
+- name: Copy registries.conf
+  ansible.builtin.copy:
+    src: registries.conf
+    dest: "{{ ansible_env.HOME }}/.config/containers/"
+    mode: "0644"
+
+- name: Copy storage.conf
+  ansible.builtin.template:
+    src: storage.conf
+    dest: "{{ ansible_env.HOME }}/.config/containers/"
+    mode: "0644"

deploy/roles/container/templates/storage.conf

@@ -0,0 +1,6 @@
+[storage]
+driver = "overlay"
+rootless_storage_path = "/mnt/{{ ansible_user }}/.c"
+
+[storage.options.overlay]
+mount_program = "/usr/bin/fuse-overlayfs"

deploy/roles/open-search/tasks/main.yml

@@ -0,0 +1,48 @@
+- name: Unarchive open-search package
+  ansible.builtin.unarchive:
+    src: "https://artifacts.opensearch.org/releases/bundle/opensearch/{{ open_search_version }}/opensearch-{{ open_search_version }}-linux-{{ open_search_arch }}.tar.gz"
+    dest: /opt
+    remote_src: true
+    owner: www-data
+    group: www-data
+
+- name: Set listening
+  become: true
+  ansible.builtin.lineinfile:
+    path: /opt/opensearch-{{ open_search_version }}/config/opensearch.yml
+    line: "network.host: 0.0.0.0"
+    backup: true
+
+- name: Set single node
+  become: true
+  ansible.builtin.lineinfile:
+    path: /opt/opensearch-{{ open_search_version }}/config/opensearch.yml
+    line: "discovery.type: single-node"
+    backup: true
+
+- name: Disable security plugin
+  become: true
+  ansible.builtin.lineinfile:
+    path: /opt/opensearch-{{ open_search_version }}/config/opensearch.yml
+    line: "plugins.security.disabled: true"
+    backup: true
+
+- name: Upload OpenSearch systemd service
+  become: true
+  template:
+    src: server.service.j2
+    dest: "/usr/lib/systemd/system/open-search.service"
+    mode: "0644"
+
+- name: Force systemd to reread configs
+  become: true
+  systemd:
+    daemon_reload: true
+
+- name: Enable OpenSearch service
+  become: true
+  ansible.builtin.systemd:
+    name: "open-search"
+    enabled: true
+    masked: false
+    state: "restarted"

deploy/roles/open-search/templates/server.service.j2

@@ -0,0 +1,17 @@
+[Unit]
+Description=OpenSearch is an open-source, enterprise-grade search and observability suite that brings order to unstructured data at scale
+After=network.target
+
+[Service]
+Type=notify
+WorkingDirectory=/opt/opensearch-{{ open_search_version }}
+ExecStart=/opt/opensearch-{{ open_search_version }}/bin/opensearch
+TimeoutStartSec=180
+TimeoutStopSec=120
+Restart=always
+User=www-data
+Group=www-data
+Environment="OPENSEARCH_JAVA_HOME=/opt/opensearch-{{ open_search_version }}"
+
+[Install]
+WantedBy=multi-user.target