Commit 29116b31 authored by Ľuboslav Pivarč's avatar Ľuboslav Pivarč
Browse files

ansible for rancher set up

parent 2f1030dc
# Ansible repo for setting up Rancher Master and Rancher Slaves
# Ansible repo for setting up Rancher
## Installation of Rancher Master
Set destination host in ansible_hosts `[barn]` section.
`ansible-playbook setup-barn.yml`
## Installation of Rancher Slaves (Kubernetes cluster)
* set all hosts in ansible_hosts `[slaves]` section.
* set at least one host per `[etcd] [control] [worker]` from `[slaves]`
* create Custom cluster in Rancher
* copy token_c and ca_checksum_c to config.yaml
* allocate floating ips in OpenStack for slaves and put them in config.yaml
* put OpenStack private network ID into config.yaml
`ansible-playbook setup-slaves.yml`
Run `ansible-playbook setup-barn.yml`
[defaults]
inventory=ansible_hosts
retry_files_enabled = False
host_key_checking = False
[barn]
barn.ics.muni.cz
[slaves]
147.251.21.252
147.251.21.251
147.251.21.162
[etcd]
147.251.21.252
[control]
147.251.21.251
[worker]
147.251.21.162
vm_name_c: ['k8s-1','k8s-2','k8s-3']
ip_c: ['147.251.21.252','147.251.21.251','147.251.21.162']
net_id_c: 'openstack-network-id'
token_c: 'rancher-token_c'
ca_checksum_c: 'rancher_ca_checksum_c'
REMOTE_USER: "root"
BECOME: "false"
REMOTE_USER: "pdxuser"
BECOME: "true"
EMAIL: "456130@mail.muni.cz"
DOMAIN_NAME: "rancher.edirex.ics.muni.cz"
---
- name: Install packages Debian
apt: name=mc,needrestart,aptitude state=present update_cache=yes cache_valid_time=3600
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Setup needrestart for Debian
shell: "needrestart -r a -b"
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
register: result
changed_when: "result.rc > 0"
- name: Add EPEL to CentOS
yum_repository:
name: epel
description: EPEL YUM repo
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
gpgcheck: no
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Install packages CentOS
yum: name=mc,yum-utils state=latest update_cache=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Empty motd file
copy: content="\n" dest=/etc/motd owner=root group=root mode=0644
- name: Set sshd unit for Debian
set_fact:
SSHD_UNIT: "ssh"
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Set sshd unit for Centos
set_fact:
SSHD_UNIT: "sshd"
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Force cert auth for root over ssh
lineinfile: dest=/etc/ssh/sshd_config regexp='^PermitRootLogin' line='PermitRootLogin without-password'
notify:
- restart sshd
- name: More packages for Debian
apt: name={{ item }} state=present update_cache=yes cache_valid_time=3600
with_items: '{{ PACKAGES }}'
when: PACKAGES is defined and ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' )
- name: More packages for Red Hat
yum: name={{ item }} state=latest update_cache=yes
with_items: '{{ PACKAGES }}'
when: PACKAGES is defined and ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' )
- name: Install prerequisites
apt: name={{item}} update_cache=yes
with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- name: Add Docker GPG key
apt_key: url=https://download.docker.com/linux/ubuntu/gpg
- name: Add Docker APT repository
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ansible_distribution_release}} stable
- name: Install Docker
apt:
name: docker-ce=17.03.2~ce-0~debian-stretch
- name: Hold Docker version
shell: aptitude hold docker-ce
changed_when: False
- name: restart docker
service:
name: "docker"
state: restarted
enabled: yes
\ No newline at end of file
- name: Set mtu
lineinfile:
path: /etc/docker/daemon.json
regexp: 'mtu'
line: '{"mtu": 1442}'
state: present
create: yes
notify:
- restart docker
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4z/6G+8YZb5Rbzc/DuWt3Dkp3n/rlSYAHdlwFx7R+zFUSkBioGOu1m4sG1G3L1w3CVhg/778GLCPJD5Np2uWYM9DTqTLMecplKo3f/2b2nYBC/TwPXl9p0yjU4Cr0Hq7ol5KNqczg4z36/KZBHt9+kGrX5L43g31bkWlXe8i99JxgXW4cM0720H5IELT4jxGwyNuJ9U85hW9mUQUCSjM/j64G4zt+HtBpM41eH/8InW3SBbfwdwdHR0mw29NylA/d//f4R9TU3X3peXPoJwNaws0eSYigkrtAyPKvCnYHYf7O9ftXbSFcrBVAvdTD29eBVi1erqnSG6kgCtXXeKG9 luboslav@lpivo
---
- name: restart sshd
systemd:
name: "{{ SSHD_UNIT }}"
- name: restart nrpe
service:
name: "nagios-nrpe-server"
state: restarted
enabled: yes
---
- name: Install packages
apt:
name: [mc, docker.io, aptitude]
state: present
update_cache: yes
- name: Set timezone to Europe/Prague
timezone:
name: "Europe/Prague"
- name: Set default locale
lineinfile:
path: "/etc/default/locale"
line: "LC_ALL=en_US.UTF-8"
regexp: "^LC_ALL="
- name: Add ssh keys to root
authorized_key:
user: root
state: present
key: '{{ item }}'
with_file:
- radim.pub
- name: Unattended-Upgrade::Automatic-reboot
lineinfile:
path: /etc/apt/apt.conf.d/50unattended-upgrades
regexp: 'Unattended-Upgrade::Automatic-Reboot '
line: 'Unattended-Upgrade::Automatic-Reboot "true";'
when: AUTOMATIC_REBOOT
- name: Unattended-Upgrade::Automatic-reboot
lineinfile:
path: /etc/apt/apt.conf.d/50unattended-upgrades
regexp: 'Unattended-Upgrade::Automatic-Reboot-Time'
line: 'Unattended-Upgrade::Automatic-Reboot-Time "05:00";'
when: AUTOMATIC_REBOOT
#############################################################################
# Sample NRPE Config File
# Written by: Ethan Galstad (nagios@nagios.org)
#
# Last Modified: 11-23-2007
#
# NOTES:
# This is a sample configuration file for the NRPE daemon. It needs to be
# located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed.
#############################################################################
# LOG FACILITY
# The syslog facility that should be used for logging purposes.
log_facility=daemon
# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number. The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.
pid_file=/var/run/nagios/nrpe.pid
# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-priviledged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
server_port=5669
# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
server_address={{ ansible_default_ipv4.address }}
# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_user=nagios
# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_group=nagios
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=127.0.0.1, 147.251.7.8/29
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments
dont_blame_nrpe=0
# BASH COMMAND SUBTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...). This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
# 1=allow bash command substitutions
allow_bash_command_substitution=0
# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo. For this to work, you need to add
# the nagios user to your /etc/sudoers. An example entry for alllowing
# execution of the plugins from might be:
#
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password. If you do this, make sure you don't give
# random users write access to that directory or its contents!
# command_prefix=/usr/bin/sudo
# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on
debug=0
# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.
command_timeout=60
# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.
connection_timeout=300
# WEEK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
#allow_weak_random_seed=1
# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.
#include=<somefile.cfg>
# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).
#include_dir=<somedirectory>
#include_dir=<someotherdirectory>
# COMMAND DEFINITIONS
# Command definitions that this daemon will run. Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on! The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory. Also note that you will have to modify the definitions below
# to match the argument format the plugins expect. Remember, these are
# examples only!
# The following examples use hardcoded command arguments...
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
command[check_disk]=/usr/lib/nagios/plugins/check_disk -w 15% -c 10% -p /
# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'. This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.
#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
#
# local configuration:
# if you'd prefer, you can instead place directives here
include=/etc/nagios/nrpe_local.cfg
#
# you can place your config snipplets into nrpe.d/
# only snipplets ending in .cfg will get included
include_dir=/etc/nagios/nrpe.d/
---
- name: Detect docker containers
shell: 'docker ps -q'
register: containers
changed_when: "containers.rc != 0"
- debug:
msg: "{{ containers.stdout }}"
- name: Register node with master
shell: "docker run -d --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes
-v /var/run:/var/run rancher/rancher-agent:v2.0.0 --server {{ domain_name }}
--token {{ token }} --ca-checksum {{ ca_checksum }} --{{ type }}"
when: containers.stdout == ""
---
- name: launch an instance
os_server:
state: present
name: '{{ item.0 }}'
image: c6ecb361-2675-4c8c-b639-b33cd84e710e
key_name: my_key
timeout: 200
flavor: 4
nics: "net-id={{ net_id }}"
floating_ips:
- '{{ item.1 }}'
with_together:
- '{{ vm_name }}'
- '{{ ip }}'
......@@ -10,7 +10,6 @@
- name: Create a rancher container
docker_container:
name: rancher
command: --no-cacerts
image: rancher/rancher:latest
restart_policy: unless-stopped
ports:
......
---
- name: reboot machine
shell: sleep 2 && shutdown -r now
async: 1
poll: 0
- name: waiting for server to come back
local_action: wait_for host={{ inventory_hostname }} state=started port=22 delay=30 timeout=300 connect_timeout=15
---
- name: Upgrade
include_role:
name: upgrade
- name: Restart CentOS services when required
shell: 'needs-restarting -s | while read line ; do systemctl restart $line && echo $line; done'
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
register: result
changed_when: result.stdout != ""
- name: Reboot CentOS when required
shell: "if ! needs-restarting -r; then (exit 0); else (exit 1); fi"
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
register: reboot
changed_when: "reboot.rc == 0"
failed_when: "reboot.rc > 1"
- name: Reboot
include_role:
name: reboot
when: ( reboot.rc is defined ) and ( reboot.rc == 0 )
- name: Restart Debian services when required
shell: 'needrestart -b | grep NEEDRESTART-SVC | cut -d" " -f 2 | while read line ; do systemctl restart $line && echo $line; done'
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
register: result
changed_when: result.stdout != ""
- name: Reboot Debian when required
shell: '[ `/usr/sbin/needrestart -b | grep NEEDRESTART-KSTA | cut -d" " -f2` -gt 1 ]'
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
register: reboot
changed_when: "reboot.rc == 0"
failed_when: "reboot.rc > 1"
- name: Reboot
include_role:
name: reboot
when: ( reboot.rc is defined ) and ( reboot.rc == 0 )
---
- name: update a server Debian
apt: update_cache=yes cache_valid_time=3600 allow_unauthenticated=yes force=yes
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: upgrade a server Debian
apt: upgrade=full
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: upgrade a server CentOS
yum: name=* state=latest update_cache=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
---
username: "pdxuser"
tools_dir: "/home/{{ username }}/tools"
logs_dir: "/home/{{ username }}/logs"
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCscnBHx46RNH0xgJGFQDuRvcjsf+0KE4lHMZuxhY3z70/kR3oJFZ0ns6/26QGCmhKVlSePKIO8idC1U5hqDXqhRB+Kpx/4yDcUNMtU4Xklmfqqv47uyq6/oylNjJgAbD691K21SZQSGP8nEz2LZlB3d9eNx131mVfMegyyQnnSLXqvQn1PGpwq9yCeV7RstAI67dL+ilglFWIUwkmwr7V6AKSPwYgFZE/uZJ0qfZ6+PBhS6+/zsDcq1N9OhtsHNsM1esglvWwu5zW83uuqB2p2FaG/Aoy3+70vDiwhjvgiXor/2jOx4Vzfv1c/55X8gmsOWT/WmQwoE2ernbFBFc8h ljocha@hiram.ics.muni.cz
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+7nn7bgHMiO9hNR1Te4Wrc6EbN534hsEPZYhr1H3uOZb0tnm25p7FMabuX8bUiEcWetyizcOu46ZSHyTOOUPuWfE/KrtFKYyVnBbYVkmpfPjzRpok7LsFoeVBN+MLW2OPQ8BVXHsLW6ysdgUwwL3b8iSgOhctn6mBhjbP/TeXFy32eNEZ+4J4sEKVpWSIWUrIOVf4A/71KtvbY3Nbdn1UyRAPQfKqONyn5qLyu9r21weoTBhuEqZwuASFSM+dwDT0z4zuA79BLXfZu+ldaRQKyZzjOupa4yfBhe1tQTX4FSxqQrVKf/VmADJVcIKiHTmg8bOPRVo8TFcWOuHDNFjr cuda@plk
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeOsA2CwOfm7LSXXraYIHTTgKzsoo7W54fchbvoVZW2ltiAyEfyc3OasogK4NgsQ6e9tqIveVDMb+Oen6iZFx0w+By2k4cR/ZNRZsqpwB08f9zwbVqSLS6Jt0LmfifGlhy/FbxKjx1GRwVBdjazbos0OB/OTu8oHtmMqdrnqABvuTX2TojqqjOwc98s9rlQlHAcv7U165XLsdTpd7tWN95ZSTcDJ7Z3WrJ3GqehWS62YJg9iHqNK2J2Hr4NI8QkQGjoNcGq+UQomBp39KNwMQWbsOIxRlZgGu+gLtDlqlSiUEPJ9+XtdURXcb6tkjjp+nZvm8XV2qYLwO+mvDOI8S9 gitlab@pdxfinder.edirex.ics.muni.cz
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzjR+2JP7KlTIFu8kR3+vg4OrooMU+VLtj/NgciZen33uOT+hF8M4rpL2Vt0vfIENY/2APGUFaRLO/Mkzoh8var8wKkm51H00lA9JDSQRPw/uP2X9Iy/YvlKJ4SlVvIw86nbzpFpT/yXQfc/JbklTAL4r7isA/T8q2y0zExPqKs7ZEgIn6vvxMnESV/C0eQ0s9pPLaFzfKFMyiFa1zjQCJyzcX996gjoWr/SnygzE410s0mqi+fJk8QI6Zpk7WwZDTCGPlXb3N7Z28dzwphFqyLiM4VPsHPAovTP70+07+RbVecicV37Jr516X2jvuQitdG3wv4/5RuXObYvZb8zH9 456334@mail.muni.cz
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4z/6G+8YZb5Rbzc/DuWt3Dkp3n/rlSYAHdlwFx7R+zFUSkBioGOu1m4sG1G3L1w3CVhg/778GLCPJD5Np2uWYM9DTqTLMecplKo3f/2b2nYBC/TwPXl9p0yjU4Cr0Hq7ol5KNqczg4z36/KZBHt9+kGrX5L43g31bkWlXe8i99JxgXW4cM0720H5IELT4jxGwyNuJ9U85hW9mUQUCSjM/j64G4zt+HtBpM41eH/8InW3SBbfwdwdHR0mw29NylA/d//f4R9TU3X3peXPoJwNaws0eSYigkrtAyPKvCnYHYf7O9ftXbSFcrBVAvdTD29eBVi1erqnSG6kgCtXXeKG9 luboslav@lpivo
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL5TCtRi1P5OP7HSa7b6UN1K5sfboJ3Kw+t79k2XLXCvO7ZMwKNjOgHkOj9rmFbV6mEEe1Oz4M+aTqNdFdh14jPJToZm6CVTv4Xq2pZbA7tQBY5DmP2IDP7gqBVRS4JEd3P0RTrs1O70zOPsCL/m3kJaGGdoWfvoxOgjePGJOL9LvHehAXaKymvsp0n5u/Ks7xlvXzLzke9FZeyaTO5u5sa1nuoxE3yl0XaORProTMMkeWujTJ3b+olXLrJBe2rkbt4qojjdK26JIpZQOgRmIwMSHHvHq7bLY8tuOq/isxv7NIlvRP0jku+Zj5YO35YRP+GGyDfpXC2SiaqFz0EsjJbS85i4xXPtMoKCLF/B7v3AthB25X8UanfV4nqa1hNFeqCvzFm8WNinqXZKi1JnhlvsxXOvgtl+4yamXZwRqVL79AkkD8Rry7E5maRLaq9+AWAxfUdhmgJF5MvE1yx3QO9rKz+WeWU6w2e4KPMu7QrvoZ83u8ODteSW9JdFH7q+25FosBkjaC7Ui7JKDRRXti71BiwhR8GZmmC11iRRR8+Zjk+j9GPs++c2eimj92KrWySPOQN9XVKqixoIVhUezOtQEhnPUH0S/Sbw15s8JDPRL+WdBgJLSkn7SPVUxxCgj1rVdWtBd2NXrwWKNxTKvR6osbk7k5agcMUtxWW3Nd0w== pesa@ics.muni.cz
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEeXO1zuWAVVa1aTcbz3g/c+cHRI8j9OwMHRmaSWrCNNAOrNVn2T2GGMWJtPB/zi0XE04rym/gguX+UipHXdwlmZSAItZYA7EBMTiZedQkJXfZu/I7QBVKmc2cGP/OEMsuk4ilmJL4B6Z50TOZNUZgtq9c2p0xCJ83kbUUM/7AzrOC8+J6Yb3Hz/10akK9YlESY9996d7rKiUkfNWWUqSPr9tShO03cng9k8f/3l6rX5UE/tuWvvRPpsHR3j+RlfVQtCb+WYNQzZxWyAoPJgkiNmnufekVKfaTpAvhsEE+DP9AMileZn7rVTLsphqqh7yXtRbQb4h+isjSwn7E6w+gMr0nWCANreetRs5mBVib2//Jpl3eF7HZ5evlmBjHLWdJ/dUll+ww1TBiffbADVIbmR6DKMWG/6u8K205uoPOkIfnyVEpelvx6akkZAc1waqCKJJdMmgmejUFdu5fY2lYyT5OkJJWYswcr31IqNgOmn2vq11yGKixntmGCX1Cc2kVz7W408WDDdB+a+VUWxvSLCmqRI323QyQnDTTVpDHvDS5hH0b+GhW68EFiLw6+FRjiHLxBJf51mAOnmEFX3gC+IpgN9zrakJ5sIDwb6SXa+OOP2NfJfyeybeZMtcqWxCnqGYUuBy2OY7LDEcy1vLx7XPxy4geAzK23od3JGJh9Q== 456130@mail.muni.cz
\ No newline at end of file
#!/bin/bash
set -x
COMPOSEDIR=/home/pdxuser/dataportal-docker
LETSDIR=/etc/letsencrypt/live/dataportal.europdx.eu
RENEWEDFLAG=/tmp/renewed.txt
sudo certbot renew --renew-hook "touch $RENEWEDFLAG"
if [ -f $RENEWEDFLAG ]; then
echo "Just renewed."
cd $COMPOSEDIR
/usr/local/bin/docker-compose down
sudo cp $LETSDIR/privkey.pem $COMPOSEDIR/proxy/ssl/server.key
sudo cp $LETSDIR/fullchain.pem $COMPOSEDIR/proxy/ssl/server.crt
sudo chown pdxuser:pdxuser $COMPOSEDIR/proxy/ssl/server.key
sudo chown pdxuser:pdxuser $COMPOSEDIR/proxy/ssl/server.crt
rm $RENEWEDFLAG
/usr/local/bin/docker-compose up -d
else
echo "Not renewed."
fi
\ No newline at end of file
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGqTuvcKWDAiI1JIoqARAooj0o96XMQMBe/8KultrGqM1ukE6Rv5iZcD0F1OVhKZxlHIptmLDzLC+u8XjGmf6u+N38N3W6XqhPGW/Kxe0+BJ0tyn1gzprHXOag3IF2q7HJ3WHYhHBjUXOG7M2Rptx4zA1c98dWhxMkig/ZEMgraRVNa27FwdZCxqSA/aOGB2JI1yQmnVJlHuicxDaZ1J0yl0ZTkKo0cSg9N0b92kwSZSIpjdm5nW9qX0381ZRYiKf68kVrErE0OvEoSlJsFSSqeMYv2MSvDk04ac79BZB2heerahOdVdbLaA0kgevMXBXRnY+Kybmj4bHd/EscX2br3TLfLcMtNF+3OLAsgaeWqxZj1jK1AF2PSenH8UMTOpYnAwB8vNsn0sAS2f9L0cUM1feRGrmxc1+gGZLMx/cMiw9RybVoKO7hB2HebRkdrThONDxd/HeBCOWTl79kg5XrRQ82fqshENwqyzvZ91xK7ACoqYhwS+c7Yc9TZs18RSIH67wGFi3k5L41B7jJG/91Uvzm9WRJ5hB4M1slzPniebJiDdKGIgAd4QWRxTGgYsHrYArhYl6bTngASpjCvHQbwQ9kB93atGpA8+kgZ4FgMZqhKP9Z5UKHs8gHVDQwomA8i+pwGzQ5lUNIXd/PG7X9YNIy3k6PbM5p8RpiqzJiZQ== 456315@mail.muni.cz
\ No newline at end of file
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1DvN0ersbP7XNXLjRh6xquA3bYim4EEA6Xap49UmSO7DPIo5yai6c2X5lHcHruhJkG61b1QNWOtkNHt1DhfjGygLApBVgr1J1kbpcc39GoMn2BqIV8ioccSgyXXZQykQeIRGq/CN8bZwtAAfU0tJS9faH6Ft3ZoY7hAaHQRqCOxmMYGmylxcrJMn0fcqSmsj0I7PMFYKrdzi1PoVbfidWzd7W4CRDZ1V7Ja1AiptaHQPUb0iOOAqgu60TGJZl2IBDtPAc12vD5NaMxrkDIWfcOo5zy7Xmwgmh3wHKBsAImmJlWguWeQNzkROE5wK4VjxWolkFy42pRK+5IVDjdEJ3 zdenka@zdenka-VirtualBox
\ No newline at end of file