From fe37e2c1655a135857a76c9db562406194f713a3 Mon Sep 17 00:00:00 2001
From: Just van den Broecke <just@justobjects.nl>
Date: Wed, 2 Jun 2021 16:09:28 +0200
Subject: [PATCH] #18 portainer added as start admin stack

---
 .github/workflows/deploy.admin.yml | 32 ++++++++++++++++++
 README.md                          |  1 +
 ansible/deploy.yml                 |  4 +++
 services/admin/README.md           | 40 ++++++++++++++++++++++
 services/admin/deploy.sh           |  5 +++
 services/admin/docker-compose.yml  | 53 ++++++++++++++++++++++++++++++
 services/admin/start.sh            |  6 ++++
 services/admin/stop.sh             |  6 ++++
 8 files changed, 147 insertions(+)
 create mode 100644 .github/workflows/deploy.admin.yml
 create mode 100644 services/admin/README.md
 create mode 100755 services/admin/deploy.sh
 create mode 100644 services/admin/docker-compose.yml
 create mode 100755 services/admin/start.sh
 create mode 100755 services/admin/stop.sh

diff --git a/.github/workflows/deploy.admin.yml b/.github/workflows/deploy.admin.yml
new file mode 100644
index 0000000..594b5ea
--- /dev/null
+++ b/.github/workflows/deploy.admin.yml
@@ -0,0 +1,32 @@
+# Ansible workflow for single service deployment.
+# Uses: https://github.com/dawidd6/action-ansible-playbook
+# Options: https://github.com/dawidd6/action-ansible-playbook/blob/master/main.js
+# Author: Just van den Broecke - 2021
+#
+name: admin Deploy ⚙️
+
+# Trigger only when services/admin subdir changed
+on:
+  push:
+    paths:
+      - 'services/admin/**'
+
+jobs:
+  main:
+    runs-on: ubuntu-20.04
+
+    steps:
+    - name: Checkout ✅
+      uses: actions/checkout@v2
+
+    - name: Run playbook ⚙
+      uses: dawidd6/action-ansible-playbook@v2
+      with:
+        playbook: deploy.yml
+        directory: ./ansible
+        key: ${{secrets.ANSIBLE_SSH_PRIVATE_KEY}}
+        inventory: ${{secrets.ANSIBLE_INVENTORY_PROD}}
+        vault_password: ${{secrets.ANSIBLE_VAULT_PASSWORD}}
+        options: |
+          --tags admin
+          --verbose
diff --git a/README.md b/README.md
index 32ace35..a90f992 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 [![Traefik Deploy](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.traefik.yml/badge.svg)](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.traefik.yml)
 [![pygeoapi Deploy](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.pygeoapi.yml/badge.svg)](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.pygeoapi.yml)
 [![ldproxy Deploy](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.ldproxy.yml/badge.svg)](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.ldproxy.yml)
+[![admin Deploy](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.admin.yml/badge.svg)](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.admin.yml)
 [![docs Deploy](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.docs.yml/badge.svg)](https://github.com/Geonovum/ogc-api-testbed/actions/workflows/deploy.docs.yml)
 [![Gitter](https://img.shields.io/gitter/room/Geonovum/ogc-api-testbed.svg?style=flat-square)](https://gitter.im/Geonovum/ogc-api-testbed)
 
diff --git a/ansible/deploy.yml b/ansible/deploy.yml
index 7e39215..77f75c6 100644
--- a/ansible/deploy.yml
+++ b/ansible/deploy.yml
@@ -35,3 +35,7 @@
     - name: "docs"
       shell: "cd {{ services_home }}/docs && ./deploy.sh && docker ps"
       tags: docs
+
+    - name: "admin"
+      shell: "cd {{ services_home }}/admin && ./deploy.sh && docker ps"
+      tags: docs
diff --git a/services/admin/README.md b/services/admin/README.md
new file mode 100644
index 0000000..b9ccc79
--- /dev/null
+++ b/services/admin/README.md
@@ -0,0 +1,40 @@
+# Admin Stack
+
+Runs various admin tools/services.
+
+* Portainer (Community Edition)
+* GeoHealthCheck (TODO)
+
+## Deployment
+
+This service is automatically (re)deployed if anything within this directory or its subdirs changes
+when committed/pushed.
+
+A GitHub Action invokes an Ansible Playbook.
+See the following deployment files:
+
+* [GitHub Action](../../.github/workflows/deploy.admin.yml)
+* [Ansible Playbook](../../ansible/deploy.yml)
+
+The Ansible Playbook can also be invoked directly.
+
+## Specifics
+### Portainer
+
+* Image: https://hub.docker.com/r/portainer/portainer-ce/
+
+**Admin Password**
+
+Encrypted version, generated with Apache Utils
+
+```
+docker run --rm httpd:2.4-alpine htpasswd -nbB admin "THE PASSWORD" | cut -d ":" -f 2 
+
+```
+
+Note escaped `$` in docker-compose.yml
+
+```
+ - --admin-password=$$2y$$05$$VCjhk4z8mhi8V0DpXHX56.W1jy0sNWHOwSQbXVCYPyLs/WanBODPq
+
+```
\ No newline at end of file
diff --git a/services/admin/deploy.sh b/services/admin/deploy.sh
new file mode 100755
index 0000000..225e2d7
--- /dev/null
+++ b/services/admin/deploy.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+source ../env.sh
+
+./stop.sh && docker pull portainer/portainer-ce:latest && ./start.sh
diff --git a/services/admin/docker-compose.yml b/services/admin/docker-compose.yml
new file mode 100644
index 0000000..b099aad
--- /dev/null
+++ b/services/admin/docker-compose.yml
@@ -0,0 +1,53 @@
+version: '3.3'
+
+services:
+
+  portainer:
+
+    image: portainer/portainer-ce:latest
+
+    container_name: portainer
+
+    expose:
+      - "9000"
+
+    ports:
+      - "9001:9000"
+
+    command:
+      - --admin-password=$$2y$$05$$VCjhk4z8mhi8V0DpXHX56.W1jy0sNWHOwSQbXVCYPyLs/WanBODPq
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_data:/data
+
+    labels:
+      # Enable Traefik routing on overlay service network
+      - "traefik.enable=true"
+      - "traefik.docker.network=service-network"
+
+      - "traefik.http.middlewares.portainer-stripprefix.stripprefix.prefixes=/portainer"
+      - "traefik.http.services.frontend.loadbalancer.server.port=9000"
+
+      # SSL/https router
+      - "traefik.http.routers.portainer_https.rule=Host(`${TRAEFIK_SSL_DOMAIN}`) && PathPrefix(`/portainer`)"
+      - "traefik.http.routers.portainer_https.service=frontend"
+      - "traefik.http.routers.portainer_https.entrypoints=https"
+      - "traefik.http.routers.portainer_https.tls=${TRAEFIK_USE_TLS}"
+      - "traefik.http.routers.portainer_https.tls.certresolver=${TRAEFIK_SSL_CERT_RESOLVER}"
+      - "traefik.http.routers.portainer_https.tls.options=my_default@file"
+      - "traefik.http.routers.portainer_https.middlewares=portainer-stripprefix,secure-headers@file"
+
+      # local http router
+      - "traefik.http.routers.portainer_http.service=frontend"
+      - "traefik.http.routers.portainer_http.rule=Host(`localhost`) && PathPrefix(`/portainer`)"
+      - "traefik.http.routers.portainer_http.entrypoints=http"
+      - "traefik.http.routers.portainer_http.middlewares=portainer-stripprefix"
+
+volumes:
+  portainer_data:
+
+networks:
+  default:
+    external:
+      name: service-network
diff --git a/services/admin/start.sh b/services/admin/start.sh
new file mode 100755
index 0000000..a416760
--- /dev/null
+++ b/services/admin/start.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+source ../env.sh
+
+./stop.sh
+docker-compose up -d
diff --git a/services/admin/stop.sh b/services/admin/stop.sh
new file mode 100755
index 0000000..f8403ec
--- /dev/null
+++ b/services/admin/stop.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+source ../env.sh
+
+docker-compose stop
+docker-compose rm --force