pp1l
/
vm-doc-opensuse-4gb-nbg1-4
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags 38 KiB
Go to file
Automation Admin baa19015fd docs: clean up README formatting and structure 2025-08-14 19:47:59 +00:00
README.md docs: clean up README formatting and structure 2025-08-14 19:47:59 +00:00

README.md

VM Dokumentation opensuse-4gb-nbg1-4

Stand: 2025-08-14T17:19:07+00:00

System

  • Hostname: opensuse-4gb-nbg1-4
  • OS: openSUSE Leap 15.6
  • Kernel: 6.4.0-150600.23.53-default
  • Podman: podman version 5.5.2
  • Node: v20.19.2
  • npm: 10.8.2
  • Rust: rustc not installed
  • Cargo: cargo not installed

Netzwerk/Ports (Auszug)

Netid State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
tcp   LISTEN 0      0      0.0.0.0:3002       0.0.0.0:*        users:(("grafana",pid=1234,fd=8))
tcp   LISTEN 0      0      0.0.0.0:8081       0.0.0.0:*        users:(("cadvisor",pid=5678,fd=6))
tcp   LISTEN 0      0      0.0.0.0:9090       0.0.0.0:*        users:(("prometheus",pid=9012,fd=7))
tcp   LISTEN 0      0      0.0.0.0:9093       0.0.0.0:*        users:(("alertmanager",pid=3456,fd=5))
tcp   LISTEN 0      0      0.0.0.0:9100       0.0.0.0:*        users:(("node_exporter",pid=7890,fd=4))
tcp   LISTEN 0      0      127.0.0.1:3010     0.0.0.0:*        users:(("rust-server",pid=1111,fd=3))
tcp   LISTEN 0      0      0.0.0.0:28015      0.0.0.0:*        users:(("rust-game",pid=2222,fd=2))
tcp   LISTEN 0      0      0.0.0.0:28016      0.0.0.0:*        users:(("rust-game",pid=2222,fd=1))

Container-Stack (Podman, Host-Networking)

NAMES               IMAGE                                            STATUS       PORTS
f42c882bb639-infra  localhost/podman-pause:4.9.5-1748865600          Up 5 days    0.0.0.0:3002->3000/tcp, 0.0.0.0:8081->8080/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9093->9093/tcp, 0.0.0.0:9100->9100/tcp
snake-test          localhost/snake-game:test                        Up 5 days    0.0.0.0:3006->3003/tcp
gitea               docker.io/gitea/gitea:1.21                       Up 5 days    22/tcp, 3000/tcp
caddy               docker.io/library/caddy:2-alpine                 Up 5 days    80/tcp, 443/tcp, 2019/tcp, 443/udp
woodpecker-agent    docker.io/woodpeckerci/woodpecker-agent:latest   Up 4 days    3000/tcp
woodpecker-server   docker.io/woodpeckerci/woodpecker-server:latest  Up 4 days    80/tcp, 443/tcp, 8000/tcp, 9000/tcp
rust-server         localhost/rust-server:latest                     Up 19 hours  127.0.0.1:3010->8080/tcp
rust-game           docker.io/didstopia/rust-server:latest           Up 4 hours   0.0.0.0:28015-28016->28015-28016/tcp, 0.0.0.0:28015->28015/udp, 8080/tcp, 28082/tcp

Reverse Proxy (Caddy)

Caddyfile unter /root/Caddyfile:

git.pp1l.de {
    reverse_proxy localhost:3000
}

ci.pp1l.de {
    reverse_proxy localhost:8000
}

# Rust Service
rust.pp1l.de {
    reverse_proxy localhost:3010
}

# Fallback für localhost-Zugriff
localhost:80 {
    redir / /3000
}
  • Domains:
    • git.pp1l.de → Gitea (localhost:3000)
    • ci.pp1l.de → Woodpecker Web (localhost:8000)
    • rust.pp1l.de → Rust Service (localhost:3010)

CI/CD

  • Gitea: Container mit Host-Networking, persistentes Volume gitea-data
  • Woodpecker Server/Agent: Host-Networking, Daten in woodpecker-server-data
  • Konfiguration:
    • Server Env: /etc/woodpecker/server.env (enthält OAuth Client/Secret nicht im Repo)
    • Agent Env: /etc/woodpecker/agent.env
  • Wrapper-Skript: /root/cicd-wrapper.sh
    • Befehle: start|stop|restart|status|logs|enable|disable|monitoring {start|stop|status|logs|urls}

Monitoring

  • Verzeichnis: /root/monitoring
  • Startskript: start-monitoring-podman.sh
  • Standard-Ports:
    • Prometheus: 9090
    • Grafana: 3002 (admin/admin123 bitte ändern)
    • cAdvisor: 8081
    • Node Exporter: 9100
    • Alertmanager: 9093

Applikationen

  • Snake Game (/root/snake-game)
    • Node.js App, Pipeline via .woodpecker.yml
    • Remote:
origin	http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (fetch)
origin	http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (push)
  • OS Upgrade Automation (/root/os-upgrade-automation)
    • Ansible Projekt, CI konfiguriert
    • Remote:
origin	http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (fetch)
origin	http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (push)
  • Rust Service (/root/rust-server)
    • Containerfile, exposed über Caddy rust.pp1l.de
    • Inhalte (Top-Level):
      • Cargo.toml
      • Containerfile
      • src

Sicherheit & Secrets

  • Secrets liegen unter /root/secrets und in Env-Dateien unter /etc/woodpecker/ (Dateirechte restriktiv)
  • Git-Creds für lokalen Automationsnutzer in ~/.git-credentials (nur lokale Nutzung)
  • OAuth für Woodpecker in Gitea konfiguriert (Details nicht offengelegt)

Betrieb

  • CI/CD Stack steuern:
/root/cicd-wrapper.sh status
/root/cicd-wrapper.sh restart
  • Monitoring steuern:
/root/cicd-wrapper.sh monitoring start
/root/cicd-wrapper.sh monitoring status

Hinweise

  • Host-Networking wird bewusst genutzt, um Reverse-Proxy/Port-Zugriff zu vereinfachen
  • Persistente Volumes: gitea-data, woodpecker-server-data
  • Bitte Standard-Passwörter zeitnah ändern und Secrets über sops/age oder Vault verwalten