diff --git a/.deploy/deploy-dev.yaml b/.deploy/deploy-dev.yaml index ab92259..aa87cc6 100644 --- a/.deploy/deploy-dev.yaml +++ b/.deploy/deploy-dev.yaml @@ -16,9 +16,11 @@ services: networks: - configurator deploy: - mode: global + mode: replicated restart_policy: condition: any + placement: + constraints: [node.labels.stage == development] update_config: parallelism: 1 order: start-first diff --git a/.deploy/deploy-prod.yaml b/.deploy/deploy-prod.yaml index d4fe2b4..245b25f 100644 --- a/.deploy/deploy-prod.yaml +++ b/.deploy/deploy-prod.yaml @@ -2,44 +2,29 @@ version: "3.4" services: - worker: - image: mathwave/sprint-repo:pizda-bot + certupdater: + image: mathwave/sprint-repo:certupdater command: worker environment: + MINIO_HOST: "minio.sprinthub.ru" + MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD MONGO_HOST: "mongo.sprinthub.ru" MONGO_PASSWORD: $MONGO_PASSWORD_PROD STAGE: "production" + volumes: + - /var/run/docker.sock:/var/run/docker.sock networks: - - queues - configurator deploy: mode: replicated restart_policy: condition: any - update_config: - parallelism: 1 - order: start-first - - pizda-bot-nginx: - image: mathwave/sprint-repo:pizda-bot - command: api - environment: - MONGO_HOST: "mongo.sprinthub.ru" - MONGO_PASSWORD: $MONGO_PASSWORD_PROD - networks: - - common-infra-nginx - deploy: - mode: replicated - restart_policy: - condition: any + placement: + constraints: [node.labels.stage == production] update_config: parallelism: 1 order: start-first networks: - common-infra-nginx: - external: true - queues: - external: true configurator: external: true diff --git a/.gitea/workflows/deploy-prod.yaml b/.gitea/workflows/deploy-prod.yaml index cd6e772..e487206 100644 --- a/.gitea/workflows/deploy-prod.yaml +++ b/.gitea/workflows/deploy-prod.yaml @@ -40,4 +40,5 @@ jobs: - name: deploy env: MONGO_PASSWORD_PROD: ${{ secrets.MONGO_PASSWORD_PROD }} - run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-prod.yaml pizda-bot + MINIO_SECRET_KEY_PROD: ${{ secrets.MINIO_SECRET_KEY_PROD }} + run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-prod.yaml certupdater diff --git a/main.py b/main.py index 9774e2c..a187ef1 100644 --- a/main.py +++ b/main.py @@ -1,5 +1,6 @@ import datetime import io +import os import subprocess import time from configurator import configurator @@ -27,13 +28,16 @@ def get_hosts() -> list[str]: def update_host(host: str) -> bool: - container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)") + if os.getenv("STAGE") == "development": + container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)") + else: + container_id_run = call(f"echo $(docker ps -q -f name=infra_nginx)") if container_id_run.code != 0: print(f"something wrong {container_id_run.err}") return False container_name = container_id_run.out.strip() if not container_name: - print("Not correct node") + print("No nginx container") return False gen_command = f"docker exec {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos --non-interactive -d \"{host}\"" @@ -66,10 +70,17 @@ def update_host(host: str) -> bool: while True: now = datetime.datetime.now() mongo_hosts = mongo.hosts + updated = False for host in get_hosts(): if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]: success = update_host(host) if success: print(f"Host {host} updated") mongo.update_date(host) - time.sleep(5 * 60) \ No newline at end of file + updated = True + if updated: + if os.getenv("STAGE") == "development": + call("docker service update --force infra-development_nginx") + else: + call("docker service update --force infra_nginx") + time.sleep(30)