Deploy Odoo on hosting with DNS

Overview

This YAML snippet defines a comprehensive Infrastructure-as-Code deployment plan for Odoo ERP system using Cetmix Tower platform. It automates the entire process from server provisioning to application deployment.

Architecture Components

1. Infrastructure Layer

• Cloud Provider: Hetzner Cloud (with extensible support for others)
• Server Locations: Multiple datacenters (Germany, Finland, US, Singapore)
• Server Types: Various Hetzner instances (CX22-CX52, CPX11-CPX51)
• Operating System: Ubuntu 22.04/24.04 support

2. Container Orchestration

• Platform: Docker-based deployment
• Networking: Optional custom Docker networks for container isolation
• Images: Custom-built Odoo images with add-on support
• Restart Policies: Configurable container restart behaviors

3. Database Layer

• Database: PostgreSQL (versions 9.6-16)
• Deployment: Shared PostgreSQL container
• Configuration: Extensive performance tuning options
• Parameters: Memory settings, connection limits, WAL configuration

4. Web Layer

• Reverse Proxy: Nginx with SSL termination
• SSL Certificates: Automatic Let's Encrypt via Certbot
• Load Balancing: Upstream configuration for Odoo services
• WebSocket Support: Gevent/longpolling for real-time features

5. DNS Management

• Provider: Cloudflare integration
• Automation: Automatic A record creation
• Configuration: Zone management via API

Key Configuration Options

Server Configuration

Variables:
- hosting_provider: hetzner
- hetzner_location: nbg1|fsn1|hel1|ash|hil|sin
- hetzner_server_type: CX22|CX32|CX42|etc.
- hetzner_os_image: ubuntu-24.04|ubuntu-22.04

Odoo Configuration

Variables:
- odoo_version: 18.0|17.0|16.0|15.0|14.0|13.0|12.0|11.0
- odoo_edition: ce|ee (Community/Enterprise)
- odoo_workers: Number of worker processes
- odoo_db_name: Database name for single-DB mode
- odoo_proxy_mode: Enable for reverse proxy setup

Database Tuning

PostgreSQL Parameters:
- shared_buffers: Main memory cache
- work_mem: Per-operation memory
- maintenance_work_mem: Maintenance operations memory
- max_connections: Concurrent connection limit
- effective_cache_size: Planner hint for available cache

Security Features

• fail2ban: SSH brute-force protection
• SSL/TLS: Automatic certificate management
• Network Isolation: Docker network segmentation
• Access Control: Configurable database manager access

Add-ons Management

Git Aggregator Integration

• Repository Cloning: Supports GitHub, GitLab, Bitbucket
• Version Control: Branch/tag specific deployments
• Private Repositories: Token-based authentication
• Dependency Resolution: Automatic external dependency installation

Build Process

• Layer Caching: Smart Docker layer optimization
• Multi-stage Builds: Separate base and add-on images
• Dependency Installation: Python packages and system libraries
• Manifest Processing: Automatic add-on discovery

Monitoring & Maintenance

Container Management

• Health Checks: Server status verification
• Restart Policies: Automatic recovery configuration
• Log Management: Centralized logging setup
• Resource Limits: Memory and CPU constraints

Update Strategy

• Rolling Updates: Build new image while service runs
• Zero Downtime: Container replacement strategy
• Rollback Capability: Previous image preservation
• Configuration Validation: Pre-deployment checks

Security Considerations

Network Security

• Firewall: fail2ban integration
• SSL/TLS: Mandatory HTTPS enforcement
• Container Isolation: Network segmentation
• Port Management: Minimal