- name: Install Stack Orchestrator if it isn't present import_playbook: ../stack-orchestrator-setup/setup-laconic-so.yml - name: Setup k8s hosts: "{{ target_host }}" environment: PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/.local/bin" VAULT_KEY: "{{ vault_passphrase }}" vars_files: - vars/dns-vars.yml - vars/gpg-vars.yml - vars/k8s-vars.yml - vars/user-vars.yml become: yes become_user: "{{username}}" tasks: - name: Install Python and pip apt: name: "{{ item }}" state: present become: true loop: - python3 - python3-pip - name: Install Ansible on remote host pip: name: ansible extra_args: --user when: target_host != "localhost" - name: Ensure ~/.local/bin is in PATH in .bashrc lineinfile: path: ~/.bashrc line: 'export PATH="$HOME/.local/bin:$PATH"' state: present create: yes - name: Ensure ~/.local/bin is in PATH in .zshrc lineinfile: path: ~/.zshrc line: 'export PATH="$HOME/.local/bin:$PATH"' state: present create: yes - name: Clone the service provider template repo git: repo: "https://git.vdb.to/cerc-io/service-provider-template.git" dest: "{{ ansible_env.HOME }}/service-provider-template" - name: Update .vault/vault-keys file lineinfile: path: "service-provider-template/.vault/vault-keys" regexp: '^.*$' line: "{{ gpg_key_id }}" create: yes - name: Start GPG agent command: gpg-agent --daemon ignore_errors: yes - name: Sign a dummy string using gpg-key shell: echo "This is a dummy string." | gpg --batch --yes --local-user "{{ gpg_key_id }}" --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign - - name: Run vault-rekey.sh shell: bash .vault/vault-rekey.sh args: chdir: "service-provider-template" register: rekey_result until: rekey_result.stderr == "" retries: 5 delay: 5 - name: Ensure the target directory exists file: path: "{{ ansible_env.HOME }}/service-provider-template" state: directory mode: '0755' - name: Change directory name in group_vars command: mv lcn_cad {{ org_id }}_{{ location_id }} args: chdir: "{{ ansible_env.HOME }}/service-provider-template/group_vars" - name: Change control directory name in host_vars command: mv lcn-cad-cluster-control {{ org_id }}-{{ location_id }}-cluster-control args: chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars" - name: Change daemon directory name in host_vars command: mv lcn-daemon {{ org_id }}-daemon args: chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars" - name: Copy control-firewalld.yml to the remote VM template: src: ./templates/control-firewalld.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-{{ location_id }}-cluster-control/firewalld.yml" - name: Copy daemon-firewalld.yml to the remote VM template: src: ./templates/daemon-firewalld.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/firewalld.yml" - name: Copy nginx.yml to the remote VM template: src: ./templates/nginx.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/nginx.yml" - name: Copy hosts file to the remote VM template: src: ./templates/hosts.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/hosts" - name: Copy k8s.yml to the remote VM template: src: ./templates/k8s.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s.yml" - name: Copy wildcard-pwa-{{ base_domain }}.yaml to the remote VM template: src: ./templates/wildcard-pwa-example.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{ base_domain }}.yaml" - name: Delete old wildcard-pwa file file: path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml" state: absent - name: Install required ansible roles shell: ansible-galaxy install -f -p roles -r roles/requirements.yml args: chdir: "{{ ansible_env.HOME }}/service-provider-template" - name: Install Kubernetes helper tools shell: ./roles/k8s/files/scripts/get-kube-tools.sh args: chdir: "{{ ansible_env.HOME }}/service-provider-template" become: yes - name: Update group_vars/all/vault.yml with support email using template template: src: ./templates/vault.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/all/vault.yml" - name: Base64 encode DigitalOcean token set_fact: b64_encoded_token: "{{ do_api_token | b64encode }}" - name: Update secret-digitalocean-dns.yaml with encoded token template: src: ./templates/secret-digitalocean-dns.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/secret-digitalocean-dns.yaml" vars: b64_encoded_token: "{{ b64_encoded_token }}" - name: Remove k8s-vault.yml file file: path: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml" state: absent - name: Generate token for the cluster command: ./roles/k8s/files/scripts/token-vault.sh ./group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml args: chdir: "{{ ansible_env.HOME }}/service-provider-template" - name: Configure firewalld and nginx command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx args: chdir: "{{ ansible_env.HOME }}/service-provider-template" environment: ANSIBLE_HOST_KEY_CHECKING: "False" - name: Deploy Kubernetes command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user {{ ansible_user }} args: chdir: "{{ ansible_env.HOME }}/service-provider-template"