186 lines
6.4 KiB
YAML
186 lines
6.4 KiB
YAML
- name: Install Stack Orchestrator if it isn't present
|
|
import_playbook: ../stack-orchestrator-setup/setup-laconic-so.yml
|
|
|
|
- name: Setup k8s
|
|
hosts: "{{ target_host }}"
|
|
|
|
environment:
|
|
PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/.local/bin"
|
|
VAULT_KEY: "{{ vault_passphrase }}"
|
|
|
|
vars_files:
|
|
- vars/dns-vars.yml
|
|
- vars/gpg-vars.yml
|
|
- vars/k8s-vars.yml
|
|
|
|
tasks:
|
|
- name: Install Python and pip
|
|
apt:
|
|
name: "{{ item }}"
|
|
state: present
|
|
become: yes
|
|
loop:
|
|
- python3
|
|
- python3-pip
|
|
|
|
- name: Add user to docker group
|
|
user:
|
|
name: "{{ ansible_user }}"
|
|
groups: docker
|
|
append: true
|
|
become: yes
|
|
|
|
- name: Install Ansible on remote host
|
|
pip:
|
|
name: ansible
|
|
extra_args: --user
|
|
when: target_host != "localhost"
|
|
|
|
- name: Ensure ~/.local/bin is in PATH in .bashrc
|
|
lineinfile:
|
|
path: ~/.bashrc
|
|
line: 'export PATH="$HOME/.local/bin:$PATH"'
|
|
state: present
|
|
create: yes
|
|
|
|
- name: Ensure ~/.local/bin is in PATH in .zshrc
|
|
lineinfile:
|
|
path: ~/.zshrc
|
|
line: 'export PATH="$HOME/.local/bin:$PATH"'
|
|
state: present
|
|
create: yes
|
|
|
|
- name: Clone the service provider template repo
|
|
git:
|
|
repo: "https://git.vdb.to/cerc-io/service-provider-template.git"
|
|
dest: "{{ ansible_env.HOME }}/service-provider-template"
|
|
|
|
- name: Update .vault/vault-keys file
|
|
lineinfile:
|
|
path: "service-provider-template/.vault/vault-keys"
|
|
regexp: '^.*$'
|
|
line: "{{ gpg_key_id }}"
|
|
create: yes
|
|
|
|
- name: Start GPG agent
|
|
command: gpg-agent --daemon
|
|
ignore_errors: yes
|
|
|
|
# Cache GPG passphrase by signing a dummy string to avoid passphrase prompts in later steps
|
|
- name: Sign a dummy string using gpg-key
|
|
shell: echo "This is a dummy string." | gpg --batch --yes --local-user "{{ gpg_key_id }}" --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign -
|
|
|
|
- name: Run vault-rekey.sh
|
|
shell: bash .vault/vault-rekey.sh
|
|
args:
|
|
chdir: "service-provider-template"
|
|
register: rekey_result
|
|
until: rekey_result.stderr == ""
|
|
retries: 5
|
|
delay: 5
|
|
|
|
- name: Ensure the target directory exists
|
|
file:
|
|
path: "{{ ansible_env.HOME }}/service-provider-template"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Change directory name in group_vars
|
|
command: mv lcn_cad {{ org_id }}_{{ location_id }}
|
|
args:
|
|
chdir: "{{ ansible_env.HOME }}/service-provider-template/group_vars"
|
|
|
|
- name: Change control directory name in host_vars
|
|
command: mv lcn-cad-cluster-control {{ org_id }}-{{ location_id }}-cluster-control
|
|
args:
|
|
chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars"
|
|
|
|
- name: Change daemon directory name in host_vars
|
|
command: mv lcn-daemon {{ org_id }}-daemon
|
|
args:
|
|
chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars"
|
|
|
|
- name: Copy control-firewalld.yml to the remote VM
|
|
template:
|
|
src: ./templates/control-firewalld.yml.j2
|
|
dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-{{ location_id }}-cluster-control/firewalld.yml"
|
|
|
|
- name: Copy daemon-firewalld.yml to the remote VM
|
|
template:
|
|
src: ./templates/daemon-firewalld.yml.j2
|
|
dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/firewalld.yml"
|
|
|
|
- name: Copy nginx.yml to the remote VM
|
|
template:
|
|
src: ./templates/nginx.yml.j2
|
|
dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/nginx.yml"
|
|
|
|
- name: Copy hosts file to the remote VM
|
|
template:
|
|
src: ./templates/hosts.j2
|
|
dest: "{{ ansible_env.HOME }}/service-provider-template/hosts"
|
|
|
|
- name: Copy k8s.yml to the remote VM
|
|
template:
|
|
src: ./templates/k8s.yml.j2
|
|
dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s.yml"
|
|
|
|
- name: Copy wildcard template to the remote VM
|
|
template:
|
|
src: ./templates/wildcard-pwa-example.yml.j2
|
|
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{ full_domain | replace('.', '-') }}.yaml"
|
|
|
|
- name: Delete old wildcard-pwa file
|
|
file:
|
|
path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml"
|
|
state: absent
|
|
|
|
- name: Install required ansible roles
|
|
shell: ansible-galaxy install -f -p roles -r roles/requirements.yml
|
|
args:
|
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
|
|
|
- name: Install Kubernetes helper tools
|
|
shell: ./roles/k8s/files/scripts/get-kube-tools.sh
|
|
args:
|
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
|
become: yes
|
|
|
|
- name: Update group_vars/all/vault.yml with support email using template
|
|
template:
|
|
src: ./templates/vault.yml.j2
|
|
dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/all/vault.yml"
|
|
|
|
- name: Base64 encode DigitalOcean token
|
|
set_fact:
|
|
b64_encoded_token: "{{ do_api_token | b64encode }}"
|
|
|
|
- name: Update secret-digitalocean-dns.yaml with encoded token
|
|
template:
|
|
src: ./templates/secret-digitalocean-dns.yml.j2
|
|
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/secret-digitalocean-dns.yaml"
|
|
vars:
|
|
b64_encoded_token: "{{ b64_encoded_token }}"
|
|
|
|
- name: Remove k8s-vault.yml file
|
|
file:
|
|
path: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml"
|
|
state: absent
|
|
|
|
- name: Generate token for the cluster
|
|
command: ./roles/k8s/files/scripts/token-vault.sh ./group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml
|
|
args:
|
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
|
|
|
- name: Configure firewalld and nginx
|
|
command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx
|
|
args:
|
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
|
environment:
|
|
ANSIBLE_HOST_KEY_CHECKING: "False"
|
|
|
|
- name: Deploy Kubernetes
|
|
command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user {{ ansible_user }}
|
|
args:
|
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|