testnet-ops/service-provider-setup/setup-k8s.yml
nabarun 65be098ce9 Add steps to clean up service provider setup (#14)
Part of [Service Provider Setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5)
- Move user setup playbook to separate directory
- Remove unneeded variables

Co-authored-by: Adw8 <adwaitgharpure@gmail.com>
Reviewed-on: cerc-io/testnet-ops#14
2024-10-23 06:53:07 +00:00

186 lines
6.4 KiB
YAML

- name: Install Stack Orchestrator if it isn't present
import_playbook: ../stack-orchestrator-setup/setup-laconic-so.yml
- name: Setup k8s
hosts: "{{ target_host }}"
environment:
PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/.local/bin"
VAULT_KEY: "{{ vault_passphrase }}"
vars_files:
- vars/dns-vars.yml
- vars/gpg-vars.yml
- vars/k8s-vars.yml
tasks:
- name: Install Python and pip
apt:
name: "{{ item }}"
state: present
become: yes
loop:
- python3
- python3-pip
- name: Add user to docker group
user:
name: "{{ ansible_user }}"
groups: docker
append: true
become: yes
- name: Install Ansible on remote host
pip:
name: ansible
extra_args: --user
when: target_host != "localhost"
- name: Ensure ~/.local/bin is in PATH in .bashrc
lineinfile:
path: ~/.bashrc
line: 'export PATH="$HOME/.local/bin:$PATH"'
state: present
create: yes
- name: Ensure ~/.local/bin is in PATH in .zshrc
lineinfile:
path: ~/.zshrc
line: 'export PATH="$HOME/.local/bin:$PATH"'
state: present
create: yes
- name: Clone the service provider template repo
git:
repo: "https://git.vdb.to/cerc-io/service-provider-template.git"
dest: "{{ ansible_env.HOME }}/service-provider-template"
- name: Update .vault/vault-keys file
lineinfile:
path: "service-provider-template/.vault/vault-keys"
regexp: '^.*$'
line: "{{ gpg_key_id }}"
create: yes
- name: Start GPG agent
command: gpg-agent --daemon
ignore_errors: yes
# Cache GPG passphrase by signing a dummy string to avoid passphrase prompts in later steps
- name: Sign a dummy string using gpg-key
shell: echo "This is a dummy string." | gpg --batch --yes --local-user "{{ gpg_key_id }}" --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign -
- name: Run vault-rekey.sh
shell: bash .vault/vault-rekey.sh
args:
chdir: "service-provider-template"
register: rekey_result
until: rekey_result.stderr == ""
retries: 5
delay: 5
- name: Ensure the target directory exists
file:
path: "{{ ansible_env.HOME }}/service-provider-template"
state: directory
mode: '0755'
- name: Change directory name in group_vars
command: mv lcn_cad {{ org_id }}_{{ location_id }}
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template/group_vars"
- name: Change control directory name in host_vars
command: mv lcn-cad-cluster-control {{ org_id }}-{{ location_id }}-cluster-control
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars"
- name: Change daemon directory name in host_vars
command: mv lcn-daemon {{ org_id }}-daemon
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars"
- name: Copy control-firewalld.yml to the remote VM
template:
src: ./templates/control-firewalld.yml.j2
dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-{{ location_id }}-cluster-control/firewalld.yml"
- name: Copy daemon-firewalld.yml to the remote VM
template:
src: ./templates/daemon-firewalld.yml.j2
dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/firewalld.yml"
- name: Copy nginx.yml to the remote VM
template:
src: ./templates/nginx.yml.j2
dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/nginx.yml"
- name: Copy hosts file to the remote VM
template:
src: ./templates/hosts.j2
dest: "{{ ansible_env.HOME }}/service-provider-template/hosts"
- name: Copy k8s.yml to the remote VM
template:
src: ./templates/k8s.yml.j2
dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s.yml"
- name: Copy wildcard template to the remote VM
template:
src: ./templates/wildcard-pwa-example.yml.j2
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{ full_domain | replace('.', '-') }}.yaml"
- name: Delete old wildcard-pwa file
file:
path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml"
state: absent
- name: Install required ansible roles
shell: ansible-galaxy install -f -p roles -r roles/requirements.yml
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template"
- name: Install Kubernetes helper tools
shell: ./roles/k8s/files/scripts/get-kube-tools.sh
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template"
become: yes
- name: Update group_vars/all/vault.yml with support email using template
template:
src: ./templates/vault.yml.j2
dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/all/vault.yml"
- name: Base64 encode DigitalOcean token
set_fact:
b64_encoded_token: "{{ do_api_token | b64encode }}"
- name: Update secret-digitalocean-dns.yaml with encoded token
template:
src: ./templates/secret-digitalocean-dns.yml.j2
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/secret-digitalocean-dns.yaml"
vars:
b64_encoded_token: "{{ b64_encoded_token }}"
- name: Remove k8s-vault.yml file
file:
path: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml"
state: absent
- name: Generate token for the cluster
command: ./roles/k8s/files/scripts/token-vault.sh ./group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template"
- name: Configure firewalld and nginx
command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template"
environment:
ANSIBLE_HOST_KEY_CHECKING: "False"
- name: Deploy Kubernetes
command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user {{ ansible_user }}
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template"