From a9c26d97bb5fbe1343a2d374110ac5160578e0f7 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Thu, 20 Oct 2022 16:47:03 +0200 Subject: [PATCH 01/15] add sudo_password --- db/tasks/start-db.yml | 12 +++++--- db/tasks/stop-db.yml | 13 +++++--- inventory/group_vars/db_vault | 25 +++++++-------- inventory/group_vars/local | 1 + inventory/group_vars/local_vault | 10 ++++++ inventory/hosts | 9 +++++- playbook.yml | 8 ++++- scaleway-k8s/.travis.yml | 29 ++++++++++++++++++ scaleway-k8s/README.md | 38 +++++++++++++++++++++++ scaleway-k8s/defaults/main.yml | 2 ++ scaleway-k8s/handlers/main.yml | 2 ++ scaleway-k8s/meta/main.yml | 52 ++++++++++++++++++++++++++++++++ scaleway-k8s/tasks/main.yml | 36 ++++++++++++++++++++++ scaleway-k8s/vars/main.yml | 2 ++ 14 files changed, 216 insertions(+), 23 deletions(-) create mode 100644 inventory/group_vars/local create mode 100644 inventory/group_vars/local_vault create mode 100644 scaleway-k8s/.travis.yml create mode 100644 scaleway-k8s/README.md create mode 100644 scaleway-k8s/defaults/main.yml create mode 100644 scaleway-k8s/handlers/main.yml create mode 100644 scaleway-k8s/meta/main.yml create mode 100644 scaleway-k8s/tasks/main.yml create mode 100644 scaleway-k8s/vars/main.yml diff --git a/db/tasks/start-db.yml b/db/tasks/start-db.yml index d7b6a07..6fa747b 100644 --- a/db/tasks/start-db.yml +++ b/db/tasks/start-db.yml @@ -20,8 +20,10 @@ destination_port: 54321 jump: ACCEPT state: present - become: yes - become_method: sudo + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" - name: Allow port redis ansible.builtin.iptables: @@ -30,5 +32,7 @@ destination_port: 63791 jump: ACCEPT state: present - become: yes - become_method: sudo \ No newline at end of file + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" \ No newline at end of file diff --git a/db/tasks/stop-db.yml b/db/tasks/stop-db.yml index c78bd95..1598e73 100644 --- a/db/tasks/stop-db.yml +++ b/db/tasks/stop-db.yml @@ -7,9 +7,10 @@ destination_port: 54321 jump: ACCEPT state: absent - become: yes - become_method: sudo - + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" - name: Disallow port redis ansible.builtin.iptables: @@ -18,8 +19,10 @@ destination_port: 63791 jump: ACCEPT state: absent - become: yes - become_method: sudo + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" - name: Stopping existing service community.docker.docker_compose: diff --git a/inventory/group_vars/db_vault b/inventory/group_vars/db_vault index 43e66df..2e40f09 100644 --- a/inventory/group_vars/db_vault +++ b/inventory/group_vars/db_vault @@ -1,13 +1,14 @@ $ANSIBLE_VAULT;1.1;AES256 -33613465613332313264333531363966386165643866306463363039613666343736633366666439 -3962323963656131333937373932346536343861303936310a623331343034636330346438633232 -62393434623539376136616265623937326235636638343932363235353337643135373866363362 -6237623238623536620a346463373363333965646132376330616166623065343961343166373563 -36316531623062313136383231366161363261633762616661663435393430346536356635313133 -35636136336333623262653636323864313164623265313138373434643936323864366363643161 -36323836363330346430653232356163663837366636653438316265303763646263303838346637 -30646533386663363430623736393637356536663962346266626262373839323166313235643232 -37393838633437383635323163326564646634626238393264653133386262656239396462333563 -31363137396535643161633435643064643064653037363261303932366163373131663261666361 -62613264353730343261613631303436346438646231643165373535353630353238393838633462 -37613633666139326364 +30326462626436373330386637633864316430623235306239353439313932383964646435393965 +3662326631306134363862626638616330633765666538360a323264646135393935343434343362 +36666566316465383833386433623565373837353233366435346633313566623361653937306336 +6362383331643665300a393561643837376461326663663235343434363438623637306263626163 +38336162383331383732643765323763656130653432386534376335336338663663363439666361 +31306530666264323130333561356564626536643533356337383631613534383730666338313664 +34626261616430623063323836616130383335383965326239636362616531623565323734613532 +33313830663666633432666135346234643834316239633132383862393636623230316532616365 +30336564306336393064613330336436363631316236353237343838396637353735356461323331 +34343637336532373539663565666337383837373235613734303831376636303361376533346333 +32316430613936366464383832376237633036353737353566613638396236316664356638373635 +35303239353937316236323339633335373761623032313231383937306236303861306265646333 +65633638623065303761646562373936336235373533333265643534616663343538 diff --git a/inventory/group_vars/local b/inventory/group_vars/local new file mode 100644 index 0000000..08918fa --- /dev/null +++ b/inventory/group_vars/local @@ -0,0 +1 @@ +project_terraform: /home/valentin/terraform \ No newline at end of file diff --git a/inventory/group_vars/local_vault b/inventory/group_vars/local_vault new file mode 100644 index 0000000..da8d188 --- /dev/null +++ b/inventory/group_vars/local_vault @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.1;AES256 +38396665356139383861356137373362393834373765663937373730333434356565383864333137 +3763386361323938326462393632346565386432336531620a616261656133323236343464303837 +39613966333435393336396361666337306438393138363961336462383666326363326439373762 +6139623462323133330a646432336365666164643435383430616137313130646137623463373636 +32313561383838366437633634376434616438633665363465626633633537383435616537336339 +64313836613730613135363739363536356362373762313431353938653738613666313966393163 +33336234363964633633663431353966666530353432643461656336356166393837316634313164 +65653033636338363563666363326433636163323363656530323834303464356136346163353466 +3533 diff --git a/inventory/hosts b/inventory/hosts index 6710a9f..ee816ef 100644 --- a/inventory/hosts +++ b/inventory/hosts @@ -1,7 +1,14 @@ vps ansible_connection=ssh ansible_host=51.222.107.37 ansible_port=2424 ansible_user=valentin +localhost ansible_host=127.0.0.1 [db] vps [db_vault:children] -db \ No newline at end of file +db + +[local] +localhost + +[local_vault:children] +local diff --git a/playbook.yml b/playbook.yml index 9d6f5cb..ceaafda 100644 --- a/playbook.yml +++ b/playbook.yml @@ -2,4 +2,10 @@ - hosts: db remote_user: valentin roles: - - db \ No newline at end of file + - db + +- hosts: local + remote_user: valentin + roles: + - scaleway-k8s + tags: ["create-cluster"] \ No newline at end of file diff --git a/scaleway-k8s/.travis.yml b/scaleway-k8s/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/scaleway-k8s/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/scaleway-k8s/README.md b/scaleway-k8s/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/scaleway-k8s/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/scaleway-k8s/defaults/main.yml b/scaleway-k8s/defaults/main.yml new file mode 100644 index 0000000..fdf9e8c --- /dev/null +++ b/scaleway-k8s/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for scaleway-k8s diff --git a/scaleway-k8s/handlers/main.yml b/scaleway-k8s/handlers/main.yml new file mode 100644 index 0000000..24d44fe --- /dev/null +++ b/scaleway-k8s/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for scaleway-k8s diff --git a/scaleway-k8s/meta/main.yml b/scaleway-k8s/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/scaleway-k8s/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/scaleway-k8s/tasks/main.yml b/scaleway-k8s/tasks/main.yml new file mode 100644 index 0000000..c3c3ad3 --- /dev/null +++ b/scaleway-k8s/tasks/main.yml @@ -0,0 +1,36 @@ +--- +# tasks file for scaleway-k8s + +- name: Create directory terraform + file: + path: /home/valentin/terraform + state: directory + +- name: Copy main.tf + template: + src: main.tf.j2 + dest: /home/valentin/terraform/main.tf + +- name: Plan terraform + community.general.terraform: + project_path: '{{ project_terraform }}' + state: planned + register: output + environment: + SCW_ACCESS_KEY: "{{ scw_access_key }}" + SCW_SECRET_KEY: "{{ scw_secret_key }}" + + +- name: display plan terraform + debug: + var: output + +- name: Create cluster scaleway + community.general.terraform: + project_path: '{{ project_terraform }}' + state: present + environment: + SCW_ACCESS_KEY: "{{ scw_access_key }}" + SCW_SECRET_KEY: "{{ scw_secret_key }}" + + diff --git a/scaleway-k8s/vars/main.yml b/scaleway-k8s/vars/main.yml new file mode 100644 index 0000000..166ff3a --- /dev/null +++ b/scaleway-k8s/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for scaleway-k8s From b9c54eff607ee8da316de6f7bbb77a47c6a63e0a Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 8 Oct 2022 19:52:45 +0200 Subject: [PATCH 02/15] first test terraform to create cluster k8s --- main.tf | 43 ------------------------------ scaleway-k8s/tasks/main.yml | 20 ++++++-------- scaleway-k8s/templates/main.tf.j2 | 44 ------------------------------- 3 files changed, 8 insertions(+), 99 deletions(-) delete mode 100644 main.tf diff --git a/main.tf b/main.tf deleted file mode 100644 index 2aa7a66..0000000 --- a/main.tf +++ /dev/null @@ -1,43 +0,0 @@ -terraform { - required_providers { - scaleway = { - source = "scaleway/scaleway" - } - } - required_version = ">= 0.13" -} - -resource "scaleway_k8s_cluster" "terraform-test" { - name = "terraform-test" - version = "1.24.3" - cni = "cilium" - project_id = "81af2696-6120-4f45-baf3-d17fb0525824" - region = "fr-par" -} - - resource "scaleway_k8s_pool" "john" { - cluster_id = scaleway_k8s_cluster.terraform-test.id - name = "john" - node_type = "DEV1-M" - size = 1 - } - - resource "null_resource" "kubeconfig" { - depends_on = [scaleway_k8s_pool.john] # at least one pool here - triggers = { - host = scaleway_k8s_cluster.terraform-test.kubeconfig[0].host - token = scaleway_k8s_cluster.terraform-test.kubeconfig[0].token - cluster_ca_certificate = scaleway_k8s_cluster.terraform-test.kubeconfig[0].cluster_ca_certificate - } -} - - -provider "kubernetes" { - load_config_file = "false" - - host = null_resource.kubeconfig.triggers.host - token = null_resource.kubeconfig.triggers.token - cluster_ca_certificate = base64decode( - null_resource.kubeconfig.triggers.cluster_ca_certificate - ) -} \ No newline at end of file diff --git a/scaleway-k8s/tasks/main.yml b/scaleway-k8s/tasks/main.yml index c3c3ad3..c429ca0 100644 --- a/scaleway-k8s/tasks/main.yml +++ b/scaleway-k8s/tasks/main.yml @@ -1,24 +1,15 @@ --- # tasks file for scaleway-k8s -- name: Create directory terraform +- name: Create directory {{ project_terraform }} file: - path: /home/valentin/terraform + path: "{{ project_terraform }}" state: directory - name: Copy main.tf template: src: main.tf.j2 - dest: /home/valentin/terraform/main.tf - -- name: Plan terraform - community.general.terraform: - project_path: '{{ project_terraform }}' - state: planned - register: output - environment: - SCW_ACCESS_KEY: "{{ scw_access_key }}" - SCW_SECRET_KEY: "{{ scw_secret_key }}" + dest: "{{ project_terraform }}/main.tf" - name: display plan terraform @@ -29,8 +20,13 @@ community.general.terraform: project_path: '{{ project_terraform }}' state: present + force_init: yes environment: SCW_ACCESS_KEY: "{{ scw_access_key }}" SCW_SECRET_KEY: "{{ scw_secret_key }}" + register: output +- name: display terraform result + debug: + var: output diff --git a/scaleway-k8s/templates/main.tf.j2 b/scaleway-k8s/templates/main.tf.j2 index 9c1cf05..e69de29 100644 --- a/scaleway-k8s/templates/main.tf.j2 +++ b/scaleway-k8s/templates/main.tf.j2 @@ -1,44 +0,0 @@ -terraform { - required_providers { - scaleway = { - source = "scaleway/scaleway" - } - } - required_version = ">= 0.13" -} - - - resource "scaleway_k8s_cluster" "{{ project_name }}" { - name = "{{ project_name }}" - version = "1.24.3" - cni = "cilium" - project_id = "{{ project_id }}" - region = "{{ region_k8s }}" - } - - resource "scaleway_k8s_pool" "john" { - cluster_id = scaleway_k8s_cluster.{{ project_name }}.id - name = "john" - node_type = "DEV1-M" - size = 1 - } - - resource "null_resource" "kubeconfig" { - depends_on = [scaleway_k8s_pool.john] # at least one pool here - triggers = { - host = scaleway_k8s_cluster.{{ project_name }}.kubeconfig[0].host - token = scaleway_k8s_cluster.{{ project_name }}.kubeconfig[0].token - cluster_ca_certificate = scaleway_k8s_cluster.{{ project_name }}.kubeconfig[0].cluster_ca_certificate - } -} - - -provider "kubernetes" { - load_config_file = "false" - - host = null_resource.kubeconfig.triggers.host - token = null_resource.kubeconfig.triggers.token - cluster_ca_certificate = base64decode( - null_resource.kubeconfig.triggers.cluster_ca_certificate - ) -} \ No newline at end of file From bbb3e03651a350e60ba7b4f4136335d21a2de0e9 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 8 Oct 2022 23:40:59 +0200 Subject: [PATCH 03/15] get content from api scaleway --- playbook.yml | 3 +-- scaleway-k8s/tasks/k8s.yml | 16 ++++++++++++++ scaleway-k8s/tasks/main.yml | 37 ++++++-------------------------- scaleway-k8s/tasks/terraform.yml | 32 +++++++++++++++++++++++++++ 4 files changed, 55 insertions(+), 33 deletions(-) create mode 100644 scaleway-k8s/tasks/k8s.yml create mode 100644 scaleway-k8s/tasks/terraform.yml diff --git a/playbook.yml b/playbook.yml index ceaafda..503b9de 100644 --- a/playbook.yml +++ b/playbook.yml @@ -7,5 +7,4 @@ - hosts: local remote_user: valentin roles: - - scaleway-k8s - tags: ["create-cluster"] \ No newline at end of file + - scaleway-k8s \ No newline at end of file diff --git a/scaleway-k8s/tasks/k8s.yml b/scaleway-k8s/tasks/k8s.yml new file mode 100644 index 0000000..fc13648 --- /dev/null +++ b/scaleway-k8s/tasks/k8s.yml @@ -0,0 +1,16 @@ +- name: Get id of cluster + ansible.builtin.uri: + url: https://api.scaleway.com/k8s/v1/regions/fr-par/clusters + status_code: 200 + return_content: yes + method: GET + headers: + X-Auth-Token: "{{ scw_secret_key }}" + register: output + +- name: Display content GET scaleway + debug: + msg: "{{ item }}" + with_items: "{{ output.content |to_json }}" + +# | from_json | community.general.json_query('clusters[*]') \ No newline at end of file diff --git a/scaleway-k8s/tasks/main.yml b/scaleway-k8s/tasks/main.yml index c429ca0..8edb170 100644 --- a/scaleway-k8s/tasks/main.yml +++ b/scaleway-k8s/tasks/main.yml @@ -1,32 +1,7 @@ ---- -# tasks file for scaleway-k8s - -- name: Create directory {{ project_terraform }} - file: - path: "{{ project_terraform }}" - state: directory - -- name: Copy main.tf - template: - src: main.tf.j2 - dest: "{{ project_terraform }}/main.tf" - - -- name: display plan terraform - debug: - var: output - -- name: Create cluster scaleway - community.general.terraform: - project_path: '{{ project_terraform }}' - state: present - force_init: yes - environment: - SCW_ACCESS_KEY: "{{ scw_access_key }}" - SCW_SECRET_KEY: "{{ scw_secret_key }}" - register: output - -- name: display terraform result - debug: - var: output +- name: Create cluster k8s scaleway via terraform + ansible.builtin.import_tasks: terraform.yml + tags: ["create-cluster"] +- name: Get id Cluster + ansible.builtin.import_tasks: k8s.yml + tags: ["create-cluster", "api"] \ No newline at end of file diff --git a/scaleway-k8s/tasks/terraform.yml b/scaleway-k8s/tasks/terraform.yml new file mode 100644 index 0000000..f584d14 --- /dev/null +++ b/scaleway-k8s/tasks/terraform.yml @@ -0,0 +1,32 @@ +--- +# tasks file for create cluster k8s via terraform + +- name: Create directory {{ project_terraform }} + file: + path: "{{ project_terraform }}" + state: directory + +- name: Copy main.tf + template: + src: main.tf.j2 + dest: "{{ project_terraform }}/main.tf" + + +- name: display plan terraform + debug: + var: output + +- name: Create cluster scaleway + community.general.terraform: + project_path: '{{ project_terraform }}' + state: present + force_init: yes + environment: + SCW_ACCESS_KEY: "{{ scw_access_key }}" + SCW_SECRET_KEY: "{{ scw_secret_key }}" + register: output + +- name: display terraform result + debug: + var: output + From a30ab86b4f2d2fa445df52bdacd27a26a07fd5d3 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 9 Oct 2022 13:04:02 +0200 Subject: [PATCH 04/15] destroy cluster and rename terraform to create-cluster --- .../tasks/{terraform.yml => create-cluster.yml} | 4 ---- scaleway-k8s/tasks/destroy-cluster.yml | 13 +++++++++++++ scaleway-k8s/tasks/main.yml | 8 ++++++-- 3 files changed, 19 insertions(+), 6 deletions(-) rename scaleway-k8s/tasks/{terraform.yml => create-cluster.yml} (91%) create mode 100644 scaleway-k8s/tasks/destroy-cluster.yml diff --git a/scaleway-k8s/tasks/terraform.yml b/scaleway-k8s/tasks/create-cluster.yml similarity index 91% rename from scaleway-k8s/tasks/terraform.yml rename to scaleway-k8s/tasks/create-cluster.yml index f584d14..4be7131 100644 --- a/scaleway-k8s/tasks/terraform.yml +++ b/scaleway-k8s/tasks/create-cluster.yml @@ -12,10 +12,6 @@ dest: "{{ project_terraform }}/main.tf" -- name: display plan terraform - debug: - var: output - - name: Create cluster scaleway community.general.terraform: project_path: '{{ project_terraform }}' diff --git a/scaleway-k8s/tasks/destroy-cluster.yml b/scaleway-k8s/tasks/destroy-cluster.yml new file mode 100644 index 0000000..a775c78 --- /dev/null +++ b/scaleway-k8s/tasks/destroy-cluster.yml @@ -0,0 +1,13 @@ +- name: "Destroy cluster via terraform" + community.general.terraform: + project_path: '{{ project_terraform }}' + state: absent + environment: + SCW_ACCESS_KEY: "{{ scw_access_key }}" + SCW_SECRET_KEY: "{{ scw_secret_key }}" + register: output + +- name: Remove directory + file: + path: '{{ project_terraform }}' + state: absent \ No newline at end of file diff --git a/scaleway-k8s/tasks/main.yml b/scaleway-k8s/tasks/main.yml index 8edb170..2c70873 100644 --- a/scaleway-k8s/tasks/main.yml +++ b/scaleway-k8s/tasks/main.yml @@ -1,7 +1,11 @@ - name: Create cluster k8s scaleway via terraform - ansible.builtin.import_tasks: terraform.yml + ansible.builtin.import_tasks: create-cluster.yml tags: ["create-cluster"] - name: Get id Cluster ansible.builtin.import_tasks: k8s.yml - tags: ["create-cluster", "api"] \ No newline at end of file + tags: ["create-cluster", "api"] + +- name: Destroy cluster k8s scaleway via terraform + ansible.builtin.import_tasks: destroy-cluster.yml + tags: ["destroy-cluster"] \ No newline at end of file From 30d3b2bfee95eb816c4d9843ddfb587d3ad69edc Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 9 Oct 2022 13:27:16 +0200 Subject: [PATCH 05/15] download kubeconfig --- scaleway-k8s/tasks/k8s.yml | 16 ---------------- scaleway-k8s/tasks/kubeconfig.yml | 21 +++++++++++++++++++++ 2 files changed, 21 insertions(+), 16 deletions(-) delete mode 100644 scaleway-k8s/tasks/k8s.yml create mode 100644 scaleway-k8s/tasks/kubeconfig.yml diff --git a/scaleway-k8s/tasks/k8s.yml b/scaleway-k8s/tasks/k8s.yml deleted file mode 100644 index fc13648..0000000 --- a/scaleway-k8s/tasks/k8s.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Get id of cluster - ansible.builtin.uri: - url: https://api.scaleway.com/k8s/v1/regions/fr-par/clusters - status_code: 200 - return_content: yes - method: GET - headers: - X-Auth-Token: "{{ scw_secret_key }}" - register: output - -- name: Display content GET scaleway - debug: - msg: "{{ item }}" - with_items: "{{ output.content |to_json }}" - -# | from_json | community.general.json_query('clusters[*]') \ No newline at end of file diff --git a/scaleway-k8s/tasks/kubeconfig.yml b/scaleway-k8s/tasks/kubeconfig.yml new file mode 100644 index 0000000..a579457 --- /dev/null +++ b/scaleway-k8s/tasks/kubeconfig.yml @@ -0,0 +1,21 @@ +- name: Get id of cluster + ansible.builtin.uri: + url: https://api.scaleway.com/k8s/v1/regions/fr-par/clusters + status_code: 200 + return_content: yes + method: GET + headers: + X-Auth-Token: "{{ scw_secret_key }}" + register: output + +- name: Download kubeconfig + ansible.builtin.uri: + url: "https://api.scaleway.com/k8s/v1/regions/fr-par/clusters/{{ item.id }}/kubeconfig?dl=1" + status_code: 200 + dest: "{{ project_terraform }}/kubeconfig" + method: GET + headers: + X-Auth-Token: "{{ scw_secret_key }}" + when: item.name == "terraform-test" + with_items: "{{ (output.content |from_json).clusters }}" + \ No newline at end of file From 4af016b0c4340325a77ac004420a4714d58c6130 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 9 Oct 2022 13:30:47 +0200 Subject: [PATCH 06/15] change yml name --- scaleway-k8s/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scaleway-k8s/tasks/main.yml b/scaleway-k8s/tasks/main.yml index 2c70873..1b69b1b 100644 --- a/scaleway-k8s/tasks/main.yml +++ b/scaleway-k8s/tasks/main.yml @@ -3,8 +3,8 @@ tags: ["create-cluster"] - name: Get id Cluster - ansible.builtin.import_tasks: k8s.yml - tags: ["create-cluster", "api"] + ansible.builtin.import_tasks: kubeconfig.yml + tags: ["create-cluster", "kubeconfig"] - name: Destroy cluster k8s scaleway via terraform ansible.builtin.import_tasks: destroy-cluster.yml From 5e40ed2cc9f619443b33277479b1903337ec5583 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Thu, 20 Oct 2022 16:51:12 +0200 Subject: [PATCH 07/15] add variable project_id --- inventory/group_vars/local | 4 ++- scaleway-k8s/tasks/kubeconfig.yml | 6 ++--- scaleway-k8s/templates/main.tf.j2 | 44 +++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 4 deletions(-) diff --git a/inventory/group_vars/local b/inventory/group_vars/local index 08918fa..532d45f 100644 --- a/inventory/group_vars/local +++ b/inventory/group_vars/local @@ -1 +1,3 @@ -project_terraform: /home/valentin/terraform \ No newline at end of file +project_terraform: "/home/valentin/terraform" +region_k8s: "fr-par" +project_name: "terraform-test" \ No newline at end of file diff --git a/scaleway-k8s/tasks/kubeconfig.yml b/scaleway-k8s/tasks/kubeconfig.yml index a579457..f3cabab 100644 --- a/scaleway-k8s/tasks/kubeconfig.yml +++ b/scaleway-k8s/tasks/kubeconfig.yml @@ -1,6 +1,6 @@ - name: Get id of cluster ansible.builtin.uri: - url: https://api.scaleway.com/k8s/v1/regions/fr-par/clusters + url: "https://api.scaleway.com/k8s/v1/regions/{{ region_k8s }}/clusters" status_code: 200 return_content: yes method: GET @@ -10,12 +10,12 @@ - name: Download kubeconfig ansible.builtin.uri: - url: "https://api.scaleway.com/k8s/v1/regions/fr-par/clusters/{{ item.id }}/kubeconfig?dl=1" + url: "https://api.scaleway.com/k8s/v1/regions/{{ region_k8s }}/clusters/{{ item.id }}/kubeconfig?dl=1" status_code: 200 dest: "{{ project_terraform }}/kubeconfig" method: GET headers: X-Auth-Token: "{{ scw_secret_key }}" - when: item.name == "terraform-test" + when: item.name == "{{ project_name }}" with_items: "{{ (output.content |from_json).clusters }}" \ No newline at end of file diff --git a/scaleway-k8s/templates/main.tf.j2 b/scaleway-k8s/templates/main.tf.j2 index e69de29..0453bae 100644 --- a/scaleway-k8s/templates/main.tf.j2 +++ b/scaleway-k8s/templates/main.tf.j2 @@ -0,0 +1,44 @@ +terraform { + required_providers { + scaleway = { + source = "scaleway/scaleway" + } + } + required_version = ">= 0.13" +} + + + resource "scaleway_k8s_cluster" "{{ project_name }}" { + name = "{{ project_name }}" + version = "1.24.3" + cni = "cilium" + project_id = "{{ project_id }}" + region = "{{ region_k8s }}" + } + + resource "scaleway_k8s_pool" "john" { + cluster_id = scaleway_k8s_cluster.{{ project_name }}.id + name = "john" + node_type = "DEV1-M" + size = 1 + } + + resource "null_resource" "kubeconfig" { + depends_on = [scaleway_k8s_pool.john] # at least one pool here + triggers = { + host = scaleway_k8s_cluster.{{ project_name }}.kubeconfig[0].host + token = scaleway_k8s_cluster.{{ project_name }}.kubeconfig[0].token + cluster_ca_certificate = scaleway_k8s_cluster.{{ project_name }}.kubeconfig[0].cluster_ca_certificate + } +} + + +provider "kubernetes" { + load_config_file = "false" + + host = null_resource.kubeconfig.triggers.host + token = null_resource.kubeconfig.triggers.token + cluster_ca_certificate = base64decode( + null_resource.kubeconfig.triggers.cluster_ca_certificate + ) +} From 28f46dc9f03778cde2cefcc7a1baa4fb22b8e29d Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 9 Oct 2022 13:49:57 +0200 Subject: [PATCH 08/15] add file requierements --- requirements.yml | 214 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 214 insertions(+) create mode 100644 requirements.yml diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..421159b --- /dev/null +++ b/requirements.yml @@ -0,0 +1,214 @@ +/home/valentin/.ansible/collections/ansible_collections: + community.docker: + version: 3.1.0 +/usr/lib/python3.10/site-packages/ansible_collections: + amazon.aws: + version: 3.4.0 + ansible.netcommon: + version: 3.1.1 + ansible.posix: + version: 1.4.0 + ansible.utils: + version: 2.6.1 + ansible.windows: + version: 1.11.1 + arista.eos: + version: 5.0.1 + awx.awx: + version: 21.5.0 + azure.azcollection: + version: 1.13.0 + check_point.mgmt: + version: 2.3.0 + chocolatey.chocolatey: + version: 1.3.0 + cisco.aci: + version: 2.2.0 + cisco.asa: + version: 3.1.0 + cisco.dnac: + version: 6.6.0 + cisco.intersight: + version: 1.0.19 + cisco.ios: + version: 3.3.1 + cisco.iosxr: + version: 3.3.1 + cisco.ise: + version: 2.5.3 + cisco.meraki: + version: 2.11.0 + cisco.mso: + version: 2.0.0 + cisco.nso: + version: 1.0.3 + cisco.nxos: + version: 3.1.1 + cisco.ucs: + version: 1.8.0 + cloud.common: + version: 2.1.2 + cloudscale_ch.cloud: + version: 2.2.2 + community.aws: + version: 3.5.0 + community.azure: + version: 1.1.0 + community.ciscosmb: + version: 1.0.5 + community.crypto: + version: 2.5.0 + community.digitalocean: + version: 1.21.0 + community.dns: + version: 2.3.2 + community.docker: + version: 2.7.1 + community.fortios: + version: 1.0.0 + community.general: + version: 5.6.0 + community.google: + version: 1.0.0 + community.grafana: + version: 1.5.2 + community.hashi_vault: + version: 3.2.0 + community.hrobot: + version: 1.5.2 + community.libvirt: + version: 1.2.0 + community.mongodb: + version: 1.4.2 + community.mysql: + version: 3.5.1 + community.network: + version: 4.0.1 + community.okd: + version: 2.2.0 + community.postgresql: + version: 2.2.0 + community.proxysql: + version: 1.4.0 + community.rabbitmq: + version: 1.2.2 + community.routeros: + version: 2.3.0 + community.sap: + version: 1.0.0 + community.sap_libs: + version: 1.3.0 + community.skydive: + version: 1.0.0 + community.sops: + version: 1.4.0 + community.vmware: + version: 2.9.1 + community.windows: + version: 1.11.0 + community.zabbix: + version: 1.8.0 + containers.podman: + version: 1.9.4 + cyberark.conjur: + version: 1.2.0 + cyberark.pas: + version: 1.0.14 + dellemc.enterprise_sonic: + version: 1.1.2 + dellemc.openmanage: + version: 5.5.0 + dellemc.os10: + version: 1.1.1 + dellemc.os6: + version: 1.0.7 + dellemc.os9: + version: 1.0.4 + f5networks.f5_modules: + version: 1.19.0 + fortinet.fortimanager: + version: 2.1.5 + fortinet.fortios: + version: 2.1.7 + frr.frr: + version: 2.0.0 + gluster.gluster: + version: 1.0.2 + google.cloud: + version: 1.0.2 + hetzner.hcloud: + version: 1.8.2 + hpe.nimble: + version: 1.1.4 + ibm.qradar: + version: 2.1.0 + ibm.spectrum_virtualize: + version: 1.9.0 + infinidat.infinibox: + version: 1.3.3 + infoblox.nios_modules: + version: 1.3.0 + inspur.ispim: + version: 1.0.1 + inspur.sm: + version: 2.0.0 + junipernetworks.junos: + version: 3.1.0 + kubernetes.core: + version: 2.3.2 + mellanox.onyx: + version: 1.0.0 + netapp.aws: + version: 21.7.0 + netapp.azure: + version: 21.10.0 + netapp.cloudmanager: + version: 21.19.0 + netapp.elementsw: + version: 21.7.0 + netapp.ontap: + version: 21.23.0 + netapp.storagegrid: + version: 21.11.0 + netapp.um_info: + version: 21.8.0 + netapp_eseries.santricity: + version: 1.3.1 + netbox.netbox: + version: 3.7.1 + ngine_io.cloudstack: + version: 2.2.4 + ngine_io.exoscale: + version: 1.0.0 + ngine_io.vultr: + version: 1.1.2 + openstack.cloud: + version: 1.9.1 + openvswitch.openvswitch: + version: 2.1.0 + ovirt.ovirt: + version: 2.2.3 + purestorage.flasharray: + version: 1.13.0 + purestorage.flashblade: + version: 1.10.0 + purestorage.fusion: + version: 1.1.0 + sensu.sensu_go: + version: 1.13.1 + servicenow.servicenow: + version: 1.0.6 + splunk.es: + version: 2.1.0 + t_systems_mms.icinga_director: + version: 1.31.0 + theforeman.foreman: + version: 3.6.0 + vmware.vmware_rest: + version: 2.2.0 + vultr.cloud: + version: 1.1.0 + vyos.vyos: + version: 3.0.1 + wti.remote: + version: 1.0.4 From 234e9b63950b4221d41e0e780d930eefc3fb23f4 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Mon, 10 Oct 2022 23:15:28 +0200 Subject: [PATCH 09/15] add registry role --- db/tasks/main.yml | 8 ++-- db/tasks/start-db.yml | 1 + registry/.travis.yml | 29 ++++++++++++ registry/README.md | 38 ++++++++++++++++ registry/defaults/main.yml | 2 + registry/files/docker-compose-registry.yml | 11 +++++ registry/handlers/main.yml | 2 + registry/meta/main.yml | 52 ++++++++++++++++++++++ registry/tasks/deploy-registry.yml | 13 ++++++ registry/tasks/main.yml | 23 ++++++++++ registry/tasks/remove-registry.yml | 18 ++++++++ registry/tasks/start-registry.yml | 27 +++++++++++ registry/tasks/stop-registry.yml | 25 +++++++++++ registry/templates/env.j2 | 3 ++ registry/vars/main.yml | 4 ++ 15 files changed, 252 insertions(+), 4 deletions(-) create mode 100644 registry/.travis.yml create mode 100644 registry/README.md create mode 100644 registry/defaults/main.yml create mode 100644 registry/files/docker-compose-registry.yml create mode 100644 registry/handlers/main.yml create mode 100644 registry/meta/main.yml create mode 100644 registry/tasks/deploy-registry.yml create mode 100644 registry/tasks/main.yml create mode 100644 registry/tasks/remove-registry.yml create mode 100644 registry/tasks/start-registry.yml create mode 100644 registry/tasks/stop-registry.yml create mode 100644 registry/templates/env.j2 create mode 100644 registry/vars/main.yml diff --git a/db/tasks/main.yml b/db/tasks/main.yml index a3a64be..e0b1230 100644 --- a/db/tasks/main.yml +++ b/db/tasks/main.yml @@ -7,17 +7,17 @@ - name: Deploy database postgresql and redis ansible.builtin.import_tasks: deploy-db.yml - tags: ["start-with-deploy", "deploy"] + tags: ["create-db", "deploy-db"] - name: Start db postgresql and redis ansible.builtin.import_tasks: start-db.yml - tags: ["start-with-deploy", "start"] + tags: ["deploy-db", "start-db"] - name: stop db postgresql and redis ansible.builtin.import_tasks: stop-db.yml - tags: ["destroy", "stop"] + tags: ["destroy-db", "stop-db"] - name: Remove db ansible.builtin.import_tasks: remove-db.yml - tags: ["destroy"] \ No newline at end of file + tags: ["destroy-db"] \ No newline at end of file diff --git a/db/tasks/start-db.yml b/db/tasks/start-db.yml index 6fa747b..35d679a 100644 --- a/db/tasks/start-db.yml +++ b/db/tasks/start-db.yml @@ -3,6 +3,7 @@ - name: Stopping existing service community.docker.docker_compose: project_src: /home/valentin/db + state: absent - name: Starting service community.docker.docker_compose: diff --git a/registry/.travis.yml b/registry/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/registry/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/registry/README.md b/registry/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/registry/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/registry/defaults/main.yml b/registry/defaults/main.yml new file mode 100644 index 0000000..492c903 --- /dev/null +++ b/registry/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for server diff --git a/registry/files/docker-compose-registry.yml b/registry/files/docker-compose-registry.yml new file mode 100644 index 0000000..28f1b96 --- /dev/null +++ b/registry/files/docker-compose-registry.yml @@ -0,0 +1,11 @@ +version: '3' + +services: + registry: + image: registry:2 + ports: + - "5000:5000" + environment: + REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data + volumes: + - ./data:/data diff --git a/registry/handlers/main.yml b/registry/handlers/main.yml new file mode 100644 index 0000000..e7b1089 --- /dev/null +++ b/registry/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for server diff --git a/registry/meta/main.yml b/registry/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/registry/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/registry/tasks/deploy-registry.yml b/registry/tasks/deploy-registry.yml new file mode 100644 index 0000000..9cb0d66 --- /dev/null +++ b/registry/tasks/deploy-registry.yml @@ -0,0 +1,13 @@ +# deploy docker registry + +- name: Create directory + file: + path: "/home/valentin/{{ item }}" + state: directory + with_items: + - registry + +- name: Copy docker compose server file + copy: + src: docker-compose-registry.yml + dest: /home/valentin/registry/docker-compose.yml \ No newline at end of file diff --git a/registry/tasks/main.yml b/registry/tasks/main.yml new file mode 100644 index 0000000..ed57ada --- /dev/null +++ b/registry/tasks/main.yml @@ -0,0 +1,23 @@ +--- +# tasks file for server + + + +# include task registry + +- name: Deploy registry + ansible.builtin.import_tasks: deploy-registry.yml + tags: ["create-registry", "deploy-regsitry"] + +- name: Start registry + ansible.builtin.import_tasks: start-registry.yml + tags: ["deploy-registry", "start-registry"] + + +- name: stop registry + ansible.builtin.import_tasks: stop-registry.yml + tags: ["destroy-registry", "stop-registry"] + +- name: Remove registry + ansible.builtin.import_tasks: remove-registry.yml + tags: ["destroy-registry"] \ No newline at end of file diff --git a/registry/tasks/remove-registry.yml b/registry/tasks/remove-registry.yml new file mode 100644 index 0000000..b1d1fa5 --- /dev/null +++ b/registry/tasks/remove-registry.yml @@ -0,0 +1,18 @@ +# remove db + +- name: Stopping existing service + community.docker.docker_compose: + project_src: "{{ project_src }}" + state: absent + remove_volumes: yes + remove_images: local + register: output + +- name: Debug output + debug: + var: output + +- name: Remove project covas db + file: + path: "{{ project_src }}" + state: absent \ No newline at end of file diff --git a/registry/tasks/start-registry.yml b/registry/tasks/start-registry.yml new file mode 100644 index 0000000..72b495c --- /dev/null +++ b/registry/tasks/start-registry.yml @@ -0,0 +1,27 @@ +# start services db + +- name: Stopping existing service + community.docker.docker_compose: + project_src: "{{ project_src }}" + state: absent + +- name: Starting service + community.docker.docker_compose: + project_src: "{{ project_src }}" + register: output + +- name: debug output + debug: + var: output + +- name: Allow port registry + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + destination_port: 5000 + jump: ACCEPT + state: present + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" diff --git a/registry/tasks/stop-registry.yml b/registry/tasks/stop-registry.yml new file mode 100644 index 0000000..a5cb2ab --- /dev/null +++ b/registry/tasks/stop-registry.yml @@ -0,0 +1,25 @@ +# stop services db and redis + +- name: Disallow port postgresql + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + destination_port: 5000 + jump: ACCEPT + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: Stopping existing service + community.docker.docker_compose: + project_src: "{{ project_src }}" + state: present + stopped: yes + register: output + + +- name: Debug output + debug: + var: output diff --git a/registry/templates/env.j2 b/registry/templates/env.j2 new file mode 100644 index 0000000..f90d46b --- /dev/null +++ b/registry/templates/env.j2 @@ -0,0 +1,3 @@ +POSTGRES_PASSWORD={{ postgres_password }} +POSTGRES_USER={{ postgres_user }} +POSTGRES_DB={{ postgres_db }} \ No newline at end of file diff --git a/registry/vars/main.yml b/registry/vars/main.yml new file mode 100644 index 0000000..1c4ee13 --- /dev/null +++ b/registry/vars/main.yml @@ -0,0 +1,4 @@ +--- +# vars file for server + +project_src: /home/valentin/registry From 9799d9c39c90ec37b83124e84691f0e334195909 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Mon, 10 Oct 2022 23:35:44 +0200 Subject: [PATCH 10/15] add vault for nas server --- inventory/group_vars/nas | 0 inventory/group_vars/nas_vault | 6 ++++++ inventory/hosts | 7 +++++++ playbook.yml | 5 +++++ registry/tasks/main.yml | 2 +- 5 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 inventory/group_vars/nas create mode 100644 inventory/group_vars/nas_vault diff --git a/inventory/group_vars/nas b/inventory/group_vars/nas new file mode 100644 index 0000000..e69de29 diff --git a/inventory/group_vars/nas_vault b/inventory/group_vars/nas_vault new file mode 100644 index 0000000..c65113f --- /dev/null +++ b/inventory/group_vars/nas_vault @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +35333863396561393462653263323133343233346534616138616530643066323161656534653738 +3335306466663636623236383435663337393466633437660a303961663331653463343933353966 +35636161393663386137306561613965653438626432323865323233636662653333616532636665 +3562333936366238640a646262373233363665366437653032303238313266356138343239303936 +36663531303061663763653637333365303664666563353631303435633462343537 diff --git a/inventory/hosts b/inventory/hosts index ee816ef..3defa7f 100644 --- a/inventory/hosts +++ b/inventory/hosts @@ -1,4 +1,5 @@ vps ansible_connection=ssh ansible_host=51.222.107.37 ansible_port=2424 ansible_user=valentin +valentin-nas ansible_connection=ssh ansible_host=151.80.37.38 ansible_port=2424 ansible_user=valentin localhost ansible_host=127.0.0.1 [db] @@ -7,6 +8,12 @@ vps [db_vault:children] db +[nas] +valentin-nas + +[nas_vault:children] +nas + [local] localhost diff --git a/playbook.yml b/playbook.yml index 503b9de..00917df 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,4 +1,9 @@ --- +- hosts: nas + remote_user: valentin + roles: + - registry + - hosts: db remote_user: valentin roles: diff --git a/registry/tasks/main.yml b/registry/tasks/main.yml index ed57ada..62f1ed3 100644 --- a/registry/tasks/main.yml +++ b/registry/tasks/main.yml @@ -7,7 +7,7 @@ - name: Deploy registry ansible.builtin.import_tasks: deploy-registry.yml - tags: ["create-registry", "deploy-regsitry"] + tags: ["create-registry", "deploy-registry"] - name: Start registry ansible.builtin.import_tasks: start-registry.yml From 44dce5861721811a05f7bd40242a7d8014292817 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Tue, 11 Oct 2022 22:50:34 +0200 Subject: [PATCH 11/15] fusion roles db et registry --- db/tasks/deploy-db.yml | 34 ------------ db/tasks/main.yml | 23 -------- db/tasks/remove-db.yml | 18 ------- db/tasks/start-db.yml | 39 -------------- db/tasks/stop-db.yml | 37 ------------- inventory/group_vars/db | 17 +++++- inventory/group_vars/registry | 11 ++++ inventory/hosts | 3 ++ playbook.yml | 9 +--- registry/.travis.yml | 29 ----------- registry/README.md | 38 -------------- registry/defaults/main.yml | 2 - registry/handlers/main.yml | 2 - registry/meta/main.yml | 52 ------------------- registry/tasks/deploy-registry.yml | 13 ----- registry/tasks/main.yml | 23 -------- registry/templates/env.j2 | 3 -- registry/vars/main.yml | 4 -- {db => server}/.travis.yml | 0 {db => server}/README.md | 0 {db => server}/defaults/main.yml | 0 .../files/docker-compose-db.yml | 0 .../files/docker-compose-registry.yml | 0 {db => server}/handlers/main.yml | 0 {db => server}/meta/main.yml | 0 server/tasks/deploy.yml | 35 +++++++++++++ server/tasks/main.yml | 19 +++++++ .../tasks/remove.yml | 2 +- .../tasks/start.yml | 6 ++- .../tasks/stop.yml | 7 ++- .../env.j2 => server/templates/env-db.j2 | 0 {db => server}/vars/main.yml | 0 32 files changed, 96 insertions(+), 330 deletions(-) delete mode 100644 db/tasks/deploy-db.yml delete mode 100644 db/tasks/main.yml delete mode 100644 db/tasks/remove-db.yml delete mode 100644 db/tasks/start-db.yml delete mode 100644 db/tasks/stop-db.yml create mode 100644 inventory/group_vars/registry delete mode 100644 registry/.travis.yml delete mode 100644 registry/README.md delete mode 100644 registry/defaults/main.yml delete mode 100644 registry/handlers/main.yml delete mode 100644 registry/meta/main.yml delete mode 100644 registry/tasks/deploy-registry.yml delete mode 100644 registry/tasks/main.yml delete mode 100644 registry/templates/env.j2 delete mode 100644 registry/vars/main.yml rename {db => server}/.travis.yml (100%) rename {db => server}/README.md (100%) rename {db => server}/defaults/main.yml (100%) rename db/files/docker-compose-server.yml => server/files/docker-compose-db.yml (100%) rename {registry => server}/files/docker-compose-registry.yml (100%) rename {db => server}/handlers/main.yml (100%) rename {db => server}/meta/main.yml (100%) create mode 100644 server/tasks/deploy.yml create mode 100644 server/tasks/main.yml rename registry/tasks/remove-registry.yml => server/tasks/remove.yml (90%) rename registry/tasks/start-registry.yml => server/tasks/start.yml (83%) rename registry/tasks/stop-registry.yml => server/tasks/stop.yml (81%) rename db/templates/env.j2 => server/templates/env-db.j2 (100%) rename {db => server}/vars/main.yml (100%) diff --git a/db/tasks/deploy-db.yml b/db/tasks/deploy-db.yml deleted file mode 100644 index 51f9290..0000000 --- a/db/tasks/deploy-db.yml +++ /dev/null @@ -1,34 +0,0 @@ -# deploy db postgresql, liquibase and redis - -- name: git archive local - local_action: - module: git - repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/covas-liquibase.git" - dest: "/home/valentin/src/" - archive: "/tmp/covas-liquibase.tar.gz" - force: yes - update: yes - run_once: True - -- name: Create directory - file: - path: "/home/valentin/{{ item }}" - state: directory - with_items: - - db - - db/covas-liquibase - -- name: Extract covas liquibase - unarchive: - src: "/tmp/covas-liquibase.tar.gz" - dest: "/home/valentin/db/covas-liquibase" - -- name: Template env file - template: - src: env.j2 - dest: /home/valentin/db/.env - -- name: Copy docker compose server file - copy: - src: docker-compose-server.yml - dest: /home/valentin/db/docker-compose.yml \ No newline at end of file diff --git a/db/tasks/main.yml b/db/tasks/main.yml deleted file mode 100644 index e0b1230..0000000 --- a/db/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# tasks file for server - - - -# include task db - -- name: Deploy database postgresql and redis - ansible.builtin.import_tasks: deploy-db.yml - tags: ["create-db", "deploy-db"] - -- name: Start db postgresql and redis - ansible.builtin.import_tasks: start-db.yml - tags: ["deploy-db", "start-db"] - - -- name: stop db postgresql and redis - ansible.builtin.import_tasks: stop-db.yml - tags: ["destroy-db", "stop-db"] - -- name: Remove db - ansible.builtin.import_tasks: remove-db.yml - tags: ["destroy-db"] \ No newline at end of file diff --git a/db/tasks/remove-db.yml b/db/tasks/remove-db.yml deleted file mode 100644 index 050d293..0000000 --- a/db/tasks/remove-db.yml +++ /dev/null @@ -1,18 +0,0 @@ -# remove db - -- name: Stopping existing service - community.docker.docker_compose: - project_src: /home/valentin/db - state: absent - remove_volumes: yes - remove_images: local - register: output - -- name: Debug output - debug: - var: output - -- name: Remove project covas db - file: - path: /home/valentin/db - state: absent \ No newline at end of file diff --git a/db/tasks/start-db.yml b/db/tasks/start-db.yml deleted file mode 100644 index 35d679a..0000000 --- a/db/tasks/start-db.yml +++ /dev/null @@ -1,39 +0,0 @@ -# start services db - -- name: Stopping existing service - community.docker.docker_compose: - project_src: /home/valentin/db - state: absent - -- name: Starting service - community.docker.docker_compose: - project_src: /home/valentin/db - register: output - -- name: debug output - debug: - var: output - -- name: Allow port postgresql - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: 54321 - jump: ACCEPT - state: present - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - -- name: Allow port redis - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: 63791 - jump: ACCEPT - state: present - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" \ No newline at end of file diff --git a/db/tasks/stop-db.yml b/db/tasks/stop-db.yml deleted file mode 100644 index 1598e73..0000000 --- a/db/tasks/stop-db.yml +++ /dev/null @@ -1,37 +0,0 @@ -# stop services db and redis - -- name: Disallow port postgresql - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: 54321 - jump: ACCEPT - state: absent - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - -- name: Disallow port redis - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: 63791 - jump: ACCEPT - state: absent - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - -- name: Stopping existing service - community.docker.docker_compose: - project_src: /home/valentin/db - state: present - stopped: yes - register: output - - -- name: Debug output - debug: - var: output diff --git a/inventory/group_vars/db b/inventory/group_vars/db index a744227..c79181c 100644 --- a/inventory/group_vars/db +++ b/inventory/group_vars/db @@ -1 +1,16 @@ -postgres_db: toto \ No newline at end of file +postgres_db: toto + +project_src: "/home/valentin/db" +project_name: "covas-liquibase" + +project_directory: + - "{{ project_src }}" + - "{{ project_src }}/{{ project_name }}" + +docker_compose_file: "docker-compose-db.yml" + +project_env: "env-db.j2" + +ports_tcp: + - 54321 + - 63791 \ No newline at end of file diff --git a/inventory/group_vars/registry b/inventory/group_vars/registry new file mode 100644 index 0000000..95fd182 --- /dev/null +++ b/inventory/group_vars/registry @@ -0,0 +1,11 @@ + +project_src: "/home/valentin/registry" + +project_directory: + - "{{ project_src }}" + +docker_compose_file: "docker-compose-registry.yml" + + +ports_tcp: + - 5000 \ No newline at end of file diff --git a/inventory/hosts b/inventory/hosts index 3defa7f..c0331f8 100644 --- a/inventory/hosts +++ b/inventory/hosts @@ -11,6 +11,9 @@ db [nas] valentin-nas +[registry:children] +nas + [nas_vault:children] nas diff --git a/playbook.yml b/playbook.yml index 00917df..91ed9ea 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,13 +1,8 @@ --- -- hosts: nas +- hosts: registry db remote_user: valentin roles: - - registry - -- hosts: db - remote_user: valentin - roles: - - db + - server - hosts: local remote_user: valentin diff --git a/registry/.travis.yml b/registry/.travis.yml deleted file mode 100644 index 36bbf62..0000000 --- a/registry/.travis.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -language: python -python: "2.7" - -# Use the new container infrastructure -sudo: false - -# Install ansible -addons: - apt: - packages: - - python-pip - -install: - # Install ansible - - pip install ansible - - # Check ansible version - - ansible --version - - # Create ansible.cfg with correct roles_path - - printf '[defaults]\nroles_path=../' >ansible.cfg - -script: - # Basic role syntax check - - ansible-playbook tests/test.yml -i tests/inventory --syntax-check - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/registry/README.md b/registry/README.md deleted file mode 100644 index 225dd44..0000000 --- a/registry/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/registry/defaults/main.yml b/registry/defaults/main.yml deleted file mode 100644 index 492c903..0000000 --- a/registry/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for server diff --git a/registry/handlers/main.yml b/registry/handlers/main.yml deleted file mode 100644 index e7b1089..0000000 --- a/registry/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for server diff --git a/registry/meta/main.yml b/registry/meta/main.yml deleted file mode 100644 index c572acc..0000000 --- a/registry/meta/main.yml +++ /dev/null @@ -1,52 +0,0 @@ -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/registry/tasks/deploy-registry.yml b/registry/tasks/deploy-registry.yml deleted file mode 100644 index 9cb0d66..0000000 --- a/registry/tasks/deploy-registry.yml +++ /dev/null @@ -1,13 +0,0 @@ -# deploy docker registry - -- name: Create directory - file: - path: "/home/valentin/{{ item }}" - state: directory - with_items: - - registry - -- name: Copy docker compose server file - copy: - src: docker-compose-registry.yml - dest: /home/valentin/registry/docker-compose.yml \ No newline at end of file diff --git a/registry/tasks/main.yml b/registry/tasks/main.yml deleted file mode 100644 index 62f1ed3..0000000 --- a/registry/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# tasks file for server - - - -# include task registry - -- name: Deploy registry - ansible.builtin.import_tasks: deploy-registry.yml - tags: ["create-registry", "deploy-registry"] - -- name: Start registry - ansible.builtin.import_tasks: start-registry.yml - tags: ["deploy-registry", "start-registry"] - - -- name: stop registry - ansible.builtin.import_tasks: stop-registry.yml - tags: ["destroy-registry", "stop-registry"] - -- name: Remove registry - ansible.builtin.import_tasks: remove-registry.yml - tags: ["destroy-registry"] \ No newline at end of file diff --git a/registry/templates/env.j2 b/registry/templates/env.j2 deleted file mode 100644 index f90d46b..0000000 --- a/registry/templates/env.j2 +++ /dev/null @@ -1,3 +0,0 @@ -POSTGRES_PASSWORD={{ postgres_password }} -POSTGRES_USER={{ postgres_user }} -POSTGRES_DB={{ postgres_db }} \ No newline at end of file diff --git a/registry/vars/main.yml b/registry/vars/main.yml deleted file mode 100644 index 1c4ee13..0000000 --- a/registry/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# vars file for server - -project_src: /home/valentin/registry diff --git a/db/.travis.yml b/server/.travis.yml similarity index 100% rename from db/.travis.yml rename to server/.travis.yml diff --git a/db/README.md b/server/README.md similarity index 100% rename from db/README.md rename to server/README.md diff --git a/db/defaults/main.yml b/server/defaults/main.yml similarity index 100% rename from db/defaults/main.yml rename to server/defaults/main.yml diff --git a/db/files/docker-compose-server.yml b/server/files/docker-compose-db.yml similarity index 100% rename from db/files/docker-compose-server.yml rename to server/files/docker-compose-db.yml diff --git a/registry/files/docker-compose-registry.yml b/server/files/docker-compose-registry.yml similarity index 100% rename from registry/files/docker-compose-registry.yml rename to server/files/docker-compose-registry.yml diff --git a/db/handlers/main.yml b/server/handlers/main.yml similarity index 100% rename from db/handlers/main.yml rename to server/handlers/main.yml diff --git a/db/meta/main.yml b/server/meta/main.yml similarity index 100% rename from db/meta/main.yml rename to server/meta/main.yml diff --git a/server/tasks/deploy.yml b/server/tasks/deploy.yml new file mode 100644 index 0000000..f2114f8 --- /dev/null +++ b/server/tasks/deploy.yml @@ -0,0 +1,35 @@ +# deploy db postgresql, liquibase and redis + +- name: git archive local + local_action: + module: git + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ project_name }}.git" + dest: "/home/valentin/src/" + archive: "/tmp/{{ project_name }}.tar.gz" + force: yes + update: yes + when: "project_name is defined" + +- name: Create directory + file: + path: "{{ item }}" + state: directory + with_items: "{{ project_directory }}" + +- name: Extract covas liquibase + unarchive: + src: "/tmp/{{ project_name }}.tar.gz" + dest: "{{ project_src }}/{{ project_name }}" + when: "project_name is defined" + + +- name: Template env file + template: + src: "{{ project_env }}" + dest: "{{ project_src }}/.env" + when: "project_env is defined" + +- name: Copy docker compose server file + copy: + src: "{{ docker_compose_file }}" + dest: "{{ project_src }}/docker-compose.yml" \ No newline at end of file diff --git a/server/tasks/main.yml b/server/tasks/main.yml new file mode 100644 index 0000000..c60758b --- /dev/null +++ b/server/tasks/main.yml @@ -0,0 +1,19 @@ +--- +# tasks file for server + +- name: Deploy services + ansible.builtin.import_tasks: deploy.yml + tags: ["deploy", "create"] + +- name: Start services + ansible.builtin.import_tasks: start.yml + tags: ["deploy", "start"] + + +- name: stop services + ansible.builtin.import_tasks: stop.yml + tags: ["destroy", "stop"] + +- name: Remove services + ansible.builtin.import_tasks: remove.yml + tags: ["destroy"] \ No newline at end of file diff --git a/registry/tasks/remove-registry.yml b/server/tasks/remove.yml similarity index 90% rename from registry/tasks/remove-registry.yml rename to server/tasks/remove.yml index b1d1fa5..9c6e9f3 100644 --- a/registry/tasks/remove-registry.yml +++ b/server/tasks/remove.yml @@ -12,7 +12,7 @@ debug: var: output -- name: Remove project covas db +- name: Remove project file: path: "{{ project_src }}" state: absent \ No newline at end of file diff --git a/registry/tasks/start-registry.yml b/server/tasks/start.yml similarity index 83% rename from registry/tasks/start-registry.yml rename to server/tasks/start.yml index 72b495c..dbc444c 100644 --- a/registry/tasks/start-registry.yml +++ b/server/tasks/start.yml @@ -14,14 +14,16 @@ debug: var: output -- name: Allow port registry +- name: "Allow port {{ item }}" ansible.builtin.iptables: chain: INPUT protocol: tcp - destination_port: 5000 + destination_port: "{{ item }}" jump: ACCEPT state: present vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" + with_items: "{{ ports_tcp }}" + diff --git a/registry/tasks/stop-registry.yml b/server/tasks/stop.yml similarity index 81% rename from registry/tasks/stop-registry.yml rename to server/tasks/stop.yml index a5cb2ab..d554335 100644 --- a/registry/tasks/stop-registry.yml +++ b/server/tasks/stop.yml @@ -1,16 +1,19 @@ # stop services db and redis -- name: Disallow port postgresql +- name: Disallow port {{ item }} ansible.builtin.iptables: chain: INPUT protocol: tcp - destination_port: 5000 + destination_port: "{{ item }}" jump: ACCEPT state: absent vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" + with_items: "{{ ports_tcp }}" + + - name: Stopping existing service community.docker.docker_compose: diff --git a/db/templates/env.j2 b/server/templates/env-db.j2 similarity index 100% rename from db/templates/env.j2 rename to server/templates/env-db.j2 diff --git a/db/vars/main.yml b/server/vars/main.yml similarity index 100% rename from db/vars/main.yml rename to server/vars/main.yml From db8491f577e9c6886ee66c1f04dcac1ca9fc5a7b Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 15 Oct 2022 22:06:06 +0200 Subject: [PATCH 12/15] add roles build WIP --- build/.travis.yml | 29 ++++++++++++++++++++ build/README.md | 38 ++++++++++++++++++++++++++ build/defaults/main.yml | 5 ++++ build/handlers/main.yml | 2 ++ build/meta/main.yml | 52 ++++++++++++++++++++++++++++++++++++ build/tasks/deploy.yml | 31 +++++++++++++++++++++ build/tasks/main.yml | 19 +++++++++++++ build/tasks/remove.yml | 18 +++++++++++++ build/tasks/start.yml | 29 ++++++++++++++++++++ build/tasks/stop.yml | 28 +++++++++++++++++++ build/templates/env-build.j2 | 7 +++++ build/vars/main.yml | 2 ++ inventory/group_vars/all | 1 + 13 files changed, 261 insertions(+) create mode 100644 build/.travis.yml create mode 100644 build/README.md create mode 100644 build/defaults/main.yml create mode 100644 build/handlers/main.yml create mode 100644 build/meta/main.yml create mode 100644 build/tasks/deploy.yml create mode 100644 build/tasks/main.yml create mode 100644 build/tasks/remove.yml create mode 100644 build/tasks/start.yml create mode 100644 build/tasks/stop.yml create mode 100644 build/templates/env-build.j2 create mode 100644 build/vars/main.yml create mode 100644 inventory/group_vars/all diff --git a/build/.travis.yml b/build/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/build/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/build/README.md b/build/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/build/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/build/defaults/main.yml b/build/defaults/main.yml new file mode 100644 index 0000000..73657dc --- /dev/null +++ b/build/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# defaults file for server + +project_name: covas_quarkus +project_env: env-build.j2 \ No newline at end of file diff --git a/build/handlers/main.yml b/build/handlers/main.yml new file mode 100644 index 0000000..e7b1089 --- /dev/null +++ b/build/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for server diff --git a/build/meta/main.yml b/build/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/build/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/build/tasks/deploy.yml b/build/tasks/deploy.yml new file mode 100644 index 0000000..7b188c4 --- /dev/null +++ b/build/tasks/deploy.yml @@ -0,0 +1,31 @@ +# deploy db postgresql, liquibase and redis + +- name: git archive local + local_action: + module: git + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ project_name }}.git" + dest: "/home/valentin/src/" + archive: "/tmp/{{ project_name }}.tar.gz" + force: yes + update: yes + when: "project_name is defined" + +- name: Create directory + file: + path: "{{ home_dir }}/{{ project_name }}" + state: directory + when: "project_name is defined" + + +- name: Extract covas liquibase + unarchive: + src: "/tmp/{{ project_name }}.tar.gz" + dest: "{{ home_dir }}/{{ project_name }}" + when: "project_name is defined" + + +- name: Template env file + template: + src: "{{ project_env }}" + dest: "{{ home_dir }}/.env" + when: "project_env is defined" diff --git a/build/tasks/main.yml b/build/tasks/main.yml new file mode 100644 index 0000000..c60758b --- /dev/null +++ b/build/tasks/main.yml @@ -0,0 +1,19 @@ +--- +# tasks file for server + +- name: Deploy services + ansible.builtin.import_tasks: deploy.yml + tags: ["deploy", "create"] + +- name: Start services + ansible.builtin.import_tasks: start.yml + tags: ["deploy", "start"] + + +- name: stop services + ansible.builtin.import_tasks: stop.yml + tags: ["destroy", "stop"] + +- name: Remove services + ansible.builtin.import_tasks: remove.yml + tags: ["destroy"] \ No newline at end of file diff --git a/build/tasks/remove.yml b/build/tasks/remove.yml new file mode 100644 index 0000000..9c6e9f3 --- /dev/null +++ b/build/tasks/remove.yml @@ -0,0 +1,18 @@ +# remove db + +- name: Stopping existing service + community.docker.docker_compose: + project_src: "{{ project_src }}" + state: absent + remove_volumes: yes + remove_images: local + register: output + +- name: Debug output + debug: + var: output + +- name: Remove project + file: + path: "{{ project_src }}" + state: absent \ No newline at end of file diff --git a/build/tasks/start.yml b/build/tasks/start.yml new file mode 100644 index 0000000..dbc444c --- /dev/null +++ b/build/tasks/start.yml @@ -0,0 +1,29 @@ +# start services db + +- name: Stopping existing service + community.docker.docker_compose: + project_src: "{{ project_src }}" + state: absent + +- name: Starting service + community.docker.docker_compose: + project_src: "{{ project_src }}" + register: output + +- name: debug output + debug: + var: output + +- name: "Allow port {{ item }}" + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + destination_port: "{{ item }}" + jump: ACCEPT + state: present + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + with_items: "{{ ports_tcp }}" + diff --git a/build/tasks/stop.yml b/build/tasks/stop.yml new file mode 100644 index 0000000..d554335 --- /dev/null +++ b/build/tasks/stop.yml @@ -0,0 +1,28 @@ +# stop services db and redis + +- name: Disallow port {{ item }} + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + destination_port: "{{ item }}" + jump: ACCEPT + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + with_items: "{{ ports_tcp }}" + + + +- name: Stopping existing service + community.docker.docker_compose: + project_src: "{{ project_src }}" + state: present + stopped: yes + register: output + + +- name: Debug output + debug: + var: output diff --git a/build/templates/env-build.j2 b/build/templates/env-build.j2 new file mode 100644 index 0000000..6851bde --- /dev/null +++ b/build/templates/env-build.j2 @@ -0,0 +1,7 @@ +POSTGRES_PASSWORD={{ postgres_password }} +POSTGRES_USER={{ postgres_user }} +POSTGRES_DB={{ postgres_db }} +POSTGRES_URL={{ postgres_url }} +POSTGRES_PORT={{ postgres_port }} +REDIS_URL={{ redis_url }} +REDIS_PORT={{ redis_port }} diff --git a/build/vars/main.yml b/build/vars/main.yml new file mode 100644 index 0000000..ea07ae9 --- /dev/null +++ b/build/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for server diff --git a/inventory/group_vars/all b/inventory/group_vars/all new file mode 100644 index 0000000..f510e73 --- /dev/null +++ b/inventory/group_vars/all @@ -0,0 +1 @@ +home_dir: "/home/valentin" \ No newline at end of file From ac3fecbaca72a4f528b0b3d857c277fa8b6ef842 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 15 Oct 2022 22:23:36 +0200 Subject: [PATCH 13/15] add variable in db --- inventory/group_vars/db | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/db b/inventory/group_vars/db index c79181c..3be3a64 100644 --- a/inventory/group_vars/db +++ b/inventory/group_vars/db @@ -1,4 +1,7 @@ +postgres_url: db.valczeryba.ovh postgres_db: toto +postgres_port: 54321 + project_src: "/home/valentin/db" project_name: "covas-liquibase" @@ -11,6 +14,9 @@ docker_compose_file: "docker-compose-db.yml" project_env: "env-db.j2" +redis_url: redis.valczeryba.ovh +redis_port: 63791 ports_tcp: - - 54321 - - 63791 \ No newline at end of file + - "{{ postgres_port }}" + - "{{ redis_port }}" + From da8e10ef4e68be95678d470c21f730722a22b564 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 15 Oct 2022 22:31:37 +0200 Subject: [PATCH 14/15] deplacement build to scaleway k8s --- build/.travis.yml | 29 ----------- build/README.md | 38 -------------- build/defaults/main.yml | 5 -- build/handlers/main.yml | 2 - build/meta/main.yml | 52 ------------------- build/tasks/main.yml | 19 ------- build/tasks/remove.yml | 18 ------- build/tasks/start.yml | 29 ----------- build/tasks/stop.yml | 28 ---------- build/vars/main.yml | 2 - scaleway-k8s/defaults/main.yml | 5 +- .../tasks/create-build.yml | 2 +- scaleway-k8s/tasks/main.yml | 4 ++ .../templates/env-build.j2 | 0 14 files changed, 9 insertions(+), 224 deletions(-) delete mode 100644 build/.travis.yml delete mode 100644 build/README.md delete mode 100644 build/defaults/main.yml delete mode 100644 build/handlers/main.yml delete mode 100644 build/meta/main.yml delete mode 100644 build/tasks/main.yml delete mode 100644 build/tasks/remove.yml delete mode 100644 build/tasks/start.yml delete mode 100644 build/tasks/stop.yml delete mode 100644 build/vars/main.yml rename build/tasks/deploy.yml => scaleway-k8s/tasks/create-build.yml (94%) rename {build => scaleway-k8s}/templates/env-build.j2 (100%) diff --git a/build/.travis.yml b/build/.travis.yml deleted file mode 100644 index 36bbf62..0000000 --- a/build/.travis.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -language: python -python: "2.7" - -# Use the new container infrastructure -sudo: false - -# Install ansible -addons: - apt: - packages: - - python-pip - -install: - # Install ansible - - pip install ansible - - # Check ansible version - - ansible --version - - # Create ansible.cfg with correct roles_path - - printf '[defaults]\nroles_path=../' >ansible.cfg - -script: - # Basic role syntax check - - ansible-playbook tests/test.yml -i tests/inventory --syntax-check - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/build/README.md b/build/README.md deleted file mode 100644 index 225dd44..0000000 --- a/build/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/build/defaults/main.yml b/build/defaults/main.yml deleted file mode 100644 index 73657dc..0000000 --- a/build/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# defaults file for server - -project_name: covas_quarkus -project_env: env-build.j2 \ No newline at end of file diff --git a/build/handlers/main.yml b/build/handlers/main.yml deleted file mode 100644 index e7b1089..0000000 --- a/build/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for server diff --git a/build/meta/main.yml b/build/meta/main.yml deleted file mode 100644 index c572acc..0000000 --- a/build/meta/main.yml +++ /dev/null @@ -1,52 +0,0 @@ -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/build/tasks/main.yml b/build/tasks/main.yml deleted file mode 100644 index c60758b..0000000 --- a/build/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# tasks file for server - -- name: Deploy services - ansible.builtin.import_tasks: deploy.yml - tags: ["deploy", "create"] - -- name: Start services - ansible.builtin.import_tasks: start.yml - tags: ["deploy", "start"] - - -- name: stop services - ansible.builtin.import_tasks: stop.yml - tags: ["destroy", "stop"] - -- name: Remove services - ansible.builtin.import_tasks: remove.yml - tags: ["destroy"] \ No newline at end of file diff --git a/build/tasks/remove.yml b/build/tasks/remove.yml deleted file mode 100644 index 9c6e9f3..0000000 --- a/build/tasks/remove.yml +++ /dev/null @@ -1,18 +0,0 @@ -# remove db - -- name: Stopping existing service - community.docker.docker_compose: - project_src: "{{ project_src }}" - state: absent - remove_volumes: yes - remove_images: local - register: output - -- name: Debug output - debug: - var: output - -- name: Remove project - file: - path: "{{ project_src }}" - state: absent \ No newline at end of file diff --git a/build/tasks/start.yml b/build/tasks/start.yml deleted file mode 100644 index dbc444c..0000000 --- a/build/tasks/start.yml +++ /dev/null @@ -1,29 +0,0 @@ -# start services db - -- name: Stopping existing service - community.docker.docker_compose: - project_src: "{{ project_src }}" - state: absent - -- name: Starting service - community.docker.docker_compose: - project_src: "{{ project_src }}" - register: output - -- name: debug output - debug: - var: output - -- name: "Allow port {{ item }}" - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ item }}" - jump: ACCEPT - state: present - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - with_items: "{{ ports_tcp }}" - diff --git a/build/tasks/stop.yml b/build/tasks/stop.yml deleted file mode 100644 index d554335..0000000 --- a/build/tasks/stop.yml +++ /dev/null @@ -1,28 +0,0 @@ -# stop services db and redis - -- name: Disallow port {{ item }} - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ item }}" - jump: ACCEPT - state: absent - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - with_items: "{{ ports_tcp }}" - - - -- name: Stopping existing service - community.docker.docker_compose: - project_src: "{{ project_src }}" - state: present - stopped: yes - register: output - - -- name: Debug output - debug: - var: output diff --git a/build/vars/main.yml b/build/vars/main.yml deleted file mode 100644 index ea07ae9..0000000 --- a/build/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for server diff --git a/scaleway-k8s/defaults/main.yml b/scaleway-k8s/defaults/main.yml index fdf9e8c..73657dc 100644 --- a/scaleway-k8s/defaults/main.yml +++ b/scaleway-k8s/defaults/main.yml @@ -1,2 +1,5 @@ --- -# defaults file for scaleway-k8s +# defaults file for server + +project_name: covas_quarkus +project_env: env-build.j2 \ No newline at end of file diff --git a/build/tasks/deploy.yml b/scaleway-k8s/tasks/create-build.yml similarity index 94% rename from build/tasks/deploy.yml rename to scaleway-k8s/tasks/create-build.yml index 7b188c4..58fde85 100644 --- a/build/tasks/deploy.yml +++ b/scaleway-k8s/tasks/create-build.yml @@ -1,4 +1,4 @@ -# deploy db postgresql, liquibase and redis +# create folder build - name: git archive local local_action: diff --git a/scaleway-k8s/tasks/main.yml b/scaleway-k8s/tasks/main.yml index 1b69b1b..7560b80 100644 --- a/scaleway-k8s/tasks/main.yml +++ b/scaleway-k8s/tasks/main.yml @@ -1,3 +1,7 @@ +- name: Create folder for image + ansible.builtin.import_tasks: create-build.yml + tags: ["create-build"] + - name: Create cluster k8s scaleway via terraform ansible.builtin.import_tasks: create-cluster.yml tags: ["create-cluster"] diff --git a/build/templates/env-build.j2 b/scaleway-k8s/templates/env-build.j2 similarity index 100% rename from build/templates/env-build.j2 rename to scaleway-k8s/templates/env-build.j2 From e6f9d71c4f1b92531fad2064999314c59c50de8f Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sat, 15 Oct 2022 22:49:00 +0200 Subject: [PATCH 15/15] build image WIP --- inventory/group_vars/local | 3 ++- inventory/hosts | 1 + scaleway-k8s/tasks/create-build.yml | 23 +++++++++++------------ 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/inventory/group_vars/local b/inventory/group_vars/local index 532d45f..9e72108 100644 --- a/inventory/group_vars/local +++ b/inventory/group_vars/local @@ -1,3 +1,4 @@ project_terraform: "/home/valentin/terraform" region_k8s: "fr-par" -project_name: "terraform-test" \ No newline at end of file +project_name: "terraform-test" +quarkus_project: "covas-quarkus" \ No newline at end of file diff --git a/inventory/hosts b/inventory/hosts index c0331f8..9f1a4d3 100644 --- a/inventory/hosts +++ b/inventory/hosts @@ -4,6 +4,7 @@ localhost ansible_host=127.0.0.1 [db] vps +localhost [db_vault:children] db diff --git a/scaleway-k8s/tasks/create-build.yml b/scaleway-k8s/tasks/create-build.yml index 58fde85..7773caa 100644 --- a/scaleway-k8s/tasks/create-build.yml +++ b/scaleway-k8s/tasks/create-build.yml @@ -3,29 +3,28 @@ - name: git archive local local_action: module: git - repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ project_name }}.git" + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ quarkus_project }}.git" dest: "/home/valentin/src/" - archive: "/tmp/{{ project_name }}.tar.gz" + archive: "/tmp/{{ quarkus_project }}.tar.gz" force: yes update: yes - when: "project_name is defined" + when: "quarkus_project is defined" - name: Create directory file: - path: "{{ home_dir }}/{{ project_name }}" + path: "{{ home_dir }}/{{ quarkus_project }}" state: directory - when: "project_name is defined" + when: "quarkus_project is defined" -- name: Extract covas liquibase +- name: Extract covas quarkus unarchive: - src: "/tmp/{{ project_name }}.tar.gz" - dest: "{{ home_dir }}/{{ project_name }}" - when: "project_name is defined" + src: "/tmp/{{ quarkus_project }}.tar.gz" + dest: "{{ home_dir }}/{{ quarkus_project }}" + when: "quarkus_project is defined" - name: Template env file template: - src: "{{ project_env }}" - dest: "{{ home_dir }}/.env" - when: "project_env is defined" + src: "env-build.j2" + dest: "{{ home_dir }}/{{ quarkus_project }}/.env" \ No newline at end of file