Merge pull request 'k8s-deploy' (#2) from k8s-deploy into master

Reviewed-on: #2

db/tasks/deploy-db.yml

@@ -1,34 +0,0 @@
-# deploy db postgresql, liquibase and redis
-
-- name: git archive local
-  local_action:
-    module: git
-    repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/covas-liquibase.git"
-    dest: "/home/valentin/src/"
-    archive: "/tmp/covas-liquibase.tar.gz"
-    force: yes
-    update: yes
-  run_once: True
-
-- name: Create directory
-  file: 
-    path: "/home/valentin/{{ item }}"
-    state: directory
-  with_items:
-    - db
-    - db/covas-liquibase
-
-- name: Extract covas liquibase
-  unarchive:
-    src: "/tmp/covas-liquibase.tar.gz"
-    dest: "/home/valentin/db/covas-liquibase"
-
-- name: Template env file
-  template:
-    src: env.j2
-    dest: /home/valentin/db/.env
-
-- name: Copy docker compose server file
-  copy:
-    src: docker-compose-server.yml
-    dest: /home/valentin/db/docker-compose.yml

db/tasks/main.yml

@@ -1,23 +0,0 @@
----
-# tasks file for server
-
-
-
-# include task db
-
-- name: Deploy database postgresql and redis
-  ansible.builtin.import_tasks: deploy-db.yml
-  tags: ["start-with-deploy", "deploy"]
-
-- name: Start db postgresql and redis
-  ansible.builtin.import_tasks: start-db.yml
-  tags: ["start-with-deploy", "start"]
-
-
-- name: stop db postgresql and redis
-  ansible.builtin.import_tasks: stop-db.yml
-  tags: ["destroy", "stop"]
-
-- name: Remove db
-  ansible.builtin.import_tasks: remove-db.yml
-  tags: ["destroy"]

db/tasks/start-db.yml

@@ -1,34 +0,0 @@
-# start services db
-
-- name: Stopping existing service
-  community.docker.docker_compose:
-    project_src: /home/valentin/db
-
-- name: Starting service
-  community.docker.docker_compose:
-    project_src: /home/valentin/db
-  register: output
-
-- name: debug output
-  debug: 
-    var: output
-
-- name: Allow port postgresql 
-  ansible.builtin.iptables:
-    chain: INPUT
-    protocol: tcp
-    destination_port: 54321
-    jump: ACCEPT
-    state: present
-  become: yes
-  become_method: sudo
-
-- name: Allow port redis 
-  ansible.builtin.iptables:
-    chain: INPUT
-    protocol: tcp
-    destination_port: 63791
-    jump: ACCEPT
-    state: present
-  become: yes
-  become_method: sudo

db/tasks/stop-db.yml

@@ -1,34 +0,0 @@
-# stop services db and redis 
-
-- name: Disallow port postgresql 
-  ansible.builtin.iptables:
-    chain: INPUT
-    protocol: tcp
-    destination_port: 54321
-    jump: ACCEPT
-    state: absent
-  become: yes
-  become_method: sudo
-
-
-- name: Disallow port redis 
-  ansible.builtin.iptables:
-    chain: INPUT
-    protocol: tcp
-    destination_port: 63791
-    jump: ACCEPT
-    state: absent
-  become: yes
-  become_method: sudo
-
-- name: Stopping existing service
-  community.docker.docker_compose:
-    project_src: /home/valentin/db
-    state: present
-    stopped: yes
-  register: output
-
-
-- name: Debug output
-  debug:
-    var: output

inventory/group_vars/all

@@ -0,0 +1 @@
+home_dir: "/home/valentin"

inventory/group_vars/db

@@ -1 +1,22 @@
-postgres_db: toto
+postgres_url: db.valczeryba.ovh
+postgres_db: toto
+postgres_port: 54321
+
+
+project_src: "/home/valentin/db"
+project_name: "covas-liquibase"
+
+project_directory:
+  - "{{ project_src }}"
+  - "{{ project_src }}/{{ project_name }}"
+
+docker_compose_file: "docker-compose-db.yml"
+
+project_env: "env-db.j2"
+
+redis_url: redis.valczeryba.ovh
+redis_port: 63791
+ports_tcp:
+  - "{{ postgres_port }}"
+  - "{{ redis_port }}"
+

inventory/group_vars/db_vault

@@ -1,13 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-33613465613332313264333531363966386165643866306463363039613666343736633366666439
-3962323963656131333937373932346536343861303936310a623331343034636330346438633232
-62393434623539376136616265623937326235636638343932363235353337643135373866363362
-6237623238623536620a346463373363333965646132376330616166623065343961343166373563
-36316531623062313136383231366161363261633762616661663435393430346536356635313133
-35636136336333623262653636323864313164623265313138373434643936323864366363643161
-36323836363330346430653232356163663837366636653438316265303763646263303838346637
-30646533386663363430623736393637356536663962346266626262373839323166313235643232
-37393838633437383635323163326564646634626238393264653133386262656239396462333563
-31363137396535643161633435643064643064653037363261303932366163373131663261666361
-62613264353730343261613631303436346438646231643165373535353630353238393838633462
-37613633666139326364
+30326462626436373330386637633864316430623235306239353439313932383964646435393965
+3662326631306134363862626638616330633765666538360a323264646135393935343434343362
+36666566316465383833386433623565373837353233366435346633313566623361653937306336
+6362383331643665300a393561643837376461326663663235343434363438623637306263626163
+38336162383331383732643765323763656130653432386534376335336338663663363439666361
+31306530666264323130333561356564626536643533356337383631613534383730666338313664
+34626261616430623063323836616130383335383965326239636362616531623565323734613532
+33313830663666633432666135346234643834316239633132383862393636623230316532616365
+30336564306336393064613330336436363631316236353237343838396637353735356461323331
+34343637336532373539663565666337383837373235613734303831376636303361376533346333
+32316430613936366464383832376237633036353737353566613638396236316664356638373635
+35303239353937316236323339633335373761623032313231383937306236303861306265646333
+65633638623065303761646562373936336235373533333265643534616663343538

inventory/group_vars/local

@@ -0,0 +1,4 @@
+project_terraform: "/home/valentin/terraform"
+region_k8s: "fr-par"
+project_name: "terraform-test"
+quarkus_project: "covas-quarkus"

inventory/group_vars/local_vault

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+38396665356139383861356137373362393834373765663937373730333434356565383864333137
+3763386361323938326462393632346565386432336531620a616261656133323236343464303837
+39613966333435393336396361666337306438393138363961336462383666326363326439373762
+6139623462323133330a646432336365666164643435383430616137313130646137623463373636
+32313561383838366437633634376434616438633665363465626633633537383435616537336339
+64313836613730613135363739363536356362373762313431353938653738613666313966393163
+33336234363964633633663431353966666530353432643461656336356166393837316634313164
+65653033636338363563666363326433636163323363656530323834303464356136346163353466
+3533

inventory/group_vars/nas_vault

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+35333863396561393462653263323133343233346534616138616530643066323161656534653738
+3335306466663636623236383435663337393466633437660a303961663331653463343933353966
+35636161393663386137306561613965653438626432323865323233636662653333616532636665
+3562333936366238640a646262373233363665366437653032303238313266356138343239303936
+36663531303061663763653637333365303664666563353631303435633462343537

inventory/group_vars/registry

@@ -0,0 +1,11 @@
+
+project_src: "/home/valentin/registry"
+
+project_directory:
+  - "{{ project_src }}"
+
+docker_compose_file: "docker-compose-registry.yml"
+
+
+ports_tcp:
+  - 5000

inventory/hosts

@@ -1,7 +1,25 @@
 vps ansible_connection=ssh ansible_host=51.222.107.37 ansible_port=2424 ansible_user=valentin
+valentin-nas ansible_connection=ssh ansible_host=151.80.37.38 ansible_port=2424 ansible_user=valentin
+localhost ansible_host=127.0.0.1
 
 [db]
 vps
+localhost
 
 [db_vault:children]
-db
+db
+
+[nas]
+valentin-nas
+
+[registry:children]
+nas
+
+[nas_vault:children]
+nas
+
+[local]
+localhost
+
+[local_vault:children]
+local

main.tf

@@ -1,43 +0,0 @@
-terraform {
-  required_providers {
-    scaleway = {
-      source = "scaleway/scaleway"
-    }
-  }
-  required_version = ">= 0.13"
-}
-
-resource "scaleway_k8s_cluster" "terraform-test" {
-   name    = "terraform-test"
-   version = "1.24.3"
-   cni     = "cilium"
-   project_id = "81af2696-6120-4f45-baf3-d17fb0525824"
-   region = "fr-par"
-}
-
- resource "scaleway_k8s_pool" "john" {
-   cluster_id = scaleway_k8s_cluster.terraform-test.id
-   name       = "john"
-   node_type  = "DEV1-M"
-   size       = 1
- }
-
- resource "null_resource" "kubeconfig" {
-  depends_on = [scaleway_k8s_pool.john] # at least one pool here
-  triggers = {
-    host                   = scaleway_k8s_cluster.terraform-test.kubeconfig[0].host
-    token                  = scaleway_k8s_cluster.terraform-test.kubeconfig[0].token
-    cluster_ca_certificate = scaleway_k8s_cluster.terraform-test.kubeconfig[0].cluster_ca_certificate
-  }
-}
-
-
-provider "kubernetes" {
-  load_config_file = "false"
-
-  host  = null_resource.kubeconfig.triggers.host
-  token = null_resource.kubeconfig.triggers.token
-  cluster_ca_certificate = base64decode(
-  null_resource.kubeconfig.triggers.cluster_ca_certificate
-  )
-}

playbook.yml

@@ -1,5 +1,10 @@
 ---
-- hosts: db
+- hosts: registry db
   remote_user: valentin
   roles:
-    - db
+    - server
+
+- hosts: local
+  remote_user: valentin
+  roles:
+    - scaleway-k8s

requirements.yml

@@ -0,0 +1,214 @@
+/home/valentin/.ansible/collections/ansible_collections:
+  community.docker:
+    version: 3.1.0
+/usr/lib/python3.10/site-packages/ansible_collections:
+  amazon.aws:
+    version: 3.4.0
+  ansible.netcommon:
+    version: 3.1.1
+  ansible.posix:
+    version: 1.4.0
+  ansible.utils:
+    version: 2.6.1
+  ansible.windows:
+    version: 1.11.1
+  arista.eos:
+    version: 5.0.1
+  awx.awx:
+    version: 21.5.0
+  azure.azcollection:
+    version: 1.13.0
+  check_point.mgmt:
+    version: 2.3.0
+  chocolatey.chocolatey:
+    version: 1.3.0
+  cisco.aci:
+    version: 2.2.0
+  cisco.asa:
+    version: 3.1.0
+  cisco.dnac:
+    version: 6.6.0
+  cisco.intersight:
+    version: 1.0.19
+  cisco.ios:
+    version: 3.3.1
+  cisco.iosxr:
+    version: 3.3.1
+  cisco.ise:
+    version: 2.5.3
+  cisco.meraki:
+    version: 2.11.0
+  cisco.mso:
+    version: 2.0.0
+  cisco.nso:
+    version: 1.0.3
+  cisco.nxos:
+    version: 3.1.1
+  cisco.ucs:
+    version: 1.8.0
+  cloud.common:
+    version: 2.1.2
+  cloudscale_ch.cloud:
+    version: 2.2.2
+  community.aws:
+    version: 3.5.0
+  community.azure:
+    version: 1.1.0
+  community.ciscosmb:
+    version: 1.0.5
+  community.crypto:
+    version: 2.5.0
+  community.digitalocean:
+    version: 1.21.0
+  community.dns:
+    version: 2.3.2
+  community.docker:
+    version: 2.7.1
+  community.fortios:
+    version: 1.0.0
+  community.general:
+    version: 5.6.0
+  community.google:
+    version: 1.0.0
+  community.grafana:
+    version: 1.5.2
+  community.hashi_vault:
+    version: 3.2.0
+  community.hrobot:
+    version: 1.5.2
+  community.libvirt:
+    version: 1.2.0
+  community.mongodb:
+    version: 1.4.2
+  community.mysql:
+    version: 3.5.1
+  community.network:
+    version: 4.0.1
+  community.okd:
+    version: 2.2.0
+  community.postgresql:
+    version: 2.2.0
+  community.proxysql:
+    version: 1.4.0
+  community.rabbitmq:
+    version: 1.2.2
+  community.routeros:
+    version: 2.3.0
+  community.sap:
+    version: 1.0.0
+  community.sap_libs:
+    version: 1.3.0
+  community.skydive:
+    version: 1.0.0
+  community.sops:
+    version: 1.4.0
+  community.vmware:
+    version: 2.9.1
+  community.windows:
+    version: 1.11.0
+  community.zabbix:
+    version: 1.8.0
+  containers.podman:
+    version: 1.9.4
+  cyberark.conjur:
+    version: 1.2.0
+  cyberark.pas:
+    version: 1.0.14
+  dellemc.enterprise_sonic:
+    version: 1.1.2
+  dellemc.openmanage:
+    version: 5.5.0
+  dellemc.os10:
+    version: 1.1.1
+  dellemc.os6:
+    version: 1.0.7
+  dellemc.os9:
+    version: 1.0.4
+  f5networks.f5_modules:
+    version: 1.19.0
+  fortinet.fortimanager:
+    version: 2.1.5
+  fortinet.fortios:
+    version: 2.1.7
+  frr.frr:
+    version: 2.0.0
+  gluster.gluster:
+    version: 1.0.2
+  google.cloud:
+    version: 1.0.2
+  hetzner.hcloud:
+    version: 1.8.2
+  hpe.nimble:
+    version: 1.1.4
+  ibm.qradar:
+    version: 2.1.0
+  ibm.spectrum_virtualize:
+    version: 1.9.0
+  infinidat.infinibox:
+    version: 1.3.3
+  infoblox.nios_modules:
+    version: 1.3.0
+  inspur.ispim:
+    version: 1.0.1
+  inspur.sm:
+    version: 2.0.0
+  junipernetworks.junos:
+    version: 3.1.0
+  kubernetes.core:
+    version: 2.3.2
+  mellanox.onyx:
+    version: 1.0.0
+  netapp.aws:
+    version: 21.7.0
+  netapp.azure:
+    version: 21.10.0
+  netapp.cloudmanager:
+    version: 21.19.0
+  netapp.elementsw:
+    version: 21.7.0
+  netapp.ontap:
+    version: 21.23.0
+  netapp.storagegrid:
+    version: 21.11.0
+  netapp.um_info:
+    version: 21.8.0
+  netapp_eseries.santricity:
+    version: 1.3.1
+  netbox.netbox:
+    version: 3.7.1
+  ngine_io.cloudstack:
+    version: 2.2.4
+  ngine_io.exoscale:
+    version: 1.0.0
+  ngine_io.vultr:
+    version: 1.1.2
+  openstack.cloud:
+    version: 1.9.1
+  openvswitch.openvswitch:
+    version: 2.1.0
+  ovirt.ovirt:
+    version: 2.2.3
+  purestorage.flasharray:
+    version: 1.13.0
+  purestorage.flashblade:
+    version: 1.10.0
+  purestorage.fusion:
+    version: 1.1.0
+  sensu.sensu_go:
+    version: 1.13.1
+  servicenow.servicenow:
+    version: 1.0.6
+  splunk.es:
+    version: 2.1.0
+  t_systems_mms.icinga_director:
+    version: 1.31.0
+  theforeman.foreman:
+    version: 3.6.0
+  vmware.vmware_rest:
+    version: 2.2.0
+  vultr.cloud:
+    version: 1.1.0
+  vyos.vyos:
+    version: 3.0.1
+  wti.remote:
+    version: 1.0.4

scaleway-k8s/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# defaults file for server
+
+project_name: covas_quarkus
+project_env: env-build.j2

scaleway-k8s/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for scaleway-k8s

scaleway-k8s/tasks/create-build.yml

@@ -0,0 +1,30 @@
+# create folder build 
+
+- name: git archive local
+  local_action:
+    module: git
+    repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ quarkus_project }}.git"
+    dest: "/home/valentin/src/"
+    archive: "/tmp/{{ quarkus_project }}.tar.gz"
+    force: yes
+    update: yes
+  when: "quarkus_project is defined"
+
+- name: Create directory
+  file: 
+    path: "{{ home_dir }}/{{ quarkus_project }}"
+    state: directory
+  when: "quarkus_project is defined"
+
+
+- name: Extract covas quarkus
+  unarchive:
+    src: "/tmp/{{ quarkus_project }}.tar.gz"
+    dest: "{{ home_dir }}/{{ quarkus_project }}"
+  when: "quarkus_project is defined"
+
+
+- name: Template env file
+  template:
+    src: "env-build.j2"
+    dest: "{{ home_dir }}/{{ quarkus_project }}/.env"

scaleway-k8s/tasks/create-cluster.yml

@@ -0,0 +1,28 @@
+---
+# tasks file for create cluster k8s via terraform
+
+- name: Create directory {{ project_terraform }} 
+  file:
+    path: "{{ project_terraform }}"
+    state: directory
+
+- name: Copy main.tf
+  template:
+    src: main.tf.j2
+    dest: "{{ project_terraform }}/main.tf"
+
+
+- name: Create cluster scaleway
+  community.general.terraform:
+    project_path: '{{ project_terraform }}'
+    state: present
+    force_init: yes
+  environment:
+    SCW_ACCESS_KEY: "{{ scw_access_key }}"
+    SCW_SECRET_KEY: "{{ scw_secret_key }}"
+  register: output
+
+- name: display terraform result
+  debug:
+    var: output
+

scaleway-k8s/tasks/destroy-cluster.yml

@@ -0,0 +1,13 @@
+- name: "Destroy cluster via terraform"
+  community.general.terraform:
+    project_path: '{{ project_terraform }}'
+    state: absent
+  environment:
+    SCW_ACCESS_KEY: "{{ scw_access_key }}"
+    SCW_SECRET_KEY: "{{ scw_secret_key }}"
+  register: output
+
+- name: Remove directory
+  file:
+    path: '{{ project_terraform }}'
+    state: absent

scaleway-k8s/tasks/kubeconfig.yml

@@ -0,0 +1,21 @@
+- name: Get id of cluster
+  ansible.builtin.uri:
+    url: "https://api.scaleway.com/k8s/v1/regions/{{ region_k8s }}/clusters"
+    status_code: 200
+    return_content: yes
+    method: GET
+    headers:
+      X-Auth-Token: "{{ scw_secret_key }}"
+  register: output
+
+- name: Download kubeconfig
+  ansible.builtin.uri:
+    url: "https://api.scaleway.com/k8s/v1/regions/{{ region_k8s }}/clusters/{{ item.id }}/kubeconfig?dl=1"
+    status_code: 200
+    dest: "{{ project_terraform }}/kubeconfig"
+    method: GET
+    headers:
+      X-Auth-Token: "{{ scw_secret_key }}"
+  when: item.name == "{{ project_name }}"
+  with_items: "{{ (output.content |from_json).clusters }}"
+  

scaleway-k8s/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: Create folder for image
+  ansible.builtin.import_tasks: create-build.yml
+  tags: ["create-build"]
+
+- name: Create cluster k8s scaleway via terraform
+  ansible.builtin.import_tasks: create-cluster.yml
+  tags: ["create-cluster"]
+
+- name: Get id Cluster
+  ansible.builtin.import_tasks: kubeconfig.yml
+  tags: ["create-cluster", "kubeconfig"]
+
+- name: Destroy cluster k8s scaleway via terraform
+  ansible.builtin.import_tasks: destroy-cluster.yml
+  tags: ["destroy-cluster"]

scaleway-k8s/templates/env-build.j2

@@ -0,0 +1,7 @@
+POSTGRES_PASSWORD={{ postgres_password }}
+POSTGRES_USER={{ postgres_user }}
+POSTGRES_DB={{ postgres_db }}
+POSTGRES_URL={{ postgres_url }}
+POSTGRES_PORT={{ postgres_port }}
+REDIS_URL={{ redis_url }}
+REDIS_PORT={{ redis_port }}

scaleway-k8s/templates/main.tf.j2

@@ -41,4 +41,4 @@ provider "kubernetes" {
   cluster_ca_certificate = base64decode(
   null_resource.kubeconfig.triggers.cluster_ca_certificate
   )
-}
+}

scaleway-k8s/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for scaleway-k8s

server/.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

server/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

server/files/docker-compose-registry.yml

@@ -0,0 +1,11 @@
+version: '3'
+
+services:
+  registry:
+    image: registry:2
+    ports:
+    - "5000:5000"
+    environment:
+      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
+    volumes:
+      - ./data:/data

server/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

server/tasks/deploy.yml

@@ -0,0 +1,35 @@
+# deploy db postgresql, liquibase and redis
+
+- name: git archive local
+  local_action:
+    module: git
+    repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ project_name }}.git"
+    dest: "/home/valentin/src/"
+    archive: "/tmp/{{ project_name }}.tar.gz"
+    force: yes
+    update: yes
+  when: "project_name is defined"
+
+- name: Create directory
+  file: 
+    path: "{{ item }}"
+    state: directory
+  with_items: "{{ project_directory }}"
+
+- name: Extract covas liquibase
+  unarchive:
+    src: "/tmp/{{ project_name }}.tar.gz"
+    dest: "{{ project_src }}/{{ project_name }}"
+  when: "project_name is defined"
+
+
+- name: Template env file
+  template:
+    src: "{{ project_env }}"
+    dest: "{{ project_src }}/.env"
+  when: "project_env is defined"
+
+- name: Copy docker compose server file
+  copy:
+    src: "{{ docker_compose_file }}"
+    dest: "{{ project_src }}/docker-compose.yml"

server/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+# tasks file for server
+
+- name: Deploy services
+  ansible.builtin.import_tasks: deploy.yml
+  tags: ["deploy", "create"]
+
+- name: Start services
+  ansible.builtin.import_tasks: start.yml
+  tags: ["deploy", "start"]
+
+
+- name: stop services
+  ansible.builtin.import_tasks: stop.yml
+  tags: ["destroy", "stop"]
+
+- name: Remove services
+  ansible.builtin.import_tasks: remove.yml
+  tags: ["destroy"]

server/tasks/remove.yml

@@ -2,7 +2,7 @@
 
 - name: Stopping existing service
   community.docker.docker_compose:
-    project_src: /home/valentin/db
+    project_src: "{{ project_src }}"
     state: absent
     remove_volumes: yes
     remove_images: local
@@ -12,7 +12,7 @@
   debug:
     var: output
 
-- name: Remove project covas db
+- name: Remove project 
   file:
-    path: /home/valentin/db
+    path: "{{ project_src }}"
     state: absent

server/tasks/start.yml

@@ -0,0 +1,29 @@
+# start services db
+
+- name: Stopping existing service
+  community.docker.docker_compose:
+    project_src: "{{ project_src }}"
+    state: absent
+
+- name: Starting service
+  community.docker.docker_compose:
+    project_src: "{{ project_src }}"
+  register: output
+
+- name: debug output
+  debug: 
+    var: output
+
+- name: "Allow port {{ item }}"  
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: "{{ item }}"
+    jump: ACCEPT
+    state: present
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+  with_items: "{{ ports_tcp }}"
+

server/tasks/stop.yml

@@ -0,0 +1,28 @@
+# stop services db and redis 
+
+- name: Disallow port {{ item }} 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: "{{ item }}"
+    jump: ACCEPT
+    state: absent
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+  with_items: "{{ ports_tcp }}"
+
+
+
+- name: Stopping existing service
+  community.docker.docker_compose:
+    project_src: "{{ project_src }}"
+    state: present
+    stopped: yes
+  register: output
+
+
+- name: Debug output
+  debug:
+    var: output