From 1a93b4065831a6dd4814c0af4ba3fb37b6224167 Mon Sep 17 00:00:00 2001 From: Sven Ketelsen Date: Wed, 23 Jun 2021 20:44:44 +0200 Subject: [PATCH] feat: provisioning playbook with dynamic inventory (wip) --- README.md | 1 + dynamic-provisioning.yml | 214 +++++++++++++++++++++++++++++++++ group_vars/all/plain.yml | 2 + group_vars/dynamic_connect.yml | 15 +++ group_vars/stage_dev/plain.yml | 2 - roles/common/tasks/main.yml | 2 +- roles/connect/tasks/main.yml | 2 +- smardigo.yml | 5 - 8 files changed, 234 insertions(+), 9 deletions(-) create mode 100644 dynamic-provisioning.yml create mode 100644 group_vars/dynamic_connect.yml diff --git a/README.md b/README.md index 21fc603..3a0958b 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ Create/Start servers for stage-dev # Provisioning ansible-playbook -i stage-dev setup.yml --vault-password-file ~/vault-pass -u root + ansible-playbook dynamic-provisioning.yml --vault-password-file ~/vault-pass -e "stage=dev name=test node=01 service=connect" # TODO diff --git a/dynamic-provisioning.yml b/dynamic-provisioning.yml new file mode 100644 index 0000000..5f7a5bf --- /dev/null +++ b/dynamic-provisioning.yml @@ -0,0 +1,214 @@ +--- + +- hosts: localhost + connection: local + gather_facts: false + vars: + hostname: "{{ stage }}-{{ name }}-{{ node }}" + + pre_tasks: + - name: "Check if ansible version is at least 2.10.x" + assert: + that: + - ansible_version.major >= 2 + - ansible_version.minor >= 10 + msg: "The ansible version has to be at least ({{ ansible_version.full }})" + + tasks: + - name: Create new server {{ hostname }} + hetzner.hcloud.hcloud_server: + api_token: "{{ hetzner_authentication_token }}" + name: "{{ hostname }}" + server_type: "{{ hetzner_server_type }}" + image: "{{ hetzner_server_image }}" + ssh_keys: "{{ hetzner_ssh_keys }}" + labels: "{{ hetzner_server_labels }}" + location: nbg1 + state: present + register: new_server + + - name: Print the gathered infos + debug: + var: new_server + + - name: Add host {{ hostname }} + add_host: + name: "{{ new_server.hcloud_server.name }}" + groups: + - "{{ service }}" + - "stage_{{ stage }}" + - "dynamic_{{ service }}" + +- hosts: "stage_{{ stage }}" + remote_user: root +# gather_facts: false + vars: + hostname: "{{ stage }}-{{ name }}-{{ node }}" + + pre_tasks: + - name: Get all Firewalls from Hetzner + uri: + url: "https://api.hetzner.cloud/v1/firewalls" + headers: + accept: application/json + authorization: Bearer {{ hetzner_authentication_token }} + return_content: yes + register: hetzner_firewalls_response + delegate_to: 127.0.0.1 + run_once: true + tags: + - update_networks + + - name: Save firewall entries as variable (fact) + set_fact: + hetzner_firewalls_response_json: "{{ hetzner_firewalls_response.json }}" + run_once: true + tags: + - update_networks + + - name: Parse firewall entries + set_fact: + firewall_records: "{{ hetzner_firewalls_response_json.firewalls | json_query(jmesquery) }}" + vars: + jmesquery: '[*].{id: id, name: name}' + run_once: true + tags: + - update_networks + + - name: Print firewall entries + debug: + msg: "{{ firewall_records }}" + run_once: true + tags: + - update_networks + + tasks: + - name: "Setup for {{ service_name }}" + include_role: + name: hcloud + vars: + record_data: "{{ stage_server_ip }}" + record_name: "{{ service_name }}" + +- hosts: "stage_{{ stage }}" + remote_user: root +# gather_facts: false + vars: + hostname: "{{ stage }}-{{ name }}-{{ node }}" + + pre_tasks: + - name: Remove outdated dependencies + apt: + name: [ + 'docker', + 'docker-client', + 'docker-client-latest', + 'docker-common', + 'docker-latest', + 'docker-latest-logrotate', + 'docker-logrotate', + 'docker-engine', + 'smartmontools', + ] + state: 'absent' + when: ansible_distribution == "Ubuntu" + + - name: "Gather current server infos" + hcloud_server_info: + api_token: "{{ hetzner_authentication_token }}" + register: hetzner_server_infos + delegate_to: 127.0.0.1 + become: false + + - name: "Set current server infos as fact: hetzner_server_infos_json" + set_fact: + hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" + delegate_to: 127.0.0.1 + become: false + + - name: "Read ip address for {{ inventory_hostname }}" + set_fact: + stage_server_ip: "{{ item.ipv4_address }}" + when: item.name == inventory_hostname + with_items: "{{ hetzner_server_infos_json }}" + delegate_to: 127.0.0.1 + become: false + + - name: Print the gathered infos + debug: + var: stage_server_ip + delegate_to: 127.0.0.1 + + roles: + - role: ansible-role-docker + vars: + docker_compose_version: '1.29.1' + docker_compose_path: '/usr/bin/docker-compose' + docker_users: '{{ smardigo_plattform_users }}' + + - role: common + + - role: filebeat + when: filebeat_enabled | default(True) + + - role: node-exporter + when: node_exporter_enabled | default(True) + + - role: traefik + when: traefik_enabled | default(True) + +- hosts: "stage_{{ stage }}" + remote_user: root +# gather_facts: false + vars: + hostname: "{{ stage }}-{{ name }}-{{ node }}" + + pre_tasks: + - name: "Gather current server infos" + hcloud_server_info: + api_token: "{{ hetzner_authentication_token }}" + register: hetzner_server_infos + delegate_to: 127.0.0.1 + become: false + tags: + - update_networks + + - name: "Set current server infos as fact: hetzner_server_infos_json" + set_fact: + hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" + delegate_to: 127.0.0.1 + become: false + tags: + - update_networks + + - name: "Read ip address for {{ inventory_hostname }}" + set_fact: + stage_server_ip: "{{ item.ipv4_address }}" + when: item.name == inventory_hostname + with_items: "{{ hetzner_server_infos_json }}" + delegate_to: 127.0.0.1 + become: false + tags: + - update_networks + + - name: Print the gathered infos + debug: + var: stage_server_ip + delegate_to: 127.0.0.1 + become: false + tags: + - update_networks + + roles: + - role: connect + when: "'connect' in group_names" + - role: keycloak + when: "'keycloak' in group_names" + - role: postfix + when: "'postfix' in group_names" + - role: harbor + when: "'harbor' in group_names" + - role: elastic + when: "'elastic' in group_names" + - role: prometheus + when: "'prometheus' in group_names" \ No newline at end of file diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index 91d177f..e99da28 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -15,6 +15,8 @@ stage_server_url: "{{ http_s }}://{{ stage_server_name }}.{{ domain }}" ansible_ssh_host: "{{ inventory_hostname }}.{{ domain }}" +hetzner_server_labels: "stage={{ stage }}" + admin_user: "root" sudo_groups: [ diff --git a/group_vars/dynamic_connect.yml b/group_vars/dynamic_connect.yml new file mode 100644 index 0000000..906466b --- /dev/null +++ b/group_vars/dynamic_connect.yml @@ -0,0 +1,15 @@ +--- + +hetzner_server_labels: "stage={{ stage }} service=connect" + +connect_auth_module: oidc +connect_oidc_client_id: connect-01 +connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26 +connect_oidc_registration_id: connect-01 +connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01 + +connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password +connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console + +spring_profiles_include_suffix: ",{{ hostname }}" +ribbon_display_on_active_profiles: "{{ hostname }}" diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index ed67e56..0492b35 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -4,8 +4,6 @@ stage: "dev" docker_registry: dev-docker-registry-01.smardigo.digital -hetzner_server_labels: "stage={{ stage }}" - alertmanager_channel_smardigo: "#monitoring-qa" filebeat_certificate: "dev-elastic-stack-filebeat" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 9982551..145bb86 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -78,7 +78,7 @@ user: '{{ item }}' state: present exclusive: true - key: "{{ lookup('file', '{{ inventory_dir }}/users/{{ item }}/id_rsa.pub') }}" + key: "{{ lookup('file', '{{ playbook_dir }}/users/{{ item }}/id_rsa.pub') }}" loop: '{{ smardigo_plattform_users | difference(["elastic"]) }}' tags: - users diff --git a/roles/connect/tasks/main.yml b/roles/connect/tasks/main.yml index 2904f6e..d3da5ff 100644 --- a/roles/connect/tasks/main.yml +++ b/roles/connect/tasks/main.yml @@ -16,7 +16,7 @@ when: - send_status_messages -- name: "Setup DNS configuration for {{ service_name }} connect" +- name: "Setup DNS configuration for {{ service_name }}" include_role: name: _digitalocean tasks_from: domain diff --git a/smardigo.yml b/smardigo.yml index 34f2ad2..6bc881b 100644 --- a/smardigo.yml +++ b/smardigo.yml @@ -49,11 +49,6 @@ tags: - update_networks - - name: "Check docker networks" - include_role: - name: _docker - tasks_from: networks - roles: - role: connect when: "'connect' in group_names"