feat: setup servers on hetzner cloud

5 years ago · 6c50019d6d
commit 6c50019d6d
29 changed files with 266 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,18 @@
 # Prepare ansible Installation
 Install ansible with Python.
    pip3 install ansible
 Install library jmespath (https://jmespath.org/). Will be used to parse JSON data.
    pip3 install jmespath
 Install ansible role for managing hetzner cloud servers.
    pip3 install hcloud
    ansible-galaxy collection install hetzner.hcloud
 # Setup
 Create/Start servers for stage-dev
    ansible-playbook -i stage-dev provisioning.yml --vault-password-file ~/vault-pass
--- a/group_vars/all/plain.yml
+++ b/group_vars/all/plain.yml
@ -0,0 +1,12 @@
 ---
 domain: smardigo.digital
 hetzner_server_type: cx11
 hetzner_server_image: ubuntu-20.04
 hetzner_ssh_keys:
  - sven.ketelsen@arxes-tolina.de
 #hetzner_authentication_token: "< see vault >"
 #digitalocean_authentication_token: "< see vault >"
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -0,0 +1,15 @@
 $ANSIBLE_VAULT;1.1;AES256
 62366361333863393564663466393361633166613434303036363563306634316161326432336262
 3331653631666639623366326238323465333736653532660a333335643632353633303037663631
 37636163613537313035633433313439326134303532346434373533643865343466336433643837
 3764666639343265630a393463306363653962333561353161336264306664656163386232333438
 39396232303938393961393065306433643232343766356235363562623431623437613134353135
 38633433643365613434636531616134303835626661643835633437343262646534346562663165
 39393762333565336339663130383461383931643165386635376532316137366165356336353964
 65656235626362353937373065386131386139663334653438376138353436613434343639646134
 62663936323033366265316361343039383531376230396466366331383632383163646433316631
 62356364303662366630396535626232613566336430616536623561623333643333393434613863
 62336632333465366363303164373331336436393830636133366263383163336362343366653762
 39643762393864626366383731626366643831653238303532663964363537393031663836343338
 34643735306335313030343664313361356361316633613530353361346232326261366239383662
 6163326466643334646436383366363531633066313335323336
--- a/host_vars/dev-elastic-stack-01.yml
+++ b/host_vars/dev-elastic-stack-01.yml
@ -0,0 +1,7 @@
 ---
 hetzner_server_type: cx21
 hetzner_ssh_keys:
  - stefan@curow.de
  - sven.ketelsen@arxes-tolina.de
--- a/host_vars/dev-elastic-stack-02.yml
+++ b/host_vars/dev-elastic-stack-02.yml
@ -0,0 +1,7 @@
 ---
 hetzner_server_type: cx21
 hetzner_ssh_keys:
  - stefan@curow.de
  - sven.ketelsen@arxes-tolina.de
--- a/host_vars/dev-elastic-stack-03.yml
+++ b/host_vars/dev-elastic-stack-03.yml
@ -0,0 +1,7 @@
 ---
 hetzner_server_type: cx21
 hetzner_ssh_keys:
  - stefan@curow.de
  - sven.ketelsen@arxes-tolina.de
--- a/keys/peter.heise/id_rsa.pub
+++ b/keys/peter.heise/id_rsa.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPiWNJzb4vqgkjsRjl1C5oTQbyEvsBPfBuVf3AL9Ssw7RJb8hl3VqVegJ1HqNe1/j4R04a53ND5qy93GBAYOI3iNKiWq2Cd9DM9QHN+EiNG7eo0wkr/VhBh5bh6knn12RXX1T0xnR9jeB3rIQWyJyR+PTSEz4oul+QjlKB8uO7LLmsoqVpVqGhj7xtoVIEfJPMCEBMjj/jc3rGK1ezrXBGCTFEQPl5b+XRy9kybv5hf6W02yPm82RRozG3/3zObiNPX/ajt5mHB09CTq5JLeLFlfftpcLEON1CDpzACm7cIvnYoHKltaGjkZaprxpPApkKLiPe8zVUYiG0wt5qYUXS/AQ5u6I0vFA+5H3fEYZMalp4fwf4OWFxqJQH97sivQe/q7SnOA70GiClri9qWt6r6/LP7du7UySvOWVX8R6CuD3OdaAHXng1UWLDwqP9r2XshQIVo90vz9vLVP2k7bBchxignmD7WL4VnEG5bhhf487xhK3+YCG8TWtGO8MXDp0= pheise@fedora-vm
--- a/keys/stefan.curow/id_rsa.pub
+++ b/keys/stefan.curow/id_rsa.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAscASzHdu85wUZUNYLHNJSbee3uQxApRXBV90twEFdUI8I4MmKVeGOi5zTat4VXqAGFgJ8CAUGM1rwC6azi1SDzikPVbV8QtqeRK1P1KVkknyBepe4t/DrhelQudJ2VM2wuDgCtbHWgvVfh3vd7IF5pThPke/oa8H2rACfM8pSTpn5AVPnTotM/8aTgEt1YDoDS+59CG/mGCMTvZ/EkYhIVIFEkNcaMn0Xwx0q3X2VuanA5Zu6BClybwE45A/kRZo7nXtEa33Mvr2yqkoC9DRP9l3d1K2wiIn3X8DBsgM+ZWsriS8Tt7UzOyHzyu7+ZlEvb4ek6ta/weKMbtJl/X3VQ== scurow
--- a/keys/sven.ketelsen/id_rsa.pub
+++ b/keys/sven.ketelsen/id_rsa.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDiP5IHm3hTbO/DBEwVoEFvbiOX56d67Q4fPWkmJlLAygQ40kRJj2ijzYNCryh4JSxXxOVu42c79Lzyxt1h/OhayGOatdAyEe/GIQB0YI4G5UmIxZecZCxOT3Uqj4j0+LDHH8QFkJUI59FpznM9VezwciL2Dxc2dA8lrEtKJVoZuCxHSx84GwzqBZdIhyNSSGvXu/ZP/KpT8ACAx5F5PJ3D+B+3pYuYLnzsYJ8Y4RYCoQ8bIX89txJ7bF2lrMmPeE3t2ms4bAh+QbohED0SksQKt1xEt9gt/Be+cRdrdts5XYfdKyd4iAFtzuRVOUTt4OcwqrFsiDeJRLK8taMH9Fz sven.ketelsen@arxes-tolina.de
--- a/keys/vanphuong.ma/id_rsa.pub
+++ b/keys/vanphuong.ma/id_rsa.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHgUkCCGkqAYt+WsTs0jnjVsZfIJdQoStX6hvV3l4K7UBJyGBmg7NxAZk053GYs2R6Ryg3S/Hqe4JeGX1XSxJTtpzPusBmvrEl4ei94h6F6IxeAyTjMrks3uS/n7awz4j6VcDW2OoHMbFl6VP8KPiWCjChG4Kz9peg9FhwFi9THlgr4cgSMjPjOfSoL43xWVOx+NC/JyFCBXD//WzsB02ceC71GG4W3RW8gAgNW9JOgdihP+qkA6oh68MBEPWr5uUolfoyQLSTGpE//YDCqgXyKCG1+bJ4UOZ3UC0nYayY/hWUIkPxHbZ5zCTYZ2Z2ah5u/QxGOryHFENbAu46MeKzPtoY3bfqfnfmB6C/rWTqUKIPBaKgaI104Lo1C+nmwhOiSewEKFZgoAzCoRWP+HoCDSceJyW9VlgoFR30nfFOaTnJ9N3um0YRZ+B5jDJOXE2+MoKBybfm/Johh/RKVWJvlrgUl7YuTTK0hd03FdRYEytReY/eQyNyXjqo9qmKwBk= vanphuong.ma@4K6N2X2
--- a/provisioning.yml
+++ b/provisioning.yml
@ -0,0 +1,19 @@
 ---
 - name: 'apply setup to {{ host | default("all") }}'
  hosts: '{{ host | default("all") }}'
  serial: "{{ serial_number | default(1) }}"
  gather_facts: no
  become: no
  pre_tasks:
    - name: "Check if ansible version is at least 2.10.x"
      assert:
        that:
          - ansible_version.major >= 2
          - ansible_version.minor >= 10
        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
  roles:
    - role: hcloud
      when: "'hcloud' in group_names"
--- a/roles/_digitalocean/defaults/main.yml
+++ b/roles/_digitalocean/defaults/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/_digitalocean/handlers/main.yml
+++ b/roles/_digitalocean/handlers/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/_digitalocean/meta/main.yml
+++ b/roles/_digitalocean/meta/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/_digitalocean/tasks/domain.yml
+++ b/roles/_digitalocean/tasks/domain.yml
@ -0,0 +1,60 @@
 ---
 - name: Read DNS entry for {{ record_name }}.{{ domain }} from digitalocean
  uri:
    url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records?name={{ record_name }}.{{ domain }}"
    headers:
      accept: application/json
      authorization: Bearer {{ digitalocean_authentication_token }}
    return_content: yes
  register: domain_records_response
  delegate_to: 127.0.0.1
 - name: Save DNS entry as variable (fact)
  set_fact: 
    domain_records_response_json: "{{ domain_records_response.json }}"
 - name: Parse DNS entry for {{ record_name }}.{{ domain }}
  set_fact:  
    domain_record:  "{{ domain_records_response_json.domain_records | json_query(jmesquery) | first | default({'name': '-', 'ip': '-'}) }}"
  vars:
    jmesquery: '[*].{id: id, name: name, ip: data}'
 - name: Print DNS entry for {{ record_name }}.{{ domain }}
  debug:
    msg: "{{ domain_record }}"
 - name: Delete DNS entry for <{{ record_name }}> if necessary
  uri:
    method: DELETE
    url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records/{{ domain_record.id }}"
    headers:
      authorization: Bearer {{ digitalocean_authentication_token }}
    return_content: yes
    status_code: 204
  when:
        domain_record.ip != '-'
    and record_data != domain_record.ip
  delegate_to: 127.0.0.1
 - name: Create DNS entry for <{{ record_name }}> if necessary
  uri:
    method: POST
    url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records"
    headers:
      authorization: Bearer {{ digitalocean_authentication_token }}
    body: '{{ create_record | to_json }}'
    body_format: json
    return_content: yes
    status_code: 201
  vars:
    create_record:
        type: 'A'
        ttl: 1800
        data: "{{ record_data }}"
        name: "{{ record_name }}"
  when:
        domain_record.ip == '-'
    or record_data != domain_record.ip
    or record_name != domain_record.name
  delegate_to: 127.0.0.1
--- a/roles/_digitalocean/vars/main.yml
+++ b/roles/_digitalocean/vars/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/hcloud/defaults/main.yml
+++ b/roles/hcloud/defaults/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/hcloud/handlers/main.yml
+++ b/roles/hcloud/handlers/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/hcloud/meta/main.yml
+++ b/roles/hcloud/meta/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/hcloud/tasks/main.yml
+++ b/roles/hcloud/tasks/main.yml
@ -0,0 +1,43 @@
 ---
 ### tags:
 - name: Create a new server {{ inventory_hostname }}
  hcloud_server:
    api_token: "{{ hetzner_authentication_token }}"
    name: "{{ inventory_hostname }}"
    server_type: "{{ hetzner_server_type }}"
    image: "{{ hetzner_server_image }}"
    ssh_keys: "{{ hetzner_ssh_keys }}"
    state: present
  delegate_to: 127.0.0.1
 - name: Gather current server infos
  hcloud_server_info:
    api_token: "{{ hetzner_authentication_token }}"
  register: hetzner_server_infos
  delegate_to: 127.0.0.1
 - name: Save current server infos as variable (fact)
  set_fact: 
    hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
  delegate_to: 127.0.0.1
 - name: Read ip for {{ inventory_hostname }}
  set_fact:
    stage_server_ip: "{{ item.ipv4_address }}"
  when: item.name == inventory_hostname
  with_items: "{{ hetzner_server_infos_json }}"
 - name: Print the gathered infos
  debug:
    var: stage_server_ip
  delegate_to: 127.0.0.1
 - name: "Setup DNS configuration for {{ inventory_hostname }}"
  include_role:
    name: _digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ inventory_hostname }}"
--- a/roles/hcloud/vars/main.yml
+++ b/roles/hcloud/vars/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/hetzner-state/defaults/main.yml
+++ b/roles/hetzner-state/defaults/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/hetzner-state/handlers/main.yml
+++ b/roles/hetzner-state/handlers/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/hetzner-state/meta/main.yml
+++ b/roles/hetzner-state/meta/main.yml
@ -0,0 +1 @@
 ---
--- a/roles/hetzner-state/tasks/main.yml
+++ b/roles/hetzner-state/tasks/main.yml
@ -0,0 +1,10 @@
 ---
 ### tags:
 - name: Ensure the server {{ inventory_hostname }} is {{ hetzner_state }}
  hcloud_server:
    api_token: "{{ hetzner_authentication_token }}"
    name: "{{ inventory_hostname }}"
    state: "{{ hetzner_state }}"
  delegate_to: 127.0.0.1
--- a/roles/hetzner-state/vars/main.yml
+++ b/roles/hetzner-state/vars/main.yml
@ -0,0 +1 @@
 ---
--- a/10
+++ b/10
@ -0,0 +1,10 @@
 [hcloud]
 dev-elastic-stack-01
 dev-elastic-stack-02
 dev-elastic-stack-03
 [stage_dev:children]
 hcloud
 [all:children]
 stage_dev
--- a/start.yml
+++ b/start.yml
@ -0,0 +1,21 @@
 ---
 - name: 'apply setup to {{ host | default("all") }}'
  hosts: '{{ host | default("all") }}'
  serial: "{{ serial_number | default(5) }}"
  gather_facts: no
  become: no
  pre_tasks:
    - name: "Check if ansible version is at least 2.10.x"
      assert:
        that:
          - ansible_version.major >= 2
          - ansible_version.minor >= 10
        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
  roles:
    - role: hetzner-state
      vars:
        hetzner_state: 'started'
      when: "'hcloud' in group_names"
--- a/stop.yml
+++ b/stop.yml
@ -0,0 +1,21 @@
 ---
 - name: 'apply setup to {{ host | default("all") }}'
  hosts: '{{ host | default("all") }}'
  serial: "{{ serial_number | default(5) }}"
  gather_facts: no
  become: no
  pre_tasks:
    - name: "Check if ansible version is at least 2.10.x"
      assert:
        that:
          - ansible_version.major >= 2
          - ansible_version.minor >= 10
        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
  roles:
    - role: hetzner-state
      vars:
        hetzner_state: 'stopped'
      when: "'hcloud' in group_names"
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPiWNJzb4vqgkjsRjl1C5oTQbyEvsBPfBuVf3AL9Ssw7RJb8hl3VqVegJ1HqNe1/j4R04a53ND5qy93GBAYOI3iNKiWq2Cd9DM9QHN+EiNG7eo0wkr/VhBh5bh6knn12RXX1T0xnR9jeB3rIQWyJyR+PTSEz4oul+QjlKB8uO7LLmsoqVpVqGhj7xtoVIEfJPMCEBMjj/jc3rGK1ezrXBGCTFEQPl5b+XRy9kybv5hf6W02yPm82RRozG3/3zObiNPX/ajt5mHB09CTq5JLeLFlfftpcLEON1CDpzACm7cIvnYoHKltaGjkZaprxpPApkKLiPe8zVUYiG0wt5qYUXS/AQ5u6I0vFA+5H3fEYZMalp4fwf4OWFxqJQH97sivQe/q7SnOA70GiClri9qWt6r6/LP7du7UySvOWVX8R6CuD3OdaAHXng1UWLDwqP9r2XshQIVo90vz9vLVP2k7bBchxignmD7WL4VnEG5bhhf487xhK3+YCG8TWtGO8MXDp0= pheise@fedora-vm
		`@ -0,0 +1 @@`
							`ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAscASzHdu85wUZUNYLHNJSbee3uQxApRXBV90twEFdUI8I4MmKVeGOi5zTat4VXqAGFgJ8CAUGM1rwC6azi1SDzikPVbV8QtqeRK1P1KVkknyBepe4t/DrhelQudJ2VM2wuDgCtbHWgvVfh3vd7IF5pThPke/oa8H2rACfM8pSTpn5AVPnTotM/8aTgEt1YDoDS+59CG/mGCMTvZ/EkYhIVIFEkNcaMn0Xwx0q3X2VuanA5Zu6BClybwE45A/kRZo7nXtEa33Mvr2yqkoC9DRP9l3d1K2wiIn3X8DBsgM+ZWsriS8Tt7UzOyHzyu7+ZlEvb4ek6ta/weKMbtJl/X3VQ== scurow`
		`@ -0,0 +1 @@`
							`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDiP5IHm3hTbO/DBEwVoEFvbiOX56d67Q4fPWkmJlLAygQ40kRJj2ijzYNCryh4JSxXxOVu42c79Lzyxt1h/OhayGOatdAyEe/GIQB0YI4G5UmIxZecZCxOT3Uqj4j0+LDHH8QFkJUI59FpznM9VezwciL2Dxc2dA8lrEtKJVoZuCxHSx84GwzqBZdIhyNSSGvXu/ZP/KpT8ACAx5F5PJ3D+B+3pYuYLnzsYJ8Y4RYCoQ8bIX89txJ7bF2lrMmPeE3t2ms4bAh+QbohED0SksQKt1xEt9gt/Be+cRdrdts5XYfdKyd4iAFtzuRVOUTt4OcwqrFsiDeJRLK8taMH9Fz sven.ketelsen@arxes-tolina.de`
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHgUkCCGkqAYt+WsTs0jnjVsZfIJdQoStX6hvV3l4K7UBJyGBmg7NxAZk053GYs2R6Ryg3S/Hqe4JeGX1XSxJTtpzPusBmvrEl4ei94h6F6IxeAyTjMrks3uS/n7awz4j6VcDW2OoHMbFl6VP8KPiWCjChG4Kz9peg9FhwFi9THlgr4cgSMjPjOfSoL43xWVOx+NC/JyFCBXD//WzsB02ceC71GG4W3RW8gAgNW9JOgdihP+qkA6oh68MBEPWr5uUolfoyQLSTGpE//YDCqgXyKCG1+bJ4UOZ3UC0nYayY/hWUIkPxHbZ5zCTYZ2Z2ah5u/QxGOryHFENbAu46MeKzPtoY3bfqfnfmB6C/rWTqUKIPBaKgaI104Lo1C+nmwhOiSewEKFZgoAzCoRWP+HoCDSceJyW9VlgoFR30nfFOaTnJ9N3um0YRZ+B5jDJOXE2+MoKBybfm/Johh/RKVWJvlrgUl7YuTTK0hd03FdRYEytReY/eQyNyXjqo9qmKwBk= vanphuong.ma@4K6N2X2