Dev-997: provisioning galaxy role
Hoan To
3 years ago
parent
bbc57dbac5
commit
969b4bb54e
@ -1,47 +0,0 @@
|
||||
---
|
||||
|
||||
- name: "Read DNS entry for <{{ record_to_remove }}.{{ domain }}> from digitalocean"
|
||||
uri:
|
||||
url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records?name={{ record_to_remove }}.{{ domain }}"
|
||||
headers:
|
||||
accept: application/json
|
||||
authorization: "Bearer {{ digitalocean_authentication_token }}"
|
||||
return_content: yes
|
||||
register: domain_records_response
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: "Save DNS entry as variable (fact)"
|
||||
set_fact:
|
||||
domain_records_response_json: "{{ domain_records_response.json }}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: "Parse DNS entry for <{{ record_to_remove }}.{{ domain }}>"
|
||||
set_fact:
|
||||
domain_record: "{{ domain_records_response_json.domain_records | json_query(jmesquery) | first | default({'name': '-', 'ip': '-'}) }}"
|
||||
vars:
|
||||
jmesquery: '[*].{id: id, name: name, ip: data}'
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: "Print DNS entry for <{{ record_to_remove }}.{{ domain }}>"
|
||||
debug:
|
||||
msg: "{{ domain_record }}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: "Delete DNS entry <{{ record_to_remove }}> for <{{ domain }}>"
|
||||
uri:
|
||||
method: DELETE
|
||||
url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records/{{ domain_record.id }}"
|
||||
headers:
|
||||
authorization: Bearer {{ digitalocean_authentication_token }}
|
||||
return_content: yes
|
||||
status_code: 204
|
||||
changed_when: true
|
||||
when:
|
||||
domain_record.ip != '-'
|
||||
and record_to_remove != domain_record.ip
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
@ -1,9 +0,0 @@
|
||||
---
|
||||
|
||||
server_state: "present"
|
||||
max_retries: 15
|
||||
retry_delay: 60
|
||||
|
||||
hetzner_networks:
|
||||
- name: "{{ stage }}"
|
||||
label_selector: "stage={{ stage }}"
|
||||
@ -1,31 +0,0 @@
|
||||
---
|
||||
|
||||
- name: "Gathering current load_balancer infos from hetzner"
|
||||
hetzner.hcloud.hcloud_load_balancer_info:
|
||||
api_token: "{{ hetzner_authentication_ansible }}"
|
||||
#label_selector: "{{ current_load_balancer_group.label_selector }}"
|
||||
register: current_load_balancer_infos
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_config
|
||||
|
||||
- name: "Setting loadbalancer group as fact: load_balancer_group_infos_{{ current_load_balancer_group.name }}"
|
||||
set_fact:
|
||||
load_balancer_group_infos_{{ current_load_balancer_group.name }}: "{{ current_load_balancer_infos.hcloud_load_balancer_info | json_query(querystr) }}" # noqa var-naming
|
||||
vars:
|
||||
querystr: "[*].{id: id, name: name, ip: ipv4_address}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_config
|
||||
|
||||
- name: "Printing load_balancer infos {{ current_load_balancer_infos }}"
|
||||
debug:
|
||||
msg: "{{ current_load_balancer_infos }}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_config
|
||||
when:
|
||||
- debug
|
||||
@ -1,31 +0,0 @@
|
||||
---
|
||||
|
||||
- name: "Gathering current server infos for group {{ current_server_group.name }} from hetzner"
|
||||
hcloud_server_info:
|
||||
api_token: "{{ hetzner_authentication_ansible }}"
|
||||
label_selector: "{{ current_server_group.label_selector }}"
|
||||
register: current_server_infos
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_config
|
||||
|
||||
- name: "Setting server group as fact: server_group_infos_{{ current_server_group.name }}"
|
||||
set_fact:
|
||||
server_group_infos_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}" # noqa var-naming
|
||||
vars:
|
||||
querystr: "[*].{id: id, name: name, ip: ipv4_address}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_config
|
||||
|
||||
- name: "Printing server group {{ current_server_group.name }}"
|
||||
debug:
|
||||
msg: "{{ lookup('vars', 'server_group_infos_' + current_server_group.name) }}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_config
|
||||
when:
|
||||
- debug
|
||||
@ -1,31 +0,0 @@
|
||||
---
|
||||
|
||||
- name: "Gathering current server infos for group {{ current_server_group.name }} from hetzner"
|
||||
hcloud_server_info:
|
||||
api_token: "{{ hetzner_authentication_ansible }}"
|
||||
label_selector: "{{ current_server_group.label_selector }}"
|
||||
register: current_server_infos
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_config
|
||||
|
||||
- name: "Setting server group as fact: server_group_names_{{ current_server_group.name }}"
|
||||
set_fact:
|
||||
server_group_names_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}" # noqa var-naming
|
||||
vars:
|
||||
querystr: "[*].name"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_config
|
||||
|
||||
- name: "Printing server group {{ current_server_group.name }}"
|
||||
debug:
|
||||
msg: "{{ lookup('vars', 'server_group_names_' + current_server_group.name) }}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_config
|
||||
when:
|
||||
- debug
|
||||
@ -1,61 +0,0 @@
|
||||
---
|
||||
- name: "Block to handle hetzner server state in case of problems"
|
||||
block:
|
||||
- name: "Increment the retry count"
|
||||
set_fact:
|
||||
retry_count: "{{ retry_count | default(0) | int + 1 }}"
|
||||
|
||||
- name: "Checking state for server <{{ inventory_hostname }}> is <{{ server_state }}>"
|
||||
hetzner.hcloud.hcloud_server:
|
||||
api_token: "{{ hetzner_authentication_ansible }}"
|
||||
name: "{{ inventory_hostname }}"
|
||||
server_type: "{{ hetzner_server_type }}"
|
||||
image: "{{ hetzner_server_image }}"
|
||||
ssh_keys: "{{ hetzner_ssh_keys }}"
|
||||
labels: "{{ hetzner_server_labels }}"
|
||||
location: nbg1
|
||||
state: "{{ server_state }}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
async: 300
|
||||
poll: 5
|
||||
register: hcloud_response
|
||||
ignore_errors: yes
|
||||
|
||||
- name: "Block - DEBUG: hcloud_response"
|
||||
debug:
|
||||
msg: '{{ hcloud_response.msg }}'
|
||||
when:
|
||||
- hcloud_response.msg is defined
|
||||
|
||||
- name: "Ensure Server is STARTED when server_state=present"
|
||||
hetzner.hcloud.hcloud_server:
|
||||
api_token: "{{ hetzner_authentication_ansible }}"
|
||||
name: "{{ inventory_hostname }}"
|
||||
state: "started"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
async: 150
|
||||
poll: 15
|
||||
register: hcloud_response
|
||||
when:
|
||||
- server_state == 'present'
|
||||
|
||||
rescue:
|
||||
- name: "RESCUE - fail: Maximum retries reached"
|
||||
fail:
|
||||
msg: "max_retries of {{ max_retries }} reached. Plz check."
|
||||
when: retry_count | int == max_retries | int
|
||||
|
||||
- name: "RESCUE-fail DEBUG: hcloud_response"
|
||||
debug:
|
||||
msg: '{{ hcloud_response.msg }}'
|
||||
|
||||
- name: "RESCUE: wait_for {{ retry_delay }} sec. between retries"
|
||||
wait_for:
|
||||
timeout: "{{ retry_delay }}"
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
|
||||
- name: "Include _set_server one time again => increase retry_count"
|
||||
include_tasks: _set_server_state.yml
|
||||
@ -1,183 +0,0 @@
|
||||
---
|
||||
- name: "Get all existing firewalls"
|
||||
uri:
|
||||
method: GET
|
||||
url: "https://api.hetzner.cloud/v1/firewalls?per_page=1000"
|
||||
body_format: json
|
||||
headers:
|
||||
accept: application/json
|
||||
authorization: Bearer {{ hetzner_authentication_ansible }}
|
||||
status_code: [200]
|
||||
register: hcloud_firewalls_all
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: "Setting hetzner firewall pagination count: <{{ hcloud_firewalls_all.json.meta.pagination.last_page }}>"
|
||||
set_fact:
|
||||
total_server_pages: "{{ hcloud_firewalls_all.json.meta.pagination.last_page }}"
|
||||
become: false
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: "BLOCK << WITHOUT >> pagination"
|
||||
block:
|
||||
- name: "Get firewall object from list"
|
||||
set_fact:
|
||||
lookup_fw_obj: "{{ hcloud_firewalls_all.json.firewalls | community.general.json_query(jsonquery_find_firewall_name) }}"
|
||||
vars:
|
||||
jsonquery_find_firewall_name: "[?name=='{{ firewall_object.name }}']"
|
||||
when:
|
||||
- total_server_pages == '1'
|
||||
|
||||
|
||||
- name: "<< WITH >> pagination"
|
||||
block:
|
||||
- name: "Get all existing firewalls"
|
||||
uri:
|
||||
method: GET
|
||||
url: "https://api.hetzner.cloud/v1/firewalls?page={{ item }}"
|
||||
body_format: json
|
||||
headers:
|
||||
accept: application/json
|
||||
authorization: Bearer {{ hetzner_authentication_ansible }}
|
||||
status_code: [200]
|
||||
register: hcloud_firewalls_all
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: "Get firewall object from list"
|
||||
set_fact:
|
||||
lookup_fw_obj: "{{ hcloud_firewalls_all.json.results | community.general.json_query(querystr1) | first | community.general.json_query(querystr2) | community.general.json_query(querystr2) }}"
|
||||
vars:
|
||||
querystr1: "[[*].json.firewalls]"
|
||||
querystr2: "[?name=='{{ firewall_object.name }}']"
|
||||
when:
|
||||
- total_server_pages != '1'
|
||||
|
||||
- name: "Create firewall rule for <<{{ firewall_object.name }}>>"
|
||||
uri:
|
||||
method: POST
|
||||
url: "https://api.hetzner.cloud/v1/firewalls"
|
||||
body_format: json
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
authorization: Bearer {{ hetzner_authentication_ansible }}
|
||||
body: "{{ firewall_object | to_json }}"
|
||||
return_content: yes
|
||||
status_code: [201]
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when:
|
||||
- firewall_object.state == 'present'
|
||||
- lookup_fw_obj | length == 0
|
||||
|
||||
- name: "Update firewall rule for <<{{ firewall_object.name }}>>"
|
||||
block:
|
||||
|
||||
- name: "Step_1: update FW rule <<{{ firewall_object.name }}>>"
|
||||
uri:
|
||||
method: PUT
|
||||
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}"
|
||||
body_format: json
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
authorization: Bearer {{ hetzner_authentication_ansible }}
|
||||
body: "{{ firewall_object | to_json }}"
|
||||
return_content: yes
|
||||
status_code: [200]
|
||||
register: fw_update_step1
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: "Setting VAR"
|
||||
set_fact:
|
||||
rules_obj:
|
||||
rules: "{{ firewall_object.rules }}"
|
||||
applyto_obj:
|
||||
apply_to: "{{ firewall_object.apply_to }}"
|
||||
|
||||
- name: "Step_2: update FW rule - update rules"
|
||||
uri:
|
||||
method: POST
|
||||
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/set_rules"
|
||||
body_format: json
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
authorization: Bearer {{ hetzner_authentication_ansible }}
|
||||
body: "{{ rules_obj | to_json }}"
|
||||
return_content: yes
|
||||
status_code: [201]
|
||||
register: fw_update_step2
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: "Step_3: update FW rule - apply-to-resources"
|
||||
uri:
|
||||
method: POST
|
||||
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/apply_to_resources"
|
||||
body_format: json
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
authorization: Bearer {{ hetzner_authentication_ansible }}
|
||||
body: "{{ applyto_obj | to_json }}"
|
||||
return_content: yes
|
||||
status_code: [201]
|
||||
register: fw_update_step2
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
rescue:
|
||||
- name: "Rescueing FW-apply-to part "
|
||||
debug:
|
||||
msg: "Everything fine - FW-apply-to part already applied"
|
||||
when:
|
||||
- fw_update_step2.status in [422]
|
||||
- fw_update_step2.json.error.code == 'firewall_already_applied'
|
||||
|
||||
when:
|
||||
- firewall_object.state == 'present'
|
||||
- lookup_fw_obj | length > 0
|
||||
|
||||
- name: "Delete firewall rule for <<{{ firewall_object.name }}>>"
|
||||
block:
|
||||
|
||||
- name: "Create firewall object for deactivation"
|
||||
set_fact:
|
||||
deactivate_fw_obj:
|
||||
remove_from: "{{ firewall_object.apply_to }}"
|
||||
|
||||
- name: "Step_1: Unset usage of firewall rule <<{{ firewall_object.name }}>>"
|
||||
uri:
|
||||
method: POST
|
||||
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/remove_from_resources"
|
||||
body_format: json
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
authorization: Bearer {{ hetzner_authentication_ansible }}
|
||||
body: "{{ deactivate_fw_obj | to_json }}"
|
||||
return_content: yes
|
||||
status_code: [201]
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: "Step_2: Delete firewall rule for <<{{ firewall_object.name }}>>"
|
||||
uri:
|
||||
method: DELETE
|
||||
url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}"
|
||||
body_format: json
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
authorization: Bearer {{ hetzner_authentication_ansible }}
|
||||
return_content: yes
|
||||
status_code: [204]
|
||||
register: cleanup_firewall
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
until: cleanup_firewall.status in [204]
|
||||
retries: 15
|
||||
delay: 10
|
||||
|
||||
when:
|
||||
- firewall_object.state == 'absent'
|
||||
- lookup_fw_obj | length > 0
|
||||
@ -1,45 +0,0 @@
|
||||
---
|
||||
|
||||
- name: "Checking present state for network <{{ current_network_name }}>"
|
||||
hcloud_network:
|
||||
api_token: "{{ hetzner_authentication_ansible }}"
|
||||
name: "{{ current_network_name }}"
|
||||
labels: "{{ current_network_labels }}"
|
||||
ip_range: "{{ shared_service_network }}"
|
||||
state: present
|
||||
register: hcloud_result
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
delay: 5
|
||||
retries: 30
|
||||
until: hcloud_result.hcloud_network is defined
|
||||
|
||||
- name: "Checking present state for subnetwork for <{{ current_network_name }}>"
|
||||
hcloud_subnetwork:
|
||||
api_token: "{{ hetzner_authentication_ansible }}"
|
||||
network: "{{ current_network_name }}"
|
||||
ip_range: "{{ shared_service_network }}"
|
||||
network_zone: eu-central
|
||||
type: cloud
|
||||
state: present
|
||||
register: hcloud_result
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
delay: 5
|
||||
retries: 30
|
||||
until: hcloud_result.hcloud_subnetwork is defined
|
||||
|
||||
- name: "Checking present state for server network <{{ current_network_name }}> on <{{ inventory_hostname }}>"
|
||||
hcloud_server_network:
|
||||
api_token: "{{ hetzner_authentication_ansible }}"
|
||||
network: "{{ current_network_name }}"
|
||||
server: "{{ inventory_hostname }}"
|
||||
state: present
|
||||
register: hcloud_result
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
delay: 5
|
||||
retries: 30
|
||||
until: hcloud_result.hcloud_server_network is defined
|
||||
tags:
|
||||
- update_networks
|
||||
@ -1,81 +0,0 @@
|
||||
---
|
||||
|
||||
### tags:
|
||||
### update_dns
|
||||
### update_networks
|
||||
|
||||
- name: "Checking state of server for <{{ inventory_hostname }}>"
|
||||
include_role:
|
||||
name: hcloud
|
||||
tasks_from: _set_server_state
|
||||
|
||||
- name: "Gathering current server infos from hetzner"
|
||||
hcloud_server_info:
|
||||
api_token: "{{ hetzner_authentication_ansible }}"
|
||||
register: hetzner_server_infos
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_dns
|
||||
- update_networks
|
||||
|
||||
- name: "Setting current server infos as fact: hetzner_server_infos_json"
|
||||
set_fact:
|
||||
hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_dns
|
||||
- update_networks
|
||||
|
||||
- name: "Reading ip address for {{ inventory_hostname }}"
|
||||
set_fact:
|
||||
stage_server_ip: "{{ hetzner_server_infos_json | json_query(querystr) | first }}"
|
||||
vars:
|
||||
querystr: "[?name=='{{ inventory_hostname }}'].ipv4_address"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_dns
|
||||
- update_networks
|
||||
|
||||
- name: "Printing ip address for {{ inventory_hostname }}"
|
||||
debug:
|
||||
msg: "{{ stage_server_ip }}"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
tags:
|
||||
- update_dns
|
||||
- update_networks
|
||||
when:
|
||||
- debug
|
||||
|
||||
- name: "Checking present state for networks: {{ hetzner_networks }}"
|
||||
include_tasks: configure-network.yml
|
||||
vars:
|
||||
current_network_name: '{{ current_network.name }}'
|
||||
current_network_labels: 'stage={{ stage }}'
|
||||
current_server_label_selector: '{{ current_network.label_selector }}'
|
||||
loop: "{{ hetzner_networks }}"
|
||||
loop_control:
|
||||
loop_var: current_network
|
||||
tags:
|
||||
- update_networks
|
||||
|
||||
- name: "Checking present state of dns for {{ inventory_hostname }}"
|
||||
include_role:
|
||||
name: dns
|
||||
vars:
|
||||
record_data: "{{ stage_server_ip }}"
|
||||
record_name: "{{ inventory_hostname }}"
|
||||
tags:
|
||||
- update_dns
|
||||
|
||||
# needed due to some weird hetzner behaviour that some servers need more time to be well provisioned
|
||||
- name: "Wait for {{ inventory_hostname }}"
|
||||
delegate_to: localhost
|
||||
wait_for:
|
||||
timeout: 180
|
||||
port: 22
|
||||
host: '{{ stage_server_ip }}'
|
||||
search_regex: OpenSSH
|
||||
@ -1 +0,0 @@
|
||||
---
|
||||
Loading…
Reference in New Issue