--- ############################################################# # create inventory dynamically for given parameters ############################################################# - hosts: localhost connection: local gather_facts: false pre_tasks: - name: "Check if ansible version is at least 2.10.x" assert: that: - ansible_version.major >= 2 - ansible_version.minor >= 10 msg: "The ansible version has to be at least ({{ ansible_version.full }})" tasks: - name: Add hosts add_host: name: "{{ stage }}-{{ name }}-{{ '%02d' | format(item|int) }}" groups: - "stage_{{ stage }}" - "{{ service }}" - "dynamic_{{ service }}" with_sequence: start=1 end={{ count }} ############################################################# # run provisioning against newly created inventory ############################################################# - hosts: "stage_{{ stage }}" serial: "{{ serial_number | default(5) }}" gather_facts: false pre_tasks: - name: Get all Firewalls from Hetzner uri: url: "https://api.hetzner.cloud/v1/firewalls" headers: accept: application/json authorization: Bearer {{ hetzner_authentication_token }} return_content: yes register: hetzner_firewalls_response delegate_to: 127.0.0.1 tags: - update_networks - name: Save firewall entries as variable (fact) set_fact: hetzner_firewalls_response_json: "{{ hetzner_firewalls_response.json }}" tags: - update_networks - name: Parse firewall entries set_fact: firewall_records: "{{ hetzner_firewalls_response_json.firewalls | json_query(jmesquery) }}" vars: jmesquery: '[*].{id: id, name: name}' tags: - update_networks - name: Print firewall entries debug: msg: "{{ firewall_records }}" tags: - update_networks roles: - role: hcloud ############################################################# # ############################################################# - hosts: "stage_{{ stage }}" serial: "{{ serial_number | default(1) }}" gather_facts: false pre_tasks: - name: "Gather current server infos" hcloud_server_info: api_token: "{{ hetzner_authentication_token }}" register: hetzner_server_infos delegate_to: 127.0.0.1 become: false - name: "Set current server infos as fact: hetzner_server_infos_json" set_fact: hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" delegate_to: 127.0.0.1 become: false - name: "Read ip address for {{ inventory_hostname }}" set_fact: stage_server_ip: "{{ item.ipv4_address }}" when: item.name == inventory_hostname with_items: "{{ hetzner_server_infos_json }}" delegate_to: 127.0.0.1 become: false # - name: Print the gathered infos # debug: # var: stage_server_ip # delegate_to: 127.0.0.1 - name: Remove {{ stage_server_ip }} keys from known_hosts shell: ssh-keygen -R {{ stage_server_ip }} delegate_to: 127.0.0.1 - name: Add {{ stage_server_ip }} keys from known_hosts shell: ssh-keyscan -H {{ stage_server_ip }} >> ~/.ssh/known_hosts delegate_to: 127.0.0.1 - name: Remove {{ inventory_hostname }}.{{ domain }} keys from known_hosts shell: ssh-keygen -R {{ inventory_hostname }}.{{ domain }} delegate_to: 127.0.0.1 - name: Add {{ inventory_hostname }}.{{ domain }} keys from known_hosts shell: ssh-keyscan -H {{ inventory_hostname }}.{{ domain }} >> ~/.ssh/known_hosts delegate_to: 127.0.0.1 ############################################################# # run server setup against newly created inventory ############################################################# - hosts: "stage_{{ stage }}" serial: "{{ serial_number | default(5) }}" remote_user: root pre_tasks: - name: Remove outdated dependencies apt: name: [ 'docker', 'docker-client', 'docker-client-latest', 'docker-common', 'docker-latest', 'docker-latest-logrotate', 'docker-logrotate', 'docker-engine', 'smartmontools', ] state: 'absent' when: ansible_distribution == "Ubuntu" - name: "Gather current server infos" hcloud_server_info: api_token: "{{ hetzner_authentication_token }}" register: hetzner_server_infos delegate_to: 127.0.0.1 become: false - name: "Set current server infos as fact: hetzner_server_infos_json" set_fact: hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" delegate_to: 127.0.0.1 become: false - name: "Read ip address for {{ inventory_hostname }}" set_fact: stage_server_ip: "{{ item.ipv4_address }}" when: item.name == inventory_hostname with_items: "{{ hetzner_server_infos_json }}" delegate_to: 127.0.0.1 become: false # - name: Print the gathered infos # debug: # var: stage_server_ip # delegate_to: 127.0.0.1 roles: - role: ansible-role-docker vars: docker_compose_version: '1.29.1' docker_compose_path: '/usr/bin/docker-compose' docker_users: '{{ smardigo_plattform_users }}' - role: common - role: filebeat when: filebeat_enabled | default(True) - role: node-exporter when: node_exporter_enabled | default(True) - role: traefik when: traefik_enabled | default(True) ############################################################# # run service setup against newly created inventory ############################################################# - hosts: "stage_{{ stage }}" serial: "{{ serial_number | default(5) }}" remote_user: root pre_tasks: - name: "Gather current server infos" hcloud_server_info: api_token: "{{ hetzner_authentication_token }}" register: hetzner_server_infos delegate_to: 127.0.0.1 become: false tags: - update_networks - name: "Set current server infos as fact: hetzner_server_infos_json" set_fact: hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" delegate_to: 127.0.0.1 become: false tags: - update_networks - name: "Read ip address for {{ inventory_hostname }}" set_fact: stage_server_ip: "{{ item.ipv4_address }}" when: item.name == inventory_hostname with_items: "{{ hetzner_server_infos_json }}" delegate_to: 127.0.0.1 become: false tags: - update_networks # - name: Print the gathered infos # debug: # var: stage_server_ip # delegate_to: 127.0.0.1 # become: false # tags: # - update_networks roles: - role: connect when: "'connect' in group_names" - role: keycloak when: "'keycloak' in group_names" - role: postfix when: "'postfix' in group_names" - role: harbor when: "'harbor' in group_names" - role: elastic when: "'elastic' in group_names" - role: prometheus when: "'prometheus' in group_names"