feat: convert playbooks to task + clear playbook
This commit is contained in:
Lenoctambule
11
clear.yml
Normal file
11
clear.yml
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
- name: Clean up the instance
|
||||||
|
hosts: hosts
|
||||||
|
become: true
|
||||||
|
vars_files:
|
||||||
|
- vars.yml
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Remove app files
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: absent
|
||||||
|
path: "{{ dest_dir }}"
|
||||||
11
playbook.yml
11
playbook.yml
@@ -1,2 +1,9 @@
|
|||||||
# - import_playbook: ./playbooks/install-docker.yml
|
- hosts: hosts
|
||||||
- import_playbook: ./playbooks/setup-reverse-proxy.yml
|
become: true
|
||||||
|
vars_files:
|
||||||
|
- vars.yml
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- import_tasks: ./tasks/install-docker.yml
|
||||||
|
- import_tasks: ./tasks/setup-reverse-proxy.yml
|
||||||
|
- import_tasks: ./tasks/setup-and-start-app.yml
|
||||||
@@ -1,68 +0,0 @@
|
|||||||
- name: Installing Docker and Docker Compose
|
|
||||||
hosts: hosts
|
|
||||||
become: true
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: Clear previous install of Docker
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- docker.io
|
|
||||||
- docker-compose
|
|
||||||
- docker-compose-v2
|
|
||||||
- docker-doc
|
|
||||||
- podman-docker
|
|
||||||
- containerd
|
|
||||||
state: absent
|
|
||||||
autoremove: true
|
|
||||||
force: true
|
|
||||||
|
|
||||||
- name: Install pre-requirements
|
|
||||||
ansible.builtin.apt:
|
|
||||||
update_cache: yes
|
|
||||||
pkg:
|
|
||||||
- ca-certificates
|
|
||||||
- curl
|
|
||||||
force: true
|
|
||||||
|
|
||||||
- name: Add Docker GPG key and Repository
|
|
||||||
block:
|
|
||||||
- name: Download GPG Key
|
|
||||||
ansible.builtin.get_url:
|
|
||||||
url: https://download.docker.com/linux/ubuntu/gpg
|
|
||||||
dest: /etc/apt/keyrings/docker.asc
|
|
||||||
|
|
||||||
- name: Add Docker repository source
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: docker.sources.j2
|
|
||||||
dest: /etc/apt/sources.list.d/docker.sources
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
|
|
||||||
- name: Update apt cache after adding Docker repository
|
|
||||||
ansible.builtin.apt:
|
|
||||||
update_cache: yes
|
|
||||||
|
|
||||||
- name: Install Docker and Docker Compose
|
|
||||||
ansible.builtin.apt:
|
|
||||||
state: present
|
|
||||||
name:
|
|
||||||
- docker-ce
|
|
||||||
- docker-ce-cli
|
|
||||||
- containerd.io
|
|
||||||
- docker-buildx-plugin
|
|
||||||
- docker-compose-plugin
|
|
||||||
force: true
|
|
||||||
ignore_errors: '{{ ansible_check_mode }}'
|
|
||||||
|
|
||||||
- name: Ensure group "docker" exists
|
|
||||||
ansible.builtin.group:
|
|
||||||
name: docker
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Add user to group
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: "{{ ansible_user_id }}"
|
|
||||||
groups: docker
|
|
||||||
append: yes
|
|
||||||
ignore_errors: '{{ ansible_check_mode }}'
|
|
||||||
@@ -1,59 +0,0 @@
|
|||||||
- name: Setting up reverse proxy and load balancer
|
|
||||||
hosts: hosts
|
|
||||||
become: true
|
|
||||||
vars:
|
|
||||||
is_local: true
|
|
||||||
passphrase: changeme
|
|
||||||
cert_domain: "example.com"
|
|
||||||
cert_email: "admin@example.com"
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: Install Certbot and Nginx
|
|
||||||
block:
|
|
||||||
- name: Installing Python3 and PIP
|
|
||||||
ansible.builtin.apt:
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
pkg:
|
|
||||||
- nginx
|
|
||||||
- python3-pip
|
|
||||||
- python3
|
|
||||||
- python3-dev
|
|
||||||
- python3-venv
|
|
||||||
- libaugeas-dev
|
|
||||||
- gcc
|
|
||||||
|
|
||||||
- name: Installing Certbot
|
|
||||||
ansible.builtin.pip:
|
|
||||||
name:
|
|
||||||
- certbot
|
|
||||||
- certbox-nginx
|
|
||||||
when: not ansible_check_mode
|
|
||||||
|
|
||||||
# - name: Manage SSL certificate with community module
|
|
||||||
- name: Obtain or renew SSL certificate for {{ cert_domain }}
|
|
||||||
ansible.builtin.shell: |
|
|
||||||
certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }}
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
creates: /etc/letsencrypt/live/{{ cert_domain }}/fullchain.pem
|
|
||||||
register: certbot_result
|
|
||||||
changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout"
|
|
||||||
failed_when: false # Set to true if you want the playbook to fail immediately on error
|
|
||||||
ignore_errors: true # Optional: Allows the playbook to continue if certbot isn't installed yet
|
|
||||||
when: cert_domain is defined
|
|
||||||
|
|
||||||
- name: Installing self-signed certificate
|
|
||||||
when: is_local
|
|
||||||
block:
|
|
||||||
- name: Create private key (X25519) with password protection
|
|
||||||
community.crypto.openssl_privatekey:
|
|
||||||
path: /etc/ssl/private/nginx-selfsigned.key
|
|
||||||
type: X25519
|
|
||||||
passphrase: { passphrase }
|
|
||||||
|
|
||||||
- name: Create self-signed certificate
|
|
||||||
community.crypto.x509_certificate:
|
|
||||||
path: /etc/ssl/certs/nginx-selfsigned.crt
|
|
||||||
privatekey_path: /etc/ssl/private/nginx-selfsigned.key
|
|
||||||
provider: selfsigned
|
|
||||||
63
tasks/install-docker.yml
Normal file
63
tasks/install-docker.yml
Normal file
@@ -0,0 +1,63 @@
|
|||||||
|
- name: Clear previous install of Docker
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- docker.io
|
||||||
|
- docker-compose
|
||||||
|
- docker-compose-v2
|
||||||
|
- docker-doc
|
||||||
|
- podman-docker
|
||||||
|
- containerd
|
||||||
|
state: absent
|
||||||
|
autoremove: true
|
||||||
|
force: true
|
||||||
|
|
||||||
|
- name: Install pre-requirements
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- ca-certificates
|
||||||
|
- curl
|
||||||
|
force: true
|
||||||
|
|
||||||
|
- name: Add Docker GPG key and Repository
|
||||||
|
block:
|
||||||
|
- name: Download GPG Key
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://download.docker.com/linux/ubuntu/gpg
|
||||||
|
dest: /etc/apt/keyrings/docker.asc
|
||||||
|
|
||||||
|
- name: Add Docker repository source
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: docker.sources.j2
|
||||||
|
dest: /etc/apt/sources.list.d/docker.sources
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Update apt cache after adding Docker repository
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Install Docker and Docker Compose
|
||||||
|
ansible.builtin.apt:
|
||||||
|
state: present
|
||||||
|
name:
|
||||||
|
- docker-ce
|
||||||
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
|
- docker-buildx-plugin
|
||||||
|
- docker-compose-plugin
|
||||||
|
force: true
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
|
- name: Ensure group "docker" exists
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: docker
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Add user to group
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ ansible_user_id }}"
|
||||||
|
groups: docker
|
||||||
|
append: yes
|
||||||
|
when: not ansible_check_mode
|
||||||
11
tasks/setup-and-start-app.yml
Normal file
11
tasks/setup-and-start-app.yml
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
- name: Copy app to server
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: inception/
|
||||||
|
dest: "{{ dest_dir }}"
|
||||||
|
preserve: true
|
||||||
|
force: true
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
|
- name: Run the app
|
||||||
|
ansible.builtin.command: "make -C {{ dest_dir }}"
|
||||||
|
when: not ansible_check_mode
|
||||||
50
tasks/setup-reverse-proxy.yml
Normal file
50
tasks/setup-reverse-proxy.yml
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
- name: Install Certbot and Nginx
|
||||||
|
block:
|
||||||
|
- name: Installing Python3 and PIP
|
||||||
|
ansible.builtin.apt:
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
pkg:
|
||||||
|
- nginx
|
||||||
|
- python3-pip
|
||||||
|
- python3
|
||||||
|
- python3-dev
|
||||||
|
- python3-venv
|
||||||
|
- libaugeas-dev
|
||||||
|
- gcc
|
||||||
|
|
||||||
|
- name: Installing Certbot
|
||||||
|
ansible.builtin.pip:
|
||||||
|
name:
|
||||||
|
- certbot
|
||||||
|
- certbox-nginx
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
|
# - name: Manage SSL certificate with community module
|
||||||
|
- name: Obtain or renew SSL certificate for {{ cert_domain }}
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }}
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
creates: /etc/letsencrypt/live/{{ cert_domain }}/fullchain.pem
|
||||||
|
register: certbot_result
|
||||||
|
changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout"
|
||||||
|
failed_when: false # Set to true if you want the playbook to fail immediately on error
|
||||||
|
ignore_errors: true # Optional: Allows the playbook to continue if certbot isn't installed yet
|
||||||
|
when: cert_domain is defined
|
||||||
|
|
||||||
|
- name: Installing self-signed certificate
|
||||||
|
when: is_local
|
||||||
|
block:
|
||||||
|
- name: Create private key (X25519) with password protection
|
||||||
|
community.crypto.openssl_privatekey:
|
||||||
|
path: /etc/ssl/private/nginx-selfsigned.key
|
||||||
|
type: X25519
|
||||||
|
passphrase: { passphrase }
|
||||||
|
|
||||||
|
- name: Create self-signed certificate
|
||||||
|
community.crypto.x509_certificate:
|
||||||
|
path: /etc/ssl/certs/nginx-selfsigned.crt
|
||||||
|
privatekey_path: /etc/ssl/private/nginx-selfsigned.key
|
||||||
|
provider: selfsigned
|
||||||
|
when: not ansible_check_mode
|
||||||
Reference in New Issue
Block a user