commit 06b582cc61f2cb56d3d3f73b208cc5b7455e4e3a Author: Matte <51192395+MatteZ02@users.noreply.github.com> Date: Tue Apr 9 14:42:03 2024 +0300 First setup diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..44c0e1d --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +!/collections/.gitkeep +/collections +__pycache__ \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..9cace49 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,16 @@ +[defaults] +inventory = inventory.yml +hash_behaviour = merge +gathering = smart +transport = local +display_skipped_hosts = false +interpreter_python = auto_silent +localhost_warning = false +collections_path = collections +inject_facts_as_vars = false +force_handlers = true +action_warnings = false +inventory_unparsed_warning = false + +[inventory] +host_pattern_mismatch = ignore \ No newline at end of file diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..7c10d18 --- /dev/null +++ b/install.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +if [ ! "$BASH_VERSION" ] ; then + exit 1 +fi + +echo " +============================== + +Multi Platform Project - Ansible +Install Script + +------------------------------ +" + +stop () { + +echo " +============================== +" + +exit 1 + +} + +mkdir -p ~/.ssh &> /dev/null + +apt-get install -y python3-pip python3-venv jq git curl &> /dev/null +python3 -m venv /opt/ansible &> /dev/null +/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null + +/opt/ansible/bin/ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null + +/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t install + + +echo " +============================== +" \ No newline at end of file diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000..c9d1b23 --- /dev/null +++ b/inventory.yml @@ -0,0 +1,7 @@ +--- +all: + hosts: + localhost: + vars: + ansible_connection: local + ansible_python_interpreter: "{{ansible_playbook_python}}" \ No newline at end of file diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..280953b --- /dev/null +++ b/requirements.yml @@ -0,0 +1,3 @@ +--- +collections: + - containers.docker \ No newline at end of file diff --git a/tasks.yml b/tasks.yml new file mode 100644 index 0000000..d75cc94 --- /dev/null +++ b/tasks.yml @@ -0,0 +1,25 @@ +--- +- name: "Tasks" + hosts: all + module_defaults: + ansible.builtin.gather_facts: + gather_timeout: 10 + + tasks: + - name: "Install" + import_tasks: tasks/install.yml + tags: + - install + - never + + - name: "Maintenance" + import_tasks: tasks/maintenance.yml + tags: + - maintenance + - never + + - name: "Deployer" + import_tasks: tasks/deployer.yml + tags: + - deployer + - never \ No newline at end of file diff --git a/tasks/deployer.yml b/tasks/deployer.yml new file mode 100644 index 0000000..b2a1500 --- /dev/null +++ b/tasks/deployer.yml @@ -0,0 +1,217 @@ +--- +- name: "Deployer - SSH - Generate Keypairs" + community.crypto.openssh_keypair: + path: "/root/.ssh/keys/{{ path }}" + type: rsa + comment: "{{ ansible_facts.fqdn }}" + owner: root + group: root + mode: '0600' + loop: "{{ paths[ansible_facts.fqdn] }}" + loop_control: + label: "{{ path }}" + loop_var: "path" + vars: + paths: + http://divarinet.northeurope.cloudapp.azure.com: + - github-MetroHege-MPP-Frontend + - github-metrohege-MPP-Backend + tags: + - ssh + +- name: "Deployer - Certbot - Renew Certificates" + command: "certbot renew" + register: task + changed_when: task.stdout.find("No renewals were attempted.") == -1 + tags: + - certbot + - tls + +- name: "Deployer - Certbot - Copy Certificates" + copy: + src: "/etc/letsencrypt/live/mpp/" + dest: "/root/certs/mpp/" + follow: true + register: task + tags: + - certbot + - tls + +- name: "Deployer - MariaDB - Pull Image" + containers.podman.podman_image: + name: docker.io/mariadb + tag: latest + register: deployerTask101 + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + +- name: "Deployer - MariaDB - Run Container" + containers.podman.podman_container: + name: mariadb + image: docker.io/mariadb:latest + state: started + restart: on + network: host + volumes: + - "/root/mariadb:/var/lib/mysql" + restart_policy: always + env: + # TODO + MYSQL_ROOT_PASSWORD: "no password?" + register: deployerTask102 + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + - (deployerTask101 is defined and deployerTask101.changed) or deployerTask101 is undefined + tags: + - mariadb + +- name: "Deployer - MariaDB - Wait" + wait_for: + host: "127.0.0.1" + port: "3306" + delay: 10 + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + - (deployerTask102 is defined and deployerTask102.changed) or deployerTask102 is undefined + tags: + - mariadb + +- name: "Deployer - MariaDB - Upgrade" + containers.podman.podman_container_exec: + container: "mariadb" + command: "mariadb-upgrade --host=127.0.0.1 --user=root --password=wE7qVL67xJaaXkfo" + register: task + ignore_errors: yes + changed_when: task.stdout.find("This installation of MariaDB is already upgraded") == -1 + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + - (deployerTask102 is defined and deployerTask102.changed) or deployerTask102 is undefined + tags: + - mariadb + +- name: "Deployer - MariaDB - Create Users" + mysql_user: + login_host: "127.0.0.1" + login_user: root + login_password: "wE7qVL67xJaaXkfo" + ca_cert: "/etc/letsencrypt/live/mpp/chain.pem" + check_hostname: no + name: "mpp" + host: "%" + password: "UOzw4ijLaJQI13Ec" + priv: "mpp.*:ALL" + vars: + ansible_python_interpreter: "/opt/ansible/bin/python3" + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + - (deployerTask102 is defined and deployerTask102.changed) or deployerTask102 is undefined + tags: + - mariadb + +- name: "Deployer - MariaDB - Create Database" + mysql_db: + login_host: "127.0.0.1" + login_user: "mpp" + login_password: "UOzw4ijLaJQI13Ec" + ca_cert: "/etc/letsencrypt/live/mpp/chain.pem" + check_hostname: no + name: "mpp" + vars: + ansible_python_interpreter: "/opt/ansible/bin/python3" + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + - (deployerTask102 is defined and deployerTask102.changed) or deployerTask102 is undefined + tags: + - mariadb + +- name: "Deployer - Backend - Git Operations" + git: + repo: git@github.com:MetroHege/MPP-Frontend.git + dest: /root/backend + version: master + register: deployerTask521 + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + +- name: "Deployer - Backend - Build Image" + containers.podman.podman_image: + name: mpp/backend + tag: latest + path: /root/backend + build: + file: Dockerfile + format: docker + cache: on + force: on + become: on + become_user: root + register: deployerTask522 + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + - (deployerTask521 is defined and deployerTask521.changed) or deployerTask521 is undefined + tags: + - backend + +- name: "Deployer -Backend - Run Container" + containers.podman.podman_container: + name: backend + image: mpp/backend:latest + state: started + recreate: on + network: host + volumes: + - "/root/backend/.env:/usr/src/app/.env:ro" + restart_policy: always + command: "npm start" + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + - deployerTask522 is defined + - deployerTask522.changed + tags: + - backend + +- name: "Deployer - Frontend - Git Operations" + git: + repo: git@github.com:MetroHege/MPP-Frontend.git + dest: /root/backend/client + version: master + register: deployerTask531 + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + +- name: "Deployer - Frontend - Build Image" + containers.podman.podman_image: + name: mpp/frontend + tag: latest + path: /root/backend/client + build: + file: Dockerfile + format: docker + cache: on + force: on + become: on + become_user: root + register: deployerTask532 + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + - (deployerTask531 is defined and deployerTask531.changed) or deployerTask531 is undefined + tags: + - frontend + +- name: "Deployer - Frontend - Run Container" + containers.podman.podman_container: + name: frontend + image: mpp/frontend:latest + state: started + recreate: on + network: host + volumes: + - "/root/backend/client/.env:/usr/src/app/.env:ro" + restart_policy: always + command: "npm start" + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + - deployerTask532 is defined + - deployerTask532.changed + tags: + - frontend \ No newline at end of file diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..000a652 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,163 @@ +--- +- name: "Install - Ansible - Python Library" + pip: + name: ansible + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + tags: + - ansible + +- name: "Install - Ansible - Create Symbolic Links" + ansible.builtin.file: + src: /opt/ansible/bin/{{ binary }} + dest: /usr/local/bin/{{ binary }} + state: link + vars: + binaries: + - ansible + - ansible-community + - ansible-config + - ansible-connection + - ansible-console + - ansible-doc + - ansible-galaxy + - ansible-inventory + - ansible-playbook + - ansible-pull + - ansible-test + - ansible-vault + loop: "{{ binaries }}" + loop_control: + label: "{{ binary }}" + loop_var: "binary" + tags: + - ansible + +- name: "Install - Ansible - Dependencies / Python Library : hvac" + pip: + name: hvac + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + tags: + - ansible + +- name: "Install - Ansible - Dependencies / Python Library : netaddr" + pip: + name: netaddr + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + tags: + - ansible + +- name: "Install - Ansible - Dependencies / Python Library : jmespath" + pip: + name: jmespath + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + tags: + - ansible + +- name: "Install - Ansible - Dependencies / Python Library : pexpect" + pip: + name: pexpect + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + tags: + - ansible + +- name: "Install - Podman" + apt: + name: podman + state: latest + tags: + - podman + +- name: "Install - Certbot - Python Library" + pip: + name: certbot + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + tags: + - certbot + +- name: "Install - Certbot - Create Symbolic Links" + ansible.builtin.file: + src: /opt/ansible/bin/{{ binary }} + dest: /usr/local/bin/{{ binary }} + state: link + vars: + binaries: + - certbot + loop: "{{ binaries }}" + loop_control: + label: "{{ binary }}" + loop_var: "binary" + when: + - ansible_facts.fqdn == "http://divarinet.northeurope.cloudapp.azure.com" + tags: + - certbot + +- name: "Install - Certbot - Auth Hook" + get_url: + url: "https://git.waren.io/warengroup/acme-dns-auth/raw/branch/master/acme-dns-auth.py" + dest: "/etc/letsencrypt/renewal-hooks/pre/acme-dns-auth.py" + mode: '700' + force: true + tags: + - certbot + +- name: "Install - Certbot - Create Certificates" + command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges dns-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook /etc/letsencrypt/renewal-hooks/pre/acme-dns-auth.py --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}" + register: task + changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1 + vars: + cert: + name: musix + email: musixdiscordbot@gmail.com + domains: + - musix-org.com + - "*.musix-org.com" + tags: + - certbot + +- name: "Install - MariaDB - Dependencies / Python Library : pymysql" + pip: + name: pymysql + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + +- name: "Install - MariaDB - Dependencies / Package : mariadb-client" + apt: + name: "mariadb-client" + state: latest + when: + - ansible_facts.distribution == "Debian" or ansible_facts.distribution == "Ubuntu" or ansible_facts.distribution == "Linux Mint" + +- name: "Install - Schedule - Maintenance" + cron: + name: Maintenance + hour: "*/3" + minute: "0" + job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/musix-org/ansible --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t maintenance" + +- name: "Install - Schedule - Deployer" + cron: + name: Deployer + minute: "*/5" + job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/musix-org/ansible --accept-host-key --private-key ~/.ssh/id_rsa tasks.yml -t deployer" \ No newline at end of file diff --git a/tasks/maintenance.yml b/tasks/maintenance.yml new file mode 100644 index 0000000..3be0633 --- /dev/null +++ b/tasks/maintenance.yml @@ -0,0 +1,37 @@ +--- +- name: "Maintenance - OS Update" + apt: + upgrade: dist + update_cache: yes + +- name: "Maintenance - Ansible : Dependencies - Python Library : hvac" + pip: + name: hvac + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + +- name: "Maintenance - Ansible : Dependencies - Python Library : netaddr" + pip: + name: netaddr + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + +- name: "Maintenance - Ansible : Dependencies - Python Library : jmespath" + pip: + name: jmespath + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" + +- name: "Maintenance - Ansible : Dependencies - Python Library : pexpect" + pip: + name: pexpect + state: latest + extra_args: --upgrade + virtualenv: /opt/ansible + virtualenv_command: "python3 -m venv" \ No newline at end of file