mirror of
https://github.com/cwchristerw/tjas-infra
synced 2025-08-08 12:24:38 +00:00
Add Tasks to repo
This commit is contained in:
31
tasks.yml
Normal file
31
tasks.yml
Normal file
@@ -0,0 +1,31 @@
|
||||
---
|
||||
- name: "Tasks"
|
||||
hosts: all
|
||||
module_defaults:
|
||||
ansible.builtin.gather_facts:
|
||||
gather_timeout: 10
|
||||
|
||||
tasks:
|
||||
- name: "Installer"
|
||||
import_tasks: tasks/installer.yml
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
|
||||
tags:
|
||||
- installer
|
||||
- never
|
||||
|
||||
- name: "Maintenance"
|
||||
import_tasks: tasks/maintenance.yml
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
|
||||
tags:
|
||||
- maintenance
|
||||
- never
|
||||
|
||||
- name: "Deployer"
|
||||
import_tasks: tasks/deployer.yml
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
|
||||
tags:
|
||||
- deployer
|
||||
- never
|
56
tasks/deployer.yml
Normal file
56
tasks/deployer.yml
Normal file
@@ -0,0 +1,56 @@
|
||||
---
|
||||
- name: "Deployer - Nginx - Configure - Create Folder"
|
||||
ansible.builtin.file:
|
||||
path: "~/data/nginx/"
|
||||
state: directory
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: "Deployer - Nginx - Configure - Create Subfolders"
|
||||
ansible.builtin.file:
|
||||
dest: '~/data/nginx/{{ item.path }}'
|
||||
state: directory
|
||||
with_filetree: './files/nginx/'
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
when:
|
||||
- item.state == 'directory'
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
|
||||
ansible.builtin.template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '~/data/nginx/{{ item.path }}'
|
||||
with_filetree: './files/nginx/'
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
when:
|
||||
- item.state == 'file'
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: "Deployer - Nginx - Pull Image"
|
||||
containers.podman.podman_image:
|
||||
name: docker.io/library/nginx
|
||||
tag: latest
|
||||
force: true
|
||||
register: deployerTask3
|
||||
|
||||
- name: "Deployer - Nginx - Run Container"
|
||||
containers.podman.podman_container:
|
||||
name: nginx
|
||||
image: docker.io/library/nginx:latest
|
||||
state: started
|
||||
recreate: on
|
||||
network: host
|
||||
volumes:
|
||||
- "{{ ansible_facts.user_dir }}/data/nginx/index.html:/usr/share/nginx/html/index.html:ro"
|
||||
- "{{ ansible_facts.user_dir }}/data/nginx/config.conf:/etc/nginx/nginx.conf:ro"
|
||||
- "{{ ansible_facts.user_dir }}/data/nginx/conf/:/etc/nginx/conf.d/:ro"
|
||||
- "{{ ansible_facts.user_dir }}/data/certs/:/etc/nginx/certs/:ro"
|
||||
restart_policy: always
|
||||
when:
|
||||
- (deployerTask3 is defined and deployerTask3.changed) or deployerTask3 is undefined
|
||||
tags:
|
||||
- nginx
|
129
tasks/installer.yml
Normal file
129
tasks/installer.yml
Normal file
@@ -0,0 +1,129 @@
|
||||
---
|
||||
- name: "Installer : Tools : Install"
|
||||
ansible.builtin.apt:
|
||||
name: "{{ package }}"
|
||||
state: latest
|
||||
vars:
|
||||
packages:
|
||||
- git
|
||||
- rsync
|
||||
- unzip
|
||||
- nano
|
||||
- tar
|
||||
- gnupg
|
||||
- screen
|
||||
- jq
|
||||
- sudo
|
||||
- pkg-config
|
||||
- etckeeper
|
||||
loop: "{{ packages }}"
|
||||
loop_control:
|
||||
label: "{{ package }}"
|
||||
loop_var: "package"
|
||||
|
||||
- name: "Installer : FirewallD : Dependencies - Packages"
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- python3-firewall
|
||||
- iptables
|
||||
state: latest
|
||||
|
||||
- name: "Installer : FirewallD : Install"
|
||||
ansible.builtin.apt:
|
||||
name: "firewalld"
|
||||
state: latest
|
||||
|
||||
- name: "Installer : FirewallD : Start"
|
||||
ansible.builtin.systemd_service:
|
||||
name: firewalld
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: "Installer - Ansible - Python Library"
|
||||
ansible.builtin.pip:
|
||||
name: ansible
|
||||
state: latest
|
||||
extra_args: --upgrade
|
||||
virtualenv: ~/.venv/ansible
|
||||
virtualenv_command: "python3 -m venv"
|
||||
tags:
|
||||
- ansible
|
||||
|
||||
- name: "Installer : Ansible : Create Folder"
|
||||
ansible.builtin.file:
|
||||
path: ~/bin
|
||||
state: directory
|
||||
tags:
|
||||
- ansible
|
||||
|
||||
- name: "Installer : Ansible : Create Symbolic Links"
|
||||
ansible.builtin.file:
|
||||
src: ~/.venv/ansible/bin/{{ binary }}
|
||||
dest: ~/bin/{{ binary }}
|
||||
state: link
|
||||
vars:
|
||||
binaries:
|
||||
- ansible
|
||||
- ansible-community
|
||||
- ansible-config
|
||||
- ansible-console
|
||||
- ansible-doc
|
||||
- ansible-galaxy
|
||||
- ansible-inventory
|
||||
- ansible-playbook
|
||||
- ansible-pull
|
||||
- ansible-test
|
||||
- ansible-vault
|
||||
loop: "{{ binaries }}"
|
||||
loop_control:
|
||||
label: "{{ binary }}"
|
||||
loop_var: "binary"
|
||||
tags:
|
||||
- ansible
|
||||
|
||||
- name: "Installer - Ansible - Dependencies / Python Libraries"
|
||||
ansible.builtin.pip:
|
||||
name: "{{ library }}"
|
||||
state: latest
|
||||
extra_args: --upgrade
|
||||
virtualenv: ~/.venv/ansible
|
||||
virtualenv_command: "python3 -m venv"
|
||||
vars:
|
||||
libraries:
|
||||
- cryptography
|
||||
- dnspython
|
||||
- hvac
|
||||
- jmespath
|
||||
- netaddr
|
||||
- pexpect
|
||||
loop: "{{ libraries }}"
|
||||
loop_control:
|
||||
label: "{{ library }}"
|
||||
loop_var: "library"
|
||||
|
||||
- name: "Installer : MariaDB : Dependencies / Python Library : pymysql"
|
||||
ansible.builtin.pip:
|
||||
name: pymysql
|
||||
state: latest
|
||||
extra_args: --upgrade
|
||||
virtualenv: ~/.venv/ansible
|
||||
virtualenv_command: "python3 -m venv"
|
||||
tags:
|
||||
- mariadb
|
||||
|
||||
- name: "Installer : Schedule : Maintenance"
|
||||
ansible.builtin.cron:
|
||||
name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
|
||||
hour: "*/3"
|
||||
minute: "0"
|
||||
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas.yml tasks.yml -t maintenance"
|
||||
tags:
|
||||
- cron
|
||||
|
||||
- name: "Installer : Schedule : Deployer"
|
||||
ansible.builtin.cron:
|
||||
name: "PVJJK 1.VOS TJAS - Infra - Deployer"
|
||||
minute: "*/5"
|
||||
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas.yml tasks.yml -t deployer"
|
||||
tags:
|
||||
- cron
|
44
tasks/maintenance.yml
Normal file
44
tasks/maintenance.yml
Normal file
@@ -0,0 +1,44 @@
|
||||
---
|
||||
- name: "Installer - Ansible - Dependencies / Python Libraries"
|
||||
ansible.builtin.pip:
|
||||
name: "{{ library }}"
|
||||
state: latest
|
||||
extra_args: --upgrade
|
||||
virtualenv: ~/.venv/ansible
|
||||
virtualenv_command: "python3 -m venv"
|
||||
vars:
|
||||
libraries:
|
||||
- cryptography
|
||||
- dnspython
|
||||
- hvac
|
||||
- jmespath
|
||||
- netaddr
|
||||
- pexpect
|
||||
loop: "{{ libraries }}"
|
||||
loop_control:
|
||||
label: "{{ library }}"
|
||||
loop_var: "library"
|
||||
|
||||
- name: "Maintenance : Ansible : Update"
|
||||
ansible.builtin.pip:
|
||||
name: ansible
|
||||
state: latest
|
||||
extra_args: --upgrade
|
||||
virtualenv: ~/.venv/ansible
|
||||
virtualenv_command: "python3 -m venv"
|
||||
|
||||
- name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
|
||||
ansible.builtin.pip:
|
||||
name: pymysql
|
||||
state: latest
|
||||
extra_args: --upgrade
|
||||
virtualenv: ~/.venv/ansible
|
||||
virtualenv_command: "python3 -m venv"
|
||||
|
||||
- name: "Maintenance : Podman : Prune"
|
||||
containers.podman.podman_prune:
|
||||
container: yes
|
||||
image: yes
|
||||
image_filters:
|
||||
dangling_only: no
|
||||
volume: yes
|
Reference in New Issue
Block a user