cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-01 07:59:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a4e72180503a463acc3c923e72d1dfb8849f9394
tjas-infra/tasks/deployer.yml
Christer Warén a4e7218050 Fix Kea configuration commands in Deployer tasks
2025-08-30 18:52:23 +03:00

493 lines
14 KiB
YAML
Raw Blame History

---
- name: "Deployer - SSH - Add Authorized Keys"
ansible.builtin.template:
src: './files/ssh/authorized_keys'
dest: '/root/.ssh/authorized_keys'
tags:
- ssh
- name: "Deployer - SSH - Config"
ansible.builtin.template:
src: './files/ssh/sshd_config'
dest: '/etc/ssh/sshd_config'
register: deployerTaskS1
tags:
- ssh
- name: "Deployer : SSH : Restart"
ansible.builtin.systemd_service:
name: ssh
state: restarted
enabled: true
when:
- (deployerTaskS1 is defined and deployerTaskS1.changed) or deployerTaskS1 is undefined
- name: "Deployer - Yggdrasil - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/yggdrasil/"
state: directory
tags:
- yggdrasil
- name: "Deployer - Yggdrasil - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/yggdrasil/{{ item.path }}'
state: directory
with_filetree: './files/yggdrasil/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- yggdrasil
- name: "Deployer - Yggdrasil - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/yggdrasil/{{ item.path }}'
register: deployerTaskY1
with_filetree: './files/yggdrasil/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- yggdrasil
- name: "Deployer - Yggdrasil - Pull Image"
containers.podman.podman_image:
name: docker.io/library/golang
tag: alpine
register: deployerTaskY2
- name: "Deployer - Yggdrasil - Clone Repository"
ansible.builtin.git:
repo: "https://github.com/yggdrasil-network/yggdrasil-go.git"
dest: ".cache/git/yggdrasil"
register: deployerTaskY3
- name: "Deployer - Yggdrasil - Build Image"
containers.podman.podman_image:
name: pvjjk-1vos-niinisalo/yggdrasil
tag: latest
path: "/root/data/yggdrasil"
build:
format: docker
force: true
register: deployerTaskY4
- name: "Deployer - Yggdrasil - Run Container"
containers.podman.podman_container:
name: yggdrasil
image: pvjjk-1vos-niinisalo/yggdrasil:latest
state: started
recreate: on
network: host
capabilities:
- net_admin
device:
- "/dev/net/tun"
volumes:
- "{{ ansible_facts.user_dir }}/data/yggdrasil/config.conf:/etc/yggdrasil-network/config.conf"
restart_policy: always
when:
- (deployerTaskY1 is defined and deployerTaskY1.changed) or deployerTaskY1 is undefined or (deployerTaskY2 is defined and deployerTaskY2.changed) or deployerTaskY2 is undefined or (deployerTaskY3 is defined and deployerTaskY3.changed) or deployerTaskY3 is undefined or (deployerTaskY4 is defined and deployerTaskY4.changed) or deployerTaskY4 is undefined
tags:
- yggdrasil
- name: "Deployer - MariaDB - Create Folder"
ansible.builtin.file:
path: /root/data/mariadb
state: directory
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Pull Image"
containers.podman.podman_image:
name: docker.io/library/mariadb
tag: latest
register: deployerTaskM1
- name: "Deployer - MariaDB - Run Container"
containers.podman.podman_container:
name: mariadb
image: docker.io/library/mariadb:latest
state: started
restart: on
network: host
volumes:
- "/root/data/mariadb:/var/lib/mysql"
restart_policy: always
env:
MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}"
register: deployerTaskM2
when:
- (deployerTaskM1 is defined and deployerTaskM1.changed) or deployerTaskM1 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Wait"
ansible.builtin.wait_for:
host: "127.0.0.1"
port: "3306"
delay: 10
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Upgrade"
containers.podman.podman_container_exec:
name: "mariadb"
command: "mariadb-upgrade --host=127.0.0.1 --user=root --password={{ config.mariadb.users.root.password }}"
register: task
ignore_errors: yes
changed_when: task.stdout.find("This installation of MariaDB is already upgraded") == -1
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Create Users"
community.mysql.mysql_user:
login_host: "127.0.0.1"
login_user: root
login_password: "{{ config.mariadb.users.root.password }}"
name: "{{ config.mariadb.users[user].username }}"
host: "%"
password: "{{ config.mariadb.users[user].password }}"
priv: "{{ config.mariadb.users[user].database }}.*:ALL"
loop: "{{ config.mariadb.users.keys() }}"
loop_control:
label: "{{ user }}"
loop_var: "user"
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
- config.mariadb.users is defined
- config.mariadb.users[user] is defined
- config.mariadb.users[user].username is defined
- config.mariadb.users[user].password is defined
- config.mariadb.users[user].database is defined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Create Database"
community.mysql.mysql_db:
login_host: "127.0.0.1"
login_user: "{{ config.mariadb.users[user].username }}"
login_password: "{{ config.mariadb.users[user].password }}"
name: "{{ config.mariadb.users[user].database }}"
loop: "{{ config.mariadb.users.keys() }}"
loop_control:
label: "{{ user }}"
loop_var: "user"
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
- config.mariadb.users is defined
- config.mariadb.users[user] is defined
- config.mariadb.users[user].username is defined
- config.mariadb.users[user].password is defined
- config.mariadb.users[user].database is defined
tags:
- mariadb
- database
- name: "Deployer - Kea - Install"
ansible.builtin.apt:
name:
- kea
state: latest
- name: "Deployer - Kea - Configure - DHCP4"
ansible.builtin.template:
src: './files/kea/kea-dhcp4.conf'
dest: '/etc/kea/kea-dhcp4.conf'
register: deployerTaskK1
tags:
- kea
- dhcp
- name: "Deployer - Kea - Configure - Database : Init"
ansible.builtin.command:
cmd: "/usr/sbin/kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
register: deployerTaskK2
changed_when:
- deployerTaskK2.stdout.find('Initializing database') != -1
failed_when:
- deployerTaskK2.stdout.find('ERROR') != -1
- deployerTaskK2.stdout.find('Expected empty database kea.') == -1
tags:
- kea
- dhcp
- name: "Deployer - Kea - Configure - Database : Upgrade"
ansible.builtin.command:
cmd: "/usr/sbin/kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
tags:
- kea
- dhcp
- name: "Deployer : Kea : Restart"
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: restarted
when:
- (deployerTaskK1 is defined and deployerTaskK1.changed) or deployerTaskK1 is undefined or (deployerTaskK2 is defined and deployerTaskK2.changed) or deployerTaskK2 is undefined
tags:
- kea
- dhcp
- name: "Deployer : Kea : Start"
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: started
tags:
- kea
- dhcp
- name: "Deployer - dnsdist - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/dnsdist/"
state: directory
tags:
- dnsdist
- dns
- name: "Deployer - dnsdist - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/dnsdist/{{ item.path }}'
state: directory
with_filetree: './files/dnsdist/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- dnsdist
- dns
- name: "Deployer - dnsdist - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/dnsdist/{{ item.path }}'
register: deployerTaskD1
with_filetree: './files/dnsdist/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- dnsdist
- dns
- name: "Deployer - dnsdist - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/dnsdist-20
tag: latest
register: deployerTaskD2
- name: "Deployer - dnsdist - Run Container"
containers.podman.podman_container:
name: dnsdist
image: docker.io/powerdns/dnsdist-20:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/dnsdist/config.conf:/etc/dnsdist/dnsdist.conf:ro"
tty: yes
interactive: yes
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined or (deployerTaskD2 is defined and deployerTaskD2.changed) or deployerTaskD2 is undefined
tags:
- dnsdist
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-authorative/"
state: directory
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-authorative/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-authorative/{{ item.path }}'
register: deployerTaskPA1
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-auth-50
tag: latest
register: deployerTaskPA2
- name: "Deployer - PowerDNS Authorative - Run Container"
containers.podman.podman_container:
name: powerdns-authorative
image: docker.io/powerdns/pdns-auth-50:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-authorative/config.conf:/etc/powerdns/pdns.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPA1 is defined and deployerTaskPA1.changed) or deployerTaskPA1 is undefined or (deployerTaskPA2 is defined and deployerTaskPA2.changed) or deployerTaskPA2 is undefined
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-recursor/"
state: directory
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-recursor/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-recursor/{{ item.path }}'
register: deployerTaskPR1
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-recursor-52
tag: latest
register: deployerTaskPR2
- name: "Deployer - PowerDNS Recursor - Run Container"
containers.podman.podman_container:
name: powerdns-recursor
image: docker.io/powerdns/pdns-recursor-52:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-recursor/config.conf:/etc/powerdns/recursor.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPR1 is defined and deployerTaskPR1.changed) or deployerTaskPR1 is undefined or (deployerTaskPR2 is defined and deployerTaskPR2.changed) or deployerTaskPR2 is undefined
tags:
- powerdns-recursor
- dns
- name: "Deployer - Nginx - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/nginx/"
state: directory
tags:
- nginx
- www
- name: "Deployer - Nginx - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/nginx/{{ item.path }}'
state: directory
with_filetree: './files/nginx/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- nginx
- www
- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/nginx/{{ item.path }}'
register: deployerTaskN1
with_filetree: './files/nginx/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- nginx
- www
- name: "Deployer - Nginx - Pull Image"
containers.podman.podman_image:
name: docker.io/library/nginx
tag: latest
register: deployerTaskN2
- name: "Deployer - Nginx - Run Container"
containers.podman.podman_container:
name: nginx
image: docker.io/library/nginx:latest
state: started
recreate: on
network: host
volumes:
- "{{ ansible_facts.user_dir }}/data/nginx/index.html:/usr/share/nginx/html/index.html:ro"
- "{{ ansible_facts.user_dir }}/data/nginx/config.conf:/etc/nginx/nginx.conf:ro"
- "{{ ansible_facts.user_dir }}/data/nginx/conf/:/etc/nginx/conf.d/:ro"
#- "{{ ansible_facts.user_dir }}/data/certs/:/etc/nginx/certs/:ro"
restart_policy: always
when:
- (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined
tags:
- nginx
- www
Reference in New Issue View Git Blame Copy Permalink