entrouvert
/
publik-devinst
16
0
Fork 0
Code Issues Pull Requests 2 Releases Activity

a playbook for setting up a container (#21756)

This commit is contained in:
Christophe Siraut 2018-08-30 17:31:13 +02:00
parent 1aa37728ad
commit f8edaafda8
2 changed files with 113 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
container.yml Normal file
View File

@ -0,0 +1,111 @@
---
- name: Initialize a systemd-nspawn container
hosts: localhost
roles:
- facts
tasks:
- name: Sanity cheks
assert:
that:
- "target != 'localhost'"
- "'ansible_host' in hostvars[target]"
- "hostvars[target]['ansible_host'] | ipaddr"
msg: 'please add CONTAINER_NAME to your inventory, with an ip address in ansible_host variable, then specify "-e target CONTAINER_NAME" on the command line. See for example dev.publik in inventory.yml'
- name: "create {{src_dir}} directory"
file:
path: "{{src_dir}}"
state: directory
owner: "{{user}}"
group: "{{user}}"
- name: create/start container and bind-mount our development directory
local_action: command dspawn -p -b {{ src_dir }} -a {{ hostvars[target]['ansible_host'] }} create {{ target }}
become: yes
ignore_errors: yes
- lineinfile:
path: /etc/hosts
regexp: "^{{hostvars[target]['ansible_host']}} "
line: "{{hostvars[target]['ansible_host']}} dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik dev-corbo.local.publik dev-bijoe.local.publik"
become: yes
- name: Deploy container basic configuration
hosts: "{{ target }}"
gather_facts: False
roles:
- facts
vars:
ansible_user: root
tasks:
- raw: echo 'deb http://deb.entrouvert.org/ stretch main' > /etc/apt/sources.list.d/entrouvert.list
- raw: apt update; apt install -y python-simplejson python-apt ca-certificates sudo postgresql git
- raw: wget -O - https://deb.entrouvert.org/entrouvert.gpg | apt-key add -
- raw: apt update; dpkg -s ca-certificates-entrouvert || apt install -y ca-certificates-entrouvert
- lineinfile:
path: /etc/postgresql/9.6/main/pg_hba.conf
line: 'local all postgres trust'
insertbefore: '# DO NOT DISABLE!'
- lineinfile:
path: /etc/postgresql/9.6/main/pg_hba.conf
line: 'local all all peer'
insertafter: 'local all postgres trust'
- raw: systemctl restart postgresql
- postgresql_user:
name: "{{user}}"
role_attr_flags: CREATEDB,SUPERUSER
- user:
name: "{{user}}"
groups: sudo
append: yes
shell: /bin/bash
# it is strange we need to fix permissions here (ansible 2.4)
- file:
path: "~{{user}}"
state: directory
owner: "{{user}}"
group: "{{user}}"
- lineinfile:
dest: /etc/sudoers
regexp: "^%{{user}}"
line: "{{user}} ALL=(ALL) NOPASSWD: ALL"
validate: 'visudo -cf %s'
- file:
path: "~{{user}}/.ssh"
state: directory
owner: "{{user}}"
mode: 0700
- copy:
src: "~/.ssh/id_rsa.pub"
dest: "~{{user}}/.ssh/authorized_keys"
owner: "{{user}}"
mode: 0600
- lineinfile:
path: /etc/hosts
regexp: '^127.0.42.1'
line: '127.0.42.1 dev.publik dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik'
- name: Copy certificates obtained from pki.entrouvert.org
hosts: "{{ target }}"
gather_facts: False
vars:
ansible_user: root
tasks:
- copy:
src: /etc/ssl/certs/*.local.publik.crt
dest: /etc/ssl/certs/*.local.publik.crt
ignore-errors: yes
- copy:
src: /etc/ssl/private/*.local.publik.key
dest: /etc/ssl/private/*.local.publik.key
ignore-errors: yes

2
inventory.yml
View File

@ -3,3 +3,5 @@ local:
hosts:
localhost:
ansible_connection: local
dev.publik:
ansible_host: 10.0.0.100