a playbook for setting up a container (#21756)
This commit is contained in:
parent
1aa37728ad
commit
f8edaafda8
|
@ -0,0 +1,111 @@
|
|||
---
|
||||
- name: Initialize a systemd-nspawn container
|
||||
hosts: localhost
|
||||
roles:
|
||||
- facts
|
||||
tasks:
|
||||
- name: Sanity cheks
|
||||
assert:
|
||||
that:
|
||||
- "target != 'localhost'"
|
||||
- "'ansible_host' in hostvars[target]"
|
||||
- "hostvars[target]['ansible_host'] | ipaddr"
|
||||
msg: 'please add CONTAINER_NAME to your inventory, with an ip address in ansible_host variable, then specify "-e target CONTAINER_NAME" on the command line. See for example dev.publik in inventory.yml'
|
||||
|
||||
- name: "create {{src_dir}} directory"
|
||||
file:
|
||||
path: "{{src_dir}}"
|
||||
state: directory
|
||||
owner: "{{user}}"
|
||||
group: "{{user}}"
|
||||
|
||||
- name: create/start container and bind-mount our development directory
|
||||
local_action: command dspawn -p -b {{ src_dir }} -a {{ hostvars[target]['ansible_host'] }} create {{ target }}
|
||||
become: yes
|
||||
ignore_errors: yes
|
||||
|
||||
- lineinfile:
|
||||
path: /etc/hosts
|
||||
regexp: "^{{hostvars[target]['ansible_host']}} "
|
||||
line: "{{hostvars[target]['ansible_host']}} dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik dev-corbo.local.publik dev-bijoe.local.publik"
|
||||
become: yes
|
||||
|
||||
- name: Deploy container basic configuration
|
||||
hosts: "{{ target }}"
|
||||
gather_facts: False
|
||||
roles:
|
||||
- facts
|
||||
vars:
|
||||
ansible_user: root
|
||||
tasks:
|
||||
- raw: echo 'deb http://deb.entrouvert.org/ stretch main' > /etc/apt/sources.list.d/entrouvert.list
|
||||
- raw: apt update; apt install -y python-simplejson python-apt ca-certificates sudo postgresql git
|
||||
- raw: wget -O - https://deb.entrouvert.org/entrouvert.gpg | apt-key add -
|
||||
- raw: apt update; dpkg -s ca-certificates-entrouvert || apt install -y ca-certificates-entrouvert
|
||||
|
||||
- lineinfile:
|
||||
path: /etc/postgresql/9.6/main/pg_hba.conf
|
||||
line: 'local all postgres trust'
|
||||
insertbefore: '# DO NOT DISABLE!'
|
||||
|
||||
- lineinfile:
|
||||
path: /etc/postgresql/9.6/main/pg_hba.conf
|
||||
line: 'local all all peer'
|
||||
insertafter: 'local all postgres trust'
|
||||
|
||||
- raw: systemctl restart postgresql
|
||||
|
||||
- postgresql_user:
|
||||
name: "{{user}}"
|
||||
role_attr_flags: CREATEDB,SUPERUSER
|
||||
|
||||
- user:
|
||||
name: "{{user}}"
|
||||
groups: sudo
|
||||
append: yes
|
||||
shell: /bin/bash
|
||||
|
||||
# it is strange we need to fix permissions here (ansible 2.4)
|
||||
- file:
|
||||
path: "~{{user}}"
|
||||
state: directory
|
||||
owner: "{{user}}"
|
||||
group: "{{user}}"
|
||||
|
||||
- lineinfile:
|
||||
dest: /etc/sudoers
|
||||
regexp: "^%{{user}}"
|
||||
line: "{{user}} ALL=(ALL) NOPASSWD: ALL"
|
||||
validate: 'visudo -cf %s'
|
||||
|
||||
- file:
|
||||
path: "~{{user}}/.ssh"
|
||||
state: directory
|
||||
owner: "{{user}}"
|
||||
mode: 0700
|
||||
- copy:
|
||||
src: "~/.ssh/id_rsa.pub"
|
||||
dest: "~{{user}}/.ssh/authorized_keys"
|
||||
owner: "{{user}}"
|
||||
mode: 0600
|
||||
|
||||
- lineinfile:
|
||||
path: /etc/hosts
|
||||
regexp: '^127.0.42.1'
|
||||
line: '127.0.42.1 dev.publik dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik'
|
||||
|
||||
- name: Copy certificates obtained from pki.entrouvert.org
|
||||
hosts: "{{ target }}"
|
||||
gather_facts: False
|
||||
vars:
|
||||
ansible_user: root
|
||||
tasks:
|
||||
- copy:
|
||||
src: /etc/ssl/certs/*.local.publik.crt
|
||||
dest: /etc/ssl/certs/*.local.publik.crt
|
||||
ignore-errors: yes
|
||||
- copy:
|
||||
src: /etc/ssl/private/*.local.publik.key
|
||||
dest: /etc/ssl/private/*.local.publik.key
|
||||
ignore-errors: yes
|
||||
|
|
@ -3,3 +3,5 @@ local:
|
|||
hosts:
|
||||
localhost:
|
||||
ansible_connection: local
|
||||
dev.publik:
|
||||
ansible_host: 10.0.0.100
|
||||
|
|
Loading…
Reference in New Issue