a playbook for setting up a container (#21756 )

decouple getting sources from installation and allow remote execution (#21756 )
guess username (#23086 )
2018-08-31 15:57:34 +02:00 · 2018-08-31 15:52:02 +02:00 · 2018-08-31 15:49:42 +02:00
13 changed files with 293 additions and 38 deletions
--- a/clean.yml
+++ b/clean.yml
@ -1,5 +1,5 @@
 ---
- hosts: local
+- hosts: "{{target}}"
  tasks:
    - name: delete venv
      file:
--- a/container.yml
+++ b/container.yml
@ -0,0 +1,111 @@
+---
+- name: Initialize a systemd-nspawn container
+  hosts: localhost
+  roles:
+    - facts
+  tasks:
+    - name: Sanity cheks
+      assert:
+          that:
+            - "target != 'localhost'"
+            - "'ansible_host' in hostvars[target]"
+            - "hostvars[target]['ansible_host'] | ipaddr"
+          msg: 'please add CONTAINER_NAME to your inventory, with an ip address in ansible_host variable, then specify "-e target CONTAINER_NAME" on the command line. See for example dev.publik in inventory.yml'
+
+    - name: "create {{src_dir}} directory"
+      file:
+        path: "{{src_dir}}"
+        state: directory
+        owner: "{{user}}"
+        group: "{{user}}"
+
+    - name: create/start container and bind-mount our development directory
+      local_action: command dspawn -p -b {{ src_dir }} -a {{ hostvars[target]['ansible_host'] }} create {{ target }}
+      become: yes
+      ignore_errors: yes
+
+    - lineinfile:
+          path: /etc/hosts
+          regexp: "^{{hostvars[target]['ansible_host']}} "
+          line: "{{hostvars[target]['ansible_host']}} dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik dev-corbo.local.publik dev-bijoe.local.publik"
+      become: yes
+
+- name: Deploy container basic configuration
+  hosts: "{{ target }}"
+  gather_facts: False
+  roles:
+    - facts
+  vars:
+    ansible_user: root
+  tasks:
+    - raw: echo  'deb http://deb.entrouvert.org/ stretch main' > /etc/apt/sources.list.d/entrouvert.list
+    - raw: apt update; apt install -y python-simplejson python-apt ca-certificates sudo postgresql git
+    - raw: wget -O - https://deb.entrouvert.org/entrouvert.gpg | apt-key add -
+    - raw: apt update; dpkg -s ca-certificates-entrouvert || apt install -y ca-certificates-entrouvert
+
+    - lineinfile:
+          path: /etc/postgresql/9.6/main/pg_hba.conf
+          line: 'local all postgres trust'
+          insertbefore: '# DO NOT DISABLE!'
+
+    - lineinfile:
+          path: /etc/postgresql/9.6/main/pg_hba.conf
+          line: 'local all all peer'
+          insertafter: 'local all postgres trust'
+
+    - raw: systemctl restart postgresql
+
+    - postgresql_user:
+          name: "{{user}}"
+          role_attr_flags: CREATEDB,SUPERUSER
+
+    - user:
+          name: "{{user}}"
+          groups: sudo
+          append: yes
+          shell: /bin/bash
+
+    # it is strange we need to fix permissions here (ansible 2.4)
+    - file:
+          path: "~{{user}}"
+          state: directory
+          owner: "{{user}}"
+          group: "{{user}}"
+
+    - lineinfile:
+          dest: /etc/sudoers
+          regexp: "^%{{user}}"
+          line: "{{user}} ALL=(ALL) NOPASSWD: ALL"
+          validate: 'visudo -cf %s'
+
+    - file:
+          path: "~{{user}}/.ssh"
+          state: directory
+          owner: "{{user}}"
+          mode: 0700
+    - copy:
+          src: "~/.ssh/id_rsa.pub"
+          dest: "~{{user}}/.ssh/authorized_keys"
+          owner: "{{user}}"
+          mode: 0600
+
+    - lineinfile:
+          path: /etc/hosts
+          regexp: '^127.0.42.1'
+          line: '127.0.42.1 dev.publik dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik'
+
+- name: Copy certificates obtained from pki.entrouvert.org
+  hosts: "{{ target }}"
+  gather_facts: False
+  vars:
+    ansible_user: root
+  tasks:
+    - copy:
+          src: /etc/ssl/certs/*.local.publik.crt
+          dest: /etc/ssl/certs/*.local.publik.crt
+      ignore-errors: yes
+    - copy:
+          src: /etc/ssl/private/*.local.publik.key
+          dest: /etc/ssl/private/*.local.publik.key
+      ignore-errors: yes
+
--- a/delete-tenants.yml
+++ b/delete-tenants.yml
@ -1,8 +1,11 @@
 ---
 - name: delete all publik tenants
-  hosts: local
+  hosts: "{{target}"
  vars:
    venv_bin: "{{venv}}/bin"
+  roles:
+    - facts
+
  tasks:
    - name: "delete hobo tenant"
      command: "{{venv_bin}}/{{apps['hobo']['project_name']}}-manage delete_tenant {{tenants_conf['dev-hobo']}}"
--- a/deploy-tenants.yml
+++ b/deploy-tenants.yml
@ -1,7 +1,8 @@
 ---
 - name: deploy publik tenants for local developement
-  hosts: local
+  hosts: "{{target}}"
  roles:
+    - facts
    - deploy-tenants
  vars:
    venv_bin: "{{venv}}/bin"
--- a/git_clone.yml
+++ b/git_clone.yml
@ -0,0 +1,15 @@
+- name: "ssh git clone {{ repo }}"
+  git:
+    repo: "ssh://git@git.entrouvert.org/{{ repo }}.git"
+    dest: "{{ repo_dir }}"
+  when:
+    - git_ssh
+    - clone_repo
+
+- name: "standard git clone {{ repo }}"
+  git:
+    repo: "git://repos.entrouvert.org/{{ repo }}.git"
+    dest: "{{ repo_dir }}"
+  when:
+    - not git_ssh
+    - clone_repo
--- a/group_vars/all
+++ b/group_vars/all
@ -6,7 +6,8 @@ src_dir: "/home/{{user}}/src"
 ssl_certificate: "/etc/ssl/certs/*.local.publik.crt"
 ssl_certificate_key: "/etc/ssl/private/*.local.publik.key"
 venv: "/home/{{user}}/envs/publik-env"
-user: publik
+user: your_user_name
+target: localhost
 apps:
  authentic:
    db_name: authentic_multitenant
--- a/install.yml
+++ b/install.yml
@ -1,7 +1,14 @@
 ---
- name: publik multitenants installation
-  hosts: local
+- name: collect facts and get sources
+  hosts: localhost
  roles:
+    - facts
+    - get-sources
+
+- name: publik multitenants installation
+  hosts: "{{ target }}"
+  roles:
+    - facts
    - base
    - hobo
    - authentic
--- a/install_source.yml
+++ b/install_source.yml
@ -1,19 +1,3 @@
- name: "ssh git clone {{ repo }}"
-  git:
-    repo: "ssh://git@git.entrouvert.org/{{ repo }}.git"
-    dest: "{{ repo_dir }}"
-  when:
-    - git_ssh
-    - clone_repo
-
- name: "standard git clone {{ repo }}"
-  git:
-    repo: "git://repos.entrouvert.org/{{ repo }}.git"
-    dest: "{{ repo_dir }}"
-  when:
-    - not git_ssh
-    - clone_repo
-
 # Ugly hack to perform a simple 'pip install -e /some/source/dir'
 - name: "pip install {{ repo_dir }}"
  pip:
--- a/inventory.yml
+++ b/inventory.yml
@ -3,3 +3,5 @@ local:
  hosts:
    localhost:
      ansible_connection: local
+    dev.publik:
+      ansible_host: 10.0.0.100
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -66,22 +66,6 @@
    repo: "eopayment"
    repo_dir: "{{ src_dir }}/eopayment"

- name: ssh git clone publik-base-theme
-  git:
-    repo: ssh://git@git.entrouvert.org/publik-base-theme.git
-    dest: "{{ src_dir }}/publik-base-theme"
-  when:
-    - git_ssh
-    - clone_repo
-
- name: standard git clone publik-base-theme
-  git:
-    repo: git://repos.entrouvert.org/publik-base-theme.git
-    dest: "{{ src_dir }}/publik-base-theme"
-  when:
-    - not git_ssh
-    - clone_repo
-
 - name: make publik-base-theme
  make:
    chdir: "{{ src_dir }}/publik-base-theme"
--- a/roles/deploy-tenants/tasks/main.yml
+++ b/roles/deploy-tenants/tasks/main.yml
@ -24,6 +24,7 @@
  copy:
    src: "/tmp/{{wcs_skeleton_filename}}"
    dest:  "/var/lib/wcs/skeletons/{{wcs_skeleton_filename}}"
+    remote_src: yes

 - name: copies a cook json template
  template:
--- a/roles/facts/tasks/main.yml
+++ b/roles/facts/tasks/main.yml
@ -0,0 +1,10 @@
+---
+- name: guess username (can be overidden in options/inventory)
+  local_action: command whoami
+  when: user == 'your_user_name'
+  register: username
+
+- name: set user variable
+  set_fact:
+    user: "{{ username.stdout }}"
+  when: user == 'your_user_name'
--- a/roles/get-sources/tasks/main.yml
+++ b/roles/get-sources/tasks/main.yml
@ -0,0 +1,136 @@
+- name: "create {{src_dir}} directory"
+  file:
+    path: "{{src_dir}}"
+    state: directory
+    owner: "{{user}}"
+    group: "{{user}}"
+
+- name: get eopayment
+  import_tasks: git_clone.yml
+  vars:
+    repo: "eopayment"
+    repo_dir: "{{ src_dir }}/eopayment"
+
+- name: ssh git clone publik-base-theme
+  git:
+    repo: ssh://git@git.entrouvert.org/publik-base-theme.git
+    dest: "{{ src_dir }}/publik-base-theme"
+  when:
+    - git_ssh
+    - clone_repo
+
+- name: standard git clone publik-base-theme
+  git:
+    repo: git://repos.entrouvert.org/publik-base-theme.git
+    dest: "{{ src_dir }}/publik-base-theme"
+  when:
+    - not git_ssh
+    - clone_repo
+
+###
+
+- name: get django-mellon
+  import_tasks: git_clone.yml
+  vars:
+    repo: "django-mellon"
+    repo_dir: "{{ src_dir }}/django-mellon"
+
+- name: get gadjo
+  import_tasks: git_clone.yml
+  vars:
+    repo: "gadjo"
+    repo_dir: "{{ src_dir }}/gadjo"
+
+- name: get django-tenant-schemas
+  import_tasks: git_clone.yml
+  vars:
+    repo: "debian/django-tenant-schemas"
+    repo_dir: "{{ src_dir }}/django-tenant-schemas"
+
+- name: get hobo
+  import_tasks: git_clone.yml
+  vars:
+    repo: "hobo"
+    repo_dir: "{{ src_dir }}/hobo"
+
+###
+
+- name: get authentic
+  import_tasks: git_clone.yml
+  vars:
+    repo: "authentic"
+    repo_dir: "{{ src_dir }}/authentic"
+
+- name: get authentic2-auth-fc
+  import_tasks: git_clone.yml
+  vars:
+    repo: "authentic2-auth-fc"
+    repo_dir: "{{ src_dir }}/authentic2-auth-fc"
+
+###
+
+- name: get combo
+  import_tasks: git_clone.yml
+  vars:
+    repo: "combo"
+    repo_dir: "{{ src_dir }}/combo"
+
+###
+
+- name: get wcs
+  import_tasks: git_clone.yml
+  vars:
+    repo: "wcs"
+    repo_dir: "{{ src_dir }}/wcs"
+
+- name: get auquotidien
+  import_tasks: git_clone.yml
+  vars:
+    repo: "auquotidien"
+    repo_dir: "{{ src_dir }}/auquotidien"
+
+###
+
+- name: get django-tenant-schemas
+  import_tasks: git_clone.yml
+  vars:
+    repo: "debian/django-tenant-schemas"
+    repo_dir: "{{ src_dir }}/django-tenant-schemas"
+
+- name: get passerelle
+  import_tasks: git_clone.yml
+  vars:
+    repo: "passerelle"
+    repo_dir: "{{ src_dir }}/passerelle"
+
+###
+
+- name: get fargo
+  import_tasks: git_clone.yml
+  vars:
+    repo: "fargo"
+    repo_dir: "{{ src_dir }}/fargo"
+
+- name: get chrono
+  import_tasks: git_clone.yml
+  vars:
+    repo: "chrono"
+    repo_dir: "{{ src_dir }}/chrono"
+
+- name: get corbo
+  import_tasks: git_clone.yml
+  vars:
+    repo: "corbo"
+    repo_dir: "{{ src_dir }}/corbo"
+
+- name: get bijoe
+  import_tasks: git_clone.yml
+  vars:
+    repo: "bijoe"
+    repo_dir: "{{ src_dir }}/bijoe"
+
+- name: get welco
+  import_tasks: git_clone.yml
+  vars:
+    repo: "welco"
+    repo_dir: "{{ src_dir }}/welco"
Author	SHA1	Message	Date
Christophe Siraut	f8edaafda8	a playbook for setting up a container (#21756 )	2018-08-31 15:57:34 +02:00
Christophe Siraut	1aa37728ad	decouple getting sources from installation and allow remote execution (#21756 )	2018-08-31 15:52:02 +02:00
Christophe Siraut	8703b81d7e	guess username (#23086 )	2018-08-31 15:49:42 +02:00