diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-02-07 20:49:43 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-02-10 18:25:20 +0200 |
commit | 0a6a8c6220cf80b7633f01480cdc7ad1a199ee63 (patch) | |
tree | 58163ead6150917437790620f2fba4adf66cb0cb | |
parent | 6e595b8d2a799dc05725a748da24f45ce56d2837 (diff) | |
download | ick2-ansible-0a6a8c6220cf80b7633f01480cdc7ad1a199ee63.tar.gz |
Change: split roles to be one per component
-rw-r--r-- | ick2.yml | 9 | ||||
-rw-r--r-- | roles/haproxy/tasks/main.yml | 37 | ||||
-rw-r--r-- | roles/haproxy/templates/haproxy.cfg.j2 (renamed from roles/ick-controller/templates/haproxy.cfg.j2) | 8 | ||||
-rw-r--r-- | roles/ick-blob-service/tasks/main.yml | 31 | ||||
-rw-r--r-- | roles/ick-blob-service/templates/blob-service.yaml.j2 (renamed from roles/ick-controller/templates/blob_service.conf.j2) | 0 | ||||
-rw-r--r-- | roles/ick-controller/tasks/main.yml | 64 | ||||
-rw-r--r-- | roles/ick-controller/templates/controller.yaml.j2 (renamed from roles/ick-controller/templates/controller.conf.j2) | 0 | ||||
-rw-r--r-- | roles/ick-worker/tasks/main.yml | 59 | ||||
-rw-r--r-- | roles/ick-worker/templates/worker.yaml.j2 | 10 |
9 files changed, 154 insertions, 64 deletions
@@ -4,8 +4,15 @@ roles: - sane_debian_system - unix_users + - haproxy - ick-controller - ick-worker - ick-blob-service vars: - controller_url: https://{{ controller_domain }} + controller_domain: 127.0.0.1 + controller_port: 12765 + + blob_service_domain: 127.0.0.1 + blob_service_port: 12766 + + controller_url: "https://{{ controller_domain }}" diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml new file mode 100644 index 0000000..2161b3b --- /dev/null +++ b/roles/haproxy/tasks/main.yml @@ -0,0 +1,37 @@ +- name: install haproxy + apt: + name: haproxy + +- name: create config dir + file: + state: directory + path: "{{ item }}" + owner: root + group: root + mode: 0755 + with_items: + - /etc/haproxy + +- name: install haproxy config + template: + src: haproxy.cfg.j2 + dest: /etc/haproxy/haproxy.cfg + owner: root + group: root + mode: 0644 + +- name: install TLS certificate + copy: + content: "{{ tls_certificate }}" + dest: /etc/ssl/ick.pem + owner: root + group: root + mode: 0600 + +- name: enable and start haproxy + service: + name: "{{ item }}" + state: restarted + enabled: yes + with_items: + - haproxy diff --git a/roles/ick-controller/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 index e33b6e6..7039b61 100644 --- a/roles/ick-controller/templates/haproxy.cfg.j2 +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -40,10 +40,10 @@ frontend http-in acl any method GET HEAD POST PUT DELETE use_backend blob_service if blobs - use_backend ick_controller if any + use_backend controller if any -backend ick_controller - server ick_controller_1 127.0.0.1:12765 +backend controller + server controller_1 {{ controller_domain }}:{{ controller_port }} backend blob_service - server blob_service_1 127.0.0.1:12766 + server blob_service_1 {{ blob_service_domain }}:{{ blob_service_port }} diff --git a/roles/ick-blob-service/tasks/main.yml b/roles/ick-blob-service/tasks/main.yml new file mode 100644 index 0000000..5e3aa3b --- /dev/null +++ b/roles/ick-blob-service/tasks/main.yml @@ -0,0 +1,31 @@ +- name: install ick packages + apt: + name: "{{ item }}" + with_items: + - ick-blob-service + +- name: create config dirs + file: + state: directory + path: "{{ item }}" + owner: root + group: root + mode: 0755 + with_items: + - /etc/ick + +- name: install blob service config + template: + src: blob-service.yaml.j2 + dest: /etc/ick/blob-service.yaml + owner: root + group: root + mode: 0644 + +- name: enable and start units + service: + name: "{{ item }}" + state: restarted + enabled: yes + with_items: + - ick-blob-service diff --git a/roles/ick-controller/templates/blob_service.conf.j2 b/roles/ick-blob-service/templates/blob-service.yaml.j2 index 0708da5..0708da5 100644 --- a/roles/ick-controller/templates/blob_service.conf.j2 +++ b/roles/ick-blob-service/templates/blob-service.yaml.j2 diff --git a/roles/ick-controller/tasks/main.yml b/roles/ick-controller/tasks/main.yml index acbb844..9e716cc 100644 --- a/roles/ick-controller/tasks/main.yml +++ b/roles/ick-controller/tasks/main.yml @@ -1,15 +1,11 @@ -- name: install ick packages +- name: install controller packages apt: name: "{{ item }}" with_items: + - ick-controller - curl - psmisc - - ick2 - - haproxy - - debootstrap - - jq - less - - htop - locales-all - systemd-container @@ -22,69 +18,19 @@ mode: 0755 with_items: - /etc/ick - - /etc/haproxy - name: install controller config template: - src: controller.conf.j2 - dest: /etc/ick/controller.conf + src: controller.yaml.j2 + dest: /etc/ick/controller.yaml owner: root group: root mode: 0644 -- name: install blob service config - template: - src: blob_service.conf.j2 - dest: /etc/ick/blob_service.conf - owner: root - group: root - mode: 0644 - -- name: install haproxy config - template: - src: haproxy.cfg.j2 - dest: /etc/haproxy/haproxy.cfg - owner: root - group: root - mode: 0644 - -- name: install TLS certificate - copy: - content: "{{ tls_certificate }}" - dest: /etc/ssl/ick.pem - owner: root - group: root - mode: 0600 - -- name: install token signing private key - copy: - content: "{{ token_private_key }}" - dest: /etc/ick/token_key - owner: _ickwm - group: _ickwm - mode: 0600 - -- name: install token signing public key - copy: - content: "{{ token_public_key }}" - dest: /etc/ick/token_key.pub - owner: _ickwm - group: _ickwm - mode: 0644 - - name: enable and start units service: name: "{{ item }}" state: restarted enabled: yes with_items: - - ick2 - - ick2-worker-manager - - blob-service - - haproxy - -- name: configure ssh client with StrictHostKeyChecking=no - lineinfile: - dest: /etc/ssh/ssh_config - state: present - line: "StrictHostKeyChecking no" + - ick-controller diff --git a/roles/ick-controller/templates/controller.conf.j2 b/roles/ick-controller/templates/controller.yaml.j2 index 22e6124..22e6124 100644 --- a/roles/ick-controller/templates/controller.conf.j2 +++ b/roles/ick-controller/templates/controller.yaml.j2 diff --git a/roles/ick-worker/tasks/main.yml b/roles/ick-worker/tasks/main.yml new file mode 100644 index 0000000..19a01c9 --- /dev/null +++ b/roles/ick-worker/tasks/main.yml @@ -0,0 +1,59 @@ +- name: install ick worker manager + apt: + name: "{{ item }}" + with_items: + - ick-worker + - debootstrap + - jq + - less + - htop + - locales-all + - systemd-container + +- name: create config dirs + file: + state: directory + path: "{{ item }}" + owner: root + group: root + mode: 0755 + with_items: + - /etc/ick + +- name: install worker-manager config + template: + src: worker.yaml.j2 + dest: /etc/ick/worker.yaml + owner: root + group: root + mode: 0644 + +- name: install token signing private key + copy: + content: "{{ token_private_key }}" + dest: /etc/ick/token_key + owner: _ickwm + group: _ickwm + mode: 0600 + +- name: install token signing public key + copy: + content: "{{ token_public_key }}" + dest: /etc/ick/token_key.pub + owner: _ickwm + group: _ickwm + mode: 0644 + +- name: enable and start units + service: + name: "{{ item }}" + state: restarted + enabled: yes + with_items: + - ick-worker + +- name: configure ssh client with StrictHostKeyChecking=no + lineinfile: + dest: /etc/ssh/ssh_config + state: present + line: "StrictHostKeyChecking no" diff --git a/roles/ick-worker/templates/worker.yaml.j2 b/roles/ick-worker/templates/worker.yaml.j2 new file mode 100644 index 0000000..d742a42 --- /dev/null +++ b/roles/ick-worker/templates/worker.yaml.j2 @@ -0,0 +1,10 @@ +config: + controller: "{{ controller_url }}" + name: worker1 + log: /var/log/ickwm/worker_manager.log + log-level: debug + log-max: 10M + log-keep: 10 + token-key: /etc/ick/token_key + token-key-pub: /etc/ick/token_key.pub + workspace: /var/lib/ick/workspace |