Change: split roles to be one per component

9 files changed, 154 insertions, 64 deletions

diff --git a/ick2.yml b/ick2.yml
index 029e7c8..9f978f9 100644
--- a/ick2.yml
+++ b/ick2.yml
@@ -4,8 +4,15 @@
   roles:
     - sane_debian_system
     - unix_users
+    - haproxy
     - ick-controller
     - ick-worker
     - ick-blob-service
   vars:
-    controller_url: https://{{ controller_domain }}
+    controller_domain: 127.0.0.1
+    controller_port: 12765
+
+    blob_service_domain: 127.0.0.1
+    blob_service_port: 12766
+
+    controller_url: "https://{{ controller_domain }}"
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
new file mode 100644
index 0000000..2161b3b
--- /dev/null
+++ b/roles/haproxy/tasks/main.yml
@@ -0,0 +1,37 @@
+- name: install haproxy
+  apt:
+    name: haproxy
+
+- name: create config dir
+  file:
+    state: directory
+    path: "{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
+  with_items:
+    - /etc/haproxy
+
+- name: install haproxy config
+  template:
+    src: haproxy.cfg.j2
+    dest: /etc/haproxy/haproxy.cfg
+    owner: root
+    group: root
+    mode: 0644
+
+- name: install TLS certificate
+  copy:
+    content: "{{ tls_certificate }}"
+    dest: /etc/ssl/ick.pem
+    owner: root
+    group: root
+    mode: 0600
+
+- name: enable and start haproxy
+  service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: yes
+  with_items:
+    - haproxy
diff --git a/roles/ick-controller/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index e33b6e6..7039b61 100644
--- a/roles/ick-controller/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -40,10 +40,10 @@ frontend http-in
     acl any method GET HEAD POST PUT DELETE
 
     use_backend blob_service if blobs
-    use_backend ick_controller if any
+    use_backend controller if any
 
-backend ick_controller
-    server ick_controller_1 127.0.0.1:12765
+backend controller
+    server controller_1 {{ controller_domain }}:{{ controller_port }}
 
 backend blob_service
-    server blob_service_1 127.0.0.1:12766
+    server blob_service_1 {{ blob_service_domain }}:{{ blob_service_port }}
diff --git a/roles/ick-blob-service/tasks/main.yml b/roles/ick-blob-service/tasks/main.yml
new file mode 100644
index 0000000..5e3aa3b
--- /dev/null
+++ b/roles/ick-blob-service/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: install ick packages
+  apt:
+    name: "{{ item }}"
+  with_items:
+    - ick-blob-service
+
+- name: create config dirs
+  file:
+    state: directory
+    path: "{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
+  with_items:
+    - /etc/ick
+
+- name: install blob service config
+  template:
+    src: blob-service.yaml.j2
+    dest: /etc/ick/blob-service.yaml
+    owner: root
+    group: root
+    mode: 0644
+
+- name: enable and start units
+  service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: yes
+  with_items:
+    - ick-blob-service
diff --git a/roles/ick-controller/templates/blob_service.conf.j2 b/roles/ick-blob-service/templates/blob-service.yaml.j2
index 0708da5..0708da5 100644
--- a/roles/ick-controller/templates/blob_service.conf.j2
+++ b/roles/ick-blob-service/templates/blob-service.yaml.j2
diff --git a/roles/ick-controller/tasks/main.yml b/roles/ick-controller/tasks/main.yml
index acbb844..9e716cc 100644
--- a/roles/ick-controller/tasks/main.yml
+++ b/roles/ick-controller/tasks/main.yml
@@ -1,15 +1,11 @@
-- name: install ick packages
+- name: install controller packages
   apt:
     name: "{{ item }}"
   with_items:
+    - ick-controller
     - curl
     - psmisc
-    - ick2
-    - haproxy
-    - debootstrap
-    - jq
     - less
-    - htop
     - locales-all
     - systemd-container
 
@@ -22,69 +18,19 @@
     mode: 0755
   with_items:
     - /etc/ick
-    - /etc/haproxy
 
 - name: install controller config
   template:
-    src: controller.conf.j2
-    dest: /etc/ick/controller.conf
+    src: controller.yaml.j2
+    dest: /etc/ick/controller.yaml
     owner: root
     group: root
     mode: 0644
 
-- name: install blob service config
-  template:
-    src: blob_service.conf.j2
-    dest: /etc/ick/blob_service.conf
-    owner: root
-    group: root
-    mode: 0644
-
-- name: install haproxy config
-  template:
-    src: haproxy.cfg.j2
-    dest: /etc/haproxy/haproxy.cfg
-    owner: root
-    group: root
-    mode: 0644
-
-- name: install TLS certificate
-  copy:
-    content: "{{ tls_certificate }}"
-    dest: /etc/ssl/ick.pem
-    owner: root
-    group: root
-    mode: 0600
-
-- name: install token signing private key
-  copy:
-    content: "{{ token_private_key }}"
-    dest: /etc/ick/token_key
-    owner: _ickwm
-    group: _ickwm
-    mode: 0600
-
-- name: install token signing public key
-  copy:
-    content: "{{ token_public_key }}"
-    dest: /etc/ick/token_key.pub
-    owner: _ickwm
-    group: _ickwm
-    mode: 0644
-
 - name: enable and start units
   service:
     name: "{{ item }}"
     state: restarted
     enabled: yes
   with_items:
-    - ick2
-    - ick2-worker-manager
-    - blob-service
-    - haproxy
-
-- name: configure ssh client with StrictHostKeyChecking=no
-  lineinfile:
-    dest: /etc/ssh/ssh_config
-    state: present
-    line: "StrictHostKeyChecking no"
+    - ick-controller
diff --git a/roles/ick-controller/templates/controller.conf.j2 b/roles/ick-controller/templates/controller.yaml.j2
index 22e6124..22e6124 100644
--- a/roles/ick-controller/templates/controller.conf.j2
+++ b/roles/ick-controller/templates/controller.yaml.j2
diff --git a/roles/ick-worker/tasks/main.yml b/roles/ick-worker/tasks/main.yml
new file mode 100644
index 0000000..19a01c9
--- /dev/null
+++ b/roles/ick-worker/tasks/main.yml
@@ -0,0 +1,59 @@
+- name: install ick worker manager
+  apt:
+    name: "{{ item }}"
+  with_items:
+    - ick-worker
+    - debootstrap
+    - jq
+    - less
+    - htop
+    - locales-all
+    - systemd-container
+
+- name: create config dirs
+  file:
+    state: directory
+    path: "{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
+  with_items:
+    - /etc/ick
+
+- name: install worker-manager config
+  template:
+    src: worker.yaml.j2
+    dest: /etc/ick/worker.yaml
+    owner: root
+    group: root
+    mode: 0644
+
+- name: install token signing private key
+  copy:
+    content: "{{ token_private_key }}"
+    dest: /etc/ick/token_key
+    owner: _ickwm
+    group: _ickwm
+    mode: 0600
+
+- name: install token signing public key
+  copy:
+    content: "{{ token_public_key }}"
+    dest: /etc/ick/token_key.pub
+    owner: _ickwm
+    group: _ickwm
+    mode: 0644
+
+- name: enable and start units
+  service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: yes
+  with_items:
+    - ick-worker
+
+- name: configure ssh client with StrictHostKeyChecking=no
+  lineinfile:
+    dest: /etc/ssh/ssh_config
+    state: present
+    line: "StrictHostKeyChecking no"
diff --git a/roles/ick-worker/templates/worker.yaml.j2 b/roles/ick-worker/templates/worker.yaml.j2
new file mode 100644
index 0000000..d742a42
--- /dev/null
+++ b/roles/ick-worker/templates/worker.yaml.j2
@@ -0,0 +1,10 @@
+config:
+  controller: "{{ controller_url }}"
+  name: worker1
+  log: /var/log/ickwm/worker_manager.log
+  log-level: debug
+  log-max: 10M
+  log-keep: 10
+  token-key: /etc/ick/token_key
+  token-key-pub: /etc/ick/token_key.pub
+  workspace: /var/lib/ick/workspace