Change: split roles to be one per component

author: Lars Wirzenius <liw@liw.fi> 2018-02-07 20:49:43 +0200
committer: Lars Wirzenius <liw@liw.fi> 2018-02-10 18:25:20 +0200
commit: 0a6a8c6220cf80b7633f01480cdc7ad1a199ee63 (patch)
tree: 58163ead6150917437790620f2fba4adf66cb0cb /roles/ick-controller
parent: 6e595b8d2a799dc05725a748da24f45ce56d2837 (diff)
download: ick2-ansible-0a6a8c6220cf80b7633f01480cdc7ad1a199ee63.tar.gz
4 files changed, 5 insertions, 114 deletions
diff --git a/roles/ick-controller/tasks/main.yml b/roles/ick-controller/tasks/main.yml
index acbb844..9e716cc 100644
--- a/roles/ick-controller/tasks/main.yml
+++ b/roles/ick-controller/tasks/main.yml
@@ -1,15 +1,11 @@
-- name: install ick packages
+- name: install controller packages
   apt:
     name: "{{ item }}"
   with_items:
+    - ick-controller
     - curl
     - psmisc
-    - ick2
-    - haproxy
-    - debootstrap
-    - jq
     - less
-    - htop
     - locales-all
     - systemd-container
 
@@ -22,69 +18,19 @@
     mode: 0755
   with_items:
     - /etc/ick
-    - /etc/haproxy
 
 - name: install controller config
   template:
-    src: controller.conf.j2
-    dest: /etc/ick/controller.conf
+    src: controller.yaml.j2
+    dest: /etc/ick/controller.yaml
     owner: root
     group: root
     mode: 0644
 
-- name: install blob service config
-  template:
-    src: blob_service.conf.j2
-    dest: /etc/ick/blob_service.conf
-    owner: root
-    group: root
-    mode: 0644
-
-- name: install haproxy config
-  template:
-    src: haproxy.cfg.j2
-    dest: /etc/haproxy/haproxy.cfg
-    owner: root
-    group: root
-    mode: 0644
-
-- name: install TLS certificate
-  copy:
-    content: "{{ tls_certificate }}"
-    dest: /etc/ssl/ick.pem
-    owner: root
-    group: root
-    mode: 0600
-
-- name: install token signing private key
-  copy:
-    content: "{{ token_private_key }}"
-    dest: /etc/ick/token_key
-    owner: _ickwm
-    group: _ickwm
-    mode: 0600
-
-- name: install token signing public key
-  copy:
-    content: "{{ token_public_key }}"
-    dest: /etc/ick/token_key.pub
-    owner: _ickwm
-    group: _ickwm
-    mode: 0644
-
 - name: enable and start units
   service:
     name: "{{ item }}"
     state: restarted
     enabled: yes
   with_items:
-    - ick2
-    - ick2-worker-manager
-    - blob-service
-    - haproxy
-
-- name: configure ssh client with StrictHostKeyChecking=no
-  lineinfile:
-    dest: /etc/ssh/ssh_config
-    state: present
-    line: "StrictHostKeyChecking no"
+    - ick-controller
diff --git a/roles/ick-controller/templates/blob_service.conf.j2 b/roles/ick-controller/templates/blob_service.conf.j2
deleted file mode 100644
index 0708da5..0000000
--- a/roles/ick-controller/templates/blob_service.conf.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-token-issuer: localhost
-token-audience: localhost
-token-public-key: "{{ token_public_key }}"
-log:
-  - filename: /var/log/ickbs/blob_service.log
-blobdir: /var/lib/ick/blobs
diff --git a/roles/ick-controller/templates/controller.conf.j2 b/roles/ick-controller/templates/controller.yaml.j2
index 22e6124..22e6124 100644
--- a/roles/ick-controller/templates/controller.conf.j2
+++ b/roles/ick-controller/templates/controller.yaml.j2
diff --git a/roles/ick-controller/templates/haproxy.cfg.j2 b/roles/ick-controller/templates/haproxy.cfg.j2
deleted file mode 100644
index e33b6e6..0000000
--- a/roles/ick-controller/templates/haproxy.cfg.j2
+++ /dev/null
@@ -1,49 +0,0 @@
-global
-    log        127.0.0.1 local4
-    chroot     /var/lib/haproxy
-    stats      socket /run/haproxy/admin.sock mode 660 level admin
-    stats      timeout 30s
-    user       haproxy
-    group      haproxy
-    daemon
-
-    ca-base    /etc/ssl/certs
-    crt-base   /etc/ssl/private
-    tune.ssl.default-dh-param 2048
-    ssl-default-bind-options no-tls-tickets
-    ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
-
-defaults
-    log        global
-    mode       http
-    option     httplog
-    option     dontlognull
-    timeout    connect 5000
-    timeout    client 50000
-    timeout    server 50000
-    errorfile  400 /etc/haproxy/errors/400.http
-    errorfile  403 /etc/haproxy/errors/403.http
-    errorfile  408 /etc/haproxy/errors/408.http
-    errorfile  500 /etc/haproxy/errors/500.http
-    errorfile  502 /etc/haproxy/errors/502.http
-    errorfile  503 /etc/haproxy/errors/503.http
-    errorfile  504 /etc/haproxy/errors/504.http
-
-
-frontend http-in
-    bind *:80
-    bind *:443 ssl no-sslv3 no-tlsv10 crt /etc/ssl/ick.pem
-
-    rspadd Strict-Transport-Security:\ max-age=15768000
-
-    acl blobs path_beg /blobs
-    acl any method GET HEAD POST PUT DELETE
-
-    use_backend blob_service if blobs
-    use_backend ick_controller if any
-
-backend ick_controller
-    server ick_controller_1 127.0.0.1:12765
-
-backend blob_service
-    server blob_service_1 127.0.0.1:12766
author	Lars Wirzenius <liw@liw.fi>	2018-02-07 20:49:43 +0200
committer	Lars Wirzenius <liw@liw.fi>	2018-02-10 18:25:20 +0200
commit	0a6a8c6220cf80b7633f01480cdc7ad1a199ee63 (patch)
tree	58163ead6150917437790620f2fba4adf66cb0cb /roles/ick-controller
parent	6e595b8d2a799dc05725a748da24f45ce56d2837 (diff)
download	ick2-ansible-0a6a8c6220cf80b7633f01480cdc7ad1a199ee63.tar.gz