diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-02-07 20:49:43 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-02-10 18:25:20 +0200 |
commit | 0a6a8c6220cf80b7633f01480cdc7ad1a199ee63 (patch) | |
tree | 58163ead6150917437790620f2fba4adf66cb0cb /roles/ick-controller | |
parent | 6e595b8d2a799dc05725a748da24f45ce56d2837 (diff) | |
download | ick2-ansible-0a6a8c6220cf80b7633f01480cdc7ad1a199ee63.tar.gz |
Change: split roles to be one per component
Diffstat (limited to 'roles/ick-controller')
-rw-r--r-- | roles/ick-controller/tasks/main.yml | 64 | ||||
-rw-r--r-- | roles/ick-controller/templates/blob_service.conf.j2 | 6 | ||||
-rw-r--r-- | roles/ick-controller/templates/controller.yaml.j2 (renamed from roles/ick-controller/templates/controller.conf.j2) | 0 | ||||
-rw-r--r-- | roles/ick-controller/templates/haproxy.cfg.j2 | 49 |
4 files changed, 5 insertions, 114 deletions
diff --git a/roles/ick-controller/tasks/main.yml b/roles/ick-controller/tasks/main.yml index acbb844..9e716cc 100644 --- a/roles/ick-controller/tasks/main.yml +++ b/roles/ick-controller/tasks/main.yml @@ -1,15 +1,11 @@ -- name: install ick packages +- name: install controller packages apt: name: "{{ item }}" with_items: + - ick-controller - curl - psmisc - - ick2 - - haproxy - - debootstrap - - jq - less - - htop - locales-all - systemd-container @@ -22,69 +18,19 @@ mode: 0755 with_items: - /etc/ick - - /etc/haproxy - name: install controller config template: - src: controller.conf.j2 - dest: /etc/ick/controller.conf + src: controller.yaml.j2 + dest: /etc/ick/controller.yaml owner: root group: root mode: 0644 -- name: install blob service config - template: - src: blob_service.conf.j2 - dest: /etc/ick/blob_service.conf - owner: root - group: root - mode: 0644 - -- name: install haproxy config - template: - src: haproxy.cfg.j2 - dest: /etc/haproxy/haproxy.cfg - owner: root - group: root - mode: 0644 - -- name: install TLS certificate - copy: - content: "{{ tls_certificate }}" - dest: /etc/ssl/ick.pem - owner: root - group: root - mode: 0600 - -- name: install token signing private key - copy: - content: "{{ token_private_key }}" - dest: /etc/ick/token_key - owner: _ickwm - group: _ickwm - mode: 0600 - -- name: install token signing public key - copy: - content: "{{ token_public_key }}" - dest: /etc/ick/token_key.pub - owner: _ickwm - group: _ickwm - mode: 0644 - - name: enable and start units service: name: "{{ item }}" state: restarted enabled: yes with_items: - - ick2 - - ick2-worker-manager - - blob-service - - haproxy - -- name: configure ssh client with StrictHostKeyChecking=no - lineinfile: - dest: /etc/ssh/ssh_config - state: present - line: "StrictHostKeyChecking no" + - ick-controller diff --git a/roles/ick-controller/templates/blob_service.conf.j2 b/roles/ick-controller/templates/blob_service.conf.j2 deleted file mode 100644 index 0708da5..0000000 --- a/roles/ick-controller/templates/blob_service.conf.j2 +++ /dev/null @@ -1,6 +0,0 @@ -token-issuer: localhost -token-audience: localhost -token-public-key: "{{ token_public_key }}" -log: - - filename: /var/log/ickbs/blob_service.log -blobdir: /var/lib/ick/blobs diff --git a/roles/ick-controller/templates/controller.conf.j2 b/roles/ick-controller/templates/controller.yaml.j2 index 22e6124..22e6124 100644 --- a/roles/ick-controller/templates/controller.conf.j2 +++ b/roles/ick-controller/templates/controller.yaml.j2 diff --git a/roles/ick-controller/templates/haproxy.cfg.j2 b/roles/ick-controller/templates/haproxy.cfg.j2 deleted file mode 100644 index e33b6e6..0000000 --- a/roles/ick-controller/templates/haproxy.cfg.j2 +++ /dev/null @@ -1,49 +0,0 @@ -global - log 127.0.0.1 local4 - chroot /var/lib/haproxy - stats socket /run/haproxy/admin.sock mode 660 level admin - stats timeout 30s - user haproxy - group haproxy - daemon - - ca-base /etc/ssl/certs - crt-base /etc/ssl/private - tune.ssl.default-dh-param 2048 - ssl-default-bind-options no-tls-tickets - ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK - -defaults - log global - mode http - option httplog - option dontlognull - timeout connect 5000 - timeout client 50000 - timeout server 50000 - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http - - -frontend http-in - bind *:80 - bind *:443 ssl no-sslv3 no-tlsv10 crt /etc/ssl/ick.pem - - rspadd Strict-Transport-Security:\ max-age=15768000 - - acl blobs path_beg /blobs - acl any method GET HEAD POST PUT DELETE - - use_backend blob_service if blobs - use_backend ick_controller if any - -backend ick_controller - server ick_controller_1 127.0.0.1:12765 - -backend blob_service - server blob_service_1 127.0.0.1:12766 |