Merge branch 'master' of trygvis.io:git/infra

11 files changed, 65 insertions, 159 deletions

diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index 4712f76..e7dde87 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -1,12 +1,12 @@
 [defaults]
 become_method = sudo
 connection_plugins = ./connection_plugins
-inventory = ./inventory
+inventory = ./inventory,./inventory-terraform
 nocows = True
 stdout_callback = debug
 vault_password_file = ./.vault-password
 roles_path = roles:thirdparty
 retry_files_enabled = False
 
-strategy_plugins = env/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy
+strategy_plugins = env/lib/python3.9/site-packages/ansible_mitogen/plugins/strategy
 strategy = mitogen_linear
diff --git a/ansible/minio-policies.yml b/ansible/minio-policies.yml
deleted file mode 100644
index 536314c..0000000
--- a/ansible/minio-policies.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-- hosts: localhost
-  tasks:
-    - command: mc admin user list --json "{{ minio_config }}"
-      register: cmd_users
-    # - debug: var=cmd_users.stdout
-
-- hosts: localhost
-  tasks:
-    - with_items: "{{ backup_policies }}"
-      include_tasks: minio/backup-policy.yml
-      vars:
-        hostname: "{{ item }}"
-        host: "{{ minio_users['backup-' + item] }}"
-
-- hosts: localhost
-  vars:
-    registered_minio_users: "{{ cmd_users.stdout_lines | map('from_json') | list }}"
-    present_users: "{{ minio_users | dict2items | json_query('[] | [?value.state == `present`]') | items2dict }}"
-    absent_users: "{{ minio_users | dict2items | json_query('[] | [?value.state == `absent`]') | items2dict }}"
-  tasks:
-    - name: all present users
-      debug:
-        msg: "{{ present_users | join(', ') }}"
-      when: false
-
-    - name: all absent users
-      debug:
-        msg: "{{ absent_users | join(', ') }}"
-      when: false
-
-    - name: all minio users
-      debug:
-        msg: "{{ registered_minio_users }}"
-      when: false
-
-    - name: Adding user to Minio
-      command: "mc admin user add {{ minio_config }} {{ item }} {{ user.secret }} {{ user.policy }}"
-      when: user_count == "0"
-      vars:
-        user: "{{ minio_users[item] }}"
-        user_count: "{{ registered_minio_users | json_query('[] | [?accessKey == `' + item + '`]') | length }}"
-      with_items: "{{ present_users }}"
-
-    - name: Removing user from Minio
-      command: "mc admin user remove {{ minio_config }} {{ item }}"
-      when: user_count
-      vars:
-        user_count: "{{ registered_minio_users | json_query('[] | [?accessKey == `' + item + '`]') | length }}"
-      with_items: "{{ absent_users }}"
diff --git a/ansible/minio/backup-policy.yml b/ansible/minio/backup-policy.yml
deleted file mode 100644
index e0b8376..0000000
--- a/ansible/minio/backup-policy.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-- register: policy
-  when: host.state == 'present'
-  local_action:
-    module: copy
-    dest: minio/policies/backup-{{ hostname }}.json
-    content: |
-      {
-        "Version": "2012-10-17",
-        "Statement": [
-          {
-            "Action": [
-              "s3:ListBucket"
-            ],
-            "Effect": "Allow",
-            "Resource": [
-              "arn:aws:s3:::backup-{{ hostname }}/*"
-            ],
-            "Sid": ""
-          },
-          {
-            "Action": [
-              "s3:GetObject",
-              "s3:DeleteObject",
-              "s3:PutObject"
-            ],
-            "Effect": "Allow",
-            "Resource": [
-              "arn:aws:s3:::backup-{{ hostname }}/*"
-            ],
-            "Sid": ""
-          }
-        ]
-      }
-
-- name: Registering policy
-  when: policy.changed
-  command: mc admin policy add {{ minio_config }} backup-{{ hostname }} minio/policies/backup-{{ hostname }}.json
-
-- name: checking if bucked exists
-  command: mc ls --json "{{ minio_config }}"
-  register: cmd_ls
-  failed_when: false
-
-#- debug: var=foo
-#  vars:  
-#    foo: "{{ cmd_ls.stdout_lines | map('from_json') | list }}"
-
-#- debug: var=foo
-#  vars:  
-#    foo: "{{ cmd_ls.stdout_lines | map('from_json') | list | json_query('[?key==`backup-' + hostname + '/`]') }}"
-
-- name: Creating backup bucket
-  vars:
-    len: "{{ cmd_ls.stdout_lines | map('from_json') | list | json_query('[?key==`backup-' + hostname + '/`]') | length }}"
-  when: len == "0"
-  command: mc mb {{ minio_config }}/backup-{{ hostname }}
-
-- name: Removing policy file
-  when: host.state != 'present'
-  register: removed
-  file:
-    path: minio/policies/backup-{{ hostname }}.json
-    state: absent
-
-- name: Unregistering policy
-  when: removed.changed
-  command: mc admin policy remove {{ minio_config }} backup-{{ hostname }}
diff --git a/ansible/minio/group_vars/all/vault.yml b/ansible/minio/group_vars/all/vault.yml
new file mode 100644
index 0000000..f8c5f3c
--- /dev/null
+++ b/ansible/minio/group_vars/all/vault.yml
@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+37316439376635346334323665326364636264623536646662346333333831356233386266326565
+6666613663303766373933346233323831333065353266630a363062333237323736636138643563
+39613864326262323138326236633163616366363635306335323331663636313332383538343434
+3364623632383033380a303332666165393031333237333533616233353936353337633266386336
+39363066396362343531373138353562626430626435386361653036313330363037326139663666
+34646530386537613162373931373462653463336136643232343261653961653434363631613964
+36373239393436366133663065343930343064623336323364333437626132326134653336623135
+62303930623135303933343634666439643935643966323937303266313463346538613163646532
+62353336323132376339616230636637636530353537363064666361303138633664343462613161
+61653566343537636162376463323731343236656637363631333262386631363666323136303165
+66366336326666653266363538653937333535643262316566653365316663393962366364663738
+37613136333634303330
diff --git a/ansible/minio/minio.yml b/ansible/minio/minio.yml
new file mode 100644
index 0000000..d4687a6
--- /dev/null
+++ b/ansible/minio/minio.yml
@@ -0,0 +1,19 @@
+- hosts:
+    - birgitte
+  vars:
+    minio_zfs: "pool1/minio/data"
+    minio_data: "/{{ minio_zfs }}"
+    minio_version: RELEASE.2020-12-29T23-29-29Z
+  tasks:
+    - name: ZFS for minio
+      become: yes
+      zfs:
+        name: "{{ minio_zfs }}"
+        state: present
+
+    - import_role:
+        name: docker-service
+      tags: docker-service
+      vars:
+        service: minio
+        template: templates/docker-compose.yml
diff --git a/ansible/minio/policies/backup-conflatorio.json b/ansible/minio/policies/backup-conflatorio.json
deleted file mode 100644
index 97ea158..0000000
--- a/ansible/minio/policies/backup-conflatorio.json
+++ /dev/null
@@ -1 +0,0 @@
-{"Version": "2012-10-17", "Statement": [{"Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::backup-conflatorio/*"], "Effect": "Allow", "Sid": ""}, {"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"], "Resource": ["arn:aws:s3:::backup-conflatorio/*"], "Effect": "Allow", "Sid": ""}]}
\ No newline at end of file
diff --git a/ansible/minio/policies/backup-fuckaduck.json b/ansible/minio/policies/backup-fuckaduck.json
deleted file mode 100644
index 0f25369..0000000
--- a/ansible/minio/policies/backup-fuckaduck.json
+++ /dev/null
@@ -1 +0,0 @@
-{"Version": "2012-10-17", "Statement": [{"Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::backup-fuckaduck/*"], "Effect": "Allow", "Sid": ""}, {"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"], "Resource": ["arn:aws:s3:::backup-fuckaduck/*"], "Effect": "Allow", "Sid": ""}]}
\ No newline at end of file
diff --git a/ansible/minio/templates/docker-compose.yml b/ansible/minio/templates/docker-compose.yml
new file mode 100644
index 0000000..4377d0b
--- /dev/null
+++ b/ansible/minio/templates/docker-compose.yml
@@ -0,0 +1,17 @@
+version: "3"
+services:
+  minio:
+    image: minio/minio:{{ minio_version }}
+    environment:
+      # It seems like minio want to replace access_key/secret_key with root_, but it doesn't work yet.
+      MINIO_ROOT_USER: {{ MINIO_ROOT_USER }}
+      MINIO_ROOT_PASSWORD: {{ MINIO_ROOT_PASSWORD }}
+      MINIO_ACCESS_KEY: {{ MINIO_ROOT_USER }}
+      MINIO_SECRET_KEY: {{ MINIO_ROOT_PASSWORD }}
+    command:
+      - server
+      - /data
+    ports:
+      - "9000:9000"
+    volumes:
+      - {{ minio_data }}:/data
diff --git a/ansible/minio/vars.yml b/ansible/minio/vars.yml
deleted file mode 100644
index 67f65f6..0000000
--- a/ansible/minio/vars.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38623132333131643666333832396131366536303864616161386562613735383938643566663639
-6562383332623834623538313262323765353666313562640a303538383939376231366537613433
-65333766303731323661366437313132333332373130386637306537613332653264383330313931
-6131303363386639650a363963323031626565306366313961353632656362346538316161313662
-31636562323135323733303266303364616139333663663334343766303163613265643066663039
-33613030373636636637666164316438623864316363383534633832613338393965646135643166
-35313361643334646363346539393464396131373230376632336133383362353135616131643961
-65646361303735656432343263663332333736346636646633376463316338316331316564643835
-36623030306538613536393463343763363062626465383637386662653239386265663932376131
-37376432353866343738383331353065613066616431393666326135363130663734303237303864
-39323065663935373863643530333938383931393234646164633334376362323263383932623834
-61613236656238666465393337333361623131633031353137316366303564313364663737346562
-65646530303965633561363539626234643337313733643231363764303731613030386565346163
-33323765363533633564303064396533396536323265323537373136656438373039363664336236
-39393366353930383531366630343034303935393231643538343964643232663538386337666130
-66346433656237663738356563343264363636333662366332373533643535323335356166393531
-61396336396362346461333236646138376365623964336138343431336564303864626639666330
-65613039666262303761306631303539663534343032376164393732616465663961356364636138
-35633134323639386630316166613431323463353535336531353866633065393162313561623936
-63623930613162373765643639313966376231643136333639363563356434346461653066626331
-66653965386664623431313738343462363533356631636665623361343261666437363833623335
-35343434336261353533666132353032626235633864653361613266373035363062356139393261
-30336362373562313436623665343964613161366630323365613438313963303263646136626130
-63626562666331333331623236366532393965343366383330396138666365623135356336626232
-64373234626339313537653362646566643762386534393034663436633864343935633539353935
-36376661336333653065306534643534666565656539353732623063346538616365383733646135
-38633662356231393137363532346130363163373365346634383130353136383031626361306230
-62663336323438346361393531303563646436643962653361343330386334623032346132383263
-38303262303162323137646631313430396634666534373261326330623235626538373861393731
-37303838636565666133396534663562376335346563336334643964346539613266646266633866
-62643263623639666163623763386265386337323435363761666164353466333333376132366166
-34373135326130383839313561393933646236623830356232636162373465346266356230303132
-65306638313737633564373938313564313436333061636536643765323031323763633131303131
-39633236656362386266633831333762366230336231613363373332396139373864646437636436
-61373666373664366133366563643731386138643463313436393239626563386633336632656231
-31616530646337393161623735636239356137646539356633353933366230643366316332663833
-37306531353837326664323430316635393333353366643165393964326431663366356535646431
-3535373634326239356561356562386466363636393238643766
diff --git a/ansible/requirements.txt b/ansible/requirements.txt
index 4375bc0..42251bf 100644
--- a/ansible/requirements.txt
+++ b/ansible/requirements.txt
@@ -1 +1,2 @@
 mitogen==0.2.9
+pyyaml==5.3.1
diff --git a/ansible/terraform-to-ansible-inventory.py b/ansible/terraform-to-ansible-inventory.py
new file mode 100644
index 0000000..25b402b
--- /dev/null
+++ b/ansible/terraform-to-ansible-inventory.py
@@ -0,0 +1,13 @@
+from collections.abc import Iterable
+import os
+import sys
+import json
+
+j = blob = json.load(sys.stdin)
+
+new = {}
+for k, v in blob.items():
+  new[k] = v["value"]
+
+new = {"all": {"vars": new}}
+json.dump(new, fp=sys.stdout)