aboutsummaryrefslogtreecommitdiff
path: root/ansible
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2021-01-09 12:33:17 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2021-01-09 12:33:17 +0100
commit16795884f3e915ed6d8b086fd5b6b93fc4858a27 (patch)
tree2043154f60fd396e5ee9f572df0dc9112f46feff /ansible
parent4dd314376968d99abe67e1c49ad8032d3a2b96c2 (diff)
parent5b1279c3dd28a2c0252624c36e937c59db15270d (diff)
downloadinfra-16795884f3e915ed6d8b086fd5b6b93fc4858a27.tar.gz
infra-16795884f3e915ed6d8b086fd5b6b93fc4858a27.tar.bz2
infra-16795884f3e915ed6d8b086fd5b6b93fc4858a27.tar.xz
infra-16795884f3e915ed6d8b086fd5b6b93fc4858a27.zip
Merge branch 'master' of trygvis.io:git/infra
Diffstat (limited to 'ansible')
-rw-r--r--ansible/ansible.cfg4
-rw-r--r--ansible/minio-policies.yml49
-rw-r--r--ansible/minio/backup-policy.yml67
-rw-r--r--ansible/minio/group_vars/all/vault.yml13
-rw-r--r--ansible/minio/minio.yml19
-rw-r--r--ansible/minio/policies/backup-conflatorio.json1
-rw-r--r--ansible/minio/policies/backup-fuckaduck.json1
-rw-r--r--ansible/minio/templates/docker-compose.yml17
-rw-r--r--ansible/minio/vars.yml39
-rw-r--r--ansible/requirements.txt1
-rw-r--r--ansible/terraform-to-ansible-inventory.py13
11 files changed, 65 insertions, 159 deletions
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index 4712f76..e7dde87 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -1,12 +1,12 @@
[defaults]
become_method = sudo
connection_plugins = ./connection_plugins
-inventory = ./inventory
+inventory = ./inventory,./inventory-terraform
nocows = True
stdout_callback = debug
vault_password_file = ./.vault-password
roles_path = roles:thirdparty
retry_files_enabled = False
-strategy_plugins = env/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy
+strategy_plugins = env/lib/python3.9/site-packages/ansible_mitogen/plugins/strategy
strategy = mitogen_linear
diff --git a/ansible/minio-policies.yml b/ansible/minio-policies.yml
deleted file mode 100644
index 536314c..0000000
--- a/ansible/minio-policies.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-- hosts: localhost
- tasks:
- - command: mc admin user list --json "{{ minio_config }}"
- register: cmd_users
- # - debug: var=cmd_users.stdout
-
-- hosts: localhost
- tasks:
- - with_items: "{{ backup_policies }}"
- include_tasks: minio/backup-policy.yml
- vars:
- hostname: "{{ item }}"
- host: "{{ minio_users['backup-' + item] }}"
-
-- hosts: localhost
- vars:
- registered_minio_users: "{{ cmd_users.stdout_lines | map('from_json') | list }}"
- present_users: "{{ minio_users | dict2items | json_query('[] | [?value.state == `present`]') | items2dict }}"
- absent_users: "{{ minio_users | dict2items | json_query('[] | [?value.state == `absent`]') | items2dict }}"
- tasks:
- - name: all present users
- debug:
- msg: "{{ present_users | join(', ') }}"
- when: false
-
- - name: all absent users
- debug:
- msg: "{{ absent_users | join(', ') }}"
- when: false
-
- - name: all minio users
- debug:
- msg: "{{ registered_minio_users }}"
- when: false
-
- - name: Adding user to Minio
- command: "mc admin user add {{ minio_config }} {{ item }} {{ user.secret }} {{ user.policy }}"
- when: user_count == "0"
- vars:
- user: "{{ minio_users[item] }}"
- user_count: "{{ registered_minio_users | json_query('[] | [?accessKey == `' + item + '`]') | length }}"
- with_items: "{{ present_users }}"
-
- - name: Removing user from Minio
- command: "mc admin user remove {{ minio_config }} {{ item }}"
- when: user_count
- vars:
- user_count: "{{ registered_minio_users | json_query('[] | [?accessKey == `' + item + '`]') | length }}"
- with_items: "{{ absent_users }}"
diff --git a/ansible/minio/backup-policy.yml b/ansible/minio/backup-policy.yml
deleted file mode 100644
index e0b8376..0000000
--- a/ansible/minio/backup-policy.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-- register: policy
- when: host.state == 'present'
- local_action:
- module: copy
- dest: minio/policies/backup-{{ hostname }}.json
- content: |
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": [
- "s3:ListBucket"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:s3:::backup-{{ hostname }}/*"
- ],
- "Sid": ""
- },
- {
- "Action": [
- "s3:GetObject",
- "s3:DeleteObject",
- "s3:PutObject"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:s3:::backup-{{ hostname }}/*"
- ],
- "Sid": ""
- }
- ]
- }
-
-- name: Registering policy
- when: policy.changed
- command: mc admin policy add {{ minio_config }} backup-{{ hostname }} minio/policies/backup-{{ hostname }}.json
-
-- name: checking if bucked exists
- command: mc ls --json "{{ minio_config }}"
- register: cmd_ls
- failed_when: false
-
-#- debug: var=foo
-# vars:
-# foo: "{{ cmd_ls.stdout_lines | map('from_json') | list }}"
-
-#- debug: var=foo
-# vars:
-# foo: "{{ cmd_ls.stdout_lines | map('from_json') | list | json_query('[?key==`backup-' + hostname + '/`]') }}"
-
-- name: Creating backup bucket
- vars:
- len: "{{ cmd_ls.stdout_lines | map('from_json') | list | json_query('[?key==`backup-' + hostname + '/`]') | length }}"
- when: len == "0"
- command: mc mb {{ minio_config }}/backup-{{ hostname }}
-
-- name: Removing policy file
- when: host.state != 'present'
- register: removed
- file:
- path: minio/policies/backup-{{ hostname }}.json
- state: absent
-
-- name: Unregistering policy
- when: removed.changed
- command: mc admin policy remove {{ minio_config }} backup-{{ hostname }}
diff --git a/ansible/minio/group_vars/all/vault.yml b/ansible/minio/group_vars/all/vault.yml
new file mode 100644
index 0000000..f8c5f3c
--- /dev/null
+++ b/ansible/minio/group_vars/all/vault.yml
@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+37316439376635346334323665326364636264623536646662346333333831356233386266326565
+6666613663303766373933346233323831333065353266630a363062333237323736636138643563
+39613864326262323138326236633163616366363635306335323331663636313332383538343434
+3364623632383033380a303332666165393031333237333533616233353936353337633266386336
+39363066396362343531373138353562626430626435386361653036313330363037326139663666
+34646530386537613162373931373462653463336136643232343261653961653434363631613964
+36373239393436366133663065343930343064623336323364333437626132326134653336623135
+62303930623135303933343634666439643935643966323937303266313463346538613163646532
+62353336323132376339616230636637636530353537363064666361303138633664343462613161
+61653566343537636162376463323731343236656637363631333262386631363666323136303165
+66366336326666653266363538653937333535643262316566653365316663393962366364663738
+37613136333634303330
diff --git a/ansible/minio/minio.yml b/ansible/minio/minio.yml
new file mode 100644
index 0000000..d4687a6
--- /dev/null
+++ b/ansible/minio/minio.yml
@@ -0,0 +1,19 @@
+- hosts:
+ - birgitte
+ vars:
+ minio_zfs: "pool1/minio/data"
+ minio_data: "/{{ minio_zfs }}"
+ minio_version: RELEASE.2020-12-29T23-29-29Z
+ tasks:
+ - name: ZFS for minio
+ become: yes
+ zfs:
+ name: "{{ minio_zfs }}"
+ state: present
+
+ - import_role:
+ name: docker-service
+ tags: docker-service
+ vars:
+ service: minio
+ template: templates/docker-compose.yml
diff --git a/ansible/minio/policies/backup-conflatorio.json b/ansible/minio/policies/backup-conflatorio.json
deleted file mode 100644
index 97ea158..0000000
--- a/ansible/minio/policies/backup-conflatorio.json
+++ /dev/null
@@ -1 +0,0 @@
-{"Version": "2012-10-17", "Statement": [{"Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::backup-conflatorio/*"], "Effect": "Allow", "Sid": ""}, {"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"], "Resource": ["arn:aws:s3:::backup-conflatorio/*"], "Effect": "Allow", "Sid": ""}]} \ No newline at end of file
diff --git a/ansible/minio/policies/backup-fuckaduck.json b/ansible/minio/policies/backup-fuckaduck.json
deleted file mode 100644
index 0f25369..0000000
--- a/ansible/minio/policies/backup-fuckaduck.json
+++ /dev/null
@@ -1 +0,0 @@
-{"Version": "2012-10-17", "Statement": [{"Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::backup-fuckaduck/*"], "Effect": "Allow", "Sid": ""}, {"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"], "Resource": ["arn:aws:s3:::backup-fuckaduck/*"], "Effect": "Allow", "Sid": ""}]} \ No newline at end of file
diff --git a/ansible/minio/templates/docker-compose.yml b/ansible/minio/templates/docker-compose.yml
new file mode 100644
index 0000000..4377d0b
--- /dev/null
+++ b/ansible/minio/templates/docker-compose.yml
@@ -0,0 +1,17 @@
+version: "3"
+services:
+ minio:
+ image: minio/minio:{{ minio_version }}
+ environment:
+ # It seems like minio want to replace access_key/secret_key with root_, but it doesn't work yet.
+ MINIO_ROOT_USER: {{ MINIO_ROOT_USER }}
+ MINIO_ROOT_PASSWORD: {{ MINIO_ROOT_PASSWORD }}
+ MINIO_ACCESS_KEY: {{ MINIO_ROOT_USER }}
+ MINIO_SECRET_KEY: {{ MINIO_ROOT_PASSWORD }}
+ command:
+ - server
+ - /data
+ ports:
+ - "9000:9000"
+ volumes:
+ - {{ minio_data }}:/data
diff --git a/ansible/minio/vars.yml b/ansible/minio/vars.yml
deleted file mode 100644
index 67f65f6..0000000
--- a/ansible/minio/vars.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38623132333131643666333832396131366536303864616161386562613735383938643566663639
-6562383332623834623538313262323765353666313562640a303538383939376231366537613433
-65333766303731323661366437313132333332373130386637306537613332653264383330313931
-6131303363386639650a363963323031626565306366313961353632656362346538316161313662
-31636562323135323733303266303364616139333663663334343766303163613265643066663039
-33613030373636636637666164316438623864316363383534633832613338393965646135643166
-35313361643334646363346539393464396131373230376632336133383362353135616131643961
-65646361303735656432343263663332333736346636646633376463316338316331316564643835
-36623030306538613536393463343763363062626465383637386662653239386265663932376131
-37376432353866343738383331353065613066616431393666326135363130663734303237303864
-39323065663935373863643530333938383931393234646164633334376362323263383932623834
-61613236656238666465393337333361623131633031353137316366303564313364663737346562
-65646530303965633561363539626234643337313733643231363764303731613030386565346163
-33323765363533633564303064396533396536323265323537373136656438373039363664336236
-39393366353930383531366630343034303935393231643538343964643232663538386337666130
-66346433656237663738356563343264363636333662366332373533643535323335356166393531
-61396336396362346461333236646138376365623964336138343431336564303864626639666330
-65613039666262303761306631303539663534343032376164393732616465663961356364636138
-35633134323639386630316166613431323463353535336531353866633065393162313561623936
-63623930613162373765643639313966376231643136333639363563356434346461653066626331
-66653965386664623431313738343462363533356631636665623361343261666437363833623335
-35343434336261353533666132353032626235633864653361613266373035363062356139393261
-30336362373562313436623665343964613161366630323365613438313963303263646136626130
-63626562666331333331623236366532393965343366383330396138666365623135356336626232
-64373234626339313537653362646566643762386534393034663436633864343935633539353935
-36376661336333653065306534643534666565656539353732623063346538616365383733646135
-38633662356231393137363532346130363163373365346634383130353136383031626361306230
-62663336323438346361393531303563646436643962653361343330386334623032346132383263
-38303262303162323137646631313430396634666534373261326330623235626538373861393731
-37303838636565666133396534663562376335346563336334643964346539613266646266633866
-62643263623639666163623763386265386337323435363761666164353466333333376132366166
-34373135326130383839313561393933646236623830356232636162373465346266356230303132
-65306638313737633564373938313564313436333061636536643765323031323763633131303131
-39633236656362386266633831333762366230336231613363373332396139373864646437636436
-61373666373664366133366563643731386138643463313436393239626563386633336632656231
-31616530646337393161623735636239356137646539356633353933366230643366316332663833
-37306531353837326664323430316635393333353366643165393964326431663366356535646431
-3535373634326239356561356562386466363636393238643766
diff --git a/ansible/requirements.txt b/ansible/requirements.txt
index 4375bc0..42251bf 100644
--- a/ansible/requirements.txt
+++ b/ansible/requirements.txt
@@ -1 +1,2 @@
mitogen==0.2.9
+pyyaml==5.3.1
diff --git a/ansible/terraform-to-ansible-inventory.py b/ansible/terraform-to-ansible-inventory.py
new file mode 100644
index 0000000..25b402b
--- /dev/null
+++ b/ansible/terraform-to-ansible-inventory.py
@@ -0,0 +1,13 @@
+from collections.abc import Iterable
+import os
+import sys
+import json
+
+j = blob = json.load(sys.stdin)
+
+new = {}
+for k, v in blob.items():
+ new[k] = v["value"]
+
+new = {"all": {"vars": new}}
+json.dump(new, fp=sys.stdout)