diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-09 12:33:17 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-09 12:33:17 +0100 |
commit | 16795884f3e915ed6d8b086fd5b6b93fc4858a27 (patch) | |
tree | 2043154f60fd396e5ee9f572df0dc9112f46feff /ansible | |
parent | 4dd314376968d99abe67e1c49ad8032d3a2b96c2 (diff) | |
parent | 5b1279c3dd28a2c0252624c36e937c59db15270d (diff) | |
download | infra-16795884f3e915ed6d8b086fd5b6b93fc4858a27.tar.gz infra-16795884f3e915ed6d8b086fd5b6b93fc4858a27.tar.bz2 infra-16795884f3e915ed6d8b086fd5b6b93fc4858a27.tar.xz infra-16795884f3e915ed6d8b086fd5b6b93fc4858a27.zip |
Merge branch 'master' of trygvis.io:git/infra
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/ansible.cfg | 4 | ||||
-rw-r--r-- | ansible/minio-policies.yml | 49 | ||||
-rw-r--r-- | ansible/minio/backup-policy.yml | 67 | ||||
-rw-r--r-- | ansible/minio/group_vars/all/vault.yml | 13 | ||||
-rw-r--r-- | ansible/minio/minio.yml | 19 | ||||
-rw-r--r-- | ansible/minio/policies/backup-conflatorio.json | 1 | ||||
-rw-r--r-- | ansible/minio/policies/backup-fuckaduck.json | 1 | ||||
-rw-r--r-- | ansible/minio/templates/docker-compose.yml | 17 | ||||
-rw-r--r-- | ansible/minio/vars.yml | 39 | ||||
-rw-r--r-- | ansible/requirements.txt | 1 | ||||
-rw-r--r-- | ansible/terraform-to-ansible-inventory.py | 13 |
11 files changed, 65 insertions, 159 deletions
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 4712f76..e7dde87 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,12 +1,12 @@ [defaults] become_method = sudo connection_plugins = ./connection_plugins -inventory = ./inventory +inventory = ./inventory,./inventory-terraform nocows = True stdout_callback = debug vault_password_file = ./.vault-password roles_path = roles:thirdparty retry_files_enabled = False -strategy_plugins = env/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy +strategy_plugins = env/lib/python3.9/site-packages/ansible_mitogen/plugins/strategy strategy = mitogen_linear diff --git a/ansible/minio-policies.yml b/ansible/minio-policies.yml deleted file mode 100644 index 536314c..0000000 --- a/ansible/minio-policies.yml +++ /dev/null @@ -1,49 +0,0 @@ -- hosts: localhost - tasks: - - command: mc admin user list --json "{{ minio_config }}" - register: cmd_users - # - debug: var=cmd_users.stdout - -- hosts: localhost - tasks: - - with_items: "{{ backup_policies }}" - include_tasks: minio/backup-policy.yml - vars: - hostname: "{{ item }}" - host: "{{ minio_users['backup-' + item] }}" - -- hosts: localhost - vars: - registered_minio_users: "{{ cmd_users.stdout_lines | map('from_json') | list }}" - present_users: "{{ minio_users | dict2items | json_query('[] | [?value.state == `present`]') | items2dict }}" - absent_users: "{{ minio_users | dict2items | json_query('[] | [?value.state == `absent`]') | items2dict }}" - tasks: - - name: all present users - debug: - msg: "{{ present_users | join(', ') }}" - when: false - - - name: all absent users - debug: - msg: "{{ absent_users | join(', ') }}" - when: false - - - name: all minio users - debug: - msg: "{{ registered_minio_users }}" - when: false - - - name: Adding user to Minio - command: "mc admin user add {{ minio_config }} {{ item }} {{ user.secret }} {{ user.policy }}" - when: user_count == "0" - vars: - user: "{{ minio_users[item] }}" - user_count: "{{ registered_minio_users | json_query('[] | [?accessKey == `' + item + '`]') | length }}" - with_items: "{{ present_users }}" - - - name: Removing user from Minio - command: "mc admin user remove {{ minio_config }} {{ item }}" - when: user_count - vars: - user_count: "{{ registered_minio_users | json_query('[] | [?accessKey == `' + item + '`]') | length }}" - with_items: "{{ absent_users }}" diff --git a/ansible/minio/backup-policy.yml b/ansible/minio/backup-policy.yml deleted file mode 100644 index e0b8376..0000000 --- a/ansible/minio/backup-policy.yml +++ /dev/null @@ -1,67 +0,0 @@ -- register: policy - when: host.state == 'present' - local_action: - module: copy - dest: minio/policies/backup-{{ hostname }}.json - content: | - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::backup-{{ hostname }}/*" - ], - "Sid": "" - }, - { - "Action": [ - "s3:GetObject", - "s3:DeleteObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::backup-{{ hostname }}/*" - ], - "Sid": "" - } - ] - } - -- name: Registering policy - when: policy.changed - command: mc admin policy add {{ minio_config }} backup-{{ hostname }} minio/policies/backup-{{ hostname }}.json - -- name: checking if bucked exists - command: mc ls --json "{{ minio_config }}" - register: cmd_ls - failed_when: false - -#- debug: var=foo -# vars: -# foo: "{{ cmd_ls.stdout_lines | map('from_json') | list }}" - -#- debug: var=foo -# vars: -# foo: "{{ cmd_ls.stdout_lines | map('from_json') | list | json_query('[?key==`backup-' + hostname + '/`]') }}" - -- name: Creating backup bucket - vars: - len: "{{ cmd_ls.stdout_lines | map('from_json') | list | json_query('[?key==`backup-' + hostname + '/`]') | length }}" - when: len == "0" - command: mc mb {{ minio_config }}/backup-{{ hostname }} - -- name: Removing policy file - when: host.state != 'present' - register: removed - file: - path: minio/policies/backup-{{ hostname }}.json - state: absent - -- name: Unregistering policy - when: removed.changed - command: mc admin policy remove {{ minio_config }} backup-{{ hostname }} diff --git a/ansible/minio/group_vars/all/vault.yml b/ansible/minio/group_vars/all/vault.yml new file mode 100644 index 0000000..f8c5f3c --- /dev/null +++ b/ansible/minio/group_vars/all/vault.yml @@ -0,0 +1,13 @@ +$ANSIBLE_VAULT;1.1;AES256 +37316439376635346334323665326364636264623536646662346333333831356233386266326565 +6666613663303766373933346233323831333065353266630a363062333237323736636138643563 +39613864326262323138326236633163616366363635306335323331663636313332383538343434 +3364623632383033380a303332666165393031333237333533616233353936353337633266386336 +39363066396362343531373138353562626430626435386361653036313330363037326139663666 +34646530386537613162373931373462653463336136643232343261653961653434363631613964 +36373239393436366133663065343930343064623336323364333437626132326134653336623135 +62303930623135303933343634666439643935643966323937303266313463346538613163646532 +62353336323132376339616230636637636530353537363064666361303138633664343462613161 +61653566343537636162376463323731343236656637363631333262386631363666323136303165 +66366336326666653266363538653937333535643262316566653365316663393962366364663738 +37613136333634303330 diff --git a/ansible/minio/minio.yml b/ansible/minio/minio.yml new file mode 100644 index 0000000..d4687a6 --- /dev/null +++ b/ansible/minio/minio.yml @@ -0,0 +1,19 @@ +- hosts: + - birgitte + vars: + minio_zfs: "pool1/minio/data" + minio_data: "/{{ minio_zfs }}" + minio_version: RELEASE.2020-12-29T23-29-29Z + tasks: + - name: ZFS for minio + become: yes + zfs: + name: "{{ minio_zfs }}" + state: present + + - import_role: + name: docker-service + tags: docker-service + vars: + service: minio + template: templates/docker-compose.yml diff --git a/ansible/minio/policies/backup-conflatorio.json b/ansible/minio/policies/backup-conflatorio.json deleted file mode 100644 index 97ea158..0000000 --- a/ansible/minio/policies/backup-conflatorio.json +++ /dev/null @@ -1 +0,0 @@ -{"Version": "2012-10-17", "Statement": [{"Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::backup-conflatorio/*"], "Effect": "Allow", "Sid": ""}, {"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"], "Resource": ["arn:aws:s3:::backup-conflatorio/*"], "Effect": "Allow", "Sid": ""}]}
\ No newline at end of file diff --git a/ansible/minio/policies/backup-fuckaduck.json b/ansible/minio/policies/backup-fuckaduck.json deleted file mode 100644 index 0f25369..0000000 --- a/ansible/minio/policies/backup-fuckaduck.json +++ /dev/null @@ -1 +0,0 @@ -{"Version": "2012-10-17", "Statement": [{"Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::backup-fuckaduck/*"], "Effect": "Allow", "Sid": ""}, {"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"], "Resource": ["arn:aws:s3:::backup-fuckaduck/*"], "Effect": "Allow", "Sid": ""}]}
\ No newline at end of file diff --git a/ansible/minio/templates/docker-compose.yml b/ansible/minio/templates/docker-compose.yml new file mode 100644 index 0000000..4377d0b --- /dev/null +++ b/ansible/minio/templates/docker-compose.yml @@ -0,0 +1,17 @@ +version: "3" +services: + minio: + image: minio/minio:{{ minio_version }} + environment: + # It seems like minio want to replace access_key/secret_key with root_, but it doesn't work yet. + MINIO_ROOT_USER: {{ MINIO_ROOT_USER }} + MINIO_ROOT_PASSWORD: {{ MINIO_ROOT_PASSWORD }} + MINIO_ACCESS_KEY: {{ MINIO_ROOT_USER }} + MINIO_SECRET_KEY: {{ MINIO_ROOT_PASSWORD }} + command: + - server + - /data + ports: + - "9000:9000" + volumes: + - {{ minio_data }}:/data diff --git a/ansible/minio/vars.yml b/ansible/minio/vars.yml deleted file mode 100644 index 67f65f6..0000000 --- a/ansible/minio/vars.yml +++ /dev/null @@ -1,39 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -38623132333131643666333832396131366536303864616161386562613735383938643566663639 -6562383332623834623538313262323765353666313562640a303538383939376231366537613433 -65333766303731323661366437313132333332373130386637306537613332653264383330313931 -6131303363386639650a363963323031626565306366313961353632656362346538316161313662 -31636562323135323733303266303364616139333663663334343766303163613265643066663039 -33613030373636636637666164316438623864316363383534633832613338393965646135643166 -35313361643334646363346539393464396131373230376632336133383362353135616131643961 -65646361303735656432343263663332333736346636646633376463316338316331316564643835 -36623030306538613536393463343763363062626465383637386662653239386265663932376131 -37376432353866343738383331353065613066616431393666326135363130663734303237303864 -39323065663935373863643530333938383931393234646164633334376362323263383932623834 -61613236656238666465393337333361623131633031353137316366303564313364663737346562 -65646530303965633561363539626234643337313733643231363764303731613030386565346163 -33323765363533633564303064396533396536323265323537373136656438373039363664336236 -39393366353930383531366630343034303935393231643538343964643232663538386337666130 -66346433656237663738356563343264363636333662366332373533643535323335356166393531 -61396336396362346461333236646138376365623964336138343431336564303864626639666330 -65613039666262303761306631303539663534343032376164393732616465663961356364636138 -35633134323639386630316166613431323463353535336531353866633065393162313561623936 -63623930613162373765643639313966376231643136333639363563356434346461653066626331 -66653965386664623431313738343462363533356631636665623361343261666437363833623335 -35343434336261353533666132353032626235633864653361613266373035363062356139393261 -30336362373562313436623665343964613161366630323365613438313963303263646136626130 -63626562666331333331623236366532393965343366383330396138666365623135356336626232 -64373234626339313537653362646566643762386534393034663436633864343935633539353935 -36376661336333653065306534643534666565656539353732623063346538616365383733646135 -38633662356231393137363532346130363163373365346634383130353136383031626361306230 -62663336323438346361393531303563646436643962653361343330386334623032346132383263 -38303262303162323137646631313430396634666534373261326330623235626538373861393731 -37303838636565666133396534663562376335346563336334643964346539613266646266633866 -62643263623639666163623763386265386337323435363761666164353466333333376132366166 -34373135326130383839313561393933646236623830356232636162373465346266356230303132 -65306638313737633564373938313564313436333061636536643765323031323763633131303131 -39633236656362386266633831333762366230336231613363373332396139373864646437636436 -61373666373664366133366563643731386138643463313436393239626563386633336632656231 -31616530646337393161623735636239356137646539356633353933366230643366316332663833 -37306531353837326664323430316635393333353366643165393964326431663366356535646431 -3535373634326239356561356562386466363636393238643766 diff --git a/ansible/requirements.txt b/ansible/requirements.txt index 4375bc0..42251bf 100644 --- a/ansible/requirements.txt +++ b/ansible/requirements.txt @@ -1 +1,2 @@ mitogen==0.2.9 +pyyaml==5.3.1 diff --git a/ansible/terraform-to-ansible-inventory.py b/ansible/terraform-to-ansible-inventory.py new file mode 100644 index 0000000..25b402b --- /dev/null +++ b/ansible/terraform-to-ansible-inventory.py @@ -0,0 +1,13 @@ +from collections.abc import Iterable +import os +import sys +import json + +j = blob = json.load(sys.stdin) + +new = {} +for k, v in blob.items(): + new[k] = v["value"] + +new = {"all": {"vars": new}} +json.dump(new, fp=sys.stdout) |