diff options
-rw-r--r-- | ansible/README.md | 6 | ||||
-rw-r--r-- | ansible/host_vars/sz-test/sz_ds_secret.yml | 11 | ||||
-rw-r--r-- | ansible/inventory | 8 | ||||
-rw-r--r-- | ansible/roles/sz-ds/files/opt/sz-ds/bash_profile | 1 | ||||
-rw-r--r-- | ansible/roles/sz-ds/tasks/main.yml | 87 | ||||
-rw-r--r-- | ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 | 7 | ||||
-rw-r--r-- | ansible/roles/sz-ds/vars/main.yml | 1 | ||||
-rw-r--r-- | ansible/sz-ds.yml | 12 |
8 files changed, 133 insertions, 0 deletions
diff --git a/ansible/README.md b/ansible/README.md index 6549229..a59cdd2 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -1,3 +1,9 @@ # lxc_ssh https://github.com/andreasscherbaum/ansible-lxc-ssh + +# Creating new LXC hosts + + lxc-create --name=NAME --template=debian -- -r stretch --packages sudo python + +The extra packages is required for ansible. diff --git a/ansible/host_vars/sz-test/sz_ds_secret.yml b/ansible/host_vars/sz-test/sz_ds_secret.yml new file mode 100644 index 0000000..363ea10 --- /dev/null +++ b/ansible/host_vars/sz-test/sz_ds_secret.yml @@ -0,0 +1,11 @@ +$ANSIBLE_VAULT;1.1;AES256 +36303735636233613065646536656665316438326662313364393430633835616337623732663761 +3766386539393361653936663563313134343438333431610a363336336135613365336466346431 +38623134613735663261306362613362643166616530316531306432383231643039613638623039 +6466363935386633310a366665373935356564653839656333653362393362396636633930333233 +34366663336132303031393363336636373364623931323130623461636433666637343432316562 +38376238373432353631366366303866346532393462336261336266303632613563623864376237 +63303762393964373664623533383761356164316332373036306231663966646465373236303239 +63346637356636356362623135636665313639353564306463656438666530333533326561383062 +61666238396661373465653432653861356634353735373932653537363533613962393331356333 +3863613333386230386363393737613633383436313332393734 diff --git a/ansible/inventory b/ansible/inventory index 3bb637e..721d827 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -11,5 +11,13 @@ all: ansible_host: knot.trygvis.io ansible_connection: lxc_ssh ansible_ssh_extra_args: mw + sz-prod: + ansible_host: knot.trygvis.io + ansible_connection: lxc_ssh + ansible_ssh_extra_args: sz-prod + sz-test: + ansible_host: knot.trygvis.io + ansible_connection: lxc_ssh + ansible_ssh_extra_args: sz-test # vim: set filetype=yaml: diff --git a/ansible/roles/sz-ds/files/opt/sz-ds/bash_profile b/ansible/roles/sz-ds/files/opt/sz-ds/bash_profile new file mode 100644 index 0000000..7f0ff69 --- /dev/null +++ b/ansible/roles/sz-ds/files/opt/sz-ds/bash_profile @@ -0,0 +1 @@ +PATH=$HOME/bin:$PATH diff --git a/ansible/roles/sz-ds/tasks/main.yml b/ansible/roles/sz-ds/tasks/main.yml new file mode 100644 index 0000000..9e55292 --- /dev/null +++ b/ansible/roles/sz-ds/tasks/main.yml @@ -0,0 +1,87 @@ +- name: misc packages + tags: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - python-psycopg2 + - python3-psycopg2 + +- name: accounts for sz-ds + tags: user + block: + - name: create sz-ds user + user: + name: sz-ds + shell: "/bin/bash" + createhome: no + home: /opt/sz-ds + system: yes + - file: + state: directory + path: /opt/sz-ds + owner: sz-ds + mode: u=rwx,go= + - file: + state: directory + path: /opt/sz-ds/bin + - copy: + src: opt/sz-ds/bash_profile + dest: /opt/sz-ds/.bash_profile + +- name: flyway for sz-ds + tags: flyway + block: + - name: mkdir /opt/sz-ds/flyway + file: + state: directory + path: /opt/sz-ds/flyway + - template: + src: opt/sz-ds/bin/flyway.j2 + dest: /opt/sz-ds/bin/flyway + mode: a=rx + - name: Download and extract Flyway {{ flyway_version }} + unarchive: + src: "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/{{ flyway_version }}/flyway-commandline-{{ flyway_version }}.zip" + dest: /opt/sz-ds/flyway + creates: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}" + remote_src: yes + - file: + path: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}/flyway" + mode: a=rx + # flyway.conf is created later +- name: sz-ds database + tags: sz-ds-pg + become: yes + become_user: postgres + vars: + ansible_ssh_pipelining: true + block: + - name: sz-ds + postgresql_user: + name: sz-ds + role_attr_flags: "NOLOGIN" + - name: sz-ds-flyway + tags: update-password + postgresql_user: + name: sz-ds-flyway + password: "{{ sz_ds_secret.db_password_flyway }}" + encrypted: yes + - name: sz-ds-web + tags: update-password + postgresql_user: + name: sz-ds-web + password: "{{ sz_ds_secret.db_password_web }}" + encrypted: yes + - name: sz-ds db + postgresql_db: + name: "sz-ds" + encoding: "utf-8" + owner: "sz-ds" + - postgresql_privs: + database: sz-ds + state: present + privs: USAGE + type: schema + objs: public + roles: sz-ds-web,sz-ds-flyway diff --git a/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 b/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 new file mode 100644 index 0000000..8113d96 --- /dev/null +++ b/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e + +v="{{ flyway_version }}" +flyway="/opt/p2k16/flyway/flyway-$v/flyway" +exec "$flyway" -configFile=/etc/p2k16/flyway.conf "$@" diff --git a/ansible/roles/sz-ds/vars/main.yml b/ansible/roles/sz-ds/vars/main.yml new file mode 100644 index 0000000..3b674b4 --- /dev/null +++ b/ansible/roles/sz-ds/vars/main.yml @@ -0,0 +1 @@ +flyway_version: "4.2.0" diff --git a/ansible/sz-ds.yml b/ansible/sz-ds.yml new file mode 100644 index 0000000..2566f4c --- /dev/null +++ b/ansible/sz-ds.yml @@ -0,0 +1,12 @@ +--- +- hosts: + - sz-prod + - sz-test + roles: + - timezone + - lxc-machine + tasks: + - name: postgresql-server + import_role: name=postgresql-server + - name: sz-ds + import_role: name=sz-ds |