aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ansible/README.md6
-rw-r--r--ansible/host_vars/sz-test/sz_ds_secret.yml11
-rw-r--r--ansible/inventory8
-rw-r--r--ansible/roles/sz-ds/files/opt/sz-ds/bash_profile1
-rw-r--r--ansible/roles/sz-ds/tasks/main.yml87
-rw-r--r--ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j27
-rw-r--r--ansible/roles/sz-ds/vars/main.yml1
-rw-r--r--ansible/sz-ds.yml12
8 files changed, 133 insertions, 0 deletions
diff --git a/ansible/README.md b/ansible/README.md
index 6549229..a59cdd2 100644
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -1,3 +1,9 @@
# lxc_ssh
https://github.com/andreasscherbaum/ansible-lxc-ssh
+
+# Creating new LXC hosts
+
+ lxc-create --name=NAME --template=debian -- -r stretch --packages sudo python
+
+The extra packages is required for ansible.
diff --git a/ansible/host_vars/sz-test/sz_ds_secret.yml b/ansible/host_vars/sz-test/sz_ds_secret.yml
new file mode 100644
index 0000000..363ea10
--- /dev/null
+++ b/ansible/host_vars/sz-test/sz_ds_secret.yml
@@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.1;AES256
+36303735636233613065646536656665316438326662313364393430633835616337623732663761
+3766386539393361653936663563313134343438333431610a363336336135613365336466346431
+38623134613735663261306362613362643166616530316531306432383231643039613638623039
+6466363935386633310a366665373935356564653839656333653362393362396636633930333233
+34366663336132303031393363336636373364623931323130623461636433666637343432316562
+38376238373432353631366366303866346532393462336261336266303632613563623864376237
+63303762393964373664623533383761356164316332373036306231663966646465373236303239
+63346637356636356362623135636665313639353564306463656438666530333533326561383062
+61666238396661373465653432653861356634353735373932653537363533613962393331356333
+3863613333386230386363393737613633383436313332393734
diff --git a/ansible/inventory b/ansible/inventory
index 3bb637e..721d827 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -11,5 +11,13 @@ all:
ansible_host: knot.trygvis.io
ansible_connection: lxc_ssh
ansible_ssh_extra_args: mw
+ sz-prod:
+ ansible_host: knot.trygvis.io
+ ansible_connection: lxc_ssh
+ ansible_ssh_extra_args: sz-prod
+ sz-test:
+ ansible_host: knot.trygvis.io
+ ansible_connection: lxc_ssh
+ ansible_ssh_extra_args: sz-test
# vim: set filetype=yaml:
diff --git a/ansible/roles/sz-ds/files/opt/sz-ds/bash_profile b/ansible/roles/sz-ds/files/opt/sz-ds/bash_profile
new file mode 100644
index 0000000..7f0ff69
--- /dev/null
+++ b/ansible/roles/sz-ds/files/opt/sz-ds/bash_profile
@@ -0,0 +1 @@
+PATH=$HOME/bin:$PATH
diff --git a/ansible/roles/sz-ds/tasks/main.yml b/ansible/roles/sz-ds/tasks/main.yml
new file mode 100644
index 0000000..9e55292
--- /dev/null
+++ b/ansible/roles/sz-ds/tasks/main.yml
@@ -0,0 +1,87 @@
+- name: misc packages
+ tags: packages
+ apt:
+ name: "{{ item }}"
+ install_recommends: no
+ with_items:
+ - python-psycopg2
+ - python3-psycopg2
+
+- name: accounts for sz-ds
+ tags: user
+ block:
+ - name: create sz-ds user
+ user:
+ name: sz-ds
+ shell: "/bin/bash"
+ createhome: no
+ home: /opt/sz-ds
+ system: yes
+ - file:
+ state: directory
+ path: /opt/sz-ds
+ owner: sz-ds
+ mode: u=rwx,go=
+ - file:
+ state: directory
+ path: /opt/sz-ds/bin
+ - copy:
+ src: opt/sz-ds/bash_profile
+ dest: /opt/sz-ds/.bash_profile
+
+- name: flyway for sz-ds
+ tags: flyway
+ block:
+ - name: mkdir /opt/sz-ds/flyway
+ file:
+ state: directory
+ path: /opt/sz-ds/flyway
+ - template:
+ src: opt/sz-ds/bin/flyway.j2
+ dest: /opt/sz-ds/bin/flyway
+ mode: a=rx
+ - name: Download and extract Flyway {{ flyway_version }}
+ unarchive:
+ src: "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/{{ flyway_version }}/flyway-commandline-{{ flyway_version }}.zip"
+ dest: /opt/sz-ds/flyway
+ creates: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}"
+ remote_src: yes
+ - file:
+ path: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}/flyway"
+ mode: a=rx
+ # flyway.conf is created later
+- name: sz-ds database
+ tags: sz-ds-pg
+ become: yes
+ become_user: postgres
+ vars:
+ ansible_ssh_pipelining: true
+ block:
+ - name: sz-ds
+ postgresql_user:
+ name: sz-ds
+ role_attr_flags: "NOLOGIN"
+ - name: sz-ds-flyway
+ tags: update-password
+ postgresql_user:
+ name: sz-ds-flyway
+ password: "{{ sz_ds_secret.db_password_flyway }}"
+ encrypted: yes
+ - name: sz-ds-web
+ tags: update-password
+ postgresql_user:
+ name: sz-ds-web
+ password: "{{ sz_ds_secret.db_password_web }}"
+ encrypted: yes
+ - name: sz-ds db
+ postgresql_db:
+ name: "sz-ds"
+ encoding: "utf-8"
+ owner: "sz-ds"
+ - postgresql_privs:
+ database: sz-ds
+ state: present
+ privs: USAGE
+ type: schema
+ objs: public
+ roles: sz-ds-web,sz-ds-flyway
diff --git a/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 b/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2
new file mode 100644
index 0000000..8113d96
--- /dev/null
+++ b/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+v="{{ flyway_version }}"
+flyway="/opt/p2k16/flyway/flyway-$v/flyway"
+exec "$flyway" -configFile=/etc/p2k16/flyway.conf "$@"
diff --git a/ansible/roles/sz-ds/vars/main.yml b/ansible/roles/sz-ds/vars/main.yml
new file mode 100644
index 0000000..3b674b4
--- /dev/null
+++ b/ansible/roles/sz-ds/vars/main.yml
@@ -0,0 +1 @@
+flyway_version: "4.2.0"
diff --git a/ansible/sz-ds.yml b/ansible/sz-ds.yml
new file mode 100644
index 0000000..2566f4c
--- /dev/null
+++ b/ansible/sz-ds.yml
@@ -0,0 +1,12 @@
+---
+- hosts:
+ - sz-prod
+ - sz-test
+ roles:
+ - timezone
+ - lxc-machine
+ tasks:
+ - name: postgresql-server
+ import_role: name=postgresql-server
+ - name: sz-ds
+ import_role: name=sz-ds