python-support-infra/stacks/mesh/playbook.yml

#################### 
# - Stop the Stack
#################### 
- hosts: leader
  become: "true"
  vars:
    stack_name: "mesh"
  tasks:
    - name: "Stop Stack: {{ stack_name }}"
      community.docker.docker_stack:
        state: "absent"
        absent_retries: 15
        name: "{{ stack_name }}"
    
    - name: "Pause to Let Stack Stop"
      pause:
        seconds: 5


#################### 
# - Volume Creation
#################### 
- hosts: swarm
  become: "true"
  vars:
    cloudflare_b0__access_key_id: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/r2/mesh__traefik_certs/access_key_id') }}"
    cloudflare_b0__secret_access_key: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/r2/mesh__traefik_certs/secret_access_key') }}"
    cloudflare_b0__endpoint: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/r2/mesh__traefik_certs/endpoint') }}"
  
  tasks:
    - name: "Unmount Volume: mesh__traefik_certs"
      community.docker.docker_volume:
        state: "absent"
        name: "mesh__traefik_certs"
        driver: "rclone"
    
    - name: "Pause to Let Volume Unmount"
      pause:
        seconds: 5
    
    - name: "Mount Volume: mesh__traefik_certs"
      community.docker.docker_volume:
        state: "present"
        name: "mesh__traefik_certs"
        driver: "rclone"
        driver_options:
          remote: ":s3:mesh--traefik-certs"
          uid: "5000"
          gid: "5000"
          s3_provider: "Cloudflare"
          s3_access_key_id: "{{ cloudflare_b0__access_key_id }}"
          s3_secret_access_key: "{{ cloudflare_b0__secret_access_key }}"
          s3_region: "auto"
          s3_endpoint: "{{ cloudflare_b0__endpoint }}"
          s3_acl: "private"
          vfs_cache_mode: "full"
    
#################### 
# - Deployment
#################### 
- hosts: leader
  become: "true"
  vars:
    email_letsencrypt: "s174509@dtu.dk"

    stack_name: "mesh"
    stack_configs:
      - "mesh__traefik_static.toml"
      - "mesh__traefik_tls.toml"
      - "mesh__traefik_default_middlewares.toml"
      - "mesh__stack_site-support.toml"
  
  tasks:
    #################### 
    # - Network Creation
    #################### 
    - name: "Create Network: mesh_public"
      community.docker.docker_network:
        state: "present"
        name: "mesh_public"
        driver: "overlay"
        scope: "swarm"
        attachable: true
        appends: true
        
    
    #################### 
    # - Configs Creation
    #################### 
    - name: "Create Docker Configs"
      community.docker.docker_config:
        state: "present"
        name: "{{ item }}"
        data: "{{ lookup('template', './configs/' ~ item) | b64encode }}"
        data_is_b64: "true"
      with_items: "{{ stack_configs }}"
      
    #################### 
    # - Stack Deployment
    #################### 
    - name: "Upload Stack to /tmp"
      template:
        src: "./docker-compose.yml"
        dest: "/tmp/{{ stack_name }}.yml"
        owner: "root"
        group: "root"
        mode: "0640"
    
    - name: "Deploy Stack: {{ stack_name }}"
      community.docker.docker_stack:
        state: "present"
        prune: "true"
        name: "{{ stack_name }}"
        compose:
          - "/tmp/{{ stack_name }}.yml"
    
    - name: "Delete /tmp Stack"
      ansible.builtin.file:
        path: "/tmp/{{ stack_name }}.yml"
        state: "absent"
feat: Working minimal, reproducible infrastructure. 2023-08-13 04:49:19 +02:00			`####################`
			`# - Stop the Stack`
			`####################`
			`- hosts: leader`
			`become: "true"`
			`vars:`
			`stack_name: "mesh"`
			`tasks:`
			`- name: "Stop Stack: {{ stack_name }}"`
			`community.docker.docker_stack:`
			`state: "absent"`
			`absent_retries: 15`
			`name: "{{ stack_name }}"`

			`- name: "Pause to Let Stack Stop"`
			`pause:`
			`seconds: 5`


			`####################`
			`# - Volume Creation`
			`####################`
			`- hosts: swarm`
			`become: "true"`
			`vars:`
			`cloudflare_b0__access_key_id: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/r2/mesh__traefik_certs/access_key_id') }}"`
			`cloudflare_b0__secret_access_key: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/r2/mesh__traefik_certs/secret_access_key') }}"`
			`cloudflare_b0__endpoint: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/r2/mesh__traefik_certs/endpoint') }}"`

			`tasks:`
			`- name: "Unmount Volume: mesh__traefik_certs"`
			`community.docker.docker_volume:`
			`state: "absent"`
			`name: "mesh__traefik_certs"`
			`driver: "rclone"`

			`- name: "Pause to Let Volume Unmount"`
			`pause:`
			`seconds: 5`

			`- name: "Mount Volume: mesh__traefik_certs"`
			`community.docker.docker_volume:`
			`state: "present"`
			`name: "mesh__traefik_certs"`
			`driver: "rclone"`
			`driver_options:`
			`remote: ":s3:mesh--traefik-certs"`
			`uid: "5000"`
			`gid: "5000"`
			`s3_provider: "Cloudflare"`
			`s3_access_key_id: "{{ cloudflare_b0__access_key_id }}"`
			`s3_secret_access_key: "{{ cloudflare_b0__secret_access_key }}"`
			`s3_region: "auto"`
			`s3_endpoint: "{{ cloudflare_b0__endpoint }}"`
			`s3_acl: "private"`
			`vfs_cache_mode: "full"`

			`####################`
			`# - Deployment`
			`####################`
			`- hosts: leader`
			`become: "true"`
			`vars:`
			`email_letsencrypt: "s174509@dtu.dk"`

			`stack_name: "mesh"`
			`stack_configs:`
			`- "mesh__traefik_static.toml"`
			`- "mesh__traefik_tls.toml"`
			`- "mesh__traefik_default_middlewares.toml"`
			`- "mesh__stack_site-support.toml"`

			`tasks:`
			`####################`
			`# - Network Creation`
			`####################`
			`- name: "Create Network: mesh_public"`
			`community.docker.docker_network:`
			`state: "present"`
			`name: "mesh_public"`
			`driver: "overlay"`
			`scope: "swarm"`
			`attachable: true`
			`appends: true`


			`####################`
			`# - Configs Creation`
			`####################`
			`- name: "Create Docker Configs"`
			`community.docker.docker_config:`
			`state: "present"`
			`name: "{{ item }}"`
			`data: "{{ lookup('template', './configs/' ~ item) \| b64encode }}"`
			`data_is_b64: "true"`
			`with_items: "{{ stack_configs }}"`

			`####################`
			`# - Stack Deployment`
			`####################`
			`- name: "Upload Stack to /tmp"`
			`template:`
			`src: "./docker-compose.yml"`
			`dest: "/tmp/{{ stack_name }}.yml"`
			`owner: "root"`
			`group: "root"`
			`mode: "0640"`

			`- name: "Deploy Stack: {{ stack_name }}"`
			`community.docker.docker_stack:`
			`state: "present"`
			`prune: "true"`
			`name: "{{ stack_name }}"`
			`compose:`
			`- "/tmp/{{ stack_name }}.yml"`

			`- name: "Delete /tmp Stack"`
			`ansible.builtin.file:`
			`path: "/tmp/{{ stack_name }}.yml"`
			`state: "absent"`