python-support-infra/playbooks/playbook.hosts.yml

137 lines
4.4 KiB
YAML

- hosts: localhost
vars:
dns_root: "timesigned.com"
node_primary: "raspberry.node.timesigned.com"
digitalocean_droplet_token: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/digitalocean-droplet-token') }}"
cloudflare_email: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/cloudflare-email') }}"
cloudflare_dns_token: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/cloudflare-dns-token') }}"
droplet_service_image: "debian-12-x64"
## curl -X GET --silent "https://api.digitalocean.com/v2/images?per_page=999" -H "Authorization: Bearer $(pass work/dtu/python-support/digitalocean-droplet-token)" | jq | less
droplet_service_size: "s-1vcpu-1gb"
droplet_service_region: "fra1"
## curl -X GET --silent "https://api.digitalocean.com/v2/sizes?per_page=999" -H "Authorization: Bearer $(pass work/dtu/python-support/digitalocean-droplet-token)" | jq | less
droplet_storage_image: "debian-12-x64"
droplet_storage_size: "s-1vcpu-1gb"
droplet_storage_region: "fra1"
tasks:
####################
# - Prepare SSH Information
####################
- name: "Get SSH Public Key"
shell: "ssh-add -L"
register: "ssh_key_pub_cmdout"
- name: "Add SSH Public Key to DigitalOcean account"
digital_ocean_sshkey:
name: "key"
oauth_token: "{{ digitalocean_droplet_token }}"
ssh_pub_key: "{{ ssh_key_pub_cmdout.stdout }}"
state: "present"
register: "sshkey_result"
####################
# - Create Digitalocean Nodes
####################
- name: "Create Storage Droplet"
digital_ocean_droplet:
name: "{{ item }}"
oauth_token: "{{ digitalocean_droplet_token }}"
ssh_keys: ["{{ sshkey_result.data.ssh_key.id }}"]
image: "{{ droplet_storage_image }}"
size: "{{ droplet_storage_size }}"
region: "{{ droplet_storage_region }}"
wait_timeout: 600
unique_name: "yes"
state: present
with_inventory_hostnames:
- storage
register: droplet_storage_result
- name: "Create Service Droplet"
digital_ocean_droplet:
name: "{{ item }}"
oauth_token: "{{ digitalocean_droplet_token }}"
ssh_keys: ["{{ sshkey_result.data.ssh_key.id }}"]
image: "{{ droplet_service_image }}"
size: "{{ droplet_service_size }}"
region: "{{ droplet_service_region }}"
wait_timeout: 600
unique_name: "yes"
state: present
with_inventory_hostnames:
- service
register: droplet_service_result
####################
# - Set DNS A Records => Hosts
####################
- name: "Set Storage DNS A => *.node.{{ dns_root }}"
cloudflare_dns:
api_token: "{{ cloudflare_dns_token }}"
zone: "{{ dns_root }}"
type: "A"
record: "{{ item.data.droplet.name }}"
value: "{{ item.data.ip_address }}"
with_items: "{{ droplet_storage_result.results }}"
- name: "Set Service DNS A => *.node.{{ dns_root }}"
cloudflare_dns:
api_token: "{{ cloudflare_dns_token }}"
zone: "{{ dns_root }}"
type: "A"
record: "{{ item.data.droplet.name }}"
value: "{{ item.data.ip_address }}"
with_items: "{{ droplet_service_result.results }}"
####################
# - Set DNS CNAME Record => @
####################
- name: "Set DNS CNAME => Primary Node"
cloudflare_dns:
api_token: "{{ cloudflare_dns_token }}"
zone: "{{ dns_root }}"
type: "CNAME"
record: "@"
value: "{{ node_primary }}"
## Cloudflare allows CNAME on @ via CNAME-flattening
####################
# - Set DNS CNAME Records => Stacks
####################
- name: "Set DNS CNAME => Stack: auth"
cloudflare_dns:
api_token: "{{ cloudflare_dns_token }}"
zone: "{{ dns_root }}"
type: "CNAME"
record: "auth"
value: "@"
- name: "Set DNS CNAME => Stack: site-support"
cloudflare_dns:
api_token: "{{ cloudflare_dns_token }}"
zone: "{{ dns_root }}"
type: "CNAME"
record: "pysupport"
value: "@"