infrastructure/coreos-config/playbook.yaml

204 lines
5.4 KiB
YAML
Raw Normal View History

---
- name: Render compose files
hosts: localhost
tags: template
vars:
render_path: "./render/compose"
render_blacklist:
- EMPTY
tasks:
- name: Read Variables
include_vars:
dir: vars
extensions:
- 'yml'
- 'yaml'
2022-07-14 00:19:54 +02:00
- file:
state: absent
dest: '{{ render_path }}'
changed_when: false
- file:
state: directory
dest: '{{ render_path }}/{{ item.path }}'
2022-07-14 00:19:54 +02:00
changed_when: false
with_filetree: './compose'
when: item.state == 'directory'
- name: Template Compose structure
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ render_path }}/{{ item.path }}"
force: true
2022-07-14 00:19:54 +02:00
changed_when: false
with_filetree: './compose'
when: item.state == 'file' and item.path not in render_blacklist
- name: Copy blacklisted files
copy:
src: "{{ item.src }}"
dest: "{{ render_path }}/{{ item.path }}"
force: true
2022-07-14 00:19:54 +02:00
changed_when: false
with_filetree: './compose'
when: item.state == 'file' and item.path in render_blacklist
- name: Backup
hosts: all
2022-07-04 02:10:02 +02:00
become: true
2022-07-14 00:19:54 +02:00
become_user: root
tasks:
- name: Read Variables
include_vars:
dir: vars
extensions:
- 'yml'
- 'yaml'
- name: Install backup script
ansible.builtin.template:
src: backup.sh.j2
dest: /root/backup.sh
2022-07-04 02:10:02 +02:00
mode: '0700'
owner: root
- ansible.builtin.file:
path: /root/.ssh
owner: root
state: directory
mode: '0700'
- name: Install SSH Keys
ansible.builtin.template:
src: storagebox.j2
dest: /root/.ssh/storagebox
mode: '0600'
owner: root
2022-07-14 00:19:54 +02:00
- name: Add Known Hosts entries
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts"
name: "{{ backup.known_hosts.name }}"
key: "{{ backup.known_hosts.key }}"
- name: Restore from Backup
hosts: unprovisioned
become: true
become_user: root
gather_facts: true
tasks:
- block:
- name: Read Variables
include_vars:
dir: vars
extensions:
- 'yml'
- 'yaml'
- name: Install backup script
ansible.builtin.template:
src: restore.sh.j2
dest: /root/restore.sh
mode: '0700'
owner: root
- name: Restore from Borg
become: true
become_user: root
ansible.builtin.command:
chdir: /
cmd: bash /root/restore.sh
- name: Remove script from host
ansible.builtin.file:
path: /root/restore.sh
state: absent
- set_fact:
provisioned: true
cacheable: true
when: ansible_facts.provisioned is undefined
- name: Setup Registry credentials
hosts: all
tasks:
- ansible.builtin.file:
path: /home/core/.docker
owner: core
state: directory
mode: '0700'
- ansible.builtin.template:
src: docker-config.json.j2
dest: /home/core/.docker/config.json
mode: '0600'
owner: core
- name: Docker-Compose
hosts: all
tasks:
- name: Gather local Config
delegate_to: 127.0.0.1
find:
paths: ./render/compose
recurse: true
file_type: file
register: local_compose_files
- name: Gather Remote Config
find:
paths: /home/core/compose
recurse: true
file_type: file
register: remote_compose_files
- ansible.builtin.debug:
var: local_compose_files
verbosity: 2
- ansible.builtin.debug:
var: remote_compose_files
verbosity: 2
- ansible.builtin.set_fact:
compose_dirs_tainted: "{{ remote_compose_files.files | map(attribute='path') | difference(local_compose_files.files | map(attribute='path') | map('regex_replace', '^render/', '/home/core/')) | map('dirname') }}"
- ansible.builtin.debug:
var: compose_dirs_tainted
verbosity: 2
- name: Stop tainted Compose Services
community.docker.docker_compose:
project_src: "{{ item }}"
state: absent
loop: "{{ compose_dirs_tainted }}"
- name: Copy Compose files
ansible.posix.synchronize:
src: ./render/compose
dest: /home/core/
archive: false
checksum: true
delete: true
recursive: true
mode: push
# directory_mode: "0750"
# mode: "0640"
# owner: core
register: compose_files
- ansible.builtin.debug:
var: compose_files
verbosity: 2
- name: Restart Compose projects
vars:
docker_restart: "{{ lookup('env', 'DOCKER_RESTART') | default('false', true) | bool }}"
block:
- find:
paths: /home/core/compose
recurse: false
file_type: directory
register: compose_directories
- ansible.builtin.debug:
var: compose_directories
verbosity: 2
- name: Restart Compose Projects
community.docker.docker_compose:
project_src: "{{ item }}"
state: present
restarted: true
recreate: smart
build: true
remove_orphans: true
loop: "{{ compose_directories.files | map(attribute='path') | sort }}"
when: compose_files.changed or docker_restart
...