Added ansible config

mcpt · Jun 28, 2024 · 389c85c · 389c85c
1 parent 047488d
commit 389c85c
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 4 deletions.
diff --git a/automation/new_droplet.sh b/automation/new_droplet.sh
@@ -60,7 +60,7 @@ echo "SSH is available!"
 
 # Run the Ansible playbook once SSH is up
 echo "Running Ansible playbook..."
-fetch_inventory | ansible-playbook -i /dev/stdin playbooks/initalize_droplet.yml --extra-vars "droplet_name=$1 ansible_host=$droplet_priv_ipv4 public_ipv4=$droplet_pub_ipv4 ansible_user=root"
+fetch_inventory | ansible-playbook -i /dev/stdin playbooks/initalize_worker.yml --extra-vars "droplet_name=$1 ansible_host=$droplet_priv_ipv4 public_ipv4=$droplet_pub_ipv4 ansible_user=root"
 
 
 notify "Droplet $1 is provisioned and configured!"

diff --git a/automation/playbooks/initialize_worker.yml b/automation/playbooks/initialize_worker.yml
@@ -0,0 +1,86 @@
+- hosts: workers
+  become: yes
+  become_user: root
+  become_method: sudo
+
+  vars:
+    # permissions on windows with wsl is not fun
+    ansible_ssh_private_key_file: ~/.ssh/id_rsa
+    ansible_python_interpreter: /usr/bin/python3
+
+    docker_edition: 'ce'
+    docker_package_state: present
+
+  tasks:
+    - name: 'APT Upgrade'
+      apt:
+        upgrade: true
+        update_cache: true
+
+    - name: 'Install nfs'
+      apt:
+        pkg:
+          - nfs-common
+
+    - name: 'Change timezone to Toronto time'
+      shell: timedatectl set-timezone America/Toronto
+
+    - name: 'Installing docker'
+      include_role:
+        name: geerlingguy.docker
+
+    - name: Join Docker Swarm
+      hosts: all
+      become: yes
+      tasks:
+        - name: Get Swarm join token from manager
+          shell: docker swarm join-token worker
+          register: join_token
+          delegate_to: "{{ groups['managers'] | random }}"  # Run on the first manager node
+
+        - name: Join the Swarm as a worker
+          community.docker.docker_swarm:
+            state: join
+            join_token: "{{ join_token.stdout_lines[0] }}"
+            advertise_addr: "{{ groups['managers'][0] }}"  # Use Docker factP
+
+
+
+    - name: 'Mount problem data nfs share'
+      file:
+        path: /var/share
+        state: directory
+
+      mount:
+        path: /var/share
+        src: 10.137.0.5:/var/share
+        state: mounted
+        fstype: nfs4
+        opts: auto,nofail,noatime,nolock,intr,tcp,actimeo=1800,timeo=600
+
+    - name: 'Installing unattended-upgrades'
+      include_role:
+        name: jnv.unattended-upgrades
+
+    - name: 'Install UFW'
+      apt:
+        name: ufw
+
+    - name: 'UFW: internal network'
+      ufw:
+        rule: allow
+        src: '10.137.0.0/16'
+        dest: '10.137.0.0/16'
+
+
+    - name: 'UFW: enable and by default drop'
+      ufw:
+        state: enabled
+        policy: deny
+
+    - name: 'Disable password for root'
+      shell: passwd -d root
+
+    - name: 'Reboot server'
+      reboot:
+        reboot_timeout: 0
diff --git a/automation/swarm_info b/automation/swarm_info
@@ -1,10 +1,14 @@
 #!/bin/bash
 
 # Function to get all ips of all nodes in the swarm
-get_node_ips() {
+get_worker_ips() {
   docker node ls --filter role=worker --format "{{.Hostname}}" | \
   xargs docker node inspect --format '{{ .Status.Addr }}'
 }
+get_manager_ips() {
+  docker node ls --filter role=manager --format "{{.Hostname}}" | \
+  xargs docker node inspect --format '{{ .Status.Addr }}'
+}
 
 # Function to get IP addresses of running replicas for a given service
 get_replica_ips() {
@@ -50,6 +54,8 @@ get_replica_ips() {
 #}
 
 fetch_inventory() {
-  echo "[nodes]"
-  get_node_ips
+  echo "[managers]" # todo: if we have multiple managers, we need to place general first
+  get_manager_ips
+  echo "[workers]"
+  get_worker_ips
 }