mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 13:46:59 +01:00
Remove old roles and fix idempotency issues
This commit is contained in:
Paul-Henri Froidmont
parent
f468fd3e34
commit
92be60ad51
85 changed files with 38 additions and 5890 deletions
|
|
@ -1,23 +1,23 @@
|
|||
---
|
||||
- name: install tinc
|
||||
- name: Install tinc
|
||||
apt:
|
||||
name: tinc
|
||||
state: latest
|
||||
|
||||
- name: ensure tinc netname directory exists
|
||||
- name: Ensure tinc netname directory exists
|
||||
file:
|
||||
path: /etc/tinc/{{ netname }}/hosts
|
||||
recurse: True
|
||||
state: directory
|
||||
|
||||
- name: create /etc/tinc/nets.boot file from template
|
||||
- name: Create /etc/tinc/nets.boot file from template
|
||||
template:
|
||||
src: nets.boot.j2
|
||||
dest: /etc/tinc/nets.boot
|
||||
notify:
|
||||
- restart tinc
|
||||
|
||||
- name: ensure tinc.conf contains connection to all other nodes
|
||||
- name: Ensure tinc.conf contains connection to all other nodes
|
||||
template:
|
||||
src: tinc.conf.j2
|
||||
dest: /etc/tinc/{{ netname }}/tinc.conf
|
||||
|
|
@ -25,7 +25,7 @@
|
|||
- restart tinc
|
||||
- reload tinc
|
||||
|
||||
- name: create tinc-up file
|
||||
- name: Create tinc-up file
|
||||
template:
|
||||
src: tinc-up.j2
|
||||
dest: /etc/tinc/{{ netname }}/tinc-up
|
||||
|
|
@ -33,7 +33,7 @@
|
|||
notify:
|
||||
- restart tinc
|
||||
|
||||
- name: create tinc-down file
|
||||
- name: Create tinc-down file
|
||||
template:
|
||||
src: tinc-down.j2
|
||||
dest: /etc/tinc/{{ netname }}/tinc-down
|
||||
|
|
@ -41,10 +41,12 @@
|
|||
notify:
|
||||
- restart tinc
|
||||
|
||||
- name: ensure tinc hosts file binds to scaleway dns address
|
||||
- name: Ensure tinc hosts file binds to scaleway dns address
|
||||
block:
|
||||
- shell: "/usr/local/bin/scw-metadata ID"
|
||||
- name: Gather Scaleway instance ID
|
||||
shell: "/usr/local/bin/scw-metadata ID"
|
||||
register: scw_id
|
||||
changed_when: no
|
||||
|
||||
- lineinfile:
|
||||
dest: /etc/tinc/{{ netname }}/hosts/{{ inventory_hostname }}
|
||||
|
|
@ -54,7 +56,7 @@
|
|||
- restart tinc
|
||||
when: tinc_ignore_scaleway_dns | default(False) | bool == False
|
||||
|
||||
- name: ensure tinc hosts file binds to physical ip address
|
||||
- name: Ensure tinc hosts file binds to physical ip address
|
||||
lineinfile:
|
||||
dest: /etc/tinc/{{ netname }}/hosts/{{ inventory_hostname }}
|
||||
line: |-
|
||||
|
|
@ -69,7 +71,7 @@
|
|||
- restart tinc
|
||||
when: tinc_ignore_scaleway_dns | default(False) | bool == True
|
||||
|
||||
- name: ensure subnet ip address is properly set in tinc host file
|
||||
- name: Ensure subnet ip address is properly set in tinc host file
|
||||
lineinfile:
|
||||
dest: /etc/tinc/{{ netname }}/hosts/{{ inventory_hostname }}
|
||||
line: "Subnet = {{ vpn_ip }}/{{ vpn_subnet_cidr_netmask }}"
|
||||
|
|
@ -78,33 +80,33 @@
|
|||
- restart tinc
|
||||
|
||||
# in case of multimaster we need to add a subnet line
|
||||
- name: ensure that keepalived ip is properly set in tinc host file on k8s_masters
|
||||
- name: Ensure that keepalived ip is properly set in tinc host file on k8s_masters
|
||||
lineinfile:
|
||||
dest: /etc/tinc/{{ netname }}/hosts/{{ inventory_hostname }}
|
||||
line: "Subnet = {{ api_floating_ip }}/{{ vpn_subnet_cidr_netmask }}"
|
||||
create: yes
|
||||
when: groups.k8s_masters | length > 1
|
||||
|
||||
- name: check whether /etc/tinc/netname/hosts/inventory_hostname contains "-----END RSA PUBLIC KEY-----"
|
||||
- name: Check whether /etc/tinc/netname/hosts/inventory_hostname contains "-----END RSA PUBLIC KEY-----"
|
||||
command: awk '/^-----END RSA PUBLIC KEY-----$/' /etc/tinc/{{ netname }}/hosts/{{ inventory_hostname }}
|
||||
changed_when: "public_key.stdout != '-----END RSA PUBLIC KEY-----'"
|
||||
register: public_key
|
||||
|
||||
# this is necessary because the public key will not be generated (non-interactively) if the private key already exists
|
||||
- name: delete private key and regenerate keypair if public key is absent from tinc hosts file
|
||||
- name: Delete private key and regenerate keypair if public key is absent from tinc hosts file
|
||||
file:
|
||||
path: /etc/tinc/{{ netname }}/rsa_key.priv
|
||||
state: absent
|
||||
when: public_key.changed
|
||||
|
||||
- name: create tinc private key (and append public key to tincd hosts file)
|
||||
- name: Create tinc private key (and append public key to tincd hosts file)
|
||||
shell: tincd -n {{ netname }} -K4096
|
||||
args:
|
||||
creates: /etc/tinc/{{ netname }}/rsa_key.priv
|
||||
notify:
|
||||
- restart tinc
|
||||
|
||||
- name: fetch tinc hosts file after key creation
|
||||
- name: Fetch tinc hosts file after key creation
|
||||
fetch:
|
||||
src: /etc/tinc/{{ netname }}/hosts/{{ inventory_hostname }}
|
||||
dest: fetch/{{ inventory_hostname }}
|
||||
|
|
@ -112,7 +114,7 @@
|
|||
notify:
|
||||
- reload tinc
|
||||
|
||||
- name: sync the fetched tinc hosts files on each host
|
||||
- name: Sync the fetched tinc hosts files on each host
|
||||
synchronize:
|
||||
src: fetch/
|
||||
dest: /etc/tinc/{{ netname }}/hosts/
|
||||
|
|
@ -122,13 +124,13 @@
|
|||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: start tinc on boot
|
||||
- name: Start tinc on boot
|
||||
systemd:
|
||||
name: tinc
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: ensure tun0 exists
|
||||
- name: Ensure tun0 exists
|
||||
shell: "ip a s"
|
||||
register: result
|
||||
until: result.stdout.find("tun0") != -1
|
||||
|
|
@ -136,7 +138,7 @@
|
|||
delay: 10
|
||||
changed_when: False
|
||||
|
||||
- name: add nodes to /etc/hosts (ansible_inventory resolves to vpn_ip)
|
||||
- name: Add nodes to /etc/hosts (ansible_inventory resolves to vpn_ip)
|
||||
lineinfile: dest=/etc/hosts regexp='.*{{ item }}$' line="{{ hostvars[item].vpn_ip }} {{item}}" state=present
|
||||
when: hostvars[item].vpn_ip is defined
|
||||
with_items: "{{ play_hosts }}"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue