97 lines
3.2 KiB
YAML
Executable File
97 lines
3.2 KiB
YAML
Executable File
---
|
|
- name: Get start timestamp
|
|
set_fact: starttime="{{ ansible_date_time }}"
|
|
|
|
- name: Create certificate directory
|
|
file: path="/tmp/{{ env }}/keys" state=directory
|
|
|
|
- stat: path="/tmp/{{ env }}/discovery_url"
|
|
register: discovery_url_flag
|
|
|
|
- name: Get docker discovery url
|
|
get_url:
|
|
url: "https://discovery.etcd.io/new?size={{ app_env.swarm_size }}"
|
|
dest: "/tmp/{{ env }}/discovery_url"
|
|
when: discovery_url_flag.stat.exists == false
|
|
|
|
- shell: openssl genrsa -out "/tmp/{{ env }}/keys/ca-key.pem" 2048
|
|
- shell: openssl genrsa -out "/tmp/{{ env }}/keys/key.pem" 2048
|
|
|
|
- shell: >-
|
|
openssl req -x509 -new -nodes -key /tmp/{{ env }}/keys/ca-key.pem
|
|
-days 10000 -out /tmp/{{ env }}/keys/ca.pem -subj '/CN=docker-CA'
|
|
|
|
- shell: >-
|
|
openssl req -new -key /tmp/{{ env }}/keys/key.pem
|
|
-out /tmp/{{ env }}/keys/cert.csr
|
|
-subj '/CN=docker-client' -config ./roles/prov_apply/templates/openssl.cnf
|
|
|
|
- shell: >-
|
|
openssl x509 -req -in /tmp/{{ env }}/keys/cert.csr
|
|
-CA /tmp/{{ env }}/keys/ca.pem -CAkey /tmp/{{ env }}/keys/ca-key.pem
|
|
-CAcreateserial -out /tmp/{{ env }}/keys/cert.pem -days 365
|
|
-extensions v3_req -extfile ./roles/prov_apply/templates/openssl.cnf
|
|
|
|
- name: Retrieve specified flavor
|
|
os_flavor_facts:
|
|
auth: "{{ auth }}"
|
|
region_name: "{{ app_env.region_name }}"
|
|
availability_zone: "{{ app_env.availability_zone }}"
|
|
validate_certs: "{{ app_env.validate_certs }}"
|
|
name: "{{ app_env.flavor_name }}"
|
|
|
|
- name: Create a key-pair
|
|
os_keypair:
|
|
state: "present"
|
|
auth: "{{ auth }}"
|
|
region_name: "{{ app_env.region_name }}"
|
|
availability_zone: "{{ app_env.availability_zone }}"
|
|
validate_certs: "{{ app_env.validate_certs }}"
|
|
name: "dockerswarm"
|
|
public_key_file: "{{ app_env.public_key_file }}"
|
|
|
|
- name: Create security group
|
|
os_security_group:
|
|
state: present
|
|
auth: "{{ auth }}"
|
|
region_name: "{{ app_env.region_name }}"
|
|
availability_zone: "{{ app_env.availability_zone }}"
|
|
validate_certs: "{{ app_env.validate_certs }}"
|
|
name: dockerswarm_sg
|
|
description: secuirty group for dockerswarm
|
|
|
|
- name: Add security rules
|
|
os_security_group_rule:
|
|
state: present
|
|
auth: "{{ auth }}"
|
|
region_name: "{{ app_env.region_name }}"
|
|
availability_zone: "{{ app_env.availability_zone }}"
|
|
validate_certs: "{{ app_env.validate_certs }}"
|
|
security_group: dockerswarm_sg
|
|
protocol: "{{ item.protocol }}"
|
|
direction: "{{ item.dir }}"
|
|
port_range_min: "{{ item.p_min }}"
|
|
port_range_max: "{{ item.p_max }}"
|
|
remote_ip_prefix: 0.0.0.0/0
|
|
with_items:
|
|
- { p_min: 22, p_max: 22, dir: ingress, protocol: tcp }
|
|
- { p_min: 2375, p_max: 2376, dir: ingress, protocol: tcp }
|
|
- { p_min: 2379, p_max: 2380, dir: ingress, protocol: tcp }
|
|
- { p_min: 2379, p_max: 2380, dir: egress, protocol: tcp }
|
|
- { p_min: -1, p_max: -1, dir: ingress, protocol: icmp }
|
|
- { p_min: -1, p_max: -1, dir: egress, protocol: icmp }
|
|
|
|
- name: Create cloudinit file for all nodes
|
|
template:
|
|
src: templates/cloudinit.j2
|
|
dest: "/tmp/{{ env }}/cloudinit"
|
|
|
|
- name: Add nodes to host group
|
|
add_host:
|
|
name: "swarmnode{{ item }}"
|
|
hostname: "127.0.0.1"
|
|
groups: dockerswarm
|
|
host_no: "{{ item }}"
|
|
with_sequence: count={{ app_env.swarm_size }}
|
|
no_log: True
|