interop-workloads/workloads/ansible/shade/dockerswarm/roles/prep_apply/tasks/main.yml

---
- name: Get start timestamp
  set_fact: starttime="{{ ansible_date_time }}"

- name: Create certificate directory
  file: path="/tmp/{{ env }}/keys" state=directory

- stat: path="/tmp/{{ env }}/discovery_url"
  register: discovery_url_flag

- name: Get docker discovery url
  get_url:
    url: "https://discovery.etcd.io/new?size={{ app_env.swarm_size }}"
    dest: "/tmp/{{ env }}/discovery_url"
  when: discovery_url_flag.stat.exists == false

- shell: openssl genrsa -out "/tmp/{{ env }}/keys/ca-key.pem" 2048
- shell: openssl genrsa -out "/tmp/{{ env }}/keys/key.pem" 2048

- shell: >-
      openssl req -x509 -new -nodes -key /tmp/{{ env }}/keys/ca-key.pem
      -days 10000 -out /tmp/{{ env }}/keys/ca.pem -subj '/CN=docker-CA'      

- shell: >-
      openssl req -new -key /tmp/{{ env }}/keys/key.pem
      -out /tmp/{{ env }}/keys/cert.csr
      -subj '/CN=docker-client' -config ./roles/prov_apply/templates/openssl.cnf      

- shell: >-
      openssl x509 -req -in /tmp/{{ env }}/keys/cert.csr
      -CA /tmp/{{ env }}/keys/ca.pem -CAkey /tmp/{{ env }}/keys/ca-key.pem
      -CAcreateserial -out /tmp/{{ env }}/keys/cert.pem -days 365
      -extensions v3_req -extfile ./roles/prov_apply/templates/openssl.cnf      

- name: Retrieve specified flavor
  os_flavor_facts:
    auth: "{{ auth }}"
    region_name: "{{ app_env.region_name }}"
    availability_zone: "{{ app_env.availability_zone }}"
    validate_certs: "{{ app_env.validate_certs }}"
    name: "{{ app_env.flavor_name }}"

- name: Create a key-pair
  os_keypair:
    state: "present"
    auth: "{{ auth }}"
    region_name: "{{ app_env.region_name }}"
    availability_zone: "{{ app_env.availability_zone }}"
    validate_certs: "{{ app_env.validate_certs }}"
    name: "dockerswarm"
    public_key_file: "{{ app_env.public_key_file }}"

- name: Create security group
  os_security_group:
    state: present
    auth: "{{ auth }}"
    region_name: "{{ app_env.region_name }}"
    availability_zone: "{{ app_env.availability_zone }}"
    validate_certs: "{{ app_env.validate_certs }}"
    name: dockerswarm_sg
    description: secuirty group for dockerswarm

- name: Add security rules
  os_security_group_rule:
    state: present
    auth: "{{ auth }}"
    region_name: "{{ app_env.region_name }}"
    availability_zone: "{{ app_env.availability_zone }}"
    validate_certs: "{{ app_env.validate_certs }}"
    security_group: dockerswarm_sg
    protocol: "{{ item.protocol }}"
    direction: "{{ item.dir }}"
    port_range_min: "{{ item.p_min }}"
    port_range_max: "{{ item.p_max }}"
    remote_ip_prefix: 0.0.0.0/0
  with_items:
    - { p_min: 22, p_max: 22, dir: ingress, protocol: tcp }
    - { p_min: 2375, p_max: 2376, dir: ingress, protocol: tcp }
    - { p_min: 2379, p_max: 2380, dir: ingress, protocol: tcp }
    - { p_min: 2379, p_max: 2380, dir: egress, protocol: tcp }
    - { p_min: -1, p_max: -1, dir: ingress, protocol: icmp }
    - { p_min: -1, p_max: -1, dir: egress, protocol: icmp }

- name: Create cloudinit file for all nodes
  template:
    src: templates/cloudinit.j2
    dest: "/tmp/{{ env }}/cloudinit"

- name: Add nodes to host group
  add_host:
    name: "swarmnode{{ item }}"
    hostname: "127.0.0.1"
    groups: dockerswarm
    host_no: "{{ item }}"
  with_sequence: count={{ app_env.swarm_size }}
  no_log: True