Jacob Molnia
intermidate setup
c9afb89
raw
history blame
5.56 kB
---
- name: Set up Controller Server
hosts: all
become: yes
vars_files:
- ../vars/secrets.yml
tasks:
- name: Update apt cache
apt:
update_cache: yes
become: yes
- name: Install required packages
apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg
- git
- ansible
state: present
become: yes
- name: Check if Tailscale GPG key exists
stat:
path: /usr/share/keyrings/tailscale-archive-keyring.gpg
register: tailscale_key
- name: Download Tailscale GPG key
get_url:
url: https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg
dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
mode: '0644'
become: yes
when: not tailscale_key.stat.exists
- name: Add Tailscale repository
ansible.builtin.apt_repository:
repo: deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/ubuntu jammy main
state: present
filename: tailscale
become: yes
- name: Update apt cache again
apt:
update_cache: yes
become: yes
- name: Install Tailscale
apt:
name: tailscale
state: present
become: yes
- name: Check Tailscale status
command: tailscale status
register: tailscale_status
changed_when: false
ignore_errors: yes
- name: Run tailscale up with pre-authentication
command: tailscale up --authkey={{ tailscale_authkey }}
register: tailscale_result
changed_when: "'Success' in tailscale_result.stdout"
become: yes
when: tailscale_status.rc != 0 or 'Tailscale is stopped' in tailscale_status.stdout
- name: Check if repository exists
stat:
path: /opt/CS_553
register: repo_check
- name: Remove existing repository if it exists
file:
path: /opt/CS_553
state: absent
become: yes
when: repo_check.stat.exists
- name: Clone the Git repository
git:
repo: 'https://github.com/jake-molnia/CS_553'
dest: /opt/CS_553
version: main
become: yes
- name: Set permissions for the cloned repository
file:
path: /opt/CS_553
owner: ubuntu
group: ubuntu
mode: '0755'
recurse: yes
become: yes
- name: Ensure correct permissions on student-admin key
file:
path: /opt/CS_553/keys/student-admin-key
mode: '0600'
owner: ubuntu
group: ubuntu
become: yes
- name: Ensure .ssh directory exists
file:
path: /home/ubuntu/.ssh
state: directory
owner: ubuntu
group: ubuntu
mode: '0700'
become: yes
- name: Copy ED25519 private SSH key from vault
copy:
content: "{{ vault_ssh_private_key }}"
dest: /home/ubuntu/.ssh/id_ed25519
owner: ubuntu
group: ubuntu
mode: '0600'
become: yes
- name: Ensure correct permissions on ED25519 key
file:
path: /home/ubuntu/.ssh/id_ed25519
owner: ubuntu
group: ubuntu
mode: '0600'
become: yes
- name: Ensure SSH config file exists
file:
path: /home/ubuntu/.ssh/config
state: touch
owner: ubuntu
group: ubuntu
mode: '0600'
become: yes
- name: Add turing.wpi.edu to SSH config
blockinfile:
path: /home/ubuntu/.ssh/config
block: |
Host turing.wpi.edu
User jrmolnia
Hostname turing.wpi.edu
IdentityFile ~/.ssh/id_ed25519
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR TURING"
become: yes
become_user: ubuntu
- name: Add app server to SSH config
blockinfile:
path: /home/ubuntu/.ssh/config
block: |
Host app
Port 22018
Hostname paffenroth-23.dyn.wpi.edu
IdentityFile ~/.ssh/id_ed25519
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR APP SERVER"
become: yes
become_user: ubuntu
- name: Check if initial setup script has been run
stat:
path: /home/ubuntu/.initial_setup_complete
register: setup_check
- name: Run initial setup shell script with Tailscale key
command: >
/opt/CS_553/deployment/02_deploy_to_controller/scripts/initial_ssh_config.sh -k {{ tailscale_authkey }}
args:
chdir: /opt/CS_553/deployment/02_deploy_to_controller
become: yes
become_user: ubuntu
when: not setup_check.stat.exists
- name: Ensure .ansible directory exists
file:
path: /home/ubuntu/.ansible
state: directory
owner: ubuntu
group: ubuntu
mode: '0700'
become: yes
- name: Copy vault password file from local machine
copy:
src: /path/to/local/vault_password.txt
dest: /home/ubuntu/.ansible/vault_password.txt
owner: ubuntu
group: ubuntu
mode: '0600'
become: yes
- name: Run Ansible playbook for app server setup
command: >
ansible-playbook -i inventory/hosts.ini
playbooks/main.yml
--vault-password-file /home/ubuntu/.ansible/vault_password.txt
args:
chdir: /opt/CS_553/deployment/01_deploy_to_app
become: yes
become_user: ubuntu
environment:
ANSIBLE_CONFIG: /opt/CS_553/deployment/01_deploy_to_app/ansible.cfg