-
Notifications
You must be signed in to change notification settings - Fork 0
/
deploy.yml
128 lines (109 loc) · 4.61 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
- hosts: all
become: true
gather_facts: false
vars:
ansible_ssh_common_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
tasks:
- name: Block for deploy
block:
- name: Make sure podman is installed
ansible.builtin.package:
name: "podman"
state: present
- name: Create /root/bootcblade.containerfile and /root/bootcblade-deploy.sh
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/root/{{ item }}"
loop:
- bootcblade.containerfile
- bootcblade-deploy.sh
- name: Create root ssh authorized keys
ansible.posix.authorized_key:
user: "root"
key: "{{ create_user_ssh_pub }}"
state: present
- name: Build BootcBlade container image
ansible.builtin.shell: "podman build -t localhost/bootcblade -f /root/bootcblade.containerfile"
- name: Deploy BootcBlade image
ansible.builtin.shell: "bash /root/bootcblade-deploy.sh"
- name: Reboot into BootcBlade environment
ansible.builtin.reboot:
reboot_timeout: 1
ignore_errors: true
tags: deploy
- name: Block for configure
block:
- name: Wait for connectivity after deployment
ansible.builtin.wait_for_connection:
- name: Create user
ansible.builtin.user:
name: "{{ create_user }}"
groups: "wheel"
append: true
shell: "{{ create_user_shell if create_user_shell is defined else '/bin/bash' }}"
when: create_user is defined and create_user_password is not defined
- name: Create user (with password)
ansible.builtin.user:
name: "{{ create_user }}"
groups: "wheel"
append: true
shell: "{{ create_user_shell if create_user_shell is defined else '/bin/bash' }}"
password: "{{ create_user_password | password_hash('sha512') }}"
when: create_user is defined and create_user_password is defined
- name: Create user ssh authorized keys
ansible.posix.authorized_key:
user: "{{ create_user }}"
key: "{{ create_user_ssh_pub }}"
state: present
when: (create_user is defined) and (create_user_ssh_pub is defined)
- name: Create /root/bootcblade.containerfile
ansible.builtin.template:
src: "bootcblade.containerfile.j2"
dest: "/root/bootcblade.containerfile"
loop:
- bootcblade.containerfile
- name: Add bootcblade-rebuild.service and .timer files for automatic update
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
loop:
- "bootcblade-rebuild.service"
- "bootcblade-rebuild.timer"
- name: Enable and start bootcblade-rebuild services
ansible.builtin.systemd_service:
name: "{{ item.name }}"
state: "{{ item.state }}"
enabled: "{{ item.enabled }}"
daemon-reload: true
loop:
- { name: "bootcblade-rebuild.service", state: "stopped", enabled: false }
- { name: "bootcblade-rebuild.timer", state: "started", enabled: true }
- name: Stop and disable (mask) bootc-fetch-apply-updates
ansible.builtin.systemd_service:
name: "{{ item }}"
state: "stopped"
enabled: false
masked: true
daemon-reload: true
loop:
- "bootc-fetch-apply-updates.timer"
- "bootc-fetch-apply-updates.service"
- name: Generate quadlet file for cockpit-bastion
ansible.builtin.shell: "podman run --rm -it ghcr.io/containers/podlet -i podman run --rm -d --name cockpit-bastion -p 9090:9090 -v /etc/cockpit/ws-certs.d/:/etc/cockpit/ws-certs.d/:rw,Z quay.io/cockpit/ws"
register: cockpit_bastion_quadlet
- name: Install quadlet file for cockpit-bastion
ansible.builtin.copy:
content: "{{ cockpit_bastion_quadlet.stdout }}"
dest: "/etc/containers/systemd/cockpit-bastion.container"
- name: Create SSL certificate directory for cockpit-ws
ansible.builtin.file:
path: "/etc/cockpit/ws-certs.d"
state: directory
- name: Start cockpit-bastion service
ansible.builtin.systemd_service:
name: "cockpit-bastion.service"
state: "started"
daemon-reload: true
vars:
ansible_user: "root"
tags: configure