|
- hosts: all
|
|
tasks:
|
|
- name: Set hostname
|
|
become: yes
|
|
ansible.builtin.hostname:
|
|
name: "{{ inventory_hostname|split('.')|first }}.home.brettcsmith.org"
|
|
use: systemd
|
|
|
|
- name: Install cert packages
|
|
become: yes
|
|
ansible.builtin.apt:
|
|
name:
|
|
- openssl
|
|
- ssl-cert
|
|
|
|
- name: Add hosts
|
|
become: yes
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/hosts
|
|
block: |
|
|
{% for key, vars in hostvars.items() %}
|
|
{{ vars.ansible_default_ipv4.address }} {{ key }} {{ key }}.home.brettcsmith.org
|
|
{{ vars.ansible_default_ipv6.address }} {{ key }} {{ key }}.home.brettcsmith.org
|
|
{% endfor %}
|
|
notify:
|
|
- restart Arvados
|
|
|
|
- name: Query snakeoil cert
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
openssl x509 -in /etc/ssl/certs/ssl-cert-snakeoil.pem -noout -text |
|
|
grep '\b{{ inventory_hostname }}$'
|
|
failed_when: "false"
|
|
register: cert_grep
|
|
|
|
- name: Recreate snakeoil cert
|
|
when: "cert_grep.rc != 0"
|
|
become: yes
|
|
ansible.builtin.command:
|
|
cmd: make-ssl-cert generate-default-snakeoil --force-overwrite
|
|
notify:
|
|
- restart Arvados
|
|
|
|
- name: Fetch snakeoil cert
|
|
ansible.builtin.fetch:
|
|
src: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
dest: "/home/brett/Curii/clusters/{{ inventory_hostname }}.pem"
|
|
flat: true
|
|
|
|
handlers:
|
|
- name: restart Arvados
|
|
become: yes
|
|
ansible.builtin.command:
|
|
argv:
|
|
- systemctl
|
|
- restart
|
|
- "arvados*"
|
|
- "crunch*"
|
|
- "keep*"
|
|
- nginx
|
|
failed_when: "false"
|
|
|
|
- hosts: arvados_compute,arvados_dispatch_local
|
|
tasks:
|
|
- name: Install dnsmasq
|
|
become: yes
|
|
ansible.builtin.apt:
|
|
name:
|
|
- dnsmasq
|
|
notify:
|
|
- stop docker
|
|
|
|
- name: Configure dnsmasq
|
|
become: yes
|
|
ansible.builtin.copy:
|
|
content: |
|
|
interface=lo
|
|
interface=docker0
|
|
no-dhcp-interface=lo
|
|
no-dhcp-interface=docker0
|
|
dest: /etc/dnsmasq.d/docker.conf
|
|
mode: 0644
|
|
notify:
|
|
- stop docker
|
|
|
|
- name: Set up docker.service drop-in directory
|
|
become: yes
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/system/docker.service.d
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: Set up docker.service relationship to dnsmasq
|
|
become: yes
|
|
ansible.builtin.copy:
|
|
content: |
|
|
[Unit]
|
|
Wants=dnsmasq.service
|
|
Before=dnsmasq.service
|
|
dest: /etc/systemd/system/docker.service.d/dnsmasq.conf
|
|
mode: 0644
|
|
notify:
|
|
- daemon-reload
|
|
- stop docker
|
|
|
|
- name: Set up /etc/docker
|
|
become: yes
|
|
ansible.builtin.file:
|
|
path: /etc/docker
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: Configure docker
|
|
become: yes
|
|
vars:
|
|
docker_config:
|
|
dns:
|
|
- 172.17.0.1
|
|
ansible.builtin.copy:
|
|
content: "{{ docker_config|to_json }}"
|
|
dest: /etc/docker/daemon.json
|
|
mode: 0644
|
|
notify:
|
|
- stop docker
|
|
|
|
handlers:
|
|
- name: daemon-reload
|
|
become: yes
|
|
ansible.builtin.systemd_service:
|
|
daemon_reload: yes
|
|
|
|
# This might fail if Docker isn't installed yet, that's OK.
|
|
- name: stop docker
|
|
become: yes
|
|
ansible.builtin.systemd_service:
|
|
name: "{{ item }}"
|
|
enabled: no
|
|
state: stopped
|
|
loop:
|
|
- dnsmasq.service
|
|
- docker.service
|