infra-iac/bootstrap.yml

---
- name: Creating compose from template
  hosts: server
  gather_facts: false
  tasks:
  - name: Generate password for Keycloak password
    ansible.builtin.set_fact:
      keycloak_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
      grafana_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
      postgres_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
      grafana_kc_client_secret: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"

  - name: Get current user
    ansible.builtin.command: echo $USER
    register: usercmd

  - name: Ensure working directory exists
    ansible.builtin.stat:
      path: /opt/infra
    register: infrastat

  - name: Fails if working directory does not belong to ansible user
    ansible.builtin.fail:
      msg: "/opt/infra does not belong to {{ usercmd.stdout }}"
    when: infrastat.stat.pw_name != usercmd.stdout

  - name: Generating Compose file
    ansible.builtin.template:
      src: compose.yml
      dest: /opt/infra/compose.yml

  - name: Create postgres directory if it does not exist
    ansible.builtin.file:
      path: /opt/infra/postgres
      state: directory
      mode: '0755'

  - name: Create init-scripts directory if it does not exist
    ansible.builtin.file:
      path: /opt/infra/postgres/init-scripts
      state: directory
      mode: '0755'

  - name: Generate postgres init scripts for grafana user
    ansible.builtin.template:
      src: grafana.sql
      dest: /opt/infra/postgres/init-scripts/grafana.sql

  - name: Generate postgres init scripts for keycloak user
    ansible.builtin.template:
      src: keycloak.sql
      dest: /opt/infra/postgres/init-scripts/keycloak.sql

  - name: Copying grafana cert files
    ansible.builtin.copy:
      src: grafana
      dest: /opt/infra/

  - name: Copying keycloak image build files
    ansible.builtin.copy:
      src: keycloak
      dest: /opt/infra/

  - name: Deploying Compose file
    community.docker.docker_compose_v2:
      project_src: /opt/infra
      files:
      - compose.yml

  - name: Wait for docker to have all images deployed
    ansible.builtin.wait_for:
      timeout: 30

  - name: Wait for keycloak to be ready
    ansible.builtin.wait_for:
      timeout: 60

  - name: Creating realm infra in Keycloak
    community.general.keycloak_realm:
      auth_client_id: admin-cli
      auth_keycloak_url: https://sso.mforcen.dev
      auth_realm: master
      auth_username: admin
      auth_password: Radiola.123
      state: present
      enabled: true
      id: infra
      realm: infra

  - name: Creating client Grafana in Keycloak
    community.general.keycloak_client:
      auth_client_id: admin-cli
      auth_keycloak_url: https://sso.mforcen.dev
      auth_realm: master
      auth_username: admin
      auth_password: Radiola.123
      realm: infra
      client_id: grafana
      enabled: true
      direct_access_grants_enabled: true
      protocol: openid-connect
      standard_flow_enabled: true
      root_url: https://grafana.mforcen.dev
      redirect_uris:
      - https://grafana.mforcen.dev/*
      web_origins:
      - https://grafana.mforcen.dev/*
      admin_url: https://grafana.mforcen.dev
      base_url: https://grafana.mforcen.dev
      client_authenticator_type: client-secret
      id: a6960246-4aa9-495f-8843-69d664dba0ea
      secret: "{{ grafana_kc_client_secret }}"
First commit 2024-10-16 21:33:03 +02:00			`---`
			`- name: Creating compose from template`
Removed unnecesary comments 2024-10-19 19:12:01 +02:00			`hosts: server`
First commit 2024-10-16 21:33:03 +02:00			`gather_facts: false`
			`tasks:`
			`- name: Generate password for Keycloak password`
			`ansible.builtin.set_fact:`
			`keycloak_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"`
			`grafana_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"`
			`postgres_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"`
			`grafana_kc_client_secret: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"`

			`- name: Get current user`
			`ansible.builtin.command: echo $USER`
			`register: usercmd`

			`- name: Ensure working directory exists`
			`ansible.builtin.stat:`
			`path: /opt/infra`
			`register: infrastat`

			`- name: Fails if working directory does not belong to ansible user`
			`ansible.builtin.fail:`
			`msg: "/opt/infra does not belong to {{ usercmd.stdout }}"`
			`when: infrastat.stat.pw_name != usercmd.stdout`

			`- name: Generating Compose file`
			`ansible.builtin.template:`
			`src: compose.yml`
			`dest: /opt/infra/compose.yml`

			`- name: Create postgres directory if it does not exist`
			`ansible.builtin.file:`
			`path: /opt/infra/postgres`
			`state: directory`
			`mode: '0755'`

			`- name: Create init-scripts directory if it does not exist`
			`ansible.builtin.file:`
			`path: /opt/infra/postgres/init-scripts`
			`state: directory`
			`mode: '0755'`

			`- name: Generate postgres init scripts for grafana user`
			`ansible.builtin.template:`
			`src: grafana.sql`
			`dest: /opt/infra/postgres/init-scripts/grafana.sql`

			`- name: Generate postgres init scripts for keycloak user`
			`ansible.builtin.template:`
			`src: keycloak.sql`
			`dest: /opt/infra/postgres/init-scripts/keycloak.sql`

			`- name: Copying grafana cert files`
			`ansible.builtin.copy:`
			`src: grafana`
			`dest: /opt/infra/`

			`- name: Copying keycloak image build files`
			`ansible.builtin.copy:`
			`src: keycloak`
			`dest: /opt/infra/`

			`- name: Deploying Compose file`
			`community.docker.docker_compose_v2:`
			`project_src: /opt/infra`
			`files:`
			`- compose.yml`

			`- name: Wait for docker to have all images deployed`
			`ansible.builtin.wait_for:`
			`timeout: 30`

			`- name: Wait for keycloak to be ready`
			`ansible.builtin.wait_for:`
			`timeout: 60`

			`- name: Creating realm infra in Keycloak`
			`community.general.keycloak_realm:`
			`auth_client_id: admin-cli`
			`auth_keycloak_url: https://sso.mforcen.dev`
			`auth_realm: master`
			`auth_username: admin`
			`auth_password: Radiola.123`
			`state: present`
Added root url in env vars 2024-10-19 19:25:23 +02:00			`enabled: true`
First commit 2024-10-16 21:33:03 +02:00			`id: infra`
			`realm: infra`

			`- name: Creating client Grafana in Keycloak`
			`community.general.keycloak_client:`
			`auth_client_id: admin-cli`
			`auth_keycloak_url: https://sso.mforcen.dev`
			`auth_realm: master`
			`auth_username: admin`
			`auth_password: Radiola.123`
			`realm: infra`
			`client_id: grafana`
			`enabled: true`
			`direct_access_grants_enabled: true`
			`protocol: openid-connect`
			`standard_flow_enabled: true`
			`root_url: https://grafana.mforcen.dev`
			`redirect_uris:`
			`- https://grafana.mforcen.dev/*`
			`web_origins:`
			`- https://grafana.mforcen.dev/*`
			`admin_url: https://grafana.mforcen.dev`
			`base_url: https://grafana.mforcen.dev`
			`client_authenticator_type: client-secret`
			`id: a6960246-4aa9-495f-8843-69d664dba0ea`
			`secret: "{{ grafana_kc_client_secret }}"`