First commit

2024-10-16 21:33:03 +02:00 · 2024-10-16 21:33:03 +02:00 · 5a8faf7d56
commit 5a8faf7d56
15 changed files with 5018 additions and 0 deletions
--- a/bootstrap.yml
+++ b/bootstrap.yml
@ -0,0 +1,152 @@
+---
+- name: Creating compose from template
+  hosts: localhost
+  gather_facts: false
+  tasks:
+  - name: Generate password for Keycloak password
+    ansible.builtin.set_fact:
+      keycloak_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
+      grafana_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
+      postgres_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
+      grafana_kc_client_secret: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
+
+  - name: Get current user
+    ansible.builtin.command: echo $USER
+    register: usercmd
+
+  - name: Ensure working directory exists
+    ansible.builtin.stat:
+      path: /opt/infra
+    register: infrastat
+
+  - name: Fails if working directory does not belong to ansible user
+    ansible.builtin.fail:
+      msg: "/opt/infra does not belong to {{ usercmd.stdout }}"
+    when: infrastat.stat.pw_name != usercmd.stdout
+
+  - name: Generating Compose file
+    ansible.builtin.template:
+      src: compose.yml
+      dest: /opt/infra/compose.yml
+
+  - name: Create postgres directory if it does not exist
+    ansible.builtin.file:
+      path: /opt/infra/postgres
+      state: directory
+      mode: '0755'
+
+  - name: Create init-scripts directory if it does not exist
+    ansible.builtin.file:
+      path: /opt/infra/postgres/init-scripts
+      state: directory
+      mode: '0755'
+
+  - name: Generate postgres init scripts for grafana user
+    ansible.builtin.template:
+      src: grafana.sql
+      dest: /opt/infra/postgres/init-scripts/grafana.sql
+
+  - name: Generate postgres init scripts for keycloak user
+    ansible.builtin.template:
+      src: keycloak.sql
+      dest: /opt/infra/postgres/init-scripts/keycloak.sql
+
+  - name: Copying grafana cert files
+    ansible.builtin.copy:
+      src: grafana
+      dest: /opt/infra/
+
+  - name: Copying keycloak image build files
+    ansible.builtin.copy:
+      src: keycloak
+      dest: /opt/infra/
+
+  - name: Deploying Compose file
+    community.docker.docker_compose_v2:
+      project_src: /opt/infra
+      files:
+      - compose.yml
+
+  - name: Wait for docker to have all images deployed
+    ansible.builtin.wait_for:
+      timeout: 30
+
+    #  - name: Adding root cert to grafana image
+    #    community.docker.docker_container_copy_into:
+    #      container: infra-grafana
+    #      path: files/mforcen.crt
+    #      container_path: /etc/ssl/mforcen.crt
+    #
+    #  - name: Creating ssl folder
+    #    community.docker.docker_container_exec:
+    #      container: infra-grafana
+    #      command: mkdir /ssl
+    #      user: 0
+    #
+    #  - name: Adding fullchain cert to grafana container
+    #    community.docker.docker_container_copy_into:
+    #      container: infra-grafana
+    #      path: files/grafana.mforcen.dev.fullchain.pem
+    #      container_path: /ssl/grafana.mforcen.dev.fullchain.pem
+    #      mode: 0755
+    #
+    #  - name: Adding key to grafana container
+    #    community.docker.docker_container_copy_into:
+    #      container: infra-grafana
+    #      path: files/grafana.mforcen.dev.key
+    #      container_path: /ssl/grafana.mforcen.dev.key
+    #      mode: 0755
+
+  - name: Wait for keycloak to be ready
+    ansible.builtin.wait_for:
+      timeout: 60
+
+  - name: Creating realm infra in Keycloak
+    community.general.keycloak_realm:
+      auth_client_id: admin-cli
+      auth_keycloak_url: https://sso.mforcen.dev
+      auth_realm: master
+      auth_username: admin
+      auth_password: Radiola.123
+      state: present
+      id: infra
+      realm: infra
+
+  - name: Creating client Grafana in Keycloak
+    community.general.keycloak_client:
+      auth_client_id: admin-cli
+      auth_keycloak_url: https://sso.mforcen.dev
+      auth_realm: master
+      auth_username: admin
+      auth_password: Radiola.123
+      realm: infra
+      client_id: grafana
+      enabled: true
+      direct_access_grants_enabled: true
+      protocol: openid-connect
+      standard_flow_enabled: true
+      root_url: https://grafana.mforcen.dev
+      redirect_uris:
+      - https://grafana.mforcen.dev/*
+      web_origins:
+      - https://grafana.mforcen.dev/*
+      admin_url: https://grafana.mforcen.dev
+      base_url: https://grafana.mforcen.dev
+      client_authenticator_type: client-secret
+      id: a6960246-4aa9-495f-8843-69d664dba0ea
+      secret: "{{ grafana_kc_client_secret }}"
+
+    #  - name: Create grafana config ini file
+    #    ansible.builtin.template:
+    #      src: grafana.ini
+    #      dest: ../grafana.ini
+    #        
+    #  - name: Stopping grafana container
+    #    community.docker.docker_container:
+    #      name: infra-grafana
+    #      state: stopped
+    #
+    #  - name: Starting grafana container
+    #    community.docker.docker_container:
+    #      name: infra-grafana
+    #      state: started