forcen/infra-iac
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
infra-iac/bootstrap.yml
Manuel Forcén Muñoz 20425023fc Added root url in env vars
2024-10-19 19:25:23 +02:00

112 lines
3.5 KiB
YAML
Raw Blame History

---
- name: Creating compose from template
hosts: server
gather_facts: false
tasks:
- name: Generate password for Keycloak password
ansible.builtin.set_fact:
keycloak_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
grafana_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
postgres_pass: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
grafana_kc_client_secret: "{{ lookup('community.general.random_string', length=20, min_lower=1, min_upper=1, min_numeric=1, special=false) }}"
- name: Get current user
ansible.builtin.command: echo $USER
register: usercmd
- name: Ensure working directory exists
ansible.builtin.stat:
path: /opt/infra
register: infrastat
- name: Fails if working directory does not belong to ansible user
ansible.builtin.fail:
msg: "/opt/infra does not belong to {{ usercmd.stdout }}"
when: infrastat.stat.pw_name != usercmd.stdout
- name: Generating Compose file
ansible.builtin.template:
src: compose.yml
dest: /opt/infra/compose.yml
- name: Create postgres directory if it does not exist
ansible.builtin.file:
path: /opt/infra/postgres
state: directory
mode: '0755'
- name: Create init-scripts directory if it does not exist
ansible.builtin.file:
path: /opt/infra/postgres/init-scripts
state: directory
mode: '0755'
- name: Generate postgres init scripts for grafana user
ansible.builtin.template:
src: grafana.sql
dest: /opt/infra/postgres/init-scripts/grafana.sql
- name: Generate postgres init scripts for keycloak user
ansible.builtin.template:
src: keycloak.sql
dest: /opt/infra/postgres/init-scripts/keycloak.sql
- name: Copying grafana cert files
ansible.builtin.copy:
src: grafana
dest: /opt/infra/
- name: Copying keycloak image build files
ansible.builtin.copy:
src: keycloak
dest: /opt/infra/
- name: Deploying Compose file
community.docker.docker_compose_v2:
project_src: /opt/infra
files:
- compose.yml
- name: Wait for docker to have all images deployed
ansible.builtin.wait_for:
timeout: 30
- name: Wait for keycloak to be ready
ansible.builtin.wait_for:
timeout: 60
- name: Creating realm infra in Keycloak
community.general.keycloak_realm:
auth_client_id: admin-cli
auth_keycloak_url: https://sso.mforcen.dev
auth_realm: master
auth_username: admin
auth_password: Radiola.123
state: present
enabled: true
id: infra
realm: infra
- name: Creating client Grafana in Keycloak
community.general.keycloak_client:
auth_client_id: admin-cli
auth_keycloak_url: https://sso.mforcen.dev
auth_realm: master
auth_username: admin
auth_password: Radiola.123
realm: infra
client_id: grafana
enabled: true
direct_access_grants_enabled: true
protocol: openid-connect
standard_flow_enabled: true
root_url: https://grafana.mforcen.dev
redirect_uris:
- https://grafana.mforcen.dev/*
web_origins:
- https://grafana.mforcen.dev/*
admin_url: https://grafana.mforcen.dev
base_url: https://grafana.mforcen.dev
client_authenticator_type: client-secret
id: a6960246-4aa9-495f-8843-69d664dba0ea
secret: "{{ grafana_kc_client_secret }}"
Reference in a new issue View git blame Copy permalink