From 57ca1e9233a2973b7b44c4e5911cddecf7058c94 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 16 Nov 2022 20:31:44 +0100 Subject: [PATCH] Create separate role for SSH and Vagrant - Added a separate role that first configures SSH, and after that gathers the ansible_virtualization_role fact, due to gathering facts requiring an SSH connection - Renamed ssl_certs_enabled to letsencrypt_enabled and moved that and the vagrant variable to the be supplied directly to the last two roles in playbook.yml - Added tags base_only and setup_services to the new role ssh_and_vagrant so that it will always be run before anything else when using deploy.sh --- playbook.yml | 15 +++++++++++---- roles/docker/tasks/services/mailu.yml | 4 ++-- roles/docker/tasks/services/nginx-proxy.yml | 2 +- .../handlers/main.yml | 0 roles/ssh_and_vagrant/tasks/main.yml | 5 +++++ .../tasks/ssh-port.yml | 4 ++-- roles/ssh_and_vagrant/tasks/virtualization.yml | 4 ++++ roles/ubuntu_base/tasks/base.yml | 2 +- roles/ubuntu_base/tasks/main.yml | 4 +--- 9 files changed, 27 insertions(+), 13 deletions(-) rename roles/{ubuntu_base => ssh_and_vagrant}/handlers/main.yml (100%) create mode 100644 roles/ssh_and_vagrant/tasks/main.yml rename roles/{ubuntu_base => ssh_and_vagrant}/tasks/ssh-port.yml (91%) create mode 100644 roles/ssh_and_vagrant/tasks/virtualization.yml diff --git a/playbook.yml b/playbook.yml index fe20a09..a9d41de 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,15 +1,12 @@ --- - hosts: all - gather_facts: true + gather_facts: false become: true vars: base_domain: data.coop letsencrypt_email: admin@data.coop ldap_dn: "dc=data,dc=coop" - vagrant: "{{ ansible_virtualization_role == 'guest' }}" - ssl_certs_enabled: "{{ vagrant == false }}" - services: - nginx-proxy - postfix @@ -36,9 +33,19 @@ smtp_port: "587" tasks: + - import_role: + name: ssh_and_vagrant + tags: + - base_only + - setup_services - import_role: name: ubuntu_base + vars: + vagrant: "{{ ansible_virtualization_role == 'guest' }}" tags: - base_only - import_role: name: docker + vars: + vagrant: "{{ ansible_virtualization_role == 'guest' }}" + letsencrypt_enabled: "{{ not vagrant }}" diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/services/mailu.yml index 04f8a80..3c28dee 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/services/mailu.yml @@ -28,7 +28,7 @@ dest: "{{ mailu.volume_folder }}/certs/cert.pem" state: hard force: yes - when: ssl_certs_enabled + when: letsencrypt_enabled - name: hard link to Let's Encrypt TLS key file: @@ -36,7 +36,7 @@ dest: "{{ mailu.volume_folder }}/certs/key.pem" state: hard force: yes - when: ssl_certs_enabled + when: letsencrypt_enabled - name: run mail server containers docker_compose: diff --git a/roles/docker/tasks/services/nginx-proxy.yml b/roles/docker/tasks/services/nginx-proxy.yml index 490b65f..3f17225 100644 --- a/roles/docker/tasks/services/nginx-proxy.yml +++ b/roles/docker/tasks/services/nginx-proxy.yml @@ -44,5 +44,5 @@ - /var/run/docker.sock:/var/run/docker.sock:ro env: NGINX_PROXY_CONTAINER: nginx-proxy - when: ssl_certs_enabled + when: letsencrypt_enabled diff --git a/roles/ubuntu_base/handlers/main.yml b/roles/ssh_and_vagrant/handlers/main.yml similarity index 100% rename from roles/ubuntu_base/handlers/main.yml rename to roles/ssh_and_vagrant/handlers/main.yml diff --git a/roles/ssh_and_vagrant/tasks/main.yml b/roles/ssh_and_vagrant/tasks/main.yml new file mode 100644 index 0000000..294e74f --- /dev/null +++ b/roles/ssh_and_vagrant/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- import_tasks: ssh-port.yml + tags: [change-ssh-port] +- import_tasks: virtualization.yml + tags: [gather-virtualization-facts] diff --git a/roles/ubuntu_base/tasks/ssh-port.yml b/roles/ssh_and_vagrant/tasks/ssh-port.yml similarity index 91% rename from roles/ubuntu_base/tasks/ssh-port.yml rename to roles/ssh_and_vagrant/tasks/ssh-port.yml index a6a598a..90ae178 100644 --- a/roles/ubuntu_base/tasks/ssh-port.yml +++ b/roles/ssh_and_vagrant/tasks/ssh-port.yml @@ -11,7 +11,7 @@ ignore_errors: true register: ssh_configured -# If we're running in Vagrant, ansible_port is 2222 +# If running in Vagrant, ansible_port is always 2222 - name: Change Ansible port to 22 if needed set_fact: ansible_port: 22 @@ -22,7 +22,7 @@ - name: Change SSH port on host lineinfile: dest: "/etc/ssh/sshd_config" - regexp: "^#?Port" + regexp: "^#?Port " line: "Port 19022" register: ssh_changed notify: "Restart sshd" diff --git a/roles/ssh_and_vagrant/tasks/virtualization.yml b/roles/ssh_and_vagrant/tasks/virtualization.yml new file mode 100644 index 0000000..19883e4 --- /dev/null +++ b/roles/ssh_and_vagrant/tasks/virtualization.yml @@ -0,0 +1,4 @@ +--- +- name: Determine if running in Vagrant + setup: + gather_subset: virtualization_role diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index 4ff4a94..63e452c 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -13,7 +13,7 @@ - name: Install Dell OpenManage apt: name: srvadmin-all - when: ansible_virtualization_role != "guest" + when: not vagrant - name: Install necessary packages via pip pip: diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/ubuntu_base/tasks/main.yml index 7313caa..2416ea1 100644 --- a/roles/ubuntu_base/tasks/main.yml +++ b/roles/ubuntu_base/tasks/main.yml @@ -1,9 +1,7 @@ --- -- import_tasks: ssh-port.yml - tags: [change-ssh-port] - import_tasks: dell-apt-repo.yml tags: [setup-dell-apt-repo] - when: vagrant == false + when: not vagrant - import_tasks: upgrade.yml tags: [do-full-system-upgrade] - import_tasks: base.yml