diff --git a/ansible_playbooks/ansible_hosts.yml b/ansible_playbooks/ansible_hosts.yml index a41aca2..24175a5 100644 --- a/ansible_playbooks/ansible_hosts.yml +++ b/ansible_playbooks/ansible_hosts.yml @@ -57,12 +57,6 @@ all: hw_transcode.device: /dev/video11 hw_transcode.type: raspberry - consul_instances: - children: - servers: {} - vault_instances: - children: - servers: {} nomad_instances: children: servers: {} diff --git a/ansible_playbooks/bootstrap-values.yml b/ansible_playbooks/bootstrap-values.yml deleted file mode 100644 index d271901..0000000 --- a/ansible_playbooks/bootstrap-values.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- name: Bootstrap Consul values - hosts: consul_instances - gather_facts: false - - vars_files: - - vars/consul_values.yml - - tasks: - - name: Add values - delegate_to: localhost - run_once: true - block: - - name: Install python-consul - pip: - name: python-consul - extra_args: --index-url https://pypi.org/simple - - - name: Write values - consul_kv: - host: "{{ inventory_hostname }}" - key: "{{ item.key }}" - value: "{{ item.value }}" - loop: "{{ consul_values | default({}) | dict2items }}" - -- name: Bootstrap value values - hosts: vault_instances - gather_facts: false - - vars_files: - - vars/vault_hashi_vault_values.yml - - tasks: - - name: Bootstrap Vault secrets - delegate_to: localhost - run_once: true - block: - - name: Install hvac - pip: - name: hvac - extra_args: --index-url https://pypi.org/simple - - - name: Check mount - community.hashi_vault.vault_read: - url: "http://{{ inventory_hostname }}:8200" - token: "{{ root_token }}" - path: "/sys/mounts/kv" - ignore_errors: true - register: check_mount - - - name: Create kv mount - community.hashi_vault.vault_write: - url: "http://{{ inventory_hostname }}:8200" - token: "{{ root_token }}" - path: "/sys/mounts/kv" - data: - type: kv-v2 - when: check_mount is not succeeded - - - name: Write values - no_log: true - community.hashi_vault.vault_write: - url: "http://{{ inventory_hostname }}:8200" - token: "{{ root_token }}" - path: "kv/data/{{ item.key }}" - data: - data: - "{{ item.value }}" - loop: "{{ hashi_vault_values | default({}) | dict2items }}" - retries: 2 - delay: 10 - - - name: Write userpass - no_log: true - community.hashi_vault.vault_write: - url: "http://{{ inventory_hostname }}:8200" - token: "{{ root_token }}" - path: "auth/userpass/users/{{ item.name }}" - data: '{"password": "{{ item.password }}", "policies": "{{ item.policies }}"}' - loop: "{{ vault_userpass }}" diff --git a/ansible_playbooks/clear-data.yml b/ansible_playbooks/clear-data.yml index f1a8826..f4e015e 100644 --- a/ansible_playbooks/clear-data.yml +++ b/ansible_playbooks/clear-data.yml @@ -1,27 +1,5 @@ -# Stops Consul, Vault, and Nomad and clears all data from their data dirs +# Stops Nomad and clears all data from its ata dirs --- -- name: Delete Consul data - hosts: consul_instances - - tasks: - - name: Stop consul - systemd: - name: consul - state: stopped - become: true - - - name: Stop vault - systemd: - name: vault - state: stopped - become: true - - - name: Remove data dir - file: - path: /opt/consul - state: absent - become: true - - name: Delete Nomad data hosts: nomad_instances diff --git a/ansible_playbooks/recover-consul.yaml b/ansible_playbooks/recover-consul.yaml deleted file mode 100644 index 24bc65c..0000000 --- a/ansible_playbooks/recover-consul.yaml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- name: Stop Nomad - hosts: nomad_instances - - tasks: - - name: Stop Nomad - systemd: - name: nomad - state: stopped - become: true - -- name: Stop Vault - hosts: vault_instances - gather_facts: false - - tasks: - - name: Stop Vault - systemd: - name: vault - state: stopped - become: true - -- name: Recover Consul - hosts: consul_instances - gather_facts: false - - tasks: - - name: Stop Consul - systemd: - name: consul - state: stopped - become: true - - - name: Get node-id - slurp: - src: /opt/consul/node-id - register: consul_node_id - become: true - - - name: Node Info - debug: - msg: | - node_id: {{ consul_node_id.content | b64decode }} - address: {{ ansible_default_ipv4.address }} - - - name: Save - copy: - dest: "/opt/consul/raft/peers.json" - # I used to have reject('equalto', inventory_hostname) in the loop, but I'm not sure if I should - content: | - [ - {% for host in ansible_play_hosts -%} - { - "id": "{{ hostvars[host].consul_node_id.content | b64decode }}", - "address": "{{ hostvars[host].ansible_default_ipv4.address }}:8300", - "non_voter": false - }{% if not loop.last %},{% endif %} - {% endfor -%} - ] - become: true - - - name: Restart Consul - systemd: - name: consul - state: restarted - become: true - -- name: Start Vault - hosts: vault_instances - gather_facts: false - - tasks: - - name: Start Vault - systemd: - name: vault - state: started - become: true - -- name: Start Nomad - hosts: nomad_instances - gather_facts: false - - tasks: - - name: Start Nomad - systemd: - name: nomad - state: started - become: true diff --git a/ansible_playbooks/setup-cluster.yml b/ansible_playbooks/setup-cluster.yml index 43bc0b4..b0d3aaf 100644 --- a/ansible_playbooks/setup-cluster.yml +++ b/ansible_playbooks/setup-cluster.yml @@ -1,6 +1,6 @@ --- - name: Update DNS for bootstrapping with non-Nomad host - hosts: consul_instances + hosts: nomad_instances become: true gather_facts: false vars: diff --git a/ansible_playbooks/unseal-vault.yml b/ansible_playbooks/unseal-vault.yml deleted file mode 100644 index db24e89..0000000 --- a/ansible_playbooks/unseal-vault.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Unseal Vault - hosts: vault_instances - - tasks: - - name: Get Vault status - uri: - url: http://127.0.0.1:8200/v1/sys/health - method: GET - status_code: 200, 429, 472, 473, 501, 503 - body_format: json - return_content: true - register: vault_status - - - name: Unseal Vault - no_log: true - command: - argv: - - "vault" - - "operator" - - "unseal" - - "-address=http://127.0.0.1:8200/" - - "{{ item }}" - loop: "{{ unseal_keys_hex }}" - when: - - unseal_keys_hex is defined - - vault_status.json["sealed"]