Produits Entr'ouvert » Publik Installation Développeur

---

- name: Initialize a systemd-nspawn container

  hosts: localhost

  roles:

    - facts

  tasks:

    - name: Sanity cheks

      assert:

          that:

            - "target != 'localhost'"

            - "'ansible_host' in hostvars[target]"

            - "hostvars[target]['ansible_host'] | ipaddr"

          msg: 'please add CONTAINER_NAME to your inventory, with an ip address in ansible_host variable, then specify "-e target CONTAINER_NAME" on the command line. See for example dev.publik in inventory.yml'

    - name: "create {{src_dir}} directory"

      file:

        path: "{{src_dir}}"

        state: directory

        owner: "{{user}}"

        group: "{{user}}"

    - name: create/start container and bind-mount our development directory

      local_action: command dspawn -p -b {{ src_dir }} -a {{ hostvars[target]['ansible_host'] }} create {{ target }}

      become: yes

      ignore_errors: yes

    - lineinfile:

          path: /etc/hosts

          regexp: "^{{hostvars[target]['ansible_host']}} "

          line: "{{hostvars[target]['ansible_host']}} dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik dev-corbo.local.publik dev-bijoe.local.publik"

      become: yes

- name: Deploy container basic configuration

  hosts: "{{ target }}"

  gather_facts: False

  roles:

    - facts

  vars:

    ansible_user: root

  tasks:

    - raw: echo  'deb http://deb.entrouvert.org/ stretch main' > /etc/apt/sources.list.d/entrouvert.list

    - raw: apt update; apt install -y python-simplejson python-apt ca-certificates sudo postgresql git

    - raw: wget -O - https://deb.entrouvert.org/entrouvert.gpg | apt-key add -

    - raw: apt update; dpkg -s ca-certificates-entrouvert || apt install -y ca-certificates-entrouvert

    - lineinfile:

          path: /etc/postgresql/9.6/main/pg_hba.conf

          line: 'local all postgres trust'

          insertbefore: '# DO NOT DISABLE!'

    - lineinfile:

          path: /etc/postgresql/9.6/main/pg_hba.conf

          line: 'local all all peer'

          insertafter: 'local all postgres trust'

    - raw: systemctl restart postgresql

    - postgresql_user:

          name: "{{user}}"

          role_attr_flags: CREATEDB,SUPERUSER

    - user:

          name: "{{user}}"

          groups: sudo

          append: yes

          shell: /bin/bash

    # it is strange we need to fix permissions here (ansible 2.4)

    - file:

          path: "~{{user}}"

          state: directory

          owner: "{{user}}"

          group: "{{user}}"

    - lineinfile:

          dest: /etc/sudoers

          regexp: "^%{{user}}"

          line: "{{user}} ALL=(ALL) NOPASSWD: ALL"

          validate: 'visudo -cf %s'

    - file:

          path: "~{{user}}/.ssh"

          state: directory

          owner: "{{user}}"

          mode: 0700

    - copy:

          src: "~/.ssh/id_rsa.pub"

          dest: "~{{user}}/.ssh/authorized_keys"

          owner: "{{user}}"

          mode: 0600

    - lineinfile:

          path: /etc/hosts

          regexp: '^127.0.42.1'

          line: '127.0.42.1 dev.publik dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik dev-fargo.local.publik dev-chrono.local.publik dev-passerelle.local.publik'

- name: Copy certificates obtained from pki.entrouvert.org

  hosts: "{{ target }}"

  gather_facts: False

  vars:

    ansible_user: root

  tasks:

    - copy:

          src: /etc/ssl/certs/*.local.publik.crt

          dest: /etc/ssl/certs/*.local.publik.crt

      ignore-errors: yes

    - copy:

          src: /etc/ssl/private/*.local.publik.key

          dest: /etc/ssl/private/*.local.publik.key

      ignore-errors: yes

    dev.publik:

      ansible_host: 10.0.0.100