diff --git a/README.md b/README.md index 44bce00..7ed90ce 100644 --- a/README.md +++ b/README.md @@ -27,16 +27,6 @@ You shuold firstly specify server in the `invenvtory` file. Then start the root ## Todo: -> So heh, plan is fist run ansible script to setup main server, then when everything is setup, run another ansible script inisde host (wich only one has access to all services) -- So from remoe: - * setup lxc - * setup python - * setup ansible - * copy ansible files to host - * start new ansible script inside ansible script -- Then on host - * maybe firstly create a wireguard lxc container (inside it docker running wireguard) and forward it to host (create `N(teams)*M(players` configurations) (NOT THE BEST THINIKING MUST FIGURE OUT BETTER) then create N containers with docker services started - * then create another lxc container for FORCAD and set it up - [x] create N teams - [x] fix docker installation diff --git a/containers_init/deploy_forcad.yml b/containers_init/deploy_forcad.yml index a606992..23c6419 100644 --- a/containers_init/deploy_forcad.yml +++ b/containers_init/deploy_forcad.yml @@ -1,5 +1,5 @@ --- -- name: Setup ForcAD infra +- name: Setup team Virtual machines hosts: localhost become: true vars_files: @@ -11,20 +11,20 @@ private: false tasks: - - name: Setup team lxc containers and services + - name: Setup team lxc virtual machines and services include_role: name: lxd_teams tasks_from: main -- name: Setup ForcAD infra +- name: Setup team services hosts: just_created become: true - connection: lxd + connection: ssh vars_files: - './vars/main.yml' tasks: - - name: Install docker on all containers + - name: Install docker on all vms include_role: name: docker tasks_from: main @@ -34,3 +34,33 @@ name: services tasks_from: main + +- name: Setup main ForcAD vm + hosts: localhost + become: true + vars_files: + - './vars/main.yml' + + tasks: + - name: Setup main ForcAD vm + include_role: + name: lxd_forcad + tasks_from: main + +- name: Setup ForcAD infra + hosts: main_forcad_group + become: true + connection: ssh + vars_files: + - './vars/main.yml' + + tasks: + - name: Install docker on all containers + include_role: + name: docker + tasks_from: main + + - name: Setup forcAD + include_role: + name: forcad + tasks_from: main diff --git a/containers_init/requirements.yml b/containers_init/requirements.yml index 7890fdf..1f7179f 100644 --- a/containers_init/requirements.yml +++ b/containers_init/requirements.yml @@ -5,3 +5,10 @@ collections: - name: community.general version: '5.6.0' + + - name: community.crypto + version: '2.8.1' + + - name: ansible.posix + version: '1.4.0' + diff --git a/containers_init/roles/forcad/tasks/main.yml b/containers_init/roles/forcad/tasks/main.yml index 376180c..475bcd4 100644 --- a/containers_init/roles/forcad/tasks/main.yml +++ b/containers_init/roles/forcad/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: Make sure python and python-venv are installed + ansible.builtin.apt: + pkg: + - tar + - unzip + - python3 + - python3-venv + - virtualenv - name: Create forcAD directory ansible.builtin.file: @@ -21,12 +29,6 @@ ansible.builtin.set_fact: forc_ad_directory: "{{ forc_ad_directory }}/{{ forc_ad_zipfile.split('.z')[0] }}" -- name: Make sure python and python-venv are installed - ansible.builtin.apt: - pkg: - - python3 - - python3-venv - - name: Create venv ansible.builtin.pip: requirements: "{{ item }}" @@ -44,7 +46,13 @@ - name: Generate n teams set_fact: teams="{{ teams|default([]) + [ item ] }}" - loop: "{{ range(1, n_teams|int + 1 , 1) | list }}" + loop: "{{ range(0, n_teams|int , 1) | list }}" + +- set_fact: + teams_ip: "{{ groups.just_created| + map('extract', hostvars, 'ansible_all_ipv4_addresses')| + map('first')| + list }}" - name: Copy forcAD config ansible.builtin.template: diff --git a/containers_init/roles/forcad/templates/config.yml.j2 b/containers_init/roles/forcad/templates/config.yml.j2 index 94f2f33..d8f7d97 100644 --- a/containers_init/roles/forcad/templates/config.yml.j2 +++ b/containers_init/roles/forcad/templates/config.yml.j2 @@ -40,7 +40,7 @@ tasks: teams: {% for team in teams %} - - ip: 192.168.1.{{ team }} + - ip: {{ teams_ip[team] }} name: "Team {{ team }}" highlighted: true {% endfor %} diff --git a/containers_init/roles/lxd_forcad/tasks/main.yml b/containers_init/roles/lxd_forcad/tasks/main.yml new file mode 100644 index 0000000..fcf83f7 --- /dev/null +++ b/containers_init/roles/lxd_forcad/tasks/main.yml @@ -0,0 +1,67 @@ +--- +- name: "Create MAIN forcAD vm" + community.general.lxd_container: + name: "main-forcad-vm" + ignore_volatile_options: true + state: started + type: virtual-machine + source: + protocol: simplestreams + type: image + mode: pull + server: https://images.linuxcontainers.org + alias: ubuntu/22.04/cloud + profiles: ["default"] + wait_for_ipv4_addresses: true + timeout: 600 + register: lxc_container_create_output + +- name: Make sure ssh_keys directory exists + ansible.builtin.file: + path: /root/ssh_keys + state: directory + mode: '0755' + +- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa) + community.crypto.openssh_keypair: + path: "/root/ssh_keys/id_rsa_main_vm" + +- name: Ensure that ssh is installed + delegate_to: "main-forcad-vm" + connection: lxd + ansible.builtin.apt: + pkg: + - ssh + update_cache: true + +- name: Install public key on server + delegate_to: "main-forcad-vm" + connection: lxd + ansible.posix.authorized_key: + user: root + state: present + key: "{{ lookup('file', '/root/ssh_keys/id_rsa_main_vm.pub')}}" + +- name: Enable Root Login + delegate_to: "main-forcad-vm" + connection: lxd + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitRootLogin' + line: "PermitRootLogin yes" + state: present + backup: yes + +- name: restart ssh daemon + delegate_to: "main-forcad-vm" + connection: lxd + ansible.builtin.service: + name: sshd + state: restarted + +- add_host: + hostname: "{{ lxc_container_create_output.result.addresses.enp5s0[0] }}" + groups: main_forcad_group + connection: ssh + ansible_ssh_private_key_file: "/root/ssh_keys/id_rsa_main_vm.pub" + ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" diff --git a/containers_init/roles/lxd_teams/tasks/main.yml b/containers_init/roles/lxd_teams/tasks/main.yml index 39f072b..52bad73 100644 --- a/containers_init/roles/lxd_teams/tasks/main.yml +++ b/containers_init/roles/lxd_teams/tasks/main.yml @@ -1,44 +1,74 @@ --- -- name: Create N started containers +- name: "Create {{ n_teams }} started containers" community.general.lxd_container: name: "team{{ item }}" ignore_volatile_options: true state: started - config: - "security.nesting": "true" + type: virtual-machine source: protocol: simplestreams type: image mode: pull server: https://images.linuxcontainers.org - alias: ubuntu/20.04/cloud + alias: ubuntu/22.04/cloud profiles: ["default"] wait_for_ipv4_addresses: true timeout: 600 - loop: "{{ range(1, n_teams|int + 1 , 1) | list }}" + loop: "{{ range(0, n_teams|int, 1) | list }}" register: lxc_container_create_output -# -#- name: Check python is installed in container -# delegate_to: "team{{ item }}" -# ansible.builtin.raw: dpkg -s python -# register: python_install_check -# failed_when: python_install_check.rc not in [0, 1] -# changed_when: false -# loop: "{{ range(1, n_teams|int + 1 , 1) | list }}" -# -# -#- name: Install python in container -# delegate_to: "team{{ item }}" -# ansible.builtin.raw: apt-get install -y python -# when: python_install_check.rc == 1 -# loop: "{{ range(1, n_teams|int + 1 , 1) | list }}" +- name: Make sure ssh_keys directory exists + ansible.builtin.file: + path: /root/ssh_keys + state: directory + mode: '0755' -- name: h - debug: - msg: "{{ lxc_container_create_output.results[0].invocation.module_args.name }}" +- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa) + community.crypto.openssh_keypair: + path: "/root/ssh_keys/id_rsa_vm_team-{{ item}}" + loop: "{{ range(0, n_teams|int, 1) | list }}" + +- name: Ensure that ssh is installed + delegate_to: "team{{item}}" + connection: lxd + ansible.builtin.apt: + pkg: + - ssh + update_cache: true + loop: "{{ range(0, n_teams|int, 1) | list }}" + +- name: Install public key on server + delegate_to: "team{{item}}" + connection: lxd + ansible.posix.authorized_key: + user: root + state: present + key: "{{ lookup('file', '/root/ssh_keys/id_rsa_vm_team-{{ item}}.pub')}}" + loop: "{{ range(0, n_teams|int , 1) | list }}" + +- name: Enable Root Login + delegate_to: "team{{item}}" + connection: lxd + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitRootLogin' + line: "PermitRootLogin yes" + state: present + backup: yes + loop: "{{ range(0, n_teams|int , 1) | list }}" + +- name: restart ssh daemon + delegate_to: "team{{item}}" + connection: lxd + ansible.builtin.service: + name: sshd + state: restarted + loop: "{{ range(0, n_teams|int , 1) | list }}" - add_host: - hostname: "{{ lxc_container_create_output.results[item].invocation.module_args.name }}" + hostname: "{{ lxc_container_create_output.results[item].addresses.enp5s0[0] }}" groups: just_created + connection: ssh + ansible_ssh_private_key_file: "/root/ssh_keys/id_rsa_vm_team-{{ item }}" + ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" loop: "{{ range(0, n_teams|int, 1) | list }}" diff --git a/containers_init/roles/services/tasks/main.yml b/containers_init/roles/services/tasks/main.yml index 6deb910..08d82fd 100644 --- a/containers_init/roles/services/tasks/main.yml +++ b/containers_init/roles/services/tasks/main.yml @@ -15,9 +15,8 @@ # maybe list the services in directory firstly, for now its ok - name: Start services - community.docker.docker_compose: - project_src: "/root/services/{{ item }}/service" - state: present + ansible.builtin.shell: "docker-compose -f /root/services/{{ item }}/service/docker-compose.yml up -d" with_items: - - BabySql + - Dummy + - HashMePlease diff --git a/containers_init/vars/main.yml b/containers_init/vars/main.yml index 721f839..7df2620 100644 --- a/containers_init/vars/main.yml +++ b/containers_init/vars/main.yml @@ -14,3 +14,6 @@ admin_password: 'forcad420' # Startime for the game start_time: '2019-11-30 15:30:00' + +## delete this +n_teams: 2 diff --git a/server_init/inventory b/server_init/inventory index 54d9064..24dd54b 100644 --- a/server_init/inventory +++ b/server_init/inventory @@ -1,2 +1,2 @@ [forc_ad] -192.168.88.160 ansible_connection=ssh ansible_user=root ansible_ssh_pass=root +192.168.88.181 ansible_connection=ssh ansible_user=root ansible_ssh_pass=root diff --git a/server_init/roles/ansible_lxd/tasks/main.yml b/server_init/roles/ansible_lxd/tasks/main.yml index bf00672..37f1c57 100644 --- a/server_init/roles/ansible_lxd/tasks/main.yml +++ b/server_init/roles/ansible_lxd/tasks/main.yml @@ -1,35 +1,35 @@ --- -# - name: Make sure apt packages are available -# ansible.builtin.apt: -# pkg: -# - python3 -# - python3-venv -# - python3-pip -# - virtualenv -# - snap -# update_cache: true -# -# - name: Ensure lxd is installed -# community.general.snap: -# name: -# - lxd -# -# - name: Run lxd init -# ansible.builtin.command: -# cmd: 'lxd init --auto' -# -# - name: Create a project directory -# ansible.builtin.file: -# path: /root/deploy -# state: directory -# mode: '0755' +- name: Make sure apt packages are available + ansible.builtin.apt: + pkg: + - python3 + - python3-venv + - python3-pip + - virtualenv + - snap + update_cache: true -#- name: Copy project directory -# ansible.builtin.copy: -# src: '../../../../containers_init' -# dest: /root/deploy -# mode: '0655' +- name: Ensure lxd is installed + community.general.snap: + name: + - lxd + +- name: Run lxd init + ansible.builtin.command: + cmd: 'lxd init --auto' + +- name: Create a project directory + ansible.builtin.file: + path: /root/deploy + state: directory + mode: '0755' + +- name: Copy project directory + ansible.builtin.copy: + src: '../../../../containers_init' + dest: /root/deploy + mode: '0655' - name: Create venv ans install requirements ansible.builtin.pip: