Lets fucking go
parent
a8bd509bf3
commit
c01e07e838
10
README.md
10
README.md
|
@ -27,16 +27,6 @@ You shuold firstly specify server in the `invenvtory` file. Then start the root
|
||||||
|
|
||||||
|
|
||||||
## Todo:
|
## Todo:
|
||||||
> So heh, plan is fist run ansible script to setup main server, then when everything is setup, run another ansible script inisde host (wich only one has access to all services)
|
|
||||||
- So from remoe:
|
|
||||||
* setup lxc
|
|
||||||
* setup python
|
|
||||||
* setup ansible
|
|
||||||
* copy ansible files to host
|
|
||||||
* start new ansible script inside ansible script
|
|
||||||
- Then on host
|
|
||||||
* maybe firstly create a wireguard lxc container (inside it docker running wireguard) and forward it to host (create `N(teams)*M(players` configurations) (NOT THE BEST THINIKING MUST FIGURE OUT BETTER) then create N containers with docker services started
|
|
||||||
* then create another lxc container for FORCAD and set it up
|
|
||||||
|
|
||||||
- [x] create N teams
|
- [x] create N teams
|
||||||
- [x] fix docker installation
|
- [x] fix docker installation
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Setup ForcAD infra
|
- name: Setup team Virtual machines
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
|
@ -11,20 +11,20 @@
|
||||||
private: false
|
private: false
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Setup team lxc containers and services
|
- name: Setup team lxc virtual machines and services
|
||||||
include_role:
|
include_role:
|
||||||
name: lxd_teams
|
name: lxd_teams
|
||||||
tasks_from: main
|
tasks_from: main
|
||||||
|
|
||||||
- name: Setup ForcAD infra
|
- name: Setup team services
|
||||||
hosts: just_created
|
hosts: just_created
|
||||||
become: true
|
become: true
|
||||||
connection: lxd
|
connection: ssh
|
||||||
vars_files:
|
vars_files:
|
||||||
- './vars/main.yml'
|
- './vars/main.yml'
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Install docker on all containers
|
- name: Install docker on all vms
|
||||||
include_role:
|
include_role:
|
||||||
name: docker
|
name: docker
|
||||||
tasks_from: main
|
tasks_from: main
|
||||||
|
@ -34,3 +34,33 @@
|
||||||
name: services
|
name: services
|
||||||
tasks_from: main
|
tasks_from: main
|
||||||
|
|
||||||
|
|
||||||
|
- name: Setup main ForcAD vm
|
||||||
|
hosts: localhost
|
||||||
|
become: true
|
||||||
|
vars_files:
|
||||||
|
- './vars/main.yml'
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Setup main ForcAD vm
|
||||||
|
include_role:
|
||||||
|
name: lxd_forcad
|
||||||
|
tasks_from: main
|
||||||
|
|
||||||
|
- name: Setup ForcAD infra
|
||||||
|
hosts: main_forcad_group
|
||||||
|
become: true
|
||||||
|
connection: ssh
|
||||||
|
vars_files:
|
||||||
|
- './vars/main.yml'
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Install docker on all containers
|
||||||
|
include_role:
|
||||||
|
name: docker
|
||||||
|
tasks_from: main
|
||||||
|
|
||||||
|
- name: Setup forcAD
|
||||||
|
include_role:
|
||||||
|
name: forcad
|
||||||
|
tasks_from: main
|
||||||
|
|
|
@ -5,3 +5,10 @@ collections:
|
||||||
|
|
||||||
- name: community.general
|
- name: community.general
|
||||||
version: '5.6.0'
|
version: '5.6.0'
|
||||||
|
|
||||||
|
- name: community.crypto
|
||||||
|
version: '2.8.1'
|
||||||
|
|
||||||
|
- name: ansible.posix
|
||||||
|
version: '1.4.0'
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,12 @@
|
||||||
---
|
---
|
||||||
|
- name: Make sure python and python-venv are installed
|
||||||
|
ansible.builtin.apt:
|
||||||
|
pkg:
|
||||||
|
- tar
|
||||||
|
- unzip
|
||||||
|
- python3
|
||||||
|
- python3-venv
|
||||||
|
- virtualenv
|
||||||
|
|
||||||
- name: Create forcAD directory
|
- name: Create forcAD directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
@ -21,12 +29,6 @@
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
forc_ad_directory: "{{ forc_ad_directory }}/{{ forc_ad_zipfile.split('.z')[0] }}"
|
forc_ad_directory: "{{ forc_ad_directory }}/{{ forc_ad_zipfile.split('.z')[0] }}"
|
||||||
|
|
||||||
- name: Make sure python and python-venv are installed
|
|
||||||
ansible.builtin.apt:
|
|
||||||
pkg:
|
|
||||||
- python3
|
|
||||||
- python3-venv
|
|
||||||
|
|
||||||
- name: Create venv
|
- name: Create venv
|
||||||
ansible.builtin.pip:
|
ansible.builtin.pip:
|
||||||
requirements: "{{ item }}"
|
requirements: "{{ item }}"
|
||||||
|
@ -44,7 +46,13 @@
|
||||||
|
|
||||||
- name: Generate n teams
|
- name: Generate n teams
|
||||||
set_fact: teams="{{ teams|default([]) + [ item ] }}"
|
set_fact: teams="{{ teams|default([]) + [ item ] }}"
|
||||||
loop: "{{ range(1, n_teams|int + 1 , 1) | list }}"
|
loop: "{{ range(0, n_teams|int , 1) | list }}"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
teams_ip: "{{ groups.just_created|
|
||||||
|
map('extract', hostvars, 'ansible_all_ipv4_addresses')|
|
||||||
|
map('first')|
|
||||||
|
list }}"
|
||||||
|
|
||||||
- name: Copy forcAD config
|
- name: Copy forcAD config
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
|
@ -40,7 +40,7 @@ tasks:
|
||||||
|
|
||||||
teams:
|
teams:
|
||||||
{% for team in teams %}
|
{% for team in teams %}
|
||||||
- ip: 192.168.1.{{ team }}
|
- ip: {{ teams_ip[team] }}
|
||||||
name: "Team {{ team }}"
|
name: "Team {{ team }}"
|
||||||
highlighted: true
|
highlighted: true
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
- name: "Create MAIN forcAD vm"
|
||||||
|
community.general.lxd_container:
|
||||||
|
name: "main-forcad-vm"
|
||||||
|
ignore_volatile_options: true
|
||||||
|
state: started
|
||||||
|
type: virtual-machine
|
||||||
|
source:
|
||||||
|
protocol: simplestreams
|
||||||
|
type: image
|
||||||
|
mode: pull
|
||||||
|
server: https://images.linuxcontainers.org
|
||||||
|
alias: ubuntu/22.04/cloud
|
||||||
|
profiles: ["default"]
|
||||||
|
wait_for_ipv4_addresses: true
|
||||||
|
timeout: 600
|
||||||
|
register: lxc_container_create_output
|
||||||
|
|
||||||
|
- name: Make sure ssh_keys directory exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /root/ssh_keys
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa)
|
||||||
|
community.crypto.openssh_keypair:
|
||||||
|
path: "/root/ssh_keys/id_rsa_main_vm"
|
||||||
|
|
||||||
|
- name: Ensure that ssh is installed
|
||||||
|
delegate_to: "main-forcad-vm"
|
||||||
|
connection: lxd
|
||||||
|
ansible.builtin.apt:
|
||||||
|
pkg:
|
||||||
|
- ssh
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Install public key on server
|
||||||
|
delegate_to: "main-forcad-vm"
|
||||||
|
connection: lxd
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: root
|
||||||
|
state: present
|
||||||
|
key: "{{ lookup('file', '/root/ssh_keys/id_rsa_main_vm.pub')}}"
|
||||||
|
|
||||||
|
- name: Enable Root Login
|
||||||
|
delegate_to: "main-forcad-vm"
|
||||||
|
connection: lxd
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
regexp: '^PermitRootLogin'
|
||||||
|
line: "PermitRootLogin yes"
|
||||||
|
state: present
|
||||||
|
backup: yes
|
||||||
|
|
||||||
|
- name: restart ssh daemon
|
||||||
|
delegate_to: "main-forcad-vm"
|
||||||
|
connection: lxd
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: sshd
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- add_host:
|
||||||
|
hostname: "{{ lxc_container_create_output.result.addresses.enp5s0[0] }}"
|
||||||
|
groups: main_forcad_group
|
||||||
|
connection: ssh
|
||||||
|
ansible_ssh_private_key_file: "/root/ssh_keys/id_rsa_main_vm.pub"
|
||||||
|
ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
|
|
@ -1,44 +1,74 @@
|
||||||
---
|
---
|
||||||
- name: Create N started containers
|
- name: "Create {{ n_teams }} started containers"
|
||||||
community.general.lxd_container:
|
community.general.lxd_container:
|
||||||
name: "team{{ item }}"
|
name: "team{{ item }}"
|
||||||
ignore_volatile_options: true
|
ignore_volatile_options: true
|
||||||
state: started
|
state: started
|
||||||
config:
|
type: virtual-machine
|
||||||
"security.nesting": "true"
|
|
||||||
source:
|
source:
|
||||||
protocol: simplestreams
|
protocol: simplestreams
|
||||||
type: image
|
type: image
|
||||||
mode: pull
|
mode: pull
|
||||||
server: https://images.linuxcontainers.org
|
server: https://images.linuxcontainers.org
|
||||||
alias: ubuntu/20.04/cloud
|
alias: ubuntu/22.04/cloud
|
||||||
profiles: ["default"]
|
profiles: ["default"]
|
||||||
wait_for_ipv4_addresses: true
|
wait_for_ipv4_addresses: true
|
||||||
timeout: 600
|
timeout: 600
|
||||||
loop: "{{ range(1, n_teams|int + 1 , 1) | list }}"
|
loop: "{{ range(0, n_teams|int, 1) | list }}"
|
||||||
register: lxc_container_create_output
|
register: lxc_container_create_output
|
||||||
|
|
||||||
#
|
- name: Make sure ssh_keys directory exists
|
||||||
#- name: Check python is installed in container
|
ansible.builtin.file:
|
||||||
# delegate_to: "team{{ item }}"
|
path: /root/ssh_keys
|
||||||
# ansible.builtin.raw: dpkg -s python
|
state: directory
|
||||||
# register: python_install_check
|
mode: '0755'
|
||||||
# failed_when: python_install_check.rc not in [0, 1]
|
|
||||||
# changed_when: false
|
|
||||||
# loop: "{{ range(1, n_teams|int + 1 , 1) | list }}"
|
|
||||||
#
|
|
||||||
#
|
|
||||||
#- name: Install python in container
|
|
||||||
# delegate_to: "team{{ item }}"
|
|
||||||
# ansible.builtin.raw: apt-get install -y python
|
|
||||||
# when: python_install_check.rc == 1
|
|
||||||
# loop: "{{ range(1, n_teams|int + 1 , 1) | list }}"
|
|
||||||
|
|
||||||
- name: h
|
- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa)
|
||||||
debug:
|
community.crypto.openssh_keypair:
|
||||||
msg: "{{ lxc_container_create_output.results[0].invocation.module_args.name }}"
|
path: "/root/ssh_keys/id_rsa_vm_team-{{ item}}"
|
||||||
|
loop: "{{ range(0, n_teams|int, 1) | list }}"
|
||||||
|
|
||||||
|
- name: Ensure that ssh is installed
|
||||||
|
delegate_to: "team{{item}}"
|
||||||
|
connection: lxd
|
||||||
|
ansible.builtin.apt:
|
||||||
|
pkg:
|
||||||
|
- ssh
|
||||||
|
update_cache: true
|
||||||
|
loop: "{{ range(0, n_teams|int, 1) | list }}"
|
||||||
|
|
||||||
|
- name: Install public key on server
|
||||||
|
delegate_to: "team{{item}}"
|
||||||
|
connection: lxd
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: root
|
||||||
|
state: present
|
||||||
|
key: "{{ lookup('file', '/root/ssh_keys/id_rsa_vm_team-{{ item}}.pub')}}"
|
||||||
|
loop: "{{ range(0, n_teams|int , 1) | list }}"
|
||||||
|
|
||||||
|
- name: Enable Root Login
|
||||||
|
delegate_to: "team{{item}}"
|
||||||
|
connection: lxd
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
regexp: '^PermitRootLogin'
|
||||||
|
line: "PermitRootLogin yes"
|
||||||
|
state: present
|
||||||
|
backup: yes
|
||||||
|
loop: "{{ range(0, n_teams|int , 1) | list }}"
|
||||||
|
|
||||||
|
- name: restart ssh daemon
|
||||||
|
delegate_to: "team{{item}}"
|
||||||
|
connection: lxd
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: sshd
|
||||||
|
state: restarted
|
||||||
|
loop: "{{ range(0, n_teams|int , 1) | list }}"
|
||||||
|
|
||||||
- add_host:
|
- add_host:
|
||||||
hostname: "{{ lxc_container_create_output.results[item].invocation.module_args.name }}"
|
hostname: "{{ lxc_container_create_output.results[item].addresses.enp5s0[0] }}"
|
||||||
groups: just_created
|
groups: just_created
|
||||||
|
connection: ssh
|
||||||
|
ansible_ssh_private_key_file: "/root/ssh_keys/id_rsa_vm_team-{{ item }}"
|
||||||
|
ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
|
||||||
loop: "{{ range(0, n_teams|int, 1) | list }}"
|
loop: "{{ range(0, n_teams|int, 1) | list }}"
|
||||||
|
|
|
@ -15,9 +15,8 @@
|
||||||
# maybe list the services in directory firstly, for now its ok
|
# maybe list the services in directory firstly, for now its ok
|
||||||
|
|
||||||
- name: Start services
|
- name: Start services
|
||||||
community.docker.docker_compose:
|
ansible.builtin.shell: "docker-compose -f /root/services/{{ item }}/service/docker-compose.yml up -d"
|
||||||
project_src: "/root/services/{{ item }}/service"
|
|
||||||
state: present
|
|
||||||
with_items:
|
with_items:
|
||||||
- BabySql
|
- Dummy
|
||||||
|
- HashMePlease
|
||||||
|
|
||||||
|
|
|
@ -14,3 +14,6 @@ admin_password: 'forcad420'
|
||||||
|
|
||||||
# Startime for the game
|
# Startime for the game
|
||||||
start_time: '2019-11-30 15:30:00'
|
start_time: '2019-11-30 15:30:00'
|
||||||
|
|
||||||
|
## delete this
|
||||||
|
n_teams: 2
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
[forc_ad]
|
[forc_ad]
|
||||||
192.168.88.160 ansible_connection=ssh ansible_user=root ansible_ssh_pass=root
|
192.168.88.181 ansible_connection=ssh ansible_user=root ansible_ssh_pass=root
|
||||||
|
|
|
@ -1,35 +1,35 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
# - name: Make sure apt packages are available
|
- name: Make sure apt packages are available
|
||||||
# ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
# pkg:
|
pkg:
|
||||||
# - python3
|
- python3
|
||||||
# - python3-venv
|
- python3-venv
|
||||||
# - python3-pip
|
- python3-pip
|
||||||
# - virtualenv
|
- virtualenv
|
||||||
# - snap
|
- snap
|
||||||
# update_cache: true
|
update_cache: true
|
||||||
#
|
|
||||||
# - name: Ensure lxd is installed
|
|
||||||
# community.general.snap:
|
|
||||||
# name:
|
|
||||||
# - lxd
|
|
||||||
#
|
|
||||||
# - name: Run lxd init
|
|
||||||
# ansible.builtin.command:
|
|
||||||
# cmd: 'lxd init --auto'
|
|
||||||
#
|
|
||||||
# - name: Create a project directory
|
|
||||||
# ansible.builtin.file:
|
|
||||||
# path: /root/deploy
|
|
||||||
# state: directory
|
|
||||||
# mode: '0755'
|
|
||||||
|
|
||||||
#- name: Copy project directory
|
- name: Ensure lxd is installed
|
||||||
# ansible.builtin.copy:
|
community.general.snap:
|
||||||
# src: '../../../../containers_init'
|
name:
|
||||||
# dest: /root/deploy
|
- lxd
|
||||||
# mode: '0655'
|
|
||||||
|
- name: Run lxd init
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: 'lxd init --auto'
|
||||||
|
|
||||||
|
- name: Create a project directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /root/deploy
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Copy project directory
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: '../../../../containers_init'
|
||||||
|
dest: /root/deploy
|
||||||
|
mode: '0655'
|
||||||
|
|
||||||
- name: Create venv ans install requirements
|
- name: Create venv ans install requirements
|
||||||
ansible.builtin.pip:
|
ansible.builtin.pip:
|
||||||
|
|
Loading…
Reference in New Issue