spanskiduh
/
forc_ad_automated
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Lets fucking go

main
Gasper Spagnolo 2022-11-08 21:19:47 +01:00
parent a8bd509bf3
commit c01e07e838
11 changed files with 215 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -27,16 +27,6 @@ You shuold firstly specify server in the `invenvtory` file. Then start the root
## Todo:
> So heh, plan is fist run ansible script to setup main server, then when everything is setup, run another ansible script inisde host (wich only one has access to all services)
- So from remoe:
* setup lxc
* setup python
* setup ansible
* copy ansible files to host
* start new ansible script inside ansible script
- Then on host
* maybe firstly create a wireguard lxc container (inside it docker running wireguard) and forward it to host (create `N(teams)*M(players` configurations) (NOT THE BEST THINIKING MUST FIGURE OUT BETTER) then create N containers with docker services started
* then create another lxc container for FORCAD and set it up
- [x] create N teams
- [x] fix docker installation

40
containers_init/deploy_forcad.yml
View File

@ -1,5 +1,5 @@
---
- name: Setup ForcAD infra
- name: Setup team Virtual machines
hosts: localhost
become: true
vars_files:
@ -11,20 +11,20 @@
private: false
tasks:
- name: Setup team lxc containers and services
- name: Setup team lxc virtual machines and services
include_role:
name: lxd_teams
tasks_from: main
- name: Setup ForcAD infra
- name: Setup team services
hosts: just_created
become: true
connection: lxd
connection: ssh
vars_files:
- './vars/main.yml'
tasks:
- name: Install docker on all containers
- name: Install docker on all vms
include_role:
name: docker
tasks_from: main
@ -34,3 +34,33 @@
name: services
tasks_from: main
- name: Setup main ForcAD vm
hosts: localhost
become: true
vars_files:
- './vars/main.yml'
tasks:
- name: Setup main ForcAD vm
include_role:
name: lxd_forcad
tasks_from: main
- name: Setup ForcAD infra
hosts: main_forcad_group
become: true
connection: ssh
vars_files:
- './vars/main.yml'
tasks:
- name: Install docker on all containers
include_role:
name: docker
tasks_from: main
- name: Setup forcAD
include_role:
name: forcad
tasks_from: main

7
containers_init/requirements.yml
View File

@ -5,3 +5,10 @@ collections:
- name: community.general
version: '5.6.0'
- name: community.crypto
version: '2.8.1'
- name: ansible.posix
version: '1.4.0'

22
containers_init/roles/forcad/tasks/main.yml
View File

@ -1,4 +1,12 @@
---
- name: Make sure python and python-venv are installed
ansible.builtin.apt:
pkg:
- tar
- unzip
- python3
- python3-venv
- virtualenv
- name: Create forcAD directory
ansible.builtin.file:
@ -21,12 +29,6 @@
ansible.builtin.set_fact:
forc_ad_directory: "{{ forc_ad_directory }}/{{ forc_ad_zipfile.split('.z')[0] }}"
- name: Make sure python and python-venv are installed
ansible.builtin.apt:
pkg:
- python3
- python3-venv
- name: Create venv
ansible.builtin.pip:
requirements: "{{ item }}"
@ -44,7 +46,13 @@
- name: Generate n teams
set_fact: teams="{{ teams|default([]) + [ item ] }}"
loop: "{{ range(1, n_teams|int + 1 , 1) | list }}"
loop: "{{ range(0, n_teams|int , 1) | list }}"
- set_fact:
teams_ip: "{{ groups.just_created|
map('extract', hostvars, 'ansible_all_ipv4_addresses')|
map('first')|
list }}"
- name: Copy forcAD config
ansible.builtin.template:

2
containers_init/roles/forcad/templates/config.yml.j2
View File

@ -40,7 +40,7 @@ tasks:
teams:
{% for team in teams %}
- ip: 192.168.1.{{ team }}
- ip: {{ teams_ip[team] }}
name: "Team {{ team }}"
highlighted: true
{% endfor %}

67
containers_init/roles/lxd_forcad/tasks/main.yml Normal file
View File

@ -0,0 +1,67 @@
---
- name: "Create MAIN forcAD vm"
community.general.lxd_container:
name: "main-forcad-vm"
ignore_volatile_options: true
state: started
type: virtual-machine
source:
protocol: simplestreams
type: image
mode: pull
server: https://images.linuxcontainers.org
alias: ubuntu/22.04/cloud
profiles: ["default"]
wait_for_ipv4_addresses: true
timeout: 600
register: lxc_container_create_output
- name: Make sure ssh_keys directory exists
ansible.builtin.file:
path: /root/ssh_keys
state: directory
mode: '0755'
- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa)
community.crypto.openssh_keypair:
path: "/root/ssh_keys/id_rsa_main_vm"
- name: Ensure that ssh is installed
delegate_to: "main-forcad-vm"
connection: lxd
ansible.builtin.apt:
pkg:
- ssh
update_cache: true
- name: Install public key on server
delegate_to: "main-forcad-vm"
connection: lxd
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/ssh_keys/id_rsa_main_vm.pub')}}"
- name: Enable Root Login
delegate_to: "main-forcad-vm"
connection: lxd
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: "PermitRootLogin yes"
state: present
backup: yes
- name: restart ssh daemon
delegate_to: "main-forcad-vm"
connection: lxd
ansible.builtin.service:
name: sshd
state: restarted
- add_host:
hostname: "{{ lxc_container_create_output.result.addresses.enp5s0[0] }}"
groups: main_forcad_group
connection: ssh
ansible_ssh_private_key_file: "/root/ssh_keys/id_rsa_main_vm.pub"
ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"

78
containers_init/roles/lxd_teams/tasks/main.yml
View File

@ -1,44 +1,74 @@
---
- name: Create N started containers
- name: "Create {{ n_teams }} started containers"
community.general.lxd_container:
name: "team{{ item }}"
ignore_volatile_options: true
state: started
config:
"security.nesting": "true"
type: virtual-machine
source:
protocol: simplestreams
type: image
mode: pull
server: https://images.linuxcontainers.org
alias: ubuntu/20.04/cloud
alias: ubuntu/22.04/cloud
profiles: ["default"]
wait_for_ipv4_addresses: true
timeout: 600
loop: "{{ range(1, n_teams|int + 1 , 1) | list }}"
loop: "{{ range(0, n_teams|int, 1) | list }}"
register: lxc_container_create_output
#
#- name: Check python is installed in container
# delegate_to: "team{{ item }}"
# ansible.builtin.raw: dpkg -s python
# register: python_install_check
# failed_when: python_install_check.rc not in [0, 1]
# changed_when: false
# loop: "{{ range(1, n_teams|int + 1 , 1) | list }}"
#
#
#- name: Install python in container
# delegate_to: "team{{ item }}"
# ansible.builtin.raw: apt-get install -y python
# when: python_install_check.rc == 1
# loop: "{{ range(1, n_teams|int + 1 , 1) | list }}"
- name: Make sure ssh_keys directory exists
ansible.builtin.file:
path: /root/ssh_keys
state: directory
mode: '0755'
- name: h
debug:
msg: "{{ lxc_container_create_output.results[0].invocation.module_args.name }}"
- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa)
community.crypto.openssh_keypair:
path: "/root/ssh_keys/id_rsa_vm_team-{{ item}}"
loop: "{{ range(0, n_teams|int, 1) | list }}"
- name: Ensure that ssh is installed
delegate_to: "team{{item}}"
connection: lxd
ansible.builtin.apt:
pkg:
- ssh
update_cache: true
loop: "{{ range(0, n_teams|int, 1) | list }}"
- name: Install public key on server
delegate_to: "team{{item}}"
connection: lxd
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/ssh_keys/id_rsa_vm_team-{{ item}}.pub')}}"
loop: "{{ range(0, n_teams|int , 1) | list }}"
- name: Enable Root Login
delegate_to: "team{{item}}"
connection: lxd
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: "PermitRootLogin yes"
state: present
backup: yes
loop: "{{ range(0, n_teams|int , 1) | list }}"
- name: restart ssh daemon
delegate_to: "team{{item}}"
connection: lxd
ansible.builtin.service:
name: sshd
state: restarted
loop: "{{ range(0, n_teams|int , 1) | list }}"
- add_host:
hostname: "{{ lxc_container_create_output.results[item].invocation.module_args.name }}"
hostname: "{{ lxc_container_create_output.results[item].addresses.enp5s0[0] }}"
groups: just_created
connection: ssh
ansible_ssh_private_key_file: "/root/ssh_keys/id_rsa_vm_team-{{ item }}"
ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
loop: "{{ range(0, n_teams|int, 1) | list }}"

7
containers_init/roles/services/tasks/main.yml
View File

@ -15,9 +15,8 @@
# maybe list the services in directory firstly, for now its ok
- name: Start services
community.docker.docker_compose:
project_src: "/root/services/{{ item }}/service"
state: present
ansible.builtin.shell: "docker-compose -f /root/services/{{ item }}/service/docker-compose.yml up -d"
with_items:
- BabySql
- Dummy
- HashMePlease

3
containers_init/vars/main.yml
View File

@ -14,3 +14,6 @@ admin_password: 'forcad420'
# Startime for the game
start_time: '2019-11-30 15:30:00'
## delete this
n_teams: 2

2
server_init/inventory
View File

@ -1,2 +1,2 @@
[forc_ad]
192.168.88.160 ansible_connection=ssh ansible_user=root ansible_ssh_pass=root
192.168.88.181 ansible_connection=ssh ansible_user=root ansible_ssh_pass=root

58
server_init/roles/ansible_lxd/tasks/main.yml
View File

@ -1,35 +1,35 @@
---
# - name: Make sure apt packages are available
# ansible.builtin.apt:
# pkg:
# - python3
# - python3-venv
# - python3-pip
# - virtualenv
# - snap
# update_cache: true
#
# - name: Ensure lxd is installed
# community.general.snap:
# name:
# - lxd
#
# - name: Run lxd init
# ansible.builtin.command:
# cmd: 'lxd init --auto'
#
# - name: Create a project directory
# ansible.builtin.file:
# path: /root/deploy
# state: directory
# mode: '0755'
- name: Make sure apt packages are available
ansible.builtin.apt:
pkg:
- python3
- python3-venv
- python3-pip
- virtualenv
- snap
update_cache: true
#- name: Copy project directory
# ansible.builtin.copy:
# src: '../../../../containers_init'
# dest: /root/deploy
# mode: '0655'
- name: Ensure lxd is installed
community.general.snap:
name:
- lxd
- name: Run lxd init
ansible.builtin.command:
cmd: 'lxd init --auto'
- name: Create a project directory
ansible.builtin.file:
path: /root/deploy
state: directory
mode: '0755'
- name: Copy project directory
ansible.builtin.copy:
src: '../../../../containers_init'
dest: /root/deploy
mode: '0655'
- name: Create venv ans install requirements
ansible.builtin.pip: