create-droplet-playbook.yml 7.33 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
################################################
## This playbook has 3 steps:
##  1) Create Droplet on DigitalOcean & Update inventory / ssh config
##  2) Create new User account on Droplet
##  3) Install Software w/ new User account
##
##
## These steps are run on different machines w/ different users:
##  1) Create Droplet ...
##     -> Runs on: Localhost
##     ->      as: Current user
##  2) Create new User account ...
##     -> Runs on: Newly Created Droplet
##     ->      as: root
##  3) Install Software ...
##     -> Runs on: Newly Created  Droplet
##     ->      as: Newly Created User


#####################################################################
###                           STEP 1                               ##
### Create Droplet on DigitalOcean & Update inventory / ssh config ##
###                                                                ##
###      Host: Localhost                                           ##
###  SSH User: Current user                                        ##
#####################################################################
# `droplet_name`      need to be passed as `--extra-var` !!
# `droplet_spec_name` need to be passed as `--extra-var` !!
29
- hosts: localhost
30
  remote_user: root
31

32
  tasks:
33
    - name: "Ensure required parameters - via config"
34
      assert:
35
36
37
38
39
40
41
42
43
        that: 
          - do_token != ""
          - ssh_pub_key_name_on_digitalocean != ""
          - ssh_pub_key_to_load_on_droplet != ""
          - do_token != ""
          - user_to_create_username != ""
          - user_to_create_default_password != ""
        msg: "'do_token', 'ssh_pub_key_name_on_digitalocean', 'ssh_pub_key_to_load_on_droplet', 'do_token', 'user_to_create_username' and 'user_to_create_default_password' must be set in the configuration"
    - name: "Ensure required parameters - via --extra-vars"
44
      assert:
45
46
47
48
        that: 
          - droplet_name != ""
          - droplet_spec_name != ""
        msg: "'droplet_name' and 'droplet_spec_name' must be passed as parameters with '--extra-vars'"
49

50
51
52
53
54
    - name: "Load the specs of the droplet to create"
      include_role:
        name: load-droplet-specs
      vars:
        droplet_spec_name: droplet_spec_name
55

56
    - name: "Ensure SSH Key exists at DigitalOcean"
57
58
59
      digital_ocean:
        command: ssh
        state: present
Florian Kempenich's avatar
Florian Kempenich committed
60
        name: "{{ ssh_pub_key_name_on_digitalocean }}"
61
        ssh_pub_key: "{{ ssh_pub_key_to_load_on_droplet }}"
62
63
64
65
66
67
68
69
70
71
72
        api_token: "{{ do_token }}"
      register: ssh_key_on_do

    - name: "Create Droplet: \"{{ droplet_name }}\""
      digital_ocean:
        api_token: "{{ do_token }}"
        command: droplet
        ssh_key_ids: "{{ ssh_key_on_do.ssh_key.id }}"
        unique_name: yes
        state: present
        name: "{{ droplet_name }}"
73
74
75
        size_id: "{{ droplet_specs.size }}"
        region_id: "{{ droplet_specs.region }}"
        image_id: "{{ droplet_specs.image }}"
76
77
78
79
80
81
      register: created

    - name: "Add Host in `.ssh/config`. For SSH Quick-Access ==> `ssh {{ droplet_name }}`"
      blockinfile:
        path: "{{ ansible_env.HOME }}/.ssh/config"
        state: present
82
        marker: "### ANSIBLE MANAGED - DigitalOcean Droplet: '{{ droplet_name }}' - {mark} #######################"
83
84
85
        block: |
          Host {{ droplet_name }}
            Hostname {{ created.droplet.ip_address }}
86
            User {{ user_to_create_username }}
87

88
    - name: "Add Droplet as Ansible Host in `~/.ansible-droplet-inventory`"
89
      blockinfile:
90
        path: "{{ ansible_env.HOME }}/.ansible-droplet-inventory"
91
92
        state: present
        create: yes
93
        marker: "### ANSIBLE MANAGED - DigitalOcean Droplet: '{{ droplet_name }}' - {mark} #######################"
94
        block: "{{ droplet_name }} ansible_host={{ created.droplet.ip_address }} ansible_user={{ user_to_create_username }} ansible_python_interpreter=/usr/bin/python3"
95
96
97
98
99

    - name: "Refresh inventory"
      meta: refresh_inventory


100
101
102
103
104
105
106
107

#####################################################################
###                           STEP 2                               ##
###              Create new User account on Droplet                ##
###                                                                ##
###      Host: Newly Created Droplet                               ##
###  SSH User: root                                                ##
#####################################################################
108
109
- hosts: "{{ droplet_name }}"
  gather_facts: False
110
111
112
113
114
  vars:
    # If using `remote_user` at the same level as `hosts`, it would 
    # not override the `ansible_user` variable from the inventory
    ansible_user: root

115
116
117
118
119
120
121
122
  tasks:
    - name: "Wait for Droplet available"
      wait_for_connection:
        timeout: 60

    - name: "Gather Facts"
      setup: 

Florian Kempenich's avatar
Florian Kempenich committed
123
124
125
126
127
128
129
130
131
132
133
134
    - name: "Load Swap size from specs of the droplet to create"
      include_role:
        name: load-droplet-specs
      vars:
        droplet_spec_name: droplet_spec_name

    - name: "Add Swap"
      include_role:
        name: kamaln7.swapfile
      vars:
        swapfile_size: "{{ droplet_specs.swap }}"

135
    - name: "Create new sudo user w/ default password"
136
      include_role:
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
        name: create-new-sudo-user
      vars:
        username: "{{ user_to_create_username }}"
        default_password: "{{ user_to_create_default_password }}"
        authorized_ssh_key: "{{ ssh_pub_key_to_load_on_droplet }}"



#####################################################################
###                           STEP 3                               ##
###            Install Software w/ new User account                ##
###                                                                ##
###      Host: Newly Created Droplet                               ##
###  SSH User: Newly Created User                                  ##
#####################################################################
- hosts: "{{ droplet_name }}"
  gather_facts: False
  vars:
    # If using `remote_user` at the same level as `hosts`, it would 
    # not override the `ansible_user` variable from the inventory
    ansible_user: "{{ user_to_create_username }}"
Florian Kempenich's avatar
Florian Kempenich committed
158
    ansible_become_pass: "{{ user_to_create_default_password }}"
159
160

  tasks:
Florian Kempenich's avatar
Florian Kempenich committed
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
    - name: Try Block
      block:
        # TODO: Fix Glances installation (or remove, but be sure to re-locate the daemon part!!)
        # TODO: Fix Glances installation (or remove, but be sure to re-locate the daemon part!!)
        # TODO: Fix Glances installation (or remove, but be sure to re-locate the daemon part!!)
        # - name: "Install Glances Webserver as a service"
        #   include_role:
        #     name: glances

        - name: "Enable advanced metrics on DigitalOcean"
          shell: "curl -sSL https://agent.digitalocean.com/install.sh | sh"
          become: yes

        - debug:
            msg:
            - "Droplet '{{ droplet_name }}' succesfuly created"
            - ""
            - "IP = {{ ansible_default_ipv4.address }}"
            - "User = {{ user_to_create_username }}"
            - "Password = {{ user_to_create_default_password }}"
            - ""
            - "You can now ssh to the droplet with `ssh {{ droplet_name }}`"
            - "Don't forget to change the default password!"
      rescue:
        - debug:
            msg:
              - "Problem during setup!"
              - "Is it the first time this is ran?"
              - "If not, did you change the sudo password for the default user?"