create-droplet-playbook.yml 5.83 KB
Newer Older
1
################################################
Florian Kempenich's avatar
Florian Kempenich committed
2
## This playbook has 2 steps:
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
##  1) Create Droplet on DigitalOcean & Update inventory / ssh config
##  2) Create new User account on Droplet
##
##
## These steps are run on different machines w/ different users:
##  1) Create Droplet ...
##     -> Runs on: Localhost
##     ->      as: Current user
##  2) Create new User account ...
##     -> Runs on: Newly Created Droplet
##     ->      as: root


#####################################################################
###                           STEP 1                               ##
### Create Droplet on DigitalOcean & Update inventory / ssh config ##
###                                                                ##
###      Host: Localhost                                           ##
###  SSH User: Current user                                        ##
#####################################################################
# `droplet_name`      need to be passed as `--extra-var` !!
# `droplet_spec_name` need to be passed as `--extra-var` !!
25
- hosts: localhost
26
  remote_user: root
27

28
  tasks:
29
    - name: "Ensure required parameters - via config"
30
      assert:
31
32
33
34
35
36
37
38
39
        that: 
          - do_token != ""
          - ssh_pub_key_name_on_digitalocean != ""
          - ssh_pub_key_to_load_on_droplet != ""
          - do_token != ""
          - user_to_create_username != ""
          - user_to_create_default_password != ""
        msg: "'do_token', 'ssh_pub_key_name_on_digitalocean', 'ssh_pub_key_to_load_on_droplet', 'do_token', 'user_to_create_username' and 'user_to_create_default_password' must be set in the configuration"
    - name: "Ensure required parameters - via --extra-vars"
40
      assert:
41
42
43
44
        that: 
          - droplet_name != ""
          - droplet_spec_name != ""
        msg: "'droplet_name' and 'droplet_spec_name' must be passed as parameters with '--extra-vars'"
45

46
47
48
49
50
    - name: "Load the specs of the droplet to create"
      include_role:
        name: load-droplet-specs
      vars:
        droplet_spec_name: droplet_spec_name
51

52
    - name: "Ensure SSH Key exists at DigitalOcean"
53
54
55
      digital_ocean:
        command: ssh
        state: present
Florian Kempenich's avatar
Florian Kempenich committed
56
        name: "{{ ssh_pub_key_name_on_digitalocean }}"
57
        ssh_pub_key: "{{ ssh_pub_key_to_load_on_droplet }}"
58
59
60
61
62
63
64
65
66
67
68
        api_token: "{{ do_token }}"
      register: ssh_key_on_do

    - name: "Create Droplet: \"{{ droplet_name }}\""
      digital_ocean:
        api_token: "{{ do_token }}"
        command: droplet
        ssh_key_ids: "{{ ssh_key_on_do.ssh_key.id }}"
        unique_name: yes
        state: present
        name: "{{ droplet_name }}"
69
70
71
        size_id: "{{ droplet_specs.size }}"
        region_id: "{{ droplet_specs.region }}"
        image_id: "{{ droplet_specs.image }}"
72
73
74
75
76
77
      register: created

    - name: "Add Host in `.ssh/config`. For SSH Quick-Access ==> `ssh {{ droplet_name }}`"
      blockinfile:
        path: "{{ ansible_env.HOME }}/.ssh/config"
        state: present
78
        marker: "### ANSIBLE MANAGED - DigitalOcean Droplet: '{{ droplet_name }}' - {mark} #######################"
79
80
81
        block: |
          Host {{ droplet_name }}
            Hostname {{ created.droplet.ip_address }}
82
            User {{ user_to_create_username }}
83

84
    - name: "Add Droplet as Ansible Host in `~/.ansible-droplet-inventory`"
85
      blockinfile:
86
        path: "{{ ansible_env.HOME }}/.ansible-droplet-inventory"
87
88
        state: present
        create: yes
89
        marker: "### ANSIBLE MANAGED - DigitalOcean Droplet: '{{ droplet_name }}' - {mark} #######################"
90
        block: "{{ droplet_name }} ansible_host={{ created.droplet.ip_address }} ansible_user={{ user_to_create_username }} ansible_python_interpreter=/usr/bin/python3"
91
92
93
94
95

    - name: "Refresh inventory"
      meta: refresh_inventory


96
97
98
99
100
101
102
103

#####################################################################
###                           STEP 2                               ##
###              Create new User account on Droplet                ##
###                                                                ##
###      Host: Newly Created Droplet                               ##
###  SSH User: root                                                ##
#####################################################################
104
105
- hosts: "{{ droplet_name }}"
  gather_facts: False
106
107
108
109
110
  vars:
    # If using `remote_user` at the same level as `hosts`, it would 
    # not override the `ansible_user` variable from the inventory
    ansible_user: root

111
112
113
114
115
116
117
118
  tasks:
    - name: "Wait for Droplet available"
      wait_for_connection:
        timeout: 60

    - name: "Gather Facts"
      setup: 

Florian Kempenich's avatar
Florian Kempenich committed
119
120
121
122
123
124
125
126
127
128
129
130
    - name: "Load Swap size from specs of the droplet to create"
      include_role:
        name: load-droplet-specs
      vars:
        droplet_spec_name: droplet_spec_name

    - name: "Add Swap"
      include_role:
        name: kamaln7.swapfile
      vars:
        swapfile_size: "{{ droplet_specs.swap }}"

Florian Kempenich's avatar
Florian Kempenich committed
131
132
133
134
135
136
137
    - name: "Install Glances Webserver as a service"
      include_role:
        name: glances

    - name: "Enable advanced metrics on DigitalOcean"
      shell: "curl -sSL https://agent.digitalocean.com/install.sh | sh"

138
    - name: "Create new sudo user w/ default password"
139
      include_role:
140
141
142
143
144
145
        name: create-new-sudo-user
      vars:
        username: "{{ user_to_create_username }}"
        default_password: "{{ user_to_create_default_password }}"
        authorized_ssh_key: "{{ ssh_pub_key_to_load_on_droplet }}"

Florian Kempenich's avatar
Florian Kempenich committed
146
147
148
149
150
151
152
153
154
155
156
    - debug:
        msg:
        - "Droplet '{{ droplet_name }}' succesfuly created"
        - ""
        - "IP = {{ ansible_default_ipv4.address }}"
        - "User = {{ user_to_create_username }}"
        - "Password = {{ user_to_create_default_password }}"
        - "Glance server running at: http://138.68.100.84:61208"
        - ""
        - "You can now ssh to the droplet with `ssh {{ droplet_name }}`"
        - "Don't forget to change the default password!"