Add ansible

jump-group · Mar 18, 2024 · 08a8828 · 08a8828
1 parent 6974e58
commit 08a8828
Showing 8 changed files with 204 additions and 11 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -59,17 +59,6 @@ jobs:
         id: test
         working-directory: src
         continue-on-error: true
-
-      - name: Notify Success
-        if: steps.test.outcome == 'success'
-        uses: voxmedia/github-action-slack-notify-build@v1
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
-        with:
-          channel_id: ${{ vars.CHANNEL_ID }}
-          message_id: ${{ steps.slack.outputs.message_id }}
-          status: SUCCESS
-          color: good
 
       - name: Notify Failure
         if: steps.test.outcome == 'failure'
@@ -82,6 +71,36 @@ jobs:
           status: FAILURE
           color: danger
 
+      - name: Run playbook
+        uses: dawidd6/action-ansible-playbook@v2
+        with:
+          # Required, playbook filepath
+          playbook: deploy.yml
+          # Optional, directory where playbooks live
+          directory: ./ansible
+          inventory: |
+            [staging]
+            165.227.139.136
+
+            [web]
+            165.227.139.136
+          # Optional, ansible configuration file content (ansible.cfg)
+          configuration: |
+            [defaults]
+            host_key_checking = True
+            log_path = /var/log/ansible.log
+            force_color = True
+            inventory = hosts
+
+            [ssh_connection]
+            ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o [email protected],[email protected],ssh-ed25519,ssh-rsa
+            retries = 1
+          # Optional, SSH private key
+          key: ${{secrets.SSH_PRIVATE_KEY}}
+          # Optional, additional flags to pass to ansible-playbook
+          options: |
+            --e env=staging
+
       
 
 

diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
@@ -0,0 +1,9 @@
+[defaults]
+host_key_checking = True
+log_path = /var/log/ansible.log
+force_color = True
+inventory = hosts
+
+[ssh_connection]
+ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms[email protected],[email protected],ssh-ed25519,ssh-rsa
+retries = 1
diff --git a/ansible/hosts/staging.yml b/ansible/hosts/staging.yml
@@ -0,0 +1,11 @@
+all:
+  hosts:
+    staging:
+      ansible_host: 159.223.22.7
+  childreen: 
+    staging:
+      hosts:
+        staging:
+    web:
+      hosts:
+        staging:
diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- name: Ensure requested groups are present
+  group:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ users | sum(attribute='groups', start=[]) | list | unique }}"
+
+- name: Ensure sudo group has sudo privileges
+  lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: "^%sudo"
+    line: "%sudo ALL=(ALL:ALL) ALL"
+    validate: "/usr/sbin/visudo -cf %s"
+
+- name: Setup users
+  user:
+    name: "{{ item.name }}"
+    group: "{{ item.groups[0] }}"
+    groups: "{{ item.groups | join(',') }}"
+    password: '{% for user in vault_users | default([]) if user.name == item.name and user.password is defined %}{{ user.password | password_hash("sha512", (user.salt | default(""))[:16] | regex_replace("[^\.\/a-zA-Z0-9]", "x")) }}{% else %}{{ "!" }}{% endfor %}'
+    state: present
+    shell: /bin/bash
+    update_password: "{{ item.update_password | default('always') }}"
+  loop: "{{ users }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Add web user sudoers items for services
+  template:
+    src: sudoers.d.j2
+    dest: "/etc/sudoers.d/{{ web_user }}-services"
+    mode: '0440'
+    owner: root
+    group: root
+    validate: "/usr/sbin/visudo -cf %s"
+  when: web_sudoers[0] is defined
+
+- name: Add user SSH keys
+  authorized_key:
+    user: "{{ item.0.name }}"
+    key: "{{ item.1 }}"
+  loop: "{{ users | default([]) | subelements('keys') }}"
+  loop_control:
+    label: "{{ item.0.name }}"
diff --git a/ansible/roles/users/templates/sudoers.d.j2 b/ansible/roles/users/templates/sudoers.d.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for service in web_sudoers %}
+{{ web_user }} ALL=(root) NOPASSWD: {{ service }}
+{% endfor %}
diff --git a/ansible/server.yml b/ansible/server.yml
@@ -0,0 +1,82 @@
+---
+
+- name: Provision Server - Add Users
+  hosts: web:{{ env }}
+  become: true
+  remote_user: "{{ admin_user }}"
+  vars_files:
+    - vars/user.yml
+  roles:
+    - { role: users, tags: ['users'] }
+
+- name: Provision Server - Install Packages
+  hosts: web:{{ env }}
+  become: true
+  remote_user: "{{ admin_user }}"
+  vars_files:
+    - vars/user.yml
+    - vars/default.yml
+  tasks:
+    - name: Install aptitude
+      apt:
+        name: aptitude
+        state: present
+
+    - name: Required packages
+      apt:
+        pkg:
+          - apt-transport-https
+          - ca-certificates
+          - curl
+          - software-properties-common
+          - python3-pip
+          - virtualenv
+          - python3-setuptools
+        state: latest
+        update_cache: true
+
+    - name: Add Docker GPG key
+      apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: Add Docker Repository
+      apt_repository:
+        repo: deb https://download.docker.com/linux/ubuntu focal stable
+        state: present
+
+    - name: Update at and Install docker-ce 
+      apt:
+        update_cache: yes
+        name: docker-ce
+        state: present
+
+    - name: Install Docker mudule for python3
+      pip:
+        name: docker
+        state: present
+
+    - name: Install Docker Compose
+      pip:
+        name: docker-compose
+        state: present
+
+    - name: Create Web Directory
+      file:
+        path: /var/www
+        state: directory
+        owner: "{{ web_user }}"
+        group: "{{ web_group }}"
+
+    - name: Create Root Directory
+      file:
+        path: /var/www/{{ web_root }}
+        state: directory
+        owner: "{{ web_user }}"
+        group: "{{ web_group }}"
+
+    - name: Add user to Docker group
+      user:
+        name: "{{ web_user }}"
+        groups: docker
+        append: yes
diff --git a/ansible/vars/default.yml b/ansible/vars/default.yml
@@ -0,0 +1,2 @@
+---
+web_root: html
diff --git a/ansible/vars/user.yml b/ansible/vars/user.yml
@@ -0,0 +1,20 @@
+---
+admin_user: root
+
+users:
+  - name: "{{ web_user }}"
+    groups: 
+      - "{{ web_group }}"
+    keys:
+      - https://github.com/giade.keys
+      - https://github.com/giadabot.keys
+
+  - name: "{{ admin_user }}"
+    groups: 
+      - sudo
+    keys:
+      - https://github.com/giade.keys
+      - https://github.com/giadabot.keys
+
+web_user: web
+web_group: www-data