-
Notifications
You must be signed in to change notification settings - Fork 1
/
provision-ansible.yml
140 lines (114 loc) · 3.99 KB
/
provision-ansible.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
- name: Create instance(s)
hosts: localhost
gather_facts: no
connection: local
vars:
machine_name: ansible2
machine_type: f1-micro
image: https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-1604-xenial-v20170330
service_account_email: [email protected]
credentials_file: /etc/ansible/keys/service-key.json
project_id: paris-code
tasks:
- name: Launch instances
gce:
instance_names: "{{ machine_name }}"
machine_type: "{{ machine_type }}"
image: "{{ image }}"
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
tags: ansible
register: gce
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=5 timeout=60
with_items: "{{ gce.instance_data }}"
- name: Add host to groupname
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ gce.instance_data }}"
- name: reset known-hosts for ips
command: ssh-keygen -R {{ item.public_ip }}
with_items: "{{ gce.instance_data }}"
- shell: ssh-keyscan -H {{ item.public_ip }} >> ~/.ssh/known_hosts
with_items: "{{ gce.instance_data }}"
- name: reset known-hosts for names
command: ssh-keygen -R {{ item.name }}
with_items: "{{ gce.instance_data }}"
- shell: ssh-keyscan -H {{ item.name }} >> ~/.ssh/known_hosts
with_items: "{{ gce.instance_data }}"
- name: Set up machines
hosts: launched
connection: ssh
become: yes
vars_files:
- vars/secrets.yml
vars:
- user_used: "{{ansible_user|default(lookup('env', 'USER'), True) }}"
tasks:
- name: Install https support for apt
apt: name=apt-transport-https update_cache=yes
- name: upgrade apt packages to the latest version
apt: upgrade=dist
- name: Add nodesource signing key
apt_key: >
url=https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
id=68576280
- name: Add nodesource apt repository
apt_repository: >
repo='deb https://deb.nodesource.com/node_0.12 wheezy main'
- name: upgrade apt packages to the latest version
apt: upgrade=dist
- name: Install apt packages
apt: pkg={{ item }} state=latest
with_items:
- build-essential
- python-setuptools
- python-dev
- python-openssl
- libssl-dev
- libffi-dev
- nodejs
- git
- vim
- bash-completion
- name: Install pip
easy_install: name=pip
- name: Install ansible
pip: name={{ item }}
with_items:
- ansible
- apache-libcloud
- name: copy ssh key
become: no
copy: src=/home/{{ user_used }}/.ssh/id_rsa mode=400
dest=/home/{{ user_used }}/.ssh/id_rsa
- name: ensure github.com is a known host
become: no
lineinfile:
dest: /home/{{ user_used }}/.ssh/known_hosts
create: yes
state: present
line: "{{ lookup('pipe', 'ssh-keyscan -t rsa github.com') }}"
regexp: "^github\\.com"
- name: sync {{ dir }} to latest code
git: >
[email protected]:PencilCode/deployment.git
dest=/home/{{ user_used }}/deployment
become_user: "{{ user_used }}"
- file: path=/etc/ansible state=directory
- name: set up gce configruation
copy: src=files/gce.py dest=/etc/ansible/hosts mode=755
- copy: src=files/gce.ini dest=/etc/ansible/gce.ini
- file: path=/etc/ansible/keys state=directory
- copy:
content: "{{ gce_json_key }}"
dest: /etc/ansible/keys/service-key.json
- name: set up ansible defaults
become: no
copy: src=/home/{{ user_used }}/{{ item }}
dest=/home/{{ user_used }}/{{ item }}
with_items:
- .ansible.cfg
- .ansible_vault_password
- .ssh/id_rsa.pub
- .gitconfig