From f69b292e110e2d9c76b1063f240685f2d54c814c Mon Sep 17 00:00:00 2001 From: William Petit Date: Wed, 25 Oct 2023 11:38:08 +0200 Subject: [PATCH] feat: modularize playbook with tags --- defaults/main.yml | 2 +- tasks/install-hydra.yml | 33 +++++++++++++++++++++++++++++++ tasks/main.yml | 44 +++++++++++++++++++---------------------- 3 files changed, 54 insertions(+), 25 deletions(-) create mode 100644 tasks/install-hydra.yml diff --git a/defaults/main.yml b/defaults/main.yml index fa6d496..29898a6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,7 +15,7 @@ cadoles_pod_hydra_oidc_v1_package_version: '*' cadoles_pod_hydra_ldap_v1_package_version: '*' # Hydra database configuration -hydra_use_external_database: no +hydra_use_external_database: false hydra_database_name: hydra hydra_database_user: hydra hydra_database_password: hydra diff --git a/tasks/install-hydra.yml b/tasks/install-hydra.yml new file mode 100644 index 0000000..258b403 --- /dev/null +++ b/tasks/install-hydra.yml @@ -0,0 +1,33 @@ +--- + +- name: Install Hydra + ansible.builtin.apt: + name: + - cadoles-pod-hydra-v1={{ cadoles_pod_hydra_v1_package_version }} + update_cache: yes + state: present + become: true + +- name: Configure Hydra local database + ansible.builtin.include_tasks: hydra-database.yml + when: not hydra_use_external_database + +- name: Create hydra-clients + template: + src: hydra-client.json.j2 + dest: "/etc/hydra/clients.d/{{ item.client_id }}.json" + with_items: "{{ hydra_clients }}" + notify: + - Reload hydra clients + become: true + +- name: Configure cadoles-pod-hydra-v1 + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - src: cadoles-pod-hydra-v1.conf.j2 + dest: /etc/cadoles-pod-hydra-v1.conf + notify: + - Restart cadoles-pod-hydra-v1 + become: true \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 9692b3e..68f6bdb 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -9,24 +9,28 @@ update_cache: yes state: present become: true + tags: [ hydra-only ] - name: Add LetsEncrypt missing intermediate certificates command: "bash -c 'wget -O- --no-check-certificate https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash'" args: creates: /etc/ssl/certs/lets-encrypt-e1.pem.pem become: true + tags: [ hydra-only ] - name: Add cadoles-pod debian repository key ansible.builtin.apt_key: url: "{{ cadoles_pod_debian_repository_key_url }}" state: present become: true + tags: [ hydra-only ] - name: Configure cadoles-pod debian repository ansible.builtin.apt_repository: repo: "deb {{ cadoles_pod_debian_repository_url }} {{ cadoles_pod_debian_repository }} main" state: present become: true + tags: [ hydra-only ] - name: Ensure sysctl configuration ansible.posix.sysctl: @@ -39,39 +43,30 @@ - name: fs.inotify.max_user_watches value: 204800 become: true + tags: [ hydra-only ] -- name: Install core packages +- name: Install HAProxy ansible.builtin.apt: name: - haproxy={{ haproxy_package_version }} - - cadoles-pod-hydra-v1={{ cadoles_pod_hydra_v1_package_version }} - - cadoles-pod-hydra-dispatcher-v1={{ cadoles_pod_hydra_dispatcher_v1_package_version }} update_cache: yes state: present become: true + tags: [ hydra-only ] -- name: Configure Hydra local database - ansible.builtin.include_tasks: hydra-database.yml - when: not hydra_use_external_database +- name: Install Hydra + include_tasks: + file: ./install-hydra.yml + apply: + tags: [ hydra-only ] + tags: [ hydra-only ] -- name: Create hydra-clients - template: - src: hydra-client.json.j2 - dest: "/etc/hydra/clients.d/{{ item.client_id }}.json" - with_items: "{{ hydra_clients }}" - notify: - - Reload hydra clients - become: true - -- name: Configure cadoles-pod-hydra-v1 - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - src: cadoles-pod-hydra-v1.conf.j2 - dest: /etc/cadoles-pod-hydra-v1.conf - notify: - - Restart cadoles-pod-hydra-v1 +- name: Install hydra-dispatcher + ansible.builtin.apt: + name: + - cadoles-pod-hydra-dispatcher-v1={{ cadoles_pod_hydra_dispatcher_v1_package_version }} + update_cache: yes + state: present become: true - name: Configure cadoles-pod-hydra-dispatcher-v1 @@ -122,3 +117,4 @@ notify: - Restart HAProxy become: true + tags: [ hydra-only ]