diff --git a/molecule/no_tls_multi_node/molecule.yml b/molecule/no_tls_multi_node/molecule.yml index 27607b0..d3b1d0b 100644 --- a/molecule/no_tls_multi_node/molecule.yml +++ b/molecule/no_tls_multi_node/molecule.yml @@ -8,36 +8,67 @@ driver: provider: name: libvirt platforms: + - name: proxy01 + box: generic/${MOLECULE_TEST_OS} + cpus: 2 + memory: 4096 + # interfaces: + # - network_name: private_network + # ip: 192.168.122.91 + # auto_config: true + groups: + - common + - haproxy_servers + - name: proxy02 + box: generic/${MOLECULE_TEST_OS} + cpus: 2 + memory: 4096 + # interfaces: + # - network_name: private_network + # ip: 192.168.122.92 + # auto_config: true + groups: + - common + - haproxy_servers - name: hashistack01 box: generic/${MOLECULE_TEST_OS} cpus: 4 memory: 4096 + # interfaces: + # - network_name: private_network + # ip: 192.168.122.101 + # auto_config: true groups: + - common - vault_servers - consul_servers - nomad_servers - children: - - common - name: hashistack02 box: generic/${MOLECULE_TEST_OS} cpus: 4 memory: 4096 + # interfaces: + # - network_name: private_network + # ip: 192.168.122.102 + # auto_config: true groups: + - common - vault_servers - consul_servers - nomad_servers - children: - - common - name: hashistack03 box: generic/${MOLECULE_TEST_OS} cpus: 4 memory: 4096 + # interfaces: + # - network_name: private_network + # ip: 192.168.122.103 + # auto_config: true groups: + - common - vault_servers - consul_servers - nomad_servers - children: - - common provisioner: name: ansible config_options: diff --git a/playbooks/group_vars/all.yml b/playbooks/group_vars/all.yml index d63b740..4cb56e1 100644 --- a/playbooks/group_vars/all.yml +++ b/playbooks/group_vars/all.yml @@ -19,7 +19,7 @@ api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}" # Helper options ######### ########################## -manage_pip_packages_allow_break_system_packages: true +# manage_pip_packages_allow_break_system_packages: true vault_versions: host: "{{ vault_version }}{% '*' if vault_version != 'latest' %}" @@ -62,6 +62,7 @@ hashistack_supported_distribution_versions: - "22.04" preflight_enable_host_ntp_checks: true +haproxy_required_ports: [80, 443] vault_required_ports: [8200, 8201] consul_required_ports: [8300, 8301, 8302, 8500, 8501, 8502, 8503, 8600] nomad_required_ports: [] diff --git a/playbooks/inventory/multinode.ini b/playbooks/inventory/multinode.ini index 9ec1f26..8f68d6f 100644 --- a/playbooks/inventory/multinode.ini +++ b/playbooks/inventory/multinode.ini @@ -21,6 +21,7 @@ nomad03 localhost ansible_connection=local [common:children] +haproxy_servers vault_servers consul_servers nomad_servers diff --git a/playbooks/preflight.yml b/playbooks/preflight.yml index 2b61c37..3676515 100644 --- a/playbooks/preflight.yml +++ b/playbooks/preflight.yml @@ -111,10 +111,12 @@ - enable_vault | bool - name: "Checking host OS distribution" + #TODO: This needs to work with debian and ubuntu, major version works for debian but not ubuntu, simple version works the other way around... ansible.builtin.assert: that: - "(ansible_facts.distribution | lower) in hashistack_supported_distributions" - - "(ansible_facts.distribution_major_version) in hashistack_supported_distribution_versions[(ansible_facts.distribution | lower)]" + - "(ansible_facts.distribution_version in hashistack_supported_distribution_versions[(ansible_facts.distribution | lower)]) or + (ansible_facts.distribution_major_version in hashistack_supported_distribution_versions[(ansible_facts.distribution | lower)])" fail_msg: >- Distribution: {{ ansible_facts.distribution }} Release: {{ ansible_facts.distribution_release }} @@ -219,6 +221,26 @@ - name: "Verify required ports" block: + - name: "Checking if haproxy ports are available" + when: inventory_hostname in groups['haproxy_servers'] + block: + - name: "Checking if haproxy ports are available" + ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: "{{ item }}" + state: "stopped" + timeout: 5 + loop: "{{ haproxy_required_ports }}" + ignore_errors: true + register: haproxy_port_results + + - name: "Assert that haproxy ports are not currently in use" + ansible.builtin.assert: + that: + - item.failed == false + with_items: "{{ haproxy_port_results.results }}" + when: haproxy_port_results.results | length > 0 + - name: "Checking if vault ports are available" when: inventory_hostname in groups['vault_servers'] block: @@ -282,3 +304,6 @@ fail_msg: >- The python sdk for docker is really out of date, you need to install a more recent version of it in order to use this tool. + + - name: "Fail" + fail: diff --git a/playbooks/tasks/load_vars.yml b/playbooks/tasks/load_vars.yml index 1a91088..affd678 100644 --- a/playbooks/tasks/load_vars.yml +++ b/playbooks/tasks/load_vars.yml @@ -77,7 +77,3 @@ when: - enable_vault | bool - "'vault_servers' in group_names" - -- name: "Debug" - ansible.builtin.debug: - msg: "{{ vault_cluster_name }}" diff --git a/roles/requirements.yml b/roles/requirements.yml index d5d3c4b..5cf228d 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -2,7 +2,16 @@ # requirements file for ednz_cloud.hashistack roles: - name: ednz_cloud.manage_repositories + src: https://github.com/ednz-cloud/manage_repositories.git - name: ednz_cloud.manage_apt_packages + src: https://github.com/ednz-cloud/manage_apt_packages.git - name: ednz_cloud.manage_pip_packages + src: https://github.com/ednz-cloud/manage_pip_packages.git - name: ednz_cloud.install_docker + src: https://github.com/ednz-cloud/install_docker.git - name: ednz_cloud.docker_systemd_service + src: https://github.com/ednz-cloud/docker_systemd_service.git + - name: ednz_cloud.deploy_haproxy + src: https://github.com/ednz-cloud/deploy_haproxy.git + - name: ednz_cloud.deploy_keepalived + src: https://github.com/ednz-cloud/deploy_keepalived.git