autoconf_controlplane.yml

---

###############################################################################

- name: Controlplane configuration (system)
  hosts: localhost
  tags: os-ready

  pre_tasks:
    - name: /etc/hosts configuration
      when: bootstrap_static_hosts is defined
      lineinfile:
          path: /etc/hosts
          regexp: '^{{ item.ip }}'
          line: "{{ item.ip }}  {{ item.hosts | join(' ') }}"
      with_items: "{{ bootstrap_static_hosts }}"

    - name: systemd-resolved configuration
      when: "'127.0.0.53' in ansible_dns.nameservers"
      block:
        - name: Specific domains for resolver
          with_items:
            - key: Domains
              value: "node.{{ consul_domain_name }} service.{{ consul_domain_name }}"
            - key: DNS
              value: 127.0.0.1
          lineinfile:
            path: /etc/systemd/resolved.conf
            state: present
            regexp: '^.?{{ item.key }}='
            line: '{{ item.key }}={{ item.value }}'

        - name: Restart systemd-resolved
          service: name=systemd-resolved state=restarted

    - name: openrc file
      copy:
        src: "{{ openstack_ha_node_openrc_source }}"
        dest: "{{ openstack_ha_node_openrc_destination }}"
        mode: 600

    - name: RSA keys
      with_fileglob:
        - "{{ lookup('env', 'ETC_PATH') }}/*.pub"
      authorized_key:
        user: cloudadm
        state: present
        key: "{{ lookup('file', item) }}"

  roles:
    - role: github/ansible-bootstrap-system
    - role: github/ansible-consul
    - role: github/ansible-dnsmasq

  post_tasks:
    - name: Wait for consul quorum
      register: consul_catalog_result
      until: consul_catalog_result.stderr | length == 0
      retries: 100
      delay: 30
      shell: >
        /usr/local/bin/consul catalog services || systemctl -q restart consul

###############################################################################

- name: Controlplane configuration (vault + nomad)
  hosts: localhost
  tags: controlplane

  tasks:
    - name: Vault role
      include_role: name=github/ansible-vault

    - name: Get vault root token for Nomad
      register: consul_kv_result
      shell: consul kv get vault/root_token

    - name: Set nomad fact
      set_fact: nomad_vault_token="{{ consul_kv_result.stdout }}"

    - name: Nomad role
      include_role: name=github/ansible-nomad

###############################################################################

- name: Ingress configuration (pacemaker)
  hosts: localhost
  tags: pacemaker

  pre_tasks:
    - name: Consul quorum
      shell: |
        for s in $(awk -F '"' '/name/ {print $(NF-1)}' /etc/ansible/facts.d/cluster_nodes.fact) ; do 
          consul members | grep -q $s || systemctl restart consul 
          sleep 10
        done

  roles:
    - role: github/ansible-ha-cluster
    - role: github/ansible-openstack-ha-node
    - role: github/ansible-dnsmasq

  post_tasks:
    - name: VG list
      command: vgs --options name
      register: vg_list

    - when: vg_list.stdout.find('cores') < 0
      block:
        - name: Get core dump virtual device id
          set_fact: coredump_device="{{ lookup('env', 'CORE_VOLUME') }}"

        - name: Create VG
          lvg:
            vg: cores
            pvs: /dev/disk/by-id/virtio-{{ coredump_device[:20] }}

    - name: Create cores/pacemaker
      lvol:
        vg: cores
        lv: pacemaker
        size: 512m

    - name: mkfs
      filesystem:
        dev: /dev/mapper/cores-pacemaker
        fstype: xfs

    - name: Mounting
      mount:
        path: /var/lib/pacemaker/cores
        src: /dev/mapper/cores-pacemaker
        state: mounted
        fstype: xfs

###############################################################################

- name: Ingress configuration (traefik)
  hosts: localhost
  tags: traefik
  
  pre_tasks:
    - name: Pre-install docker service
      apt: name=docker.io state=present

    - name: Detect docker0 interface
      setup:

  roles:
    - role: github/ansible-dnsmasq
    - role: github/ansible-docker
    - role: github/ansible-traefik

  post_tasks:
    - name: Get node number for time buffering
      shell: echo {{ ansible_hostname }} | awk -F- '{print $NF}'
      register: result

    - set_fact:
        wait_minutes: "{{ result.stdout }}"
        publication_floating_ip_id: "{{ lookup('env', 'PUBLIC_IP') }}"

    - pause: minutes="{{ wait_minutes }}"

    - name: crmsh script to manage traefik (directories)
      file: path=/usr/share/crmsh/scripts/traefik state=directory

    - name: crmsh script to manage traefik (files)
      template: src=traefik.crm.yml.j2 dest=/usr/share/crmsh/scripts/traefik/main.yml

    - name: start resources
      command: >
        crm -w script run traefik \
            floating_ip_id="{{ publication_floating_ip_id }}" \
            openrc="{{ openstack_cluster_node_openrc_destination }}" \
            attribute_name="{{ cluster_node_attribute_key }}" \
            attribute_value="{{ cluster_node_attribute_value }}"

    - name: cleanup resources
      shell: >
          crm_resource --locate --resource traefik-service | grep -q $(crm_node -n) \
              || crm -w resource cleanup traefik-service $(crm_node -n)

###############################################################################