ublue-forge/setup/ansible/main.yml

---
- name: Build dynamic inventory for setup
  hosts: localhost
  gather_facts: true
  become: true
  pre_tasks:
    - name: Read getent hosts database
      ansible.builtin.getent:
        database: hosts
        key: host.containers.internal

    - name: Get IP address of container host system
      ansible.builtin.set_fact:
        container_host_ip: "{{ ansible_facts.getent_hosts | first }}"

  tasks:
    - name: Add host system to inventory
      ansible.builtin.add_host:
        name: host.ublue.local
        groups:
          - forge
        ansible_host: "{{ container_host_ip }}"
        ansible_user: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_USER') }}"
        ansible_become_password: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_BECOME_PASSWORD') }}"

    - name: Add Ansible Semaphore to inventory
      ansible.builtin.add_host:
        name: forge.ublue.local
        groups:
          - semaphore
        ansible_host: "{{ container_host_ip }}"
        ansible_connection: local
        ansible_python_interpreter: "{{ ansible_playbook_python }}"

- name: Configure host system
  hosts: forge
  gather_facts: true
  tasks:
    - name: Add ublue.local entries to /etc/hosts
      ansible.builtin.lineinfile:
        path: /etc/hosts
        search_string: 127.0.0.1 registry.ublue.local forge.ublue.local
        line: 127.0.0.1 registry.ublue.local forge.ublue.local
        state: present
      become: true

    - name: Add ublue.local TSL root certificate to trust anchors
      ansible.builtin.copy:
        src: /certs/tls/ublue-os_forge-root.pem
        dest: /etc/pki/ca-trust/source/anchors/ublue-os_forge-root.pem
        force: true
        mode: "0644"
      become: true

    - name: Update ca-trust store
      ansible.builtin.command:
        cmd: update-ca-trust
      changed_when: false
      become: true

- name: Configure Ansible Semaphore
  hosts: semaphore
  gather_facts: false
  become: false
  pre_tasks:
    - name: Check if API is responding
      ansible.builtin.uri:
        ## We must bypass the reverse proxy in this case since we can't add to etc/hosts in a container
        url: "http://{{ ansible_host }}:3000"
        method: GET
        validate_certs: false
      register: result_check_api
      until: result_check_api.status == 200
      retries: 5
      delay: 10

  tasks:
    - name: Initial configuration
      ansible.builtin.include_role:
        name: semaphore
feat: automatically setup forge (#10) 2023-05-01 19:17:56 +03:00			`---`
			`- name: Build dynamic inventory for setup`
			`hosts: localhost`
			`gather_facts: true`
			`become: true`
			`pre_tasks:`
			`- name: Read getent hosts database`
			`ansible.builtin.getent:`
			`database: hosts`
			`key: host.containers.internal`

			`- name: Get IP address of container host system`
			`ansible.builtin.set_fact:`
			`container_host_ip: "{{ ansible_facts.getent_hosts \| first }}"`

			`tasks:`
			`- name: Add host system to inventory`
			`ansible.builtin.add_host:`
			`name: host.ublue.local`
			`groups:`
			`- forge`
			`ansible_host: "{{ container_host_ip }}"`
feat: configure host system (#12) 2023-05-06 00:23:16 +03:00			`ansible_user: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_USER') }}"`
			`ansible_become_password: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_BECOME_PASSWORD') }}"`
feat: automatically setup forge (#10) 2023-05-01 19:17:56 +03:00
			`- name: Add Ansible Semaphore to inventory`
			`ansible.builtin.add_host:`
			`name: forge.ublue.local`
			`groups:`
			`- semaphore`
			`ansible_host: "{{ container_host_ip }}"`
			`ansible_connection: local`
			`ansible_python_interpreter: "{{ ansible_playbook_python }}"`

feat: configure host system (#12) 2023-05-06 00:23:16 +03:00			`- name: Configure host system`
			`hosts: forge`
			`gather_facts: true`
			`tasks:`
			`- name: Add ublue.local entries to /etc/hosts`
			`ansible.builtin.lineinfile:`
			`path: /etc/hosts`
			`search_string: 127.0.0.1 registry.ublue.local forge.ublue.local`
			`line: 127.0.0.1 registry.ublue.local forge.ublue.local`
			`state: present`
			`become: true`

			`- name: Add ublue.local TSL root certificate to trust anchors`
			`ansible.builtin.copy:`
			`src: /certs/tls/ublue-os_forge-root.pem`
			`dest: /etc/pki/ca-trust/source/anchors/ublue-os_forge-root.pem`
			`force: true`
			`mode: "0644"`
			`become: true`

			`- name: Update ca-trust store`
			`ansible.builtin.command:`
			`cmd: update-ca-trust`
			`changed_when: false`
			`become: true`
feat: automatically setup forge (#10) 2023-05-01 19:17:56 +03:00
			`- name: Configure Ansible Semaphore`
			`hosts: semaphore`
			`gather_facts: false`
			`become: false`
			`pre_tasks:`
			`- name: Check if API is responding`
			`ansible.builtin.uri:`
			`## We must bypass the reverse proxy in this case since we can't add to etc/hosts in a container`
			`url: "http://{{ ansible_host }}:3000"`
			`method: GET`
			`validate_certs: false`
			`register: result_check_api`
			`until: result_check_api.status == 200`
			`retries: 5`
			`delay: 10`

			`tasks:`
			`- name: Initial configuration`
			`ansible.builtin.include_role:`
			`name: semaphore`