-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprepare-docker-containers.yml
118 lines (103 loc) · 3.46 KB
/
prepare-docker-containers.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
---
- name: Run docker containers
hosts: all
become: no
#gather_facts: false
tasks:
- name: Run ssh-keyscan to add keys to known_hosts
ansible.builtin.shell: |
rm -rf ~/.ssh/known_hosts
ssh-keyscan github.com >> ~/.ssh/known_hosts
- name: Clone a github repository
git:
repo: "{{ repo_url }}"
dest: "{{ dest_path }}"
clone: yes
update: yes
#single_branch: false
version: "{{ branch_name }}"
force: true
- name: Copy Docker .env file
ansible.builtin.copy:
remote_src: true
src: "{{ dest_path }}/.env.example"
dest: "{{ dest_path }}/.env"
- name: Insert/Update Docker .env vars
ansible.builtin.lineinfile:
backrefs: true
path: "{{ dest_path }}/.env"
regexp: '^{{ item.key }}='
line: '{{ item.key }}={{ item.value }}'
loop: "{{ hostvars[inventory_hostname].docker | dict2items }}"
- name: Copy Laravel .env file
ansible.builtin.copy:
remote_src: true
src: "{{ dest_path }}/environments/.env.laravel.example"
dest: "{{ dest_path }}/environments/.env.laravel"
when: PROJECT_TYPE == 'laravel'
- name: Insert/Update Laravel .env vars
ansible.builtin.lineinfile:
backrefs: true
path: "{{ dest_path }}/environments/.env.laravel"
regexp: '^{{ item.key }}='
line: '{{ item.key }}={{ item.value }}'
loop: "{{ hostvars[inventory_hostname].laravel | dict2items }}"
when: PROJECT_TYPE == 'laravel'
- name: Copy secrets
ansible.builtin.copy:
remote_src: true
src: "{{ dest_path }}/secrets/example-files/"
dest: "{{ dest_path }}/secrets/"
- name: Get secrets
find:
paths: "{{ dest_path }}/secrets/"
recurse: no
patterns: '*'
excludes: "*.txt"
register: secret_files
- name: Generate passwords for secrets
copy:
content: "{{ lookup('community.general.random_string', length=12, base64=True) }}"
dest: "{{ item.path }}"
loop: "{{ secret_files.files }}"
register: copy_results
no_log: true
- name: Get secrets contents
slurp:
src: "{{ item.path }}"
register: secrets
loop: "{{ secret_files.files }}"
no_log: true
- name: Format secrets output
debug:
msg: "{{ item.source | basename }}: {{ item.content | b64decode }}"
with_items: "{{ secrets.results }}"
register: secrets_output
no_log: true
- name: Print secrets
debug:
msg: "{{ secrets_output.results | map(attribute='msg') | list }}"
register: secrets_list
- name: Insert DB password into Laravel .env file
ansible.builtin.lineinfile:
backrefs: true
path: "{{ dest_path }}/environments/.env.laravel"
regexp: '^DB_PASSWORD='
line: "DB_PASSWORD={{ (secrets_list.msg | select('match', '^mariadb_user_password:')) | map('split', ': ') | first | last }}"
when: PROJECT_TYPE == 'laravel'
- name: Generate remote repo deploy SSH key
become: no
openssh_keypair:
path: "{{ dest_path }}/secrets/remote_repo_deploy_key"
type: rsa
size: 4096
state: present
force: yes
- name: Read a ssh file content
shell: |
cat {{ dest_path }}/secrets/remote_repo_deploy_key.pub
register: file_content
become: no
- name: Print ssh key
debug:
msg: "{{ file_content.stdout }}"