From 788b58282b2a7b7bb3738e62ad0fca1f229a2da9 Mon Sep 17 00:00:00 2001 From: Kevin Date: Thu, 20 Feb 2025 05:12:35 +0100 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20nouveaux=20playbooks=20Ansible=20p?= =?UTF-8?q?our=20le=20d=C3=A9ploiement=20de=20Keycloak=20et=20mise=20?= =?UTF-8?q?=C3=A0=20jour=20des=20playbooks=20existants=20pour=20Docker=20e?= =?UTF-8?q?t=20Portainer=20avec=20des=20am=C3=A9liorations=20de=20gestion?= =?UTF-8?q?=20des=20erreurs=20et=20des=20configurations.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ansible/playbooks/1_docker.yml | 92 +++++++++++++++++++++++-------- ansible/playbooks/2_portainer.yml | 35 ++++++++++-- ansible/playbooks/3_keycloak.yml | 87 +++++++++++++++++++++++++++++ ansible/run_playbooks.sh | 46 ++++++++++++++++ 4 files changed, 232 insertions(+), 28 deletions(-) create mode 100644 ansible/playbooks/3_keycloak.yml create mode 100755 ansible/run_playbooks.sh diff --git a/ansible/playbooks/1_docker.yml b/ansible/playbooks/1_docker.yml index 67d2bf8..3e5c204 100644 --- a/ansible/playbooks/1_docker.yml +++ b/ansible/playbooks/1_docker.yml @@ -1,65 +1,109 @@ --- - name: Déploiement Docker et application via Docker Compose hosts: servers - become: yes + become: true + gather_facts: true + vars: git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git" git_dest: "/opt/Neah-Enkun" git_branch: "master" traefik_service_name: "traefik" - tasks: - - name: Mise à jour des paquets et montée de version - apt: - update_cache: yes - upgrade: dist + docker_packages: + - apt-transport-https + - ca-certificates + - curl + - gnupg-agent + - software-properties-common + docker_core_packages: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-compose + pre_tasks: + - name: Mise à jour des paquets + apt: + update_cache: true + cache_valid_time: 3600 + upgrade: dist + register: apt_update_status + until: apt_update_status is success + retries: 3 + delay: 5 + + tasks: - name: Installer les dépendances pour Docker apt: - name: - - apt-transport-https - - ca-certificates - - curl - - gnupg-agent - - software-properties-common + name: "{{ docker_packages }}" state: present + register: pkg_status + until: pkg_status is success + retries: 3 + delay: 5 - name: Ajouter la clé GPG officielle de Docker apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present + register: gpg_status + until: gpg_status is success + retries: 3 + delay: 5 - name: Ajouter le dépôt Docker apt_repository: repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present + update_cache: true + register: repo_status + until: repo_status is success + retries: 3 + delay: 5 - - name: Installer Docker CE et ses composants + - name: Installer Docker et ses composants apt: - name: - - docker-ce - - docker-ce-cli - - containerd.io - state: present - - - name: Installer Docker Compose - apt: - name: docker-compose + name: "{{ docker_core_packages }}" state: present + register: docker_status + until: docker_status is success + retries: 3 + delay: 5 - name: S'assurer que le service Docker est démarré et activé service: name: docker state: started - enabled: yes + enabled: true + register: docker_service_status + until: docker_service_status is success + retries: 3 + delay: 5 - name: Cloner le dépôt Git git: repo: "{{ git_repo }}" dest: "{{ git_dest }}" version: "{{ git_branch }}" - update: yes + update: true + force: true + register: git_status + until: git_status is success + retries: 3 + delay: 5 - name: Lancer le service Traefik command: "docker compose up -d --build --remove-orphans {{ traefik_service_name }}" args: chdir: "{{ git_dest }}" + register: traefik_status + until: traefik_status is success + retries: 3 + delay: 5 + changed_when: traefik_status.rc == 0 + + handlers: + - name: Redémarrer Docker + service: + name: docker + state: restarted diff --git a/ansible/playbooks/2_portainer.yml b/ansible/playbooks/2_portainer.yml index 6a54490..4c2f698 100644 --- a/ansible/playbooks/2_portainer.yml +++ b/ansible/playbooks/2_portainer.yml @@ -1,23 +1,50 @@ --- - name: Installer et configurer Portainer hosts: servers - become: yes + become: true + gather_facts: true + vars: git_dest: "/opt/Neah-Enkun" portainer_password: "@wp@36#@%yXo2@y78&$mXeN#6E@W2r9d" portainer_service_name: "portainer" + portainer_password_file: "portainer_password" + tasks: + - name: Vérifier si le fichier de mot de passe existe déjà + stat: + path: "{{ git_dest }}/{{ portainer_password_file }}" + register: password_file + changed_when: false + - name: Écrire le mot de passe Portainer dans un fichier temporaire copy: content: "{{ portainer_password }}" - dest: "{{ git_dest }}/portainer_password" + dest: "{{ git_dest }}/{{ portainer_password_file }}" + mode: "0600" + force: true + register: write_password + until: write_password is success + retries: 3 + delay: 5 + when: not password_file.stat.exists - name: Lancer le service Portainer command: "docker compose up -d --build --remove-orphans {{ portainer_service_name }}" args: chdir: "{{ git_dest }}" + register: portainer_launch + until: portainer_launch is success + retries: 3 + delay: 5 + notify: Nettoyer les fichiers temporaires - - name: Supprimer le fichier temporaire contenant le mot de passe Portainer + handlers: + - name: Nettoyer les fichiers temporaires file: - path: "{{ git_dest }}/portainer_password" + path: "{{ git_dest }}/{{ portainer_password_file }}" state: absent + register: cleanup + until: cleanup is success + retries: 3 + delay: 5 diff --git a/ansible/playbooks/3_keycloak.yml b/ansible/playbooks/3_keycloak.yml new file mode 100644 index 0000000..e06f69c --- /dev/null +++ b/ansible/playbooks/3_keycloak.yml @@ -0,0 +1,87 @@ +--- +- name: Installer et configurer Keycloak + hosts: servers + become: true + gather_facts: true + + vars: + git_dest: "/opt/Neah-Enkun" + keycloak_container: "neah-keycloak" + keycloak_server: "http://localhost:8080" + keycloak_realm: "master" + keycloak_old_admin: "admin" + keycloak_old_password: "0aff634a5aab66c4cddc0fe9221e4d02defc87c98d2cd81ce6e8e04271f6c189" + keycloak_admin_user: "enkun" + keycloak_admin_password: "9569dd645b4963262f76f10dc320b114c62950ea4927c1806c3df56b03185297" + keycloak_admin_email: "enkun@connect.neah.local" + keycloak_admin_first_name: "Enkun" + keycloak_admin_last_name: "Administrator" + check_file: "/opt/keycloak/data/.configured" + keycloak_bin: "/opt/keycloak/bin/kcadm.sh" + + tasks: + - name: Lancer le service Keycloak + command: "docker compose up -d --build --remove-orphans keycloak" + args: + chdir: "{{ git_dest }}" + register: keycloak_launch + until: keycloak_launch is success + retries: 3 + delay: 5 + + - name: Vérifier si la configuration a déjà été effectuée + command: docker exec {{ keycloak_container }} test -f {{ check_file }} + register: check_config + changed_when: false + failed_when: false + + - name: Configurer les credentials avec kcadm.sh + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} config credentials --server {{ keycloak_server }} --realm {{ keycloak_realm }} --user {{ keycloak_old_admin }} --password {{ keycloak_old_password }} + register: config_status + until: config_status is success + retries: 6 + delay: 10 + when: check_config.rc != 0 + + - name: Créer un nouvel utilisateur administrateur + block: + - name: Créer l'utilisateur + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} create users -r {{ keycloak_realm }} -s username={{ keycloak_admin_user }} -s email={{ keycloak_admin_email }} -s firstName={{ keycloak_admin_first_name }} -s lastName={{ keycloak_admin_last_name }} -s emailVerified=true -s enabled=true + register: create_user + + - name: Définir le mot de passe + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} set-password -r {{ keycloak_realm }} --username {{ keycloak_admin_user }} --new-password {{ keycloak_admin_password }} --temporary=false + register: set_password + + - name: Attribuer le rôle d'administrateur + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} add-roles -r {{ keycloak_realm }} --uusername {{ keycloak_admin_user }} --rolename admin + register: add_role + when: check_config.rc != 0 + rescue: + - name: Gérer les erreurs de configuration + debug: + msg: "Erreur lors de la configuration de l'utilisateur administrateur" + + - name: Supprimer l'administrateur temporaire + block: + - name: Récupérer les informations + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} get users -r {{ keycloak_realm }} -q username={{ keycloak_old_admin }} + register: temp_admin_info + + - name: Extraire l'ID + set_fact: + temp_admin_id: "{{ (temp_admin_info.stdout | from_json)[0].id }}" + + - name: Supprimer l'utilisateur + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} delete users/{{ temp_admin_id }} + when: check_config.rc != 0 + + - name: Marquer la configuration comme terminée + shell: docker exec {{ keycloak_container }} touch {{ check_file }} + when: check_config.rc != 0 + + handlers: + - name: Redémarrer Keycloak + command: "docker compose restart keycloak" + args: + chdir: "{{ git_dest }}" diff --git a/ansible/run_playbooks.sh b/ansible/run_playbooks.sh new file mode 100755 index 0000000..2f3c9b6 --- /dev/null +++ b/ansible/run_playbooks.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Définition des couleurs pour une meilleure lisibilité +GREEN='\033[0;32m' +RED='\033[0;31m' +NC='\033[0m' # No Color + +# Liste des playbooks à exécuter +PLAYBOOKS=( + "playbooks/1_docker.yml" + "playbooks/2_portainer.yml" + "playbooks/3_keycloak.yml" +) + +# Fonction pour exécuter un playbook +run_playbook() { + echo -e "${GREEN}Exécution du playbook: $1${NC}" + if ansible-playbook --ask-become-pass "$1"; then + echo -e "${GREEN}✓ Playbook $1 exécuté avec succès${NC}" + return 0 + else + echo -e "${RED}✗ Erreur lors de l'exécution du playbook $1${NC}" + return 1 + fi +} + +# Vérifier si Ansible est installé +if ! command -v ansible-playbook &> /dev/null; then + echo -e "${RED}Erreur: ansible-playbook n'est pas installé${NC}" + exit 1 +fi + +# Exécuter chaque playbook +for playbook in "${PLAYBOOKS[@]}"; do + if [ ! -f "$playbook" ]; then + echo -e "${RED}Erreur: Le playbook $playbook n'existe pas${NC}" + exit 1 + fi + + if ! run_playbook "$playbook"; then + echo -e "${RED}Arrêt de l'exécution suite à une erreur${NC}" + exit 1 + fi +done + +echo -e "${GREEN}Tous les playbooks ont été exécutés avec succès${NC}" \ No newline at end of file