Ajout de nouveaux playbooks Ansible pour le déploiement de Keycloak et mise à jour des playbooks existants pour Docker et Portainer avec des améliorations de gestion des erreurs et des configurations.
This commit is contained in:
parent
17bc79708f
commit
788b58282b
@ -1,65 +1,109 @@
|
|||||||
---
|
---
|
||||||
- name: Déploiement Docker et application via Docker Compose
|
- name: Déploiement Docker et application via Docker Compose
|
||||||
hosts: servers
|
hosts: servers
|
||||||
become: yes
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git"
|
git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git"
|
||||||
git_dest: "/opt/Neah-Enkun"
|
git_dest: "/opt/Neah-Enkun"
|
||||||
git_branch: "master"
|
git_branch: "master"
|
||||||
traefik_service_name: "traefik"
|
traefik_service_name: "traefik"
|
||||||
tasks:
|
docker_packages:
|
||||||
- name: Mise à jour des paquets et montée de version
|
- apt-transport-https
|
||||||
apt:
|
- ca-certificates
|
||||||
update_cache: yes
|
- curl
|
||||||
upgrade: dist
|
- gnupg-agent
|
||||||
|
- software-properties-common
|
||||||
|
docker_core_packages:
|
||||||
|
- docker-ce
|
||||||
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
|
- docker-compose
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- name: Mise à jour des paquets
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
|
upgrade: dist
|
||||||
|
register: apt_update_status
|
||||||
|
until: apt_update_status is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
|
||||||
|
tasks:
|
||||||
- name: Installer les dépendances pour Docker
|
- name: Installer les dépendances pour Docker
|
||||||
apt:
|
apt:
|
||||||
name:
|
name: "{{ docker_packages }}"
|
||||||
- apt-transport-https
|
|
||||||
- ca-certificates
|
|
||||||
- curl
|
|
||||||
- gnupg-agent
|
|
||||||
- software-properties-common
|
|
||||||
state: present
|
state: present
|
||||||
|
register: pkg_status
|
||||||
|
until: pkg_status is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
|
||||||
- name: Ajouter la clé GPG officielle de Docker
|
- name: Ajouter la clé GPG officielle de Docker
|
||||||
apt_key:
|
apt_key:
|
||||||
url: https://download.docker.com/linux/ubuntu/gpg
|
url: https://download.docker.com/linux/ubuntu/gpg
|
||||||
state: present
|
state: present
|
||||||
|
register: gpg_status
|
||||||
|
until: gpg_status is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
|
||||||
- name: Ajouter le dépôt Docker
|
- name: Ajouter le dépôt Docker
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
|
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
|
||||||
state: present
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
register: repo_status
|
||||||
|
until: repo_status is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
|
||||||
- name: Installer Docker CE et ses composants
|
- name: Installer Docker et ses composants
|
||||||
apt:
|
apt:
|
||||||
name:
|
name: "{{ docker_core_packages }}"
|
||||||
- docker-ce
|
|
||||||
- docker-ce-cli
|
|
||||||
- containerd.io
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Installer Docker Compose
|
|
||||||
apt:
|
|
||||||
name: docker-compose
|
|
||||||
state: present
|
state: present
|
||||||
|
register: docker_status
|
||||||
|
until: docker_status is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
|
||||||
- name: S'assurer que le service Docker est démarré et activé
|
- name: S'assurer que le service Docker est démarré et activé
|
||||||
service:
|
service:
|
||||||
name: docker
|
name: docker
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
register: docker_service_status
|
||||||
|
until: docker_service_status is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
|
||||||
- name: Cloner le dépôt Git
|
- name: Cloner le dépôt Git
|
||||||
git:
|
git:
|
||||||
repo: "{{ git_repo }}"
|
repo: "{{ git_repo }}"
|
||||||
dest: "{{ git_dest }}"
|
dest: "{{ git_dest }}"
|
||||||
version: "{{ git_branch }}"
|
version: "{{ git_branch }}"
|
||||||
update: yes
|
update: true
|
||||||
|
force: true
|
||||||
|
register: git_status
|
||||||
|
until: git_status is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
|
||||||
- name: Lancer le service Traefik
|
- name: Lancer le service Traefik
|
||||||
command: "docker compose up -d --build --remove-orphans {{ traefik_service_name }}"
|
command: "docker compose up -d --build --remove-orphans {{ traefik_service_name }}"
|
||||||
args:
|
args:
|
||||||
chdir: "{{ git_dest }}"
|
chdir: "{{ git_dest }}"
|
||||||
|
register: traefik_status
|
||||||
|
until: traefik_status is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
changed_when: traefik_status.rc == 0
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: Redémarrer Docker
|
||||||
|
service:
|
||||||
|
name: docker
|
||||||
|
state: restarted
|
||||||
|
|||||||
@ -1,23 +1,50 @@
|
|||||||
---
|
---
|
||||||
- name: Installer et configurer Portainer
|
- name: Installer et configurer Portainer
|
||||||
hosts: servers
|
hosts: servers
|
||||||
become: yes
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
git_dest: "/opt/Neah-Enkun"
|
git_dest: "/opt/Neah-Enkun"
|
||||||
portainer_password: "@wp@36#@%yXo2@y78&$mXeN#6E@W2r9d"
|
portainer_password: "@wp@36#@%yXo2@y78&$mXeN#6E@W2r9d"
|
||||||
portainer_service_name: "portainer"
|
portainer_service_name: "portainer"
|
||||||
|
portainer_password_file: "portainer_password"
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
- name: Vérifier si le fichier de mot de passe existe déjà
|
||||||
|
stat:
|
||||||
|
path: "{{ git_dest }}/{{ portainer_password_file }}"
|
||||||
|
register: password_file
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
- name: Écrire le mot de passe Portainer dans un fichier temporaire
|
- name: Écrire le mot de passe Portainer dans un fichier temporaire
|
||||||
copy:
|
copy:
|
||||||
content: "{{ portainer_password }}"
|
content: "{{ portainer_password }}"
|
||||||
dest: "{{ git_dest }}/portainer_password"
|
dest: "{{ git_dest }}/{{ portainer_password_file }}"
|
||||||
|
mode: "0600"
|
||||||
|
force: true
|
||||||
|
register: write_password
|
||||||
|
until: write_password is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
when: not password_file.stat.exists
|
||||||
|
|
||||||
- name: Lancer le service Portainer
|
- name: Lancer le service Portainer
|
||||||
command: "docker compose up -d --build --remove-orphans {{ portainer_service_name }}"
|
command: "docker compose up -d --build --remove-orphans {{ portainer_service_name }}"
|
||||||
args:
|
args:
|
||||||
chdir: "{{ git_dest }}"
|
chdir: "{{ git_dest }}"
|
||||||
|
register: portainer_launch
|
||||||
|
until: portainer_launch is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
notify: Nettoyer les fichiers temporaires
|
||||||
|
|
||||||
- name: Supprimer le fichier temporaire contenant le mot de passe Portainer
|
handlers:
|
||||||
|
- name: Nettoyer les fichiers temporaires
|
||||||
file:
|
file:
|
||||||
path: "{{ git_dest }}/portainer_password"
|
path: "{{ git_dest }}/{{ portainer_password_file }}"
|
||||||
state: absent
|
state: absent
|
||||||
|
register: cleanup
|
||||||
|
until: cleanup is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
|||||||
87
ansible/playbooks/3_keycloak.yml
Normal file
87
ansible/playbooks/3_keycloak.yml
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
---
|
||||||
|
- name: Installer et configurer Keycloak
|
||||||
|
hosts: servers
|
||||||
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
git_dest: "/opt/Neah-Enkun"
|
||||||
|
keycloak_container: "neah-keycloak"
|
||||||
|
keycloak_server: "http://localhost:8080"
|
||||||
|
keycloak_realm: "master"
|
||||||
|
keycloak_old_admin: "admin"
|
||||||
|
keycloak_old_password: "0aff634a5aab66c4cddc0fe9221e4d02defc87c98d2cd81ce6e8e04271f6c189"
|
||||||
|
keycloak_admin_user: "enkun"
|
||||||
|
keycloak_admin_password: "9569dd645b4963262f76f10dc320b114c62950ea4927c1806c3df56b03185297"
|
||||||
|
keycloak_admin_email: "enkun@connect.neah.local"
|
||||||
|
keycloak_admin_first_name: "Enkun"
|
||||||
|
keycloak_admin_last_name: "Administrator"
|
||||||
|
check_file: "/opt/keycloak/data/.configured"
|
||||||
|
keycloak_bin: "/opt/keycloak/bin/kcadm.sh"
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Lancer le service Keycloak
|
||||||
|
command: "docker compose up -d --build --remove-orphans keycloak"
|
||||||
|
args:
|
||||||
|
chdir: "{{ git_dest }}"
|
||||||
|
register: keycloak_launch
|
||||||
|
until: keycloak_launch is success
|
||||||
|
retries: 3
|
||||||
|
delay: 5
|
||||||
|
|
||||||
|
- name: Vérifier si la configuration a déjà été effectuée
|
||||||
|
command: docker exec {{ keycloak_container }} test -f {{ check_file }}
|
||||||
|
register: check_config
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
|
||||||
|
- name: Configurer les credentials avec kcadm.sh
|
||||||
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} config credentials --server {{ keycloak_server }} --realm {{ keycloak_realm }} --user {{ keycloak_old_admin }} --password {{ keycloak_old_password }}
|
||||||
|
register: config_status
|
||||||
|
until: config_status is success
|
||||||
|
retries: 6
|
||||||
|
delay: 10
|
||||||
|
when: check_config.rc != 0
|
||||||
|
|
||||||
|
- name: Créer un nouvel utilisateur administrateur
|
||||||
|
block:
|
||||||
|
- name: Créer l'utilisateur
|
||||||
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} create users -r {{ keycloak_realm }} -s username={{ keycloak_admin_user }} -s email={{ keycloak_admin_email }} -s firstName={{ keycloak_admin_first_name }} -s lastName={{ keycloak_admin_last_name }} -s emailVerified=true -s enabled=true
|
||||||
|
register: create_user
|
||||||
|
|
||||||
|
- name: Définir le mot de passe
|
||||||
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} set-password -r {{ keycloak_realm }} --username {{ keycloak_admin_user }} --new-password {{ keycloak_admin_password }} --temporary=false
|
||||||
|
register: set_password
|
||||||
|
|
||||||
|
- name: Attribuer le rôle d'administrateur
|
||||||
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} add-roles -r {{ keycloak_realm }} --uusername {{ keycloak_admin_user }} --rolename admin
|
||||||
|
register: add_role
|
||||||
|
when: check_config.rc != 0
|
||||||
|
rescue:
|
||||||
|
- name: Gérer les erreurs de configuration
|
||||||
|
debug:
|
||||||
|
msg: "Erreur lors de la configuration de l'utilisateur administrateur"
|
||||||
|
|
||||||
|
- name: Supprimer l'administrateur temporaire
|
||||||
|
block:
|
||||||
|
- name: Récupérer les informations
|
||||||
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} get users -r {{ keycloak_realm }} -q username={{ keycloak_old_admin }}
|
||||||
|
register: temp_admin_info
|
||||||
|
|
||||||
|
- name: Extraire l'ID
|
||||||
|
set_fact:
|
||||||
|
temp_admin_id: "{{ (temp_admin_info.stdout | from_json)[0].id }}"
|
||||||
|
|
||||||
|
- name: Supprimer l'utilisateur
|
||||||
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} delete users/{{ temp_admin_id }}
|
||||||
|
when: check_config.rc != 0
|
||||||
|
|
||||||
|
- name: Marquer la configuration comme terminée
|
||||||
|
shell: docker exec {{ keycloak_container }} touch {{ check_file }}
|
||||||
|
when: check_config.rc != 0
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: Redémarrer Keycloak
|
||||||
|
command: "docker compose restart keycloak"
|
||||||
|
args:
|
||||||
|
chdir: "{{ git_dest }}"
|
||||||
46
ansible/run_playbooks.sh
Executable file
46
ansible/run_playbooks.sh
Executable file
@ -0,0 +1,46 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Définition des couleurs pour une meilleure lisibilité
|
||||||
|
GREEN='\033[0;32m'
|
||||||
|
RED='\033[0;31m'
|
||||||
|
NC='\033[0m' # No Color
|
||||||
|
|
||||||
|
# Liste des playbooks à exécuter
|
||||||
|
PLAYBOOKS=(
|
||||||
|
"playbooks/1_docker.yml"
|
||||||
|
"playbooks/2_portainer.yml"
|
||||||
|
"playbooks/3_keycloak.yml"
|
||||||
|
)
|
||||||
|
|
||||||
|
# Fonction pour exécuter un playbook
|
||||||
|
run_playbook() {
|
||||||
|
echo -e "${GREEN}Exécution du playbook: $1${NC}"
|
||||||
|
if ansible-playbook --ask-become-pass "$1"; then
|
||||||
|
echo -e "${GREEN}✓ Playbook $1 exécuté avec succès${NC}"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
echo -e "${RED}✗ Erreur lors de l'exécution du playbook $1${NC}"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Vérifier si Ansible est installé
|
||||||
|
if ! command -v ansible-playbook &> /dev/null; then
|
||||||
|
echo -e "${RED}Erreur: ansible-playbook n'est pas installé${NC}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Exécuter chaque playbook
|
||||||
|
for playbook in "${PLAYBOOKS[@]}"; do
|
||||||
|
if [ ! -f "$playbook" ]; then
|
||||||
|
echo -e "${RED}Erreur: Le playbook $playbook n'existe pas${NC}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! run_playbook "$playbook"; then
|
||||||
|
echo -e "${RED}Arrêt de l'exécution suite à une erreur${NC}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo -e "${GREEN}Tous les playbooks ont été exécutés avec succès${NC}"
|
||||||
Loading…
x
Reference in New Issue
Block a user