From b8afb2ac648e645e4f407926cf65ab7b5a496e46 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Tue, 2 May 2023 11:51:22 +0200
Subject: [PATCH] terraform docker swarm initialization

---
 ansible/TODO.md                         |  1 +
 ansible/ansible.cfg                     |  8 +++
 ansible/inventory/group_vars/all.yml    |  1 +
 ansible/inventory/host_vars/manager.yml |  7 +++
 ansible/inventory/host_vars/worker1.yml |  1 +
 ansible/inventory/hosts.yml             |  9 ++++
 ansible/playbooks/setup.yml             | 65 +++++++++++++++++++++++++
 ansible/requirements.yml                |  9 ++++
 terraform/.gitignore                    | 38 +++++++++++++++
 terraform/main.tf                       | 33 +++++++++++++
 10 files changed, 172 insertions(+)
 create mode 100644 ansible/TODO.md
 create mode 100644 ansible/ansible.cfg
 create mode 100644 ansible/inventory/group_vars/all.yml
 create mode 100644 ansible/inventory/host_vars/manager.yml
 create mode 100644 ansible/inventory/host_vars/worker1.yml
 create mode 100644 ansible/inventory/hosts.yml
 create mode 100644 ansible/playbooks/setup.yml
 create mode 100644 ansible/requirements.yml
 create mode 100644 terraform/.gitignore
 create mode 100644 terraform/main.tf

diff --git a/ansible/TODO.md b/ansible/TODO.md
new file mode 100644
index 0000000..2e0a10a
--- /dev/null
+++ b/ansible/TODO.md
@@ -0,0 +1 @@
+in traefik role: create docker overlay network
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
new file mode 100644
index 0000000..64e28e8
--- /dev/null
+++ b/ansible/ansible.cfg
@@ -0,0 +1,8 @@
+[defaults]
+roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
+inventory=inventory
+interpreter_python=/usr/bin/python3
+remote_user = root
+
+[diff]
+always = True
diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml
new file mode 100644
index 0000000..a2d8d0d
--- /dev/null
+++ b/ansible/inventory/group_vars/all.yml
@@ -0,0 +1 @@
+data_directory_base: /mnt/data
diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml
new file mode 100644
index 0000000..75dcdf9
--- /dev/null
+++ b/ansible/inventory/host_vars/manager.yml
@@ -0,0 +1,7 @@
+docker_node_labels:
+  - hostname: maestro
+    labels: {}
+  - hostname: worker1
+    labels: {}
+
+data_directories: []
diff --git a/ansible/inventory/host_vars/worker1.yml b/ansible/inventory/host_vars/worker1.yml
new file mode 100644
index 0000000..eaeca20
--- /dev/null
+++ b/ansible/inventory/host_vars/worker1.yml
@@ -0,0 +1 @@
+data_directories: []
diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml
new file mode 100644
index 0000000..f2b948c
--- /dev/null
+++ b/ansible/inventory/hosts.yml
@@ -0,0 +1,9 @@
+all:
+  hosts:
+    manager:
+      ansible_host: maestro.dmz
+  children:
+    workers:
+      hosts:
+        worker1:
+          ansible_host: worker1.dmz
diff --git a/ansible/playbooks/setup.yml b/ansible/playbooks/setup.yml
new file mode 100644
index 0000000..d5006a8
--- /dev/null
+++ b/ansible/playbooks/setup.yml
@@ -0,0 +1,65 @@
+---
+- name: Wait for Cloud-init to finish
+  hosts: all
+  gather_facts: no
+  roles:
+    - cloudinit_wait
+
+- name: Initialize Docker Swarm nodes
+  hosts: all
+  pre_tasks:
+    - name: Delete externally managed environment file
+      shell:
+        cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
+      register: rm
+      changed_when: "rm.rc == 0"
+      failed_when: "false"
+
+    - name: Create data directories
+      file:
+        state: directory
+        path: "{{ data_directory_base }}/{{ item }}"
+        recurse: true
+        mode: 0777
+      loop: "{{ data_directories }}"
+
+  roles:
+    - setup_apt
+    - docker
+
+- name: Setup Docker Swarm manager
+  hosts: manager
+  tasks:
+    - name: Install pip packages
+      pip:
+        name:
+          - jsondiff
+          - pyyaml
+
+    - name: Create Docker Swarm
+      docker_swarm:
+    
+    - name: Get Docker Swarm manager info
+      docker_swarm_info:
+        nodes: yes
+        nodes_filters:
+          name: manager
+      register: swarm_info
+
+- hosts: workers
+  tasks:
+    - name: Join Docker Swarm
+      docker_swarm:
+        state: join
+        join_token: "{{ hostvars.manager.swarm_info.swarm_facts.JoinTokens.Worker }}"
+        remote_addrs:
+          - "{{ hostvars.manager.ansible_default_ipv4.address }}"
+
+- hosts: manager
+  tasks:
+    - name: Add labels to Docker Swarm
+      docker_node:
+        hostname: "{{ item.hostname }}"
+        labels: "{{ item.labels }}"
+        labels_state: replace
+      loop: "{{ docker_node_labels }}"
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
new file mode 100644
index 0000000..b54ff45
--- /dev/null
+++ b/ansible/requirements.yml
@@ -0,0 +1,9 @@
+- name: setup_apt
+  src: https://github.com/sunscrapers/ansible-role-apt.git
+  scm: git
+- name: docker
+  src: https://git.pim.kunis.nl/pim/ansible-role-docker
+  scm: git
+- name: cloudinit_wait
+  src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
+  scm: git
diff --git a/terraform/.gitignore b/terraform/.gitignore
new file mode 100644
index 0000000..33b954c
--- /dev/null
+++ b/terraform/.gitignore
@@ -0,0 +1,38 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+*.tfbackend
+
+.vault_password
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000..3d4606d
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,33 @@
+terraform {
+  backend "pg" {
+    schema_name = "shoarma"
+    conn_str    = "postgres://terraform@10.42.0.1/terraform_state"
+  }
+
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+    }
+  }
+}
+
+provider "libvirt" {
+  uri = "qemu+ssh://root@atlas.hyp/system"
+}
+
+module "manager" {
+  source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  name        = "maestro"
+  domain_name = "tf-maestro"
+  memory      = 1024
+}
+
+module "workers" {
+  for_each = {
+    worker1 = "tf-worker1"
+  }
+  source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  name        = each.key
+  domain_name = each.value
+  memory      = 1024 * 3
+}