-
Notifications
You must be signed in to change notification settings - Fork 39
Expand file tree
/
Copy pathmain.yml
More file actions
107 lines (98 loc) · 3.53 KB
/
main.yml
File metadata and controls
107 lines (98 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
---
- name: Install script for attaching to pod infra containers
ansible.builtin.copy:
src: podman-pod-infra-attach.sh
dest: /usr/bin/
mode: +x
become: true
- name: Create systemd unit for Zenith pod
ansible.builtin.template:
src: pod.service.j2
dest: /etc/systemd/system/{{ zenith_proxy_service_name }}.service
mode: "0644"
become: true
register: zenith_proxy_pod_systemd_unit
- name: Ensure Zenith pod is started and enabled
ansible.builtin.service:
name: "{{ zenith_proxy_service_name }}.service"
state: "{{ 'restarted' if zenith_proxy_pod_systemd_unit is changed else 'started' }}"
enabled: true
daemon_reload: "{{ zenith_proxy_pod_systemd_unit is changed }}"
become: true
- become: true
when: zenith_proxy_mitm_enabled
block:
- name: Create systemd unit file for MITM proxy
ansible.builtin.template:
src: mitm.service.j2
dest: /etc/systemd/system/{{ zenith_proxy_mitm_service_name }}.service
mode: "0644"
register: zenith_proxy_mitm_systemd_unit
- name: Ensure MITM proxy is started and enabled
ansible.builtin.service:
name: "{{ zenith_proxy_mitm_service_name }}.service"
state: "{{ 'restarted' if zenith_proxy_mitm_systemd_unit is changed else 'started' }}"
enabled: true
daemon_reload: "{{ zenith_proxy_mitm_systemd_unit is changed }}"
- name: Ensure Zenith config directory exists
ansible.builtin.file:
path: /etc/zenith/{{ zenith_proxy_service_name }}
state: directory
mode: "0755"
become: true
- name: Write Zenith client configuration
ansible.builtin.template:
src: zenith-client.yaml.j2
dest: /etc/zenith/{{ zenith_proxy_service_name }}/client.yaml
mode: "0644"
become: true
register: zenith_proxy_client_config_file
- name: Create directory to persist SSH key
ansible.builtin.file:
path: "{{ zenith_proxy_state_dir }}"
state: directory
owner: "{{ zenith_proxy_podman_user }}"
group: "{{ zenith_proxy_podman_user }}"
mode: "0755"
become: true
- name: Initialise Zenith client
# Use a foreground command rather than the podman_container module as I could not
# work out the combination of parameters that produced the desired behaviour :-(
ansible.builtin.command: >-
podman run
--name {{ zenith_proxy_service_name }}-init
--replace
--volume /etc/zenith/{{ zenith_proxy_service_name }}:/etc/zenith:ro
--volume {{ zenith_proxy_state_dir }}:/home/zenith/.ssh
{{ zenith_proxy_client_image }}
zenith-client init
become: true
become_user: "{{ zenith_proxy_podman_user }}"
register: zenith_proxy_client_init
changed_when: zenith_proxy_client_init.rc == 0
failed_when: >-
zenith_proxy_client_init.rc != 0 and
"token has already been used" not in zenith_proxy_client_init.stderr
- name: Create systemd unit file for Zenith client
ansible.builtin.template:
src: client.service.j2
dest: /etc/systemd/system/{{ zenith_proxy_client_service_name }}.service
mode: "0644"
become: true
register: zenith_proxy_client_systemd_unit
- name: Ensure Zenith client is started and enabled
ansible.builtin.service:
name: "{{ zenith_proxy_client_service_name }}.service"
state: >-
{{
'restarted'
if (
zenith_proxy_client_config_file is changed or
zenith_proxy_client_systemd_unit is changed or
zenith_proxy_client_init is changed
)
else 'started'
}}
enabled: true
daemon_reload: "{{ zenith_proxy_client_systemd_unit is changed }}"
become: true