-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathcreate.yml
142 lines (129 loc) · 4.12 KB
/
create.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
---
- hosts: localhost
tasks:
- name: Gather information about DigitalOcean droplets
community.digitalocean.digital_ocean_droplet_info:
register: do_droplets
- name: Gather information about DigitalOcean SSH keys
community.digitalocean.digital_ocean_sshkey_info:
register: do_ssh_keys
- name: Print info on existing droplets
ansible.builtin.debug:
msg: >-
{{ item.name }}:
{{ item.networks.v4 | map(attribute='ip_address') | join(',') }}
loop: "{{ do_droplets.data }}"
loop_control:
label: "{{ item.id }}"
- name: "Enter name for new droplet (subdomain only)"
ansible.builtin.pause:
register: input_name
when: host is not defined
- name: "Enter functional name for new droplet (webNN)"
ansible.builtin.pause:
register: input_functional
when: functional is not defined
- name: Print available SSH public keys
ansible.builtin.debug:
msg: "{{ item.name}} {{ item.fingerprint }}"
loop: "{{ do_ssh_keys.data }}"
loop_control:
label: "{{ item.id }}"
- name: "Enter SSH key names for new droplet (space separated)"
ansible.builtin.pause:
register: input_ssh_keys
when: ssh_keys is not defined
- name: Set droplet facts
ansible.builtin.set_fact:
host: >-
{{
(host if host is defined else input_name.user_input) |
trim
}}
functional: >-
{{
(functional if functional is defined else input_functional.user_input) |
trim
}}
ssh_fingerprints: >-
{{
do_ssh_keys.data |
selectattr(
'name',
'in',
(ssh_keys if ssh_keys is defined
else input_ssh_keys.user_input) | split) |
map(attribute='fingerprint')
}}
- name: Verify droplet configuration
ansible.builtin.assert:
that:
- host in valid_planets
# Must not be an existing name.
- >-
do_droplets.data |
selectattr('name', 'equalto', host + '.matplotlib.org') |
count == 0
# TODO: Also check that functional name doesn't already exist.
- functional is regex('^web[0-9][0-9]$')
# At least 1 key, and same number as requested.
- ssh_fingerprints | length >= 1
- >-
ssh_fingerprints | length == (
ssh_keys if ssh_keys is defined
else input_ssh_keys.user_input) | split | length
- name: Print configuration
ansible.builtin.debug:
msg: "Creating droplet '{{ host }}' with SSH keys {{ ssh_fingerprints }}"
- name: Please verify the above configuration
ansible.builtin.pause:
- name: Create droplet on DigitalOcean
community.digitalocean.digital_ocean_droplet:
state: present
name: "{{ host }}.matplotlib.org"
firewall:
- Web
image: fedora-39-x64
monitoring: true
project: matplotlib.org
region: tor1
size: s-1vcpu-2gb
ssh_keys: "{{ ssh_fingerprints }}"
tags:
- website
unique_name: true
register: new_droplet
- name: Setup DNS for droplet on CloudFlare
community.general.cloudflare_dns:
state: present
proxied: true
record: "{{ host }}"
type: A
value: >-
{{
new_droplet.data.droplet.networks.v4 |
selectattr('type', 'equalto', 'public') |
map(attribute='ip_address') |
first
}}
zone: matplotlib.org
- name: Setup functional DNS for droplet on CloudFlare
community.general.cloudflare_dns:
state: present
proxied: true
record: "{{ functional }}"
type: CNAME
value: "{{ host }}.matplotlib.org"
zone: matplotlib.org
vars:
# We currently name servers based on planets in the Solar System.
valid_planets:
- mercury
- venus
- earth
- mars
- jupiter
- saturn
- uranus
- neptune
- pluto