infrastructure/k8s/roles/concourse-worker/tasks/main.yml

104 lines
No EOL
2.8 KiB
YAML

---
- name: Install Docker dependencies
ansible.builtin.package:
name:
- ca-certificates
- curl
- gnupg
- lsb-release
state: latest
- name: Add Docker GPG key
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
keyring: /etc/apt/keyrings/docker.gpg
- name: Add Docker repository
ansible.builtin.apt_repository:
repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable
state: present
- name: Install Docker
ansible.builtin.package:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
state: latest
register: install_docker
- name: Restart Docker service
ansible.builtin.service:
name: docker
state: restarted
when: install_docker.changed
- name: Download concourse
ansible.builtin.get_url:
url: https://github.com/concourse/concourse/releases/download/v{{ concourse_version }}/concourse-{{ concourse_version }}-linux-amd64.tgz
dest: /tmp/concourse.tgz
mode: '0640'
checksum: sha1:https://github.com/concourse/concourse/releases/download/v{{ concourse_version }}/concourse-{{ concourse_version }}-linux-amd64.tgz.sha1
register: download_concourse
- name: Extract concourse
ansible.builtin.unarchive:
src: /tmp/concourse.tgz
dest: /opt/
remote_src: true
when: download_concourse.changed
- name: Create concourse user
ansible.builtin.user:
name: concourse
home: /var/lib/concourse
shell: /bin/false
groups: users,docker
- name: Create /etc/concourse
ansible.builtin.file:
path: /etc/concourse
state: directory
- name: Create /etc/concourse
ansible.builtin.file:
path: /var/lib/concourse/.ssh
state: directory
owner: concourse
- name: Deploy concourse keys
ansible.builtin.copy:
content: "{{ item.content }}"
dest: "{{ item.dest }}"
mode: '0440'
loop:
- content: "{{ concourse.worker.workerKey }}"
dest: /var/lib/concourse/.ssh/id_rsa
- content: "{{ concourse.worker.workerKeyPub }}"
dest: /var/lib/concourse/.ssh/id_rsa.pub
- content: "{{ concourse.worker.hostKeyPub }}"
dest: /var/lib/concourse/.ssh/web_key.pub
- name: Create concourse config
ansible.builtin.template:
src: concourse-cfg.j2
dest: /etc/concourse/worker
mode: '0640'
register: create_concourse_config
- name: Create concourse service file
ansible.builtin.template:
src: concourse-worker.service.j2
dest: /lib/systemd/system/concourse-worker.service
mode: '0640'
register: create_concourse_service
- name: Make sure a service unit is running
ansible.builtin.systemd:
name: concourse-worker
state: restarted
daemon_reload: true
enabled: true
when: create_concourse_service.changed or create_concourse_config.changed