mirror of
https://github.com/trailofbits/algo.git
synced 2025-07-25 06:53:00 +02:00
c3fcfe5d0d
Make dpdaction great again add 1704 to travis Make EC2 image name more convenient modify apparmor profile
102 lines
2.7 KiB
YAML
102 lines
2.7 KiB
YAML
- name: Set the DigitalOcean Access Token fact
|
|
set_fact:
|
|
do_token: "{{ do_access_token | default(lookup('env','DO_API_TOKEN'), true) }}"
|
|
public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
|
|
|
|
- block:
|
|
- name: "Delete the existing Algo SSH keys"
|
|
digital_ocean:
|
|
state: absent
|
|
command: ssh
|
|
api_token: "{{ do_token }}"
|
|
name: "{{ SSH_keys.comment }}"
|
|
register: ssh_keys
|
|
until: ssh_keys.changed != true
|
|
retries: 10
|
|
delay: 1
|
|
|
|
rescue:
|
|
- name: Collect the fail error
|
|
digital_ocean:
|
|
state: absent
|
|
command: ssh
|
|
api_token: "{{ do_token }}"
|
|
name: "{{ SSH_keys.comment }}"
|
|
register: ssh_keys
|
|
ignore_errors: yes
|
|
|
|
- debug: var=ssh_keys
|
|
|
|
- fail:
|
|
msg: "Please, ensure that your API token is not read-only."
|
|
|
|
- name: "Upload the SSH key"
|
|
digital_ocean:
|
|
state: present
|
|
command: ssh
|
|
ssh_pub_key: "{{ public_key }}"
|
|
api_token: "{{ do_token }}"
|
|
name: "{{ SSH_keys.comment }}"
|
|
register: do_ssh_key
|
|
|
|
- name: "Creating a droplet..."
|
|
digital_ocean:
|
|
state: present
|
|
command: droplet
|
|
name: "{{ do_server_name }}"
|
|
region_id: "{{ do_region }}"
|
|
size_id: "{{ cloud_providers.digitalocean.size }}"
|
|
image_id: "{{ cloud_providers.digitalocean.image }}"
|
|
ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
|
|
unique_name: yes
|
|
api_token: "{{ do_token }}"
|
|
ipv6: yes
|
|
register: do
|
|
|
|
- name: Add the droplet to an inventory group
|
|
add_host:
|
|
name: "{{ do.droplet.ip_address }}"
|
|
groups: vpn-host
|
|
ansible_ssh_user: root
|
|
ansible_python_interpreter: "/usr/bin/python2.7"
|
|
ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
|
|
do_access_token: "{{ do_token }}"
|
|
do_droplet_id: "{{ do.droplet.id }}"
|
|
cloud_provider: digitalocean
|
|
ipv6_support: true
|
|
|
|
- set_fact:
|
|
cloud_instance_ip: "{{ do.droplet.ip_address }}"
|
|
|
|
- name: Tag the droplet
|
|
digital_ocean_tag:
|
|
name: "Environment:Algo"
|
|
resource_id: "{{ do.droplet.id }}"
|
|
api_token: "{{ do_token }}"
|
|
state: present
|
|
|
|
- name: Get droplets
|
|
uri:
|
|
url: "https://api.digitalocean.com/v2/droplets?tag_name=Environment:Algo"
|
|
method: GET
|
|
status_code: 200
|
|
headers:
|
|
Content-Type: "application/json"
|
|
Authorization: "Bearer {{ do_token }}"
|
|
register: do_droplets
|
|
|
|
- name: Ensure the group digitalocean exists in the dynamic inventory file
|
|
lineinfile:
|
|
state: present
|
|
dest: configs/inventory.dynamic
|
|
line: '[digitalocean]'
|
|
|
|
- name: Populate the dynamic inventory
|
|
lineinfile:
|
|
state: present
|
|
dest: configs/inventory.dynamic
|
|
insertafter: '\[digitalocean\]'
|
|
regexp: "^{{ item.networks.v4[0].ip_address }}.*"
|
|
line: "{{ item.networks.v4[0].ip_address }}"
|
|
with_items:
|
|
- "{{ do_droplets.json.droplets }}"
|