161 lines
5.4 KiB
YAML
161 lines
5.4 KiB
YAML
---
|
|
- name: Ensure application stack destination directory exists
|
|
file:
|
|
path: "{{ application_stack_dest }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Check if vault file exists locally
|
|
stat:
|
|
path: "{{ application_vault_file }}"
|
|
delegate_to: localhost
|
|
register: application_vault_stat
|
|
become: no
|
|
|
|
- name: Optionally load application secrets from vault
|
|
include_vars:
|
|
file: "{{ application_vault_file }}"
|
|
when: application_vault_stat.stat.exists
|
|
no_log: yes
|
|
ignore_errors: yes
|
|
delegate_to: localhost
|
|
become: no
|
|
|
|
- name: Check if PostgreSQL .env exists on target host
|
|
stat:
|
|
path: "{{ stacks_base_path }}/postgresql/.env"
|
|
register: application_postgres_env_file
|
|
changed_when: false
|
|
|
|
- name: Extract PostgreSQL password from .env file
|
|
shell: "grep '^POSTGRES_PASSWORD=' {{ stacks_base_path }}/postgresql/.env 2>/dev/null | cut -d'=' -f2- || echo ''"
|
|
register: application_postgres_password
|
|
changed_when: false
|
|
failed_when: false
|
|
when: application_postgres_env_file.stat.exists
|
|
no_log: yes
|
|
|
|
- name: Determine application database password
|
|
set_fact:
|
|
application_db_password: >-
|
|
{{ (application_postgres_env_file.stat.exists and application_postgres_password.stdout != '') |
|
|
ternary(application_postgres_password.stdout,
|
|
vault_db_root_password | default(lookup('password', '/dev/null length=32 chars=ascii_letters,digits,punctuation'))) }}
|
|
no_log: yes
|
|
|
|
- name: Determine application redis password
|
|
set_fact:
|
|
application_redis_password: "{{ redis_password | default(vault_redis_password | default('')) }}"
|
|
no_log: yes
|
|
|
|
- name: Ensure redis password provided via vault
|
|
fail:
|
|
msg: >-
|
|
Redis credentials are missing. Define vault_redis_password in
|
|
{{ application_vault_file }} (encrypted with ansible-vault) or pass
|
|
redis_password via extra vars.
|
|
when: (application_redis_password | string | trim) == ''
|
|
|
|
- name: Determine application app key
|
|
set_fact:
|
|
application_app_key: "{{ app_key | default(vault_app_key | default('')) }}"
|
|
no_log: yes
|
|
|
|
- name: Ensure application app key provided via vault
|
|
fail:
|
|
msg: >-
|
|
Application key missing. Define vault_app_key in
|
|
{{ application_vault_file }} (ansible-vault) or pass app_key via extra vars.
|
|
when: (application_app_key | string | trim) == ''
|
|
|
|
- name: Determine encryption key (optional)
|
|
set_fact:
|
|
application_encryption_key: "{{ encryption_key | default(vault_encryption_key | default('')) }}"
|
|
no_log: yes
|
|
|
|
- name: Check if application docker-compose.base.yml source exists locally
|
|
stat:
|
|
path: "{{ application_stack_src }}/docker-compose.base.yml"
|
|
delegate_to: localhost
|
|
register: application_compose_base_src
|
|
become: no
|
|
|
|
- name: Check if application docker-compose override file exists locally (production or staging)
|
|
stat:
|
|
path: "{{ application_stack_src }}/../../../docker-compose.{{ application_compose_suffix }}"
|
|
delegate_to: localhost
|
|
register: application_compose_override_src
|
|
become: no
|
|
|
|
- name: Copy application docker-compose.base.yml to target host
|
|
copy:
|
|
src: "{{ application_stack_src }}/docker-compose.base.yml"
|
|
dest: "{{ application_stack_dest }}/docker-compose.base.yml"
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
mode: '0644'
|
|
when: application_compose_base_src.stat.exists
|
|
|
|
- name: Copy application docker-compose override file to target host (production or staging)
|
|
copy:
|
|
src: "{{ application_stack_src }}/../../../docker-compose.{{ application_compose_suffix }}"
|
|
dest: "{{ application_stack_dest }}/docker-compose.{{ application_compose_suffix }}"
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
mode: '0644'
|
|
when: application_compose_override_src.stat.exists
|
|
|
|
- name: Check if legacy docker-compose.yml exists (fallback)
|
|
stat:
|
|
path: "{{ application_stack_src }}/docker-compose.yml"
|
|
delegate_to: localhost
|
|
register: application_compose_src
|
|
become: no
|
|
when: not (application_compose_base_src.stat.exists | default(false))
|
|
|
|
- name: Copy application docker-compose.yml to target host (fallback for legacy)
|
|
copy:
|
|
src: "{{ application_stack_src }}/docker-compose.yml"
|
|
dest: "{{ application_stack_dest }}/docker-compose.yml"
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
mode: '0644'
|
|
when:
|
|
- application_compose_src is defined
|
|
- application_compose_src.stat.exists | default(false)
|
|
- not (application_compose_base_src.stat.exists | default(false))
|
|
|
|
- name: Check if nginx configuration exists locally
|
|
stat:
|
|
path: "{{ application_stack_src }}/nginx"
|
|
delegate_to: localhost
|
|
register: application_nginx_src
|
|
become: no
|
|
|
|
- name: Synchronize nginx configuration
|
|
copy:
|
|
src: "{{ application_stack_src }}/nginx/"
|
|
dest: "{{ application_stack_dest }}/nginx/"
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
mode: '0644'
|
|
when: application_nginx_src.stat.exists
|
|
|
|
- name: Expose secrets for template rendering
|
|
set_fact:
|
|
db_password: "{{ application_db_password }}"
|
|
redis_password: "{{ application_redis_password }}"
|
|
app_key: "{{ application_app_key }}"
|
|
encryption_key: "{{ application_encryption_key }}"
|
|
db_username: "{{ db_user | default(db_user_default) }}"
|
|
db_name: "{{ db_name | default(db_name_default) }}"
|
|
no_log: yes
|
|
|
|
- name: Render application environment file
|
|
template:
|
|
src: "{{ application_env_template }}"
|
|
dest: "{{ application_stack_dest }}/.env"
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
mode: '0600'
|