diff --git a/restart_kasm.yml b/restart_kasm.yml index a850c9e..728f6db 100644 --- a/restart_kasm.yml +++ b/restart_kasm.yml @@ -1,3 +1,6 @@ -- import_playbook: stop_kasm.yml +--- +- name: Stop Kasm Services + import_playbook: stop_kasm.yml -- import_playbook: start_kasm.yml +- name: Start Kasm Services + import_playbook: start_kasm.yml diff --git a/roles/install_common/tasks/add_zones.yml b/roles/install_common/tasks/add_zones.yml index a8ce174..26044a4 100644 --- a/roles/install_common/tasks/add_zones.yml +++ b/roles/install_common/tasks/add_zones.yml @@ -1,23 +1,24 @@ +--- - name: Add additional zones when: i != 0 loop: "{{ zones }}" loop_control: index_var: i - blockinfile: - marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}" + ansible.builtin.blockinfile: + marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}" state: present insertafter: EOF - dest: "{{ tempdir.path }}/kasm_release/conf/database/seed_data/default_properties.yaml" + dest: "{{ install_common_tempdir.path }}/kasm_release/conf/database/seed_data/default_properties.yaml" content: | - - allow_origin_domain: $request_host$ - load_strategy: least_load - primary_manager_id: null - prioritize_static_agents: true - proxy_connections: true - proxy_hostname: $request_host$ - proxy_path: desktop - proxy_port: {{ proxy_port }} - search_alternate_zones: true - upstream_auth_address: $request_host$ - zone_id: "${uuid:zone_id:{{ i + 1 }}}" - zone_name: {{ item }} + - allow_origin_domain: $request_host$ + load_strategy: least_load + primary_manager_id: null + prioritize_static_agents: true + proxy_connections: true + proxy_hostname: $request_host$ + proxy_path: desktop + proxy_port: {{ proxy_port }} + search_alternate_zones: true + upstream_auth_address: $request_host$ + zone_id: "${uuid:zone_id:{{ i + 1 }}}" + zone_name: {{ item }} diff --git a/roles/install_common/tasks/agent_install.yml b/roles/install_common/tasks/agent_install.yml index 4537e4c..e47ac00 100644 --- a/roles/install_common/tasks/agent_install.yml +++ b/roles/install_common/tasks/agent_install.yml @@ -1,6 +1,7 @@ +--- - name: Check connection from agent to webserver - uri: - url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck" + ansible.builtin.uri: + url: "https://{{ install_common_web_host }}:{{ proxy_port }}/api/__healthcheck" timeout: 5 validate_certs: false register: _result @@ -9,19 +10,20 @@ delay: 5 - name: Install agent role - command: > - bash {{ tempdir.path }}/kasm_release/install.sh - --role agent - --accept-eula - --proxy-port {{ proxy_port }} - --public-hostname {{ target_ip }} - --manager-hostname {{ web_ip }} - --manager-token {{ manager_token }} - {{ '-s ' ~ service_images_copy.dest if service_images_file }} - {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }} - {{ '-x ' ~ network_plugin_copy.dest if network_plugin_file }} + ansible.builtin.command: > + bash {{ install_common_tempdir.path }}/kasm_release/install.sh + --role agent + --accept-eula + --proxy-port {{ proxy_port }} + --public-hostname {{ install_common_target_host }} + --manager-hostname {{ install_common_web_host }} + --manager-token {{ manager_token }} + {{ '-s ' ~ install_common_service_images_copy.dest if install_common_service_images_file }} + {{ '-w ' ~ install_common_workspace_images_copy.dest if install_common_workspace_images_file }} + {{ '-x ' ~ install_common_network_plugin_copy.dest if install_common_network_plugin_file }} register: install_output become: true retries: 20 delay: 10 - until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr) + until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in + install_output.stderr) diff --git a/roles/install_common/tasks/copy_installer.yml b/roles/install_common/tasks/copy_installer.yml index 594454a..5d13bf0 100644 --- a/roles/install_common/tasks/copy_installer.yml +++ b/roles/install_common/tasks/copy_installer.yml @@ -1,48 +1,59 @@ +--- # List of files in the files directory matching the installer, service_images, and workspace images. -- set_fact: - installer_glob: "{{ lookup('fileglob', '{{role_path}}/files/kasm_workspaces_*.tar.gz', wantlist=True) + lookup('fileglob', '{{role_path}}/files/kasm_release_*.tar.gz', wantlist=True) }}" - service_images_glob: "{{ lookup('fileglob', '{{role_path}}/files/kasm_workspaces_service_images*.tar.gz', wantlist=True) + lookup('fileglob', '{{role_path}}/files/kasm_release_service_images*.tar.gz', wantlist=True) }}" - workspace_images_glob: "{{ lookup('fileglob', '{{role_path}}/files/kasm_workspaces_workspace_images_*.tar.gz', wantlist=True) + lookup('fileglob', '{{role_path}}/files/kasm_release_workspace_images_*.tar.gz', wantlist=True) }}" - network_plugin_glob: "{{ lookup('fileglob', '{{role_path}}//files/kasmweb_network_plugin_*.tar.gz', wantlist=True)}}" + +- name: Set installer, service images, workspace images, and network plugin file globs + ansible.builtin.set_fact: + install_common_installer_glob: "{{ lookup('fileglob', role_path + '/files/kasm_workspaces_*.tar.gz', wantlist=True) + + lookup('fileglob', role_path + '/files/kasm_release_*.tar.gz', wantlist=True) }}" + install_common_service_images_glob: "{{ lookup('fileglob', role_path + '/files/kasm_workspaces_service_images*.tar.gz', wantlist=True) + + lookup('fileglob', role_path + '/files/kasm_release_service_images*.tar.gz', wantlist=True) }}" + install_common_workspace_images_glob: "{{ lookup('fileglob', role_path + '/files/kasm_workspaces_workspace_images_*.tar.gz', wantlist=True) + + lookup('fileglob', role_path + '/files/kasm_release_workspace_images_*.tar.gz', wantlist=True) }}" + install_common_network_plugin_glob: "{{ lookup('fileglob', role_path + '/files/kasmweb_network_plugin_*.tar.gz', wantlist=True) }}" delegate_to: localhost -- set_fact: +- name: Set installer, service images, workspace images, and network plugin file facts + ansible.builtin.set_fact: # Our installer glob search will also include service_images and workspace_images so we filter them out with difference() - installer_file: "{{ installer_glob | difference(service_images_glob) | difference(workspace_images_glob) | first | default(None) }}" - service_images_file: "{{ service_images_glob | first | default(None) }}" - workspace_images_file: "{{ workspace_images_glob | first | default(None) }}" - network_plugin_file: "{{ network_plugin_glob | first | default(None) }}" + install_common_installer_file: "{{ install_common_installer_glob | difference(install_common_service_images_glob) + | difference(install_common_workspace_images_glob) | first | default(None) }}" + install_common_service_images_file: "{{ install_common_service_images_glob | first | default(None) }}" + install_common_workspace_images_file: "{{ install_common_workspace_images_glob | first | default(None) }}" + install_common_network_plugin_file: "{{ install_common_network_plugin_glob | first | default(None) }}" - name: Assert that Kasm installer exists - assert: + ansible.builtin.assert: that: - - installer_file + - install_common_installer_file is not none fail_msg: - "Kasm installer not found" - - "Ensure that kasm_workspaces installer tarfile is in {{role_path}}/files/" + - "Ensure that kasm_workspaces installer tarfile is in {{ role_path }}/files/" -- name: unarchive kasm installer - unarchive: - src: "{{ installer_file }}" - dest: "{{ tempdir.path }}" +- name: Unarchive kasm installer + ansible.builtin.unarchive: + src: "{{ install_common_installer_file }}" + dest: "{{ install_common_tempdir.path }}" - name: Copy service images - copy: - src: "{{ service_images_file }}" - dest: "{{ tempdir.path }}" - register: service_images_copy - when: service_images_file + ansible.builtin.copy: + src: "{{ install_common_service_images_file }}" + dest: "{{ install_common_tempdir.path }}" + mode: "0644" + register: install_common_service_images_copy + when: install_common_service_images_file is not none - name: Copy Workspace images - copy: - src: "{{ workspace_images_file }}" - dest: "{{ tempdir.path }}" - register: workspace_images_copy - when: workspace_images_file + ansible.builtin.copy: + src: "{{ install_common_workspace_images_file }}" + dest: "{{ install_common_tempdir.path }}" + mode: "0644" + register: install_common_workspace_images_copy + when: install_common_workspace_images_file is not none - name: Copy Network Plugin - copy: - src: "{{ network_plugin_file }}" - dest: "{{ tempdir.path }}" - register: network_plugin_copy - when: network_plugin_file + ansible.builtin.copy: + src: "{{ install_common_network_plugin_file }}" + dest: "{{ install_common_tempdir.path }}" + mode: "0644" + register: install_common_network_plugin_copy + when: install_common_network_plugin_file is not none diff --git a/roles/install_common/tasks/db_install.yml b/roles/install_common/tasks/db_install.yml index 13b6bab..32de4b5 100644 --- a/roles/install_common/tasks/db_install.yml +++ b/roles/install_common/tasks/db_install.yml @@ -1,22 +1,25 @@ +--- - name: Install database role - command: > - bash {{ tempdir.path }}/kasm_release/install.sh - --role db - --accept-eula - --proxy-port {{ proxy_port }} - --database-user {{ database_user }} + ansible.builtin.command: > + bash {{ install_common_tempdir.path }}/kasm_release/install.sh + --role db + --accept-eula + --proxy-port {{ proxy_port }} + --database-user {{ database_user }} --database-name {{ database_name }} - --db-password {{ database_password }} - --user-password {{ user_password }} - --admin-password {{ admin_password }} - --manager-token {{ manager_token }} + --db-password {{ database_password }} + --user-password {{ user_password }} + --admin-password {{ admin_password }} + --manager-token {{ manager_token }} --registration-token {{ registration_token }} --server-zone {{ zones[0] }} - {{ '--no-db-ssl ' if not database_ssl }} - {{ '--offline-service ' ~ service_images_copy.dest if service_images_file }} - {{ '--offline-workspaces ' ~ workspace_images_copy.dest if workspace_images_file }} - register: install_output + {{ '--no-db-ssl ' if not database_ssl }} + {{ '--offline-service ' ~ install_common_service_images_copy.dest if install_common_service_images_file }} + {{ '--offline-workspaces ' ~ install_common_workspace_images_copy.dest if install_common_workspace_images_file }} + register: install_common_output become: true retries: 20 delay: 10 - until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr) + until: install_common_output is success or + ('Failed to lock apt for exclusive operation' not in install_common_output.stderr and '/var/lib/dpkg/lock' not in install_common_output.stderr) + changed_when: true diff --git a/roles/install_common/tasks/default_credentials.yml b/roles/install_common/tasks/default_credentials.yml index d528cd6..d6cfbbb 100644 --- a/roles/install_common/tasks/default_credentials.yml +++ b/roles/install_common/tasks/default_credentials.yml @@ -1,31 +1,32 @@ +--- # Setup default creds if users don't set them in the inventory -- set_fact: +- ansible.builtin.set_fact: database_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" when: database_password is not defined run_once: true delegate_to: localhost - -- set_fact: + +- ansible.builtin.set_fact: user_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" when: user_password is not defined run_once: true delegate_to: localhost -- set_fact: +- ansible.builtin.set_fact: admin_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" when: admin_password is not defined run_once: true delegate_to: localhost -- set_fact: +- ansible.builtin.set_fact: manager_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" when: manager_token is not defined run_once: true delegate_to: localhost -- set_fact: +- ansible.builtin.set_fact: registration_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=22') }}" when: registration_token is not defined run_once: true - delegate_to: localhost + delegate_to: localhost diff --git a/roles/install_common/tasks/guac_install.yml b/roles/install_common/tasks/guac_install.yml index 8f69285..da3de18 100644 --- a/roles/install_common/tasks/guac_install.yml +++ b/roles/install_common/tasks/guac_install.yml @@ -1,6 +1,7 @@ +--- - name: Check connection from guac to webserver - uri: - url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck" + ansible.builtin.uri: + url: "https://{{ install_common_web_host }}:{{ proxy_port }}/api/__healthcheck" timeout: 5 validate_certs: false register: _result @@ -9,17 +10,18 @@ delay: 5 - name: Install guac role - command: > - bash {{ tempdir.path }}/kasm_release/install.sh - --role guac - --accept-eula - --proxy-port {{ proxy_port }} - --api-hostname {{ web_ip }} - --public-hostname {{ target_ip }} - --registration-token {{ registration_token }} - {{ '-s ' ~ service_images_copy.dest if service_images_file }} + ansible.builtin.command: > + bash {{ install_common_tempdir.path }}/kasm_release/install.sh + --role guac + --accept-eula + --proxy-port {{ proxy_port }} + --api-hostname {{ install_common_web_host }} + --public-hostname {{ install_common_target_host }} + --registration-token {{ registration_token }} + {{ '-s ' ~ install_common_service_images_copy.dest if install_common_service_images_file }} register: install_output become: true retries: 20 delay: 10 - until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr) + until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in + install_output.stderr) diff --git a/roles/install_common/tasks/main.yml b/roles/install_common/tasks/main.yml index 09c27fc..4913656 100644 --- a/roles/install_common/tasks/main.yml +++ b/roles/install_common/tasks/main.yml @@ -1,157 +1,153 @@ -- include_tasks: +--- +- name: Set default credentials + ansible.builtin.include_tasks: file: default_credentials.yml - name: Check if Kasm is installed - stat: + ansible.builtin.stat: path: /opt/kasm/current - register: kasm_path + register: install_common_kasm_path -- set_fact: - kasm_installed: "{{ kasm_path.stat.exists }}" +- name: Set install_common_kasm_installed fact + ansible.builtin.set_fact: + install_common_kasm_installed: "{{ install_common_kasm_path.stat.exists }}" -- set_fact: - web_ip: "{{ hostvars[group_names[0] + '_web_' + inventory_hostname.split('_')[2]].ansible_default_ipv4.address }}" +- name: Set web_ip to current host if default_web is false + ansible.builtin.set_fact: + install_common_web_host: "{{ hostvars[group_names[0] + '_web_' + inventory_hostname.split('_')[2]].ansible_facts['fqdn'] }}" # IP of the host that ansible is being ran against - target_ip: "{{ ansible_default_ipv4.address }}" - when: not default_web + install_common_target_host: "{{ ansible_facts['fqdn'] }}" + when: not (default_web | bool) -- set_fact: - web_ip: "{{ hostvars[group_names[0] + '_web_' + default_web|string].ansible_default_ipv4.address }}" +- name: Set web_ip to default web host if default_web is true + ansible.builtin.set_fact: + install_common_web_host: "{{ hostvars[group_names[0] + '_web_' + default_web | string].ansible_facts['fqdn'] }}" # IP of the host that ansible is being ran against - target_ip: "{{ ansible_default_ipv4.address }}" - when: default_web + install_common_target_host: "{{ ansible_facts['fqdn'] }}" + when: default_web | bool -- set_fact: - db_ip: "{{ hostvars['zone1_db_1'].ansible_default_ipv4.address }}" +- name: Set default db host if database_hostname is not set + ansible.builtin.set_fact: + install_common_db_host: "{{ hostvars['zone1_db_1'].ansible_facts['fqdn'] }}" when: not database_hostname -- set_fact: - db_ip: "{{ database_hostname }}" +- name: Set db host to database_hostname if it is set + ansible.builtin.set_fact: + install_common_db_host: "{{ database_hostname }}" when: database_hostname - name: Override manager hostname if configured - set_fact: - web_ip: "{{ manager_hostname }}" + ansible.builtin.set_fact: + install_common_web_host: "{{ manager_hostname }}" when: manager_hostname is defined - name: Check if kasm swapfile exists - stat: + ansible.builtin.stat: path: /mnt/kasm.swap - register: kasm_swapfile + register: install_common_kasm_swapfile when: - "'agent' in group_names[1].split('_')" -- name: Get current swapsize in bytes - # Meminfo outputs in Kb for some reason so we convert to bytes - shell: cat /proc/meminfo | grep SwapTotal | awk '{print $2 * 1024}' - register: current_swap_size - changed_when: false - when: - - "'agent' in group_names[1].split('_')" - -- set_fact: +- name: Calculate new swap size + ansible.builtin.set_fact: # We only want to make a swapfile large enough to make up the difference between # the current swapsize and our desired size. - new_swap_size: "{{ desired_swap_size | human_to_bytes - current_swap_size.stdout | int }}" - when: - - "'agent' in group_names[1].split('_')" - -- debug: - var: new_swap_size + install_common_new_swap_size: "{{ desired_swap_size | human_to_bytes - (ansible_facts['memory_mb']['swap']['total'] * 1024 * 1024) | int }}" when: - "'agent' in group_names[1].split('_')" - name: Run swap tasks - include_tasks: + ansible.builtin.include_tasks: file: mkswap.yml when: - "'agent' in group_names[1].split('_')" - - new_swap_size | int > 0 - - not kasm_swapfile.stat.exists + - install_common_new_swap_size | int > 0 + - not install_common_kasm_swapfile.stat.exists - name: Create temporary directory - tempfile: + ansible.builtin.tempfile: state: directory - register: tempdir + register: install_common_tempdir # Debian 10 doesn't ship with the ca-certificates package installed by default # installing curl is portable to to ensure that ca-certificates is installed - name: Ensure we have curl installed - package: + ansible.builtin.package: name: curl state: present become: true -- include_tasks: +- name: Copy installer and images to target host + ansible.builtin.include_tasks: file: copy_installer.yml when: - - not kasm_installed + - not install_common_kasm_installed - name: Add additional zones tasks - include_tasks: + ansible.builtin.include_tasks: file: add_zones.yml when: - - not kasm_installed + - not install_common_kasm_installed - name: Run Kasm db install tasks - include_tasks: + ansible.builtin.include_tasks: file: db_install.yml when: - "'db' in group_names[1].split('_')" - - not kasm_installed + - not install_common_kasm_installed - name: Run remote db init tasks - include_tasks: + ansible.builtin.include_tasks: file: remote_db_init.yml when: - init_remote_db - database_hostname - "'web' in group_names[1].split('_')" - - not kasm_installed + - not install_common_kasm_installed - name: Run Kasm web install tasks - include_tasks: + ansible.builtin.include_tasks: file: web_install.yml when: - "'web' in group_names[1].split('_')" - - not kasm_installed + - not install_common_kasm_installed - name: Run Kasm agent install tasks - include_tasks: + ansible.builtin.include_tasks: file: agent_install.yml when: - - "'agent' in group_names[1].split('_')" - - not kasm_installed + - "'agent' in group_names[1].split('_')" + - not install_common_kasm_installed - name: Run Kasm guac install tasks - include_tasks: + ansible.builtin.include_tasks: file: guac_install.yml when: - "'guac' in group_names[1].split('_')" - - not kasm_installed + - not install_common_kasm_installed - name: Run Kasm proxy install tasks - include_tasks: + ansible.builtin.include_tasks: file: proxy_install.yml when: - "'proxy' in group_names[1].split('_')" - - not kasm_installed + - not install_common_kasm_installed -- name: enable the docker service to run at boot - service: +- name: Enable the docker service to run at boot + ansible.builtin.service: name: docker enabled: true become: true when: start_docker_on_boot - + - name: Delete temporary directory - file: - path: "{{ tempdir.path }}" + ansible.builtin.file: + path: "{{ install_common_tempdir.path }}" state: absent become: true - name: Print credentials - debug: + ansible.builtin.debug: msg: - "Database Password: {{ database_password }}" - "Manager Token: {{ manager_token }}" @@ -175,11 +171,11 @@ regexp: "{{ item.from }}" replace: "{{ item.to }}" loop: - - {from: "#user_password", to: "user_password"} - - {from: "#admin_password", to: "admin_password"} - - {from: "#database_password", to: "database_password"} - - {from: "#manager_token", to: "manager_token"} - - {from: "#registration_token", to: "registration_token"} + - { from: "#user_password", to: "user_password" } + - { from: "#admin_password", to: "admin_password" } + - { from: "#database_password", to: "database_password" } + - { from: "#manager_token", to: "manager_token" } + - { from: "#registration_token", to: "registration_token" } - name: Turn off remote db init run_once: true diff --git a/roles/install_common/tasks/mkswap.yml b/roles/install_common/tasks/mkswap.yml index 482af43..d3ff49d 100644 --- a/roles/install_common/tasks/mkswap.yml +++ b/roles/install_common/tasks/mkswap.yml @@ -1,26 +1,26 @@ +--- - name: Create swap file # We can't use falloc because it creates "file with holes" # https://man.archlinux.org/man/swapon.8#Files_with_holes - command: "dd if=/dev/zero bs=1M count={{ (new_swap_size | int / 1024 / 1024) | int }} of=/mnt/kasm.swap" + ansible.builtin.command: "dd if=/dev/zero bs=1M count={{ (install_common_new_swap_size | int / 1024 / 1024) | int }} of=/mnt/kasm.swap" become: true - name: Set swapfile permissions - file: + ansible.builtin.file: path: /mnt/kasm.swap - mode: 0600 + mode: "0600" become: true - name: Run mkswap command - command: mkswap /mnt/kasm.swap + ansible.builtin.command: mkswap /mnt/kasm.swap become: true - name: Mount swap on boot - lineinfile: + ansible.builtin.lineinfile: path: /etc/fstab line: "/mnt/kasm.swap swap swap defaults 0 0" become: true - + - name: Run swapon - command: swapon /mnt/kasm.swap + ansible.builtin.command: swapon /mnt/kasm.swap become: true - \ No newline at end of file diff --git a/roles/install_common/tasks/proxy_install.yml b/roles/install_common/tasks/proxy_install.yml index 3a70c7d..2ed7927 100644 --- a/roles/install_common/tasks/proxy_install.yml +++ b/roles/install_common/tasks/proxy_install.yml @@ -1,6 +1,7 @@ +--- - name: Check connection from proxy to webserver - uri: - url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck" + ansible.builtin.uri: + url: "https://{{ install_common_web_host }}:{{ proxy_port }}/api/__healthcheck" timeout: 5 validate_certs: false register: _result @@ -9,15 +10,16 @@ delay: 5 - name: Install proxy role - command: > - bash {{ tempdir.path }}/kasm_release/install.sh - --role proxy - --accept-eula - --proxy-port {{ proxy_port }} - --api-hostname {{ web_ip }} - {{ '-s ' ~ service_images_copy.dest if service_images_file }} + ansible.builtin.command: > + bash {{ install_common_tempdir.path }}/kasm_release/install.sh + --role proxy + --accept-eula + --proxy-port {{ proxy_port }} + --api-hostname {{ install_common_web_host }} + {{ '-s ' ~ install_common_service_images_copy.dest if install_common_service_images_file }} register: install_output become: true retries: 20 delay: 10 - until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr) + until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in + install_output.stderr) diff --git a/roles/install_common/tasks/remote_db_init.yml b/roles/install_common/tasks/remote_db_init.yml index 29c68e7..ef500e2 100644 --- a/roles/install_common/tasks/remote_db_init.yml +++ b/roles/install_common/tasks/remote_db_init.yml @@ -1,14 +1,15 @@ +--- - name: Check connection from web to postgres on db server - wait_for: + ansible.builtin.wait_for: port: 5432 - host: "{{ db_ip }}" + host: "{{ install_common_db_host }}" timeout: 60 - name: Init remote Database - expect: + ansible.builtin.expect: timeout: 600 command: > - bash {{ tempdir.path }}/kasm_release/install.sh + bash {{ install_common_tempdir.path }}/kasm_release/install.sh --role init_remote_db --accept-eula --proxy-port {{ proxy_port }} @@ -25,7 +26,7 @@ --user-password {{ user_password }} --admin-password {{ admin_password }} {{ '--no-db-ssl ' if not database_ssl }} - {{ '--offline-service ' ~ service_images_copy.dest if service_images_file }} + {{ '--offline-service ' ~ install_common_service_images_copy.dest if install_common_service_images_file }} responses: Continue(?i): "y" run_once: true diff --git a/roles/install_common/tasks/web_install.yml b/roles/install_common/tasks/web_install.yml index 5e6f51d..d2c0080 100644 --- a/roles/install_common/tasks/web_install.yml +++ b/roles/install_common/tasks/web_install.yml @@ -1,27 +1,29 @@ +--- - name: Check connection from web to postgres on db server - wait_for: + ansible.builtin.wait_for: port: 5432 - host: "{{ db_ip }}" + host: "{{ install_common_db_host }}" timeout: 60 - name: Install web role - command: > - bash {{ tempdir.path }}/kasm_release/install.sh - --role app + ansible.builtin.command: > + bash {{ install_common_tempdir.path }}/kasm_release/install.sh + --role app --accept-eula --proxy-port {{ proxy_port }} - --db-hostname {{ db_ip }} - --db-password {{ database_password }} - --api-hostname {{ target_ip }} - --database-user {{ database_user }} + --db-hostname {{ install_common_db_host }} + --db-password {{ database_password }} + --api-hostname {{ install_common_target_host }} + --database-user {{ database_user }} --database-name {{ database_name }} --db-port {{ database_port }} --server-zone {{ group_names[0] }} - {{ '--no-db-ssl ' if not database_ssl }} - {{ '--offline-service ' ~ service_images_copy.dest if service_images_file }} - {{ '--offline-workspaces ' ~ workspace_images_copy.dest if workspace_images_file }} + {{ '--no-db-ssl ' if not database_ssl }} + {{ '--offline-service ' ~ install_common_service_images_copy.dest if install_common_service_images_file }} + {{ '--offline-workspaces ' ~ install_common_workspace_images_copy.dest if install_common_workspace_images_file }} register: install_output become: true retries: 20 delay: 10 - until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr) + until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in + install_output.stderr) diff --git a/roles/uninstall/tasks/main.yml b/roles/uninstall/tasks/main.yml index 61d2717..aaa03e2 100644 --- a/roles/uninstall/tasks/main.yml +++ b/roles/uninstall/tasks/main.yml @@ -1,70 +1,71 @@ +--- - name: Check for kasm service containers - shell: docker ps -f name=kasm_* -qa + ansible.builtin.shell: docker ps -f name=kasm_* -qa register: service_containers changed_when: false become: true ignore_errors: true - name: Remove any kasm service containers - shell: "docker rm -f {{ item }}" + ansible.builtin.command: "docker rm -f {{ item }}" become: true ignore_errors: true with_items: "{{ service_containers.stdout_lines }}" - name: Check for kasm session containers - shell: docker container ls -qa --filter=label=kasm.kasmid + ansible.builtin.command: docker container ls -qa --filter=label=kasm.kasmid register: session_containers changed_when: false become: true ignore_errors: true - + - name: Remove any kasm session containers - shell: "docker rm -f {{ item }}" + ansible.builtin.command: "docker rm -f {{ item }}" ignore_errors: true become: true with_items: "{{ session_containers.stdout_lines }}" - name: Check for kasm docker network - shell: docker network ls -q -f name=kasm_default_network + ansible.builtin.command: docker network ls -q -f name=kasm_default_network register: kasm_network become: true ignore_errors: true changed_when: false - name: Remove kasm docker network - shell: docker network rm kasm_default_network + ansible.builtin.command: docker network rm kasm_default_network ignore_errors: true become: true when: kasm_network.stdout | length > 0 - name: Check for kasm sidecar network - shell: docker network ls -q -f name=kasm_sidecar_network + ansible.builtin.command: docker network ls -q -f name=kasm_sidecar_network register: kasm_sidecar_network become: true ignore_errors: true changed_when: false - name: Remove kasm sidecar network - shell: docker network rm kasm_sidecar_network + ansible.builtin.command: docker network rm kasm_sidecar_network ignore_errors: true become: true when: kasm_sidecar_network.stdout | length > 0 - name: Get kasm database docker volume - shell: docker volume ls --filter name=kasm_db_* -q + ansible.builtin.shell: docker volume ls --filter name=kasm_db_* -q ignore_errors: true become: true register: kasm_database changed_when: false - name: Remove kasm database docker volume - shell: "docker volume rm {{ item }}" + ansible.builtin.command: "docker volume rm {{ item }}" ignore_errors: true become: true with_items: "{{ kasm_database.stdout_lines }}" - name: Get kasm docker images - shell: | + ansible.builtin.shell: | docker images --filter "label=com.kasmweb.image=true" -q docker images kasmweb/nginx -q docker images kasmweb/agent -q @@ -90,34 +91,34 @@ changed_when: false - name: Remove kasm docker images - shell: "docker rmi {{ item }}" + ansible.builtin.command: "docker rmi {{ item }}" become: true ignore_errors: true with_items: "{{ kasm_images.stdout_lines }}" - name: Get sidecar plugin - shell: "docker plugin ls" + ansible.builtin.command: "docker plugin ls" become: true ignore_errors: true changed_when: false register: plugin_list - name: Filter sidecar plugin - set_fact: - sidecar_plugins: "{{ plugin_list.stdout_lines | select('match', '.*Kasm Network plugin for Docker.*') | list }}" + ansible.builtin.set_fact: + sidecar_plugins: "{{ plugin_list.stdout_lines | select('match', '.*Kasm Network plugin for Docker.*') | list }}" - name: Disable sidecar plugin - shell: "docker plugin disable {{item.split()[1]}}" # Grab second column... It contains the plugin name + ansible.builtin.command: "docker plugin disable {{item.split()[1]}}" become: true with_items: "{{ sidecar_plugins }}" - name: Remove sidecar plugin - shell: "docker plugin rm {{item.split()[1]}}" # Grab second column... It contains the plugin name + ansible.builtin.command: "docker plugin rm {{item.split()[1]}}" become: true with_items: "{{ sidecar_plugins }}" - name: Remove kasm install directory - file: + ansible.builtin.file: path: /opt/kasm/ state: absent become: true diff --git a/start_kasm.yml b/start_kasm.yml index a761806..d1ca4ae 100644 --- a/start_kasm.yml +++ b/start_kasm.yml @@ -1,9 +1,11 @@ -- hosts: all +--- +- name: Start Kasm Services + hosts: all serial: 1 - gather_facts: no + gather_facts: false tasks: - name: Start Kasm Services - shell: /opt/kasm/bin/start + ansible.builtin.command: /opt/kasm/bin/start register: start_output changed_when: '"done" in start_output.stderr' become: true diff --git a/stop_kasm.yml b/stop_kasm.yml index 8b6b807..1c18032 100644 --- a/stop_kasm.yml +++ b/stop_kasm.yml @@ -1,9 +1,11 @@ -- hosts: all +--- +- name: Stop Kasm Services + hosts: all serial: 1 - gather_facts: no + gather_facts: false tasks: - name: Stop Kasm Services - shell: /opt/kasm/bin/stop + ansible.builtin.command: /opt/kasm/bin/stop register: stop_output changed_when: '"done" in stop_output.stderr' become: true diff --git a/uninstall_kasm.yml b/uninstall_kasm.yml index 1755122..bd3f82f 100644 --- a/uninstall_kasm.yml +++ b/uninstall_kasm.yml @@ -1,3 +1,4 @@ +--- - hosts: all roles: - uninstall