Now which *host* is hosting a specific container is not defined in the playbook yaml file but centrally in the invetory under the `ansible_lxc_host` variable. The `lxc_guest` role is runned directly against the guest, even if it doesn't exist yet, and lxc tasks are delegated to the lxc-running physical host. In this way it should be easier to scale-up and configure multiple istance of a service on different containers without changing the playbook. Look at `/ldap.yaml` for a commented example.python3
@ -1,17 +1,43 @@ | |||||
--- | --- | ||||
- hosts: biff | |||||
roles: | |||||
- role: lxc_guest | |||||
vm_name: ldap | |||||
- role: ssh_server | |||||
ansible_connection: ssh_lxc | |||||
ansible_ssh_lxc_name: ldap | |||||
# 1) Deploy the lxc container(s) | |||||
- hosts: ldap | |||||
# The host may not exist yet: do not gather facts | |||||
gather_facts: false | |||||
tags: | |||||
- lxc | |||||
tasks: | |||||
# Delegate lxc container deployment to `ansible_lxc_host` | |||||
- import_role: name='lxc_guest' | |||||
vars: | |||||
vm_name: '{{ inventory_hostname }}' | |||||
vm_size: '1G' | |||||
vg_name: '{{ hostvars[ansible_lxc_host]["vg_name"] }}' | |||||
delegate_to: '{{ ansible_lxc_host }}' | |||||
# The host may not be directly reachable: use `ssh_lxc` proxy to | |||||
# gather facts (setup) and configure SSH. | |||||
- set_fact: ansible_connection='ssh_lxc' | |||||
- setup: | |||||
- include_role: name='ssh_server' | |||||
# Now the host should be ssh-reachable | |||||
- set_fact: ansible_connection='ssh' | |||||
# 2) Deploy LDAP server(s) | |||||
- hosts: ldap | - hosts: ldap | ||||
roles: | roles: | ||||
- role: dns_record | - role: dns_record | ||||
- role: ldap | - role: ldap | ||||
ldap_domain: 'lilik.it' | ldap_domain: 'lilik.it' | ||||
ldap_organization: 'LILiK' | ldap_organization: 'LILiK' | ||||
fqdn_domain: 'dmz.{{ domain }}' | |||||
x509_suffix: 'o=LILiK,l=Firenze,st=IT' | |||||
virtual_domains: | |||||
- '{{ domain }}' | |||||
# Default values: | |||||
#ldap_tls_enabled: true | |||||
#renew_rootdn_pw: true | |||||
#check_tree: true | |||||
# 3) Enable monitoring | |||||
- hosts: status | - hosts: status | ||||
roles: | roles: | ||||
- role: icinga2-monitoring | - role: icinga2-monitoring |
@ -1,17 +1,27 @@ | |||||
--- | --- | ||||
- hosts: emmett | |||||
roles: | |||||
- role: lxc_guest | |||||
vm_name: projects2 | |||||
- role: ssh_server | |||||
ansible_connection: ssh_lxc | |||||
ansible_ssh_lxc_name: projects2 | |||||
- hosts: projects2 | |||||
- hosts: projects | |||||
gather_facts: false | |||||
tags: | |||||
- lxc | |||||
tasks: | |||||
- import_role: name='lxc_guest' | |||||
vars: | |||||
vm_name: '{{ inventory_hostname }}' | |||||
vm_size: '4G' | |||||
vg_name: '{{ hostvars[ansible_lxc_host]["vg_name"] }}' | |||||
delegate_to: '{{ ansible_lxc_host }}' | |||||
- set_fact: ansible_connection='ssh_lxc' | |||||
- setup: | |||||
- include_role: name='ssh_server' | |||||
- set_fact: ansible_connection='ssh' | |||||
- hosts: projects | |||||
roles: | roles: | ||||
- role: dns_record | - role: dns_record | ||||
- role: reverse_proxy | - role: reverse_proxy | ||||
hostname: projects2 | |||||
hostname: projects | |||||
- role: gitlab | - role: gitlab | ||||
- hosts: status | - hosts: status | ||||
roles: | roles: | ||||
- role: icinga2-monitoring | - role: icinga2-monitoring |