157 lines
5.0 KiB
YAML
157 lines
5.0 KiB
YAML
---
|
|
|
|
- name: Helm add Rancher repo
|
|
delegate_to: "{{ kubectl_host }}"
|
|
run_once: true
|
|
kubernetes.core.helm_repository:
|
|
name: rancher
|
|
repo_url: "https://releases.rancher.com/server-charts/latest"
|
|
|
|
- name: Verify Rancher hostname
|
|
delegate_to: "{{ kubectl_host }}"
|
|
ansible.builtin.set_fact:
|
|
_dig_rancher_hostname: "{{ lookup('community.general.dig', '{{ rancher_hostname }}.', '@1.1.1.1') }}"
|
|
|
|
- name: "Verify Rancher hostname resolves: {{ rancher_hostname }}"
|
|
ansible.builtin.assert:
|
|
that: "_dig_rancher_hostname == '{{ ingress_ips[0] }}'"
|
|
quiet: true
|
|
|
|
- name: Helm deploy Rancher
|
|
delegate_to: "{{ kubectl_host }}"
|
|
kubernetes.core.helm:
|
|
kubeconfig: "{{ kubeconfig }}"
|
|
chart_ref: rancher/rancher
|
|
release_name: rancher
|
|
release_namespace: cattle-system
|
|
create_namespace: true
|
|
wait: true
|
|
# https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-references/helm-chart-options
|
|
# https://github.com/rancher/rancher/blob/release/v2.8/chart/values.yaml
|
|
values:
|
|
hostname: "{{ rancher_hostname }}"
|
|
replicas: 2
|
|
ingress:
|
|
tls:
|
|
source: letsEncrypt
|
|
letsEncrypt:
|
|
email: "{{ letsencrypt_email }}"
|
|
ingress:
|
|
class: traefik
|
|
global:
|
|
cattle:
|
|
psp:
|
|
enable: false
|
|
|
|
- name: Set name for Bitwarden secret
|
|
ansible.builtin.set_fact:
|
|
_bitwarden_password_item_name: "Rancher {{ cluster_name }}"
|
|
|
|
- name: "Get item from Bitwarden"
|
|
ansible.builtin.set_fact:
|
|
_rancher_password_item: >-
|
|
{{ lookup('community.general.bitwarden', '{{ _bitwarden_password_item_name }}', field='password') }}
|
|
|
|
- name: "Get password from Bitwarden"
|
|
when: "_rancher_password_item | length"
|
|
ansible.builtin.set_fact:
|
|
_rancher_password: "{{ _rancher_password_item[0] }}"
|
|
|
|
- name: When Bitwarden item not found
|
|
when: "not _rancher_password_item | length"
|
|
block:
|
|
- name: Create random password
|
|
ansible.builtin.set_fact:
|
|
_rancher_password: "{{ lookup('ansible.builtin.password', '/dev/null') }}"
|
|
|
|
- name: Create password item
|
|
ansible.builtin.set_fact:
|
|
_bitwarden_password_item: {
|
|
object: "item",
|
|
folderId: "b1be156c-76b0-4ab6-bdd3-4181aca59cc8",
|
|
# organizationId: "47551728-68ca-4267-acc7-c71898da28d3",
|
|
type: 1,
|
|
name: "{{ _bitwarden_password_item_name }}",
|
|
login: {
|
|
uris: [
|
|
{
|
|
"match": null,
|
|
"uri": "https://{{ rancher_hostname }}/dashboard/"
|
|
}
|
|
],
|
|
username: "admin",
|
|
password: "{{ _rancher_password }}",
|
|
},
|
|
collectionIds": [
|
|
"82f4e18b-9de9-4d80-8f5c-2a4911b7f729"
|
|
],
|
|
}
|
|
|
|
- name: Create BW item
|
|
delegate_to: localhost
|
|
ansible.builtin.command:
|
|
cmd: "bw create item {{ _bitwarden_password_item | ansible.builtin.to_json | ansible.builtin.b64encode }}"
|
|
changed_when: true
|
|
|
|
- name: Rancher login
|
|
delegate_to: "{{ kubectl_host }}"
|
|
ansible.builtin.uri:
|
|
url: "https://{{ rancher_hostname }}/v3-public/localProviders/local?action=login"
|
|
method: POST
|
|
body_format: json
|
|
body:
|
|
username: admin
|
|
password: "{{ _rancher_password }}"
|
|
status_code: [201, 401]
|
|
register: _rancher_login
|
|
|
|
- name: Rancher change password
|
|
when: "_rancher_login.status == 401"
|
|
block:
|
|
- name: Get Rancher bootstrap secret
|
|
delegate_to: "{{ kubectl_host }}"
|
|
kubernetes.core.k8s_info:
|
|
kubeconfig: "{{ kubeconfig }}"
|
|
kind: Secret
|
|
name: bootstrap-secret
|
|
namespace: cattle-system
|
|
register: _rancher_bootstrap_secret
|
|
|
|
- name: Set rancher password fact
|
|
ansible.builtin.set_fact:
|
|
_rancher_bootstrap_password: "{{ _rancher_bootstrap_secret.resources[0].data.bootstrapPassword | ansible.builtin.b64decode }}"
|
|
|
|
- name: Rancher login using bootstrap password
|
|
delegate_to: "{{ kubectl_host }}"
|
|
ansible.builtin.uri:
|
|
url: "https://{{ rancher_hostname }}/v3-public/localProviders/local?action=login"
|
|
method: POST
|
|
body_format: json
|
|
body:
|
|
username: admin
|
|
password: "{{ _rancher_bootstrap_password }}"
|
|
status_code: [201]
|
|
register: _rancher_pwchange_login
|
|
|
|
- name: Rancher change password
|
|
delegate_to: "{{ kubectl_host }}"
|
|
ansible.builtin.uri:
|
|
url: "https://{{ rancher_hostname }}/v3/users?action=changepassword"
|
|
method: POST
|
|
headers:
|
|
Cookie: "R_SESS={{ _rancher_pwchange_login.json.token }}"
|
|
body_format: json
|
|
body:
|
|
currentPassword: "{{ _rancher_bootstrap_password }}"
|
|
newPassword: "{{ _rancher_password }}"
|
|
status_code: [200]
|
|
|
|
- name: Rancher logout
|
|
delegate_to: "{{ kubectl_host }}"
|
|
ansible.builtin.uri:
|
|
url: "https://{{ rancher_hostname }}/v3/tokens?action=logout"
|
|
method: POST
|
|
headers:
|
|
Cookie: "R_SESS={{ _rancher_login.json.token | default(_rancher_pwchange_login.json.token) }}"
|
|
status_code: [200]
|