1 files changed, 115 insertions, 0 deletions

diff --git a/playbooks/deploy-swarm.yml b/playbooks/deploy-swarm.yml
new file mode 100644
index 0000000..fc4da39
--- /dev/null
+++ b/playbooks/deploy-swarm.yml
@@ -0,0 +1,115 @@
+---
+
+- name: Install Ceph
+  hosts: swarm
+  become: true
+  tasks:
+    - name: Install Ceph
+      ansible.builtin.apt:
+        name: 
+          - ceph-common
+          - ceph-fuse
+        state: present
+
+          # - name: Copy Ceph Secret
+          #   ansible.builtin.copy:
+          #     content: "{{ ceph_secret }}"
+          #     dest: /etc/ceph/secret.key
+
+    # ceph config generate-minimal-conf
+    - name: Copy Ceph Configuration
+      ansible.builtin.copy:
+        content: "[global]\n  fsid = {{ ceph_fsid }}\n  mon_host = {{ ceph_mon_host }}\n"
+        dest: /etc/ceph/ceph.conf
+        mode: '0644'
+
+    # ceph fs authorize cephfs client.swarm / rw
+    - name: Copy Ceph Keyring
+      ansible.builtin.copy:
+        content: "[client.{{ ceph_client_name }}]\n  key = {{ ceph_secret }}\n"
+        dest: "/etc/ceph/ceph.client.{{ ceph_client_name }}.keyring"
+        mode: '0600'
+
+    - name: Adjust ceph mount perms
+      ansible.builtin.file:
+        path: /mnt/ceph
+        owner: root
+        group: root
+        state: directory
+        recurse: true
+
+    - name: Mount Ceph on Boot
+      ansible.builtin.lineinfile:
+        path: /etc/fstab
+        regexp: ':/\s+/mnt\s+ceph'
+        line: "none      /mnt/ceph   fuse.ceph   ceph.id={{ ceph_client_name }},_netdev,defaults  0 0"
+        create: true
+        mode: "0644"
+
+    - name: Mount ceph now
+      ansible.builtin.shell:
+        cmd: "mount -a"
+
+    - name: Adjust ceph mount perms for docker
+      ansible.builtin.file:
+        path: /mnt/ceph/docker
+        owner: root
+        group: docker
+        state: directory
+        recurse: true
+
+- name: Initial docker swarm fw rules
+  hosts: swarm
+  become: true
+  tasks:
+    - name: Enable local swarm comms
+      loop: "{{ rfc1918_cgnat_networks }}"
+      community.general.ufw:
+        rule: allow
+        port: "2377"
+        from: "{{ item }}"
+        state: "enabled"
+
+- name: Initial docker swarm init
+  hosts: swarm[0]
+  become: true
+  tasks:
+    - name: Check Docker Swarm status
+      ansible.builtin.shell: docker info --format '{{ "{{.Swarm.LocalNodeState}}" }}'
+      register: docker_swarm_status
+      changed_when: false
+
+    - name: Initialize Docker Swarm
+      ansible.builtin.shell:
+        cmd: docker swarm init --advertise-addr {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}
+      when: "'inactive' in docker_swarm_status.stdout"
+      register: swarm_init
+      changed_when: "'Swarm initialized' in swarm_init.stdout"
+
+    - name: Retrieve Docker Swarm manager token
+      ansible.builtin.shell: docker swarm join-token manager -q
+      register: manager_token
+      changed_when: false
+
+- name: Join remaining managers to Docker Swarm
+  hosts: swarm:!swarm[0]
+  become: true
+  tasks:
+    - name: Check Docker Swarm status before attempting to join
+      ansible.builtin.shell: docker info --format '{{ "{{.Swarm.LocalNodeState}}" }}'
+      register: docker_swarm_status
+      changed_when: false
+
+    - name: Join Swarm as manager
+      ansible.builtin.shell:
+        cmd: docker swarm join --token {{ hostvars[groups['swarm'][0]]['manager_token'].stdout }} {{ hostvars[groups['swarm'][0]]['ansible_default_ipv4']['address'] }}:2377
+      when: hostvars[groups['swarm'][0]]['manager_token'].stdout is defined and docker_swarm_status.stdout != "active"
+      register: swarm_join
+      changed_when: "'This node joined a swarm as a manager' in swarm_join.stdout"
+
+    - name: Label Docker Swarm manager nodes
+      ansible.builtin.shell:
+        cmd: docker node update --label-add manager=true {{ ansible_hostname }}
+      when: swarm_join is changed
+      changed_when: false
+