From bd43e2fdb00ebd33a42e354e7b405bc54934244b Mon Sep 17 00:00:00 2001
From: staffadmin <stephane.gratiasquiquandon@gmail.com>
Date: Sat, 13 Apr 2024 17:11:45 +0200
Subject: [PATCH] Huge update (backup, swarm , vault ....)

---
 .gitignore                   |  4 +-
 backup.yml                   | 12 ++++-
 collections/requirements.yml |  5 +-
 group_vars/testswarm.yml     |  0
 hosts                        | 17 ++++++-
 roles/.gitignore             |  1 +
 roles/requirements.yml       |  1 +
 swarm.yml                    | 93 ++++++++++++++++++++++++++++++++++++
 test-vault.yml               | 36 ++++++++++++++
 9 files changed, 165 insertions(+), 4 deletions(-)
 create mode 100644 group_vars/testswarm.yml
 create mode 100644 swarm.yml
 create mode 100644 test-vault.yml

diff --git a/.gitignore b/.gitignore
index 3aad27c..a46e746 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 backup/
-scaleway/
\ No newline at end of file
+scaleway/
+.vagrant/
+ressources
\ No newline at end of file
diff --git a/backup.yml b/backup.yml
index c6004c3..479ffc2 100644
--- a/backup.yml
+++ b/backup.yml
@@ -49,13 +49,23 @@
         - /opt/dockerapps/appdata/gitea/gitea/gitea/conf/app.ini
         - /opt/dockerapps/appdata/gitea/runner/config.yaml
       #! Notification
-        - /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml
+        - /opt/dockerapps/appdata/alert/config/alertmanager.yml
       #! Homepage
         - /opt/dockerapps/appdata/homepage/homepage/bookmarks.yaml
         - /opt/dockerapps/appdata/homepage/homepage/services.yaml
         - /opt/dockerapps/appdata/homepage/homepage/settings.yaml
       #! Semaphore
         - /opt/dockerapps/appdata/semaphore/config/config.json
+      #! Alertmanager
+        - /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml
+      #! ALertmanager 2 ntfy
+        - /opt/dockerapps/appdata/ntfy_alertmanager/etc/config
+      #! prometheus
+        - /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml
+        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_iowait.yml
+        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_memory.yml
+        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_space.yml
+        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_load.yml
 
     - name: Push backup to git
       ansible.builtin.shell: |
diff --git a/collections/requirements.yml b/collections/requirements.yml
index 674d453..d1a67a3 100644
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@@ -8,4 +8,7 @@ collections:
   # - name: geerlingguy.redis
   - name: git+https://github.com/netways/ansible-collection-elasticstack.git
   # - name: elastic.elasticsearch
-  # - name: geerlingguy.kibana
\ No newline at end of file
+  # - name: geerlingguy.kibana
+  - name: softing.swarm
+  - name: community.crypto
+  - name: community.hashi_vault
\ No newline at end of file
diff --git a/group_vars/testswarm.yml b/group_vars/testswarm.yml
new file mode 100644
index 0000000..e69de29
diff --git a/hosts b/hosts
index 99f13da..f4be70b 100644
--- a/hosts
+++ b/hosts
@@ -35,4 +35,19 @@ ubuntu ansible_host=192.168.0.26 ansible_user=vagrant ansible_password=vagrant
 ; ubuntu-worker ansible_host=192.168.33.11 ansible_user=vagrant ansible_password=vagrant
 
 
-#kubectl label node ubuntu-worker node-role.kubernetes.io/worker ubuntu-worker
\ No newline at end of file
+#kubectl label node ubuntu-worker node-role.kubernetes.io/worker ubuntu-worker
+
+
+
+[testswarm]
+manager ansible_host=192.168.50.4 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
+worker1 ansible_host=192.168.50.40 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
+worker2 ansible_host=192.168.50.44 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
+
+
+[docker_swarm_manager]
+manager ansible_host=192.168.50.4 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
+
+[docker_swarm_worker]
+worker1 ansible_host=192.168.50.40 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
+worker2 ansible_host=192.168.50.44 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
\ No newline at end of file
diff --git a/roles/.gitignore b/roles/.gitignore
index 592e933..d3f2dc6 100644
--- a/roles/.gitignore
+++ b/roles/.gitignore
@@ -45,3 +45,4 @@ robertdebock.update
 ansible-role-labocbz-install-grafana
 cloudalchemy.grafana
 CTL-Fed-Security.ansible-grafana
+thomasjpfan.docker-swarm
\ No newline at end of file
diff --git a/roles/requirements.yml b/roles/requirements.yml
index 5a91ad9..6edebe4 100644
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -47,3 +47,4 @@
   src: git+https://gitlab.epfl.ch/ansible-sti-roles/ansible-unattended-upgrades.git
 - name: ansible-role-labocbz-install-grafana
   src: git+https://gitlab.com/cbz-d-velop/public-ansible/ansible-role-labocbz-install-grafana.git
+- src: thomasjpfan.docker-swarm
\ No newline at end of file
diff --git a/swarm.yml b/swarm.yml
new file mode 100644
index 0000000..a36b244
--- /dev/null
+++ b/swarm.yml
@@ -0,0 +1,93 @@
+---
+- name: Swarm
+  hosts: testswarm
+  become: true
+
+
+# apt-get install sshpass
+
+# #
+# # @author Stéphane Gratias (2021).
+#
+
+  pre_tasks:
+    # - name: Create node_exporter cert dir
+    #   file:
+    #     path: "{{ item }}"
+    #     state: directory
+    #     owner: root
+    #     group: root
+    #   loop:
+    #     - /etc/node_exporter
+
+####lala
+ ### lala
+
+#     - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
+#       community.crypto.openssl_privatekey:
+#         path: /etc/node_exporter/tls.key
+#         mode: 0644
+
+# # /etc/node_exporter# chmod 644 tls.key
+
+#     - name: Generate an OpenSSL Certificate Signing Request
+#       community.crypto.openssl_csr:
+#         path: /etc/node_exporter/tls.csr
+#         privatekey_path: /etc/node_exporter/tls.key
+#         common_name: "{{ inventory_hostname }}.netbird.cloud"
+
+#     - name: Generate a Self Signed OpenSSL certificate
+#       community.crypto.x509_certificate:
+#         path: /etc/node_exporter/tls.cert
+#         privatekey_path: /etc/node_exporter/tls.key
+#         csr_path: /etc/node_exporter/tls.csr
+#         provider: selfsigned
+
+  # roles:
+  #   # - { role: geerlingguy.docker, tags: docker }
+  #   - { role: thomasjpfan.docker-swarm, tags: pip }
+
+
+  tasks:
+
+# # touch /etc/docker/daemon.json
+    # - ansible.builtin.include_role:
+    #     name: softing.swarm.softing_swarm_server
+    #   vars:
+    #     swarm_server_node_ip: "0.0.0.0"
+    #     swarm_server_hostname: "{{ hostname }}"
+    #     swarm_server_ca_domain: "{{ domain }}"
+    #     swarm_server_ca_folder: "/resources/swarm"
+
+    - ansible.builtin.include_role:
+        name: softing.swarm.softing_swarm_certs
+        apply:
+          become: false
+          delegate_to: "localhost"
+          run_once: true
+      vars:
+        swarm_certs_domain: "swarm.domain.com"
+        swarm_certs_folder: "{{ playbook_dir }}/resources/swarm"
+        swarm_certs_nodes: 
+          - ip: 192.168.50.4
+            hostname: manager
+            domain: domain.com
+          - ip: 192.168.50.40
+            hostname: worker1
+            domain: domain.com
+          - ip: 192.168.50.44
+            hostname: worker2
+            domain: domain.com
+
+    - ansible.builtin.include_role:
+        name: softing.swarm.softing_swarm_initialize
+        public: yes
+      vars:
+        swarm_master_ip: 192.168.50.4
+        
+    # - ansible.builtin.include_role:
+    #     name: "softing_swarm_worker"
+    #   vars:
+    #     swarm_worker_token: "{{ worker_token }}"
+    #     swarm_master_host: "192.168.121.47"
+    #   when: inventory_hostname in group['testworker'] 
\ No newline at end of file
diff --git a/test-vault.yml b/test-vault.yml
new file mode 100644
index 0000000..e954d6e
--- /dev/null
+++ b/test-vault.yml
@@ -0,0 +1,36 @@
+
+---
+- name: Swarm
+  hosts: testswarm
+  become: true
+  gather_facts: false
+
+
+# apt-get install sshpass
+
+# #
+# # @author Stéphane Gratias (2021).
+#
+
+  pre_tasks:
+
+
+# "{{ lookup('hashi_vault', 'secret=apps/data/my-app token=s.7z1Vxxx url=https://vault.kar.int')['data']['username'] }}"
+
+# pip install hvac
+
+# https://open-amt-cloud-toolkit.github.io/docs/2.0/Docker/dockerLocal_prodVault/
+
+# https://elatov.github.io/2022/01/using-hashicorp-vault-with-ansible/
+
+#  vault secrets enable -path=apps kv-v2
+# vault kv get apps/my-app
+# vault token create -explicit-max-ttl=8760h -policy=test -ttl=720h -renewable=true -display-name=test
+
+      # - ansible.builtin.debug:
+      #     msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=/apps/my-app:test token=hvs.CAESIB4eVBWqRNDgcGXJpmvBe9nCpvCJ9-kM-OXq2p1WGlfBGh4KHGh2cy4xdFBYNnNMUEROOVlxOWFad3hERHI5Ulc url=http://myvault:8200') }}"
+
+      - name: Return all secrets from a path
+        delegate_to: localhost
+        ansible.builtin.debug:
+          msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}"
\ No newline at end of file