examples/scripts/provisioning.sh

#!/usr/bin/env bash

################################################################################
################################################################################
#
# This script calls the needed DebOps plays/roles in order to provision a new cloud VM,
# then prepares the VM to be ansible managed and runs additional Ansible Playbooks in the correct order.
#
# Usage:
#     ./provisioning.sh -l <host-or-group-to-provision>
#
#     You can also pass ansible parameter to DebOps
#     ./provisioning.sh -l <host-or-group-to-provision> -t role::pki --skip-tags role::owncloud --user root -vvv
#
################################################################################

set -o nounset -o pipefail -o errexit

# Check if we are in the correct root folder of the repo, and change upwards if needed
# otherwise debops won't work
if [[ ! -f .debops.cfg && -f ../.debops.cfg ]]; then
    echo "Running $0 from root of repo."
    pushd .. > /dev/null
fi

# Run the bootstrap DebOps playbook to make the VM a DebOps/Ansible managed host.
debops $@ bootstrap || debops --user root $@ bootstrap

# Execute all DebOps plays (site.yml) to install everything.
debops $@

# Run the debops.pki role a second time to really get the Let's Encrypt TLS certificates.
# The second run is necessary for DebOps to request the Let's Encrypt certificates
# sucessfully,due to a "chicken-egg problem":
#  - the debops.pki role needs the nginx server configured with debops.nginx role
#    to handle the ACME http-01 authentication request
#  - So, on the first run, Let's Encrypt certificates cannot be acquired because
#    nginx server isn't ready to help authenticate the request.
#
# In order to get Let's Encrypt/ACME TLS certificates you need to meet this requirements:
#  - nginx server is configured: add your server to the [debops_service_nginx] group
#  - the host has at least 1 public IP address
#  - add DNS records pointing to the public IP address of the server for ALL domains,
#    for which an LE certificate is being requested, e.g 'cloud.example.net'
#  - a separate PKI realm is configured:
#      pki_host_realms:
#        # Nextcloud
#        - name: 'cloud.example.net'
#          acme: true
#          acme_domains:
#            - 'cloud.example.net'
#
debops service/pki $@
Add usefull wrapper scripts for DebOps 2019-10-10 15:40:36 +02:00			`#!/usr/bin/env bash`

			`################################################################################`
			`################################################################################`
			`#`
			`# This script calls the needed DebOps plays/roles in order to provision a new cloud VM,`
			`# then prepares the VM to be ansible managed and runs additional Ansible Playbooks in the correct order.`
			`#`
Add more comments 2019-10-10 15:44:23 +02:00			`# Usage:`
			`# ./provisioning.sh -l <host-or-group-to-provision>`
			`#`
			`# You can also pass ansible parameter to DebOps`
			`# ./provisioning.sh -l <host-or-group-to-provision> -t role::pki --skip-tags role::owncloud --user root -vvv`
			`#`
Add usefull wrapper scripts for DebOps 2019-10-10 15:40:36 +02:00			`################################################################################`

			`set -o nounset -o pipefail -o errexit`

			`# Check if we are in the correct root folder of the repo, and change upwards if needed`
			`# otherwise debops won't work`
			`if [[ ! -f .debops.cfg && -f ../.debops.cfg ]]; then`
			`echo "Running $0 from root of repo."`
			`pushd .. > /dev/null`
			`fi`

			`# Run the bootstrap DebOps playbook to make the VM a DebOps/Ansible managed host.`
Fix typo 2019-10-12 10:52:23 +02:00			`debops $@ bootstrap \|\| debops --user root $@ bootstrap`
Add usefull wrapper scripts for DebOps 2019-10-10 15:40:36 +02:00
			`# Execute all DebOps plays (site.yml) to install everything.`
			`debops $@`

Add more comprehensive comments on how debops.pki works, why a second run is needed and how to achieve it 2019-10-10 21:56:42 +02:00			`# Run the debops.pki role a second time to really get the Let's Encrypt TLS certificates.`
			`# The second run is necessary for DebOps to request the Let's Encrypt certificates`
			`# sucessfully,due to a "chicken-egg problem":`
			`# - the debops.pki role needs the nginx server configured with debops.nginx role`
			`# to handle the ACME http-01 authentication request`
			`# - So, on the first run, Let's Encrypt certificates cannot be acquired because`
			`# nginx server isn't ready to help authenticate the request.`
			`#`
			`# In order to get Let's Encrypt/ACME TLS certificates you need to meet this requirements:`
			`# - nginx server is configured: add your server to the [debops_service_nginx] group`
			`# - the host has at least 1 public IP address`
			`# - add DNS records pointing to the public IP address of the server for ALL domains,`
			`# for which an LE certificate is being requested, e.g 'cloud.example.net'`
			`# - a separate PKI realm is configured:`
			`# pki_host_realms:`
			`# # Nextcloud`
			`# - name: 'cloud.example.net'`
			`# acme: true`
			`# acme_domains:`
			`# - 'cloud.example.net'`
			`#`
Increase speed of provisioning by selecting only one play. 2019-10-10 16:23:49 +02:00			`debops service/pki $@`