diff --git a/README.md b/README.md index 693d95b..8e71485 100644 --- a/README.md +++ b/README.md @@ -93,12 +93,12 @@ Before running the installation against a modified inventory file please ensure ``` ## Credentials ## # If left commented secure passwords will be generated during the installation and substituted in upon completion - user_password: PASSWORD - admin_password: PASSWORD - database_password: PASSWORD - redis_password: PASSWORD - manager_token: PASSWORD - registration_token: PASSWORD + kasm_user_password: PASSWORD + kasm_admin_password: PASSWORD + kasm_database_password: PASSWORD + kasm_redis_password: PASSWORD + kasm_manager_token: PASSWORD + kasm_registration_token: PASSWORD ``` #### Scaling examples diff --git a/roles/backup_db/defaults/main.yml b/roles/backup_db/defaults/main.yml new file mode 100644 index 0000000..55cb218 --- /dev/null +++ b/roles/backup_db/defaults/main.yml @@ -0,0 +1,9 @@ +## Database Backup settings ## +# This does not support remote database type installations +# Directory where backups are placed on db server +kasm_remote_backup_dir: /srv/backup/kasm/ +# Number of days that logs backups are retained on db host +kasm_retention_days: 10 +# If this is uncommented, backups will be copied from remote server to the local ansible host +kasm_local_backup_dir: backup/ + diff --git a/roles/backup_db/tasks/main.yml b/roles/backup_db/tasks/main.yml index 70186f1..1b3a340 100644 --- a/roles/backup_db/tasks/main.yml +++ b/roles/backup_db/tasks/main.yml @@ -1,11 +1,11 @@ - name: Ensure backup directory exists file: - path: "{{ remote_backup_dir }}" + path: "{{ kasm_remote_backup_dir }}" state: directory become: true - name: Backup database - script: "files/backup.sh {{ remote_backup_dir }} {{ retention_days }}" + script: "files/backup.sh {{ kasm_remote_backup_dir }} {{ kasm_retention_days }}" register: backup_output become: true @@ -16,6 +16,7 @@ - name: Copy database backup to ansible host fetch: src: "{{ remote_backup }}" - dest: "{{ local_backup_dir }}" + dest: "{{ kasm_local_backup_dir }}" flat: true - when: local_backup_dir is defined + when: + - kasm_local_backup_dir is defined diff --git a/roles/install_common/defaults/main.yml b/roles/install_common/defaults/main.yml new file mode 100644 index 0000000..d83090d --- /dev/null +++ b/roles/install_common/defaults/main.yml @@ -0,0 +1,74 @@ +--- + +# Allow for single or multi mode installation +# see: https://kasmweb.com/docs/latest/install/multi_server_install.htm +# and https://kasmweb.com/docs/latest/install/single_server_install.html +kasm_mode: multi + +# when in single mode we can define role +kasm_agent: true +kasm_db: true +kasm_web: true +kasm_proxy: true +kasm_guac: true + +# This allows reusage of the role +kasm_agent_group_name: kasm_agent +kasm_db_group_name: kasm_db +kasm_web_group_name: kasm_web +kasm_proxy_group_name: kasm_proxy +kasm_guac_group_name: kasm_guac + +############################## +# Installation configuration # +############################## + +## Credentials ## +# If left empty secure passwords will be generated +# during the installation and substituted in upon completion +kasm_user_password: '' +kasm_admin_password: '' +kasm_database_password: '' +kasm_redis_password: '' +kasm_manager_token: '' +kasm_registration_token: '' + +## Scaling Configuration ## + +# Stick scaled agents/guacs/proxys to a default web server +# IE when set to 1 all additional hosts in that zone will use zone1_web_1 as their webserver +# Set to false to scale out as a linked group IE zone1_web_1/zone1_agent_1/zone1_guac_1/zone1_proxy_1 +kasm_default_web: 1 +kasm_default_db: "{{ kasm_default_web }}" + +## Zone configuration ## +# Define multiple zones here if defined in inventory above +kasm_zones: + - zone1 + +## General settings ## +kasm_proxy_port: 443 +kasm_start_docker_on_boot: true +kasm_desired_swap_size: 5g # Default agent swap size for all agents + +## PostgreSQL settings ## + +############################################## +# PostgreSQL remote DB connection parameters # +############################################## +# The following parameters need to be set only once on database initialization +kasm_init_remote_db: false # swap to true to activate +database_master_user: postgres +database_master_password: changeme + +database_hostname: false # swap to a string to activate + +# The remaining variables can be modified to suite your needs or left as is in a normal deployment +kasm_database_user: kasmapp +kasm_database_name: kasm +kasm_database_port: 5432 +kasm_database_ssl: true + +## redis settings ## +# redis connection parameters if hostname is set the web role will use a remote redis server +kasm_redis_hostname: false diff --git a/roles/install_common/tasks/add_zones.yml b/roles/install_common/tasks/add_zones.yml index a8ce174..f5a6022 100644 --- a/roles/install_common/tasks/add_zones.yml +++ b/roles/install_common/tasks/add_zones.yml @@ -1,6 +1,6 @@ - name: Add additional zones when: i != 0 - loop: "{{ zones }}" + loop: "{{ kasm_zones }}" loop_control: index_var: i blockinfile: @@ -16,7 +16,7 @@ proxy_connections: true proxy_hostname: $request_host$ proxy_path: desktop - proxy_port: {{ proxy_port }} + proxy_port: {{ kasm_proxy_port }} search_alternate_zones: true upstream_auth_address: $request_host$ zone_id: "${uuid:zone_id:{{ i + 1 }}}" diff --git a/roles/install_common/tasks/agent.yml b/roles/install_common/tasks/agent.yml new file mode 100644 index 0000000..0bb0bc9 --- /dev/null +++ b/roles/install_common/tasks/agent.yml @@ -0,0 +1,17 @@ +--- + +- set_fact: + # We only want to make a swapfile large enough to make up the difference between + # the current swapsize and our desired size. + new_swap_size: "{{ kasm_desired_swap_size | human_to_bytes - current_swap_size.stdout | int }}" + +- debug: + var: new_swap_size + +- name: Run swap tasks + include_tasks: + file: mkswap.yml + when: + - new_swap_size | int > 0 + - not kasm_swapfile.stat.exists + diff --git a/roles/install_common/tasks/agent_install.yml b/roles/install_common/tasks/agent_install.yml index 4537e4c..e9c0567 100644 --- a/roles/install_common/tasks/agent_install.yml +++ b/roles/install_common/tasks/agent_install.yml @@ -1,6 +1,6 @@ - name: Check connection from agent to webserver uri: - url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck" + url: "https://{{ web_ip }}:{{ kasm_proxy_port }}/api/__healthcheck" timeout: 5 validate_certs: false register: _result @@ -13,10 +13,10 @@ bash {{ tempdir.path }}/kasm_release/install.sh --role agent --accept-eula - --proxy-port {{ proxy_port }} + --proxy-port {{ kasm_proxy_port }} --public-hostname {{ target_ip }} --manager-hostname {{ web_ip }} - --manager-token {{ manager_token }} + --manager-token {{ kasm_manager_token }} {{ '-s ' ~ service_images_copy.dest if service_images_file }} {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }} {{ '-x ' ~ network_plugin_copy.dest if network_plugin_file }} diff --git a/roles/install_common/tasks/db_install.yml b/roles/install_common/tasks/db_install.yml index 97a8d11..225c09b 100644 --- a/roles/install_common/tasks/db_install.yml +++ b/roles/install_common/tasks/db_install.yml @@ -3,17 +3,17 @@ bash {{ tempdir.path }}/kasm_release/install.sh --role db --accept-eula - --proxy-port {{ proxy_port }} - --database-user {{ database_user }} - --database-name {{ database_name }} - --db-password {{ database_password }} - --redis-password {{ redis_password }} - --user-password {{ user_password }} - --admin-password {{ admin_password }} - --manager-token {{ manager_token }} - --registration-token {{ registration_token }} - --server-zone {{ zones[0] }} - {{ '--no-db-ssl ' if not database_ssl }} + --proxy-port {{ kasm_proxy_port }} + --database-user {{ kasm_database_user }} + --database-name {{ kasm_database_name }} + --db-password {{ kasm_database_password }} + --redis-password {{ kasm_redis_password }} + --user-password {{ kasm_user_password }} + --admin-password {{ kasm_admin_password }} + --manager-token {{ kasm_manager_token }} + --registration-token {{ kasm_registration_token }} + --server-zone {{ kasm_zone }} + {{ '--no-db-ssl ' if not kasm_database_ssl }} {{ '--offline-service ' ~ service_images_copy.dest if service_images_file }} {{ '--offline-workspaces ' ~ workspace_images_copy.dest if workspace_images_file }} register: install_output diff --git a/roles/install_common/tasks/default_credentials.yml b/roles/install_common/tasks/default_credentials.yml index 6849bbb..ed0d418 100644 --- a/roles/install_common/tasks/default_credentials.yml +++ b/roles/install_common/tasks/default_credentials.yml @@ -1,37 +1,43 @@ # Setup default creds if users don't set them in the inventory - set_fact: - database_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" - when: database_password is not defined + kasm_database_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" + when: + - kasm_database_password | d('', true) | trim == '' run_once: true delegate_to: localhost - set_fact: - redis_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" - when: redis_password is not defined + kasm_redis_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" + when: + - kasm_redis_password | d('', true) | trim == '' run_once: true delegate_to: localhost - set_fact: - user_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" - when: user_password is not defined + kasm_user_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" + when: + - kasm_user_password | d('', true) | trim == '' run_once: true delegate_to: localhost - set_fact: - admin_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" - when: admin_password is not defined + kasm_admin_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" + when: + - kasm_admin_password | d('', true) | trim == '' run_once: true delegate_to: localhost - set_fact: - manager_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" - when: manager_token is not defined + kasm_manager_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}" + when: + - kasm_manager_token | d('', true) | trim == '' run_once: true delegate_to: localhost - set_fact: - registration_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=22') }}" - when: registration_token is not defined + kasm_registration_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=22') }}" + when: + - kasm_registration_token | d('', true) | trim == '' run_once: true - delegate_to: localhost + delegate_to: localhost diff --git a/roles/install_common/tasks/guac_install.yml b/roles/install_common/tasks/guac_install.yml index 8f69285..3a14098 100644 --- a/roles/install_common/tasks/guac_install.yml +++ b/roles/install_common/tasks/guac_install.yml @@ -1,6 +1,6 @@ - name: Check connection from guac to webserver uri: - url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck" + url: "https://{{ web_ip }}:{{ kasm_proxy_port }}/api/__healthcheck" timeout: 5 validate_certs: false register: _result @@ -13,10 +13,10 @@ bash {{ tempdir.path }}/kasm_release/install.sh --role guac --accept-eula - --proxy-port {{ proxy_port }} + --proxy-port {{ kasm_proxy_port }} --api-hostname {{ web_ip }} --public-hostname {{ target_ip }} - --registration-token {{ registration_token }} + --registration-token {{ kasm_registration_token }} {{ '-s ' ~ service_images_copy.dest if service_images_file }} register: install_output become: true diff --git a/roles/install_common/tasks/install.yml b/roles/install_common/tasks/install.yml new file mode 100644 index 0000000..b70f99b --- /dev/null +++ b/roles/install_common/tasks/install.yml @@ -0,0 +1,16 @@ +--- + +- name: Run multi server install tasks + include_tasks: + file: multi_server.yml + when: + - kasm_mode == 'multi' + +- name: Run single install tasks + include_tasks: + file: single_server.yml + when: + - kasm_mode == 'single' + + + diff --git a/roles/install_common/tasks/main.yml b/roles/install_common/tasks/main.yml index fc2b364..60c4462 100644 --- a/roles/install_common/tasks/main.yml +++ b/roles/install_common/tasks/main.yml @@ -1,3 +1,9 @@ +--- + +# Check node roles and deployment mode +- assert: + that: true + - include_tasks: file: default_credentials.yml @@ -10,72 +16,59 @@ kasm_installed: "{{ kasm_path.stat.exists }}" - set_fact: - web_ip: "{{ hostvars[group_names[0] + '_web_' + inventory_hostname.split('_')[2]].ansible_default_ipv4.address }}" - # IP of the host that ansible is being ran against - target_ip: "{{ ansible_default_ipv4.address }}" - when: not default_web - -- set_fact: - web_ip: "{{ hostvars[group_names[0] + '_web_' + default_web|string].ansible_default_ipv4.address }}" + web_ip : "{{ ( kasm_mode == 'multi'|ternary( + ( + groups[kasm_web_group_name] + | map('extract', hostvars) + | selectattr('ansible_default_ipv4', 'defined') + | map(attribute='ansible_default_ipv4') + | list + )[kasm_default_web], hostvars[inventory_hostname].ansible_default_ipv4) + ).address }}" # IP of the host that ansible is being ran against target_ip: "{{ ansible_default_ipv4.address }}" - when: default_web - -- set_fact: - db_ip: "{{ hostvars['zone1_db_1'].ansible_default_ipv4.address }}" - when: not database_hostname - -- set_fact: - db_ip: "{{ database_hostname }}" - when: database_hostname - -- set_fact: - redis_ip: "{{ hostvars['zone1_db_1'].ansible_default_ipv4.address }}" - when: not redis_hostname - set_fact: - redis_ip: "{{ redis_hostname }}" - when: redis_hostname - -- name: Override manager hostname if configured - set_fact: - web_ip: "{{ manager_hostname }}" - when: manager_hostname is defined - -- name: Check if kasm swapfile exists - stat: - path: /mnt/kasm.swap - register: kasm_swapfile + db_ip : "{{ ( kasm_mode == 'multi'|ternary( + ( + groups[kasm_db_group_name] + | map('extract', hostvars) + | selectattr('ansible_default_ipv4', 'defined') + | map(attribute='ansible_default_ipv4') + | list + )[kasm_default_db], hostvars[inventory_hostname].ansible_default_ipv4) + ).address }}" when: - - "'agent' in group_names[1].split('_')" + - not kasm_database_hostname -- name: Get current swapsize in bytes - # Meminfo outputs in Kb for some reason so we convert to bytes - shell: cat /proc/meminfo | grep SwapTotal | awk '{print $2 * 1024}' - register: current_swap_size - changed_when: false +- set_fact: + db_ip: "{{ kasm_database_hostname }}" when: - - "'agent' in group_names[1].split('_')" + - kasm_database_hostname - set_fact: - # We only want to make a swapfile large enough to make up the difference between - # the current swapsize and our desired size. - new_swap_size: "{{ desired_swap_size | human_to_bytes - current_swap_size.stdout | int }}" + redis_ip : "{{ ( kasm_mode == 'multi'|ternary( + ( + groups[kasm_db_group_name] + | map('extract', hostvars) + | selectattr('ansible_default_ipv4', 'defined') + | map(attribute='ansible_default_ipv4') + | list + )[kasm_default_db], hostvars[inventory_hostname].ansible_default_ipv4) + ).address }}" when: - - "'agent' in group_names[1].split('_')" + - not kasm_redis_hostname -- debug: - var: new_swap_size +- set_fact: + redis_ip: "{{ kasm_redis_hostname }}" when: - - "'agent' in group_names[1].split('_')" + - kasm_redis_hostname -- name: Run swap tasks - include_tasks: - file: mkswap.yml +- name: Override manager hostname if configured + set_fact: + web_ip: "{{ kasm_manager_hostname }}" when: - - "'agent' in group_names[1].split('_')" - - new_swap_size | int > 0 - - not kasm_swapfile.stat.exists + - kasm_manager_hostname is defined - name: Create temporary directory tempfile: @@ -83,7 +76,7 @@ register: tempdir # Debian 10 doesn't ship with the ca-certificates package installed by default -# installing curl is portable to to ensure that ca-certificates is installed +# installing curl is portable to ensure that ca-certificates is installed - name: Ensure we have curl installed package: name: curl @@ -101,56 +94,19 @@ when: - not kasm_installed -- name: Run Kasm db install tasks +- name: Run install tasks include_tasks: - file: db_install.yml + file: install.yml when: - - "'db' in group_names[1].split('_')" - not kasm_installed -- name: Run remote db init tasks - include_tasks: - file: remote_db_init.yml - when: - - init_remote_db - - database_hostname - - "'web' in group_names[1].split('_')" - - not kasm_installed - -- name: Run Kasm web install tasks - include_tasks: - file: web_install.yml - when: - - "'web' in group_names[1].split('_')" - - not kasm_installed - -- name: Run Kasm agent install tasks - include_tasks: - file: agent_install.yml - when: - - "'agent' in group_names[1].split('_')" - - not kasm_installed - -- name: Run Kasm guac install tasks - include_tasks: - file: guac_install.yml - when: - - "'guac' in group_names[1].split('_')" - - not kasm_installed - -- name: Run Kasm proxy install tasks - include_tasks: - file: proxy_install.yml - when: - - "'proxy' in group_names[1].split('_')" - - not kasm_installed - -- name: enable the docker service to run at boot +- name: Enable the docker service to run at boot service: name: docker enabled: true become: true - when: start_docker_on_boot + when: + - kasm_start_docker_on_boot - name: Delete temporary directory file: @@ -161,12 +117,12 @@ - name: Print credentials debug: msg: - - "Database Password: {{ database_password }}" - - "Redis Password: {{ redis_password }}" - - "Manager Token: {{ manager_token }}" - - "Registration Token: {{ registration_token }}" - - "user@kasm.local password: {{ user_password }}" - - "admin@kasm.local password: {{ admin_password }}" + - "Database Password: {{ kasm_database_password }}" + - "Redis Password: {{ kasm_redis_password }}" + - "Manager Token: {{ kasm_manager_token }}" + - "Registration Token: {{ kasm_registration_token }}" + - "user@kasm.local password: {{ kasm_user_password }}" + - "admin@kasm.local password: {{ kasm_admin_password }}" run_once: true - name: Write credentials to inventory @@ -184,20 +140,9 @@ regexp: "{{ item.from }}" replace: "{{ item.to }}" loop: - - {from: "#user_password", to: "user_password"} - - {from: "#admin_password", to: "admin_password"} - - {from: "#database_password", to: "database_password"} - - {from: "#redis_password", to: "redis_password"} - - {from: "#manager_token", to: "manager_token"} - - {from: "#registration_token", to: "registration_token"} - -- name: Turn off remote db init - run_once: true - delegate_to: localhost - ansible.builtin.replace: - dest: "{{ inventory_file }}" - regexp: "init_remote_db: true" - replace: "init_remote_db: false" - when: - - init_remote_db - - database_hostname + - {from: "#kasm_user_password", to: "kasm_user_password"} + - {from: "#kasm_admin_password", to: "kasm_admin_password"} + - {from: "#kasm_database_password", to: "kasm_database_password"} + - {from: "#kasm_redis_password", to: "kasm_redis_password"} + - {from: "#kasm_manager_token", to: "kasm_manager_token"} + - {from: "#kasm_registration_token", to: "kasm_registration_token"} diff --git a/roles/install_common/tasks/mkswap.yml b/roles/install_common/tasks/mkswap.yml index 482af43..d6c8637 100644 --- a/roles/install_common/tasks/mkswap.yml +++ b/roles/install_common/tasks/mkswap.yml @@ -23,4 +23,4 @@ - name: Run swapon command: swapon /mnt/kasm.swap become: true - \ No newline at end of file + diff --git a/roles/install_common/tasks/multi_server.yml b/roles/install_common/tasks/multi_server.yml new file mode 100644 index 0000000..7d0bc2b --- /dev/null +++ b/roles/install_common/tasks/multi_server.yml @@ -0,0 +1,59 @@ +--- + +- name: Run agent tasks + include_tasks: + file: agent.yml + when: + - 'agent' in kasm_roles + +# Note: we need DB node installed before we can init the DB +- name: Run Kasm db install tasks + include_tasks: + file: db_install.yml + vars: + kasm_zone: "{{ kasm_zones[0] }}" + when: + - 'db' in kasm_mode + +- name: Run remote db init tasks + include_tasks: + file: remote_db_init.yml + vars: + kasm_zone: "{{ kasm_zones[0] }}" + when: + - kasm_init_remote_db + - kasm_database_hostname + - 'web' in kasm_mode + +- name: Run Kasm web install tasks + include_tasks: + file: web_install.yml + vars: + kasm_zone: "{{ kasm_zones[0] }}" + when: + - 'web' in kasm_mode + +- name: Run Kasm agent install tasks + include_tasks: + file: agent_install.yml + vars: + kasm_zone: "{{ kasm_zones[0] }}" + when: + - 'agent' in kasm_mode + +- name: Run Kasm guac install tasks + include_tasks: + file: guac_install.yml + vars: + kasm_zone: "{{ kasm_zones[0] }}" + when: + - 'guac' in kasm_mode + +- name: Run Kasm proxy install tasks + include_tasks: + file: proxy_install.yml + vars: + kasm_zone: "{{ kasm_zones[0] }}" + when: + - 'proxy' in kasm_mode + diff --git a/roles/install_common/tasks/proxy_install.yml b/roles/install_common/tasks/proxy_install.yml index 3a70c7d..0d52731 100644 --- a/roles/install_common/tasks/proxy_install.yml +++ b/roles/install_common/tasks/proxy_install.yml @@ -1,6 +1,8 @@ +--- + - name: Check connection from proxy to webserver uri: - url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck" + url: "https://{{ web_ip }}:{{ kasm_proxy_port }}/api/__healthcheck" timeout: 5 validate_certs: false register: _result @@ -13,7 +15,7 @@ bash {{ tempdir.path }}/kasm_release/install.sh --role proxy --accept-eula - --proxy-port {{ proxy_port }} + --proxy-port {{ kasm_proxy_port }} --api-hostname {{ web_ip }} {{ '-s ' ~ service_images_copy.dest if service_images_file }} register: install_output diff --git a/roles/install_common/tasks/remote_db_init.yml b/roles/install_common/tasks/remote_db_init.yml index 9f6293d..f9f1596 100644 --- a/roles/install_common/tasks/remote_db_init.yml +++ b/roles/install_common/tasks/remote_db_init.yml @@ -17,23 +17,35 @@ bash {{ tempdir.path }}/kasm_release/install.sh --role init_remote_db --accept-eula - --proxy-port {{ proxy_port }} - --db-hostname {{ database_hostname }} - --db-password {{ database_password }} - --database-user {{ database_user }} - --database-name {{ database_name }} - --db-master-user {{ database_master_user }} - --db-master-password {{ database_master_password }} - --db-port {{ database_port }} - --server-zone {{ zones[0] }} - --manager-token {{ manager_token }} - --registration-token {{ registration_token }} - --redis-password {{ redis_password }} - --user-password {{ user_password }} - --admin-password {{ admin_password }} - {{ '--no-db-ssl ' if not database_ssl }} + --proxy-port {{ kasm_proxy_port }} + --db-hostname {{ kasm_database_hostname }} + --db-password {{ kasm_database_password }} + --database-user {{ kasm_database_user }} + --database-name {{ kasm_database_name }} + --db-master-user {{ kasm_database_master_user }} + --db-master-password {{ kasm_database_master_password }} + --db-port {{ kasm_database_port }} + --server-zone {{ kasm_zone }} + --manager-token {{ kasm_manager_token }} + --registration-token {{ kasm_registration_token }} + --redis-password {{ kasm_redis_password }} + --user-password {{ kasm_user_password }} + --admin-password {{ kasm_admin_password }} + {{ '--no-db-ssl ' if not kasm_database_ssl }} {{ '--offline-service ' ~ service_images_copy.dest if service_images_file }} responses: Continue(?i): "y" run_once: true become: true + +# XXX +- name: Turn off remote db init + run_once: true + delegate_to: localhost + ansible.builtin.replace: + dest: "{{ inventory_file }}" + regexp: "init_remote_db: true" + replace: "init_remote_db: false" + when: + - kasm_database_hostname + diff --git a/roles/install_common/tasks/roles.yml b/roles/install_common/tasks/roles.yml new file mode 100644 index 0000000..6342082 --- /dev/null +++ b/roles/install_common/tasks/roles.yml @@ -0,0 +1,29 @@ +# Note: in case kasm_roles is not passed we create it +- name: node roles setup + set_fact: + kasm_roles: >- + {%- set roles = [] -%} + {%- for (var, role, default_) in [ + ("kasm_agent", "agent", kasm_agent), + ("kasm_db", "db", kasm_db), + ("kasm_web", "web", kasm_web), + ("kasm_proxy", "proxy", kasm_proxy), + ("kasm_guac", "guac", kasm_guac) + ] -%} + {%- if hostvars[inventory_hostname][var]|d(default_) -%} + {%- set _ = roles.append(role) -%} + {%- endif -%} + {%- endfor -%} + {{ roles }} + when: + - kasm_roles | d('', true) | trim == '' + - kasm_mode != single + +# Make sure that in multi server deployment instal +- assert: + msg: + When deploying "multi server" mode ONLY one role per node is supported + for more information see https://kasmweb.com/docs/latest/install/multi_server_install.htm + that: + - kasm_mode != 'single' + - kasm_roles | length == 1 diff --git a/roles/install_common/tasks/single_server.yml b/roles/install_common/tasks/single_server.yml new file mode 100644 index 0000000..08e05b8 --- /dev/null +++ b/roles/install_common/tasks/single_server.yml @@ -0,0 +1,51 @@ +--- + +- name: Check connection from agent to webserver + uri: + url: "https://{{ web_ip }}:{{ kasm_proxy_port }}/api/__healthcheck" + timeout: 5 + validate_certs: false + register: _result + until: _result.status == 200 + retries: 7 + delay: 5 + +- name: Check connection from web to postgres on db server + wait_for: + port: 5432 + host: "{{ db_ip }}" + timeout: 60 + +- name: Check connection from web to redis on db server + wait_for: + port: 6379 + host: "{{ redis_ip }}" + timeout: 60 + +- name: Install all + command: > + bash {{ tempdir.path }}/kasm_release/install.sh + --role all + --accept-eula + --proxy-port {{ kasm_proxy_port }} + --public-hostname {{ target_ip }} + --database-user {{ kasm_database_user }} + --database-name {{ kasm_database_name }} + --db-password {{ kasm_database_password }} + --redis-password {{ kasm_redis_password }} + --user-password {{ kasm_user_password }} + --admin-password {{ kasm_admin_password }} + --manager-hostname {{ web_ip }} + --manager-token {{ kasm_manager_token }} + --registration-token {{ kasm_registration_token }} + --server-zone {{ kasm_zone }} + --api-hostname {{ web_ip }} + {{ '--no-db-ssl ' if not kasm_database_ssl }} + {{ '--offline-service ' ~ service_images_copy.dest if service_images_file }} + {{ '--offline-workspaces ' ~ workspace_images_copy.dest if workspace_images_file }} + + register: install_output + become: true + retries: 20 + delay: 10 + until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr) diff --git a/roles/install_common/tasks/web_install.yml b/roles/install_common/tasks/web_install.yml index 8c8b99c..c70f07f 100644 --- a/roles/install_common/tasks/web_install.yml +++ b/roles/install_common/tasks/web_install.yml @@ -15,17 +15,17 @@ bash {{ tempdir.path }}/kasm_release/install.sh --role app --accept-eula - --proxy-port {{ proxy_port }} + --proxy-port {{ kasm_proxy_port }} --db-hostname {{ db_ip }} - --db-password {{ database_password }} - --redis-password {{ redis_password }} + --db-password {{ kasm_database_password }} + --redis-password {{ kasm_redis_password }} --api-hostname {{ target_ip }} - --database-user {{ database_user }} - --database-name {{ database_name }} - --db-port {{ database_port }} - --server-zone {{ group_names[0] }} + --database-user {{ kasm_database_user }} + --database-name {{ kasm_database_name }} + --db-port {{ kasm_database_port }} + --server-zone {{ kasm_zone }} --redis-hostname {{ redis_ip }} - {{ '--no-db-ssl ' if not database_ssl }} + {{ '--no-db-ssl ' if not kasm_database_ssl }} {{ '--offline-service ' ~ service_images_copy.dest if service_images_file }} {{ '--offline-workspaces ' ~ workspace_images_copy.dest if workspace_images_file }} register: install_output diff --git a/roles/patch_os/defaults/main.yml b/roles/patch_os/defaults/main.yml new file mode 100644 index 0000000..d44e20d --- /dev/null +++ b/roles/patch_os/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +# Number of seconds to wait for system to come up after reboot +# Change this if you have a system that normally takes a long time to boot +kasm_reboot_timeout_seconds: 600 diff --git a/roles/patch_os/handlers/main.yml b/roles/patch_os/handlers/main.yml index e0fdffa..a1dbf8e 100644 --- a/roles/patch_os/handlers/main.yml +++ b/roles/patch_os/handlers/main.yml @@ -1,5 +1,5 @@ - name: Reboot server reboot: - reboot_timeout: "{{ reboot_timeout_seconds }}" + reboot_timeout: "{{ kasm_reboot_timeout_seconds }}" become: true