Add role netmaker_server

netmaker_server/tasks/main.yml

@@ -0,0 +1,16 @@
+- import_tasks: ./prerequisites.yml
+
+- name: Copy folder-structure
+  ansible.builtin.copy:
+    src: opt/netmaker_server
+    dest: /opt/
+    mode: preserve
+
+- name: Deploy compose file
+  ansible.builtin.template:
+    src: docker-compose.yml.template
+    dest: /opt/netmaker_server/docker-compose.yml
+
+- import_tasks: ./rqlite.yml
+
+- import_tasks: ./netmaker.yml

netmaker_server/tasks/netmaker.yml

@@ -0,0 +1,29 @@
+- name: Start rest of netmaker-services
+  command: "docker-compose --project-directory /opt/netmaker_server/ up -d"
+  register: command
+  failed_when: command.rc != 0
+
+- name: Wait for netmaker-api to become available
+  ansible.builtin.wait_for:
+    host: "{{ inventory_hostname }}"
+    port: 8081
+    state: started
+  when: "inventory_hostname == groups['netmaker'][0]"
+
+- name: Create default mesh-network 'server'
+  uri:
+    url: 'http://netmaker-api.{{ netmaker.base_domain }}:8081/api/networks'
+    method: POST
+    body:
+      netid: servers
+      addressrange: 10.92.0.0/24
+      addressrange6: fd92::/64
+    body_format: json
+    headers:
+      Authorization: 'Bearer {{ netmaker.master_key }}'
+      Content-Type: application/json
+  when: "inventory_hostname == groups['netmaker'][0]"
+  register: default_mesh_ok
+  until: "default_mesh_ok is not failed"
+  retries: 2
+  delay: 10

netmaker_server/tasks/prerequisites.yml

@@ -0,0 +1,10 @@
+- name: Install wireguard
+  package:
+    name:
+      - wireguard
+    state: latest
+
+- name: Check if default-ipv4-address is private
+  set_fact:
+    private_ipv4_address: "{{ ansible_facts.default_ipv4.address | regex_search('^((10)|(192\\.168)|(172\\.((1[6-9])|(2[0-9])|(3[0-1])))|(100))\\.') }}"
+  when: "netmaker.dynamicIp"

netmaker_server/tasks/rqlite.yml

@@ -0,0 +1,66 @@
+- name: Deploy rqlite config
+  ansible.builtin.template:
+    src: rqlite-config.json.template
+    dest: /opt/netmaker/rqlite/config.json
+
+# CERTIFICATE
+- name: Generate PrivateKey
+  community.crypto.openssl_privatekey:
+    path: /opt/netmaker/rqlite/certs/node.key
+
+- name: Generate Certificate-Signing-Request from privateKey
+  community.crypto.openssl_csr:
+    path: /opt/netmaker/rqlite/certs/node.csr
+    privatekey_path: /opt/netmaker/rqlite/certs/node.key
+    common_name: "{{ ansible_facts.nodename }}"
+
+- name: Fetch CSR
+  ansible.builtin.fetch:
+    src: /opt/netmaker/rqlite/certs/node.csr
+    dest: tmp_files/
+
+- name: Sign CSR locally with CA
+  local_action: community.crypto.x509_certificate
+  args:
+    path: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/rqlite/certs/node.crt
+    csr_path: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/rqlite/certs/node.csr
+    ownca_path: secret_files/netmaker_server/ca/ca.crt
+    ownca_privatekey_path: secret_files/netmaker_server/ca/ca.key
+    provider: ownca
+  
+- name: Copy Signed Certificate
+  ansible.builtin.copy:
+    src: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/rqlite/certs/node.crt
+    dest: /opt/netmaker_server/rqlite/certs/node.crt
+
+- name: Copy CA Certificate
+  ansible.builtin.copy:
+    src: secret_files/netmaker_server/ca/ca.crt
+    dest: /opt/netmaker_server/rqlite/certs/ca.crt
+# CERTIFICATE
+
+- name: Start rqlite service for 1st-node
+  command: "docker-compose --project-directory /opt/netmaker_server/ up -d rqlite"
+  register: command
+  failed_when: command.rc != 0
+  when: "inventory_hostname == groups['netmaker_server'][0]"
+
+- name: Waiting for rqlite to accept connections on 1st-node
+  ansible.builtin.wait_for:
+    host: "{{ inventory_hostname }}"
+    port: 4001
+    state: started
+  when: "inventory_hostname == groups['netmaker_server'][0]"
+
+- name: Start rqlite service for other nodes
+  command: "docker-compose --project-directory /opt/netmaker_server/ up -d rqlite"
+  register: command
+  failed_when: command.rc != 0
+  when: "inventory_hostname != groups['netmaker_server'][0]"
+
+- name: Waiting for rqlite to accept connections on other nodes
+  ansible.builtin.wait_for:
+    host: "{{ inventory_hostname }}"
+    port: 4001
+    state: started
+  when: "inventory_hostname != groups['netmaker_server'][0]"