Merge pull request #238 from stfc/ssh_key_volume

Chris-green-stfc · web-flow · commit 80fe22c5d37b · 2025-09-15T13:16:19.000+01:00
Add ssh key and mount volume
diff --git a/chatops_deployment/ansible/configure.yml b/chatops_deployment/ansible/configure.yml
@@ -1,4 +1,13 @@
 ---
+- name: Add SSH key to agent
+  hosts: localhost
+  tags:
+    - key
+  tasks:
+    - name: Add SSH key
+      ansible.builtin.include_role:
+        name: add_ssh_key
+
 - name: Configure load balancer
   hosts: stack
   roles:
@@ -35,6 +44,14 @@
   tags:
     - grafana
 
+- name: Attach volume
+  hosts: stack
+  gather_facts: true
+  roles:
+    - volume
+  tags:
+    - volume
+
 - name: Configure Prometheus
   hosts: stack
   roles:
diff --git a/chatops_deployment/ansible/deploy.yml b/chatops_deployment/ansible/deploy.yml
@@ -7,7 +7,14 @@
         name: terraform
         tasks_from: deploy
 
-- name: Add known hosts of bastion host and private VMs
+- name: Add SSH key to agent
+  hosts: localhost
+  tasks:
+    - name: Add SSH key
+      ansible.builtin.include_role:
+        name: add_ssh_key
+
+- name: Add known host of stack VM
   hosts: localhost
   gather_facts: false
   roles:
diff --git a/chatops_deployment/ansible/roles/add_ssh_key/tasks/main.yml b/chatops_deployment/ansible/roles/add_ssh_key/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: Install expect
+  become: true
+  ansible.builtin.apt:
+    name: expect
+    update_cache: true
+
+- name: Start ssh-agent
+  # noqa: command-instead-of-shell
+  # interpolation is not supported by the command module
+  ansible.builtin.shell: 'eval $("ssh-agent -s")'
+  register: add_ssh_key_start_agent
+  changed_when: add_ssh_key_start_agent.rc == 0
+
+- name: Add key to ssh-agent
+  # noqa: command-instead-of-shell
+  # We must use shell here as here-docs don't work with command
+  ansible.builtin.shell: |
+    expect << EOF
+      spawn ssh-add {{ env }}-bastion-key
+      expect "Enter passphrase for {{ env }}-bastion-key:"
+      send "{{ bastion_key_passphrase }}\r"
+      expect eof
+    EOF
+  register: add_ssh_key_add_key
+  changed_when: add_ssh_key_add_key.rc == 0
diff --git a/chatops_deployment/ansible/roles/elastic/files/elasticsearch.yml b/chatops_deployment/ansible/roles/elastic/files/elasticsearch.yml
@@ -1,6 +1,6 @@
 ---
 path:
-  data: /var/elasticsearch/data
+  data: /var/stack/elasticsearch/data
   logs: /var/log/elasticsearch
 cluster.name: chatops-elasticsearch
 xpack.security.enabled: true
diff --git a/chatops_deployment/ansible/roles/elastic/tasks/elasticsearch.yml b/chatops_deployment/ansible/roles/elastic/tasks/elasticsearch.yml
@@ -36,19 +36,10 @@
     state: latest # noqa: package-latest
     update_cache: true
 
-- name: Attach data volume to Elasticsearch data directory
-  become: true
-  ansible.posix.mount:
-    boot: true
-    path: /var/elasticsearch/data
-    src: "{{ elasticsearch_device }}"
-    state: mounted
-    fstype: ext4
-
 - name: Set permissions on volume
   become: true
   ansible.builtin.file:
-    path: /var/elasticsearch/data
+    path: /var/stack/elasticsearch/data
     state: directory
     owner: root
     group: elasticsearch
diff --git a/chatops_deployment/ansible/roles/prometheus/files/prometheus.service b/chatops_deployment/ansible/roles/prometheus/files/prometheus.service
@@ -9,7 +9,7 @@ Group=prometheus
 Restart=on-failure
 ExecStart=/opt/prometheus/prometheus \
   --config.file=/opt/prometheus/prometheus.yml \
-  --storage.tsdb.path=/opt/prometheus/data \
+  --storage.tsdb.path=/var/stack/prometheus/data \
   --storage.tsdb.retention.time=30d \
   --web.config.file=/opt/prometheus/web.yml
 StandardOutput=append:/var/log/prometheus/prometheus.log
diff --git a/chatops_deployment/ansible/roles/prometheus/tasks/main.yml b/chatops_deployment/ansible/roles/prometheus/tasks/main.yml
@@ -34,23 +34,18 @@
       - Move Prometheus binaries
       - Start Prometheus
 
-- name: Attach volume to Prometheus data directory
-  become: true
-  ansible.posix.mount:
-    boot: true
-    path: /var/prometheus/data
-    src: "{{ prometheus_device }}"
-    state: mounted
-    fstype: ext4
+- name: Flush handlers to move binaries
+  ansible.builtin.meta: flush_handlers
 
 - name: Set permissions on volume
   become: true
   ansible.builtin.file:
-    path: /var/prometheus/data
+    path: /var/stack/prometheus/data
     state: directory
     owner: prometheus
     group: prometheus
     mode: "0774"
+    recurse: true
 
 - name: Copy prometheus service file
   become: true
diff --git a/chatops_deployment/ansible/roles/systemd_exporter/tasks/main.yml b/chatops_deployment/ansible/roles/systemd_exporter/tasks/main.yml
@@ -26,8 +26,8 @@
 - name: Download and extract systemd-exporter
   become: true
   ansible.builtin.unarchive:
-    src: "https://github.com/prometheus-community/systemd_exporter/releases/download/v{{ systemd_exporter_version }}/systemd_exporter-{{ systemd_exporter_version
-      }}.linux-amd64.tar.gz"
+    src: "https://github.com/prometheus-community/systemd_exporter/releases/download/v{{ systemd_exporter_version }}/
+      systemd_exporter-{{ systemd_exporter_version}}.linux-amd64.tar.gz"
     dest: /tmp
     remote_src: true
     creates: "/tmp/systemd_exporter-{{ systemd_exporter_version }}.linux-amd64"
diff --git a/chatops_deployment/ansible/roles/volume/tasks/main.yml b/chatops_deployment/ansible/roles/volume/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- name: Attach volume to stack host
+  become: true
+  ansible.posix.mount:
+    boot: true
+    path: /var/stack
+    src: "{{ ansible_local.terraform.vars.stack_device }}"
+    state: mounted
+    fstype: ext4
+
+- name: Set permissions
+  become: true
+  ansible.builtin.file:
+    state: directory
+    path: /var/stack
+    owner: ubuntu
+    group: ubuntu
+    mode: "0775"
