tyler/ansible-seaweed
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Tyler
2025-05-26 23:02:42 -04:00
commit 084e9ab432
14 changed files with 511 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
roles/seaweed/tasks/certificates.yaml Normal file
View File

@ -0,0 +1,37 @@
- name: Ensure certs directory exists
file:
path: "{{ seaweed_config_dir }}/certs"
state: directory
mode: '0700'
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
# Use OpenSSL here because the crypto library isn't working properly
- name: Generate CA private key as seaweedfs user
command: openssl genrsa -out {{ seaweed_ca_key }} 4096
args:
creates: "{{ seaweed_ca_key }}"
- name: Generate self-signed CA certificate as seaweedfs user
command: >
openssl req -x509 -new -nodes -key {{ seaweed_ca_key }}
-sha256 -days 3650 -out {{ seaweed_ca_cert }}
-subj "/CN=SeaweedFS CA"
args:
creates: "{{ seaweed_ca_cert }}"
- name: Change ownership of CA files
file:
path: "{{ item }}"
owner: "{{ seaweed_user }}"
group: "{{ seaweed_user }}"
mode: '0644'
loop:
- "{{ seaweed_ca_key }}"
- "{{ seaweed_ca_cert }}"
- name: Generate server private keys and certificates for domains
include_tasks: generate_cert.yaml
loop: "{{ seaweed_cert_domains }}"
loop_control:
loop_var: domain

28
roles/seaweed/tasks/download.yaml Normal file
View File

@ -0,0 +1,28 @@
- name: Determine SeaweedFS asset name based on architecture and disk flag
set_fact:
seaweedfs_asset_name: "{{ asset_name_matrix[ansible_architecture][seaweed_variant] }}"
- name: Ensure download directory exists
file:
path: "{{ download_dir }}"
state: directory
mode: '0755'
- name: Download SeaweedFS latest release artifact
get_url:
url: "https://github.com/seaweedfs/seaweedfs/releases/latest/download/{{ seaweedfs_asset_name }}"
dest: "{{ download_dir }}/{{ seaweedfs_asset_name }}"
mode: '0644'
- name: Extract SeaweedFS archive
unarchive:
src: "{{ download_dir }}/{{ seaweedfs_asset_name }}"
dest: "{{ download_dir }}"
remote_src: yes
- name: Move 'weed' binary to /usr/local/bin
copy:
src: "{{ download_dir }}/weed"
dest: "{{ seaweed_binary_path }}"
mode: '0755'
remote_src: yes

41
roles/seaweed/tasks/generate_cert.yaml Normal file
View File

@ -0,0 +1,41 @@
- name: Generate private key for {{ domain }}
command: >
openssl genrsa -out {{ seaweed_cert_dir }}/{{ domain }}.key 2048
args:
creates: "{{ seaweed_cert_dir }}/{{ domain }}.key"
register: gen_key_result
- name: Generate CSR for {{ domain }}
command: >
openssl req -new -key {{ seaweed_cert_dir }}/{{ domain }}.key
-out {{ seaweed_cert_dir }}/{{ domain }}.csr
-subj "/CN={{ domain }}"
args:
creates: "{{ seaweed_cert_dir }}/{{ domain }}.csr"
register: gen_csr_result
- name: Generate certificate signed by CA for {{ domain }}
command: >
openssl x509 -req
-in {{ seaweed_cert_dir }}/{{ domain }}.csr
-CA {{ seaweed_ca_cert }}
-CAkey {{ seaweed_ca_key }}
-CAcreateserial
-out {{ seaweed_cert_dir }}/{{ domain }}.crt
-days 3650
-sha256
args:
creates: "{{ seaweed_cert_dir }}/{{ domain }}.crt"
register: gen_crt_result
- name: Set certificate permissions
file:
path: "{{ item }}"
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
mode: '0644'
recurse: true
loop:
- "{{ seaweed_cert_dir }}/{{ domain }}.crt"
- "{{ seaweed_cert_dir }}/{{ domain }}.csr"
- "{{ seaweed_cert_dir }}/{{ domain }}.key"

115
roles/seaweed/tasks/main.yaml Normal file
View File

@ -0,0 +1,115 @@
- name: Download and Install SeaweedFS
include_tasks: download.yaml
- name: Create system user for SeaweedFS
user:
name: "{{ seaweed_user }}"
shell: /usr/sbin/nologin
system: yes
create_home: no
- name: Create SeaweedFS configuration directory
file:
path: "{{ seaweed_config_dir }}"
state: directory
mode: '0755'
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
- name: Create SeaweedFS data directory
file:
path: "{{ seaweed_data_dir }}"
state: directory
mode: '0755'
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
- name: Create SeaweedFS log directory
file:
path: "{{ seaweed_log_dir }}"
state: directory
mode: '0755'
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
- name: Create SeaweedFS data directories
file:
path: "{{ seaweed_data_dir }}/{{ item.name }}"
state: directory
mode: '0755'
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
loop: "{{ seaweed_services }}"
- name: Create certificates
include_tasks: certificates.yaml
- name: Generate seaweed JWT signing secrets
set_fact:
seaweed_jwt_signing: "{{ lookup('password', '/dev/null length=64 chars=ascii_letters,digits') }}"
seaweed_jwt_filer_signing: "{{ lookup('password', '/dev/null length=64 chars=ascii_letters,digits') }}"
- name: Configure security configuration
template:
src: security.toml.j2
dest: "{{ seaweed_config_dir }}/security.toml"
mode: '0644'
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
vars:
seaweed_master_cert: "{{ seaweed_cert_dir }}/master01.crt"
seaweed_master_key: "{{ seaweed_cert_dir }}/master01.key"
seaweed_volume_cert: "{{ seaweed_cert_dir }}/volume01.crt"
seaweed_volume_key: "{{ seaweed_cert_dir }}/volume01.key"
seaweed_filer_cert: "{{ seaweed_cert_dir }}/filer01.crt"
seaweed_filer_key: "{{ seaweed_cert_dir }}/filer01.key"
seaweed_client_cert: "{{ seaweed_cert_dir }}/client01.crt"
seaweed_client_key: "{{ seaweed_cert_dir }}/client01.key"
- name: Configure filer
template:
src: filer.toml.j2
dest: "{{ seaweed_config_dir }}/filer.toml"
mode: '0644'
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
- name: Generate S3 access key
set_fact:
s3_access_key: "{{ lookup('password', '/dev/null length=20 chars=ascii_letters,digits') }}"
- name: Generate S3 secret key
set_fact:
s3_secret_key: "{{ lookup('password', '/dev/null length=40 chars=ascii_letters,digits') }}"
- name: Configure s3
template:
src: s3.json.j2
dest: "{{ seaweed_config_dir }}/s3.json"
mode: '0644'
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
- name: Install SeaweedFS services
template:
src: seaweed.service.j2
dest: "/etc/systemd/system/seaweed-{{ item.name }}.service"
mode: '0644'
owner: "{{ seaweed_user }}"
group: "{{ seaweed_group }}"
loop: "{{ seaweed_services }}"
vars:
seaweed_service: "{{ item.name }}"
seaweed_command: "{{ item.name }}"
seaweed_args: "{{ item.args }}"
- name: Reload systemd daemon
systemd:
daemon_reload: yes
- name: Enable and start SeaweedFS services
systemd:
name: "seaweed-{{ item.name }}"
enabled: yes
state: restarted
loop: "{{ seaweed_services }}"