93 lines
3.5 KiB
YAML
93 lines
3.5 KiB
YAML
---
|
|
# Reconcile external Traefik Redis route keys for a single service.
|
|
#
|
|
# Purpose:
|
|
# Codify emergency Redis route edits into repeatable automation so
|
|
# route state can be restored without manual redis-cli commands.
|
|
#
|
|
# Usage:
|
|
# cd /home/chester/homelab/ansible
|
|
# ansible-playbook -i inventory/hosts.ini playbooks/preflight/reconcile_edge_route.yml \
|
|
# -e "route_name=gitea" \
|
|
# -e "route_fqdn=git.castaldifamily.com" \
|
|
# -e "route_backend_url=http://10.0.0.211:8251"
|
|
|
|
- name: Reconcile edge route keys in Redis
|
|
hosts: watchtower
|
|
gather_facts: false
|
|
vars_files:
|
|
- ../../group_vars/all.yml
|
|
|
|
vars:
|
|
route_name: gitea
|
|
route_fqdn: git.castaldifamily.com
|
|
route_backend_url: "http://{{ edge_routing.swarm.bind_ip }}:8251"
|
|
route_entrypoint: websecure
|
|
route_cert_resolver: cloudflare
|
|
redis_container_name: redis
|
|
|
|
tasks:
|
|
- name: Validate required route inputs
|
|
ansible.builtin.assert:
|
|
that:
|
|
- route_name | trim | length > 0
|
|
- route_fqdn | trim | length > 0
|
|
- route_backend_url | trim | length > 0
|
|
- edge_routing.edge_host.name | length > 0
|
|
fail_msg: "Missing required route reconciliation inputs."
|
|
|
|
- name: Build route key map
|
|
ansible.builtin.set_fact:
|
|
edge_route_pairs:
|
|
- key: "traefik/http/routers/{{ route_name }}/rule"
|
|
value: "Host(`{{ route_fqdn }}`)"
|
|
- key: "traefik/http/routers/{{ route_name }}/service"
|
|
value: "{{ route_name }}"
|
|
- key: "traefik/http/routers/{{ route_name }}/entryPoints/0"
|
|
value: "{{ route_entrypoint }}"
|
|
- key: "traefik/http/routers/{{ route_name }}/tls/certResolver"
|
|
value: "{{ route_cert_resolver }}"
|
|
- key: "traefik/http/services/{{ route_name }}/loadBalancer/servers/0/url"
|
|
value: "{{ route_backend_url }}"
|
|
- key: "traefik/http/services/{{ route_name }}/loadBalancer/passHostHeader"
|
|
value: "true"
|
|
|
|
- name: Read existing route key values
|
|
ansible.builtin.command: >-
|
|
docker exec {{ redis_container_name }} redis-cli GET {{ item.key }}
|
|
delegate_to: "{{ edge_routing.edge_host.name }}"
|
|
become: true
|
|
loop: "{{ edge_route_pairs }}"
|
|
register: edge_route_existing_values
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Write route keys when drift is detected
|
|
ansible.builtin.command: >-
|
|
docker exec {{ redis_container_name }} redis-cli SET {{ item.item.key }} {{ item.item.value | quote }}
|
|
delegate_to: "{{ edge_routing.edge_host.name }}"
|
|
become: true
|
|
loop: "{{ edge_route_existing_values.results }}"
|
|
when: (item.stdout | default('')) != item.item.value
|
|
register: edge_route_set_results
|
|
changed_when: true
|
|
|
|
- name: Verify reconciled backend URL
|
|
ansible.builtin.command: >-
|
|
docker exec {{ redis_container_name }} redis-cli GET
|
|
traefik/http/services/{{ route_name }}/loadBalancer/servers/0/url
|
|
delegate_to: "{{ edge_routing.edge_host.name }}"
|
|
become: true
|
|
register: edge_route_backend_verify
|
|
changed_when: false
|
|
|
|
- name: Assert backend URL matches expected value
|
|
ansible.builtin.assert:
|
|
that:
|
|
- edge_route_backend_verify.stdout | trim == route_backend_url
|
|
fail_msg: >-
|
|
Redis backend URL for {{ route_name }} is '{{ edge_route_backend_verify.stdout | trim }}'
|
|
but expected '{{ route_backend_url }}'.
|
|
success_msg: >-
|
|
Edge route '{{ route_name }}' reconciled to {{ route_backend_url }}.
|