Skip to content

Instantly share code, notes, and snippets.

@dch

dch/main.yml

Created December 12, 2018 19:13
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dch/50120cf8ddd442e09cc31b8249a41e2a to your computer and use it in GitHub Desktop.
Save dch/50120cf8ddd442e09cc31b8249a41e2a to your computer and use it in GitHub Desktop.
Download ZIP
ansible zerotier role
Raw
main.yml
---
- name: zerotier | install pkg
pkgng:
state: latest
name:
- net/zerotier
notify: zerotier | restart
tags:
- pkg
- zerotier
- name: zerotier | add ansible status collector
copy:
content: |
#!/bin/sh
/usr/local/bin/zerotier-cli -j info \
| jq .
dest: /usr/local/etc/ansible/facts.d/zt_info.fact
mode: 0750
owner: root
group: wheel
tags:
- zerotier
- name: zerotier | add ansible peer status collector
copy:
content: |
#!/bin/sh
/usr/local/bin/zerotier-cli -j listpeers \
| jq .
dest: /usr/local/etc/ansible/facts.d/zt_peers.fact
mode: 0750
owner: root
group: wheel
tags:
- zerotier
- name: zerotier | add ansible networks status collector
copy:
content: |
#!/bin/sh
/usr/local/bin/zerotier-cli -j listpeers \
| jq .
dest: /usr/local/etc/ansible/facts.d/zt_networks.fact
mode: 0750
owner: root
group: wheel
tags:
- zerotier
- name: zerotier | add ansible ipv6 fact collector
copy:
content: |
#!/bin/sh
/usr/local/bin/zerotier-cli -j listnetworks | jq '.[]
| .assignedAddresses[]
| sub("(:0+)+";"::")
| capture("(?<host>[a-f0-9:]+::)1/(?<prefix>[0-9]+)")
| {"ip6": (.host + "1"), prefix, "host": .host}'
dest: /usr/local/etc/ansible/facts.d/zt_6plane.fact
mode: 0750
owner: root
group: wheel
tags:
- zerotier
- name: zerotier | enable daemon
copy:
content: |
zerotier_enable=YES
dest: /etc/rc.conf.d/zerotier
mode: 0440
notify: zerotier | restart
tags:
- zerotier
- name: zerotier | start daemon
service:
name: zerotier
state: started
tags:
- zerotier
- name: zerotier | get local node address
# check_mode: no means "always run this task"
command: /usr/local/bin/zerotier-cli -j info
register: zerotier_info
check_mode: no
changed_when: false
tags:
- zerotier
- name: zerotier | dump info response
debug:
var: zerotier_info.stdout
verbosity: 2
when: not ansible_check_mode
tags:
- debug
- zerotier
- name: zerotier | join network
command: /usr/local/bin/zerotier-cli -j join {{ net.zerotier.network }}
register: zerotier_network
when: not ansible_check_mode
changed_when: false
tags:
- zerotier
- name: zerotier | dump network response
debug:
var: zerotier_network.stdout
verbosity: 2
when: not ansible_check_mode
tags:
- debug
- zerotier
- name: zerotier | register responses
set_fact:
zerotier_address: "{{ (zerotier_info.stdout |from_json).address }}"
zerotier_device: "{{ (zerotier_network.stdout |from_json).portDeviceName }}"
zerotier_name: "{{ (zerotier_network.stdout |from_json).name }}"
zerotier_ip: "{{ (zerotier_network.stdout |from_json).assignedAddresses }}"
zerotier_status: "{{ (zerotier_network.stdout |from_json).status }}"
when: not ansible_check_mode
tags:
- zerotier
- name: zerotier | authorise this connection
uri:
url: https://my.zerotier.com/api/network/{{ net.zerotier.network }}/member/{{ zerotier_address }}
method: POST
HEADER_Authorization: "Bearer {{ net.zerotier.token }}"
body_format: json
body:
name: "{{ inventory_hostname }}"
config:
authorized: true
return_content: yes
register: zerotier_authorisation
when: not ansible_check_mode and (zerotier_status != "OK" or zerotier_name != inventory_hostname)
tags:
- zerotier
- name: zerotier | dump authorisation response
debug:
var: zerotier_authorisation
verbosity: 2
when: not ansible_check_mode
tags:
- debug
- zerotier
- name: zerotier | dump inventory configuration
debug:
var: ansible_local.zerotier
verbosity: 2
tags:
- debug
- zerotier
@dch
Copy link
Author

dch commented Dec 12, 2018

snagged from trobotham on irc:

---

- name: begin installation of zerotier
  tags: ['zerotier']
  vars:
    zerotier_conf_dir: "/var/lib/zerotier-one"
    zerotier_cli: "/usr/sbin/zerotier-cli"
  block:
    - name: Check if ZeroTier exists
      stat:
        path: "{{zerotier_conf_dir}}"
      register: zerotier_exists

    - name: Create staging directory
      tempfile:
        state: directory
        suffix: staging
      register: tmpdir
      when: zerotier_exists.stat.exists == False

    - name: download ZeroTier install script
      become: true
      get_url:
        url: '{{zerotier_source_uri}}'
        dest: '{{tmpdir.path}}/zt-install'
      when: zerotier_exists.stat.exists == False

    - name: run ZeroTier installation
      become: true
      command: bash '{{tmpdir.path}}/zt-install'
      args:
        creates: /usr/sbin/zerotier-one
      when: zerotier_exists.stat.exists == False

    - name: run ZeroTier installation test
      become: true
      command: "{{zerotier_cli}} status"
      register: install_result
      changed_when: "'200 info' in install_result.stdout"

    - name: remove temporary ZeroTier staging directory
      file:
        path: "{{tmpdir.path}}"
        state: absent
      when: zerotier_exists.stat.exists == False

    - name: join ZeroTier moons (roots)
      become: true
      command: "{{zerotier_cli}} orbit {{zerotier_moon_id}} {{zerotier_root_address}}"
      when: install_result is changed
      args:
        creates: '{{zerotier_conf_dir}}/moons.d/000000{{zerotier_moon_id}}.moon'

    - name: join ZeroTier network
      become: true
      command: "{{zerotier_cli}} join {{zerotier_network_id}}"
      register: join_result
      failed_when: join_result.rc == 2
      when: install_result is changed
      args:
        creates: '{{zerotier_conf_dir}}/networks.d/{{zerotier_network_id}}.conf'

    - name: get ZeroTier memberid
      become: true
      shell: "{{zerotier_cli}} status | awk '{print $3}'"
      register: zerotier_member_id
      changed_when: false

    - name: get ZeroTier api key
      set_fact: zerotier_api_key={{lookup('dn_hashi_vault', 'secret=secret/data/dnmgmt/tokens/zerotier_apikey:apikey auth_method=approle secret_engine_kv2=true')}}

    - name: authorize new ZeroTier member
      local_action:
        module: uri
        url: '{{zerotier_api_url}}/controller/network/{{zerotier_network_id}}/member/{{zerotier_member_id.stdout}}'
        method: POST
        body_format: json
        register: auth_apiresult
        headers:
          X-ZT1-AUTH: '{{zerotier_api_key}}'
        body:
          authorized: '{{zerotier_authorize_member}}'

    - name: wait for ZeroTier interface to come up
      become: true
      wait_for:
        port: 9993
        delay: 10

    - name: gather network facts to refresh interfaces
      setup:

    - name: store private ip address
      local_action: >
        command {{zerotier_vault_script}}
        -p dnmgmt/ztipaddr/{{inventory_hostname}}
        -k ipv4
        -v {{ansible_ztezw5l2cq.ipv4.address}}
      register: check_vault_kv
      failed_when: check_vault_kv.rc != 0

    - name: copy static local.conf
      become: true
      copy:
        src: '{{item}}'
        dest: '{{zerotier_conf_dir}}/local.conf'
      with_items:
        - local.conf
      notify: reload zerotier

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment