Home Explore Help
Sign In
sarman
/
tftsr_ai
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c9457bb38b
Branches Tags
tftsr_ai
/
playbooks
/
site.yml

site.yml 5.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 
  1. ---
    2. 

  2. # playbooks/site.yml
    3. 

  3. # Master playbook - imports all playbooks in sequence
    4. 

  4. 

  5. - name: "Site | Import pre-flight checks"
    6. 

  6.   ansible.builtin.import_playbook: 00_preflight.yml
    7. 

  7.   tags:
    8. 

  8.     - preflight
    9. 

  9. 

  10. - name: "Site | Import Vault deployment"
    11. 

  11.   ansible.builtin.import_playbook: 01_vault.yml
    12. 

  12.   tags:
    13. 

  13.     - vault
    14. 

  14. 

  15. - name: "Site | Import infrastructure setup"
    16. 

  16.   ansible.builtin.import_playbook: 02_infrastructure.yml
    17. 

  17.   tags:
    18. 

  18.     - infrastructure
    19. 

  19. 

  20. - name: "Site | Import model benchmarking"
    21. 

  21.   ansible.builtin.import_playbook: 03_benchmark.yml
    22. 

  22.   tags:
    23. 

  23.     - benchmark
    24. 

  24. 

  25. - name: "Site | Import model configuration"
    26. 

  26.   ansible.builtin.import_playbook: 04_models.yml
    27. 

  27.   tags:
    28. 

  28.     - models
    29. 

  29. 

  30. - name: "Site | Import Keycloak deployment"
    31. 

  31.   ansible.builtin.import_playbook: 05_keycloak.yml
    32. 

  32.   tags:
    33. 

  33.     - keycloak
    34. 

  34. 

  35. - name: "Site | Import Qdrant deployment"
    36. 

  36.   ansible.builtin.import_playbook: 06_qdrant.yml
    37. 

  37.   tags:
    38. 

  38.     - qdrant
    39. 

  39. 

  40. - name: "Site | Import Open WebUI deployment"
    41. 

  41.   ansible.builtin.import_playbook: 07_openwebui.yml
    42. 

  42.   tags:
    43. 

  43.     - openwebui
    44. 

  44. 

  45. - name: "Site | Import OpenClaw deployment"
    46. 

  46.   ansible.builtin.import_playbook: 08_openclaw.yml
    47. 

  47.   tags:
    48. 

  48.     - openclaw
    49. 

  49. 

  50. - name: "Site | Import Nginx configuration"
    51. 

  51.   ansible.builtin.import_playbook: 09_nginx.yml
    52. 

  52.   tags:
    53. 

  53.     - nginx
    54. 

  54. 

  55. - name: "Site | Import CoreDNS configuration"
    56. 

  56.   ansible.builtin.import_playbook: 10_coredns.yml
    57. 

  57.   tags:
    58. 

  58.     - coredns
    59. 

  59. 

  60. - name: "Site | Import Vault OIDC configuration"
    61. 

  61.   ansible.builtin.import_playbook: 11_vault_oidc.yml
    62. 

  62.   tags:
    63. 

  63.     - vault-oidc
    64. 

  64. 

  65. # ── Final credentials summary ───────────────────────────────────────
    66. 

  66. - name: "Site | Display deployment summary"
    67. 

  67.   hosts: localhost
    68. 

  68.   connection: local
    69. 

  69.   gather_facts: false
    70. 

  70.   tags:
    71. 

  71.     - summary
    72. 

  72.   vars:
    73. 

  73.     vault_token_file: "{{ playbook_dir }}/../vault/.vault-token"
    74. 

  74.     vault_url: "http://{{ ai_server_ip }}:{{ vault_port }}"
    75. 

  75.   tasks:
    76. 

  76.     - name: "Summary | Retrieve Keycloak admin password"
    77. 

  77.       ansible.builtin.set_fact:
    78. 

  78.         kc_admin_pass: "{{ lookup('community.hashi_vault.hashi_vault', vault_secret_prefix ~ '/keycloak:admin_password token=' ~ lookup('ansible.builtin.file', vault_token_file) ~ ' url=' ~ vault_url) }}"
    79. 

  79. 

  80.     - name: "Summary | Retrieve Keycloak realm admin password"
    81. 

  81.       ansible.builtin.set_fact:
    82. 

  82.         kc_realm_admin_pass: "{{ lookup('community.hashi_vault.hashi_vault', vault_secret_prefix ~ '/keycloak:realm_admin_password token=' ~ lookup('ansible.builtin.file', vault_token_file) ~ ' url=' ~ vault_url) }}"
    83. 

  83. 

  84.     - name: "Summary | Retrieve Vault root token"
    85. 

  85.       ansible.builtin.set_fact:
    86. 

  86.         vault_root_token: "{{ lookup('ansible.builtin.file', playbook_dir ~ '/../vault/.vault-init.json') | from_json | json_query('root_token') }}"
    87. 

  87. 

  88.     - name: "Summary | Display credentials and access information"
    89. 

  89.       ansible.builtin.debug:
    90. 

  90.         msg: |
    91. 

  91.           ╔══════════════════════════════════════════════════════════════════╗
    92. 

  92.           ║             {{ platform_name }} PLATFORM - DEPLOYMENT COMPLETE
    93. 

  93.           ╠══════════════════════════════════════════════════════════════════╣
    94. 

  94.           ║                                                                ║
    95. 

  95.           ║  SERVICES:                                                     ║
    96. 

  96.           ║  ─────────                                                     ║
    97. 

  97.           ║  Open WebUI:   {{ openwebui_url }}
    98. 

  98.           ║  Keycloak:     {{ keycloak_url }}
    99. 

  99.           ║  Vault:        {{ vault_api_addr }}
    100. 

  100.           ║  Ollama API:   {{ ollama_api_url }}
    101. 

  101.           ║  Qdrant:       http://{{ ai_server_ip }}:{{ qdrant_http_port }} (internal only)
    102. 

  102.           ║                                                                ║
    103. 

  103.           ║  CREDENTIALS:                                                  ║
    104. 

  104.           ║  ────────────                                                  ║
    105. 

  105.           ║  Vault Root Token:        {{ vault_root_token }}
    106. 

  106.           ║  Vault Token File:        vault/.vault-token                   ║
    107. 

  107.           ║  Keycloak Admin:          admin / {{ kc_admin_pass }}
    108. 

  108.           ║  Realm Admin:             {{ keycloak_realm_admin_user }} / {{ kc_realm_admin_pass }}
    109. 

  109.           ║                                                                ║
    110. 

  110.           ║  FILES:                                                        ║
    111. 

  111.           ║  ──────                                                        ║
    112. 

  112.           ║  Vault Init:     vault/.vault-init.json                        ║
    113. 

  113.           ║  Ansible Token:  vault/.vault-token                            ║
    114. 

  114.           ║  Benchmarks:     benchmarks/results/model_selection.json       ║
    115. 

  115.           ║                                                                ║
    116. 

  116.           ║  NOTES:                                                        ║
    117. 

  117.           ║  ──────                                                        ║
    118. 

  118.           ║  - All secrets are stored in Vault at {{ vault_secret_prefix }}/*
    119. 

  119.           ║  - Run individual playbooks with --tags for partial deploys    ║
    120. 

  120.           ║  - Vault must be unsealed after each restart                   ║
    121. 

  121.           ║                                                                ║
    122. 

  122.           ╚══════════════════════════════════════════════════════════════════╝
    123.