n8n ansible base

.gitea/workflows/deploy.yml

@@ -13,7 +13,7 @@ on:
           - multi.tfvars.example
 
 jobs:
-  terraform:
+  terraform-deploy:
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -21,7 +21,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: hashicorp/setup-terraform@v3
+      - uses: hashicorp/setup-terraform@v4
 
       - name: Select tfvars
         run: cp "${{ inputs.tfvars_file }}" terraform.tfvars
@@ -42,16 +42,28 @@ jobs:
       - name: Write tags
         run: terraform output -json vm_tags > ../ansible/vm_tags.json
 
-  deploy:
+  ansible-configure:
     needs: terraform
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ansible
     steps:
       - uses: actions/checkout@v4
 
       - name: Install Ansible
+        shell: bash
         run: |
-          python3 -m pip install --upgrade pip
+          sudo apt-get update
-          pip install ansible community.docker
+          sudo apt-get install -y ansible
 
-      - name: Deploy app
+      - name: Set up SSH
-        run: ansible-playbook -i ansible/inventory/hosts.ini ansible/playbooks/deploy.yml
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          echo -e "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile=/dev/null\n" > ~/.ssh/config
+
+      - name: Run playbook
+        run: |
+          ansible-playbook playbooks/docker_copy.yml -i inventory/inventory.yml -u cloud --private-key ~/.ssh/id_rsa

ansible/playbooks/docker_copy.yml

@@ -0,0 +1,8 @@
+- hosts: all
+  become: true
+  vars:
+    folder_name: n8n
+
+  roles:
+    - role: docker
+      config_flavor: copy

ansible/playbooks/tags.yml

@@ -0,0 +1,22 @@
+---
+- name: Update Proxmox VM tags
+  hosts: all
+  gather_facts: false
+
+  vars_files:
+    - ../terraform/vm_data.yml
+
+  tasks:
+    - name: Update tags on each VM
+      community.proxmox.proxmox_kvm:
+        api_user: "{{ lookup('env', 'PROXMOX_USER') }}"
+        api_token_id: "{{ lookup('env', 'PROXMOX_TOKEN_ID') }}"
+        api_token_secret: "{{ lookup('env', 'PROXMOX_TOKEN_SECRET') }}"
+        api_host: "{{ lookup('env', 'PROXMOX_HOST') }}"
+        validate_certs: true
+        node: "{{ item.value.node_name }}"
+        name: "{{ item.value.vm_name }}"
+        state: present
+        update: true
+        tags: "{{ item.value.tags }}"
+      loop: "{{ vm_tag_data | dict2items }}"

ansible/roles/docker/defaults/main.yml

@@ -0,0 +1,15 @@
+docker_comparisons:
+  env: strict
+  labels: strict
+
+docker_image_name_mismatch: recreate
+
+docker_state: started
+
+docker_restart_policy: unless-stopped
+
+docker_pull: "missing"
+
+gather_facts: true
+
+config_flavor: none

ansible/roles/docker/tasks/docker_copy.yml

@@ -0,0 +1,17 @@
+---
+# Copy directory recursively to remote host
+
+- name: Copy project directory to remote
+  ansible.builtin.synchronize:
+    src: ../compose/{{ folder_name }}  
+    dest: /home/cloud/
+    mode: push
+
+
+- name: Start Compose stack
+  community.docker.docker_compose_v2:
+    project_src: /home/cloud/{{ folder_name }}  
+    build: always
+    pull: always
+    state: present
+

ansible/roles/docker/tasks/docker_destroy.yml

@@ -0,0 +1,27 @@
+- name: Get running containers
+  docker_host_info:
+    containers: yes
+  register: docker_info
+
+- name: Stop running containers
+  docker_container:
+    name: "{{ item }}"
+    state: stopped
+  loop: "{{ docker_info.containers | map(attribute='Id') | list }}"
+  
+- name: Remove Stoped docker containers
+  shell: |
+     docker rm $(docker ps -a -q);
+  when: docker_info.containers != 0
+
+- name: Get details of all images
+  docker_host_info:
+    images: yes
+    verbose_output: yes
+  register: image_info
+
+- name: Remove all images
+  docker_image:
+    name: "{{ item }}"
+    state: absent
+  loop: "{{ image_info.images | map(attribute='Id') | list }}"

ansible/roles/docker/tasks/docker_install.yml

@@ -0,0 +1,23 @@
+- name: Install gpg
+  ansible.builtin.apt:
+    name: gpg
+
+- name: Add Docker repository key
+  ansible.builtin.apt_key:
+    url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    keyring: /etc/apt/trusted.gpg.d/docker.gpg
+
+- name: Add Docker repository
+  ansible.builtin.apt_repository:
+    # Use HTTP to enable apt-cacher
+    repo: deb http://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
+    filename: docker
+
+- name: Install Docker
+  ansible.builtin.apt:
+    name: "{{ item }}"
+  loop:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: Docker Install
+  include_tasks: docker_install.yml
+  when: config_flavor == "install"
+
+- name: Docker Stop & Destroy
+  include_tasks: docker_destroy.yml
+  when: config_flavor == "destroy"
+
+
+- name: Docker Transfer Compose to Remote Host
+  include_tasks: docker_copy.yml
+  when: config_flavor == "copy"
+
+#####
+# You need to set up each docker playbook to a config flavor or look for an input module and assign config_flavor to it
+######

terraform/main.tf

@@ -2,6 +2,20 @@ locals {
   instance_map = var.instance_mode == "single" ? {
     main = var.instance
   } : var.instances
+
+  vm_created = {
+    for k, v in local.instance_map :
+    k => {
+      service_name = v.service_name
+      vm_name      = v.vm_name
+      node_name    = v.node_name
+      ipv4_address = module.vm[k].vm_ipv4_address
+      vm_tags      = concat(
+        try(v.vm_tags, []),
+        ["terraform", "docker", v.service_name, "ip-${replace(module.vm[k].vm_ipv4_address, ".", "-")}"]
+      )
+    }
+  }
 }
 
 module "vm-n8n" {
@@ -23,3 +37,15 @@ module "vm-n8n" {
   )
   vm_user_sshkey = var.vm_defaults.vm_user_sshkey
 }
+
+module "inventory" {
+  source   = "./modules/proxmox_ansible_inventory"
+  filename = "${path.module}/ansible/inventory/inventory.yml"
+  instances = local.vm_created
+}
+
+module "vm_data" {
+  source    = "./modules/proxmox_vm_data"
+  filename  = "${path.module}/terraform/vm_data.yml"
+  instances = local.vm_created
+}

terraform/modules/proxmox_ansible_inventory/main.tf

@@ -0,0 +1,26 @@
+locals {
+  inventory = {
+    all = {
+      vars = {
+        ansible_user = "cloud"
+      }
+      children = {
+        for svc in distinct([for k, v in var.instances : v.service_name]) :
+        svc => {
+          hosts = {
+            for k, v in var.instances :
+            v.vm_name => {
+              ansible_host = v.ipv4_address
+            }
+            if v.service_name == svc
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "local_file" "inventory" {
+  filename = var.filename
+  content  = yamlencode(local.inventory)
+}

terraform/modules/proxmox_ansible_inventory/outputs.tf

@@ -0,0 +1,7 @@
+output "filename" {
+  value = local_file.inventory.filename
+}
+
+output "content" {
+  value = local_file.inventory.content
+}

terraform/modules/proxmox_ansible_inventory/variables.tf

@@ -0,0 +1,13 @@
+variable "filename" {
+  description = "Path to write the inventory.yml file"
+  type        = string
+}
+
+variable "instances" {
+  description = "Normalized instance map keyed by instance key"
+  type = map(object({
+    service_name = string
+    vm_name      = string
+    ipv4_address = string
+  }))
+}

terraform/modules/proxmox_vm_data/main.tf

@@ -0,0 +1,17 @@
+locals {
+  vm_data = {
+    vm_tag_data = {
+      for k, v in var.instances :
+      k => {
+        node_name = v.node_name
+        vm_name   = v.vm_name
+        tags      = v.vm_tags
+      }
+    }
+  }
+}
+
+resource "local_file" "vm_data" {
+  filename = var.filename
+  content  = yamlencode(local.vm_data)
+}

terraform/modules/proxmox_vm_data/outputs.tf

@@ -0,0 +1,7 @@
+output "filename" {
+  value = local_file.vm_data.filename
+}
+
+output "content" {
+  value = local_file.vm_data.content
+}

terraform/modules/proxmox_vm_data/variables.tf

@@ -0,0 +1,15 @@
+variable "filename" {
+  description = "Path to write the vm_data.yml file"
+  type        = string
+}
+
+variable "instances" {
+  description = "Normalized instance map keyed by instance key"
+  type = map(object({
+    service_name = string
+    vm_name      = string
+    node_name    = string
+    ipv4_address = string
+    vm_tags      = list(string)
+  }))
+}

terraform/terraform.tfvars

@@ -1,11 +0,0 @@
-instance_mode = "single"
-
-instance = {
-  service_name = "n8n"
-  vm_name      = "n8n-01"
-  node_name    = "pop"
-  app_port     = 5678
-  app_image    = "docker.n8n.io/n8nio/n8n"
-  vm_tags      = ["agentic"]
-}
-