diff --git a/omni.yml b/omni.yml index 59f4561..755d0c7 100644 --- a/omni.yml +++ b/omni.yml @@ -5,6 +5,8 @@ servers: enable_ssh: True enable_ssh_password_auth: False enable_sudo_password: True + enable_networkd: True + generate_keys: False hosts: romulus.net.enp.one: vars: @@ -31,6 +33,8 @@ vms: enable_ssh: True enable_ssh_password_auth: False enable_sudo_password: False + enable_networkd: True + generate_keys: False hosts: vm-host-nginx: vars: @@ -64,6 +68,8 @@ workstations: enable_ssh: False enable_ssh_password_auth: False enable_sudo_password: True + enable_networkd: False + generate_keys: False hosts: omega: vars: diff --git a/playbooks/common.yml b/playbooks/common.yml deleted file mode 100644 index e00907a..0000000 --- a/playbooks/common.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -- name: Set hostname - become: true - hostname: - name: "{{ default_host if default_host is defined else inventory_hostname }}" - -- name: Install CentOS-specific repositories - become: true - when: ansible_distribution == "CentOS" - block: - - name: Enable Extra Packages for Enterprise Linux - yum_repository: - name: epel - description: Extra Packages for Enterprise Linux - baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ - - name: Install Extra Packages for Enterprise Linux GPG key - rpm_key: - state: present - key: https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 - - name: Enable Inline with Upstream Stable - yum: - state: latest - name: https://centos7.iuscommunity.org/ius-release.rpm - -- name: Install selinux and firewalld python bindings - become: true - block: - - name: Install python bindings using DNF - when: ansible_distribution == "Fedora" - dnf: - name: "{{ item }}" - state: latest - with_items: - - libselinux-python - - policycoreutils-python - - python-firewall - - name: Install python bindings using YUM - when: ansible_distribution == "CentOS" - yum: - state: latest - name: - - libselinux-python - - policycoreutils-python - - python-firewall - -- name: Install networkd on CentOS - when: ansible_distribution == "CentOS" - become: true - yum: - state: latest - name: "{{ item }}" - with_items: - - systemd-resolved - - systemd-networkd - -# The directory is deleted ahead of creation to ensure that no old configs -# remain after runnign ansible -- name: Delete networkd config directory - file: - path: /etc/systemd/network - state: absent - -- name: Create the networkd config directory - file: - path: /etc/systemd/network - state: directory - -- name: Make .network files - template: - src: dot.network.j2 - dest: "/etc/systemd/network/{{ item.key }}.network" - with_dict: "{{ networking }}" - -- name: Register static entries - delegate_to: {{ router.address }} - edgeos_config: - save: true - lines: - - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }} - - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }} - -- name: Disable network scripts and NetworkManager - service: - name: "{{ item }}" - enabled: false - with_items: - - network - - NetworkManager - - NetworkManager-wait-online - -- name: Enable systemd-networkd and systemd-resolved - service: - name: "{{ item }}" - enabled: true - state: started - with_items: - - systemd-networkd - - systemd-networkd-wait-online - - systemd-resolved - -- name: Symlink so systemd-resolved uses /etc/resolv.conf - file: - dest: /etc/resolv.conf - src: /run/systemd/resolve/resolv.conf - state: link - force: true - setype: net_conf_t - -- name: Symlink so /etc/resolv.conf uses systemd - file: - dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service - src: /usr/lib/systemd/system/systemd-resolved.service - state: link - force: true diff --git a/playbooks/files/bashrc.sh b/playbooks/files/bashrc.sh new file mode 100644 index 0000000..dcbe608 --- /dev/null +++ b/playbooks/files/bashrc.sh @@ -0,0 +1,73 @@ +function up() { cd $(eval printf '../'%.0s {1..$1}); } +alias fuck='sudo $(history -p \!\!)' +alias doc='cd ~/Documents' +alias explorer='nautilus' +alias version='uname -orp && lsb_release -a | grep Description' +alias activate='source ./bin/activate' +alias ipconfig='ip address show' +alias cls='clear' +alias mklink='ln -s' +alias ls='ls -lshF --color --group-directories-first --time-style=long-iso' + +function venv() { + DIR="/home/$USER/.virtualenvs" + + [[ -d $DIR ]] || mkdir $DIR + + if [ ! -v $1 ] || [ $1 -eq '--help' ] || [ $1 -eq '-h' ]; then + echo "Custom python Virtualenv manager +\"Because pipenv is too hard and everything else sucks\" + +Commands: + list List available virtualenvs + show Alias of list + delete Delete a virtualenv + del Alias of delete + rm Alias of delete + load Activate a virtualenv for usage + new Create a new virtualenv. If is not specified, + then the system default python is used +" + + elif [ ! -v $1 ] || [ $1 -eq "list" ] || [ $1 -eq "show" ]; then + echo "hello" + ls $DIR + + elif [ $1 -eq "del" ] || [ $1 -eq "rm" ]; then + if [ ! -v $2 ]; then + echo "Error: virtualenv name parameter not provided" + else + if [ ! -d "$DIR/$2" ]; then + echo "Error: virtualenv $2 does not exist" + else + rm -rf $DIR/$2 + fi + fi + + elif [ $1 -eq "new" ]; then + if [ ! -v $2 ]; then + echo "Error: virtualenv name parameter not provided" + else + if [ -d "$DIR/$2" ]; then + echo "Error: virtualenv $2 already exits" + elif [ -v $3 ]; then + virtualenv $2 --python=$3 + else + virtualenv $2 + fi + fi + + elif [ $1 -eq "load" ]; then + if [ ! -v $2 ]; then + echo "Error: virtualenv name parameter not provided" + elif [ ! -d "$DIR/$2" ]; then + echo "Error: virtualenv $2 does not exist" + else + source $DIR/$2/bin/activate + fi + + else + echo "No parameter provided" + fi + +} diff --git a/playbooks/provision.yml b/playbooks/provision.yml new file mode 100644 index 0000000..ae42762 --- /dev/null +++ b/playbooks/provision.yml @@ -0,0 +1,74 @@ +--- +- hosts: all + name: Init + tasks: + - name: Check system compatibility + when: ansible_distribution != "CentOS" and ansible_distribution != "Red Hat Enterprise Linux" and ansible_distribution != "Fedora" + meta: end_play + debug: + msg: "Standard configuration deployment is only supported on Fedora 27/28, Centos 7.5, and RHEL" + + - name: Set hostname + become: true + hostname: + name: "{{ default_host if default_host is defined else inventory_hostname }}" + + - name: Install MOTD + become: true + template: + src: motd.j2 + dest: /etc/motd + mode: 0644 + + - name: Install global bashrc + become: true + template: + src: bashrc.j2 + dest: /etc/profile.d/30-omni-bashrc.sh + mode: 0644 + +- hosts: all + name: System packages + tasks: + - import_tasks: common/centos/repositories.yml + when: ansible_distribution == "CentOS" + - import_tasks: common/centos/packages.yml + when: ansible_distribution == "CentOS" + - import_tasks: common/fedora/packages.yml + when: ansible_distribution == "Fedora" + # - import_tasks: common/debian/packages.yml + # when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" + + +- import_playbook: update-system.yml + + +- hosts: all + name: Replace NetworkManager with systemd-networkd + tasks: + - name: Install systemd-networkd + when: enable_networkd == true + block: + - import_tasks: common/centos/networkd.yml + when: ansible_distribution == "CentOS" + - import_tasks: common/fedora/networkd.yml + when: ansible_distribution == "Fedora" + # - import_tasks: common/debian/networkd.yml + # when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" + - name: Configure systemd-networkd + when: enable_networkd == true + - import_tasks: common/networkd.yml + + +- hosts: all + name: Register static DHCP entries + tasks: + - name: Install static DHCP leases + delegate_to: {{ router.address }} + when: networking is defined + edgeos_config: + save: true + lines: + - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }} + - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }} + with_dict: "{{ networking }}" diff --git a/playbooks/templates/motd.j2 b/playbooks/templates/motd.j2 new file mode 100644 index 0000000..eb1c177 --- /dev/null +++ b/playbooks/templates/motd.j2 @@ -0,0 +1,11 @@ + ______ _ _ __ _ _______ +| ___ \ | \ / | | \ | | |__ __| +| | | | | \ / | | \ \ | | | | +| | | | | \/ | | |\ \ | | | | +| | | | | |\ /| | | | \ \| | | | +| |___| | | | \/ | | | | \ \ | __| |__ + \______| |_| |_| |_| \__| |______/ + + {{ description | default('ENPN Distributed System') }} + +{{ ansible_distribution }} {{ ansible_distribution_version }} - Ansible'd {{ ansible_date_time.date }} diff --git a/playbooks/update-system.yml b/playbooks/update-system.yml index e69de29..01bd4e8 100644 --- a/playbooks/update-system.yml +++ b/playbooks/update-system.yml @@ -0,0 +1,24 @@ +--- +- hosts: all + name: Upgrade packages + tasks: + - name: Upgrade YUM packages + when: ansible_distribution == "CentOS" + become: true + yum: + state: latest + name: * + exclude: kernel*{{ ',' + exclude_upgrade | default('') }} + + - name: Upgrade DNF packages + when: ansible_distribution == "Fedora" + become: true + dnf: + state: latest + name: * + exclude: kernel*{{ ',' + exclude_upgrade | default('') }} + + # - name: Upgrade APT packages + # when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" + # become: true + # apt: diff --git a/playbooks/vars b/playbooks/vars new file mode 120000 index 0000000..e8d9a64 --- /dev/null +++ b/playbooks/vars @@ -0,0 +1 @@ +../vars \ No newline at end of file diff --git a/roles/hypervisor/tasks/main.yml b/roles/hypervisor/tasks/main.yml index 8e6fa69..7a84c3c 100644 --- a/roles/hypervisor/tasks/main.yml +++ b/roles/hypervisor/tasks/main.yml @@ -4,6 +4,13 @@ debug: msg: "Hypervisor deployment is only supported on CentOS and RHEL" +- name: Temporarily disable IUS and EPEL repositories + become: true + command: mv /etc/yum.repos.d/{{ item }}.repo /etc/yum.repos.d/{{ item }}.repo.bak + with_items: + - ius + - epel + - name: Install OVirt repository become: true yum: @@ -15,3 +22,10 @@ yum: name: ovirt-engine state: latest + +- name: Re-enable IUS and EPEL repositories + become: true + command: mv /etc/yum.repos.d/{{ item }}.repo.bak /etc/yum.repos.d/{{ item }}.repo + with_items: + - ius + - epel diff --git a/tasks/centos.yml b/tasks/centos.yml new file mode 100644 index 0000000..e69de29 diff --git a/vars/global.yml b/vars/global.yml new file mode 100644 index 0000000..a2d0440 --- /dev/null +++ b/vars/global.yml @@ -0,0 +1,2 @@ +--- +ansible_user: ansible diff --git a/vars/network.yml b/vars/network.yml new file mode 100644 index 0000000..5808eb9 --- /dev/null +++ b/vars/network.yml @@ -0,0 +1,8 @@ +--- +domain: net.enp.one + +router: + address: router.tre2.local + static: + server: DOMAIN + subnet: 10.42.101.0/24 diff --git a/vars/packages.yml b/vars/packages.yml new file mode 100644 index 0000000..d8bc2ec --- /dev/null +++ b/vars/packages.yml @@ -0,0 +1,29 @@ +--- +packages_global: + - cmake + - curl + - gcc + - gcc-c++ + - git + - libselinux-python + - make + - nano + - openssl-devel + - policycoreutils-python + - python-devel + - python-firewall + - python-virtualenv + - unzip + - vim + - vim-minimal + +packages_dnf: + - python3-devel + +packages_yum: + - bash-completion + - bash-completion-extras + - nc + - nfs-utils + - python36u + - wget diff --git a/group_vars/all.yml b/vars/users.yml similarity index 92% rename from group_vars/all.yml rename to vars/users.yml index 157dc97..56f6212 100644 --- a/group_vars/all.yml +++ b/vars/users.yml @@ -1,14 +1,4 @@ --- -ansible_user: ansible - -domain: net.enp.one - -router: - address: router.tre2.local - static: - server: DOMAIN - subnet: 10.42.101.0/24 - users: # - name: username (required) # fullname: user's full name (optional)