From 9a35e992d012d0805ffa00500624430752a901fe Mon Sep 17 00:00:00 2001 From: "Ethan N. Paul" Date: Sat, 22 Dec 2018 13:55:36 -0500 Subject: [PATCH] Fix myriad bugs in playbooks Update inventory --- omni.ini | 5 +- playbooks/files/bashrc.sh | 63 ------------------- playbooks/provision.yml | 60 +++++++++--------- playbooks/templates/motd.j2 | 2 +- playbooks/update-system.yml | 4 +- ...local-users.yml => update-users-local.yml} | 15 +---- playbooks/update-users-network.yml | 39 ++++++++++++ tasks/centos/packages.yml | 5 +- tasks/centos/repositories.yml | 2 + tasks/fedora/packages.yml | 5 +- tasks/networkd.yml | 2 +- tasks/users-preprocessing.yml | 15 +++++ 12 files changed, 99 insertions(+), 118 deletions(-) rename playbooks/{update-local-users.yml => update-users-local.yml} (89%) create mode 100644 playbooks/update-users-network.yml create mode 100644 tasks/users-preprocessing.yml diff --git a/omni.ini b/omni.ini index 08e11c9..394a9ab 100644 --- a/omni.ini +++ b/omni.ini @@ -1,3 +1,5 @@ +router + [servers] romulus remus @@ -5,9 +7,10 @@ novis apex [vms] -vm-host-nginx +vm-dev-nginx vm-host-gitea vm-host-plex +vm-host-bitwarden vm-db-maria vm-db-prometheus nimbus-1 diff --git a/playbooks/files/bashrc.sh b/playbooks/files/bashrc.sh index 501291d..1ebc9bc 100644 --- a/playbooks/files/bashrc.sh +++ b/playbooks/files/bashrc.sh @@ -14,66 +14,3 @@ parse_git_branch() { } export PS1="\[\e[0;97m\]\[\e[37m\]\u\[\e[1;94m\]@\[\e[94m\]\h\[\e[0;33m\]$(parse_git_branch) \[\e[37m\]\w\[\e[33m\] \[\e[0;97m\]$\[\e[0m\] " - -function venv() { - DIR="/home/$USER/.virtualenvs" - - [[ -d $DIR ]] || mkdir $DIR - - if [ ! -v $1 ] || [ $1 -eq '--help' ] || [ $1 -eq '-h' ]; then - echo "Custom python Virtualenv manager -\"Because pipenv is too hard and everything else sucks\" - -Commands: - list List available virtualenvs - show Alias of list - delete Delete a virtualenv - del Alias of delete - rm Alias of delete - load Activate a virtualenv for usage - new Create a new virtualenv. If is not specified, - then the system default python is used -" - - elif [ ! -v $1 ] || [ $1 -eq "list" ] || [ $1 -eq "show" ]; then - echo "hello" - ls $DIR - - elif [ $1 -eq "del" ] || [ $1 -eq "rm" ]; then - if [ ! -v $2 ]; then - echo "Error: virtualenv name parameter not provided" - else - if [ ! -d "$DIR/$2" ]; then - echo "Error: virtualenv $2 does not exist" - else - rm -rf $DIR/$2 - fi - fi - - elif [ $1 -eq "new" ]; then - if [ ! -v $2 ]; then - echo "Error: virtualenv name parameter not provided" - else - if [ -d "$DIR/$2" ]; then - echo "Error: virtualenv $2 already exits" - elif [ -v $3 ]; then - virtualenv $2 --python=$3 - else - virtualenv $2 - fi - fi - - elif [ $1 -eq "load" ]; then - if [ ! -v $2 ]; then - echo "Error: virtualenv name parameter not provided" - elif [ ! -d "$DIR/$2" ]; then - echo "Error: virtualenv $2 does not exist" - else - source $DIR/$2/bin/activate - fi - - else - echo "No parameter provided" - fi - -} diff --git a/playbooks/provision.yml b/playbooks/provision.yml index be28de4..96238aa 100644 --- a/playbooks/provision.yml +++ b/playbooks/provision.yml @@ -1,37 +1,43 @@ --- -- include_playbook: dependencies.yml +- import_playbook: dependencies.yml + - hosts: all name: Init tasks: - - name: Check system compatibility - when: ansible_distribution != "CentOS" and ansible_distribution != "Red Hat Enterprise Linux" and ansible_distribution != "Fedora" - meta: end_play - debug: - msg: "Standard configuration deployment is only supported on Fedora 28/29, Centos 7.5, and RHEL" - - name: Set hostname become: true hostname: name: "{{ default_host if default_host is defined else inventory_hostname }}" - - name: Install MOTD + - name: Install global bashrc + become: true + copy: + src: bashrc.sh + dest: /etc/profile.d/30-omni-bashrc.sh + mode: 0644 + + - name: Install SSH Banner become: true template: src: motd.j2 - dest: /etc/motd + dest: /etc/issue.net mode: 0644 - - name: Install global bashrc + - name: Configure SSH banner become: true - template: - src: bashrc.j2 - dest: /etc/profile.d/30-omni-bashrc.sh - mode: 0644 + lineinfile: + path: /etc/ssh/sshd_config + regexp: '#Banner none' + line: 'Banner /etc/issue.net' + - hosts: all name: System packages tasks: + - name: Load package variables + include_vars: + file: packages.yml - import_tasks: tasks/centos/repositories.yml when: ansible_distribution == "CentOS" - import_tasks: tasks/centos/packages.yml @@ -57,20 +63,18 @@ when: ansible_distribution == "Fedora" # - import_tasks: common/debian/networkd.yml # when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" - - name: Configure systemd-networkd - when: enable_networkd == true - - import_tasks: common/networkd.yml + + - import_tasks: tasks/networkd.yml -- hosts: all - name: Register static DHCP entries +- import_playbook: update-users-local.yml + + +- hosts: vms + name: Install ovirt agent tasks: - - name: Install static DHCP leases - delegate_to: {{ router.address }} - when: networking is defined - edgeos_config: - save: true - lines: - - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }} - - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }} - with_dict: "{{ networking }}" + - name: Install ovirt-agent + become: true + yum: + name: ovirt-guest-agent + state: latest diff --git a/playbooks/templates/motd.j2 b/playbooks/templates/motd.j2 index eb7c0c5..842831e 100644 --- a/playbooks/templates/motd.j2 +++ b/playbooks/templates/motd.j2 @@ -5,4 +5,4 @@ | |_____ | | \ | | | | | |___| | | | \ | | | |_____ |_______| |_| \__| |_| O |_______| |_| \__| |_______| - {{ description | default('ENPN Distributed System') }} +{{ description | default('Omni Network System') }} diff --git a/playbooks/update-system.yml b/playbooks/update-system.yml index 01bd4e8..34c8e6b 100644 --- a/playbooks/update-system.yml +++ b/playbooks/update-system.yml @@ -7,7 +7,7 @@ become: true yum: state: latest - name: * + name: "*" exclude: kernel*{{ ',' + exclude_upgrade | default('') }} - name: Upgrade DNF packages @@ -15,7 +15,7 @@ become: true dnf: state: latest - name: * + name: "*" exclude: kernel*{{ ',' + exclude_upgrade | default('') }} # - name: Upgrade APT packages diff --git a/playbooks/update-local-users.yml b/playbooks/update-users-local.yml similarity index 89% rename from playbooks/update-local-users.yml rename to playbooks/update-users-local.yml index 8ecb014..017bfea 100644 --- a/playbooks/update-local-users.yml +++ b/playbooks/update-users-local.yml @@ -4,20 +4,7 @@ - hosts: all name: Prompt for variables tasks: - - name: Pre-processing - tags: always - block: - - name: Load users - include_vars: - file: users.yml - - name: Reconcile user targets with host targets to get host users - set_fact: - local_users: "{{ local_users | default([]) + [item if item.targets | intersect(targets) else None] }}" - with_items: "{{ users }}" - - name: Get administrative users - set_fact: - local_admin_users: "{{ local_admin_users | default([]) + [item.name if item.admin else None] }}" - with_items: "{{ local_users | difference([None]) }}" + - import_tasks: tasks/users-preprocessing.yml - name: Create local user accounts tags: users_create diff --git a/playbooks/update-users-network.yml b/playbooks/update-users-network.yml new file mode 100644 index 0000000..1b0506d --- /dev/null +++ b/playbooks/update-users-network.yml @@ -0,0 +1,39 @@ +--- +- hosts: router + name: Configure users on router + connection: network_cli + gather_facts: false + vars: + ansible_network_os: edgeos + tasks: + - import_tasks: tasks/users-preprocessing.yml + + - name: Create users + edgeos_config: + lines: + - set system login user {{ item.name }} authentication encrypted-password "{{ item.password }}" + - set system login user {{ item.name }} full-name "{{ item.fullname if item.fullname is defined else "" }}" + - set system login user {{ item.name }} level {{ 'operator' if item.name != 'ansible' else 'admin' }} + with_items: + - "{{ local_users | difference([None]) }}" + + - name: Grant administrative access to admin users + edgeos_config: + lines: + - set system login user {{ item.name }} level admin + with_items: + - "{{ local_admin_users | difference([None]) }}" + + - name: Assemble loadkey files + copy: + src: keys/{{ item }} + dest: /tmp + with_items: + - "{{ local_admin_users | difference([None]) }}" + + - name: Load keys + edgeos_config: + lines: + - loadkey {{ item }} /tmp/{{ item }}/*.pub + with_items: + - "{{ local_admin_users | difference([None]) }}" diff --git a/tasks/centos/packages.yml b/tasks/centos/packages.yml index f754736..5ab449c 100644 --- a/tasks/centos/packages.yml +++ b/tasks/centos/packages.yml @@ -1,7 +1,4 @@ -- name: Load package variables - include_vars: - file: packages.yml - +--- - name: Install global packages using YUM become: true yum: diff --git a/tasks/centos/repositories.yml b/tasks/centos/repositories.yml index 00e68e2..1b40b6d 100644 --- a/tasks/centos/repositories.yml +++ b/tasks/centos/repositories.yml @@ -1,3 +1,4 @@ +--- - name: Enable Extra Packages for Enterprise Linux become: true yum_repository: @@ -23,4 +24,5 @@ regex: enabled=1 line: enabled=0 path: /etc/yum/pluginconf.d/subscription-manager.conf + create: yes state: present diff --git a/tasks/fedora/packages.yml b/tasks/fedora/packages.yml index 1f0b299..faec9c8 100644 --- a/tasks/fedora/packages.yml +++ b/tasks/fedora/packages.yml @@ -1,7 +1,4 @@ -- name: Load package variables - include_vars: - file: packages.yml - +--- - name: Install global packages using DNF become: true dnf: diff --git a/tasks/networkd.yml b/tasks/networkd.yml index 2832238..6ad1626 100644 --- a/tasks/networkd.yml +++ b/tasks/networkd.yml @@ -16,7 +16,7 @@ - name: Make .network files become: true template: - src: dot.network.j2 + src: network.j2 dest: "/etc/systemd/network/{{ item.key }}.network" with_dict: "{{ networking }}" diff --git a/tasks/users-preprocessing.yml b/tasks/users-preprocessing.yml new file mode 100644 index 0000000..ee1bd23 --- /dev/null +++ b/tasks/users-preprocessing.yml @@ -0,0 +1,15 @@ +--- +- name: Pre-processing + tags: always + block: + - name: Load users + include_vars: + file: users.yml + - name: Reconcile user targets with host targets to get host users + set_fact: + local_users: "{{ local_users | default([]) + [item if item.targets | intersect(targets) else None] }}" + with_items: "{{ users }}" + - name: Get administrative users + set_fact: + local_admin_users: "{{ local_admin_users | default([]) + [item.name if item.admin else None] }}" + with_items: "{{ local_users | difference([None]) }}"