Fix myriad bugs in playbooks

Update inventory
2018-12-22 13:55:36 -05:00 · 2018-12-22 13:55:36 -05:00 · 9a35e992d0
commit 9a35e992d0
parent fd77dbfca4
12 changed files with 99 additions and 118 deletions
--- a/omni.ini
+++ b/omni.ini
@ -1,3 +1,5 @@
+router
+
 [servers]
 romulus
 remus
@ -5,9 +7,10 @@ novis
 apex

 [vms]
-vm-host-nginx
+vm-dev-nginx
 vm-host-gitea
 vm-host-plex
+vm-host-bitwarden
 vm-db-maria
 vm-db-prometheus
 nimbus-1
--- a/playbooks/files/bashrc.sh
+++ b/playbooks/files/bashrc.sh
@ -14,66 +14,3 @@ parse_git_branch() {
 }

 export PS1="\[\e[0;97m\]\[\e[37m\]\u\[\e[1;94m\]@\[\e[94m\]\h\[\e[0;33m\]$(parse_git_branch) \[\e[37m\]\w\[\e[33m\] \[\e[0;97m\]$\[\e[0m\] "
-
-function venv() {
-  DIR="/home/$USER/.virtualenvs"
-
-  [[ -d $DIR ]] || mkdir $DIR
-
-  if [ ! -v $1 ] || [ $1 -eq '--help' ] || [ $1 -eq '-h' ]; then
-    echo "Custom python Virtualenv manager
-\"Because pipenv is too hard and everything else sucks\"
-
-Commands:
-  list                 List available virtualenvs
-  show                 Alias of list
-  delete <venv>        Delete a virtualenv
-  del                  Alias of delete
-  rm                   Alias of delete
-  load <venv>          Activate a virtualenv for usage
-  new <venv> <python>  Create a new virtualenv. If <python> is not specified,
-                       then the system default python is used
-"
-
-  elif [ ! -v $1 ] || [ $1 -eq "list" ] || [ $1 -eq "show" ]; then
-    echo "hello"
-    ls $DIR
-
-  elif [ $1 -eq "del" ] || [ $1 -eq "rm" ]; then
-    if [ ! -v $2 ]; then
-      echo "Error: virtualenv name parameter not provided"
-    else
-      if [ ! -d "$DIR/$2" ]; then
-        echo "Error: virtualenv $2 does not exist"
-      else
-        rm -rf $DIR/$2
-      fi
-    fi
-
-  elif [ $1 -eq "new" ]; then
-    if [ ! -v $2 ]; then
-      echo "Error: virtualenv name parameter not provided"
-    else
-      if [ -d "$DIR/$2" ]; then
-        echo "Error: virtualenv $2 already exits"
-      elif [ -v $3 ]; then
-        virtualenv $2 --python=$3
-      else
-        virtualenv $2
-      fi
-    fi
-
-  elif [ $1 -eq "load" ]; then
-    if [ ! -v $2 ]; then
-      echo "Error: virtualenv name parameter not provided"
-    elif [ ! -d "$DIR/$2" ]; then
-      echo "Error: virtualenv $2 does not exist"
-    else
-      source $DIR/$2/bin/activate
-    fi
-
-  else
-    echo "No parameter provided"
-  fi
-
-}
--- a/playbooks/provision.yml
+++ b/playbooks/provision.yml
@ -1,37 +1,43 @@
 ---
- include_playbook: dependencies.yml
+- import_playbook: dependencies.yml
+

 - hosts: all
  name: Init
  tasks:
-    - name: Check system compatibility
-      when: ansible_distribution != "CentOS" and ansible_distribution != "Red Hat Enterprise Linux" and ansible_distribution != "Fedora"
-      meta: end_play
-      debug:
-        msg: "Standard configuration deployment is only supported on Fedora 28/29, Centos 7.5, and RHEL"
-
    - name: Set hostname
      become: true
      hostname:
        name: "{{ default_host if default_host is defined else inventory_hostname }}"

-    - name: Install MOTD
+    - name: Install global bashrc
+      become: true
+      copy:
+        src: bashrc.sh
+        dest: /etc/profile.d/30-omni-bashrc.sh
+        mode: 0644
+
+    - name: Install SSH Banner
      become: true
      template:
        src: motd.j2
-        dest: /etc/motd
+        dest: /etc/issue.net
        mode: 0644

-    - name: Install global bashrc
+    - name: Configure SSH banner
      become: true
-      template:
-        src: bashrc.j2
-        dest: /etc/profile.d/30-omni-bashrc.sh
-        mode: 0644
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '#Banner none'
+        line: 'Banner /etc/issue.net'
+

 - hosts: all
  name: System packages
  tasks:
+    - name: Load package variables
+      include_vars:
+        file: packages.yml
    - import_tasks: tasks/centos/repositories.yml
      when: ansible_distribution == "CentOS"
    - import_tasks: tasks/centos/packages.yml
@ -57,20 +63,18 @@
          when: ansible_distribution == "Fedora"
        # - import_tasks: common/debian/networkd.yml
        #   when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
-    - name: Configure systemd-networkd
-      when: enable_networkd == true
-        - import_tasks: common/networkd.yml
+
+        - import_tasks: tasks/networkd.yml


- hosts: all
-  name: Register static DHCP entries
+- import_playbook: update-users-local.yml
+
+
+- hosts: vms
+  name: Install ovirt agent
  tasks:
-    - name: Install static DHCP leases
-      delegate_to: {{ router.address }}
-      when: networking is defined
-      edgeos_config:
-        save: true
-        lines:
-          - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }}
-          - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }}
-      with_dict: "{{ networking }}"
+    - name: Install ovirt-agent
+      become: true
+      yum:
+        name: ovirt-guest-agent
+        state: latest
--- a/playbooks/templates/motd.j2
+++ b/playbooks/templates/motd.j2
@ -5,4 +5,4 @@
 | |_____  | | \ | | | |      | |___| | | | \ | | | |_____
 |_______| |_|  \__| |_|    O |_______| |_|  \__| |_______|

- {{ description | default('ENPN Distributed System') }}
+{{ description | default('Omni Network System') }}
--- a/playbooks/update-system.yml
+++ b/playbooks/update-system.yml
@ -7,7 +7,7 @@
      become: true
      yum:
        state: latest
-        name: *
+        name: "*"
        exclude: kernel*{{ ',' + exclude_upgrade | default('') }}

    - name: Upgrade DNF packages
@ -15,7 +15,7 @@
      become: true
      dnf:
        state: latest
-        name: *
+        name: "*"
        exclude: kernel*{{ ',' + exclude_upgrade | default('') }}

    # - name: Upgrade APT packages
--- a/playbooks/update-users-local.yml
+++ b/playbooks/update-users-local.yml
@ -4,20 +4,7 @@
 - hosts: all
  name: Prompt for variables
  tasks:
-    - name: Pre-processing
-      tags: always
-      block:
-        - name: Load users
-          include_vars:
-            file: users.yml
-        - name: Reconcile user targets with host targets to get host users
-          set_fact:
-            local_users: "{{ local_users | default([]) + [item if item.targets | intersect(targets) else None] }}"
-          with_items: "{{ users }}"
-        - name: Get administrative users
-          set_fact:
-            local_admin_users: "{{ local_admin_users | default([]) + [item.name if item.admin else None] }}"
-          with_items: "{{ local_users | difference([None]) }}"
+    - import_tasks: tasks/users-preprocessing.yml

    - name: Create local user accounts
      tags: users_create
--- a/playbooks/update-users-network.yml
+++ b/playbooks/update-users-network.yml
@ -0,0 +1,39 @@
+---
+- hosts: router
+  name: Configure users on router
+  connection: network_cli
+  gather_facts: false
+  vars:
+    ansible_network_os: edgeos
+  tasks:
+    - import_tasks: tasks/users-preprocessing.yml
+
+    - name: Create users
+      edgeos_config:
+        lines:
+          - set system login user {{ item.name }} authentication encrypted-password "{{ item.password }}"
+          - set system login user {{ item.name }} full-name "{{ item.fullname if item.fullname is defined else "" }}"
+          - set system login user {{ item.name }} level {{ 'operator' if item.name != 'ansible' else 'admin' }}
+      with_items:
+        - "{{ local_users | difference([None]) }}"
+
+    - name: Grant administrative access to admin users
+      edgeos_config:
+        lines:
+          - set system login user {{ item.name }} level admin
+      with_items:
+        - "{{ local_admin_users | difference([None]) }}"
+
+    - name: Assemble loadkey files
+      copy:
+        src: keys/{{ item }}
+        dest: /tmp
+      with_items:
+        - "{{ local_admin_users | difference([None]) }}"
+
+    - name: Load keys
+      edgeos_config:
+        lines:
+          - loadkey {{ item }} /tmp/{{ item }}/*.pub
+      with_items:
+        - "{{ local_admin_users | difference([None]) }}"
--- a/tasks/centos/packages.yml
+++ b/tasks/centos/packages.yml
@ -1,7 +1,4 @@
- name: Load package variables
-  include_vars:
-    file: packages.yml
-
+---
 - name: Install global packages using YUM
  become: true
  yum:
--- a/tasks/centos/repositories.yml
+++ b/tasks/centos/repositories.yml
@ -1,3 +1,4 @@
+---
 - name: Enable Extra Packages for Enterprise Linux
  become: true
  yum_repository:
@ -23,4 +24,5 @@
    regex: enabled=1
    line: enabled=0
    path: /etc/yum/pluginconf.d/subscription-manager.conf
+    create: yes
    state: present
--- a/tasks/fedora/packages.yml
+++ b/tasks/fedora/packages.yml
@ -1,7 +1,4 @@
- name: Load package variables
-  include_vars:
-    file: packages.yml
-
+---
 - name: Install global packages using DNF
  become: true
  dnf:
--- a/tasks/networkd.yml
+++ b/tasks/networkd.yml
@ -16,7 +16,7 @@
 - name: Make .network files
  become: true
  template:
-    src: dot.network.j2
+    src: network.j2
    dest: "/etc/systemd/network/{{ item.key }}.network"
  with_dict: "{{ networking }}"

--- a/tasks/users-preprocessing.yml
+++ b/tasks/users-preprocessing.yml
@ -0,0 +1,15 @@
+---
+- name: Pre-processing
+  tags: always
+  block:
+    - name: Load users
+      include_vars:
+        file: users.yml
+    - name: Reconcile user targets with host targets to get host users
+      set_fact:
+        local_users: "{{ local_users | default([]) + [item if item.targets | intersect(targets) else None] }}"
+      with_items: "{{ users }}"
+    - name: Get administrative users
+      set_fact:
+        local_admin_users: "{{ local_admin_users | default([]) + [item.name if item.admin else None] }}"
+      with_items: "{{ local_users | difference([None]) }}"