Restructure repository, removing old stuff
This commit is contained in:
parent
2fa6554b9d
commit
bb3578f997
@ -1,8 +1,8 @@
|
||||
---
|
||||
ansible_user: ansible
|
||||
|
||||
disable_gnome_user_list: True
|
||||
|
||||
protected_users:
|
||||
- root
|
||||
- ansible
|
||||
|
||||
domain: net.enp.one
|
7
_legacy/playbooks/templates/motd.j2
Normal file
7
_legacy/playbooks/templates/motd.j2
Normal file
@ -0,0 +1,7 @@
|
||||
|
||||
//////////// //// //// ///////////
|
||||
//// ////// //// //// ////
|
||||
//////// //// /// //// ///////////
|
||||
//// //// ////// ////
|
||||
//////////// //// //// {{ omni_description | default('Omni Network System') }}
|
||||
_______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\
|
5
_legacy/playbooks/update.yml
Normal file
5
_legacy/playbooks/update.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- import_playbook: dependencies.yml
|
||||
|
||||
- import_playbook: update-system.yml
|
||||
- import_playbook: update-users-local.yml
|
12
_legacy/roles/ldap_host/tasks/main.yml
Normal file
12
_legacy/roles/ldap_host/tasks/main.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: Install required packages
|
||||
when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name:
|
||||
- openldap-servers
|
||||
- openldap-clients
|
||||
- nss-pam-ldapd
|
||||
|
||||
- name: Configure
|
36
_legacy/roles/ovirt/tasks/install.yml
Normal file
36
_legacy/roles/ovirt/tasks/install.yml
Normal file
@ -0,0 +1,36 @@
|
||||
---
|
||||
- name: Install Ovirt on CentOS 8
|
||||
become: true
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
block:
|
||||
- name: Install Ovirt repository
|
||||
dnf:
|
||||
state: latest
|
||||
name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm
|
||||
- name: Update using the new repository
|
||||
dnf:
|
||||
state: latest
|
||||
name: "*"
|
||||
exclude: kernel*
|
||||
- name: Install Ovirt
|
||||
dnf:
|
||||
state: latest
|
||||
name: ovirt-engine
|
||||
|
||||
- name: Install Ovrit on CentOS 7
|
||||
become: true
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
block:
|
||||
- name: Install Ovirt repository
|
||||
yum:
|
||||
state: latest
|
||||
name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm
|
||||
- name: Update using the new repository
|
||||
yum:
|
||||
state: latest
|
||||
name: "*"
|
||||
exclude: kernel*
|
||||
- name: Install Ovirt
|
||||
yum:
|
||||
state: latest
|
||||
name: ovirt-engine
|
20
_legacy/tasks/centos/bindings.yml
Normal file
20
_legacy/tasks/centos/bindings.yml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Install CentOS 8 python bindings
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name:
|
||||
- python3-libselinux
|
||||
- python3-policycoreutils
|
||||
- python3-firewall
|
||||
|
||||
- name: Install CentoOS 7 python bindings
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
become: true
|
||||
yum:
|
||||
state: latest
|
||||
name:
|
||||
- libselinux-python
|
||||
- policycoreutils-python
|
||||
- python-firewall
|
@ -1,5 +1,6 @@
|
||||
---
|
||||
- name: Install Fedora python bindings
|
||||
when: ansible_distribution == "Fedora"
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
1
playbooks/configure-auth.yml
Normal file
1
playbooks/configure-auth.yml
Normal file
@ -0,0 +1 @@
|
||||
---
|
@ -1,51 +0,0 @@
|
||||
---
|
||||
- name: Check meta environment
|
||||
hosts: all
|
||||
tags:
|
||||
- always
|
||||
- initialize
|
||||
tasks:
|
||||
- name: Check required operating system
|
||||
when: required_os is defined
|
||||
assert:
|
||||
that:
|
||||
- required_os.split("_")[0] == ansible_distribution | lower
|
||||
- required_os.split("_")[1] == ansible_distribution_major_version
|
||||
fail_msg: "Host does not meet required OS specified"
|
||||
success_msg: "Required OS validation succeeded"
|
||||
|
||||
- name: Ansible python bindings
|
||||
hosts: all
|
||||
tags:
|
||||
- always
|
||||
- initialize
|
||||
tasks:
|
||||
- name: Install CentOS 8 python bindings
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name:
|
||||
- python3-libselinux
|
||||
- python3-policycoreutils
|
||||
- python3-firewall
|
||||
|
||||
- name: Install CentoOS 7 python bindings
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
become: true
|
||||
yum:
|
||||
state: latest
|
||||
name:
|
||||
- libselinux-python
|
||||
- policycoreutils-python
|
||||
- python3-firewall
|
||||
|
||||
- name: Install Fedora python bindings
|
||||
when: ansible_distribution == "Fedora"
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name:
|
||||
- libselinux-python
|
||||
- policycoreutils-python
|
||||
- python3-firewall
|
@ -48,7 +48,6 @@ alias doc='cd ~/Documents'
|
||||
alias dn='cd ~/Downloads'
|
||||
alias version='uname -orp && lsb_release -a | grep Description'
|
||||
alias activate='source ./bin/activate'
|
||||
alias ipconfig='ip address show'
|
||||
alias cls='clear'
|
||||
alias mklink='ln -s'
|
||||
alias ls='/usr/bin/ls -lshF --color --group-directories-first --time-style=long-iso'
|
||||
|
15
playbooks/meta.yml
Normal file
15
playbooks/meta.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
- name: Check meta environment
|
||||
hosts: all
|
||||
tags:
|
||||
- always
|
||||
- meta
|
||||
tasks:
|
||||
- name: Check required operating system
|
||||
when: omni_os is defined
|
||||
assert:
|
||||
that:
|
||||
- omni_os.name == ansible_distribution | lower
|
||||
- omni_os.version_major == ansible_distribution_major_version
|
||||
fail_msg: "Host does not meet required OS specified"
|
||||
success_msg: "Required OS validation succeeded"
|
@ -1,29 +0,0 @@
|
||||
---
|
||||
- import_playbook: initialize.yml
|
||||
|
||||
- name: System packages
|
||||
hosts: all
|
||||
tags:
|
||||
- provision
|
||||
- initialize
|
||||
tasks:
|
||||
- name: Load package variables
|
||||
include_vars:
|
||||
file: packages.yml
|
||||
- import_tasks: tasks/centos/repositories.yml
|
||||
when: ansible_distribution == "CentOS"
|
||||
- import_tasks: tasks/centos/packages.yml
|
||||
when: ansible_distribution == "CentOS"
|
||||
- import_tasks: tasks/fedora/packages.yml
|
||||
when: ansible_distribution == "Fedora"
|
||||
# - import_tasks: tasks/debian/packages.yml
|
||||
# when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
|
||||
|
||||
|
||||
#- import_playbook: provision-workstation.yml
|
||||
#- import_playbook: provision-server.yml
|
||||
#- import_playbook: provision-hypervisor.yml
|
||||
- import_playbook: provision-virtual-machine.yml
|
||||
|
||||
|
||||
- import_playbook: update.yml
|
@ -1,8 +0,0 @@
|
||||
|
||||
//////////// //// //// ///////////
|
||||
//// ////// //// //// ////
|
||||
//////// //// /// //// ///////////
|
||||
//// //// ////// ////
|
||||
//////////// //// //// {{ description | default('Omni Network System') }}
|
||||
_______________________________{{ description | default('Omni Network System') | length * '\\' }}\
|
||||
|
@ -7,7 +7,7 @@
|
||||
# url: https://plex.tv/api/downloads/5.json
|
||||
# dest: "{{ plex_releases_file | default('/tmp/plexreleases.json') }}"
|
||||
|
||||
- hosts: vm-host-plex.net.enp.one
|
||||
- hosts: plex
|
||||
name: Update Plex Media Server to latest version
|
||||
vars:
|
||||
plex_releases: "{{ lookup('url', 'https://plex.tv/api/downloads/5.json') | from_json }}"
|
||||
|
@ -1,5 +1,29 @@
|
||||
---
|
||||
- import_playbook: dependencies.yml
|
||||
- import_playbook: meta.yml
|
||||
|
||||
- import_playbook: update-system.yml
|
||||
- import_playbook: update-users-local.yml
|
||||
- name: Configure system
|
||||
hosts: all:!network
|
||||
tags:
|
||||
- initialize
|
||||
vars:
|
||||
omni_restart_services: true
|
||||
roles:
|
||||
- role: packages
|
||||
vars:
|
||||
omni_pkg_update: true
|
||||
omni_pkg_exclude: [] # Override the default kernel exclusion
|
||||
omni_pkg_clean: true
|
||||
- role: sshd
|
||||
tasks:
|
||||
- name: Set hostname
|
||||
become: true
|
||||
hostname:
|
||||
name: "{{ ansible_host }}"
|
||||
- name: Install global bashrc
|
||||
become: true
|
||||
copy:
|
||||
src: bashrc.sh
|
||||
dest: /etc/profile.d/ZA-enpn-bashrc.sh
|
||||
mode: 0644
|
||||
|
||||
#- import_playbook: configure-auth.yml
|
||||
|
14
roles/packages/defaults/main.yml
Normal file
14
roles/packages/defaults/main.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
# Role parameter documentation
|
||||
#
|
||||
# omni_pkg_repos - whether to install/enable additional repositories
|
||||
# omni_pkg_bindings - whether to install required ansible bindings to the system python
|
||||
# omni_pkg_update - whether to perform a package update
|
||||
# onni_pkg_clean - whether to force clean the package manager cache
|
||||
# omni_pkg_exclude - packages to exclude from an update; has no effect if
|
||||
# ``omni_pkg_update`` is false
|
||||
omni_pkg_repos: true
|
||||
omni_pkg_bindings: true
|
||||
omni_pkg_update: false
|
||||
omni_pkg_clean: false
|
||||
omni_pkg_exclude: ["kernel*"]
|
30
roles/packages/tasks/bindings.yml
Normal file
30
roles/packages/tasks/bindings.yml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: Install CentOS 8 python bindings
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name:
|
||||
- python3-libselinux
|
||||
- python3-policycoreutils
|
||||
- python3-firewall
|
||||
|
||||
- name: Install CentOS 7 python bindings
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
become: true
|
||||
yum:
|
||||
state: latest
|
||||
name:
|
||||
- libselinux-python
|
||||
- policycoreutils-python
|
||||
- python-firewall
|
||||
|
||||
- name: Install Fedora python bindings
|
||||
when: ansible_distribution == "Fedora"
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name:
|
||||
- libselinux-python
|
||||
- policycoreutils-python
|
||||
- python3-firewall
|
@ -11,6 +11,9 @@
|
||||
#
|
||||
# NOTE: These tasks only need to be run on Cent8
|
||||
#
|
||||
# NOTE: We assume- since this file literally has 'centos' in the name- that the
|
||||
# ansible_distribution check has already been done at import time
|
||||
#
|
||||
|
||||
- name: Determine dracut version
|
||||
shell:
|
||||
|
@ -1,26 +0,0 @@
|
||||
---
|
||||
# NOTE: We assume- since this file literally has 'centos' in the name- that the
|
||||
# ansible_distribution check has already been done at import time
|
||||
|
||||
- name: Enable Extra Packages for Enterprise Linux on CentOS 8
|
||||
become: true
|
||||
when: ansible_distribution_major_version == "8"
|
||||
dnf:
|
||||
state: latest
|
||||
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
|
||||
|
||||
- name: Enable the power tools repository on CentOS 8
|
||||
become: true
|
||||
when: ansible_distribution_major_version == "8"
|
||||
lineinfile:
|
||||
path: /etc/yum.repos.d/CentOS-PowerTools.repo
|
||||
regexp: "enabled=(0|1)"
|
||||
line: "enabled=1"
|
||||
|
||||
|
||||
- name: Enable Extra Packages for Enterprise Linux on CentOS 7
|
||||
become: true
|
||||
when: ansible_distribution_major_version == "7"
|
||||
dnf:
|
||||
state: latest
|
||||
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmz
|
@ -1,23 +1,41 @@
|
||||
---
|
||||
- import_tasks: centos-repos.yml
|
||||
when: ansible_distribution == "CentOS"
|
||||
- import_tasks: bindings.yml
|
||||
when: omni_pkg_bindings == true
|
||||
|
||||
- import_tasks: repos.yml
|
||||
when: omni_pkg_repos == true
|
||||
|
||||
- import_tasks: clean.yml
|
||||
when: clean | default(false) == true
|
||||
when: omni_pkg_clean == true
|
||||
|
||||
- import_tasks: update.yml
|
||||
when: update | default(false) == true
|
||||
when: omni_pkg_update == true
|
||||
|
||||
- name: Install packages on Fedora
|
||||
become: true
|
||||
when: ansible_distribution == "Fedora"
|
||||
dnf:
|
||||
state: latest
|
||||
name: "{{ packages_global + packages_fedora }}"
|
||||
name: "{{ omni_packages_global + omni_packages_fedora }}"
|
||||
|
||||
- name: Install packages on CentOS
|
||||
# NOTE: This is currently horrifically broken. See the ongoing drama around
|
||||
# systemd-networkd on cent8. Basically triggering an update- or an install- will give
|
||||
# a conflict error due to the spicy-jankaroni-with-extra-cheese edition of
|
||||
# systemd-networkd I'm running. We can exclude "systemd*", but we need to install
|
||||
# systemd-devel so then we get a package not found error. Its a truly stupid problem
|
||||
# that will hopefully all go away when this bug gets fixed and systemd-networkd becomes
|
||||
# available in EPEL:
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1789146
|
||||
- name: Install packages on CentOS 8
|
||||
become: true
|
||||
when: ansible_distribution == "CentOS"
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
dnf:
|
||||
state: latest
|
||||
name: "{{ packages_global + packages_centos }}"
|
||||
name: "{{ omni_packages_global + omni_packages_centos_8 }}"
|
||||
|
||||
- name: Install packages on CentOS 7
|
||||
become: true
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
yum:
|
||||
state: latest
|
||||
name: "{{ omni_packages_global + omni_packages_centos_7 }}"
|
||||
|
22
roles/packages/tasks/repos.yml
Normal file
22
roles/packages/tasks/repos.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
- name: Install repositories on CentOS 8
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
become: true
|
||||
block:
|
||||
- name: Enable Extra Packages for Enterprise Linux on CentOS 8
|
||||
dnf:
|
||||
state: latest
|
||||
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
|
||||
|
||||
- name: Enable the power tools repository on CentOS 8
|
||||
lineinfile:
|
||||
path: /etc/yum.repos.d/CentOS-PowerTools.repo
|
||||
regexp: "enabled=(0|1)"
|
||||
line: "enabled=1"
|
||||
|
||||
- name: Enable Extra Packages for Enterprise Linux on CentOS 7
|
||||
become: true
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
dnf:
|
||||
state: latest
|
||||
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmz
|
@ -2,13 +2,20 @@
|
||||
- import_tasks: centos-8-dracut.yml
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
|
||||
# Gotta hate this, but I have to hardcode the systemd exclusion on cent8
|
||||
# Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role)
|
||||
# there are a pile of conflicts when you run "dnf update" with it installed. I found
|
||||
# two options that work: 1) uninstall systemd-networkd, update, then reinstall it;
|
||||
# 2) hardcode the exclusion here. Whenever I thought too hard about the potential
|
||||
# consequences of instituting uninstalling-my-network-init-system-as-a-service I
|
||||
# started to get a migaine, so I went with option two.
|
||||
- name: Upgrade Fedora and CentOS 8 packages
|
||||
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8") or ansible_distribution == "Fedora"
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name: "*"
|
||||
exclude: "{{ ','.join(exclude | default(['kernel*'])) }}"
|
||||
exclude: "{{ ','.join(omni_pkg_exclude + ['systemd*']) }}"
|
||||
|
||||
- name: Upgrade CentOS 7 packages
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
@ -16,7 +23,15 @@
|
||||
yum:
|
||||
state: latest
|
||||
name: "*"
|
||||
exclude: "{{ ','.join(exclude | default(['kernel*'])) }}"
|
||||
exclude: "{{ ','.join(omni_pkg_exclude) }}"
|
||||
|
||||
- name: Upgrade Fedora packages
|
||||
when: ansible_distribution == "Fedora"
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name: "*"
|
||||
exclude: "{{ ','.join(omni_pkg_exclude) }}"
|
||||
|
||||
# Yeah I'll get here eventually
|
||||
# - name: Upgrade APT packages
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
packages_global:
|
||||
omni_packages_global:
|
||||
- automake
|
||||
- cmake
|
||||
- curl
|
||||
@ -14,7 +14,7 @@ packages_global:
|
||||
- vim
|
||||
- vim-minimal
|
||||
|
||||
packages_fedora:
|
||||
omni_packages_fedora:
|
||||
- libselinux-python
|
||||
- git-lfs
|
||||
- readline-devel
|
||||
@ -23,7 +23,18 @@ packages_fedora:
|
||||
- python-virtualenv
|
||||
- python3-devel
|
||||
|
||||
packages_centos:
|
||||
omni_packages_centos_8:
|
||||
- bind-utils
|
||||
- bash-completion
|
||||
- nc
|
||||
- nfs-utils
|
||||
- python3
|
||||
- python3-pip
|
||||
- python3-setuptools
|
||||
- python3-virtualenv
|
||||
- wget
|
||||
|
||||
omni_packages_centos_7:
|
||||
- bind-utils
|
||||
- bash-completion
|
||||
- nc
|
||||
|
2
roles/sshd/defaults/main.yml
Normal file
2
roles/sshd/defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
omni_restart_services: false
|
@ -26,7 +26,7 @@
|
||||
set: "ChallengeResponseAuthentication no"
|
||||
|
||||
- name: Restart sshd service
|
||||
when: restart_services | default(false) == true
|
||||
when: omni_restart_services == true
|
||||
become: true
|
||||
systemd:
|
||||
name: sshd
|
||||
|
@ -3,5 +3,5 @@
|
||||
//// ////// //// //// ////
|
||||
//////// //// /// //// ///////////
|
||||
//// //// ////// ////
|
||||
//////////// //// //// {{ description | default('Omni Network System') }}
|
||||
_______________________________{{ description | default('Omni Network System') | length * '\\' }}\
|
||||
//////////// //// //// {{ omni_description | default('Omni Network System') }}
|
||||
_______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\
|
||||
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
- name: Install CentOS python bindings
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name:
|
||||
- python3-libselinux
|
||||
- python3-policycoreutils
|
||||
- python3-firewall
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
users:
|
||||
omni_users:
|
||||
# name: (required) username
|
||||
# password: (required) password encrypted using "python -c 'import crypt; print(crypt.crypt(raw_input(), crypt.mksalt(crypt.METHOD_SHA512)))'"
|
||||
# targets: (required) list of targets to grant the user permission on
|
||||
|
Reference in New Issue
Block a user