From bb3578f9977f8193d69d3afd77981806d45f11ab Mon Sep 17 00:00:00 2001 From: Ethan Paul Date: Tue, 11 Feb 2020 23:17:43 -0500 Subject: [PATCH] Restructure repository, removing old stuff --- {groups => _legacy/groups}/all.yml | 4 +- {groups => _legacy/groups}/cloud.yml | 0 {groups => _legacy/groups}/servers.yml | 0 {groups => _legacy/groups}/vms.yml | 0 {groups => _legacy/groups}/workstations.yml | 0 {hosts => _legacy/hosts}/apex.yml | 0 .../hosts}/inerro.tre2.local.yml | 0 .../hosts}/jupiter.net.enp.one.yml | 0 .../hosts}/nimbus-1.net.enp.one.yml | 0 {hosts => _legacy/hosts}/novis.tre2.local.yml | 0 {hosts => _legacy/hosts}/omega.tre2.local.yml | 0 .../hosts}/remus.net.enp.one.yml | 0 .../hosts}/romulus.net.enp.one.yml | 0 .../hosts}/router.net.enp.one.yml | 0 .../hosts}/serico-nox.tre2.local.yml | 0 .../hosts}/vigil-nox.tre2.local.yml | 0 .../hosts}/vm-db-maria.net.enp.one.yml | 0 .../hosts}/vm-db-mysql.net.enp.one.yml | 0 .../hosts}/vm-db-prometheus.net.enp.one.yml | 0 .../hosts}/vm-dev-nginx.net.enp.one.yml | 0 .../hosts}/vm-host-bitwarden.net.enp.one.yml | 0 .../hosts}/vm-host-gitea.net.enp.one.yml | 0 .../hosts}/vm-host-minecraft.net.enp.one.yml | 0 .../hosts}/vm-host-nextcloud.net.enp.one.yml | 0 .../hosts}/vm-host-plex.net.enp.one.yml | 0 {playbooks => _legacy/playbooks}/backup.yml | 0 .../playbooks}/initialize.yml | 0 .../playbooks}/provision-hypervisor.yml | 0 .../playbooks}/provision-server.yml | 0 .../playbooks}/provision-virtual-machine.yml | 0 .../playbooks}/provision-workstation.yml | 0 _legacy/playbooks/templates/motd.j2 | 7 +++ .../playbooks}/templates/network.j2 | 0 .../playbooks}/update-system.yml | 0 .../playbooks}/update-users-local.yml | 0 .../playbooks}/update-users-network.yml | 0 _legacy/playbooks/update.yml | 5 ++ _legacy/roles/ldap_host/tasks/main.yml | 12 +++++ _legacy/roles/ovirt/tasks/install.yml | 36 +++++++++++++ {tasks => _legacy/tasks}/centos.yml | 0 _legacy/tasks/centos/bindings.yml | 20 ++++++++ {tasks => _legacy/tasks}/centos/networkd.yml | 0 {tasks => _legacy/tasks}/centos/packages.yml | 0 .../tasks}/centos/repositories.yml | 0 {tasks => _legacy/tasks}/fedora/bindings.yml | 1 + {tasks => _legacy/tasks}/fedora/networkd.yml | 0 {tasks => _legacy/tasks}/fedora/packages.yml | 0 {tasks => _legacy/tasks}/networkd.yml | 0 {tasks => _legacy/tasks}/networkd/config.yml | 0 .../tasks}/networkd/services.yml | 0 .../tasks}/preprocess-local-users.yml | 0 {tasks => _legacy/tasks}/sshd/banner.yml | 0 .../tasks}/sshd/disable-password-auth.yml | 0 {tasks => _legacy/tasks}/tasks | 0 {vars => _legacy/vars}/global.yml | 0 {vars => _legacy/vars}/network.yml | 0 {vars => _legacy/vars}/packages.yml | 0 playbooks/configure-auth.yml | 1 + playbooks/dependencies.yml | 51 ------------------- playbooks/files/bashrc.sh | 1 - playbooks/meta.yml | 15 ++++++ playbooks/provision.yml | 29 ----------- playbooks/templates/motd.j2 | 8 --- playbooks/update-plex.yml | 2 +- playbooks/update.yml | 30 +++++++++-- roles/packages/defaults/main.yml | 14 +++++ roles/packages/tasks/bindings.yml | 30 +++++++++++ roles/packages/tasks/centos-8-dracut.yml | 3 ++ roles/packages/tasks/centos-repos.yml | 26 ---------- roles/packages/tasks/main.yml | 34 ++++++++++--- roles/packages/tasks/repos.yml | 22 ++++++++ roles/packages/tasks/update.yml | 21 ++++++-- roles/packages/vars/main.yml | 17 +++++-- roles/sshd/defaults/main.yml | 2 + roles/sshd/tasks/main.yml | 2 +- roles/sshd/templates/motd.j2 | 4 +- tasks/centos/bindings.yml | 9 ---- vars/users.yml | 2 +- 78 files changed, 260 insertions(+), 148 deletions(-) rename {groups => _legacy/groups}/all.yml (68%) rename {groups => _legacy/groups}/cloud.yml (100%) rename {groups => _legacy/groups}/servers.yml (100%) rename {groups => _legacy/groups}/vms.yml (100%) rename {groups => _legacy/groups}/workstations.yml (100%) rename {hosts => _legacy/hosts}/apex.yml (100%) rename {hosts => _legacy/hosts}/inerro.tre2.local.yml (100%) rename {hosts => _legacy/hosts}/jupiter.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/nimbus-1.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/novis.tre2.local.yml (100%) rename {hosts => _legacy/hosts}/omega.tre2.local.yml (100%) rename {hosts => _legacy/hosts}/remus.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/romulus.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/router.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/serico-nox.tre2.local.yml (100%) rename {hosts => _legacy/hosts}/vigil-nox.tre2.local.yml (100%) rename {hosts => _legacy/hosts}/vm-db-maria.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/vm-db-mysql.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/vm-db-prometheus.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/vm-dev-nginx.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/vm-host-bitwarden.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/vm-host-gitea.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/vm-host-minecraft.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/vm-host-nextcloud.net.enp.one.yml (100%) rename {hosts => _legacy/hosts}/vm-host-plex.net.enp.one.yml (100%) rename {playbooks => _legacy/playbooks}/backup.yml (100%) rename {playbooks => _legacy/playbooks}/initialize.yml (100%) rename {playbooks => _legacy/playbooks}/provision-hypervisor.yml (100%) rename {playbooks => _legacy/playbooks}/provision-server.yml (100%) rename {playbooks => _legacy/playbooks}/provision-virtual-machine.yml (100%) rename {playbooks => _legacy/playbooks}/provision-workstation.yml (100%) create mode 100644 _legacy/playbooks/templates/motd.j2 rename {playbooks => _legacy/playbooks}/templates/network.j2 (100%) rename {playbooks => _legacy/playbooks}/update-system.yml (100%) rename {playbooks => _legacy/playbooks}/update-users-local.yml (100%) rename {playbooks => _legacy/playbooks}/update-users-network.yml (100%) create mode 100644 _legacy/playbooks/update.yml create mode 100644 _legacy/roles/ldap_host/tasks/main.yml create mode 100644 _legacy/roles/ovirt/tasks/install.yml rename {tasks => _legacy/tasks}/centos.yml (100%) create mode 100644 _legacy/tasks/centos/bindings.yml rename {tasks => _legacy/tasks}/centos/networkd.yml (100%) rename {tasks => _legacy/tasks}/centos/packages.yml (100%) rename {tasks => _legacy/tasks}/centos/repositories.yml (100%) rename {tasks => _legacy/tasks}/fedora/bindings.yml (81%) rename {tasks => _legacy/tasks}/fedora/networkd.yml (100%) rename {tasks => _legacy/tasks}/fedora/packages.yml (100%) rename {tasks => _legacy/tasks}/networkd.yml (100%) rename {tasks => _legacy/tasks}/networkd/config.yml (100%) rename {tasks => _legacy/tasks}/networkd/services.yml (100%) rename {tasks => _legacy/tasks}/preprocess-local-users.yml (100%) rename {tasks => _legacy/tasks}/sshd/banner.yml (100%) rename {tasks => _legacy/tasks}/sshd/disable-password-auth.yml (100%) rename {tasks => _legacy/tasks}/tasks (100%) rename {vars => _legacy/vars}/global.yml (100%) rename {vars => _legacy/vars}/network.yml (100%) rename {vars => _legacy/vars}/packages.yml (100%) create mode 100644 playbooks/configure-auth.yml delete mode 100644 playbooks/dependencies.yml create mode 100644 playbooks/meta.yml delete mode 100644 playbooks/provision.yml delete mode 100644 playbooks/templates/motd.j2 create mode 100644 roles/packages/defaults/main.yml create mode 100644 roles/packages/tasks/bindings.yml delete mode 100644 roles/packages/tasks/centos-repos.yml create mode 100644 roles/packages/tasks/repos.yml create mode 100644 roles/sshd/defaults/main.yml delete mode 100644 tasks/centos/bindings.yml diff --git a/groups/all.yml b/_legacy/groups/all.yml similarity index 68% rename from groups/all.yml rename to _legacy/groups/all.yml index f0e04ad..a5a8b8a 100644 --- a/groups/all.yml +++ b/_legacy/groups/all.yml @@ -1,8 +1,8 @@ --- ansible_user: ansible -disable_gnome_user_list: True - protected_users: - root - ansible + +domain: net.enp.one diff --git a/groups/cloud.yml b/_legacy/groups/cloud.yml similarity index 100% rename from groups/cloud.yml rename to _legacy/groups/cloud.yml diff --git a/groups/servers.yml b/_legacy/groups/servers.yml similarity index 100% rename from groups/servers.yml rename to _legacy/groups/servers.yml diff --git a/groups/vms.yml b/_legacy/groups/vms.yml similarity index 100% rename from groups/vms.yml rename to _legacy/groups/vms.yml diff --git a/groups/workstations.yml b/_legacy/groups/workstations.yml similarity index 100% rename from groups/workstations.yml rename to _legacy/groups/workstations.yml diff --git a/hosts/apex.yml b/_legacy/hosts/apex.yml similarity index 100% rename from hosts/apex.yml rename to _legacy/hosts/apex.yml diff --git a/hosts/inerro.tre2.local.yml b/_legacy/hosts/inerro.tre2.local.yml similarity index 100% rename from hosts/inerro.tre2.local.yml rename to _legacy/hosts/inerro.tre2.local.yml diff --git a/hosts/jupiter.net.enp.one.yml b/_legacy/hosts/jupiter.net.enp.one.yml similarity index 100% rename from hosts/jupiter.net.enp.one.yml rename to _legacy/hosts/jupiter.net.enp.one.yml diff --git a/hosts/nimbus-1.net.enp.one.yml b/_legacy/hosts/nimbus-1.net.enp.one.yml similarity index 100% rename from hosts/nimbus-1.net.enp.one.yml rename to _legacy/hosts/nimbus-1.net.enp.one.yml diff --git a/hosts/novis.tre2.local.yml b/_legacy/hosts/novis.tre2.local.yml similarity index 100% rename from hosts/novis.tre2.local.yml rename to _legacy/hosts/novis.tre2.local.yml diff --git a/hosts/omega.tre2.local.yml b/_legacy/hosts/omega.tre2.local.yml similarity index 100% rename from hosts/omega.tre2.local.yml rename to _legacy/hosts/omega.tre2.local.yml diff --git a/hosts/remus.net.enp.one.yml b/_legacy/hosts/remus.net.enp.one.yml similarity index 100% rename from hosts/remus.net.enp.one.yml rename to _legacy/hosts/remus.net.enp.one.yml diff --git a/hosts/romulus.net.enp.one.yml b/_legacy/hosts/romulus.net.enp.one.yml similarity index 100% rename from hosts/romulus.net.enp.one.yml rename to _legacy/hosts/romulus.net.enp.one.yml diff --git a/hosts/router.net.enp.one.yml b/_legacy/hosts/router.net.enp.one.yml similarity index 100% rename from hosts/router.net.enp.one.yml rename to _legacy/hosts/router.net.enp.one.yml diff --git a/hosts/serico-nox.tre2.local.yml b/_legacy/hosts/serico-nox.tre2.local.yml similarity index 100% rename from hosts/serico-nox.tre2.local.yml rename to _legacy/hosts/serico-nox.tre2.local.yml diff --git a/hosts/vigil-nox.tre2.local.yml b/_legacy/hosts/vigil-nox.tre2.local.yml similarity index 100% rename from hosts/vigil-nox.tre2.local.yml rename to _legacy/hosts/vigil-nox.tre2.local.yml diff --git a/hosts/vm-db-maria.net.enp.one.yml b/_legacy/hosts/vm-db-maria.net.enp.one.yml similarity index 100% rename from hosts/vm-db-maria.net.enp.one.yml rename to _legacy/hosts/vm-db-maria.net.enp.one.yml diff --git a/hosts/vm-db-mysql.net.enp.one.yml b/_legacy/hosts/vm-db-mysql.net.enp.one.yml similarity index 100% rename from hosts/vm-db-mysql.net.enp.one.yml rename to _legacy/hosts/vm-db-mysql.net.enp.one.yml diff --git a/hosts/vm-db-prometheus.net.enp.one.yml b/_legacy/hosts/vm-db-prometheus.net.enp.one.yml similarity index 100% rename from hosts/vm-db-prometheus.net.enp.one.yml rename to _legacy/hosts/vm-db-prometheus.net.enp.one.yml diff --git a/hosts/vm-dev-nginx.net.enp.one.yml b/_legacy/hosts/vm-dev-nginx.net.enp.one.yml similarity index 100% rename from hosts/vm-dev-nginx.net.enp.one.yml rename to _legacy/hosts/vm-dev-nginx.net.enp.one.yml diff --git a/hosts/vm-host-bitwarden.net.enp.one.yml b/_legacy/hosts/vm-host-bitwarden.net.enp.one.yml similarity index 100% rename from hosts/vm-host-bitwarden.net.enp.one.yml rename to _legacy/hosts/vm-host-bitwarden.net.enp.one.yml diff --git a/hosts/vm-host-gitea.net.enp.one.yml b/_legacy/hosts/vm-host-gitea.net.enp.one.yml similarity index 100% rename from hosts/vm-host-gitea.net.enp.one.yml rename to _legacy/hosts/vm-host-gitea.net.enp.one.yml diff --git a/hosts/vm-host-minecraft.net.enp.one.yml b/_legacy/hosts/vm-host-minecraft.net.enp.one.yml similarity index 100% rename from hosts/vm-host-minecraft.net.enp.one.yml rename to _legacy/hosts/vm-host-minecraft.net.enp.one.yml diff --git a/hosts/vm-host-nextcloud.net.enp.one.yml b/_legacy/hosts/vm-host-nextcloud.net.enp.one.yml similarity index 100% rename from hosts/vm-host-nextcloud.net.enp.one.yml rename to _legacy/hosts/vm-host-nextcloud.net.enp.one.yml diff --git a/hosts/vm-host-plex.net.enp.one.yml b/_legacy/hosts/vm-host-plex.net.enp.one.yml similarity index 100% rename from hosts/vm-host-plex.net.enp.one.yml rename to _legacy/hosts/vm-host-plex.net.enp.one.yml diff --git a/playbooks/backup.yml b/_legacy/playbooks/backup.yml similarity index 100% rename from playbooks/backup.yml rename to _legacy/playbooks/backup.yml diff --git a/playbooks/initialize.yml b/_legacy/playbooks/initialize.yml similarity index 100% rename from playbooks/initialize.yml rename to _legacy/playbooks/initialize.yml diff --git a/playbooks/provision-hypervisor.yml b/_legacy/playbooks/provision-hypervisor.yml similarity index 100% rename from playbooks/provision-hypervisor.yml rename to _legacy/playbooks/provision-hypervisor.yml diff --git a/playbooks/provision-server.yml b/_legacy/playbooks/provision-server.yml similarity index 100% rename from playbooks/provision-server.yml rename to _legacy/playbooks/provision-server.yml diff --git a/playbooks/provision-virtual-machine.yml b/_legacy/playbooks/provision-virtual-machine.yml similarity index 100% rename from playbooks/provision-virtual-machine.yml rename to _legacy/playbooks/provision-virtual-machine.yml diff --git a/playbooks/provision-workstation.yml b/_legacy/playbooks/provision-workstation.yml similarity index 100% rename from playbooks/provision-workstation.yml rename to _legacy/playbooks/provision-workstation.yml diff --git a/_legacy/playbooks/templates/motd.j2 b/_legacy/playbooks/templates/motd.j2 new file mode 100644 index 0000000..4fdc8aa --- /dev/null +++ b/_legacy/playbooks/templates/motd.j2 @@ -0,0 +1,7 @@ + + //////////// //// //// /////////// + //// ////// //// //// //// + //////// //// /// //// /////////// + //// //// ////// //// + //////////// //// //// {{ omni_description | default('Omni Network System') }} + _______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\ diff --git a/playbooks/templates/network.j2 b/_legacy/playbooks/templates/network.j2 similarity index 100% rename from playbooks/templates/network.j2 rename to _legacy/playbooks/templates/network.j2 diff --git a/playbooks/update-system.yml b/_legacy/playbooks/update-system.yml similarity index 100% rename from playbooks/update-system.yml rename to _legacy/playbooks/update-system.yml diff --git a/playbooks/update-users-local.yml b/_legacy/playbooks/update-users-local.yml similarity index 100% rename from playbooks/update-users-local.yml rename to _legacy/playbooks/update-users-local.yml diff --git a/playbooks/update-users-network.yml b/_legacy/playbooks/update-users-network.yml similarity index 100% rename from playbooks/update-users-network.yml rename to _legacy/playbooks/update-users-network.yml diff --git a/_legacy/playbooks/update.yml b/_legacy/playbooks/update.yml new file mode 100644 index 0000000..08f7b67 --- /dev/null +++ b/_legacy/playbooks/update.yml @@ -0,0 +1,5 @@ +--- +- import_playbook: dependencies.yml + +- import_playbook: update-system.yml +- import_playbook: update-users-local.yml diff --git a/_legacy/roles/ldap_host/tasks/main.yml b/_legacy/roles/ldap_host/tasks/main.yml new file mode 100644 index 0000000..a438960 --- /dev/null +++ b/_legacy/roles/ldap_host/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Install required packages + when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8") + become: true + dnf: + state: latest + name: + - openldap-servers + - openldap-clients + - nss-pam-ldapd + +- name: Configure diff --git a/_legacy/roles/ovirt/tasks/install.yml b/_legacy/roles/ovirt/tasks/install.yml new file mode 100644 index 0000000..b3dd254 --- /dev/null +++ b/_legacy/roles/ovirt/tasks/install.yml @@ -0,0 +1,36 @@ +--- +- name: Install Ovirt on CentOS 8 + become: true + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" + block: + - name: Install Ovirt repository + dnf: + state: latest + name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm + - name: Update using the new repository + dnf: + state: latest + name: "*" + exclude: kernel* + - name: Install Ovirt + dnf: + state: latest + name: ovirt-engine + +- name: Install Ovrit on CentOS 7 + become: true + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" + block: + - name: Install Ovirt repository + yum: + state: latest + name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm + - name: Update using the new repository + yum: + state: latest + name: "*" + exclude: kernel* + - name: Install Ovirt + yum: + state: latest + name: ovirt-engine diff --git a/tasks/centos.yml b/_legacy/tasks/centos.yml similarity index 100% rename from tasks/centos.yml rename to _legacy/tasks/centos.yml diff --git a/_legacy/tasks/centos/bindings.yml b/_legacy/tasks/centos/bindings.yml new file mode 100644 index 0000000..abe8559 --- /dev/null +++ b/_legacy/tasks/centos/bindings.yml @@ -0,0 +1,20 @@ +--- +- name: Install CentOS 8 python bindings + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" + become: true + dnf: + state: latest + name: + - python3-libselinux + - python3-policycoreutils + - python3-firewall + +- name: Install CentoOS 7 python bindings + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" + become: true + yum: + state: latest + name: + - libselinux-python + - policycoreutils-python + - python-firewall diff --git a/tasks/centos/networkd.yml b/_legacy/tasks/centos/networkd.yml similarity index 100% rename from tasks/centos/networkd.yml rename to _legacy/tasks/centos/networkd.yml diff --git a/tasks/centos/packages.yml b/_legacy/tasks/centos/packages.yml similarity index 100% rename from tasks/centos/packages.yml rename to _legacy/tasks/centos/packages.yml diff --git a/tasks/centos/repositories.yml b/_legacy/tasks/centos/repositories.yml similarity index 100% rename from tasks/centos/repositories.yml rename to _legacy/tasks/centos/repositories.yml diff --git a/tasks/fedora/bindings.yml b/_legacy/tasks/fedora/bindings.yml similarity index 81% rename from tasks/fedora/bindings.yml rename to _legacy/tasks/fedora/bindings.yml index e0e9ecc..a285d24 100644 --- a/tasks/fedora/bindings.yml +++ b/_legacy/tasks/fedora/bindings.yml @@ -1,5 +1,6 @@ --- - name: Install Fedora python bindings + when: ansible_distribution == "Fedora" become: true dnf: state: latest diff --git a/tasks/fedora/networkd.yml b/_legacy/tasks/fedora/networkd.yml similarity index 100% rename from tasks/fedora/networkd.yml rename to _legacy/tasks/fedora/networkd.yml diff --git a/tasks/fedora/packages.yml b/_legacy/tasks/fedora/packages.yml similarity index 100% rename from tasks/fedora/packages.yml rename to _legacy/tasks/fedora/packages.yml diff --git a/tasks/networkd.yml b/_legacy/tasks/networkd.yml similarity index 100% rename from tasks/networkd.yml rename to _legacy/tasks/networkd.yml diff --git a/tasks/networkd/config.yml b/_legacy/tasks/networkd/config.yml similarity index 100% rename from tasks/networkd/config.yml rename to _legacy/tasks/networkd/config.yml diff --git a/tasks/networkd/services.yml b/_legacy/tasks/networkd/services.yml similarity index 100% rename from tasks/networkd/services.yml rename to _legacy/tasks/networkd/services.yml diff --git a/tasks/preprocess-local-users.yml b/_legacy/tasks/preprocess-local-users.yml similarity index 100% rename from tasks/preprocess-local-users.yml rename to _legacy/tasks/preprocess-local-users.yml diff --git a/tasks/sshd/banner.yml b/_legacy/tasks/sshd/banner.yml similarity index 100% rename from tasks/sshd/banner.yml rename to _legacy/tasks/sshd/banner.yml diff --git a/tasks/sshd/disable-password-auth.yml b/_legacy/tasks/sshd/disable-password-auth.yml similarity index 100% rename from tasks/sshd/disable-password-auth.yml rename to _legacy/tasks/sshd/disable-password-auth.yml diff --git a/tasks/tasks b/_legacy/tasks/tasks similarity index 100% rename from tasks/tasks rename to _legacy/tasks/tasks diff --git a/vars/global.yml b/_legacy/vars/global.yml similarity index 100% rename from vars/global.yml rename to _legacy/vars/global.yml diff --git a/vars/network.yml b/_legacy/vars/network.yml similarity index 100% rename from vars/network.yml rename to _legacy/vars/network.yml diff --git a/vars/packages.yml b/_legacy/vars/packages.yml similarity index 100% rename from vars/packages.yml rename to _legacy/vars/packages.yml diff --git a/playbooks/configure-auth.yml b/playbooks/configure-auth.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/playbooks/configure-auth.yml @@ -0,0 +1 @@ +--- diff --git a/playbooks/dependencies.yml b/playbooks/dependencies.yml deleted file mode 100644 index 98a0260..0000000 --- a/playbooks/dependencies.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: Check meta environment - hosts: all - tags: - - always - - initialize - tasks: - - name: Check required operating system - when: required_os is defined - assert: - that: - - required_os.split("_")[0] == ansible_distribution | lower - - required_os.split("_")[1] == ansible_distribution_major_version - fail_msg: "Host does not meet required OS specified" - success_msg: "Required OS validation succeeded" - -- name: Ansible python bindings - hosts: all - tags: - - always - - initialize - tasks: - - name: Install CentOS 8 python bindings - when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" - become: true - dnf: - state: latest - name: - - python3-libselinux - - python3-policycoreutils - - python3-firewall - - - name: Install CentoOS 7 python bindings - when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" - become: true - yum: - state: latest - name: - - libselinux-python - - policycoreutils-python - - python3-firewall - - - name: Install Fedora python bindings - when: ansible_distribution == "Fedora" - become: true - dnf: - state: latest - name: - - libselinux-python - - policycoreutils-python - - python3-firewall diff --git a/playbooks/files/bashrc.sh b/playbooks/files/bashrc.sh index 62f01fb..a102d36 100644 --- a/playbooks/files/bashrc.sh +++ b/playbooks/files/bashrc.sh @@ -48,7 +48,6 @@ alias doc='cd ~/Documents' alias dn='cd ~/Downloads' alias version='uname -orp && lsb_release -a | grep Description' alias activate='source ./bin/activate' -alias ipconfig='ip address show' alias cls='clear' alias mklink='ln -s' alias ls='/usr/bin/ls -lshF --color --group-directories-first --time-style=long-iso' diff --git a/playbooks/meta.yml b/playbooks/meta.yml new file mode 100644 index 0000000..b919a9d --- /dev/null +++ b/playbooks/meta.yml @@ -0,0 +1,15 @@ +--- +- name: Check meta environment + hosts: all + tags: + - always + - meta + tasks: + - name: Check required operating system + when: omni_os is defined + assert: + that: + - omni_os.name == ansible_distribution | lower + - omni_os.version_major == ansible_distribution_major_version + fail_msg: "Host does not meet required OS specified" + success_msg: "Required OS validation succeeded" diff --git a/playbooks/provision.yml b/playbooks/provision.yml deleted file mode 100644 index 232cb85..0000000 --- a/playbooks/provision.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- import_playbook: initialize.yml - -- name: System packages - hosts: all - tags: - - provision - - initialize - tasks: - - name: Load package variables - include_vars: - file: packages.yml - - import_tasks: tasks/centos/repositories.yml - when: ansible_distribution == "CentOS" - - import_tasks: tasks/centos/packages.yml - when: ansible_distribution == "CentOS" - - import_tasks: tasks/fedora/packages.yml - when: ansible_distribution == "Fedora" - # - import_tasks: tasks/debian/packages.yml - # when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" - - -#- import_playbook: provision-workstation.yml -#- import_playbook: provision-server.yml -#- import_playbook: provision-hypervisor.yml -- import_playbook: provision-virtual-machine.yml - - -- import_playbook: update.yml diff --git a/playbooks/templates/motd.j2 b/playbooks/templates/motd.j2 deleted file mode 100644 index 0f19e4a..0000000 --- a/playbooks/templates/motd.j2 +++ /dev/null @@ -1,8 +0,0 @@ - - //////////// //// //// /////////// - //// ////// //// //// //// - //////// //// /// //// /////////// - //// //// ////// //// - //////////// //// //// {{ description | default('Omni Network System') }} - _______________________________{{ description | default('Omni Network System') | length * '\\' }}\ - diff --git a/playbooks/update-plex.yml b/playbooks/update-plex.yml index 41cf460..ddf51bf 100644 --- a/playbooks/update-plex.yml +++ b/playbooks/update-plex.yml @@ -7,7 +7,7 @@ # url: https://plex.tv/api/downloads/5.json # dest: "{{ plex_releases_file | default('/tmp/plexreleases.json') }}" -- hosts: vm-host-plex.net.enp.one +- hosts: plex name: Update Plex Media Server to latest version vars: plex_releases: "{{ lookup('url', 'https://plex.tv/api/downloads/5.json') | from_json }}" diff --git a/playbooks/update.yml b/playbooks/update.yml index 08f7b67..47fbeb1 100644 --- a/playbooks/update.yml +++ b/playbooks/update.yml @@ -1,5 +1,29 @@ --- -- import_playbook: dependencies.yml +- import_playbook: meta.yml -- import_playbook: update-system.yml -- import_playbook: update-users-local.yml +- name: Configure system + hosts: all:!network + tags: + - initialize + vars: + omni_restart_services: true + roles: + - role: packages + vars: + omni_pkg_update: true + omni_pkg_exclude: [] # Override the default kernel exclusion + omni_pkg_clean: true + - role: sshd + tasks: + - name: Set hostname + become: true + hostname: + name: "{{ ansible_host }}" + - name: Install global bashrc + become: true + copy: + src: bashrc.sh + dest: /etc/profile.d/ZA-enpn-bashrc.sh + mode: 0644 + +#- import_playbook: configure-auth.yml diff --git a/roles/packages/defaults/main.yml b/roles/packages/defaults/main.yml new file mode 100644 index 0000000..18786f9 --- /dev/null +++ b/roles/packages/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# Role parameter documentation +# +# omni_pkg_repos - whether to install/enable additional repositories +# omni_pkg_bindings - whether to install required ansible bindings to the system python +# omni_pkg_update - whether to perform a package update +# onni_pkg_clean - whether to force clean the package manager cache +# omni_pkg_exclude - packages to exclude from an update; has no effect if +# ``omni_pkg_update`` is false +omni_pkg_repos: true +omni_pkg_bindings: true +omni_pkg_update: false +omni_pkg_clean: false +omni_pkg_exclude: ["kernel*"] diff --git a/roles/packages/tasks/bindings.yml b/roles/packages/tasks/bindings.yml new file mode 100644 index 0000000..ddbecb5 --- /dev/null +++ b/roles/packages/tasks/bindings.yml @@ -0,0 +1,30 @@ +--- +- name: Install CentOS 8 python bindings + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" + become: true + dnf: + state: latest + name: + - python3-libselinux + - python3-policycoreutils + - python3-firewall + +- name: Install CentOS 7 python bindings + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" + become: true + yum: + state: latest + name: + - libselinux-python + - policycoreutils-python + - python-firewall + +- name: Install Fedora python bindings + when: ansible_distribution == "Fedora" + become: true + dnf: + state: latest + name: + - libselinux-python + - policycoreutils-python + - python3-firewall diff --git a/roles/packages/tasks/centos-8-dracut.yml b/roles/packages/tasks/centos-8-dracut.yml index 3aeecae..048e138 100644 --- a/roles/packages/tasks/centos-8-dracut.yml +++ b/roles/packages/tasks/centos-8-dracut.yml @@ -11,6 +11,9 @@ # # NOTE: These tasks only need to be run on Cent8 # +# NOTE: We assume- since this file literally has 'centos' in the name- that the +# ansible_distribution check has already been done at import time +# - name: Determine dracut version shell: diff --git a/roles/packages/tasks/centos-repos.yml b/roles/packages/tasks/centos-repos.yml deleted file mode 100644 index 72bc706..0000000 --- a/roles/packages/tasks/centos-repos.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# NOTE: We assume- since this file literally has 'centos' in the name- that the -# ansible_distribution check has already been done at import time - -- name: Enable Extra Packages for Enterprise Linux on CentOS 8 - become: true - when: ansible_distribution_major_version == "8" - dnf: - state: latest - name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm - -- name: Enable the power tools repository on CentOS 8 - become: true - when: ansible_distribution_major_version == "8" - lineinfile: - path: /etc/yum.repos.d/CentOS-PowerTools.repo - regexp: "enabled=(0|1)" - line: "enabled=1" - - -- name: Enable Extra Packages for Enterprise Linux on CentOS 7 - become: true - when: ansible_distribution_major_version == "7" - dnf: - state: latest - name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmz diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml index 72478c0..ae753f6 100644 --- a/roles/packages/tasks/main.yml +++ b/roles/packages/tasks/main.yml @@ -1,23 +1,41 @@ --- -- import_tasks: centos-repos.yml - when: ansible_distribution == "CentOS" +- import_tasks: bindings.yml + when: omni_pkg_bindings == true + +- import_tasks: repos.yml + when: omni_pkg_repos == true - import_tasks: clean.yml - when: clean | default(false) == true + when: omni_pkg_clean == true - import_tasks: update.yml - when: update | default(false) == true + when: omni_pkg_update == true - name: Install packages on Fedora become: true when: ansible_distribution == "Fedora" dnf: state: latest - name: "{{ packages_global + packages_fedora }}" + name: "{{ omni_packages_global + omni_packages_fedora }}" -- name: Install packages on CentOS +# NOTE: This is currently horrifically broken. See the ongoing drama around +# systemd-networkd on cent8. Basically triggering an update- or an install- will give +# a conflict error due to the spicy-jankaroni-with-extra-cheese edition of +# systemd-networkd I'm running. We can exclude "systemd*", but we need to install +# systemd-devel so then we get a package not found error. Its a truly stupid problem +# that will hopefully all go away when this bug gets fixed and systemd-networkd becomes +# available in EPEL: +# https://bugzilla.redhat.com/show_bug.cgi?id=1789146 +- name: Install packages on CentOS 8 become: true - when: ansible_distribution == "CentOS" + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" dnf: state: latest - name: "{{ packages_global + packages_centos }}" + name: "{{ omni_packages_global + omni_packages_centos_8 }}" + +- name: Install packages on CentOS 7 + become: true + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" + yum: + state: latest + name: "{{ omni_packages_global + omni_packages_centos_7 }}" diff --git a/roles/packages/tasks/repos.yml b/roles/packages/tasks/repos.yml new file mode 100644 index 0000000..a0a8bfc --- /dev/null +++ b/roles/packages/tasks/repos.yml @@ -0,0 +1,22 @@ +--- +- name: Install repositories on CentOS 8 + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" + become: true + block: + - name: Enable Extra Packages for Enterprise Linux on CentOS 8 + dnf: + state: latest + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm + + - name: Enable the power tools repository on CentOS 8 + lineinfile: + path: /etc/yum.repos.d/CentOS-PowerTools.repo + regexp: "enabled=(0|1)" + line: "enabled=1" + +- name: Enable Extra Packages for Enterprise Linux on CentOS 7 + become: true + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" + dnf: + state: latest + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmz diff --git a/roles/packages/tasks/update.yml b/roles/packages/tasks/update.yml index 2d245d3..d09b3fd 100644 --- a/roles/packages/tasks/update.yml +++ b/roles/packages/tasks/update.yml @@ -2,13 +2,20 @@ - import_tasks: centos-8-dracut.yml when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" +# Gotta hate this, but I have to hardcode the systemd exclusion on cent8 +# Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role) +# there are a pile of conflicts when you run "dnf update" with it installed. I found +# two options that work: 1) uninstall systemd-networkd, update, then reinstall it; +# 2) hardcode the exclusion here. Whenever I thought too hard about the potential +# consequences of instituting uninstalling-my-network-init-system-as-a-service I +# started to get a migaine, so I went with option two. - name: Upgrade Fedora and CentOS 8 packages - when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8") or ansible_distribution == "Fedora" + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" become: true dnf: state: latest name: "*" - exclude: "{{ ','.join(exclude | default(['kernel*'])) }}" + exclude: "{{ ','.join(omni_pkg_exclude + ['systemd*']) }}" - name: Upgrade CentOS 7 packages when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" @@ -16,7 +23,15 @@ yum: state: latest name: "*" - exclude: "{{ ','.join(exclude | default(['kernel*'])) }}" + exclude: "{{ ','.join(omni_pkg_exclude) }}" + +- name: Upgrade Fedora packages + when: ansible_distribution == "Fedora" + become: true + dnf: + state: latest + name: "*" + exclude: "{{ ','.join(omni_pkg_exclude) }}" # Yeah I'll get here eventually # - name: Upgrade APT packages diff --git a/roles/packages/vars/main.yml b/roles/packages/vars/main.yml index 9750b4f..e1f0090 100644 --- a/roles/packages/vars/main.yml +++ b/roles/packages/vars/main.yml @@ -1,5 +1,5 @@ --- -packages_global: +omni_packages_global: - automake - cmake - curl @@ -14,7 +14,7 @@ packages_global: - vim - vim-minimal -packages_fedora: +omni_packages_fedora: - libselinux-python - git-lfs - readline-devel @@ -23,7 +23,18 @@ packages_fedora: - python-virtualenv - python3-devel -packages_centos: +omni_packages_centos_8: + - bind-utils + - bash-completion + - nc + - nfs-utils + - python3 + - python3-pip + - python3-setuptools + - python3-virtualenv + - wget + +omni_packages_centos_7: - bind-utils - bash-completion - nc diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml new file mode 100644 index 0000000..f0e20b5 --- /dev/null +++ b/roles/sshd/defaults/main.yml @@ -0,0 +1,2 @@ +--- +omni_restart_services: false diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 3a0d0dc..39dfe35 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -26,7 +26,7 @@ set: "ChallengeResponseAuthentication no" - name: Restart sshd service - when: restart_services | default(false) == true + when: omni_restart_services == true become: true systemd: name: sshd diff --git a/roles/sshd/templates/motd.j2 b/roles/sshd/templates/motd.j2 index cea9d12..4fdc8aa 100644 --- a/roles/sshd/templates/motd.j2 +++ b/roles/sshd/templates/motd.j2 @@ -3,5 +3,5 @@ //// ////// //// //// //// //////// //// /// //// /////////// //// //// ////// //// - //////////// //// //// {{ description | default('Omni Network System') }} - _______________________________{{ description | default('Omni Network System') | length * '\\' }}\ + //////////// //// //// {{ omni_description | default('Omni Network System') }} + _______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\ diff --git a/tasks/centos/bindings.yml b/tasks/centos/bindings.yml deleted file mode 100644 index ca0b30b..0000000 --- a/tasks/centos/bindings.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Install CentOS python bindings - become: true - dnf: - state: latest - name: - - python3-libselinux - - python3-policycoreutils - - python3-firewall diff --git a/vars/users.yml b/vars/users.yml index 6d640da..37ccaee 100644 --- a/vars/users.yml +++ b/vars/users.yml @@ -1,5 +1,5 @@ --- -users: +omni_users: # name: (required) username # password: (required) password encrypted using "python -c 'import crypt; print(crypt.crypt(raw_input(), crypt.mksalt(crypt.METHOD_SHA512)))'" # targets: (required) list of targets to grant the user permission on