Restructure repository, removing old stuff

This commit is contained in:
Ethan Paul 2020-02-11 23:17:43 -05:00
parent 2fa6554b9d
commit bb3578f997
78 changed files with 260 additions and 148 deletions

View File

@ -1,8 +1,8 @@
--- ---
ansible_user: ansible ansible_user: ansible
disable_gnome_user_list: True
protected_users: protected_users:
- root - root
- ansible - ansible
domain: net.enp.one

View File

@ -0,0 +1,7 @@
//////////// //// //// ///////////
//// ////// //// //// ////
//////// //// /// //// ///////////
//// //// ////// ////
//////////// //// //// {{ omni_description | default('Omni Network System') }}
_______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\

View File

@ -0,0 +1,5 @@
---
- import_playbook: dependencies.yml
- import_playbook: update-system.yml
- import_playbook: update-users-local.yml

View File

@ -0,0 +1,12 @@
---
- name: Install required packages
when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
become: true
dnf:
state: latest
name:
- openldap-servers
- openldap-clients
- nss-pam-ldapd
- name: Configure

View File

@ -0,0 +1,36 @@
---
- name: Install Ovirt on CentOS 8
become: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
block:
- name: Install Ovirt repository
dnf:
state: latest
name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm
- name: Update using the new repository
dnf:
state: latest
name: "*"
exclude: kernel*
- name: Install Ovirt
dnf:
state: latest
name: ovirt-engine
- name: Install Ovrit on CentOS 7
become: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
block:
- name: Install Ovirt repository
yum:
state: latest
name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm
- name: Update using the new repository
yum:
state: latest
name: "*"
exclude: kernel*
- name: Install Ovirt
yum:
state: latest
name: ovirt-engine

View File

@ -0,0 +1,20 @@
---
- name: Install CentOS 8 python bindings
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
become: true
dnf:
state: latest
name:
- python3-libselinux
- python3-policycoreutils
- python3-firewall
- name: Install CentoOS 7 python bindings
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
become: true
yum:
state: latest
name:
- libselinux-python
- policycoreutils-python
- python-firewall

View File

@ -1,5 +1,6 @@
--- ---
- name: Install Fedora python bindings - name: Install Fedora python bindings
when: ansible_distribution == "Fedora"
become: true become: true
dnf: dnf:
state: latest state: latest

View File

@ -0,0 +1 @@
---

View File

@ -1,51 +0,0 @@
---
- name: Check meta environment
hosts: all
tags:
- always
- initialize
tasks:
- name: Check required operating system
when: required_os is defined
assert:
that:
- required_os.split("_")[0] == ansible_distribution | lower
- required_os.split("_")[1] == ansible_distribution_major_version
fail_msg: "Host does not meet required OS specified"
success_msg: "Required OS validation succeeded"
- name: Ansible python bindings
hosts: all
tags:
- always
- initialize
tasks:
- name: Install CentOS 8 python bindings
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
become: true
dnf:
state: latest
name:
- python3-libselinux
- python3-policycoreutils
- python3-firewall
- name: Install CentoOS 7 python bindings
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
become: true
yum:
state: latest
name:
- libselinux-python
- policycoreutils-python
- python3-firewall
- name: Install Fedora python bindings
when: ansible_distribution == "Fedora"
become: true
dnf:
state: latest
name:
- libselinux-python
- policycoreutils-python
- python3-firewall

View File

@ -48,7 +48,6 @@ alias doc='cd ~/Documents'
alias dn='cd ~/Downloads' alias dn='cd ~/Downloads'
alias version='uname -orp && lsb_release -a | grep Description' alias version='uname -orp && lsb_release -a | grep Description'
alias activate='source ./bin/activate' alias activate='source ./bin/activate'
alias ipconfig='ip address show'
alias cls='clear' alias cls='clear'
alias mklink='ln -s' alias mklink='ln -s'
alias ls='/usr/bin/ls -lshF --color --group-directories-first --time-style=long-iso' alias ls='/usr/bin/ls -lshF --color --group-directories-first --time-style=long-iso'

15
playbooks/meta.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: Check meta environment
hosts: all
tags:
- always
- meta
tasks:
- name: Check required operating system
when: omni_os is defined
assert:
that:
- omni_os.name == ansible_distribution | lower
- omni_os.version_major == ansible_distribution_major_version
fail_msg: "Host does not meet required OS specified"
success_msg: "Required OS validation succeeded"

View File

@ -1,29 +0,0 @@
---
- import_playbook: initialize.yml
- name: System packages
hosts: all
tags:
- provision
- initialize
tasks:
- name: Load package variables
include_vars:
file: packages.yml
- import_tasks: tasks/centos/repositories.yml
when: ansible_distribution == "CentOS"
- import_tasks: tasks/centos/packages.yml
when: ansible_distribution == "CentOS"
- import_tasks: tasks/fedora/packages.yml
when: ansible_distribution == "Fedora"
# - import_tasks: tasks/debian/packages.yml
# when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
#- import_playbook: provision-workstation.yml
#- import_playbook: provision-server.yml
#- import_playbook: provision-hypervisor.yml
- import_playbook: provision-virtual-machine.yml
- import_playbook: update.yml

View File

@ -1,8 +0,0 @@
//////////// //// //// ///////////
//// ////// //// //// ////
//////// //// /// //// ///////////
//// //// ////// ////
//////////// //// //// {{ description | default('Omni Network System') }}
_______________________________{{ description | default('Omni Network System') | length * '\\' }}\

View File

@ -7,7 +7,7 @@
# url: https://plex.tv/api/downloads/5.json # url: https://plex.tv/api/downloads/5.json
# dest: "{{ plex_releases_file | default('/tmp/plexreleases.json') }}" # dest: "{{ plex_releases_file | default('/tmp/plexreleases.json') }}"
- hosts: vm-host-plex.net.enp.one - hosts: plex
name: Update Plex Media Server to latest version name: Update Plex Media Server to latest version
vars: vars:
plex_releases: "{{ lookup('url', 'https://plex.tv/api/downloads/5.json') | from_json }}" plex_releases: "{{ lookup('url', 'https://plex.tv/api/downloads/5.json') | from_json }}"

View File

@ -1,5 +1,29 @@
--- ---
- import_playbook: dependencies.yml - import_playbook: meta.yml
- import_playbook: update-system.yml - name: Configure system
- import_playbook: update-users-local.yml hosts: all:!network
tags:
- initialize
vars:
omni_restart_services: true
roles:
- role: packages
vars:
omni_pkg_update: true
omni_pkg_exclude: [] # Override the default kernel exclusion
omni_pkg_clean: true
- role: sshd
tasks:
- name: Set hostname
become: true
hostname:
name: "{{ ansible_host }}"
- name: Install global bashrc
become: true
copy:
src: bashrc.sh
dest: /etc/profile.d/ZA-enpn-bashrc.sh
mode: 0644
#- import_playbook: configure-auth.yml

View File

@ -0,0 +1,14 @@
---
# Role parameter documentation
#
# omni_pkg_repos - whether to install/enable additional repositories
# omni_pkg_bindings - whether to install required ansible bindings to the system python
# omni_pkg_update - whether to perform a package update
# onni_pkg_clean - whether to force clean the package manager cache
# omni_pkg_exclude - packages to exclude from an update; has no effect if
# ``omni_pkg_update`` is false
omni_pkg_repos: true
omni_pkg_bindings: true
omni_pkg_update: false
omni_pkg_clean: false
omni_pkg_exclude: ["kernel*"]

View File

@ -0,0 +1,30 @@
---
- name: Install CentOS 8 python bindings
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
become: true
dnf:
state: latest
name:
- python3-libselinux
- python3-policycoreutils
- python3-firewall
- name: Install CentOS 7 python bindings
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
become: true
yum:
state: latest
name:
- libselinux-python
- policycoreutils-python
- python-firewall
- name: Install Fedora python bindings
when: ansible_distribution == "Fedora"
become: true
dnf:
state: latest
name:
- libselinux-python
- policycoreutils-python
- python3-firewall

View File

@ -11,6 +11,9 @@
# #
# NOTE: These tasks only need to be run on Cent8 # NOTE: These tasks only need to be run on Cent8
# #
# NOTE: We assume- since this file literally has 'centos' in the name- that the
# ansible_distribution check has already been done at import time
#
- name: Determine dracut version - name: Determine dracut version
shell: shell:

View File

@ -1,26 +0,0 @@
---
# NOTE: We assume- since this file literally has 'centos' in the name- that the
# ansible_distribution check has already been done at import time
- name: Enable Extra Packages for Enterprise Linux on CentOS 8
become: true
when: ansible_distribution_major_version == "8"
dnf:
state: latest
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
- name: Enable the power tools repository on CentOS 8
become: true
when: ansible_distribution_major_version == "8"
lineinfile:
path: /etc/yum.repos.d/CentOS-PowerTools.repo
regexp: "enabled=(0|1)"
line: "enabled=1"
- name: Enable Extra Packages for Enterprise Linux on CentOS 7
become: true
when: ansible_distribution_major_version == "7"
dnf:
state: latest
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmz

View File

@ -1,23 +1,41 @@
--- ---
- import_tasks: centos-repos.yml - import_tasks: bindings.yml
when: ansible_distribution == "CentOS" when: omni_pkg_bindings == true
- import_tasks: repos.yml
when: omni_pkg_repos == true
- import_tasks: clean.yml - import_tasks: clean.yml
when: clean | default(false) == true when: omni_pkg_clean == true
- import_tasks: update.yml - import_tasks: update.yml
when: update | default(false) == true when: omni_pkg_update == true
- name: Install packages on Fedora - name: Install packages on Fedora
become: true become: true
when: ansible_distribution == "Fedora" when: ansible_distribution == "Fedora"
dnf: dnf:
state: latest state: latest
name: "{{ packages_global + packages_fedora }}" name: "{{ omni_packages_global + omni_packages_fedora }}"
- name: Install packages on CentOS # NOTE: This is currently horrifically broken. See the ongoing drama around
# systemd-networkd on cent8. Basically triggering an update- or an install- will give
# a conflict error due to the spicy-jankaroni-with-extra-cheese edition of
# systemd-networkd I'm running. We can exclude "systemd*", but we need to install
# systemd-devel so then we get a package not found error. Its a truly stupid problem
# that will hopefully all go away when this bug gets fixed and systemd-networkd becomes
# available in EPEL:
# https://bugzilla.redhat.com/show_bug.cgi?id=1789146
- name: Install packages on CentOS 8
become: true become: true
when: ansible_distribution == "CentOS" when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
dnf: dnf:
state: latest state: latest
name: "{{ packages_global + packages_centos }}" name: "{{ omni_packages_global + omni_packages_centos_8 }}"
- name: Install packages on CentOS 7
become: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
yum:
state: latest
name: "{{ omni_packages_global + omni_packages_centos_7 }}"

View File

@ -0,0 +1,22 @@
---
- name: Install repositories on CentOS 8
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
become: true
block:
- name: Enable Extra Packages for Enterprise Linux on CentOS 8
dnf:
state: latest
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
- name: Enable the power tools repository on CentOS 8
lineinfile:
path: /etc/yum.repos.d/CentOS-PowerTools.repo
regexp: "enabled=(0|1)"
line: "enabled=1"
- name: Enable Extra Packages for Enterprise Linux on CentOS 7
become: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
dnf:
state: latest
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmz

View File

@ -2,13 +2,20 @@
- import_tasks: centos-8-dracut.yml - import_tasks: centos-8-dracut.yml
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
# Gotta hate this, but I have to hardcode the systemd exclusion on cent8
# Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role)
# there are a pile of conflicts when you run "dnf update" with it installed. I found
# two options that work: 1) uninstall systemd-networkd, update, then reinstall it;
# 2) hardcode the exclusion here. Whenever I thought too hard about the potential
# consequences of instituting uninstalling-my-network-init-system-as-a-service I
# started to get a migaine, so I went with option two.
- name: Upgrade Fedora and CentOS 8 packages - name: Upgrade Fedora and CentOS 8 packages
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8") or ansible_distribution == "Fedora" when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
become: true become: true
dnf: dnf:
state: latest state: latest
name: "*" name: "*"
exclude: "{{ ','.join(exclude | default(['kernel*'])) }}" exclude: "{{ ','.join(omni_pkg_exclude + ['systemd*']) }}"
- name: Upgrade CentOS 7 packages - name: Upgrade CentOS 7 packages
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
@ -16,7 +23,15 @@
yum: yum:
state: latest state: latest
name: "*" name: "*"
exclude: "{{ ','.join(exclude | default(['kernel*'])) }}" exclude: "{{ ','.join(omni_pkg_exclude) }}"
- name: Upgrade Fedora packages
when: ansible_distribution == "Fedora"
become: true
dnf:
state: latest
name: "*"
exclude: "{{ ','.join(omni_pkg_exclude) }}"
# Yeah I'll get here eventually # Yeah I'll get here eventually
# - name: Upgrade APT packages # - name: Upgrade APT packages

View File

@ -1,5 +1,5 @@
--- ---
packages_global: omni_packages_global:
- automake - automake
- cmake - cmake
- curl - curl
@ -14,7 +14,7 @@ packages_global:
- vim - vim
- vim-minimal - vim-minimal
packages_fedora: omni_packages_fedora:
- libselinux-python - libselinux-python
- git-lfs - git-lfs
- readline-devel - readline-devel
@ -23,7 +23,18 @@ packages_fedora:
- python-virtualenv - python-virtualenv
- python3-devel - python3-devel
packages_centos: omni_packages_centos_8:
- bind-utils
- bash-completion
- nc
- nfs-utils
- python3
- python3-pip
- python3-setuptools
- python3-virtualenv
- wget
omni_packages_centos_7:
- bind-utils - bind-utils
- bash-completion - bash-completion
- nc - nc

View File

@ -0,0 +1,2 @@
---
omni_restart_services: false

View File

@ -26,7 +26,7 @@
set: "ChallengeResponseAuthentication no" set: "ChallengeResponseAuthentication no"
- name: Restart sshd service - name: Restart sshd service
when: restart_services | default(false) == true when: omni_restart_services == true
become: true become: true
systemd: systemd:
name: sshd name: sshd

View File

@ -3,5 +3,5 @@
//// ////// //// //// //// //// ////// //// //// ////
//////// //// /// //// /////////// //////// //// /// //// ///////////
//// //// ////// //// //// //// ////// ////
//////////// //// //// {{ description | default('Omni Network System') }} //////////// //// //// {{ omni_description | default('Omni Network System') }}
_______________________________{{ description | default('Omni Network System') | length * '\\' }}\ _______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\

View File

@ -1,9 +0,0 @@
---
- name: Install CentOS python bindings
become: true
dnf:
state: latest
name:
- python3-libselinux
- python3-policycoreutils
- python3-firewall

View File

@ -1,5 +1,5 @@
--- ---
users: omni_users:
# name: (required) username # name: (required) username
# password: (required) password encrypted using "python -c 'import crypt; print(crypt.crypt(raw_input(), crypt.mksalt(crypt.METHOD_SHA512)))'" # password: (required) password encrypted using "python -c 'import crypt; print(crypt.crypt(raw_input(), crypt.mksalt(crypt.METHOD_SHA512)))'"
# targets: (required) list of targets to grant the user permission on # targets: (required) list of targets to grant the user permission on