Refactor roles to support new variable schema

Add common-env and docker roles
This commit is contained in:
Ethan Paul 2020-03-17 22:51:10 -04:00
parent 1f3ca79d04
commit dc1395daf1
14 changed files with 144 additions and 112 deletions

View File

@ -0,0 +1,12 @@
---
- name: Set hostname
become: true
hostname:
name: "{{ ansible_host }}"
- name: Install global bashrc
become: true
copy:
src: bashrc.sh
dest: /etc/profile.d/ZA-enpn-bashrc.sh
mode: 0644

View File

@ -0,0 +1,45 @@
---
# Just use the same repo for cent7 and cent8 because ¯\_(ツ)_/¯
- name: Install Docker repository
become: true
when: ansible_distribution == "CentOS"
yum_repository:
name: docker-ce-stable
description: Docker CE Stable - $basearch
file: docker-ce-stable
baseurl: https://download.docker.com/linux/centos/7/$basearch/stable
gpgcheck: false
gpgcakey: https://download.docker.com/linux/centos/gpg
- name: Install Docker on Cent7
become: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
yum:
# Update the cache to update with the new docker repo
update_cache: yes
state: latest
name:
- device-mapper-persistent-data # Required for docker devicestorage driver
- lvm2 # same
- docker-ce
- containerd.io
- name: Install Docker on Cent8
become: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
dnf:
# Update the cache to update with the new docker repo
update_cache: yes
state: latest
name:
- device-mapper-persistent-data # Required for docker devicestorage driver
- lvm2 # same
- docker-ce-3:18.09.1-3.el7
- name: Install python bindings
become: true
pip:
name:
- docker==4.2.0
- docker-compose==1.25.4
state: present

View File

@ -0,0 +1,19 @@
---
- import_tasks: install.yml
- name: Start and enable docker service
become: true
systemd:
name: docker
state: started
enabled: yes
- import_tasks: tasks/preprocess-users.yml
- name: Add superusers to the docker group
become: true
user:
name: "{{ item.name }}"
groups: docker
append: yes
loop: "{{ _users_local_admin }}"

View File

@ -0,0 +1,2 @@
---
omni_restart_services: false

View File

@ -1,33 +1,31 @@
--- ---
- import_tasks: packages.yml - import_tasks: packages.yml
- name: Delete networkd config directory - name: Configure networking via systemd
become: true become: true
when: omni_networking is defined
block:
- name: Delete networkd config directory
file: file:
path: /etc/systemd/network path: /etc/systemd/network
state: absent state: absent
- name: Create the networkd config directory - name: Create the networkd config directory
become: true
file: file:
path: /etc/systemd/network path: /etc/systemd/network
state: directory state: directory
- name: Make network files - name: Make network files
when: networking is defined
become: true
template: template:
src: network.j2 src: network.j2
dest: "/etc/systemd/network/{{ item.key }}.network" dest: "/etc/systemd/network/{{ item.key }}.network"
loop: "{{ networking | dict2items }}" loop: "{{ omni_networking | dict2items }}"
- name: Make netdev files - name: Make netdev files
when: networking is defined
become: true
template: template:
src: netdev.j2 src: netdev.j2
dest: "/etc/systemd/network/{{ item.0.key + '.' + item.1 }}.netdev" dest: "/etc/systemd/network/{{ item.0.key + '.' + item.1 }}.netdev"
loop: "{{ networking | dict2items | subelements('value.vlans', true) }}" loop: "{{ omni_networking | dict2items | subelements('value.vlans', true) }}"
- import_tasks: services.yml - import_tasks: services.yml

View File

@ -21,14 +21,18 @@
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8" when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
become: true become: true
block: block:
- name: Install this super-legitimate and definitely vetted COPR repo # The systemd-networkd EPEL package is currently in the testing phase, so we have
shell: # to enable the testing EPEL repo to install it. Note that this is also done in
creates: /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:fschwarz:systemd-networkd.repo # the packages role
cmd: dnf copr enable fschwarz/systemd-networkd # https://bugzilla.redhat.com/show_bug.cgi?id=1789146
warn: false - name: Enable EPEL-Testing repository on CentOS 8s
lineinfile:
path: /etc/yum.repos.d/epel-testing.repo
regexp: "enabled=(0|1)"
line: "enabled=1"
insertbefore: "^$"
firstmatch: true
- name: Install networkd - name: Install networkd
dnf: dnf:
state: latest state: latest
name: name: systemd-networkd
# This now comes from aforementioned very good COPR repo
- systemd-networkd

View File

@ -19,7 +19,7 @@
- systemd-networkd-wait-online - systemd-networkd-wait-online
- name: Stop NetworkManager - name: Stop NetworkManager
when: restart_services | default(false) == true when: omni_restart_services == true
become: true become: true
systemd: systemd:
name: "{{ item }}" name: "{{ item }}"
@ -29,6 +29,7 @@
- NetworkManager-wait-online - NetworkManager-wait-online
- name: Start systemd-networkd - name: Start systemd-networkd
when: omni_restart_services == true
become: true become: true
systemd: systemd:
name: "{{ item }}" name: "{{ item }}"

View File

@ -1,71 +0,0 @@
---
# The dracut patch is an issue uniquely bound to the fact that I'm using several
# old-as-shit hardware RAID cards. Specifically the Dell PERC H200 and the Dell PERC
# H310, both of which had their hardware drivers dropped in Cent8 (despite the drivers
# being included in the upstream fedora kernel, but whatever). OS installation and the
# process in this set of tasks is based off of this blog post:
# https://www.centos.org/forums/viewtopic.php?t=71862#p302447
#
# TODO: Host the RPMs locally. The internet may never forget, but it's also never there
# when you need it
#
# NOTE: These tasks only need to be run on Cent8
#
# NOTE: We assume- since this file literally has 'centos' in the name- that the
# ansible_distribution check has already been done at import time
#
- name: Determine dracut version
shell:
cmd: rpm -qa | grep dracut-[0-9]
warn: false
register: dracut_version_check
- name: Install patched version of dracut
when: dracut_version_check.stdout != "dracut-049-13.git20190614.p1.el8_0.elrepo.x86_64"
block:
- name: Create temporary download directory
file:
path: /tmp/dracut-patch
state: directory
- name: Download patched dracut tool RPMs
get_url:
url: "{{ item.source }}"
dest: /tmp/dracut-patch/{{ item.dest }}
loop:
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
dest: dracut.rpm
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-caps-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
dest: dracut-caps.rpm
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-config-generic-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
dest: dracut-config-generic.rpm
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-config-rescue-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
dest: dracut-config-rescue.rpm
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-live-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
dest: dracut-live.rpm
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-network-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
dest: dracut-network.rpm
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-squash-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
dest: dracut-squash.rpm
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-tools-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
dest: dracut-tools.rpm
- name: Install patched dracut toolchain
become: true
dnf:
state: latest
name:
- /tmp/dracut-patch/dracut.rpm
- /tmp/dracut-patch/dracut-caps.rpm
- /tmp/dracut-patch/dracut-config-generic.rpm
- /tmp/dracut-patch/dracut-config-rescue.rpm
- /tmp/dracut-patch/dracut-live.rpm
- /tmp/dracut-patch/dracut-network.rpm
- /tmp/dracut-patch/dracut-squash.rpm
- /tmp/dracut-patch/dracut-tools.rpm
- name: Remove temporary download directory
file:
path: /tmp/dracut-patch
state: absent

View File

@ -2,13 +2,13 @@
- name: Clean DNF cache - name: Clean DNF cache
become: true become: true
when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8") when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
shell: command:
cmd: dnf clean all cmd: /usr/bin/dnf clean all
warn: false warn: false
- name: Clean YUM cache - name: Clean YUM cache
become: true become: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
shell: command:
cmd: yum clean all cmd: /usr/bin/yum clean all
warn: false warn: false

View File

@ -8,6 +8,14 @@
state: latest state: latest
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
- name: Enable EPEL-Testing repository on CentOS 8s
lineinfile:
path: /etc/yum.repos.d/epel-testing.repo
regexp: "enabled=(0|1)"
line: "enabled=1"
insertbefore: "^$"
firstmatch: true
- name: Enable the power tools repository on CentOS 8 - name: Enable the power tools repository on CentOS 8
lineinfile: lineinfile:
path: /etc/yum.repos.d/CentOS-PowerTools.repo path: /etc/yum.repos.d/CentOS-PowerTools.repo

View File

@ -1,7 +1,4 @@
--- ---
- import_tasks: centos-8-dracut.yml
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
# Gotta hate this, but I have to hardcode the systemd exclusion on cent8 # Gotta hate this, but I have to hardcode the systemd exclusion on cent8
# Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role) # Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role)
# there are a pile of conflicts when you run "dnf update" with it installed. I found # there are a pile of conflicts when you run "dnf update" with it installed. I found

View File

@ -1,2 +1,3 @@
--- ---
omni_restart_services: false omni_restart_services: false
omni_ssh_enabled: true

View File

@ -0,0 +1,14 @@
---
- name: Install OpenSSH server on Fedora and CentOS 8
when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
become: true
dnf:
name: openssh-server
state: latest
- name: Install OpenSSH server on CentOS 7
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
become: true
yum:
name: openssh-server
state: latest

View File

@ -1,4 +1,6 @@
--- ---
- import_tasks: install.yml
- name: Install SSH Banner - name: Install SSH Banner
become: true become: true
template: template:
@ -26,8 +28,8 @@
set: "ChallengeResponseAuthentication no" set: "ChallengeResponseAuthentication no"
- name: Restart sshd service - name: Restart sshd service
when: omni_restart_services == true
become: true become: true
systemd: systemd:
name: sshd name: sshd
state: restarted state: "{{ 'restarted' if omni_restart_services == true else 'started' }}"
enabled: "{{ omni_ssh_enabled }}"