Refactor roles to support new variable schema
Add common-env and docker roles
This commit is contained in:
parent
1f3ca79d04
commit
dc1395daf1
12
roles/common_env/tasks/main.yml
Normal file
12
roles/common_env/tasks/main.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- name: Set hostname
|
||||||
|
become: true
|
||||||
|
hostname:
|
||||||
|
name: "{{ ansible_host }}"
|
||||||
|
|
||||||
|
- name: Install global bashrc
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
src: bashrc.sh
|
||||||
|
dest: /etc/profile.d/ZA-enpn-bashrc.sh
|
||||||
|
mode: 0644
|
45
roles/docker/tasks/install.yml
Normal file
45
roles/docker/tasks/install.yml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
---
|
||||||
|
# Just use the same repo for cent7 and cent8 because ¯\_(ツ)_/¯
|
||||||
|
- name: Install Docker repository
|
||||||
|
become: true
|
||||||
|
when: ansible_distribution == "CentOS"
|
||||||
|
yum_repository:
|
||||||
|
name: docker-ce-stable
|
||||||
|
description: Docker CE Stable - $basearch
|
||||||
|
file: docker-ce-stable
|
||||||
|
baseurl: https://download.docker.com/linux/centos/7/$basearch/stable
|
||||||
|
gpgcheck: false
|
||||||
|
gpgcakey: https://download.docker.com/linux/centos/gpg
|
||||||
|
|
||||||
|
- name: Install Docker on Cent7
|
||||||
|
become: true
|
||||||
|
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||||
|
yum:
|
||||||
|
# Update the cache to update with the new docker repo
|
||||||
|
update_cache: yes
|
||||||
|
state: latest
|
||||||
|
name:
|
||||||
|
- device-mapper-persistent-data # Required for docker devicestorage driver
|
||||||
|
- lvm2 # same
|
||||||
|
- docker-ce
|
||||||
|
- containerd.io
|
||||||
|
|
||||||
|
- name: Install Docker on Cent8
|
||||||
|
become: true
|
||||||
|
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||||
|
dnf:
|
||||||
|
# Update the cache to update with the new docker repo
|
||||||
|
update_cache: yes
|
||||||
|
state: latest
|
||||||
|
name:
|
||||||
|
- device-mapper-persistent-data # Required for docker devicestorage driver
|
||||||
|
- lvm2 # same
|
||||||
|
- docker-ce-3:18.09.1-3.el7
|
||||||
|
|
||||||
|
- name: Install python bindings
|
||||||
|
become: true
|
||||||
|
pip:
|
||||||
|
name:
|
||||||
|
- docker==4.2.0
|
||||||
|
- docker-compose==1.25.4
|
||||||
|
state: present
|
19
roles/docker/tasks/main.yml
Normal file
19
roles/docker/tasks/main.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
- import_tasks: install.yml
|
||||||
|
|
||||||
|
- name: Start and enable docker service
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- import_tasks: tasks/preprocess-users.yml
|
||||||
|
|
||||||
|
- name: Add superusers to the docker group
|
||||||
|
become: true
|
||||||
|
user:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
groups: docker
|
||||||
|
append: yes
|
||||||
|
loop: "{{ _users_local_admin }}"
|
2
roles/networkd/defaults/main.yml
Normal file
2
roles/networkd/defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
omni_restart_services: false
|
@ -1,33 +1,31 @@
|
|||||||
---
|
---
|
||||||
- import_tasks: packages.yml
|
- import_tasks: packages.yml
|
||||||
|
|
||||||
- name: Delete networkd config directory
|
- name: Configure networking via systemd
|
||||||
become: true
|
become: true
|
||||||
|
when: omni_networking is defined
|
||||||
|
block:
|
||||||
|
- name: Delete networkd config directory
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/network
|
path: /etc/systemd/network
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- name: Create the networkd config directory
|
- name: Create the networkd config directory
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/network
|
path: /etc/systemd/network
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: Make network files
|
- name: Make network files
|
||||||
when: networking is defined
|
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: network.j2
|
src: network.j2
|
||||||
dest: "/etc/systemd/network/{{ item.key }}.network"
|
dest: "/etc/systemd/network/{{ item.key }}.network"
|
||||||
loop: "{{ networking | dict2items }}"
|
loop: "{{ omni_networking | dict2items }}"
|
||||||
|
|
||||||
- name: Make netdev files
|
- name: Make netdev files
|
||||||
when: networking is defined
|
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: netdev.j2
|
src: netdev.j2
|
||||||
dest: "/etc/systemd/network/{{ item.0.key + '.' + item.1 }}.netdev"
|
dest: "/etc/systemd/network/{{ item.0.key + '.' + item.1 }}.netdev"
|
||||||
loop: "{{ networking | dict2items | subelements('value.vlans', true) }}"
|
loop: "{{ omni_networking | dict2items | subelements('value.vlans', true) }}"
|
||||||
|
|
||||||
- import_tasks: services.yml
|
- import_tasks: services.yml
|
||||||
|
|
||||||
|
@ -21,14 +21,18 @@
|
|||||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||||
become: true
|
become: true
|
||||||
block:
|
block:
|
||||||
- name: Install this super-legitimate and definitely vetted COPR repo
|
# The systemd-networkd EPEL package is currently in the testing phase, so we have
|
||||||
shell:
|
# to enable the testing EPEL repo to install it. Note that this is also done in
|
||||||
creates: /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:fschwarz:systemd-networkd.repo
|
# the packages role
|
||||||
cmd: dnf copr enable fschwarz/systemd-networkd
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1789146
|
||||||
warn: false
|
- name: Enable EPEL-Testing repository on CentOS 8s
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/yum.repos.d/epel-testing.repo
|
||||||
|
regexp: "enabled=(0|1)"
|
||||||
|
line: "enabled=1"
|
||||||
|
insertbefore: "^$"
|
||||||
|
firstmatch: true
|
||||||
- name: Install networkd
|
- name: Install networkd
|
||||||
dnf:
|
dnf:
|
||||||
state: latest
|
state: latest
|
||||||
name:
|
name: systemd-networkd
|
||||||
# This now comes from aforementioned very good COPR repo
|
|
||||||
- systemd-networkd
|
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
- systemd-networkd-wait-online
|
- systemd-networkd-wait-online
|
||||||
|
|
||||||
- name: Stop NetworkManager
|
- name: Stop NetworkManager
|
||||||
when: restart_services | default(false) == true
|
when: omni_restart_services == true
|
||||||
become: true
|
become: true
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
@ -29,6 +29,7 @@
|
|||||||
- NetworkManager-wait-online
|
- NetworkManager-wait-online
|
||||||
|
|
||||||
- name: Start systemd-networkd
|
- name: Start systemd-networkd
|
||||||
|
when: omni_restart_services == true
|
||||||
become: true
|
become: true
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
|
@ -1,71 +0,0 @@
|
|||||||
---
|
|
||||||
# The dracut patch is an issue uniquely bound to the fact that I'm using several
|
|
||||||
# old-as-shit hardware RAID cards. Specifically the Dell PERC H200 and the Dell PERC
|
|
||||||
# H310, both of which had their hardware drivers dropped in Cent8 (despite the drivers
|
|
||||||
# being included in the upstream fedora kernel, but whatever). OS installation and the
|
|
||||||
# process in this set of tasks is based off of this blog post:
|
|
||||||
# https://www.centos.org/forums/viewtopic.php?t=71862#p302447
|
|
||||||
#
|
|
||||||
# TODO: Host the RPMs locally. The internet may never forget, but it's also never there
|
|
||||||
# when you need it
|
|
||||||
#
|
|
||||||
# NOTE: These tasks only need to be run on Cent8
|
|
||||||
#
|
|
||||||
# NOTE: We assume- since this file literally has 'centos' in the name- that the
|
|
||||||
# ansible_distribution check has already been done at import time
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: Determine dracut version
|
|
||||||
shell:
|
|
||||||
cmd: rpm -qa | grep dracut-[0-9]
|
|
||||||
warn: false
|
|
||||||
register: dracut_version_check
|
|
||||||
|
|
||||||
- name: Install patched version of dracut
|
|
||||||
when: dracut_version_check.stdout != "dracut-049-13.git20190614.p1.el8_0.elrepo.x86_64"
|
|
||||||
block:
|
|
||||||
- name: Create temporary download directory
|
|
||||||
file:
|
|
||||||
path: /tmp/dracut-patch
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Download patched dracut tool RPMs
|
|
||||||
get_url:
|
|
||||||
url: "{{ item.source }}"
|
|
||||||
dest: /tmp/dracut-patch/{{ item.dest }}
|
|
||||||
loop:
|
|
||||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
|
||||||
dest: dracut.rpm
|
|
||||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-caps-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
|
||||||
dest: dracut-caps.rpm
|
|
||||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-config-generic-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
|
||||||
dest: dracut-config-generic.rpm
|
|
||||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-config-rescue-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
|
||||||
dest: dracut-config-rescue.rpm
|
|
||||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-live-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
|
||||||
dest: dracut-live.rpm
|
|
||||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-network-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
|
||||||
dest: dracut-network.rpm
|
|
||||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-squash-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
|
||||||
dest: dracut-squash.rpm
|
|
||||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-tools-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
|
||||||
dest: dracut-tools.rpm
|
|
||||||
|
|
||||||
- name: Install patched dracut toolchain
|
|
||||||
become: true
|
|
||||||
dnf:
|
|
||||||
state: latest
|
|
||||||
name:
|
|
||||||
- /tmp/dracut-patch/dracut.rpm
|
|
||||||
- /tmp/dracut-patch/dracut-caps.rpm
|
|
||||||
- /tmp/dracut-patch/dracut-config-generic.rpm
|
|
||||||
- /tmp/dracut-patch/dracut-config-rescue.rpm
|
|
||||||
- /tmp/dracut-patch/dracut-live.rpm
|
|
||||||
- /tmp/dracut-patch/dracut-network.rpm
|
|
||||||
- /tmp/dracut-patch/dracut-squash.rpm
|
|
||||||
- /tmp/dracut-patch/dracut-tools.rpm
|
|
||||||
|
|
||||||
- name: Remove temporary download directory
|
|
||||||
file:
|
|
||||||
path: /tmp/dracut-patch
|
|
||||||
state: absent
|
|
@ -2,13 +2,13 @@
|
|||||||
- name: Clean DNF cache
|
- name: Clean DNF cache
|
||||||
become: true
|
become: true
|
||||||
when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
|
when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
|
||||||
shell:
|
command:
|
||||||
cmd: dnf clean all
|
cmd: /usr/bin/dnf clean all
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: Clean YUM cache
|
- name: Clean YUM cache
|
||||||
become: true
|
become: true
|
||||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||||
shell:
|
command:
|
||||||
cmd: yum clean all
|
cmd: /usr/bin/yum clean all
|
||||||
warn: false
|
warn: false
|
||||||
|
@ -8,6 +8,14 @@
|
|||||||
state: latest
|
state: latest
|
||||||
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
|
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
|
||||||
|
|
||||||
|
- name: Enable EPEL-Testing repository on CentOS 8s
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/yum.repos.d/epel-testing.repo
|
||||||
|
regexp: "enabled=(0|1)"
|
||||||
|
line: "enabled=1"
|
||||||
|
insertbefore: "^$"
|
||||||
|
firstmatch: true
|
||||||
|
|
||||||
- name: Enable the power tools repository on CentOS 8
|
- name: Enable the power tools repository on CentOS 8
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/yum.repos.d/CentOS-PowerTools.repo
|
path: /etc/yum.repos.d/CentOS-PowerTools.repo
|
||||||
|
@ -1,7 +1,4 @@
|
|||||||
---
|
---
|
||||||
- import_tasks: centos-8-dracut.yml
|
|
||||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
|
||||||
|
|
||||||
# Gotta hate this, but I have to hardcode the systemd exclusion on cent8
|
# Gotta hate this, but I have to hardcode the systemd exclusion on cent8
|
||||||
# Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role)
|
# Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role)
|
||||||
# there are a pile of conflicts when you run "dnf update" with it installed. I found
|
# there are a pile of conflicts when you run "dnf update" with it installed. I found
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
---
|
---
|
||||||
omni_restart_services: false
|
omni_restart_services: false
|
||||||
|
omni_ssh_enabled: true
|
||||||
|
14
roles/sshd/tasks/install.yml
Normal file
14
roles/sshd/tasks/install.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
- name: Install OpenSSH server on Fedora and CentOS 8
|
||||||
|
when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
|
||||||
|
become: true
|
||||||
|
dnf:
|
||||||
|
name: openssh-server
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: Install OpenSSH server on CentOS 7
|
||||||
|
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||||
|
become: true
|
||||||
|
yum:
|
||||||
|
name: openssh-server
|
||||||
|
state: latest
|
@ -1,4 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
- import_tasks: install.yml
|
||||||
|
|
||||||
- name: Install SSH Banner
|
- name: Install SSH Banner
|
||||||
become: true
|
become: true
|
||||||
template:
|
template:
|
||||||
@ -26,8 +28,8 @@
|
|||||||
set: "ChallengeResponseAuthentication no"
|
set: "ChallengeResponseAuthentication no"
|
||||||
|
|
||||||
- name: Restart sshd service
|
- name: Restart sshd service
|
||||||
when: omni_restart_services == true
|
|
||||||
become: true
|
become: true
|
||||||
systemd:
|
systemd:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: restarted
|
state: "{{ 'restarted' if omni_restart_services == true else 'started' }}"
|
||||||
|
enabled: "{{ omni_ssh_enabled }}"
|
||||||
|
Reference in New Issue
Block a user