Refactor roles to support new variable schema
Add common-env and docker roles
This commit is contained in:
parent
1f3ca79d04
commit
dc1395daf1
12
roles/common_env/tasks/main.yml
Normal file
12
roles/common_env/tasks/main.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: Set hostname
|
||||
become: true
|
||||
hostname:
|
||||
name: "{{ ansible_host }}"
|
||||
|
||||
- name: Install global bashrc
|
||||
become: true
|
||||
copy:
|
||||
src: bashrc.sh
|
||||
dest: /etc/profile.d/ZA-enpn-bashrc.sh
|
||||
mode: 0644
|
45
roles/docker/tasks/install.yml
Normal file
45
roles/docker/tasks/install.yml
Normal file
@ -0,0 +1,45 @@
|
||||
---
|
||||
# Just use the same repo for cent7 and cent8 because ¯\_(ツ)_/¯
|
||||
- name: Install Docker repository
|
||||
become: true
|
||||
when: ansible_distribution == "CentOS"
|
||||
yum_repository:
|
||||
name: docker-ce-stable
|
||||
description: Docker CE Stable - $basearch
|
||||
file: docker-ce-stable
|
||||
baseurl: https://download.docker.com/linux/centos/7/$basearch/stable
|
||||
gpgcheck: false
|
||||
gpgcakey: https://download.docker.com/linux/centos/gpg
|
||||
|
||||
- name: Install Docker on Cent7
|
||||
become: true
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
yum:
|
||||
# Update the cache to update with the new docker repo
|
||||
update_cache: yes
|
||||
state: latest
|
||||
name:
|
||||
- device-mapper-persistent-data # Required for docker devicestorage driver
|
||||
- lvm2 # same
|
||||
- docker-ce
|
||||
- containerd.io
|
||||
|
||||
- name: Install Docker on Cent8
|
||||
become: true
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
dnf:
|
||||
# Update the cache to update with the new docker repo
|
||||
update_cache: yes
|
||||
state: latest
|
||||
name:
|
||||
- device-mapper-persistent-data # Required for docker devicestorage driver
|
||||
- lvm2 # same
|
||||
- docker-ce-3:18.09.1-3.el7
|
||||
|
||||
- name: Install python bindings
|
||||
become: true
|
||||
pip:
|
||||
name:
|
||||
- docker==4.2.0
|
||||
- docker-compose==1.25.4
|
||||
state: present
|
19
roles/docker/tasks/main.yml
Normal file
19
roles/docker/tasks/main.yml
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
- import_tasks: install.yml
|
||||
|
||||
- name: Start and enable docker service
|
||||
become: true
|
||||
systemd:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- import_tasks: tasks/preprocess-users.yml
|
||||
|
||||
- name: Add superusers to the docker group
|
||||
become: true
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
groups: docker
|
||||
append: yes
|
||||
loop: "{{ _users_local_admin }}"
|
2
roles/networkd/defaults/main.yml
Normal file
2
roles/networkd/defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
omni_restart_services: false
|
@ -1,33 +1,31 @@
|
||||
---
|
||||
- import_tasks: packages.yml
|
||||
|
||||
- name: Delete networkd config directory
|
||||
- name: Configure networking via systemd
|
||||
become: true
|
||||
file:
|
||||
path: /etc/systemd/network
|
||||
state: absent
|
||||
when: omni_networking is defined
|
||||
block:
|
||||
- name: Delete networkd config directory
|
||||
file:
|
||||
path: /etc/systemd/network
|
||||
state: absent
|
||||
|
||||
- name: Create the networkd config directory
|
||||
become: true
|
||||
file:
|
||||
path: /etc/systemd/network
|
||||
state: directory
|
||||
- name: Create the networkd config directory
|
||||
file:
|
||||
path: /etc/systemd/network
|
||||
state: directory
|
||||
|
||||
- name: Make network files
|
||||
when: networking is defined
|
||||
become: true
|
||||
template:
|
||||
src: network.j2
|
||||
dest: "/etc/systemd/network/{{ item.key }}.network"
|
||||
loop: "{{ networking | dict2items }}"
|
||||
- name: Make network files
|
||||
template:
|
||||
src: network.j2
|
||||
dest: "/etc/systemd/network/{{ item.key }}.network"
|
||||
loop: "{{ omni_networking | dict2items }}"
|
||||
|
||||
- name: Make netdev files
|
||||
when: networking is defined
|
||||
become: true
|
||||
template:
|
||||
src: netdev.j2
|
||||
dest: "/etc/systemd/network/{{ item.0.key + '.' + item.1 }}.netdev"
|
||||
loop: "{{ networking | dict2items | subelements('value.vlans', true) }}"
|
||||
- name: Make netdev files
|
||||
template:
|
||||
src: netdev.j2
|
||||
dest: "/etc/systemd/network/{{ item.0.key + '.' + item.1 }}.netdev"
|
||||
loop: "{{ omni_networking | dict2items | subelements('value.vlans', true) }}"
|
||||
|
||||
- import_tasks: services.yml
|
||||
|
||||
|
@ -21,14 +21,18 @@
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
become: true
|
||||
block:
|
||||
- name: Install this super-legitimate and definitely vetted COPR repo
|
||||
shell:
|
||||
creates: /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:fschwarz:systemd-networkd.repo
|
||||
cmd: dnf copr enable fschwarz/systemd-networkd
|
||||
warn: false
|
||||
# The systemd-networkd EPEL package is currently in the testing phase, so we have
|
||||
# to enable the testing EPEL repo to install it. Note that this is also done in
|
||||
# the packages role
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1789146
|
||||
- name: Enable EPEL-Testing repository on CentOS 8s
|
||||
lineinfile:
|
||||
path: /etc/yum.repos.d/epel-testing.repo
|
||||
regexp: "enabled=(0|1)"
|
||||
line: "enabled=1"
|
||||
insertbefore: "^$"
|
||||
firstmatch: true
|
||||
- name: Install networkd
|
||||
dnf:
|
||||
state: latest
|
||||
name:
|
||||
# This now comes from aforementioned very good COPR repo
|
||||
- systemd-networkd
|
||||
name: systemd-networkd
|
||||
|
@ -19,7 +19,7 @@
|
||||
- systemd-networkd-wait-online
|
||||
|
||||
- name: Stop NetworkManager
|
||||
when: restart_services | default(false) == true
|
||||
when: omni_restart_services == true
|
||||
become: true
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
@ -29,6 +29,7 @@
|
||||
- NetworkManager-wait-online
|
||||
|
||||
- name: Start systemd-networkd
|
||||
when: omni_restart_services == true
|
||||
become: true
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
|
@ -1,71 +0,0 @@
|
||||
---
|
||||
# The dracut patch is an issue uniquely bound to the fact that I'm using several
|
||||
# old-as-shit hardware RAID cards. Specifically the Dell PERC H200 and the Dell PERC
|
||||
# H310, both of which had their hardware drivers dropped in Cent8 (despite the drivers
|
||||
# being included in the upstream fedora kernel, but whatever). OS installation and the
|
||||
# process in this set of tasks is based off of this blog post:
|
||||
# https://www.centos.org/forums/viewtopic.php?t=71862#p302447
|
||||
#
|
||||
# TODO: Host the RPMs locally. The internet may never forget, but it's also never there
|
||||
# when you need it
|
||||
#
|
||||
# NOTE: These tasks only need to be run on Cent8
|
||||
#
|
||||
# NOTE: We assume- since this file literally has 'centos' in the name- that the
|
||||
# ansible_distribution check has already been done at import time
|
||||
#
|
||||
|
||||
- name: Determine dracut version
|
||||
shell:
|
||||
cmd: rpm -qa | grep dracut-[0-9]
|
||||
warn: false
|
||||
register: dracut_version_check
|
||||
|
||||
- name: Install patched version of dracut
|
||||
when: dracut_version_check.stdout != "dracut-049-13.git20190614.p1.el8_0.elrepo.x86_64"
|
||||
block:
|
||||
- name: Create temporary download directory
|
||||
file:
|
||||
path: /tmp/dracut-patch
|
||||
state: directory
|
||||
|
||||
- name: Download patched dracut tool RPMs
|
||||
get_url:
|
||||
url: "{{ item.source }}"
|
||||
dest: /tmp/dracut-patch/{{ item.dest }}
|
||||
loop:
|
||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
||||
dest: dracut.rpm
|
||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-caps-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
||||
dest: dracut-caps.rpm
|
||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-config-generic-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
||||
dest: dracut-config-generic.rpm
|
||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-config-rescue-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
||||
dest: dracut-config-rescue.rpm
|
||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-live-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
||||
dest: dracut-live.rpm
|
||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-network-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
||||
dest: dracut-network.rpm
|
||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-squash-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
||||
dest: dracut-squash.rpm
|
||||
- source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-tools-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
|
||||
dest: dracut-tools.rpm
|
||||
|
||||
- name: Install patched dracut toolchain
|
||||
become: true
|
||||
dnf:
|
||||
state: latest
|
||||
name:
|
||||
- /tmp/dracut-patch/dracut.rpm
|
||||
- /tmp/dracut-patch/dracut-caps.rpm
|
||||
- /tmp/dracut-patch/dracut-config-generic.rpm
|
||||
- /tmp/dracut-patch/dracut-config-rescue.rpm
|
||||
- /tmp/dracut-patch/dracut-live.rpm
|
||||
- /tmp/dracut-patch/dracut-network.rpm
|
||||
- /tmp/dracut-patch/dracut-squash.rpm
|
||||
- /tmp/dracut-patch/dracut-tools.rpm
|
||||
|
||||
- name: Remove temporary download directory
|
||||
file:
|
||||
path: /tmp/dracut-patch
|
||||
state: absent
|
@ -2,13 +2,13 @@
|
||||
- name: Clean DNF cache
|
||||
become: true
|
||||
when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
|
||||
shell:
|
||||
cmd: dnf clean all
|
||||
command:
|
||||
cmd: /usr/bin/dnf clean all
|
||||
warn: false
|
||||
|
||||
- name: Clean YUM cache
|
||||
become: true
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
shell:
|
||||
cmd: yum clean all
|
||||
command:
|
||||
cmd: /usr/bin/yum clean all
|
||||
warn: false
|
||||
|
@ -8,6 +8,14 @@
|
||||
state: latest
|
||||
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
|
||||
|
||||
- name: Enable EPEL-Testing repository on CentOS 8s
|
||||
lineinfile:
|
||||
path: /etc/yum.repos.d/epel-testing.repo
|
||||
regexp: "enabled=(0|1)"
|
||||
line: "enabled=1"
|
||||
insertbefore: "^$"
|
||||
firstmatch: true
|
||||
|
||||
- name: Enable the power tools repository on CentOS 8
|
||||
lineinfile:
|
||||
path: /etc/yum.repos.d/CentOS-PowerTools.repo
|
||||
|
@ -1,7 +1,4 @@
|
||||
---
|
||||
- import_tasks: centos-8-dracut.yml
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
|
||||
|
||||
# Gotta hate this, but I have to hardcode the systemd exclusion on cent8
|
||||
# Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role)
|
||||
# there are a pile of conflicts when you run "dnf update" with it installed. I found
|
||||
|
@ -1,2 +1,3 @@
|
||||
---
|
||||
omni_restart_services: false
|
||||
omni_ssh_enabled: true
|
||||
|
14
roles/sshd/tasks/install.yml
Normal file
14
roles/sshd/tasks/install.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: Install OpenSSH server on Fedora and CentOS 8
|
||||
when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
|
||||
become: true
|
||||
dnf:
|
||||
name: openssh-server
|
||||
state: latest
|
||||
|
||||
- name: Install OpenSSH server on CentOS 7
|
||||
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||
become: true
|
||||
yum:
|
||||
name: openssh-server
|
||||
state: latest
|
@ -1,4 +1,6 @@
|
||||
---
|
||||
- import_tasks: install.yml
|
||||
|
||||
- name: Install SSH Banner
|
||||
become: true
|
||||
template:
|
||||
@ -26,8 +28,8 @@
|
||||
set: "ChallengeResponseAuthentication no"
|
||||
|
||||
- name: Restart sshd service
|
||||
when: omni_restart_services == true
|
||||
become: true
|
||||
systemd:
|
||||
name: sshd
|
||||
state: restarted
|
||||
state: "{{ 'restarted' if omni_restart_services == true else 'started' }}"
|
||||
enabled: "{{ omni_ssh_enabled }}"
|
||||
|
Reference in New Issue
Block a user