From 2e5b51cc24b6f6c91e7f969fe14e3adc2d4e80f2 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 21 Apr 2018 23:28:35 +0200 Subject: rename all .yaml to .yml --- group_vars/all/vars.yaml | 15 --- group_vars/all/vars.yml | 15 +++ group_vars/elevate/vars.yaml | 4 - group_vars/elevate/vars.yml | 4 + group_vars/hetzner/vars.yaml | 6 -- group_vars/hetzner/vars.yml | 6 ++ group_vars/k8s-emc/vars.yml | 2 +- group_vars/skillz/vars.yaml | 2 - group_vars/skillz/vars.yml | 2 + group_vars/spreadspace/vars.yaml | 4 - group_vars/spreadspace/vars.yml | 4 + group_vars/spreadspace/vault.yaml | 10 -- group_vars/spreadspace/vault.yml | 10 ++ host_playbooks/calypso.yaml | 10 -- host_playbooks/calypso.yml | 10 ++ host_playbooks/dione.yaml | 9 -- host_playbooks/dione.yml | 9 ++ host_playbooks/elesearch.yaml | 9 -- host_playbooks/elesearch.yml | 9 ++ host_playbooks/emc-master.yaml | 9 -- host_playbooks/emc-master.yml | 9 ++ host_playbooks/emc-stats.yaml | 10 -- host_playbooks/emc-stats.yml | 10 ++ host_playbooks/emc-test.yaml | 9 -- host_playbooks/emc-test.yml | 9 ++ host_playbooks/emc-xx.yaml | 9 -- host_playbooks/emc-xx.yml | 9 ++ host_playbooks/helene.yaml | 10 -- host_playbooks/helene.yml | 10 ++ host_playbooks/sk2013.yaml | 6 -- host_playbooks/sk2013.yml | 6 ++ host_playbooks/sk2016.yaml | 6 -- host_playbooks/sk2016.yml | 6 ++ host_playbooks/telesto.yaml | 9 -- host_playbooks/telesto.yml | 9 ++ host_playbooks/thetys.yaml | 10 -- host_playbooks/thetys.yml | 10 ++ host_vars/calypso.yaml | 10 -- host_vars/calypso.yml | 10 ++ host_vars/dione.yaml | 22 ---- host_vars/dione.yml | 22 ++++ host_vars/elesearch.yaml | 23 ----- host_vars/elesearch.yml | 23 +++++ host_vars/emc-master.yaml | 42 -------- host_vars/emc-master.yml | 42 ++++++++ host_vars/emc-stats.yaml | 53 ---------- host_vars/emc-stats.yml | 53 ++++++++++ host_vars/helene.yaml | 22 ---- host_vars/helene.yml | 22 ++++ host_vars/sk2013.yaml | 32 ------ host_vars/sk2013.yml | 32 ++++++ host_vars/sk2016.yaml | 32 ------ host_vars/sk2016.yml | 32 ++++++ host_vars/telesto.yaml | 10 -- host_vars/telesto.yml | 10 ++ host_vars/thetys.yaml | 10 -- host_vars/thetys.yml | 10 ++ playbooks/k8s-emc.yaml | 96 ------------------ playbooks/k8s-emc.yml | 96 ++++++++++++++++++ roles/admin-user/tasks/main.yaml | 17 ---- roles/admin-user/tasks/main.yml | 17 ++++ roles/base/defaults/main.yaml | 26 ----- roles/base/defaults/main.yml | 26 +++++ roles/base/tasks/main.yaml | 91 ----------------- roles/base/tasks/main.yml | 91 +++++++++++++++++ roles/base/vars/main.yaml | 45 --------- roles/base/vars/main.yml | 45 +++++++++ roles/blackmagic-desktopvideo/handlers/main.yaml | 4 - roles/blackmagic-desktopvideo/handlers/main.yml | 4 + roles/blackmagic-desktopvideo/tasks/main.yaml | 40 -------- roles/blackmagic-desktopvideo/tasks/main.yml | 40 ++++++++ roles/docker/tasks/main.yaml | 50 --------- roles/docker/tasks/main.yml | 50 +++++++++ roles/emc-stats/tasks/main.yaml | 30 ------ roles/emc-stats/tasks/main.yml | 30 ++++++ roles/hetzner-slim/tasks/main.yaml | 14 --- roles/hetzner-slim/tasks/main.yml | 14 +++ roles/kubernetes-base/tasks/main.yaml | 89 ---------------- roles/kubernetes-base/tasks/main.yml | 90 +++++++++++++++++ roles/kubernetes-net/handlers/main.yaml | 4 - roles/kubernetes-net/handlers/main.yml | 4 + roles/kubernetes-net/tasks/add.yaml | 114 --------------------- roles/kubernetes-net/tasks/add.yml | 114 +++++++++++++++++++++ roles/kubernetes-net/tasks/main.yaml | 8 -- roles/kubernetes-net/tasks/main.yml | 8 ++ roles/kubernetes-net/tasks/remove.yaml | 28 ------ roles/kubernetes-net/tasks/remove.yml | 28 ++++++ roles/reboot-and-wait/tasks/main.yaml | 10 -- roles/reboot-and-wait/tasks/main.yml | 10 ++ roles/scaleway-slim/tasks/main.yaml | 14 --- roles/scaleway-slim/tasks/main.yml | 14 +++ roles/spreadspace-apt-repo/tasks/main.yaml | 16 --- roles/spreadspace-apt-repo/tasks/main.yml | 16 +++ roles/sshserver/handlers/main.yaml | 5 - roles/sshserver/handlers/main.yml | 5 + roles/sshserver/tasks/main.yaml | 38 ------- roles/sshserver/tasks/main.yml | 38 +++++++ roles/ubuntu-ws/defaults/main.yaml | 3 - roles/ubuntu-ws/defaults/main.yml | 3 + roles/ubuntu-ws/tasks/fs.yaml | 99 ------------------ roles/ubuntu-ws/tasks/fs.yml | 99 ++++++++++++++++++ roles/ubuntu-ws/tasks/main.yaml | 80 --------------- roles/ubuntu-ws/tasks/main.yml | 80 +++++++++++++++ roles/upgrade/tasks/main.yaml | 36 ------- roles/upgrade/tasks/main.yml | 36 +++++++ roles/vm-grub/handlers/main.yaml | 3 - roles/vm-grub/handlers/main.yml | 3 + roles/vm-grub/tasks/main.yaml | 12 --- roles/vm-grub/tasks/main.yml | 12 +++ roles/vm-host/defaults/main.yaml | 7 -- roles/vm-host/defaults/main.yml | 7 ++ roles/vm-host/handlers/main.yaml | 5 - roles/vm-host/handlers/main.yml | 5 + roles/vm-host/tasks/main.yaml | 54 ---------- roles/vm-host/tasks/main.yml | 54 ++++++++++ roles/vm-install/tasks/main.yaml | 123 ----------------------- roles/vm-install/tasks/main.yml | 123 +++++++++++++++++++++++ roles/vm-network/handlers/main.yaml | 3 - roles/vm-network/handlers/main.yml | 3 + roles/vm-network/tasks/lan.yaml | 6 -- roles/vm-network/tasks/lan.yml | 6 ++ roles/vm-network/tasks/main.yaml | 9 -- roles/vm-network/tasks/main.yml | 9 ++ roles/vm-network/tasks/public.yaml | 33 ------ roles/vm-network/tasks/public.yml | 33 ++++++ roles/vm-network/tasks/systemd-link.yaml | 15 --- roles/vm-network/tasks/systemd-link.yml | 15 +++ roles/zsh/tasks/main.yaml | 33 ------ roles/zsh/tasks/main.yml | 33 ++++++ vm-install.sh | 2 +- vminstall.yaml | 21 ---- vminstall.yml | 21 ++++ 132 files changed, 1687 insertions(+), 1686 deletions(-) delete mode 100644 group_vars/all/vars.yaml create mode 100644 group_vars/all/vars.yml delete mode 100644 group_vars/elevate/vars.yaml create mode 100644 group_vars/elevate/vars.yml delete mode 100644 group_vars/hetzner/vars.yaml create mode 100644 group_vars/hetzner/vars.yml delete mode 100644 group_vars/skillz/vars.yaml create mode 100644 group_vars/skillz/vars.yml delete mode 100644 group_vars/spreadspace/vars.yaml create mode 100644 group_vars/spreadspace/vars.yml delete mode 100644 group_vars/spreadspace/vault.yaml create mode 100644 group_vars/spreadspace/vault.yml delete mode 100644 host_playbooks/calypso.yaml create mode 100644 host_playbooks/calypso.yml delete mode 100644 host_playbooks/dione.yaml create mode 100644 host_playbooks/dione.yml delete mode 100644 host_playbooks/elesearch.yaml create mode 100644 host_playbooks/elesearch.yml delete mode 100644 host_playbooks/emc-master.yaml create mode 100644 host_playbooks/emc-master.yml delete mode 100644 host_playbooks/emc-stats.yaml create mode 100644 host_playbooks/emc-stats.yml delete mode 100644 host_playbooks/emc-test.yaml create mode 100644 host_playbooks/emc-test.yml delete mode 100644 host_playbooks/emc-xx.yaml create mode 100644 host_playbooks/emc-xx.yml delete mode 100644 host_playbooks/helene.yaml create mode 100644 host_playbooks/helene.yml delete mode 100644 host_playbooks/sk2013.yaml create mode 100644 host_playbooks/sk2013.yml delete mode 100644 host_playbooks/sk2016.yaml create mode 100644 host_playbooks/sk2016.yml delete mode 100644 host_playbooks/telesto.yaml create mode 100644 host_playbooks/telesto.yml delete mode 100644 host_playbooks/thetys.yaml create mode 100644 host_playbooks/thetys.yml delete mode 100644 host_vars/calypso.yaml create mode 100644 host_vars/calypso.yml delete mode 100644 host_vars/dione.yaml create mode 100644 host_vars/dione.yml delete mode 100644 host_vars/elesearch.yaml create mode 100644 host_vars/elesearch.yml delete mode 100644 host_vars/emc-master.yaml create mode 100644 host_vars/emc-master.yml delete mode 100644 host_vars/emc-stats.yaml create mode 100644 host_vars/emc-stats.yml delete mode 100644 host_vars/helene.yaml create mode 100644 host_vars/helene.yml delete mode 100644 host_vars/sk2013.yaml create mode 100644 host_vars/sk2013.yml delete mode 100644 host_vars/sk2016.yaml create mode 100644 host_vars/sk2016.yml delete mode 100644 host_vars/telesto.yaml create mode 100644 host_vars/telesto.yml delete mode 100644 host_vars/thetys.yaml create mode 100644 host_vars/thetys.yml delete mode 100644 playbooks/k8s-emc.yaml create mode 100644 playbooks/k8s-emc.yml delete mode 100644 roles/admin-user/tasks/main.yaml create mode 100644 roles/admin-user/tasks/main.yml delete mode 100644 roles/base/defaults/main.yaml create mode 100644 roles/base/defaults/main.yml delete mode 100644 roles/base/tasks/main.yaml create mode 100644 roles/base/tasks/main.yml delete mode 100644 roles/base/vars/main.yaml create mode 100644 roles/base/vars/main.yml delete mode 100644 roles/blackmagic-desktopvideo/handlers/main.yaml create mode 100644 roles/blackmagic-desktopvideo/handlers/main.yml delete mode 100644 roles/blackmagic-desktopvideo/tasks/main.yaml create mode 100644 roles/blackmagic-desktopvideo/tasks/main.yml delete mode 100644 roles/docker/tasks/main.yaml create mode 100644 roles/docker/tasks/main.yml delete mode 100644 roles/emc-stats/tasks/main.yaml create mode 100644 roles/emc-stats/tasks/main.yml delete mode 100644 roles/hetzner-slim/tasks/main.yaml create mode 100644 roles/hetzner-slim/tasks/main.yml delete mode 100644 roles/kubernetes-base/tasks/main.yaml create mode 100644 roles/kubernetes-base/tasks/main.yml delete mode 100644 roles/kubernetes-net/handlers/main.yaml create mode 100644 roles/kubernetes-net/handlers/main.yml delete mode 100644 roles/kubernetes-net/tasks/add.yaml create mode 100644 roles/kubernetes-net/tasks/add.yml delete mode 100644 roles/kubernetes-net/tasks/main.yaml create mode 100644 roles/kubernetes-net/tasks/main.yml delete mode 100644 roles/kubernetes-net/tasks/remove.yaml create mode 100644 roles/kubernetes-net/tasks/remove.yml delete mode 100644 roles/reboot-and-wait/tasks/main.yaml create mode 100644 roles/reboot-and-wait/tasks/main.yml delete mode 100644 roles/scaleway-slim/tasks/main.yaml create mode 100644 roles/scaleway-slim/tasks/main.yml delete mode 100644 roles/spreadspace-apt-repo/tasks/main.yaml create mode 100644 roles/spreadspace-apt-repo/tasks/main.yml delete mode 100644 roles/sshserver/handlers/main.yaml create mode 100644 roles/sshserver/handlers/main.yml delete mode 100644 roles/sshserver/tasks/main.yaml create mode 100644 roles/sshserver/tasks/main.yml delete mode 100644 roles/ubuntu-ws/defaults/main.yaml create mode 100644 roles/ubuntu-ws/defaults/main.yml delete mode 100644 roles/ubuntu-ws/tasks/fs.yaml create mode 100644 roles/ubuntu-ws/tasks/fs.yml delete mode 100644 roles/ubuntu-ws/tasks/main.yaml create mode 100644 roles/ubuntu-ws/tasks/main.yml delete mode 100644 roles/upgrade/tasks/main.yaml create mode 100644 roles/upgrade/tasks/main.yml delete mode 100644 roles/vm-grub/handlers/main.yaml create mode 100644 roles/vm-grub/handlers/main.yml delete mode 100644 roles/vm-grub/tasks/main.yaml create mode 100644 roles/vm-grub/tasks/main.yml delete mode 100644 roles/vm-host/defaults/main.yaml create mode 100644 roles/vm-host/defaults/main.yml delete mode 100644 roles/vm-host/handlers/main.yaml create mode 100644 roles/vm-host/handlers/main.yml delete mode 100644 roles/vm-host/tasks/main.yaml create mode 100644 roles/vm-host/tasks/main.yml delete mode 100644 roles/vm-install/tasks/main.yaml create mode 100644 roles/vm-install/tasks/main.yml delete mode 100644 roles/vm-network/handlers/main.yaml create mode 100644 roles/vm-network/handlers/main.yml delete mode 100644 roles/vm-network/tasks/lan.yaml create mode 100644 roles/vm-network/tasks/lan.yml delete mode 100644 roles/vm-network/tasks/main.yaml create mode 100644 roles/vm-network/tasks/main.yml delete mode 100644 roles/vm-network/tasks/public.yaml create mode 100644 roles/vm-network/tasks/public.yml delete mode 100644 roles/vm-network/tasks/systemd-link.yaml create mode 100644 roles/vm-network/tasks/systemd-link.yml delete mode 100644 roles/zsh/tasks/main.yaml create mode 100644 roles/zsh/tasks/main.yml delete mode 100644 vminstall.yaml create mode 100644 vminstall.yml diff --git a/group_vars/all/vars.yaml b/group_vars/all/vars.yaml deleted file mode 100644 index 65417f03..00000000 --- a/group_vars/all/vars.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -equinox_user: - name: equinox - # password: "{{ vault_equinox_password }}" - shell: /bin/zsh - - -ssh_keys: - equinox: - chaos: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8afqxWieebpxezBuLj2CIx/iAuTY9ziJt8JCJE0qYh+B2wXe9e+sPaKwz5yyS0X0MoEPHbYuVytxGQfGhdVR57gWWTYq5MBBFEqmu5MexAFKlNxad4TNQQwhs7rnI+lptKJO+rqeG/vaQBgao+61ZVwRR5Zr1zsXEoo5m4VB8VPo3TW0nSb97LdMyUmb1TaqDKJ5hrtrV6YcokXzE8FwHMK15oJsuJC7YUReijol3hGsRVw1H5S1zu4uDz7G32dPVxoLOPgupnf0SxnXdNVfNU50MHHSK68HzBXz4/rE1YLacRPloOhO7xegkWd5KGa09opEbUGzGu/lSXgHuAJpPgloy14cehDhLJ7F7SbXK4QBBtVgV+1CYXG2eJsRHIdkWiTWLuG+QZ4oEFLjQBjWpUYsEiDt9FEtSVCtKH2vBk26ps5yIoSCtYq6POvg9miGgcpQA6HHwh5ekVUaKRGWuMdAIvjvQSlCsFjYkxD1NpCgU1RhyWWTI3xTSKzTxcXiCWWZoBDJVoW46EpSvySsOpxL/hLxJwMR8ouc6cPRZZl3m51824Rv3LdEXNBmn3vnojzIvrOed3sxpD0+7+tbA4J1uTbAxtkOMhK94WXKiUAOD7e5bJYdzajvDD2T9tkj/Mqdo8z3iR2/yjkGMEAeWWVOQEh7QhQS7OFEAKK4fw== equinox@chaos-at-home.org - ele: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwjCMiwyz7f0b1b6S5RjGbYXjd+hkTVsNzZ9xIkqqvdF8zCU6qZTqkhem13m6E1aPjALl0iyrmpb8N2pmASD7axUaTMTDd2tktkB3LULBbQCCApMnw5viZc9fm9dLBdbdiYyRtNrpk/b39V+9uViAbRtATBrYS5vV/14gT42WxPhpFiCz6A5JsKpmbBafS9vfexnqLTvKBtYLt+zhuS9eFovMHM5k7Qq4mRdKe+wdMBDeRls2z2G/ZjPrfHAkw2WctFUdSY+YAVzLB0SddVWnbOSZ19tsnzskyHpDD49LWb7wYl0OJ9fhxO02lnxW5Vdpwwwx8I7FVH83fDTQpzfSdr8tMY3F9rvCmi4noiTGDE2AAWqh73unKuydvBomNYX8HbuiJO9eTgwUIRAqsl8vHNU5rA10YF5r2SUqofrBNfINUH8x0NhpLGzNPIlazndaPY1no+XeQRQtgSU1bdDQzmySyyn5g9mlMSTU+jHfzyoK7yqlKE0W/R2ZTOEwr6+uRdFqn+mWmB0Mr20YavjVretseVs1AkmqaVClEO1juwb/CWI//Nd4uboD9zdZwkHmCjLlOmC+GkGrnLValaqQDh8iR8aKiVbaQVffl3ph1pD3BCn79KJy56YySLTbaI4lFDUHherkTdvgyMVmZJZMROzwuX7i4bi04TZ/GKTfDrw== equinox@elevate.at - ff: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjqlbFhzWRt2EnUrd7AFgR2iqPbV655OE38184ws+RvO82ImpJsKy80AvLQ3DhplLAN2W9kROBn3bga89pK7Sf78EwYYb5e+McVA0vUH/mnPurJpgPHg6q34yW5G5JVqKTmlqzQMDzmYw0iFNcieGmWXmx2QTtHj8qLuGOuBOE6/mljhgE7Pq4S0oyMjH2tLOhHS1Lykh5DH/OaHpofyUcd2uOCkgOClOUBHZ7Oo82J7yk5SZSVcrjQ4psO9ptqWNmw58ZBX5OPDTV/N7wPjgr2TL3HfCe8gkf2jERsghKufSuFpf2P6bNrK4k+grxB+LXuZihvOxJGRjemqImqvqaADLs23yCUWhgF/9oQ25ACydRGhHc56KIC3lQ3KOGoYT2IGo3Si/bQ7FpQIkODRWPHNKqbpItGm07uSTvkPZ4CadlG0MRhlOEjzRQgP1GYjr8w6917RZxO3DHndC1TfsciYhuwDGLon8WNtw1AjqRXolGnrkB2GsEENGvtJC97dioxPamOBctu06xdmDXwYpynXePoAp4+XxFlj/lUC8draUrKjAh++/LkId2Ldlxm0b1tGyfPl1ox1Gu9lY4QwoeGsTm/RJFnVH8kKns0aLHIlSdYp1+XdlQmBYSIIvVYFynVOQIKBzMBqQG9wcLbnMt7+Kz4coPI0TSvmn2dbDVKw== equinox@ffgraz.net - mur: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUW4fz/Vs4w5JMIFxoftimcbkqksZPDMfbHH/wfPKFAfJdi+fdGfWqqP7hy2/1iREF5W0L5dz9zQus0xS1/kkneUUL3CCKBD3+VzZqIbhy5rMlifd+jacVV+UZGhl/WP/wagu4+Mv0/ksXIlN6/2Pv2+ojjpGeCv4FHG/kR68zKoKNLxjHiTKt3LM9AFtx3Pn3ghIO3egbzaQ8vnTdQjGJHiosfKxiGZfnkAWvrMMq1sCJUJS7A8n2S3QUjoap3OYrVqFcPO4R/VaCaBWVdSKrymnpOGABvP9QuGenZ0CFXgl+p5QwKJz7n3CQHooUai+FPmmrCmtRV1QICyON8vdNI4hU5O1ksZOYxa0vptfqd//FMyauek5JzCDr4ExOWaZvhGsvZdLuWwiN/8KwpsgY+duiqWVC9jCOymFBPQ0Qik1hjCLXUWxDKcJIpF3WfHaHPESAlmNCKPbH5X7oBDOI5k96J34vDl1cBLjcVydtwfwbJmbApOMz3IukoUlYusbvLo2bJicHolkNrlS6qcSbaPpKsrjZ5II0Fks/S39q5rE//nVsY5oE35Gm5Pb7gndSuo/l01WOANYmKuYiwUz/XC62fis7fxiCxmLPMG3PIym7E3pe+lTjSOI3SN24cgwArDEvGZhqeyOHN468Yt8mPersXvY/cUMS1XFvLadtnw== equinox@mur.at - r3: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at - spread: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml new file mode 100644 index 00000000..65417f03 --- /dev/null +++ b/group_vars/all/vars.yml @@ -0,0 +1,15 @@ +--- +equinox_user: + name: equinox + # password: "{{ vault_equinox_password }}" + shell: /bin/zsh + + +ssh_keys: + equinox: + chaos: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8afqxWieebpxezBuLj2CIx/iAuTY9ziJt8JCJE0qYh+B2wXe9e+sPaKwz5yyS0X0MoEPHbYuVytxGQfGhdVR57gWWTYq5MBBFEqmu5MexAFKlNxad4TNQQwhs7rnI+lptKJO+rqeG/vaQBgao+61ZVwRR5Zr1zsXEoo5m4VB8VPo3TW0nSb97LdMyUmb1TaqDKJ5hrtrV6YcokXzE8FwHMK15oJsuJC7YUReijol3hGsRVw1H5S1zu4uDz7G32dPVxoLOPgupnf0SxnXdNVfNU50MHHSK68HzBXz4/rE1YLacRPloOhO7xegkWd5KGa09opEbUGzGu/lSXgHuAJpPgloy14cehDhLJ7F7SbXK4QBBtVgV+1CYXG2eJsRHIdkWiTWLuG+QZ4oEFLjQBjWpUYsEiDt9FEtSVCtKH2vBk26ps5yIoSCtYq6POvg9miGgcpQA6HHwh5ekVUaKRGWuMdAIvjvQSlCsFjYkxD1NpCgU1RhyWWTI3xTSKzTxcXiCWWZoBDJVoW46EpSvySsOpxL/hLxJwMR8ouc6cPRZZl3m51824Rv3LdEXNBmn3vnojzIvrOed3sxpD0+7+tbA4J1uTbAxtkOMhK94WXKiUAOD7e5bJYdzajvDD2T9tkj/Mqdo8z3iR2/yjkGMEAeWWVOQEh7QhQS7OFEAKK4fw== equinox@chaos-at-home.org + ele: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwjCMiwyz7f0b1b6S5RjGbYXjd+hkTVsNzZ9xIkqqvdF8zCU6qZTqkhem13m6E1aPjALl0iyrmpb8N2pmASD7axUaTMTDd2tktkB3LULBbQCCApMnw5viZc9fm9dLBdbdiYyRtNrpk/b39V+9uViAbRtATBrYS5vV/14gT42WxPhpFiCz6A5JsKpmbBafS9vfexnqLTvKBtYLt+zhuS9eFovMHM5k7Qq4mRdKe+wdMBDeRls2z2G/ZjPrfHAkw2WctFUdSY+YAVzLB0SddVWnbOSZ19tsnzskyHpDD49LWb7wYl0OJ9fhxO02lnxW5Vdpwwwx8I7FVH83fDTQpzfSdr8tMY3F9rvCmi4noiTGDE2AAWqh73unKuydvBomNYX8HbuiJO9eTgwUIRAqsl8vHNU5rA10YF5r2SUqofrBNfINUH8x0NhpLGzNPIlazndaPY1no+XeQRQtgSU1bdDQzmySyyn5g9mlMSTU+jHfzyoK7yqlKE0W/R2ZTOEwr6+uRdFqn+mWmB0Mr20YavjVretseVs1AkmqaVClEO1juwb/CWI//Nd4uboD9zdZwkHmCjLlOmC+GkGrnLValaqQDh8iR8aKiVbaQVffl3ph1pD3BCn79KJy56YySLTbaI4lFDUHherkTdvgyMVmZJZMROzwuX7i4bi04TZ/GKTfDrw== equinox@elevate.at + ff: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjqlbFhzWRt2EnUrd7AFgR2iqPbV655OE38184ws+RvO82ImpJsKy80AvLQ3DhplLAN2W9kROBn3bga89pK7Sf78EwYYb5e+McVA0vUH/mnPurJpgPHg6q34yW5G5JVqKTmlqzQMDzmYw0iFNcieGmWXmx2QTtHj8qLuGOuBOE6/mljhgE7Pq4S0oyMjH2tLOhHS1Lykh5DH/OaHpofyUcd2uOCkgOClOUBHZ7Oo82J7yk5SZSVcrjQ4psO9ptqWNmw58ZBX5OPDTV/N7wPjgr2TL3HfCe8gkf2jERsghKufSuFpf2P6bNrK4k+grxB+LXuZihvOxJGRjemqImqvqaADLs23yCUWhgF/9oQ25ACydRGhHc56KIC3lQ3KOGoYT2IGo3Si/bQ7FpQIkODRWPHNKqbpItGm07uSTvkPZ4CadlG0MRhlOEjzRQgP1GYjr8w6917RZxO3DHndC1TfsciYhuwDGLon8WNtw1AjqRXolGnrkB2GsEENGvtJC97dioxPamOBctu06xdmDXwYpynXePoAp4+XxFlj/lUC8draUrKjAh++/LkId2Ldlxm0b1tGyfPl1ox1Gu9lY4QwoeGsTm/RJFnVH8kKns0aLHIlSdYp1+XdlQmBYSIIvVYFynVOQIKBzMBqQG9wcLbnMt7+Kz4coPI0TSvmn2dbDVKw== equinox@ffgraz.net + mur: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUW4fz/Vs4w5JMIFxoftimcbkqksZPDMfbHH/wfPKFAfJdi+fdGfWqqP7hy2/1iREF5W0L5dz9zQus0xS1/kkneUUL3CCKBD3+VzZqIbhy5rMlifd+jacVV+UZGhl/WP/wagu4+Mv0/ksXIlN6/2Pv2+ojjpGeCv4FHG/kR68zKoKNLxjHiTKt3LM9AFtx3Pn3ghIO3egbzaQ8vnTdQjGJHiosfKxiGZfnkAWvrMMq1sCJUJS7A8n2S3QUjoap3OYrVqFcPO4R/VaCaBWVdSKrymnpOGABvP9QuGenZ0CFXgl+p5QwKJz7n3CQHooUai+FPmmrCmtRV1QICyON8vdNI4hU5O1ksZOYxa0vptfqd//FMyauek5JzCDr4ExOWaZvhGsvZdLuWwiN/8KwpsgY+duiqWVC9jCOymFBPQ0Qik1hjCLXUWxDKcJIpF3WfHaHPESAlmNCKPbH5X7oBDOI5k96J34vDl1cBLjcVydtwfwbJmbApOMz3IukoUlYusbvLo2bJicHolkNrlS6qcSbaPpKsrjZ5II0Fks/S39q5rE//nVsY5oE35Gm5Pb7gndSuo/l01WOANYmKuYiwUz/XC62fis7fxiCxmLPMG3PIym7E3pe+lTjSOI3SN24cgwArDEvGZhqeyOHN468Yt8mPersXvY/cUMS1XFvLadtnw== equinox@mur.at + r3: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at + spread: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org diff --git a/group_vars/elevate/vars.yaml b/group_vars/elevate/vars.yaml deleted file mode 100644 index 1808db88..00000000 --- a/group_vars/elevate/vars.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -sshserver_root_keys: "{{ [ ssh_keys.equinox.ele ] | join('\n') }}" - -acmetool_account_email: equinox@elevate.at diff --git a/group_vars/elevate/vars.yml b/group_vars/elevate/vars.yml new file mode 100644 index 00000000..1808db88 --- /dev/null +++ b/group_vars/elevate/vars.yml @@ -0,0 +1,4 @@ +--- +sshserver_root_keys: "{{ [ ssh_keys.equinox.ele ] | join('\n') }}" + +acmetool_account_email: equinox@elevate.at diff --git a/group_vars/hetzner/vars.yaml b/group_vars/hetzner/vars.yaml deleted file mode 100644 index 2e5c8b4a..00000000 --- a/group_vars/hetzner/vars.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -debian_mirror: - packages: http://mirror.hetzner.de/debian/packages - security: http://mirror.hetzner.de/debian/security - -ubuntu_mirror: http://mirror.hetzner.de/ubuntu/packages diff --git a/group_vars/hetzner/vars.yml b/group_vars/hetzner/vars.yml new file mode 100644 index 00000000..2e5c8b4a --- /dev/null +++ b/group_vars/hetzner/vars.yml @@ -0,0 +1,6 @@ +--- +debian_mirror: + packages: http://mirror.hetzner.de/debian/packages + security: http://mirror.hetzner.de/debian/security + +ubuntu_mirror: http://mirror.hetzner.de/ubuntu/packages diff --git a/group_vars/k8s-emc/vars.yml b/group_vars/k8s-emc/vars.yml index 20716d3e..6b1344ae 100644 --- a/group_vars/k8s-emc/vars.yml +++ b/group_vars/k8s-emc/vars.yml @@ -2,7 +2,7 @@ docker_pkg_version: 17.03.2~ce-0~debian-stretch kubernetes: - pkg_version: 1.9.2-00 + pkg_version: 1.9.6-00 dedicated_master: True api_advertise_ip: 144.76.160.141 diff --git a/group_vars/skillz/vars.yaml b/group_vars/skillz/vars.yaml deleted file mode 100644 index 4d8f679d..00000000 --- a/group_vars/skillz/vars.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -sshserver_root_keys: "{{ [ ssh_keys.equinox.ele ] | join('\n') }}" diff --git a/group_vars/skillz/vars.yml b/group_vars/skillz/vars.yml new file mode 100644 index 00000000..4d8f679d --- /dev/null +++ b/group_vars/skillz/vars.yml @@ -0,0 +1,2 @@ +--- +sshserver_root_keys: "{{ [ ssh_keys.equinox.ele ] | join('\n') }}" diff --git a/group_vars/spreadspace/vars.yaml b/group_vars/spreadspace/vars.yaml deleted file mode 100644 index 30011725..00000000 --- a/group_vars/spreadspace/vars.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -sshserver_root_keys: "{{ [ ssh_keys.equinox.spread ] | join('\n') }}" - -acmetool_account_email: equinox@spreadspace.org diff --git a/group_vars/spreadspace/vars.yml b/group_vars/spreadspace/vars.yml new file mode 100644 index 00000000..30011725 --- /dev/null +++ b/group_vars/spreadspace/vars.yml @@ -0,0 +1,4 @@ +--- +sshserver_root_keys: "{{ [ ssh_keys.equinox.spread ] | join('\n') }}" + +acmetool_account_email: equinox@spreadspace.org diff --git a/group_vars/spreadspace/vault.yaml b/group_vars/spreadspace/vault.yaml deleted file mode 100644 index 625cf08f..00000000 --- a/group_vars/spreadspace/vault.yaml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -32323866383432633535336666356561623133626164346637376531333330313938363639303763 -6665643638373736653863366537336432333662396638660a336564616431313330623065643733 -66326231663364303432623839363638303565646438373333653837633235373961656633366333 -6330393836653433610a386633343737646663313764356538653664336539366630313837323739 -38363165373462386230356338396662653634316534343738643438343132616132333238623333 -30313339653537643066343262373339336363333030353538326466653833313638356639316237 -39313632373831613161306535656133363266353133343865373561346266306538363935303538 -30313164356361613265613763616364316330663735653662643937666166316562633339363037 -3733 diff --git a/group_vars/spreadspace/vault.yml b/group_vars/spreadspace/vault.yml new file mode 100644 index 00000000..625cf08f --- /dev/null +++ b/group_vars/spreadspace/vault.yml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.1;AES256 +32323866383432633535336666356561623133626164346637376531333330313938363639303763 +6665643638373736653863366537336432333662396638660a336564616431313330623065643733 +66326231663364303432623839363638303565646438373333653837633235373961656633366333 +6330393836653433610a386633343737646663313764356538653664336539366630313837323739 +38363165373462386230356338396662653634316534343738643438343132616132333238623333 +30313339653537643066343262373339336363333030353538326466653833313638356639316237 +39313632373831613161306535656133363266353133343865373561346266306538363935303538 +30313164356361613265613763616364316330663735653662643937666166316562633339363037 +3733 diff --git a/host_playbooks/calypso.yaml b/host_playbooks/calypso.yaml deleted file mode 100644 index cd6a9ac0..00000000 --- a/host_playbooks/calypso.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Basic Setup - hosts: calypso - roles: - - role: base - - role: sshserver - - role: zsh - - role: admin-user - - role: blackmagic-desktopvideo - - role: spreadspace-apt-repo diff --git a/host_playbooks/calypso.yml b/host_playbooks/calypso.yml new file mode 100644 index 00000000..cd6a9ac0 --- /dev/null +++ b/host_playbooks/calypso.yml @@ -0,0 +1,10 @@ +--- +- name: Basic Setup + hosts: calypso + roles: + - role: base + - role: sshserver + - role: zsh + - role: admin-user + - role: blackmagic-desktopvideo + - role: spreadspace-apt-repo diff --git a/host_playbooks/dione.yaml b/host_playbooks/dione.yaml deleted file mode 100644 index 70b6a077..00000000 --- a/host_playbooks/dione.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Basic Setup - hosts: dione - roles: - - role: base - - role: sshserver - - role: zsh - - role: admin-user - - role: blackmagic-desktopvideo diff --git a/host_playbooks/dione.yml b/host_playbooks/dione.yml new file mode 100644 index 00000000..70b6a077 --- /dev/null +++ b/host_playbooks/dione.yml @@ -0,0 +1,9 @@ +--- +- name: Basic Setup + hosts: dione + roles: + - role: base + - role: sshserver + - role: zsh + - role: admin-user + - role: blackmagic-desktopvideo diff --git a/host_playbooks/elesearch.yaml b/host_playbooks/elesearch.yaml deleted file mode 100644 index 7640977e..00000000 --- a/host_playbooks/elesearch.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Basic Setup - hosts: elesearch - roles: - - role: sshserver - - role: vm-grub - - role: vm-network - - role: base - - role: zsh diff --git a/host_playbooks/elesearch.yml b/host_playbooks/elesearch.yml new file mode 100644 index 00000000..7640977e --- /dev/null +++ b/host_playbooks/elesearch.yml @@ -0,0 +1,9 @@ +--- +- name: Basic Setup + hosts: elesearch + roles: + - role: sshserver + - role: vm-grub + - role: vm-network + - role: base + - role: zsh diff --git a/host_playbooks/emc-master.yaml b/host_playbooks/emc-master.yaml deleted file mode 100644 index 9d541517..00000000 --- a/host_playbooks/emc-master.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Basic Setup - hosts: emc-master - roles: - - role: base - - role: sshserver - - role: vm-grub -# - role: vm-network - - role: zsh diff --git a/host_playbooks/emc-master.yml b/host_playbooks/emc-master.yml new file mode 100644 index 00000000..9d541517 --- /dev/null +++ b/host_playbooks/emc-master.yml @@ -0,0 +1,9 @@ +--- +- name: Basic Setup + hosts: emc-master + roles: + - role: base + - role: sshserver + - role: vm-grub +# - role: vm-network + - role: zsh diff --git a/host_playbooks/emc-stats.yaml b/host_playbooks/emc-stats.yaml deleted file mode 100644 index 1ab4e47b..00000000 --- a/host_playbooks/emc-stats.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Basic Setup - hosts: emc-stats - roles: - - role: base - - role: sshserver - - role: vm-grub -# - role: vm-network - - role: zsh - - role: emc-stats diff --git a/host_playbooks/emc-stats.yml b/host_playbooks/emc-stats.yml new file mode 100644 index 00000000..1ab4e47b --- /dev/null +++ b/host_playbooks/emc-stats.yml @@ -0,0 +1,10 @@ +--- +- name: Basic Setup + hosts: emc-stats + roles: + - role: base + - role: sshserver + - role: vm-grub +# - role: vm-network + - role: zsh + - role: emc-stats diff --git a/host_playbooks/emc-test.yaml b/host_playbooks/emc-test.yaml deleted file mode 100644 index 2a298e8b..00000000 --- a/host_playbooks/emc-test.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Basic Setup - hosts: emc-test - roles: - - role: hetzner-slim - - role: base - - role: sshserver - - role: zsh - - role: admin-user diff --git a/host_playbooks/emc-test.yml b/host_playbooks/emc-test.yml new file mode 100644 index 00000000..2a298e8b --- /dev/null +++ b/host_playbooks/emc-test.yml @@ -0,0 +1,9 @@ +--- +- name: Basic Setup + hosts: emc-test + roles: + - role: hetzner-slim + - role: base + - role: sshserver + - role: zsh + - role: admin-user diff --git a/host_playbooks/emc-xx.yaml b/host_playbooks/emc-xx.yaml deleted file mode 100644 index e2005178..00000000 --- a/host_playbooks/emc-xx.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Basic Setup - hosts: emc-xx - roles: - - role: hetzner-slim - - role: base - - role: sshserver - - role: zsh - - role: admin-user diff --git a/host_playbooks/emc-xx.yml b/host_playbooks/emc-xx.yml new file mode 100644 index 00000000..e2005178 --- /dev/null +++ b/host_playbooks/emc-xx.yml @@ -0,0 +1,9 @@ +--- +- name: Basic Setup + hosts: emc-xx + roles: + - role: hetzner-slim + - role: base + - role: sshserver + - role: zsh + - role: admin-user diff --git a/host_playbooks/helene.yaml b/host_playbooks/helene.yaml deleted file mode 100644 index ce45cddf..00000000 --- a/host_playbooks/helene.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Basic Setup - hosts: helene - roles: - - role: base - - role: sshserver - - role: zsh - - role: admin-user - - role: blackmagic-desktopvideo - - role: acmetool diff --git a/host_playbooks/helene.yml b/host_playbooks/helene.yml new file mode 100644 index 00000000..ce45cddf --- /dev/null +++ b/host_playbooks/helene.yml @@ -0,0 +1,10 @@ +--- +- name: Basic Setup + hosts: helene + roles: + - role: base + - role: sshserver + - role: zsh + - role: admin-user + - role: blackmagic-desktopvideo + - role: acmetool diff --git a/host_playbooks/sk2013.yaml b/host_playbooks/sk2013.yaml deleted file mode 100644 index 387f1af1..00000000 --- a/host_playbooks/sk2013.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Basic Setup - hosts: sk2013 - roles: - - role: sshserver - - role: vm-host diff --git a/host_playbooks/sk2013.yml b/host_playbooks/sk2013.yml new file mode 100644 index 00000000..387f1af1 --- /dev/null +++ b/host_playbooks/sk2013.yml @@ -0,0 +1,6 @@ +--- +- name: Basic Setup + hosts: sk2013 + roles: + - role: sshserver + - role: vm-host diff --git a/host_playbooks/sk2016.yaml b/host_playbooks/sk2016.yaml deleted file mode 100644 index 33de823d..00000000 --- a/host_playbooks/sk2016.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Basic Setup - hosts: sk2016 - roles: - - role: sshserver - - role: vm-host diff --git a/host_playbooks/sk2016.yml b/host_playbooks/sk2016.yml new file mode 100644 index 00000000..33de823d --- /dev/null +++ b/host_playbooks/sk2016.yml @@ -0,0 +1,6 @@ +--- +- name: Basic Setup + hosts: sk2016 + roles: + - role: sshserver + - role: vm-host diff --git a/host_playbooks/telesto.yaml b/host_playbooks/telesto.yaml deleted file mode 100644 index 11b45596..00000000 --- a/host_playbooks/telesto.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Basic Setup - hosts: telesto - roles: - - role: base - - role: sshserver - - role: zsh - - role: admin-user - - role: blackmagic-desktopvideo diff --git a/host_playbooks/telesto.yml b/host_playbooks/telesto.yml new file mode 100644 index 00000000..11b45596 --- /dev/null +++ b/host_playbooks/telesto.yml @@ -0,0 +1,9 @@ +--- +- name: Basic Setup + hosts: telesto + roles: + - role: base + - role: sshserver + - role: zsh + - role: admin-user + - role: blackmagic-desktopvideo diff --git a/host_playbooks/thetys.yaml b/host_playbooks/thetys.yaml deleted file mode 100644 index fffeb769..00000000 --- a/host_playbooks/thetys.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Basic Setup - hosts: thetys - roles: - - role: base - - role: sshserver - - role: zsh - - role: admin-user - - role: blackmagic-desktopvideo - - role: spreadspace-apt-repo diff --git a/host_playbooks/thetys.yml b/host_playbooks/thetys.yml new file mode 100644 index 00000000..fffeb769 --- /dev/null +++ b/host_playbooks/thetys.yml @@ -0,0 +1,10 @@ +--- +- name: Basic Setup + hosts: thetys + roles: + - role: base + - role: sshserver + - role: zsh + - role: admin-user + - role: blackmagic-desktopvideo + - role: spreadspace-apt-repo diff --git a/host_vars/calypso.yaml b/host_vars/calypso.yaml deleted file mode 100644 index ff853586..00000000 --- a/host_vars/calypso.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/host_vars/calypso.yml b/host_vars/calypso.yml new file mode 100644 index 00000000..ff853586 --- /dev/null +++ b/host_vars/calypso.yml @@ -0,0 +1,10 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/host_vars/dione.yaml b/host_vars/dione.yaml deleted file mode 100644 index 75b289c2..00000000 --- a/host_vars/dione.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" - -docker_lvm: - vg: dione - lv: docker - size: 15G - fs: ext4 - -kubelet_lvm: - vg: dione - lv: kubelet - size: 10G - fs: ext4 diff --git a/host_vars/dione.yml b/host_vars/dione.yml new file mode 100644 index 00000000..75b289c2 --- /dev/null +++ b/host_vars/dione.yml @@ -0,0 +1,22 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" + +docker_lvm: + vg: dione + lv: docker + size: 15G + fs: ext4 + +kubelet_lvm: + vg: dione + lv: kubelet + size: 10G + fs: ext4 diff --git a/host_vars/elesearch.yaml b/host_vars/elesearch.yaml deleted file mode 100644 index 296f562e..00000000 --- a/host_vars/elesearch.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -vm_install: - host: sk2013 - mem: 1024 - numcpu: 4 - disks: - primary: vda - virtio: - vda: - vg: storage - lv: "{{ inventory_hostname }}" - size: 50g - interfaces: - - idx: 1 - bridge: virbr - name: public0 - autostart: True - -vm_network: - systemd_link: - interfaces: "{{ vm_install.interfaces }}" - internet: - interface: public0 diff --git a/host_vars/elesearch.yml b/host_vars/elesearch.yml new file mode 100644 index 00000000..296f562e --- /dev/null +++ b/host_vars/elesearch.yml @@ -0,0 +1,23 @@ +--- +vm_install: + host: sk2013 + mem: 1024 + numcpu: 4 + disks: + primary: vda + virtio: + vda: + vg: storage + lv: "{{ inventory_hostname }}" + size: 50g + interfaces: + - idx: 1 + bridge: virbr + name: public0 + autostart: True + +vm_network: + systemd_link: + interfaces: "{{ vm_install.interfaces }}" + internet: + interface: public0 diff --git a/host_vars/emc-master.yaml b/host_vars/emc-master.yaml deleted file mode 100644 index 5b9f52b9..00000000 --- a/host_vars/emc-master.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -vm_install_host: sk2013 - -vm_install: - host: "{{ vm_install_host }}" - mem: 1024 - numcpu: 2 - disks: - primary: vda - virtio: - vda: - vg: storage - lv: "{{ inventory_hostname }}" - size: 42g - interfaces: - - idx: 1 - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" - name: primary0 - autostart: True - -vm_network: - systemd_link: - interfaces: "{{ vm_install.interfaces }}" - primary: - interface: primary0 - ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" - mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" - gateway: "{{ hostvars[vm_install_host].vm_host.network.ip }}" - nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" - domain: spreadspace.org - -docker_lvm: - vg: "{{ inventory_hostname }}" - lv: docker - size: 10G - fs: ext4 - -kubelet_lvm: - vg: "{{ inventory_hostname }}" - lv: kubelet - size: 10G - fs: ext4 diff --git a/host_vars/emc-master.yml b/host_vars/emc-master.yml new file mode 100644 index 00000000..5b9f52b9 --- /dev/null +++ b/host_vars/emc-master.yml @@ -0,0 +1,42 @@ +--- +vm_install_host: sk2013 + +vm_install: + host: "{{ vm_install_host }}" + mem: 1024 + numcpu: 2 + disks: + primary: vda + virtio: + vda: + vg: storage + lv: "{{ inventory_hostname }}" + size: 42g + interfaces: + - idx: 1 + bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" + name: primary0 + autostart: True + +vm_network: + systemd_link: + interfaces: "{{ vm_install.interfaces }}" + primary: + interface: primary0 + ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" + gateway: "{{ hostvars[vm_install_host].vm_host.network.ip }}" + nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" + domain: spreadspace.org + +docker_lvm: + vg: "{{ inventory_hostname }}" + lv: docker + size: 10G + fs: ext4 + +kubelet_lvm: + vg: "{{ inventory_hostname }}" + lv: kubelet + size: 10G + fs: ext4 diff --git a/host_vars/emc-stats.yaml b/host_vars/emc-stats.yaml deleted file mode 100644 index 64917b8e..00000000 --- a/host_vars/emc-stats.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -vm_install_host: sk2016 - -vm_install: - host: "{{ vm_install_host }}" - mem: 8192 - numcpu: 6 - disks: - primary: vda - virtio: - vda: - vg: storage - lv: "{{ inventory_hostname }}" - size: 42g - vdb: - vg: storage - lv: "{{ inventory_hostname }}-data" - size: 100g - interfaces: - - idx: 1 - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" - name: primary0 - autostart: True - -vm_network: - systemd_link: - interfaces: "{{ vm_install.interfaces }}" - primary: - interface: primary0 - ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" - mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" - gateway: "{{ hostvars[vm_install_host].vm_host.network.ip }}" - nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" - domain: spreadspace.org - -docker_lvm: - vg: "{{ inventory_hostname }}" - lv: docker - size: 15G - fs: ext4 - -kubelet_lvm: - vg: "{{ inventory_hostname }}" - lv: kubelet - size: 10G - fs: ext4 - -emc_stats_lvm: - pvs: /dev/vdb - vg: "{{ inventory_hostname }}-data" - lv: stats - size: 50G - fs: ext4 diff --git a/host_vars/emc-stats.yml b/host_vars/emc-stats.yml new file mode 100644 index 00000000..64917b8e --- /dev/null +++ b/host_vars/emc-stats.yml @@ -0,0 +1,53 @@ +--- +vm_install_host: sk2016 + +vm_install: + host: "{{ vm_install_host }}" + mem: 8192 + numcpu: 6 + disks: + primary: vda + virtio: + vda: + vg: storage + lv: "{{ inventory_hostname }}" + size: 42g + vdb: + vg: storage + lv: "{{ inventory_hostname }}-data" + size: 100g + interfaces: + - idx: 1 + bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" + name: primary0 + autostart: True + +vm_network: + systemd_link: + interfaces: "{{ vm_install.interfaces }}" + primary: + interface: primary0 + ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" + gateway: "{{ hostvars[vm_install_host].vm_host.network.ip }}" + nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" + domain: spreadspace.org + +docker_lvm: + vg: "{{ inventory_hostname }}" + lv: docker + size: 15G + fs: ext4 + +kubelet_lvm: + vg: "{{ inventory_hostname }}" + lv: kubelet + size: 10G + fs: ext4 + +emc_stats_lvm: + pvs: /dev/vdb + vg: "{{ inventory_hostname }}-data" + lv: stats + size: 50G + fs: ext4 diff --git a/host_vars/helene.yaml b/host_vars/helene.yaml deleted file mode 100644 index b40fb069..00000000 --- a/host_vars/helene.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" - -docker_lvm: - vg: helene - lv: docker - size: 15G - fs: ext4 - -kubelet_lvm: - vg: helene - lv: kubelet - size: 10G - fs: ext4 diff --git a/host_vars/helene.yml b/host_vars/helene.yml new file mode 100644 index 00000000..b40fb069 --- /dev/null +++ b/host_vars/helene.yml @@ -0,0 +1,22 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" + +docker_lvm: + vg: helene + lv: docker + size: 15G + fs: ext4 + +kubelet_lvm: + vg: helene + lv: kubelet + size: 10G + fs: ext4 diff --git a/host_vars/sk2013.yaml b/host_vars/sk2013.yaml deleted file mode 100644 index d1427a67..00000000 --- a/host_vars/sk2013.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -sshserver_allowusers_host: -- backuppc -- equinox -- dan - -vm_host: - installer: - net_if: virbr - preseed_path: /srv/preseed - path: /srv/installer - distros: - - distro: debian - codename: stretch - arch: - - amd64 - - i386 - - distro: ubuntu - codename: xenial - arch: - - amd64 - - i386 - network: - interface: virbr - ip: 192.168.160.254 - mask: 255.255.255.0 - nameservers: - - 213.133.100.100 - - 213.133.98.98 - - 213.133.99.99 - indices: - emc-master: 141 diff --git a/host_vars/sk2013.yml b/host_vars/sk2013.yml new file mode 100644 index 00000000..d1427a67 --- /dev/null +++ b/host_vars/sk2013.yml @@ -0,0 +1,32 @@ +--- +sshserver_allowusers_host: +- backuppc +- equinox +- dan + +vm_host: + installer: + net_if: virbr + preseed_path: /srv/preseed + path: /srv/installer + distros: + - distro: debian + codename: stretch + arch: + - amd64 + - i386 + - distro: ubuntu + codename: xenial + arch: + - amd64 + - i386 + network: + interface: virbr + ip: 192.168.160.254 + mask: 255.255.255.0 + nameservers: + - 213.133.100.100 + - 213.133.98.98 + - 213.133.99.99 + indices: + emc-master: 141 diff --git a/host_vars/sk2016.yaml b/host_vars/sk2016.yaml deleted file mode 100644 index 872223db..00000000 --- a/host_vars/sk2016.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -sshserver_allowusers_host: -- backuppc -- equinox -- dan - -vm_host: - installer: - net_if: virbr - preseed_path: /srv/preseed - path: /srv/installer - distros: - - distro: debian - codename: stretch - arch: - - amd64 - - i386 - - distro: ubuntu - codename: xenial - arch: - - amd64 - - i386 - network: - interface: virbr - ip: 192.168.216.254 - mask: 255.255.255.0 - nameservers: - - 213.133.100.100 - - 213.133.98.98 - - 213.133.99.99 - indices: - emc-stats: 200 diff --git a/host_vars/sk2016.yml b/host_vars/sk2016.yml new file mode 100644 index 00000000..872223db --- /dev/null +++ b/host_vars/sk2016.yml @@ -0,0 +1,32 @@ +--- +sshserver_allowusers_host: +- backuppc +- equinox +- dan + +vm_host: + installer: + net_if: virbr + preseed_path: /srv/preseed + path: /srv/installer + distros: + - distro: debian + codename: stretch + arch: + - amd64 + - i386 + - distro: ubuntu + codename: xenial + arch: + - amd64 + - i386 + network: + interface: virbr + ip: 192.168.216.254 + mask: 255.255.255.0 + nameservers: + - 213.133.100.100 + - 213.133.98.98 + - 213.133.99.99 + indices: + emc-stats: 200 diff --git a/host_vars/telesto.yaml b/host_vars/telesto.yaml deleted file mode 100644 index ff853586..00000000 --- a/host_vars/telesto.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/host_vars/telesto.yml b/host_vars/telesto.yml new file mode 100644 index 00000000..ff853586 --- /dev/null +++ b/host_vars/telesto.yml @@ -0,0 +1,10 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/host_vars/thetys.yaml b/host_vars/thetys.yaml deleted file mode 100644 index ff853586..00000000 --- a/host_vars/thetys.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/host_vars/thetys.yml b/host_vars/thetys.yml new file mode 100644 index 00000000..ff853586 --- /dev/null +++ b/host_vars/thetys.yml @@ -0,0 +1,10 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/playbooks/k8s-emc.yaml b/playbooks/k8s-emc.yaml deleted file mode 100644 index b47ed5fc..00000000 --- a/playbooks/k8s-emc.yaml +++ /dev/null @@ -1,96 +0,0 @@ ---- -- name: prepare variables and do some sanity checks - hosts: k8s-emc - gather_facts: no - run_once: yes - tasks: - - name: setup variables - set_fact: - kubernetes_nodes: "{{ groups['k8s-emc'] }}" - kubernetes_nodes_master: "{{ groups['k8s-emc-master'] | first }}" - - - name: check whether every node has a net_index assigned - fail: - msg: "There are nodes without an assigned net-index: {{ kubernetes_nodes | difference(kubernetes.net_index.keys()) | join(', ') }}" - failed_when: kubernetes_nodes | difference(kubernetes.net_index.keys()) | length > 0 - - - name: check whether net indizes are unique - fail: - msg: "There are duplicate entries in the net_index table, every net-index is only allowed once" - failed_when: (kubernetes.net_index.keys() | length) != (kubernetes.net_index.values() | unique | length) - - - name: check whether net indizes are all > 0 - fail: - msg: "At least one net-index is < 1 (indizes start at 1)" - failed_when: (kubernetes.net_index.values() | min) < 1 - -######## -- name: install kubernetes and overlay network - hosts: k8s-emc - roles: - ## Since `base` has a dependency for docker it would install and start the daemon - ## without the docker daemon config file generated by `net`. - ## This means that the docker daemon will create a bridge and install iptables rules - ## upon first startup (the first time this playbook runs on a specific host). - ## Since it is a tedious task to remove the interface and the firewall rules it is much - ## easier to just run `net` before `base` as `net` does not need anything from `base`. - - role: kubernetes-net - - role: kubernetes-base - -- name: configure kubernetes master - hosts: k8s-emc-master - roles: - - role: kubernetes-master - -- name: configure kubernetes nodes - hosts: k8s-emc:!k8s-emc-master - roles: - - role: kubernetes-node - -######## -- name: check for nodes to be removed - hosts: k8s-emc-master - tasks: - - name: fetch list of current nodes - command: kubectl get nodes -o name - changed_when: False - check_mode: no - register: kubectl_node_list - - - name: generate list of nodes to be removed - with_items: "{{ kubectl_node_list.stdout_lines | map('replace', 'nodes/', '') | list | difference(kubernetes_nodes) }}" - add_host: - name: "{{ item }}" - inventory_dir: "{{inventory_dir}}" - group: _k8s-emc-remove_ - changed_when: False - - - name: drain superflous nodes - with_items: "{{ groups['_k8s-emc-remove_'] | default([]) }}" - command: "kubectl drain {{ item }} --delete-local-data --force --ignore-daemonsets" - -- name: try to clean superflous nodes - hosts: _k8s-emc-remove_ - vars: - k8s_remove_node: yes - roles: - - role: kubernetes-node - - role: kubernetes-net - -- name: remove node from api server - hosts: k8s-emc-master - tasks: - - name: remove superflous nodes - with_items: "{{ groups['_k8s-emc-remove_'] | default([]) }}" - command: "kubectl delete node {{ item }}" - - - name: wait a litte before removing bootstrap-token so new nodes have time to generate certificates for themselves - when: kube_bootstrap_token != "" - pause: - seconds: 42 - - - name: remove bootstrap-token - when: kube_bootstrap_token != "" - command: "kubectl --namespace kube-system delete secret bootstrap-token-{{ kube_bootstrap_token.split('.') | first }}" - -### TODO: add node labels (ie. for ingress daeomnset) diff --git a/playbooks/k8s-emc.yml b/playbooks/k8s-emc.yml new file mode 100644 index 00000000..b47ed5fc --- /dev/null +++ b/playbooks/k8s-emc.yml @@ -0,0 +1,96 @@ +--- +- name: prepare variables and do some sanity checks + hosts: k8s-emc + gather_facts: no + run_once: yes + tasks: + - name: setup variables + set_fact: + kubernetes_nodes: "{{ groups['k8s-emc'] }}" + kubernetes_nodes_master: "{{ groups['k8s-emc-master'] | first }}" + + - name: check whether every node has a net_index assigned + fail: + msg: "There are nodes without an assigned net-index: {{ kubernetes_nodes | difference(kubernetes.net_index.keys()) | join(', ') }}" + failed_when: kubernetes_nodes | difference(kubernetes.net_index.keys()) | length > 0 + + - name: check whether net indizes are unique + fail: + msg: "There are duplicate entries in the net_index table, every net-index is only allowed once" + failed_when: (kubernetes.net_index.keys() | length) != (kubernetes.net_index.values() | unique | length) + + - name: check whether net indizes are all > 0 + fail: + msg: "At least one net-index is < 1 (indizes start at 1)" + failed_when: (kubernetes.net_index.values() | min) < 1 + +######## +- name: install kubernetes and overlay network + hosts: k8s-emc + roles: + ## Since `base` has a dependency for docker it would install and start the daemon + ## without the docker daemon config file generated by `net`. + ## This means that the docker daemon will create a bridge and install iptables rules + ## upon first startup (the first time this playbook runs on a specific host). + ## Since it is a tedious task to remove the interface and the firewall rules it is much + ## easier to just run `net` before `base` as `net` does not need anything from `base`. + - role: kubernetes-net + - role: kubernetes-base + +- name: configure kubernetes master + hosts: k8s-emc-master + roles: + - role: kubernetes-master + +- name: configure kubernetes nodes + hosts: k8s-emc:!k8s-emc-master + roles: + - role: kubernetes-node + +######## +- name: check for nodes to be removed + hosts: k8s-emc-master + tasks: + - name: fetch list of current nodes + command: kubectl get nodes -o name + changed_when: False + check_mode: no + register: kubectl_node_list + + - name: generate list of nodes to be removed + with_items: "{{ kubectl_node_list.stdout_lines | map('replace', 'nodes/', '') | list | difference(kubernetes_nodes) }}" + add_host: + name: "{{ item }}" + inventory_dir: "{{inventory_dir}}" + group: _k8s-emc-remove_ + changed_when: False + + - name: drain superflous nodes + with_items: "{{ groups['_k8s-emc-remove_'] | default([]) }}" + command: "kubectl drain {{ item }} --delete-local-data --force --ignore-daemonsets" + +- name: try to clean superflous nodes + hosts: _k8s-emc-remove_ + vars: + k8s_remove_node: yes + roles: + - role: kubernetes-node + - role: kubernetes-net + +- name: remove node from api server + hosts: k8s-emc-master + tasks: + - name: remove superflous nodes + with_items: "{{ groups['_k8s-emc-remove_'] | default([]) }}" + command: "kubectl delete node {{ item }}" + + - name: wait a litte before removing bootstrap-token so new nodes have time to generate certificates for themselves + when: kube_bootstrap_token != "" + pause: + seconds: 42 + + - name: remove bootstrap-token + when: kube_bootstrap_token != "" + command: "kubectl --namespace kube-system delete secret bootstrap-token-{{ kube_bootstrap_token.split('.') | first }}" + +### TODO: add node labels (ie. for ingress daeomnset) diff --git a/roles/admin-user/tasks/main.yaml b/roles/admin-user/tasks/main.yaml deleted file mode 100644 index e6fc3572..00000000 --- a/roles/admin-user/tasks/main.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: install sudo - apt: - name: sudo - state: present - -- name: add admin users - with_items: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" - user: - name: "{{ item.name }}" - state: present - password: "{{ item.password | default(omit) }}" - groups: - - sudo - - adm - append: yes - shell: "{{ item.shell | default(omit) }}" diff --git a/roles/admin-user/tasks/main.yml b/roles/admin-user/tasks/main.yml new file mode 100644 index 00000000..e6fc3572 --- /dev/null +++ b/roles/admin-user/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: install sudo + apt: + name: sudo + state: present + +- name: add admin users + with_items: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + user: + name: "{{ item.name }}" + state: present + password: "{{ item.password | default(omit) }}" + groups: + - sudo + - adm + append: yes + shell: "{{ item.shell | default(omit) }}" diff --git a/roles/base/defaults/main.yaml b/roles/base/defaults/main.yaml deleted file mode 100644 index f94f3ac4..00000000 --- a/roles/base/defaults/main.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -sysctl_config_user: {} - -modules_blacklist: - net: - - dccp - - sctp - - rds - - tipc - fs: - - cramfs - - freevxfs - - hfs - - hfsplus - - jffs2 - misc: - - bluetooth - - firewire-core - - n_hdlc - - net-pf-31 - - soundcore - - thunderbolt - - usb-midi - -base_packages_extra_host: [] -base_packages_extra_group: [] diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml new file mode 100644 index 00000000..f94f3ac4 --- /dev/null +++ b/roles/base/defaults/main.yml @@ -0,0 +1,26 @@ +--- +sysctl_config_user: {} + +modules_blacklist: + net: + - dccp + - sctp + - rds + - tipc + fs: + - cramfs + - freevxfs + - hfs + - hfsplus + - jffs2 + misc: + - bluetooth + - firewire-core + - n_hdlc + - net-pf-31 + - soundcore + - thunderbolt + - usb-midi + +base_packages_extra_host: [] +base_packages_extra_group: [] diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml deleted file mode 100644 index 3c6fc790..00000000 --- a/roles/base/tasks/main.yaml +++ /dev/null @@ -1,91 +0,0 @@ ---- -- name: disable recommends and suggests - copy: - src: 02no-recommends - dest: /etc/apt/apt.conf.d/ - -- name: install base system tools - apt: - name: "{{ item }}" - state: present - with_items: - - htop - - dstat - - lsof - - gawk - - psmisc - - less - - debian-goodies - - screen - - mtr-tiny - - tcpdump - - iptraf-ng - - unp - - haveged - - dbus - - libpam-systemd - - aptitude - - ca-certificates - - file - - man-db - - manpages - - nano - -- name: Remove startup message from screen - lineinfile: - regexp: "^startup_message" - line: "startup_message off" - dest: /etc/screenrc - mode: 0644 - tags: - - screen - -- name: install htop config (1/2) - with_items: - - /root - - /etc/skel - file: - name: "{{ item }}/.config/htop/" - state: directory - mode: 0700 - -- name: install htop config (2/2) - with_items: - - /root - - /etc/skel - copy: - src: htoprc - dest: "{{ item }}/.config/htop/" - -- name: Ensure /root is not world accessible - file: - path: /root - mode: 0700 - owner: root - group: root - state: directory - -- name: disable net/fs/misc kernel modules - lineinfile: - dest: /etc/modprobe.d/disablemod.conf - line: "install {{ item }} /bin/true" - create: yes - owner: root - group: root - mode: 0644 - with_items: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}" - -- name: Change various sysctl-settings, look at the sysctl-vars file for documentation - sysctl: - name: "{{ item.key }}" - value: "{{ item.value }}" - sysctl_set: yes - state: present - reload: yes - ignoreerrors: yes - with_dict: "{{ sysctl_config | combine(sysctl_config_user) }}" - -- name: install extra packages - apt: - name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}" - state: present diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml new file mode 100644 index 00000000..3c6fc790 --- /dev/null +++ b/roles/base/tasks/main.yml @@ -0,0 +1,91 @@ +--- +- name: disable recommends and suggests + copy: + src: 02no-recommends + dest: /etc/apt/apt.conf.d/ + +- name: install base system tools + apt: + name: "{{ item }}" + state: present + with_items: + - htop + - dstat + - lsof + - gawk + - psmisc + - less + - debian-goodies + - screen + - mtr-tiny + - tcpdump + - iptraf-ng + - unp + - haveged + - dbus + - libpam-systemd + - aptitude + - ca-certificates + - file + - man-db + - manpages + - nano + +- name: Remove startup message from screen + lineinfile: + regexp: "^startup_message" + line: "startup_message off" + dest: /etc/screenrc + mode: 0644 + tags: + - screen + +- name: install htop config (1/2) + with_items: + - /root + - /etc/skel + file: + name: "{{ item }}/.config/htop/" + state: directory + mode: 0700 + +- name: install htop config (2/2) + with_items: + - /root + - /etc/skel + copy: + src: htoprc + dest: "{{ item }}/.config/htop/" + +- name: Ensure /root is not world accessible + file: + path: /root + mode: 0700 + owner: root + group: root + state: directory + +- name: disable net/fs/misc kernel modules + lineinfile: + dest: /etc/modprobe.d/disablemod.conf + line: "install {{ item }} /bin/true" + create: yes + owner: root + group: root + mode: 0644 + with_items: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}" + +- name: Change various sysctl-settings, look at the sysctl-vars file for documentation + sysctl: + name: "{{ item.key }}" + value: "{{ item.value }}" + sysctl_set: yes + state: present + reload: yes + ignoreerrors: yes + with_dict: "{{ sysctl_config | combine(sysctl_config_user) }}" + +- name: install extra packages + apt: + name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}" + state: present diff --git a/roles/base/vars/main.yaml b/roles/base/vars/main.yaml deleted file mode 100644 index 557a4a7c..00000000 --- a/roles/base/vars/main.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# SYSTEM CONFIGURATION -# ==================== -# These are not meant to be modified by the user - -# -# To adjust these settings use sysctl_config_user dict -# -sysctl_config: - - # Enable RFC-recommended source validation feature. - net.ipv4.conf.all.rp_filter: 1 - net.ipv4.conf.default.rp_filter: 1 - - # Log packets with impossible addresses to kernel log? yes - net.ipv4.conf.all.log_martians: 1 - net.ipv4.conf.default.log_martians: 1 - - # Reduce the surface on SMURF attacks. - # Make sure to ignore ECHO broadcasts, which are only required in broad network analysis. - net.ipv4.icmp_echo_ignore_broadcasts: 1 - - # There is no reason to accept bogus error responses from ICMP, so ignore them instead. - net.ipv4.icmp_ignore_bogus_error_responses: 1 - - # Limit the amount of traffic the system uses for ICMP. - net.ipv4.icmp_ratelimit: 1000 - - # Send redirects, if router, but this is just server - net.ipv4.conf.all.send_redirects: 0 - net.ipv4.conf.default.send_redirects: 0 - net.ipv4.conf.all.accept_redirects: 0 - net.ipv4.conf.default.accept_redirects: 0 - net.ipv6.conf.all.accept_redirects: 0 - net.ipv6.conf.default.accept_redirects: 0 - net.ipv4.conf.all.secure_redirects: 0 - net.ipv4.conf.default.secure_redirects: 0 - - net.ipv4.conf.all.accept_source_route: 0 - net.ipv4.conf.default.accept_source_route: 0 - - # Protect against wrapping sequence numbers at gigabit speeds - net.ipv4.tcp_timestamps: 0 - - # Prevent against the common 'syn flood attack' - net.ipv4.tcp_syncookies: 1 diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml new file mode 100644 index 00000000..557a4a7c --- /dev/null +++ b/roles/base/vars/main.yml @@ -0,0 +1,45 @@ +# SYSTEM CONFIGURATION +# ==================== +# These are not meant to be modified by the user + +# +# To adjust these settings use sysctl_config_user dict +# +sysctl_config: + + # Enable RFC-recommended source validation feature. + net.ipv4.conf.all.rp_filter: 1 + net.ipv4.conf.default.rp_filter: 1 + + # Log packets with impossible addresses to kernel log? yes + net.ipv4.conf.all.log_martians: 1 + net.ipv4.conf.default.log_martians: 1 + + # Reduce the surface on SMURF attacks. + # Make sure to ignore ECHO broadcasts, which are only required in broad network analysis. + net.ipv4.icmp_echo_ignore_broadcasts: 1 + + # There is no reason to accept bogus error responses from ICMP, so ignore them instead. + net.ipv4.icmp_ignore_bogus_error_responses: 1 + + # Limit the amount of traffic the system uses for ICMP. + net.ipv4.icmp_ratelimit: 1000 + + # Send redirects, if router, but this is just server + net.ipv4.conf.all.send_redirects: 0 + net.ipv4.conf.default.send_redirects: 0 + net.ipv4.conf.all.accept_redirects: 0 + net.ipv4.conf.default.accept_redirects: 0 + net.ipv6.conf.all.accept_redirects: 0 + net.ipv6.conf.default.accept_redirects: 0 + net.ipv4.conf.all.secure_redirects: 0 + net.ipv4.conf.default.secure_redirects: 0 + + net.ipv4.conf.all.accept_source_route: 0 + net.ipv4.conf.default.accept_source_route: 0 + + # Protect against wrapping sequence numbers at gigabit speeds + net.ipv4.tcp_timestamps: 0 + + # Prevent against the common 'syn flood attack' + net.ipv4.tcp_syncookies: 1 diff --git a/roles/blackmagic-desktopvideo/handlers/main.yaml b/roles/blackmagic-desktopvideo/handlers/main.yaml deleted file mode 100644 index bb7fde2b..00000000 --- a/roles/blackmagic-desktopvideo/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: reload systemd - systemd: - daemon_reload: yes diff --git a/roles/blackmagic-desktopvideo/handlers/main.yml b/roles/blackmagic-desktopvideo/handlers/main.yml new file mode 100644 index 00000000..bb7fde2b --- /dev/null +++ b/roles/blackmagic-desktopvideo/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: reload systemd + systemd: + daemon_reload: yes diff --git a/roles/blackmagic-desktopvideo/tasks/main.yaml b/roles/blackmagic-desktopvideo/tasks/main.yaml deleted file mode 100644 index 632f36ea..00000000 --- a/roles/blackmagic-desktopvideo/tasks/main.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: install apt https transport - apt: - name: apt-transport-https - state: present - -- name: add repository key - apt_key: - data: "{{ lookup('file', 'repo.asc') }}" - state: present - -- name: add repository entry - apt_repository: - repo: deb https://{{ vault_build_spreadspace_blackmagic.username }}:{{ vault_build_spreadspace_blackmagic.password }}@build.spreadspace.org/ {{ ansible_distribution_release }} blackmagic - state: present - filename: blackmagic - mode: 0600 - -- name: install blackmagic desktopvideo - apt: - name: desktopvideo - state: present - -- name: install improved kill mode for DesktopVideoHelper (1/2) - file: - name: /etc/systemd/system/DesktopVideoHelper.service.d - state: directory - -- name: install improved kill mode for DesktopVideoHelper (1/2) - copy: - src: DesktopVideoHelper-killmode.conf - dest: /etc/systemd/system/DesktopVideoHelper.service.d/killmode.conf - notify: reload systemd - -- name: make sure DesktopVideoHelper is disabled and stopped - systemd: - name: DesktopVideoHelper.service - daemon_reload: yes - state: stopped - enabled: no diff --git a/roles/blackmagic-desktopvideo/tasks/main.yml b/roles/blackmagic-desktopvideo/tasks/main.yml new file mode 100644 index 00000000..632f36ea --- /dev/null +++ b/roles/blackmagic-desktopvideo/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: install apt https transport + apt: + name: apt-transport-https + state: present + +- name: add repository key + apt_key: + data: "{{ lookup('file', 'repo.asc') }}" + state: present + +- name: add repository entry + apt_repository: + repo: deb https://{{ vault_build_spreadspace_blackmagic.username }}:{{ vault_build_spreadspace_blackmagic.password }}@build.spreadspace.org/ {{ ansible_distribution_release }} blackmagic + state: present + filename: blackmagic + mode: 0600 + +- name: install blackmagic desktopvideo + apt: + name: desktopvideo + state: present + +- name: install improved kill mode for DesktopVideoHelper (1/2) + file: + name: /etc/systemd/system/DesktopVideoHelper.service.d + state: directory + +- name: install improved kill mode for DesktopVideoHelper (1/2) + copy: + src: DesktopVideoHelper-killmode.conf + dest: /etc/systemd/system/DesktopVideoHelper.service.d/killmode.conf + notify: reload systemd + +- name: make sure DesktopVideoHelper is disabled and stopped + systemd: + name: DesktopVideoHelper.service + daemon_reload: yes + state: stopped + enabled: no diff --git a/roles/docker/tasks/main.yaml b/roles/docker/tasks/main.yaml deleted file mode 100644 index 2253f1ed..00000000 --- a/roles/docker/tasks/main.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: prepare /var/lib/docker as LVM - when: docker_lvm is defined - block: - - - name: create logical volume - lvol: - vg: "{{ docker_lvm.vg }}" - lv: "{{ docker_lvm.lv }}" - size: "{{ docker_lvm.size }}" - - - name: create filesystem - filesystem: - fstype: "{{ docker_lvm.fs }}" - dev: "/dev/mapper/{{ docker_lvm.vg | replace('-', '--') }}-{{ docker_lvm.lv | replace('-', '--') }}" - - - name: mount filesytem - mount: - src: "/dev/mapper/{{ docker_lvm.vg | replace('-', '--') }}-{{ docker_lvm.lv | replace('-', '--') }}" - path: /var/lib/docker - fstype: "{{ docker_lvm.fs }}" - state: mounted - -- name: install apt https transport - apt: - name: apt-transport-https - state: present - -- name: add docker apt key - apt_key: - data: "{{ lookup('file', 'docker-apt-key.asc') }}" - state: present - -- name: add docker apt repo - apt_repository: - repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable" - state: present - filename: docker - -- name: install docker - apt: - name: "docker-ce{% if docker_pkg_version is defined %}={{ docker_pkg_version }}{% endif %}" - state: present - force: yes - -- name: disable automatic upgrades for docker package - when: docker_pkg_version is defined - dpkg_selections: - name: docker-ce - selection: hold diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 00000000..2253f1ed --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,50 @@ +--- +- name: prepare /var/lib/docker as LVM + when: docker_lvm is defined + block: + + - name: create logical volume + lvol: + vg: "{{ docker_lvm.vg }}" + lv: "{{ docker_lvm.lv }}" + size: "{{ docker_lvm.size }}" + + - name: create filesystem + filesystem: + fstype: "{{ docker_lvm.fs }}" + dev: "/dev/mapper/{{ docker_lvm.vg | replace('-', '--') }}-{{ docker_lvm.lv | replace('-', '--') }}" + + - name: mount filesytem + mount: + src: "/dev/mapper/{{ docker_lvm.vg | replace('-', '--') }}-{{ docker_lvm.lv | replace('-', '--') }}" + path: /var/lib/docker + fstype: "{{ docker_lvm.fs }}" + state: mounted + +- name: install apt https transport + apt: + name: apt-transport-https + state: present + +- name: add docker apt key + apt_key: + data: "{{ lookup('file', 'docker-apt-key.asc') }}" + state: present + +- name: add docker apt repo + apt_repository: + repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable" + state: present + filename: docker + +- name: install docker + apt: + name: "docker-ce{% if docker_pkg_version is defined %}={{ docker_pkg_version }}{% endif %}" + state: present + force: yes + +- name: disable automatic upgrades for docker package + when: docker_pkg_version is defined + dpkg_selections: + name: docker-ce + selection: hold diff --git a/roles/emc-stats/tasks/main.yaml b/roles/emc-stats/tasks/main.yaml deleted file mode 100644 index 69c7af01..00000000 --- a/roles/emc-stats/tasks/main.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: create volume group - when: emc_stats_lvm.pvs is defined - lvg: - vg: "{{ emc_stats_lvm.vg }}" - pvs: "{{ emc_stats_lvm.pvs }}" - -- name: create logical volume - lvol: - vg: "{{ emc_stats_lvm.vg }}" - lv: "{{ emc_stats_lvm.lv }}" - size: "{{ emc_stats_lvm.size }}" - -- name: create filesystem - filesystem: - fstype: "{{ emc_stats_lvm.fs }}" - dev: "/dev/mapper/{{ emc_stats_lvm.vg | replace('-', '--') }}-{{ emc_stats_lvm.lv | replace('-', '--') }}" - -- name: mount filesytem - mount: - src: "/dev/mapper/{{ emc_stats_lvm.vg | replace('-', '--') }}-{{ emc_stats_lvm.lv | replace('-', '--') }}" - path: /srv/stats - fstype: "{{ emc_stats_lvm.fs }}" - state: mounted - -# needed for elasticsearch -- name: increase vm.max_map_count - sysctl: - name: vm.max_map_count - value: 262144 diff --git a/roles/emc-stats/tasks/main.yml b/roles/emc-stats/tasks/main.yml new file mode 100644 index 00000000..69c7af01 --- /dev/null +++ b/roles/emc-stats/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: create volume group + when: emc_stats_lvm.pvs is defined + lvg: + vg: "{{ emc_stats_lvm.vg }}" + pvs: "{{ emc_stats_lvm.pvs }}" + +- name: create logical volume + lvol: + vg: "{{ emc_stats_lvm.vg }}" + lv: "{{ emc_stats_lvm.lv }}" + size: "{{ emc_stats_lvm.size }}" + +- name: create filesystem + filesystem: + fstype: "{{ emc_stats_lvm.fs }}" + dev: "/dev/mapper/{{ emc_stats_lvm.vg | replace('-', '--') }}-{{ emc_stats_lvm.lv | replace('-', '--') }}" + +- name: mount filesytem + mount: + src: "/dev/mapper/{{ emc_stats_lvm.vg | replace('-', '--') }}-{{ emc_stats_lvm.lv | replace('-', '--') }}" + path: /srv/stats + fstype: "{{ emc_stats_lvm.fs }}" + state: mounted + +# needed for elasticsearch +- name: increase vm.max_map_count + sysctl: + name: vm.max_map_count + value: 262144 diff --git a/roles/hetzner-slim/tasks/main.yaml b/roles/hetzner-slim/tasks/main.yaml deleted file mode 100644 index 81218085..00000000 --- a/roles/hetzner-slim/tasks/main.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: remove useless packages - with_items: - - exim4 - - exim4-daemon-light - apt: - name: "{{ item }}" - state: absent - purge: yes - -- name: cleanup useless dependencies - apt: - autoremove: yes - purge: yes diff --git a/roles/hetzner-slim/tasks/main.yml b/roles/hetzner-slim/tasks/main.yml new file mode 100644 index 00000000..81218085 --- /dev/null +++ b/roles/hetzner-slim/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: remove useless packages + with_items: + - exim4 + - exim4-daemon-light + apt: + name: "{{ item }}" + state: absent + purge: yes + +- name: cleanup useless dependencies + apt: + autoremove: yes + purge: yes diff --git a/roles/kubernetes-base/tasks/main.yaml b/roles/kubernetes-base/tasks/main.yaml deleted file mode 100644 index 4e3aba4e..00000000 --- a/roles/kubernetes-base/tasks/main.yaml +++ /dev/null @@ -1,89 +0,0 @@ ---- -- name: prepare /var/lib/kubelet as LVM - when: kubelet_lvm is defined - block: - - - name: create logical volume - lvol: - vg: "{{ kubelet_lvm.vg }}" - lv: "{{ kubelet_lvm.lv }}" - size: "{{ kubelet_lvm.size }}" - - - name: create filesystem - filesystem: - fstype: "{{ kubelet_lvm.fs }}" - dev: "/dev/mapper/{{ kubelet_lvm.vg | replace('-', '--') }}-{{ kubelet_lvm.lv | replace('-', '--') }}" - - - name: mount filesytem - mount: - src: "/dev/mapper/{{ kubelet_lvm.vg | replace('-', '--') }}-{{ kubelet_lvm.lv | replace('-', '--') }}" - path: /var/lib/kubelet - fstype: "{{ kubelet_lvm.fs }}" - state: mounted - -- name: install apt https transport - apt: - name: apt-transport-https - state: present - -- name: add kubernetes apt key - apt_key: - data: "{{ lookup('file', 'kubernetes-apt-key.asc') }}" - state: present - -- name: add kubernetes apt repo - apt_repository: - repo: deb http://apt.kubernetes.io/ kubernetes-xenial main - state: present - filename: kubernetes - -- name: install basic kubernetes components - with_items: - - "kubelet{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" - - "kubeadm{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" - - "kubectl{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" - apt: - name: "{{ item }}" - state: present - -- name: disable automatic upgrades for kubernetes components - when: kubernetes.pkg_version is defined - with_items: - - kubelet - - kubeadm - - kubectl - dpkg_selections: - name: "{{ item }}" - selection: hold - -- name: install kubelet config snippets - with_items: - - 20-dns.conf - - 50-extra.conf - template: - src: "{{ item }}.j2" - dest: "/etc/systemd/system/kubelet.service.d/{{ item }}" - notify: reload systemd - -- name: add dummy group with gid 998 - group: - name: app - gid: 998 - -- name: add dummy user with uid 998 - user: - name: app - uid: 998 - group: app - password: "!" - -- name: add kubectl config for shells - with_items: - - zsh - - bash - blockinfile: - path: "/root/.{{ item }}rc" - create: yes - marker: "### {mark} ANSIBLE MANAGED BLOCK for kubectl ###" - content: | - source <(kubectl completion {{ item }}) diff --git a/roles/kubernetes-base/tasks/main.yml b/roles/kubernetes-base/tasks/main.yml new file mode 100644 index 00000000..cc3bc83a --- /dev/null +++ b/roles/kubernetes-base/tasks/main.yml @@ -0,0 +1,90 @@ +--- +- name: prepare /var/lib/kubelet as LVM + when: kubelet_lvm is defined + block: + + - name: create logical volume + lvol: + vg: "{{ kubelet_lvm.vg }}" + lv: "{{ kubelet_lvm.lv }}" + size: "{{ kubelet_lvm.size }}" + + - name: create filesystem + filesystem: + fstype: "{{ kubelet_lvm.fs }}" + dev: "/dev/mapper/{{ kubelet_lvm.vg | replace('-', '--') }}-{{ kubelet_lvm.lv | replace('-', '--') }}" + + - name: mount filesytem + mount: + src: "/dev/mapper/{{ kubelet_lvm.vg | replace('-', '--') }}-{{ kubelet_lvm.lv | replace('-', '--') }}" + path: /var/lib/kubelet + fstype: "{{ kubelet_lvm.fs }}" + state: mounted + +- name: install apt https transport + apt: + name: apt-transport-https + state: present + force: yes + +- name: add kubernetes apt key + apt_key: + data: "{{ lookup('file', 'kubernetes-apt-key.asc') }}" + state: present + +- name: add kubernetes apt repo + apt_repository: + repo: deb http://apt.kubernetes.io/ kubernetes-xenial main + state: present + filename: kubernetes + +- name: install basic kubernetes components + with_items: + - "kubelet{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" + - "kubeadm{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" + - "kubectl{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" + apt: + name: "{{ item }}" + state: present + +- name: disable automatic upgrades for kubernetes components + when: kubernetes.pkg_version is defined + with_items: + - kubelet + - kubeadm + - kubectl + dpkg_selections: + name: "{{ item }}" + selection: hold + +- name: install kubelet config snippets + with_items: + - 20-dns.conf + - 50-extra.conf + template: + src: "{{ item }}.j2" + dest: "/etc/systemd/system/kubelet.service.d/{{ item }}" + notify: reload systemd + +- name: add dummy group with gid 998 + group: + name: app + gid: 998 + +- name: add dummy user with uid 998 + user: + name: app + uid: 998 + group: app + password: "!" + +- name: add kubectl config for shells + with_items: + - zsh + - bash + blockinfile: + path: "/root/.{{ item }}rc" + create: yes + marker: "### {mark} ANSIBLE MANAGED BLOCK for kubectl ###" + content: | + source <(kubectl completion {{ item }}) diff --git a/roles/kubernetes-net/handlers/main.yaml b/roles/kubernetes-net/handlers/main.yaml deleted file mode 100644 index bb7fde2b..00000000 --- a/roles/kubernetes-net/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: reload systemd - systemd: - daemon_reload: yes diff --git a/roles/kubernetes-net/handlers/main.yml b/roles/kubernetes-net/handlers/main.yml new file mode 100644 index 00000000..bb7fde2b --- /dev/null +++ b/roles/kubernetes-net/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: reload systemd + systemd: + daemon_reload: yes diff --git a/roles/kubernetes-net/tasks/add.yaml b/roles/kubernetes-net/tasks/add.yaml deleted file mode 100644 index f4e422c6..00000000 --- a/roles/kubernetes-net/tasks/add.yaml +++ /dev/null @@ -1,114 +0,0 @@ ---- -- name: create docker config directory - file: - name: /etc/docker - state: directory - mode: 0700 - -- name: disable docker iptables and bridge - copy: - src: daemon.json - dest: /etc/docker/daemon.json - -- name: create network config directory - file: - name: /var/lib/kubenet/ - state: directory - -- name: configure wireguard port - set_fact: - kubenet_wireguard_port: "{{ kubernetes.wireguard_port | default(51820) }}" - -- name: install ifupdown script - template: - src: ifupdown.sh.j2 - dest: /var/lib/kubenet/ifupdown.sh - mode: 0755 - # TODO: notify reload... this is unfortunately already to late because - # it must probably be brought down by the old version of the script - -- name: generate wireguard private key - shell: "umask 077; wg genkey > /var/lib/kubenet/kube-wg0.privatekey" - args: - creates: /var/lib/kubenet/kube-wg0.privatekey - -- name: fetch wireguard public key - shell: "wg pubkey < /var/lib/kubenet/kube-wg0.privatekey" - register: kubenet_wireguard_pubkey - changed_when: false - check_mode: no - -- name: install systemd service unit for network interfaces - copy: - src: kubenet-interfaces.service - dest: /etc/systemd/system/kubenet-interfaces.service - # TODO: notify: reload??? - -- name: make sure kubenet interfaces service is started and enabled - systemd: - daemon_reload: yes - name: kubenet-interfaces.service - state: started - enabled: yes - -- name: get list of currently installed kubenet peers - find: - path: /etc/systemd/system/ - pattern: "kubenet-peer-*.service" - register: kubenet_peers_installed - -- name: compute list of peers to be added - set_fact: - kubenet_peers_to_add: "{{ kubernetes_nodes | difference(inventory_hostname) }}" - -- name: compute list of peers to be removed - set_fact: - kubenet_peers_to_remove: "{{ kubenet_peers_installed.files | map(attribute='path') | map('replace', '/etc/systemd/system/kubenet-peer-', '') | map('replace', '.service', '') | difference(kubenet_peers_to_add) }}" - -- name: stop/disable systemd units for stale kubenet peers - with_items: "{{ kubenet_peers_to_remove }}" - systemd: - name: "kubenet-peer-{{ item }}.service" - state: stopped - enabled: no - -- name: remove systemd units for stale kubenet peers - with_items: "{{ kubenet_peers_to_remove }}" - file: - name: "/etc/systemd/system/kubenet-peer-{{ item }}.service" - state: absent - -- name: install systemd units for every kubenet peer - with_items: "{{ kubenet_peers_to_add }}" - loop_control: - loop_var: peer - template: - src: kubenet-peer.service.j2 - dest: "/etc/systemd/system/kubenet-peer-{{ peer }}.service" - # TODO: notify restart for peers that change... - -- name: make sure kubenet peer services are started and enabled - with_items: "{{ kubenet_peers_to_add }}" - systemd: - daemon_reload: yes - name: "kubenet-peer-{{ item }}.service" - state: started - enabled: yes - -- name: enable IPv4 forwarding - sysctl: - name: net.ipv4.ip_forward - value: 1 - sysctl_set: yes - state: present - reload: yes - -- name: create cni config directory - file: - name: /etc/cni/net.d - state: directory - -- name: install cni config - template: - src: k8s.json.j2 - dest: /etc/cni/net.d/k8s.json diff --git a/roles/kubernetes-net/tasks/add.yml b/roles/kubernetes-net/tasks/add.yml new file mode 100644 index 00000000..f4e422c6 --- /dev/null +++ b/roles/kubernetes-net/tasks/add.yml @@ -0,0 +1,114 @@ +--- +- name: create docker config directory + file: + name: /etc/docker + state: directory + mode: 0700 + +- name: disable docker iptables and bridge + copy: + src: daemon.json + dest: /etc/docker/daemon.json + +- name: create network config directory + file: + name: /var/lib/kubenet/ + state: directory + +- name: configure wireguard port + set_fact: + kubenet_wireguard_port: "{{ kubernetes.wireguard_port | default(51820) }}" + +- name: install ifupdown script + template: + src: ifupdown.sh.j2 + dest: /var/lib/kubenet/ifupdown.sh + mode: 0755 + # TODO: notify reload... this is unfortunately already to late because + # it must probably be brought down by the old version of the script + +- name: generate wireguard private key + shell: "umask 077; wg genkey > /var/lib/kubenet/kube-wg0.privatekey" + args: + creates: /var/lib/kubenet/kube-wg0.privatekey + +- name: fetch wireguard public key + shell: "wg pubkey < /var/lib/kubenet/kube-wg0.privatekey" + register: kubenet_wireguard_pubkey + changed_when: false + check_mode: no + +- name: install systemd service unit for network interfaces + copy: + src: kubenet-interfaces.service + dest: /etc/systemd/system/kubenet-interfaces.service + # TODO: notify: reload??? + +- name: make sure kubenet interfaces service is started and enabled + systemd: + daemon_reload: yes + name: kubenet-interfaces.service + state: started + enabled: yes + +- name: get list of currently installed kubenet peers + find: + path: /etc/systemd/system/ + pattern: "kubenet-peer-*.service" + register: kubenet_peers_installed + +- name: compute list of peers to be added + set_fact: + kubenet_peers_to_add: "{{ kubernetes_nodes | difference(inventory_hostname) }}" + +- name: compute list of peers to be removed + set_fact: + kubenet_peers_to_remove: "{{ kubenet_peers_installed.files | map(attribute='path') | map('replace', '/etc/systemd/system/kubenet-peer-', '') | map('replace', '.service', '') | difference(kubenet_peers_to_add) }}" + +- name: stop/disable systemd units for stale kubenet peers + with_items: "{{ kubenet_peers_to_remove }}" + systemd: + name: "kubenet-peer-{{ item }}.service" + state: stopped + enabled: no + +- name: remove systemd units for stale kubenet peers + with_items: "{{ kubenet_peers_to_remove }}" + file: + name: "/etc/systemd/system/kubenet-peer-{{ item }}.service" + state: absent + +- name: install systemd units for every kubenet peer + with_items: "{{ kubenet_peers_to_add }}" + loop_control: + loop_var: peer + template: + src: kubenet-peer.service.j2 + dest: "/etc/systemd/system/kubenet-peer-{{ peer }}.service" + # TODO: notify restart for peers that change... + +- name: make sure kubenet peer services are started and enabled + with_items: "{{ kubenet_peers_to_add }}" + systemd: + daemon_reload: yes + name: "kubenet-peer-{{ item }}.service" + state: started + enabled: yes + +- name: enable IPv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: 1 + sysctl_set: yes + state: present + reload: yes + +- name: create cni config directory + file: + name: /etc/cni/net.d + state: directory + +- name: install cni config + template: + src: k8s.json.j2 + dest: /etc/cni/net.d/k8s.json diff --git a/roles/kubernetes-net/tasks/main.yaml b/roles/kubernetes-net/tasks/main.yaml deleted file mode 100644 index c8d06380..00000000 --- a/roles/kubernetes-net/tasks/main.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: add node to overlay network - include_tasks: add.yaml - when: k8s_remove_node is not defined - -- name: remove node from overlay network - include_tasks: remove.yaml - when: k8s_remove_node is defined diff --git a/roles/kubernetes-net/tasks/main.yml b/roles/kubernetes-net/tasks/main.yml new file mode 100644 index 00000000..8c94292e --- /dev/null +++ b/roles/kubernetes-net/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: add node to overlay network + include_tasks: add.yml + when: k8s_remove_node is not defined + +- name: remove node from overlay network + include_tasks: remove.yml + when: k8s_remove_node is defined diff --git a/roles/kubernetes-net/tasks/remove.yaml b/roles/kubernetes-net/tasks/remove.yaml deleted file mode 100644 index 6695bd5d..00000000 --- a/roles/kubernetes-net/tasks/remove.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: check if kubenet interface service unit exists - stat: - path: /etc/systemd/system/kubenet-interfaces.service - register: kubenet_interface_unit - -- name: bring down kubenet interface - systemd: - name: kubenet-interfaces.service - state: stopped - when: kubenet_interface_unit.stat.exists - -- name: gather list of all kubenet related service units - find: - path: /etc/systemd/system/ - patterns: - - "kubenet-peer-*.service" - - kubenet-interfaces.service - register: kubenet_units_installed - -- name: remove all kubenet related files and directories - with_flattened: - - "{{ kubenet_units_installed.files | map(attribute='path') | list }}" - - /var/lib/kubenet - file: - path: "{{ item }}" - state: absent - notify: reload systemd diff --git a/roles/kubernetes-net/tasks/remove.yml b/roles/kubernetes-net/tasks/remove.yml new file mode 100644 index 00000000..6695bd5d --- /dev/null +++ b/roles/kubernetes-net/tasks/remove.yml @@ -0,0 +1,28 @@ +--- +- name: check if kubenet interface service unit exists + stat: + path: /etc/systemd/system/kubenet-interfaces.service + register: kubenet_interface_unit + +- name: bring down kubenet interface + systemd: + name: kubenet-interfaces.service + state: stopped + when: kubenet_interface_unit.stat.exists + +- name: gather list of all kubenet related service units + find: + path: /etc/systemd/system/ + patterns: + - "kubenet-peer-*.service" + - kubenet-interfaces.service + register: kubenet_units_installed + +- name: remove all kubenet related files and directories + with_flattened: + - "{{ kubenet_units_installed.files | map(attribute='path') | list }}" + - /var/lib/kubenet + file: + path: "{{ item }}" + state: absent + notify: reload systemd diff --git a/roles/reboot-and-wait/tasks/main.yaml b/roles/reboot-and-wait/tasks/main.yaml deleted file mode 100644 index 4c1b7097..00000000 --- a/roles/reboot-and-wait/tasks/main.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- name: reboot machine - shell: sleep 2 && shutdown -r now - async: 1 - poll: 0 - ignore_errors: true - -- name: waiting for host to come back - wait_for_connection: - delay: "{{ reboot_delay | default(60) }}" - timeout: "{{ reboot_timeout | default(300) }}" diff --git a/roles/reboot-and-wait/tasks/main.yml b/roles/reboot-and-wait/tasks/main.yml new file mode 100644 index 00000000..4c1b7097 --- /dev/null +++ b/roles/reboot-and-wait/tasks/main.yml @@ -0,0 +1,10 @@ +- name: reboot machine + shell: sleep 2 && shutdown -r now + async: 1 + poll: 0 + ignore_errors: true + +- name: waiting for host to come back + wait_for_connection: + delay: "{{ reboot_delay | default(60) }}" + timeout: "{{ reboot_timeout | default(300) }}" diff --git a/roles/scaleway-slim/tasks/main.yaml b/roles/scaleway-slim/tasks/main.yaml deleted file mode 100644 index 81218085..00000000 --- a/roles/scaleway-slim/tasks/main.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: remove useless packages - with_items: - - exim4 - - exim4-daemon-light - apt: - name: "{{ item }}" - state: absent - purge: yes - -- name: cleanup useless dependencies - apt: - autoremove: yes - purge: yes diff --git a/roles/scaleway-slim/tasks/main.yml b/roles/scaleway-slim/tasks/main.yml new file mode 100644 index 00000000..81218085 --- /dev/null +++ b/roles/scaleway-slim/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: remove useless packages + with_items: + - exim4 + - exim4-daemon-light + apt: + name: "{{ item }}" + state: absent + purge: yes + +- name: cleanup useless dependencies + apt: + autoremove: yes + purge: yes diff --git a/roles/spreadspace-apt-repo/tasks/main.yaml b/roles/spreadspace-apt-repo/tasks/main.yaml deleted file mode 100644 index 9434ae4d..00000000 --- a/roles/spreadspace-apt-repo/tasks/main.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: install apt https transport - apt: - name: apt-transport-https - state: present - -- name: add repository key - apt_key: - data: "{{ lookup('file', 'repo.asc') }}" - state: present - -- name: add repository entry - apt_repository: - repo: deb https://build.spreadspace.org/ {{ ansible_distribution_release }} main - state: present - filename: spreadspace diff --git a/roles/spreadspace-apt-repo/tasks/main.yml b/roles/spreadspace-apt-repo/tasks/main.yml new file mode 100644 index 00000000..9434ae4d --- /dev/null +++ b/roles/spreadspace-apt-repo/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: install apt https transport + apt: + name: apt-transport-https + state: present + +- name: add repository key + apt_key: + data: "{{ lookup('file', 'repo.asc') }}" + state: present + +- name: add repository entry + apt_repository: + repo: deb https://build.spreadspace.org/ {{ ansible_distribution_release }} main + state: present + filename: spreadspace diff --git a/roles/sshserver/handlers/main.yaml b/roles/sshserver/handlers/main.yaml deleted file mode 100644 index 822887e3..00000000 --- a/roles/sshserver/handlers/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart ssh - service: - name: ssh - state: restarted diff --git a/roles/sshserver/handlers/main.yml b/roles/sshserver/handlers/main.yml new file mode 100644 index 00000000..822887e3 --- /dev/null +++ b/roles/sshserver/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart ssh + service: + name: ssh + state: restarted diff --git a/roles/sshserver/tasks/main.yaml b/roles/sshserver/tasks/main.yaml deleted file mode 100644 index 6d6cc59c..00000000 --- a/roles/sshserver/tasks/main.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: install ssh-server - apt: - name: openssh-server - state: present - -- name: hardening ssh-server config - lineinfile: - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - dest: /etc/ssh/sshd_config - mode: 0644 - with_items: - - { regexp: "^#?\\s*IgnoreRhosts", line: "IgnoreRhosts yes" } - - { regexp: "^#?\\s*PermitRootLogin", line: "PermitRootLogin without-password" } - - { regexp: "^#?\\s*PubkeyAuthentication", line: "PubkeyAuthentication yes" } - - { regexp: "^#?\\s*HostbasedAuthentication", line: "HostbasedAuthentication no" } - - { regexp: "^#?\\s*PermitEmptyPasswords", line: "PermitEmptyPasswords no" } - - { regexp: "^#?\\s*UseDNS", line: "UseDNS no" } - notify: restart ssh - -- name: limit allowed users - lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^AllowUsers" - line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" - notify: restart ssh - -- name: install ssh keys for root - authorized_key: - user: root - key: "{{ sshserver_root_keys }}" - exclusive: yes - -- name: delete root password - user: - name: root - password: "!" diff --git a/roles/sshserver/tasks/main.yml b/roles/sshserver/tasks/main.yml new file mode 100644 index 00000000..6d6cc59c --- /dev/null +++ b/roles/sshserver/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: install ssh-server + apt: + name: openssh-server + state: present + +- name: hardening ssh-server config + lineinfile: + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + dest: /etc/ssh/sshd_config + mode: 0644 + with_items: + - { regexp: "^#?\\s*IgnoreRhosts", line: "IgnoreRhosts yes" } + - { regexp: "^#?\\s*PermitRootLogin", line: "PermitRootLogin without-password" } + - { regexp: "^#?\\s*PubkeyAuthentication", line: "PubkeyAuthentication yes" } + - { regexp: "^#?\\s*HostbasedAuthentication", line: "HostbasedAuthentication no" } + - { regexp: "^#?\\s*PermitEmptyPasswords", line: "PermitEmptyPasswords no" } + - { regexp: "^#?\\s*UseDNS", line: "UseDNS no" } + notify: restart ssh + +- name: limit allowed users + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^AllowUsers" + line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" + notify: restart ssh + +- name: install ssh keys for root + authorized_key: + user: root + key: "{{ sshserver_root_keys }}" + exclusive: yes + +- name: delete root password + user: + name: root + password: "!" diff --git a/roles/ubuntu-ws/defaults/main.yaml b/roles/ubuntu-ws/defaults/main.yaml deleted file mode 100644 index a4f8e2a2..00000000 --- a/roles/ubuntu-ws/defaults/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -ubuntu_ws_root_fs_size: 20G -ubuntu_ws_home_fs_size: 50G diff --git a/roles/ubuntu-ws/defaults/main.yml b/roles/ubuntu-ws/defaults/main.yml new file mode 100644 index 00000000..a4f8e2a2 --- /dev/null +++ b/roles/ubuntu-ws/defaults/main.yml @@ -0,0 +1,3 @@ +--- +ubuntu_ws_root_fs_size: 20G +ubuntu_ws_home_fs_size: 50G diff --git a/roles/ubuntu-ws/tasks/fs.yaml b/roles/ubuntu-ws/tasks/fs.yaml deleted file mode 100644 index 07358b99..00000000 --- a/roles/ubuntu-ws/tasks/fs.yaml +++ /dev/null @@ -1,99 +0,0 @@ ---- -- name: resize root logical volume - lvol: - vg: "{{ inventory_hostname }}" - lv: root - size: "{{ ubuntu_ws_root_fs_size }}" - -- name: create/resize root filesystem - filesystem: - fstype: ext4 - dev: "/dev/mapper/{{ inventory_hostname | replace('-', '--') }}-root" - resizefs: yes - -- name: create/resize home logical volume - lvol: - vg: "{{ inventory_hostname }}" - lv: home - size: "{{ ubuntu_ws_home_fs_size }}" - -- name: create/resize home filesystem - filesystem: - fstype: ext4 - dev: "/dev/mapper/{{ inventory_hostname | replace('-', '--') }}-home" - resizefs: yes - -- name: check if home is already mounted - command: "mountpoint -q /home" - register: home_mounted - check_mode: False - failed_when: False - changed_when: False - -- name: check if there are files in /home - find: - paths: /home - file_type: any - register: home_files - -- name: move existing files to new filesystem - when: home_mounted.rc == 1 and home_files.matched != 0 - block: - - name: create temporary mountpoint (1/2) - tempfile: - state: directory - suffix: mnt-home - register: mnt_home_temp - - - name: create temporary mountpoint (1/2) - file: - state: directory - path: "{{ mnt_home_temp.path }}/mnt" - - - name: temporarly mount new home filesystem - mount: - path: "{{ mnt_home_temp.path }}/mnt" - src: "/dev/mapper/{{ inventory_hostname | replace('-', '--') }}-home" - state: mounted - fstype: ext4 - fstab: "{{ mnt_home_temp.path }}/fstab" - - - name: check if target fs is empty - find: - paths: "{{ mnt_home_temp.path }}/mnt" - file_type: any - register: home_files_target - failed_when: home_files_target.matched > 1 or (home_files_target.matched == 1 and home_files_target.files[0].path != mnt_home_temp.path + "/mnt/lost+found") - - - name: copy all files from old /home to new filesystem - command: "find -maxdepth 1 -exec cp -a {} {{ mnt_home_temp.path }}/mnt/ \\;" - args: - chdir: /home - - - name: remove all files from old /home - file: - path: /home - state: absent - - - name: recreate /home mountpoint - file: - path: /home - state: directory - - - name: umount temporarly mounted home filesystem - mount: - path: "{{ mnt_home_temp.path }}/mnt" - state: unmounted - - - name: remove temporary mountpoint - file: - state: absent - path: "{{ mnt_home_temp.path }}" - -- name: mount home filesystem - mount: - path: /home - src: "/dev/mapper/{{ inventory_hostname | replace('-', '--') }}-home" - state: mounted - fstype: ext4 - opts: nodev diff --git a/roles/ubuntu-ws/tasks/fs.yml b/roles/ubuntu-ws/tasks/fs.yml new file mode 100644 index 00000000..07358b99 --- /dev/null +++ b/roles/ubuntu-ws/tasks/fs.yml @@ -0,0 +1,99 @@ +--- +- name: resize root logical volume + lvol: + vg: "{{ inventory_hostname }}" + lv: root + size: "{{ ubuntu_ws_root_fs_size }}" + +- name: create/resize root filesystem + filesystem: + fstype: ext4 + dev: "/dev/mapper/{{ inventory_hostname | replace('-', '--') }}-root" + resizefs: yes + +- name: create/resize home logical volume + lvol: + vg: "{{ inventory_hostname }}" + lv: home + size: "{{ ubuntu_ws_home_fs_size }}" + +- name: create/resize home filesystem + filesystem: + fstype: ext4 + dev: "/dev/mapper/{{ inventory_hostname | replace('-', '--') }}-home" + resizefs: yes + +- name: check if home is already mounted + command: "mountpoint -q /home" + register: home_mounted + check_mode: False + failed_when: False + changed_when: False + +- name: check if there are files in /home + find: + paths: /home + file_type: any + register: home_files + +- name: move existing files to new filesystem + when: home_mounted.rc == 1 and home_files.matched != 0 + block: + - name: create temporary mountpoint (1/2) + tempfile: + state: directory + suffix: mnt-home + register: mnt_home_temp + + - name: create temporary mountpoint (1/2) + file: + state: directory + path: "{{ mnt_home_temp.path }}/mnt" + + - name: temporarly mount new home filesystem + mount: + path: "{{ mnt_home_temp.path }}/mnt" + src: "/dev/mapper/{{ inventory_hostname | replace('-', '--') }}-home" + state: mounted + fstype: ext4 + fstab: "{{ mnt_home_temp.path }}/fstab" + + - name: check if target fs is empty + find: + paths: "{{ mnt_home_temp.path }}/mnt" + file_type: any + register: home_files_target + failed_when: home_files_target.matched > 1 or (home_files_target.matched == 1 and home_files_target.files[0].path != mnt_home_temp.path + "/mnt/lost+found") + + - name: copy all files from old /home to new filesystem + command: "find -maxdepth 1 -exec cp -a {} {{ mnt_home_temp.path }}/mnt/ \\;" + args: + chdir: /home + + - name: remove all files from old /home + file: + path: /home + state: absent + + - name: recreate /home mountpoint + file: + path: /home + state: directory + + - name: umount temporarly mounted home filesystem + mount: + path: "{{ mnt_home_temp.path }}/mnt" + state: unmounted + + - name: remove temporary mountpoint + file: + state: absent + path: "{{ mnt_home_temp.path }}" + +- name: mount home filesystem + mount: + path: /home + src: "/dev/mapper/{{ inventory_hostname | replace('-', '--') }}-home" + state: mounted + fstype: ext4 + opts: nodev diff --git a/roles/ubuntu-ws/tasks/main.yaml b/roles/ubuntu-ws/tasks/main.yaml deleted file mode 100644 index 386da07d..00000000 --- a/roles/ubuntu-ws/tasks/main.yaml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- import_tasks: fs.yaml - -- name: prohibited packages - template: - src: prohibited-package.j2 - dest: "/etc/apt/preferences.d/{{ item }}.disabled" - with_items: - - flashplugin-installer - -- name: install xubuntu-core task - command: "apt-get -y -q install xubuntu-core^" - args: - warn: no - -- name: base packages - apt: - name: "{{ item }}" - state: present - with_items: - - file - - pwgen - - p7zip-rar - - exfat-fuse - - exfat-utils - - ntfs-3g - - gnupg-curl - - pass - - evince - - geeqie - - file-roller - - cifs-utils - -- name: install browser - apt: - name: "{{ item }}" - state: present - with_items: - - firefox - - chromium-browser - -- name: install multimedia stuff - apt: - name: "{{ item }}" - state: present - with_items: - - vlc - - mpv - - ffmpeg - - pavumeter - - lame - - gstreamer1.0-pulseaudio - -- name: install restricted stuff - apt: - name: "{{ item }}" - state: present - with_items: - - ubuntu-restricted-extras - - intel-microcode - -- name: remove superflous packages - apt: - name: "{{ item }}" - state: absent - autoremove: yes - purge: yes - with_items: - - gnome-software - - gnome-software-common - - software-properties-gtk - - software-properties-common - - python3-software-properties - - flashplugin-installer - -- name: install extra packages - apt: - name: "{{ item }}" - state: present - with_items: "{{ ubuntu_ws_extra_packages|default([]) }}" diff --git a/roles/ubuntu-ws/tasks/main.yml b/roles/ubuntu-ws/tasks/main.yml new file mode 100644 index 00000000..7dd682c1 --- /dev/null +++ b/roles/ubuntu-ws/tasks/main.yml @@ -0,0 +1,80 @@ +--- +- import_tasks: fs.yml + +- name: prohibited packages + template: + src: prohibited-package.j2 + dest: "/etc/apt/preferences.d/{{ item }}.disabled" + with_items: + - flashplugin-installer + +- name: install xubuntu-core task + command: "apt-get -y -q install xubuntu-core^" + args: + warn: no + +- name: base packages + apt: + name: "{{ item }}" + state: present + with_items: + - file + - pwgen + - p7zip-rar + - exfat-fuse + - exfat-utils + - ntfs-3g + - gnupg-curl + - pass + - evince + - geeqie + - file-roller + - cifs-utils + +- name: install browser + apt: + name: "{{ item }}" + state: present + with_items: + - firefox + - chromium-browser + +- name: install multimedia stuff + apt: + name: "{{ item }}" + state: present + with_items: + - vlc + - mpv + - ffmpeg + - pavumeter + - lame + - gstreamer1.0-pulseaudio + +- name: install restricted stuff + apt: + name: "{{ item }}" + state: present + with_items: + - ubuntu-restricted-extras + - intel-microcode + +- name: remove superflous packages + apt: + name: "{{ item }}" + state: absent + autoremove: yes + purge: yes + with_items: + - gnome-software + - gnome-software-common + - software-properties-gtk + - software-properties-common + - python3-software-properties + - flashplugin-installer + +- name: install extra packages + apt: + name: "{{ item }}" + state: present + with_items: "{{ ubuntu_ws_extra_packages|default([]) }}" diff --git a/roles/upgrade/tasks/main.yaml b/roles/upgrade/tasks/main.yaml deleted file mode 100644 index df7360de..00000000 --- a/roles/upgrade/tasks/main.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Update packages list - apt: - update_cache: yes - -- name: List packages to upgrade (1/2) - command: aptitude -q -F%p --disable-columns search '~U !~ahold' - check_mode: no - register: updates - changed_when: False - failed_when: updates.rc != 0 and updates.rc != 1 - -- name: List packages to upgrade (2/2) - debug: - msg: "{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})" - when: updates.stdout_lines - -- name: Upgrade packages - apt: - upgrade: safe - -- name: List services to restart (1/2) - shell: checkrestart | grep ^service | awk '{print $2}' - check_mode: no - register: services - changed_when: False - -- name: List services to restart (2/2) - debug: - msg: "{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (', ') }})" - when: services.stdout_lines - -- name: clean apt-cache and remove stale packages - apt: - autoclean: yes - autoremove: yes diff --git a/roles/upgrade/tasks/main.yml b/roles/upgrade/tasks/main.yml new file mode 100644 index 00000000..df7360de --- /dev/null +++ b/roles/upgrade/tasks/main.yml @@ -0,0 +1,36 @@ +--- +- name: Update packages list + apt: + update_cache: yes + +- name: List packages to upgrade (1/2) + command: aptitude -q -F%p --disable-columns search '~U !~ahold' + check_mode: no + register: updates + changed_when: False + failed_when: updates.rc != 0 and updates.rc != 1 + +- name: List packages to upgrade (2/2) + debug: + msg: "{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})" + when: updates.stdout_lines + +- name: Upgrade packages + apt: + upgrade: safe + +- name: List services to restart (1/2) + shell: checkrestart | grep ^service | awk '{print $2}' + check_mode: no + register: services + changed_when: False + +- name: List services to restart (2/2) + debug: + msg: "{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (', ') }})" + when: services.stdout_lines + +- name: clean apt-cache and remove stale packages + apt: + autoclean: yes + autoremove: yes diff --git a/roles/vm-grub/handlers/main.yaml b/roles/vm-grub/handlers/main.yaml deleted file mode 100644 index 4bddbb14..00000000 --- a/roles/vm-grub/handlers/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: update grub - command: /usr/sbin/update-grub diff --git a/roles/vm-grub/handlers/main.yml b/roles/vm-grub/handlers/main.yml new file mode 100644 index 00000000..4bddbb14 --- /dev/null +++ b/roles/vm-grub/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: update grub + command: /usr/sbin/update-grub diff --git a/roles/vm-grub/tasks/main.yaml b/roles/vm-grub/tasks/main.yaml deleted file mode 100644 index bd48a470..00000000 --- a/roles/vm-grub/tasks/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: enable serial console in grub and for kernel - lineinfile: - dest: /etc/default/grub - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^GRUB_TIMEOUT=', line: 'GRUB_TIMEOUT=2' } - - { regexp: '^GRUB_CMDLINE_LINUX=', line: 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' } - - { regexp: '^GRUB_TERMINAL=', line: 'GRUB_TERMINAL=serial' } - - { regexp: '^GRUB_SERIAL_COMMAND=', line: 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' } - notify: update grub diff --git a/roles/vm-grub/tasks/main.yml b/roles/vm-grub/tasks/main.yml new file mode 100644 index 00000000..bd48a470 --- /dev/null +++ b/roles/vm-grub/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: enable serial console in grub and for kernel + lineinfile: + dest: /etc/default/grub + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^GRUB_TIMEOUT=', line: 'GRUB_TIMEOUT=2' } + - { regexp: '^GRUB_CMDLINE_LINUX=', line: 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' } + - { regexp: '^GRUB_TERMINAL=', line: 'GRUB_TERMINAL=serial' } + - { regexp: '^GRUB_SERIAL_COMMAND=', line: 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' } + notify: update grub diff --git a/roles/vm-host/defaults/main.yaml b/roles/vm-host/defaults/main.yaml deleted file mode 100644 index 0e3cddf1..00000000 --- a/roles/vm-host/defaults/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -vm_host_force_download_installer: False -vm_host_installer_url: - # debian: "{{ debian_mirror.packages | default('http://deb.debian.org/debian') }}" - # ubuntu: "{{ ubuntu_mirror | default('http://archive.ubuntu.com/ubuntu') }}" - debian: "http://deb.debian.org/debian" - ubuntu: "http://archive.ubuntu.com/ubuntu" diff --git a/roles/vm-host/defaults/main.yml b/roles/vm-host/defaults/main.yml new file mode 100644 index 00000000..0e3cddf1 --- /dev/null +++ b/roles/vm-host/defaults/main.yml @@ -0,0 +1,7 @@ +--- +vm_host_force_download_installer: False +vm_host_installer_url: + # debian: "{{ debian_mirror.packages | default('http://deb.debian.org/debian') }}" + # ubuntu: "{{ ubuntu_mirror | default('http://archive.ubuntu.com/ubuntu') }}" + debian: "http://deb.debian.org/debian" + ubuntu: "http://archive.ubuntu.com/ubuntu" diff --git a/roles/vm-host/handlers/main.yaml b/roles/vm-host/handlers/main.yaml deleted file mode 100644 index 158f4dcd..00000000 --- a/roles/vm-host/handlers/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart inetd - service: - name: openbsd-inetd - state: restarted diff --git a/roles/vm-host/handlers/main.yml b/roles/vm-host/handlers/main.yml new file mode 100644 index 00000000..158f4dcd --- /dev/null +++ b/roles/vm-host/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart inetd + service: + name: openbsd-inetd + state: restarted diff --git a/roles/vm-host/tasks/main.yaml b/roles/vm-host/tasks/main.yaml deleted file mode 100644 index a5e98fa9..00000000 --- a/roles/vm-host/tasks/main.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: install tftpd and python-libvirt - with_items: - - atftpd - - openbsd-inetd - - qemu-kvm - - libvirt-bin - - python-libvirt - apt: - name: "{{ item }}" - state: present - -- name: configure tftpd via inetd - lineinfile: - regexp: "^#?({{ vm_host.network.ip }}:)?tftp" - line: "{{ vm_host.network.ip }}:tftp dgram udp4 wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd --tftpd-timeout 300 --retry-timeout 5 --maxthread 10 --verbose=5 {{ vm_host.installer.preseed_path }}" - path: /etc/inetd.conf - notify: restart inetd - -- name: make sure installer directories exists - with_items: - - "{{ vm_host.installer.path }}" - - "{{ vm_host.installer.preseed_path }}" - file: - name: "{{ item }}" - state: directory - -- name: prepare directories for installer images - with_subelements: - - "{{ vm_host.installer.distros }}" - - arch - file: - name: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}" - state: directory - -- name: download installer kernel images - with_subelements: - - "{{ vm_host.installer.distros }}" - - arch - get_url: - url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux" - dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux" - mode: 0644 - force: "{{ vm_host_force_download_installer }}" - -- name: download installer initrd.gz - with_subelements: - - "{{ vm_host.installer.distros }}" - - arch - get_url: - url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz" - dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz" - mode: 0644 - force: "{{ vm_host_force_download_installer }}" diff --git a/roles/vm-host/tasks/main.yml b/roles/vm-host/tasks/main.yml new file mode 100644 index 00000000..a5e98fa9 --- /dev/null +++ b/roles/vm-host/tasks/main.yml @@ -0,0 +1,54 @@ +--- +- name: install tftpd and python-libvirt + with_items: + - atftpd + - openbsd-inetd + - qemu-kvm + - libvirt-bin + - python-libvirt + apt: + name: "{{ item }}" + state: present + +- name: configure tftpd via inetd + lineinfile: + regexp: "^#?({{ vm_host.network.ip }}:)?tftp" + line: "{{ vm_host.network.ip }}:tftp dgram udp4 wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd --tftpd-timeout 300 --retry-timeout 5 --maxthread 10 --verbose=5 {{ vm_host.installer.preseed_path }}" + path: /etc/inetd.conf + notify: restart inetd + +- name: make sure installer directories exists + with_items: + - "{{ vm_host.installer.path }}" + - "{{ vm_host.installer.preseed_path }}" + file: + name: "{{ item }}" + state: directory + +- name: prepare directories for installer images + with_subelements: + - "{{ vm_host.installer.distros }}" + - arch + file: + name: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}" + state: directory + +- name: download installer kernel images + with_subelements: + - "{{ vm_host.installer.distros }}" + - arch + get_url: + url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux" + dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux" + mode: 0644 + force: "{{ vm_host_force_download_installer }}" + +- name: download installer initrd.gz + with_subelements: + - "{{ vm_host.installer.distros }}" + - arch + get_url: + url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz" + dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz" + mode: 0644 + force: "{{ vm_host_force_download_installer }}" diff --git a/roles/vm-install/tasks/main.yaml b/roles/vm-install/tasks/main.yaml deleted file mode 100644 index 22a6a351..00000000 --- a/roles/vm-install/tasks/main.yaml +++ /dev/null @@ -1,123 +0,0 @@ ---- -- name: generate preseed file - template: - src: "preseed_{{ vmdistro }}-{{ vmdistcodename }}.cfg.j2" - dest: "{{ hostvars[vm_install.host].vm_host.installer.preseed_path }}/vm-{{ inventory_hostname }}-{{ vmdistro }}-{{ vmdistcodename }}.cfg" - delegate_to: "{{ vm_install.host }}" - -- name: create disks for vm - with_dict: "{{ vm_install.disks.virtio | default({}) | combine(vm_install.disks.scsi | default({})) }}" - lvol: - vg: "{{ item.value.vg }}" - lv: "{{ item.value.lv }}" - size: "{{ item.value.size }}" - delegate_to: "{{ vm_install.host }}" - -- name: check if vm already exists - virt: - name: "{{ inventory_hostname }}" - command: info - delegate_to: "{{ vm_install.host }}" - register: vmhost_info - -- name: destroy exisiting vm - virt: - name: "{{ inventory_hostname }}" - state: destroyed - delegate_to: "{{ vm_install.host }}" - when: inventory_hostname in vmhost_info - -- name: wait for vm to be destroyed - wait_for_virt: - name: "{{ inventory_hostname }}" - states: shutdown,crashed - timeout: 5 - delegate_to: "{{ vm_install.host }}" - when: inventory_hostname in vmhost_info - -- name: undefining exisiting vm - virt: - name: "{{ inventory_hostname }}" - command: undefine - delegate_to: "{{ vm_install.host }}" - when: inventory_hostname in vmhost_info - -- name: enable installer in VM config - set_fact: - run_installer: True - -- name: define new installer vm - virt: - name: "{{ inventory_hostname }}" - command: define - xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" - delegate_to: "{{ vm_install.host }}" - -- name: start vm - virt: - name: "{{ inventory_hostname }}" - state: running - delegate_to: "{{ vm_install.host }}" - -- name: wait for installer to start - wait_for_virt: - name: "{{ inventory_hostname }}" - states: running - timeout: 10 - delegate_to: "{{ vm_install.host }}" - -- debug: - msg: "you can check on the status of the installer running this command 'virsh console {{ inventory_hostname }}' on host {{ vm_install.host }}." - -- name: wait for installer to finish or crash - wait_for_virt: - name: "{{ inventory_hostname }}" - states: shutdown,crashed - timeout: 900 - delegate_to: "{{ vm_install.host }}" - register: installer_result - failed_when: installer_result.failed or installer_result.state == "crashed" - -- name: undefining installer vm - virt: - name: "{{ inventory_hostname }}" - command: undefine - delegate_to: "{{ vm_install.host }}" - -- name: disable installer in VM config - set_fact: - run_installer: False - -- name: define new production vm - virt: - name: "{{ inventory_hostname }}" - command: define - xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" - delegate_to: "{{ vm_install.host }}" - -- name: start vm - virt: - name: "{{ inventory_hostname }}" - state: running - delegate_to: "{{ vm_install.host }}" - -- name: mark vm as autostarted - virt: - name: "{{ inventory_hostname }}" - autostart: "{{ vm_install.autostart }}" - command: info ## virt module needs either command or state - delegate_to: "{{ vm_install.host }}" - when: vm_install.autostart is defined - -- name: disable ssh StrictHostKeyChecking for the next step - set_fact: - ansible_ssh_extra_args: -o StrictHostKeyChecking=no - -- name: wait for vm to start up - wait_for_connection: - delay: 5 - timeout: 120 - -- name: reenable StrictHostKeyChecking - set_fact: - ansible_ssh_extra_args: "" diff --git a/roles/vm-install/tasks/main.yml b/roles/vm-install/tasks/main.yml new file mode 100644 index 00000000..22a6a351 --- /dev/null +++ b/roles/vm-install/tasks/main.yml @@ -0,0 +1,123 @@ +--- +- name: generate preseed file + template: + src: "preseed_{{ vmdistro }}-{{ vmdistcodename }}.cfg.j2" + dest: "{{ hostvars[vm_install.host].vm_host.installer.preseed_path }}/vm-{{ inventory_hostname }}-{{ vmdistro }}-{{ vmdistcodename }}.cfg" + delegate_to: "{{ vm_install.host }}" + +- name: create disks for vm + with_dict: "{{ vm_install.disks.virtio | default({}) | combine(vm_install.disks.scsi | default({})) }}" + lvol: + vg: "{{ item.value.vg }}" + lv: "{{ item.value.lv }}" + size: "{{ item.value.size }}" + delegate_to: "{{ vm_install.host }}" + +- name: check if vm already exists + virt: + name: "{{ inventory_hostname }}" + command: info + delegate_to: "{{ vm_install.host }}" + register: vmhost_info + +- name: destroy exisiting vm + virt: + name: "{{ inventory_hostname }}" + state: destroyed + delegate_to: "{{ vm_install.host }}" + when: inventory_hostname in vmhost_info + +- name: wait for vm to be destroyed + wait_for_virt: + name: "{{ inventory_hostname }}" + states: shutdown,crashed + timeout: 5 + delegate_to: "{{ vm_install.host }}" + when: inventory_hostname in vmhost_info + +- name: undefining exisiting vm + virt: + name: "{{ inventory_hostname }}" + command: undefine + delegate_to: "{{ vm_install.host }}" + when: inventory_hostname in vmhost_info + +- name: enable installer in VM config + set_fact: + run_installer: True + +- name: define new installer vm + virt: + name: "{{ inventory_hostname }}" + command: define + xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" + delegate_to: "{{ vm_install.host }}" + +- name: start vm + virt: + name: "{{ inventory_hostname }}" + state: running + delegate_to: "{{ vm_install.host }}" + +- name: wait for installer to start + wait_for_virt: + name: "{{ inventory_hostname }}" + states: running + timeout: 10 + delegate_to: "{{ vm_install.host }}" + +- debug: + msg: "you can check on the status of the installer running this command 'virsh console {{ inventory_hostname }}' on host {{ vm_install.host }}." + +- name: wait for installer to finish or crash + wait_for_virt: + name: "{{ inventory_hostname }}" + states: shutdown,crashed + timeout: 900 + delegate_to: "{{ vm_install.host }}" + register: installer_result + failed_when: installer_result.failed or installer_result.state == "crashed" + +- name: undefining installer vm + virt: + name: "{{ inventory_hostname }}" + command: undefine + delegate_to: "{{ vm_install.host }}" + +- name: disable installer in VM config + set_fact: + run_installer: False + +- name: define new production vm + virt: + name: "{{ inventory_hostname }}" + command: define + xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" + delegate_to: "{{ vm_install.host }}" + +- name: start vm + virt: + name: "{{ inventory_hostname }}" + state: running + delegate_to: "{{ vm_install.host }}" + +- name: mark vm as autostarted + virt: + name: "{{ inventory_hostname }}" + autostart: "{{ vm_install.autostart }}" + command: info ## virt module needs either command or state + delegate_to: "{{ vm_install.host }}" + when: vm_install.autostart is defined + +- name: disable ssh StrictHostKeyChecking for the next step + set_fact: + ansible_ssh_extra_args: -o StrictHostKeyChecking=no + +- name: wait for vm to start up + wait_for_connection: + delay: 5 + timeout: 120 + +- name: reenable StrictHostKeyChecking + set_fact: + ansible_ssh_extra_args: "" diff --git a/roles/vm-network/handlers/main.yaml b/roles/vm-network/handlers/main.yaml deleted file mode 100644 index f967fa86..00000000 --- a/roles/vm-network/handlers/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: rebuild initramfs - command: update-initramfs -u diff --git a/roles/vm-network/handlers/main.yml b/roles/vm-network/handlers/main.yml new file mode 100644 index 00000000..f967fa86 --- /dev/null +++ b/roles/vm-network/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: rebuild initramfs + command: update-initramfs -u diff --git a/roles/vm-network/tasks/lan.yaml b/roles/vm-network/tasks/lan.yaml deleted file mode 100644 index ec436e9b..00000000 --- a/roles/vm-network/tasks/lan.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: install interface config (LAN only) - template: - src: interfaces_lan.j2 - dest: /etc/network/interfaces - mode: 0644 diff --git a/roles/vm-network/tasks/lan.yml b/roles/vm-network/tasks/lan.yml new file mode 100644 index 00000000..ec436e9b --- /dev/null +++ b/roles/vm-network/tasks/lan.yml @@ -0,0 +1,6 @@ +--- +- name: install interface config (LAN only) + template: + src: interfaces_lan.j2 + dest: /etc/network/interfaces + mode: 0644 diff --git a/roles/vm-network/tasks/main.yaml b/roles/vm-network/tasks/main.yaml deleted file mode 100644 index 1052f134..00000000 --- a/roles/vm-network/tasks/main.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- import_tasks: systemd-link.yaml - when: srv_network.systemd_link is defined - -- import_tasks: public.yaml - when: srv_network.public is defined - -- import_tasks: lan.yaml - when: srv_network.public is not defined diff --git a/roles/vm-network/tasks/main.yml b/roles/vm-network/tasks/main.yml new file mode 100644 index 00000000..222a350b --- /dev/null +++ b/roles/vm-network/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- import_tasks: systemd-link.yml + when: srv_network.systemd_link is defined + +- import_tasks: public.yml + when: srv_network.public is defined + +- import_tasks: lan.yml + when: srv_network.public is not defined diff --git a/roles/vm-network/tasks/public.yaml b/roles/vm-network/tasks/public.yaml deleted file mode 100644 index 8b0e317a..00000000 --- a/roles/vm-network/tasks/public.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: set routing table names - with_items: - - { regexp: '^89\s', line: '89 mur-default' } - - { regexp: '^212\s', line: '212 upc-default' } - lineinfile: - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - dest: /etc/iproute2/rt_tables - -- name: calculate address lists - set_fact: - srv_network_public_firewall_ipv4: - - "{{ srv_network.public.ip_mur }}" - - "{{ srv_network.public.ip_upc }}" - srv_network_public_firewall_ipv6: - - "{{ srv_network.public.ip_mur6 }}" - -- name: install firewall scripts - with_items: - - 4 - - 6 - template: - src: firewall.sh_public.j2 - dest: "/etc/network/firewall{{ item }}.sh" - mode: 0755 - when: srv_network.public.firewall is defined - -- name: install interface config (Public) - template: - src: interfaces_public.j2 - dest: /etc/network/interfaces - mode: 0644 diff --git a/roles/vm-network/tasks/public.yml b/roles/vm-network/tasks/public.yml new file mode 100644 index 00000000..8b0e317a --- /dev/null +++ b/roles/vm-network/tasks/public.yml @@ -0,0 +1,33 @@ +--- +- name: set routing table names + with_items: + - { regexp: '^89\s', line: '89 mur-default' } + - { regexp: '^212\s', line: '212 upc-default' } + lineinfile: + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + dest: /etc/iproute2/rt_tables + +- name: calculate address lists + set_fact: + srv_network_public_firewall_ipv4: + - "{{ srv_network.public.ip_mur }}" + - "{{ srv_network.public.ip_upc }}" + srv_network_public_firewall_ipv6: + - "{{ srv_network.public.ip_mur6 }}" + +- name: install firewall scripts + with_items: + - 4 + - 6 + template: + src: firewall.sh_public.j2 + dest: "/etc/network/firewall{{ item }}.sh" + mode: 0755 + when: srv_network.public.firewall is defined + +- name: install interface config (Public) + template: + src: interfaces_public.j2 + dest: /etc/network/interfaces + mode: 0644 diff --git a/roles/vm-network/tasks/systemd-link.yaml b/roles/vm-network/tasks/systemd-link.yaml deleted file mode 100644 index ad12cd37..00000000 --- a/roles/vm-network/tasks/systemd-link.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: remove legacy systemd.link units - file: - name: "/etc/systemd/network/{{ item }}" - state: absent - with_items: - - 50-virtio-kernel-names.link - - 99-default.link - -- name: install systemd network link units - template: - src: systemd.link.j2 - dest: "/etc/systemd/network/{{ '%02d' | format(item.idx + 10) }}-{{ item.name }}.link" - with_items: "{{ srv_network.systemd_link.interfaces }}" - notify: rebuild initramfs diff --git a/roles/vm-network/tasks/systemd-link.yml b/roles/vm-network/tasks/systemd-link.yml new file mode 100644 index 00000000..ad12cd37 --- /dev/null +++ b/roles/vm-network/tasks/systemd-link.yml @@ -0,0 +1,15 @@ +--- +- name: remove legacy systemd.link units + file: + name: "/etc/systemd/network/{{ item }}" + state: absent + with_items: + - 50-virtio-kernel-names.link + - 99-default.link + +- name: install systemd network link units + template: + src: systemd.link.j2 + dest: "/etc/systemd/network/{{ '%02d' | format(item.idx + 10) }}-{{ item.name }}.link" + with_items: "{{ srv_network.systemd_link.interfaces }}" + notify: rebuild initramfs diff --git a/roles/zsh/tasks/main.yaml b/roles/zsh/tasks/main.yaml deleted file mode 100644 index 12eac8c4..00000000 --- a/roles/zsh/tasks/main.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: install zsh packages - apt: - name: "{{ item }}" - state: present - with_items: - - zsh - -- name: install zsh-config - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: "zshrc", dest: "/etc/zsh/zshrc" } - - { src: "zshrc.skel", dest: "/etc/skel/.zshrc" } - -- name: set zsh as default shell - user: - name: "{{ item }}" - shell: /bin/zsh - with_items: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" - -- name: make zsh the default shell for useradd - lineinfile: - regexp: '^#?SHELL=' - line: 'SHELL=/bin/zsh' - path: /etc/default/useradd - -- name: make zsh the default shell for adduser - lineinfile: - regexp: '^#?DSHELL=' - line: 'DSHELL=/bin/zsh' - path: /etc/adduser.conf diff --git a/roles/zsh/tasks/main.yml b/roles/zsh/tasks/main.yml new file mode 100644 index 00000000..12eac8c4 --- /dev/null +++ b/roles/zsh/tasks/main.yml @@ -0,0 +1,33 @@ +--- +- name: install zsh packages + apt: + name: "{{ item }}" + state: present + with_items: + - zsh + +- name: install zsh-config + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "zshrc", dest: "/etc/zsh/zshrc" } + - { src: "zshrc.skel", dest: "/etc/skel/.zshrc" } + +- name: set zsh as default shell + user: + name: "{{ item }}" + shell: /bin/zsh + with_items: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" + +- name: make zsh the default shell for useradd + lineinfile: + regexp: '^#?SHELL=' + line: 'SHELL=/bin/zsh' + path: /etc/default/useradd + +- name: make zsh the default shell for adduser + lineinfile: + regexp: '^#?DSHELL=' + line: 'DSHELL=/bin/zsh' + path: /etc/adduser.conf diff --git a/vm-install.sh b/vm-install.sh index 199963fd..bccb076b 100755 --- a/vm-install.sh +++ b/vm-install.sh @@ -13,4 +13,4 @@ echo "########## clearing old ssh host keys #########" echo "" echo "######## running the install playbook ########" -exec ansible-playbook -e "vmname=$1" -e "vmdistro=$2" -e "vmdistcodename=$3" vminstall.yaml +exec ansible-playbook -e "vmname=$1" -e "vmdistro=$2" -e "vmdistcodename=$3" vminstall.yml diff --git a/vminstall.yaml b/vminstall.yaml deleted file mode 100644 index 43fcf81b..00000000 --- a/vminstall.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Basic Installation - hosts: "{{ vmname }}" - gather_facts: no - pre_tasks: - - name: Gather facts of vm host - setup: - delegate_to: "{{ vm_install.host }}" - delegate_facts: yes - roles: - - role: vm-install - -- import_playbook: "host_playbooks/{{ vmname }}.yaml" - -- name: Reboot and wait for VM come back - hosts: "{{ vmname }}" - gather_facts: no - roles: - - role: reboot-and-wait - reboot_delay: 10 - reboot_timeout: 120 diff --git a/vminstall.yml b/vminstall.yml new file mode 100644 index 00000000..e82aa33c --- /dev/null +++ b/vminstall.yml @@ -0,0 +1,21 @@ +--- +- name: Basic Installation + hosts: "{{ vmname }}" + gather_facts: no + pre_tasks: + - name: Gather facts of vm host + setup: + delegate_to: "{{ vm_install.host }}" + delegate_facts: yes + roles: + - role: vm-install + +- import_playbook: "host_playbooks/{{ vmname }}.yml" + +- name: Reboot and wait for VM come back + hosts: "{{ vmname }}" + gather_facts: no + roles: + - role: reboot-and-wait + reboot_delay: 10 + reboot_timeout: 120 -- cgit v1.2.3