diff --git a/playbooks/adm.yml b/playbooks/adm.yml
index 9e83119..021d71a 100644
--- a/playbooks/adm.yml
+++ b/playbooks/adm.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=adm"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=adm
-- name: configure instance
+- name: Configure instance
hosts: adm
user: root
gather_facts: true
@@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@@ -34,8 +36,8 @@
- web_build
tasks:
- - name: install packages
- package:
+ - name: Install packages
+ ansible.builtin.package:
name: "{{ item }}"
state: installed
with_items:
@@ -53,8 +55,8 @@
- wget # still in backbone for downloads
- whois # read whois data
- yamllint # yaml linting
- - name: disable ip host key checking from ssh
- copy:
+ - name: Disable IP host key checking from SSH
+ ansible.builtin.copy:
content: |
Host *.home.foo.sh
CheckHostIP no
diff --git a/playbooks/backup.yml b/playbooks/backup.yml
index 668642b..b6d667d 100644
--- a/playbooks/backup.yml
+++ b/playbooks/backup.yml
@@ -1,14 +1,16 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=backup"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=backup
-- name: configure instance
+- name: Configure instance
hosts: backup
user: root
gather_facts: true
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: /dev/sd1a
fstype: ffs
diff --git a/playbooks/collab.yml b/playbooks/collab.yml
index 13f53c3..33cf2be 100644
--- a/playbooks/collab.yml
+++ b/playbooks/collab.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=collab"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=collab
-- name: configure instance
+- name: Configure instance
hosts: collab
user: root
gather_facts: true
@@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@@ -31,8 +33,8 @@
- ldap
tasks:
- - name: redirect root web directory to collab
- copy:
+ - name: Redirect root web directory to collab
+ ansible.builtin.copy:
content: "RedirectMatch permanent \"^/$\" /collab/\n"
dest: "/etc/httpd/conf.local.d/redirects.conf"
mode: 0644
@@ -40,8 +42,8 @@
group: "{{ ansible_wheel }}"
notify: Restart apache
- - name: create htaccess for collab
- copy:
+ - name: Create htaccess for collab
+ ansible.builtin.copy:
content: |
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
@@ -62,20 +64,22 @@
seuser: _default
setype: _default
- - name: auto create collab users
- lineinfile:
+ - name: Auto create collab users
+ ansible.builtin.lineinfile:
path: /srv/wikis/collab/config/collabfarm.py
regexp: '^\s+auth = .*'
line: ' auth = [GivenAuth(autocreate=True)]'
notify: Restart apache
- - name: set collab base url
- lineinfile:
+
+ - name: Set collab base url
+ ansible.builtin.lineinfile:
path: /srv/wikis/collab/config/collabfarm.py
regexp: '^\s+collab_baseurl = .*'
line: " collab_baseurl = 'https://collab.foo.sh/collab/'"
notify: Restart apache
- - name: set collab default theme
- lineinfile:
+
+ - name: Set collab default theme
+ ansible.builtin.lineinfile:
path: /srv/wikis/collab/config/collabfarm.py
regexp: '^\s+theme_default = .*'
line: " theme_default = 'foosh'"
diff --git a/playbooks/devel.yml b/playbooks/devel.yml
index 155a26e..5d4ade5 100644
--- a/playbooks/devel.yml
+++ b/playbooks/devel.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=devel01.home.foo.sh"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=devel01.home.foo.sh
-- name: configure instance
+- name: Configure instance
hosts: devel01.home.foo.sh
user: root
gather_facts: true
diff --git a/playbooks/dna-gw.yml b/playbooks/dna-gw.yml
index 9a61dd0..1988029 100644
--- a/playbooks/dna-gw.yml
+++ b/playbooks/dna-gw.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=dnagw"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=dnagw
-- name: configure instance
+- name: Configure instance
hosts: dnagw
user: root
gather_facts: true
@@ -20,21 +22,22 @@
- websockify
tasks:
- - name: use configured dns servers and domain name
- copy:
+ - name: Use configured dns servers and domain name
+ ansible.builtin.copy:
dest: /etc/dhclient.conf
content: "ignore domain-name-servers, domain-name;\n"
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- - name: disable resolvd
+
+ - name: Disable resolvd
ansible.builtin.service:
name: resolvd
state: stopped
enabled: false
- - name: enable ip forwarding
- sysctl:
+ - name: Enable ip forwarding
+ ansible.posix.sysctl:
name: "{{ item }}"
sysctl_set: true
value: "1"
@@ -42,18 +45,19 @@
- net.inet.ip.forwarding
- net.inet6.ip6.forwarding
- - name: run handlers to get interfaces configured
- meta: flush_handlers
+ - name: Run handlers to get interfaces configured
+ ansible.builtin.meta: flush_handlers
- - name: create tftp boot directories
- file:
+ - name: Create tftp boot directories
+ ansible.builtin.file:
path: /srv/tftpboot/etc
state: directory
mode: 0755
owner: root
group: "{{ ansible_wheel }}"
- - name: create tftp boot config for openbsd
- copy:
+
+ - name: Create tftp boot config for OpenBSD installs
+ ansible.builtin.copy:
dest: /srv/tftpboot/etc/boot.conf
content: |
stty com0 115200
@@ -62,24 +66,27 @@
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- - name: create tftp pxeboot loader for openbssd
- get_url:
+
+ - name: Create tftp pxeboot loader for OpenBSD installs
+ ansible.builtin.get_url:
url: "https://mirrors.foo.sh/openbsd/7.2/amd64/pxeboot"
checksum: sha1:e5f8117a9c65ab3b31f2d5464940879406caf80e
dest: /srv/tftpboot/pxeboot
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- - name: create tftp ramdisk for openbsd
- get_url:
+
+ - name: Create tftp ramdisk for OpenBSD installs
+ ansible.builtin.get_url:
url: "https://mirrors.foo.sh/openbsd/7.2/amd64/bsd.rd"
checksum: sha1:7f8eb578d65401f4076c074802f47a5c732aadb3
dest: /srv/tftpboot/bsd.rd
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- - name: create install.conf for openbsd
- get_url:
+
+ - name: Create install.conf for OpenBSD installs
+ ansible.builtin.get_url:
url: "https://boot.foo.sh/openbsd/install.conf"
checksum: sha1:f6270708dad3f759df02eefeab300d9b8670f3d4
dest: /srv/tftpboot/install.conf
@@ -87,8 +94,8 @@
owner: root
group: "{{ ansible_wheel }}"
- - name: copy custom nginx config
- copy:
+ - name: Copy custom to allow plaint http access with internal IP
+ ansible.builtin.copy:
dest: /etc/nginx/conf.d/172.20.20.1.conf
content: |
server {
@@ -108,8 +115,8 @@
group: "{{ ansible_wheel }}"
notify: Restart nginx
- - name: copy dns private key
- copy:
+ - name: Copy DNS private key
+ ansible.builtin.copy:
dest: "{{ tls_private }}/dns.home.foo.sh.key"
src: "{{ item }}"
mode: 0600
@@ -120,8 +127,9 @@
- "/srv/ca/private/{{ inventory_hostname }}.key"
tags: certificates
notify: Restart unbound
- - name: copy dns certificate and ca cert
- copy:
+
+ - name: Copy DNS certificate and ca cert
+ ansible.builtin.copy:
dest: "{{ tls_certs }}/dns.home.foo.sh.crt"
src: "{{ item }}"
mode: 0644
@@ -132,8 +140,9 @@
- "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
tags: certificates
notify: Restart unbound
- - name: copy dns zone files
- copy:
+
+ - name: Copy DNS zone files
+ ansible.builtin.copy:
dest: "/var/unbound/db/{{ item }}"
src: "/srv/dns/{{ item }}"
mode: 0644
@@ -144,5 +153,7 @@
with_items:
- 20.172.in-addr.arpa
- home.foo.sh
- - import_role:
+
+ - name: Import unbound role
+ ansible.builtin.import_role:
name: unbound
diff --git a/playbooks/fsol-gw.yml b/playbooks/fsol-gw.yml
index 0d6f089..ff1b8b8 100644
--- a/playbooks/fsol-gw.yml
+++ b/playbooks/fsol-gw.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=fsolgw"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=fsolgw
-- name: configure instance
+- name: Configure instance
hosts: fsolgw
user: root
gather_facts: true
@@ -10,14 +12,14 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: disable resolvd service
+ - name: Disable resolvd service
ansible.builtin.service:
name: resolvd
state: stopped
enabled: false
tasks:
- - name: enable ip forwarding
+ - name: Enable IP forwarding
ansible.posix.sysctl:
name: "{{ item }}"
sysctl_set: true
@@ -25,14 +27,14 @@
with_items:
- net.inet.ip.forwarding
- net.inet6.ip6.forwarding
- - name: use manual dns servers
+ - name: Manually set DNS servers
ansible.builtin.copy:
dest: /etc/dhclient.conf
content: "ignore domain-name-servers, domain-name;\n"
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- - name: create pfsync interface
+ - name: Create pfsync interface
ansible.builtin.copy:
dest: /etc/hostname.pfsync0
content: "up syncdev vio1\n"
diff --git a/playbooks/git.yml b/playbooks/git.yml
index adae88c..1d79bd5 100644
--- a/playbooks/git.yml
+++ b/playbooks/git.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=git"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=git
-- name: configure instance
+- name: Configure instance
hosts: git
user: root
gather_facts: true
@@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
diff --git a/playbooks/influxdb.yml b/playbooks/influxdb.yml
index dfaa887..8a57142 100644
--- a/playbooks/influxdb.yml
+++ b/playbooks/influxdb.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=influxdb"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=influxdb
-- name: configure instance
+- name: Configure instance
hosts: influxdb
user: root
gather_facts: true
@@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
diff --git a/playbooks/ldap.yml b/playbooks/ldap.yml
index 917cdf8..34ef720 100644
--- a/playbooks/ldap.yml
+++ b/playbooks/ldap.yml
@@ -1,14 +1,16 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=ldap"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=ldap
-- name: configure instance
+- name: Configure instance
hosts: ldap
user: root
gather_facts: true
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
diff --git a/playbooks/log.yml b/playbooks/log.yml
index f358e43..ae19a9b 100644
--- a/playbooks/log.yml
+++ b/playbooks/log.yml
@@ -1,14 +1,16 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=log"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=log
-- name: configure instance
+- name: Configure instance
hosts: log
user: root
gather_facts: true
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: /dev/sd1a
fstype: ffs
@@ -25,8 +27,8 @@
- web_logs
tasks:
- - name: install extra packages
- package:
+ - name: Install extra packages
+ ansible.builtin.package:
name: "{{ package }}"
state: installed
with_items:
diff --git a/playbooks/mail.yml b/playbooks/mail.yml
index da7bf7f..90cd489 100644
--- a/playbooks/mail.yml
+++ b/playbooks/mail.yml
@@ -1,14 +1,16 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=mail"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=mail
-- name: configure instance
+- name: Configure instance
hosts: mail
user: root
gather_facts: true
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
diff --git a/playbooks/minecraft.yml b/playbooks/minecraft.yml
index 4f4f9a5..1445946 100644
--- a/playbooks/minecraft.yml
+++ b/playbooks/minecraft.yml
@@ -1,14 +1,16 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=minecraft"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=minecraft
-- name: configure instance
+- name: Configure instance
hosts: minecraft
user: root
gather_facts: true
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
diff --git a/playbooks/mirror.yml b/playbooks/mirror.yml
index 8b196b6..0c0529f 100644
--- a/playbooks/mirror.yml
+++ b/playbooks/mirror.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=mirror"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=mirror
-- name: configure instance
+- name: Configure instance
hosts: mirror
user: root
gather_facts: true
@@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@@ -78,8 +80,8 @@
- "--delete-excluded"
tasks:
- - name: link foo.sh yum repo to web
- file:
+ - name: Link foo.sh yum repo to web
+ ansible.builtin.file:
dest: /srv/web/{{ inventory_hostname }}/foo.sh
src: /srv/mirrors/foo.sh
state: link
diff --git a/playbooks/mongodb.yml b/playbooks/mongodb.yml
index 13c0501..074bc26 100644
--- a/playbooks/mongodb.yml
+++ b/playbooks/mongodb.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=mongodb"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=mongodb
-- name: configure instance
+- name: Configure instance
hosts: mongodb
user: root
gather_facts: true
@@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
diff --git a/playbooks/mqtt.yml b/playbooks/mqtt.yml
index 8fcdc57..60ef955 100644
--- a/playbooks/mqtt.yml
+++ b/playbooks/mqtt.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=mqtt"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=mqtt
-- name: configure instance
+- name: Configure instance
hosts: mqtt
user: root
gather_facts: true
diff --git a/playbooks/munin.yml b/playbooks/munin.yml
index e8874eb..7087b11 100644
--- a/playbooks/munin.yml
+++ b/playbooks/munin.yml
@@ -1,14 +1,16 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=munin"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=munin
-- name: configure instance
+- name: Configure instance
hosts: munin
user: root
gather_facts: true
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@@ -30,8 +32,8 @@
- munin_server
tasks:
- - name: require authentication for munin web
- copy:
+ - name: Require authentication for munin web
+ ansible.builtin.copy:
dest: /etc/httpd/conf.local.d/munin-auth.conf
content: |
@@ -43,4 +45,4 @@
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- notify: restart apache
+ notify: Restart apache
diff --git a/playbooks/nas.yml b/playbooks/nas.yml
index 766d69a..7a2448d 100644
--- a/playbooks/nas.yml
+++ b/playbooks/nas.yml
@@ -1,16 +1,19 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=nas"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=nas
-- name: configure instance
+- name: Configure instance
hosts: nas
user: root
gather_facts: true
vars_files:
- "{{ ansible_private }}/vars.yml"
+
pre_tasks:
- - name: mount /export/home
- mount:
+ - name: Mount /export/home
+ ansible.posix.mount:
name: /export/home
src: LABEL=home
fstype: xfs
@@ -18,8 +21,8 @@
passno: "0"
dump: "0"
state: mounted
- - name: mount /export/roles
- mount:
+ - name: Mount /export/roles
+ ansible.posix.mount:
name: /export/roles
src: LABEL=roles
fstype: xfs
@@ -37,8 +40,8 @@
principals: "nfs/{{ inventory_hostname }}@FOO.SH"
tasks:
- - name: copy exports file
- copy:
+ - name: Copy exports file
+ ansible.builtin.copy:
dest: /etc/exports
content: |
/export/home 172.20.30.0/24(rw,root_squash,secure,sec=krb5p) \
diff --git a/playbooks/nms.yml b/playbooks/nms.yml
index 5161e59..22f3739 100644
--- a/playbooks/nms.yml
+++ b/playbooks/nms.yml
@@ -1,14 +1,16 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=nms"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=nms
-- name: configure instance
+- name: Configure instance
hosts: nms
user: root
gather_facts: true
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@@ -27,17 +29,20 @@
- tftp
tasks:
- - import_role:
+ - name: Enable UDP rsyslog server
+ ansible.builtin.import_role:
name: rsyslog
tasks_from: udp-listen
- - import_role:
+
+ - name: Enable postfix mail relay
+ ansible.builtin.import_role:
name: postfix
tasks_from: relay
vars:
relay_domains: [foo.sh]
- - name: copy dns zone files
- copy:
+ - name: Copy DNS zone files
+ ansible.builtin.copy:
dest: "/var/lib/unbound/{{ item }}"
src: "/srv/dns/{{ item }}"
mode: 0644
@@ -48,18 +53,20 @@
with_items:
- 25.20.172.in-addr.arpa
- oob.foo.sh
- - import_role:
+
+ - name: Import unbound role
+ ansible.builtin.import_role:
name: unbound
# convert this to role for restart support
- - name: enable ntp server for oob network
- lineinfile:
+ - name: Enable NTP server for oob network
+ ansible.builtin.lineinfile:
path: /etc/chrony.conf
regexp: "^#?allow .*"
line: "allow 172.20.25.0/24"
- - name: install extra tools
- package:
+ - name: Install extra packages
+ ansible.builtin.package:
name: "{{ item }}"
state: installed
with_items:
diff --git a/playbooks/ns.yml b/playbooks/ns.yml
index 6041536..488d2fe 100644
--- a/playbooks/ns.yml
+++ b/playbooks/ns.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=ns:!vultr"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=ns:!vultr
-- name: configure instance
+- name: Configure instance
hosts: ns
user: root
gather_facts: true
diff --git a/playbooks/oci-node.yml b/playbooks/oci-node.yml
index cb80a3d..d37868e 100644
--- a/playbooks/oci-node.yml
+++ b/playbooks/oci-node.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=ocinode"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=ocinode
-- name: configure instance
+- name: Configure instance
hosts: ocinode
user: root
gather_facts: true
diff --git a/playbooks/print.yml b/playbooks/print.yml
index 1d77728..5729486 100644
--- a/playbooks/print.yml
+++ b/playbooks/print.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=print"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=print
-- name: configure instance
+- name: Configure instance
hosts: print
user: root
gather_facts: true
@@ -15,14 +17,15 @@
- mkhomedir
tasks:
- - name: run handlers to get interfaces configured
- meta: flush_handlers
+ - name: Run handlers to get interfaces configured
+ ansible.builtin.meta: flush_handlers
- - import_role:
+ - name: Import dhcpd role
+ ansible.builtin.import_role:
name: dhcpd
- - name: copy dns zone files
- copy:
+ - name: Copy DNS zone files
+ ansible.builtin.copy:
dest: "/var/lib/unbound/{{ item }}"
src: "/srv/dns/{{ item }}"
mode: 0644
@@ -33,12 +36,17 @@
with_items:
- 24.20.172.in-addr.arpa
- print.foo.sh
- - import_role:
+
+ - name: Install unbound role
+ ansible.builtin.import_role:
name: unbound
- - import_role:
+ - name: Install cups_server role
+ ansible.builtin.import_role:
name: cups_server
- - import_role:
+
+ - name: Install keytab for CUPS
+ ansible.builtin.import_role:
name: keytab
vars:
keytab: /etc/cups/cups.keytab
diff --git a/playbooks/proxy.yml b/playbooks/proxy.yml
index b5a7b66..d08b07d 100644
--- a/playbooks/proxy.yml
+++ b/playbooks/proxy.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=proxy"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=proxy
-- name: configure instance
+- name: Configure instance
hosts: proxy
user: root
gather_facts: true
diff --git a/playbooks/relay.yml b/playbooks/relay.yml
index 2111f32..65d9e41 100644
--- a/playbooks/relay.yml
+++ b/playbooks/relay.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=relay"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=relay
-- name: configure instance
+- name: Configure instance
hosts: relay
user: root
gather_facts: true
@@ -14,16 +16,12 @@
- ifstated
- relayd
- nginx/server
-
- tasks:
- - include_role:
- name: nginx/site
- vars:
- site: "{{ sitename }}"
- redirect: https://www.foo.sh/
- with_items:
- - ldap.foo.sh
- - ldap01.foo.sh
- - loghost.foo.sh
- loop_control:
- loop_var: sitename
+ - role: nginx/site
+ site: ldap.foo.sh
+ redirect: https://www.foo.sh/
+ - role: nginx/site
+ site: ldap01.foo.sh
+ redirect: https://www.foo.sh/
+ - role: nginx/site
+ site: loghost.foo.sh
+ redirect: https://www.foo.sh/
diff --git a/playbooks/shell.yml b/playbooks/shell.yml
index 6d191e2..44434d0 100644
--- a/playbooks/shell.yml
+++ b/playbooks/shell.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=shell"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=shell
-- name: configure instance
+- name: Configure instance
hosts: shell
user: root
gather_facts: true
@@ -26,8 +28,8 @@
plaintext: true
tasks:
- - name: install extra package groups
- dnf:
+ - name: Install extra package groups
+ ansible.builtin.dnf:
name:
- "@development"
- "@fonts"
@@ -38,8 +40,8 @@
- fprintd-pam
- gnome-initial-setup
- - name: install extra packages
- package:
+ - name: Install extra packages
+ ansible.builtin.package:
name: "{{ package }}"
state: installed
with_items:
@@ -69,8 +71,8 @@
loop_control:
loop_var: package
- - name: add software packaged in roles
- include_role:
+ - name: Add software packaged in roles
+ ansible.builtin.include_role:
name: "{{ role }}"
with_items:
- cups
@@ -84,8 +86,8 @@
loop_control:
loop_var: role
- - name: add home.foo.sh hosts to ssh config
- copy:
+ - name: Add home.foo.sh hosts to ssh config
+ ansible.builtin.copy:
dest: /etc/ssh/ssh_config.d/home.foo.sh.conf
content: |
Host *.home.foo.sh !gw.home.foo.sh
diff --git a/playbooks/sqldb.yml b/playbooks/sqldb.yml
index a2a36cc..13730c2 100644
--- a/playbooks/sqldb.yml
+++ b/playbooks/sqldb.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=sqldb"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=sqldb
-- name: configure instance
+- name: Configure instance
hosts: sqldb
user: root
gather_facts: true
@@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
diff --git a/playbooks/static.yml b/playbooks/static.yml
index 5b9a54e..e789437 100644
--- a/playbooks/static.yml
+++ b/playbooks/static.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=static"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=static
-- name: configure instance
+- name: Configure instance
hosts: static
user: root
gather_facts: true
@@ -21,13 +23,14 @@
- apache
tasks:
- - name: allow apache to access nfs mounts from selinux
- seboolean:
+ - name: Allow apache to access nfs mounts from selinux
+ ansible.posix.seboolean:
name: httpd_use_nfs
state: true
persistent: true
- - name: share role and home directories to apache
- copy:
+
+ - name: Share role and home directories to apache
+ ansible.builtin.copy:
dest: /etc/httpd/conf.local.d/public_html.conf
content: |
UserDir enabled
diff --git a/playbooks/vmhost.yml b/playbooks/vmhost.yml
index 5ad179f..66a3139 100644
--- a/playbooks/vmhost.yml
+++ b/playbooks/vmhost.yml
@@ -1,5 +1,5 @@
---
-- name: configure instance
+- name: Configure instance
hosts: vmhost
user: root
gather_facts: true
@@ -8,8 +8,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: mount /export/libvirt/hdd
- ansible.builtin.mount:
+ - name: Mount /export/libvirt/hdd
+ ansible.posix.mount:
name: /export/libvirt/hdd
src: LABEL=hdd
fstype: xfs
@@ -17,8 +17,8 @@
passno: "0"
dump: "0"
state: mounted
- - name: mount /export/libvirt/nvme
- ansible.builtin.mount:
+ - name: Mount /export/libvirt/nvme
+ ansible.posix.mount:
name: /export/libvirt/nvme
src: LABEL=nvme
fstype: xfs
@@ -26,8 +26,8 @@
passno: "0"
dump: "0"
state: mounted
- - name: mount /export/libvirt/ssd
- ansible.builtin.mount:
+ - name: Mount /export/libvirt/ssd
+ ansible.posix.mount:
name: /export/libvirt/ssd
src: LABEL=ssd
fstype: xfs
diff --git a/playbooks/zm.yml b/playbooks/zm.yml
index c3a3b77..67537aa 100644
--- a/playbooks/zm.yml
+++ b/playbooks/zm.yml
@@ -1,7 +1,9 @@
---
-- import_playbook: "include/deploy-kvm-guest.yml myhosts=zm"
+- name: Deploy KVM virtual machines
+ ansible.builtin.import_playbook: >-
+ include/deploy-kvm-guest.yml myhosts=zm
-- name: configure instance
+- name: Configure instance
hosts: zm
user: root
gather_facts: true
@@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- - name: mount /export
- mount:
+ - name: Mount /export
+ ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@@ -29,17 +31,17 @@
group: apache
tasks:
- - name: run handlers to get interfaces configured
- meta: flush_handlers
+ - name: Run handlers to get interfaces configured
+ ansible.builtin.meta: flush_handlers
# TODO: this should really be fixed
- - name: put selinux in permissive state
- selinux:
+ - name: Put selinux in permissive state
+ ansible.posix.selinux:
policy: targeted
state: permissive
- - name: copy dns zone files
- copy:
+ - name: Copy DNS zone files
+ ansible.builtin.copy:
dest: "/var/lib/unbound/{{ item }}"
src: "/srv/dns/{{ item }}"
mode: 0644
@@ -50,22 +52,25 @@
with_items:
- 26.20.172.in-addr.arpa
- cam.foo.sh
- - import_role:
+
+ - name: Include unbound role
+ ansible.builtin.import_role:
name: unbound
- - include_role:
+ - name: Include dhcpd and zoneminder roles
+ ansible.builtin.include_role:
name: "{{ item }}"
with_items:
- dhcpd
- zoneminder
- - name: install extra packages for debugging
- package:
+ - name: Install extra packages for debugging
+ ansible.builtin.package:
name: rtmpdump
state: installed
- - name: require authentication for munin web
- copy:
+ - name: Require authentication for zoneminder
+ ansible.builtin.copy:
dest: /etc/httpd/conf.local.d/zoneminder-auth.conf
content: |
@@ -79,8 +84,8 @@
group: "{{ ansible_wheel }}"
notify: Restart apache
- - name: enable ntp server for cam network
- lineinfile:
+ - name: Enable NTP server for cam network
+ ansible.builtin.lineinfile:
path: /etc/chrony.conf
regexp: "^#?allow .*"
line: "allow 172.20.26.0/24"