foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ansible-lint fixes for host group playbooks

Browse source
This commit is contained in:
Timo Makinen 2022-10-31 18:02:19 +00:00
parent 112d51c67f
commit 2e97e2af9e
28 changed files with 281 additions and 204 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
playbooks/adm.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=adm"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=adm
- name: configure instance
- name: Configure instance
hosts: adm
user: root
gather_facts: true
@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@ -34,8 +36,8 @@
- web_build
tasks:
- name: install packages
package:
- name: Install packages
ansible.builtin.package:
name: "{{ item }}"
state: installed
with_items:
@ -53,8 +55,8 @@
- wget # still in backbone for downloads
- whois # read whois data
- yamllint # yaml linting
- name: disable ip host key checking from ssh
copy:
- name: Disable IP host key checking from SSH
ansible.builtin.copy:
content: |
Host *.home.foo.sh
CheckHostIP no

10
playbooks/backup.yml
View file

@ -1,14 +1,16 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=backup"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=backup
- name: configure instance
- name: Configure instance
hosts: backup
user: root
gather_facts: true
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: /dev/sd1a
fstype: ffs

32
playbooks/collab.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=collab"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=collab
- name: configure instance
- name: Configure instance
hosts: collab
user: root
gather_facts: true
@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@ -31,8 +33,8 @@
- ldap
tasks:
- name: redirect root web directory to collab
copy:
- name: Redirect root web directory to collab
ansible.builtin.copy:
content: "RedirectMatch permanent \"^/$\" /collab/\n"
dest: "/etc/httpd/conf.local.d/redirects.conf"
mode: 0644
@ -40,8 +42,8 @@
group: "{{ ansible_wheel }}"
notify: Restart apache
- name: create htaccess for collab
copy:
- name: Create htaccess for collab
ansible.builtin.copy:
content: |
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
@ -62,20 +64,22 @@
seuser: _default
setype: _default
- name: auto create collab users
lineinfile:
- name: Auto create collab users
ansible.builtin.lineinfile:
path: /srv/wikis/collab/config/collabfarm.py
regexp: '^\s+auth = .*'
line: ' auth = [GivenAuth(autocreate=True)]'
notify: Restart apache
- name: set collab base url
lineinfile:
- name: Set collab base url
ansible.builtin.lineinfile:
path: /srv/wikis/collab/config/collabfarm.py
regexp: '^\s+collab_baseurl = .*'
line: " collab_baseurl = 'https://collab.foo.sh/collab/'"
notify: Restart apache
- name: set collab default theme
lineinfile:
- name: Set collab default theme
ansible.builtin.lineinfile:
path: /srv/wikis/collab/config/collabfarm.py
regexp: '^\s+theme_default = .*'
line: " theme_default = 'foosh'"

6
playbooks/devel.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=devel01.home.foo.sh"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=devel01.home.foo.sh
- name: configure instance
- name: Configure instance
hosts: devel01.home.foo.sh
user: root
gather_facts: true

67
playbooks/dna-gw.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=dnagw"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=dnagw
- name: configure instance
- name: Configure instance
hosts: dnagw
user: root
gather_facts: true
@ -20,21 +22,22 @@
- websockify
tasks:
- name: use configured dns servers and domain name
copy:
- name: Use configured dns servers and domain name
ansible.builtin.copy:
dest: /etc/dhclient.conf
content: "ignore domain-name-servers, domain-name;\n"
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- name: disable resolvd
- name: Disable resolvd
ansible.builtin.service:
name: resolvd
state: stopped
enabled: false
- name: enable ip forwarding
sysctl:
- name: Enable ip forwarding
ansible.posix.sysctl:
name: "{{ item }}"
sysctl_set: true
value: "1"
@ -42,18 +45,19 @@
- net.inet.ip.forwarding
- net.inet6.ip6.forwarding
- name: run handlers to get interfaces configured
meta: flush_handlers
- name: Run handlers to get interfaces configured
ansible.builtin.meta: flush_handlers
- name: create tftp boot directories
file:
- name: Create tftp boot directories
ansible.builtin.file:
path: /srv/tftpboot/etc
state: directory
mode: 0755
owner: root
group: "{{ ansible_wheel }}"
- name: create tftp boot config for openbsd
copy:
- name: Create tftp boot config for OpenBSD installs
ansible.builtin.copy:
dest: /srv/tftpboot/etc/boot.conf
content: |
stty com0 115200
@ -62,24 +66,27 @@
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- name: create tftp pxeboot loader for openbssd
get_url:
- name: Create tftp pxeboot loader for OpenBSD installs
ansible.builtin.get_url:
url: "https://mirrors.foo.sh/openbsd/7.2/amd64/pxeboot"
checksum: sha1:e5f8117a9c65ab3b31f2d5464940879406caf80e
dest: /srv/tftpboot/pxeboot
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- name: create tftp ramdisk for openbsd
get_url:
- name: Create tftp ramdisk for OpenBSD installs
ansible.builtin.get_url:
url: "https://mirrors.foo.sh/openbsd/7.2/amd64/bsd.rd"
checksum: sha1:7f8eb578d65401f4076c074802f47a5c732aadb3
dest: /srv/tftpboot/bsd.rd
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- name: create install.conf for openbsd
get_url:
- name: Create install.conf for OpenBSD installs
ansible.builtin.get_url:
url: "https://boot.foo.sh/openbsd/install.conf"
checksum: sha1:f6270708dad3f759df02eefeab300d9b8670f3d4
dest: /srv/tftpboot/install.conf
@ -87,8 +94,8 @@
owner: root
group: "{{ ansible_wheel }}"
- name: copy custom nginx config
copy:
- name: Copy custom to allow plaint http access with internal IP
ansible.builtin.copy:
dest: /etc/nginx/conf.d/172.20.20.1.conf
content: |
server {
@ -108,8 +115,8 @@
group: "{{ ansible_wheel }}"
notify: Restart nginx
- name: copy dns private key
copy:
- name: Copy DNS private key
ansible.builtin.copy:
dest: "{{ tls_private }}/dns.home.foo.sh.key"
src: "{{ item }}"
mode: 0600
@ -120,8 +127,9 @@
- "/srv/ca/private/{{ inventory_hostname }}.key"
tags: certificates
notify: Restart unbound
- name: copy dns certificate and ca cert
copy:
- name: Copy DNS certificate and ca cert
ansible.builtin.copy:
dest: "{{ tls_certs }}/dns.home.foo.sh.crt"
src: "{{ item }}"
mode: 0644
@ -132,8 +140,9 @@
- "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
tags: certificates
notify: Restart unbound
- name: copy dns zone files
copy:
- name: Copy DNS zone files
ansible.builtin.copy:
dest: "/var/unbound/db/{{ item }}"
src: "/srv/dns/{{ item }}"
mode: 0644
@ -144,5 +153,7 @@
with_items:
- 20.172.in-addr.arpa
- home.foo.sh
- import_role:
- name: Import unbound role
ansible.builtin.import_role:
name: unbound

14
playbooks/fsol-gw.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=fsolgw"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=fsolgw
- name: configure instance
- name: Configure instance
hosts: fsolgw
user: root
gather_facts: true
@ -10,14 +12,14 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: disable resolvd service
- name: Disable resolvd service
ansible.builtin.service:
name: resolvd
state: stopped
enabled: false
tasks:
- name: enable ip forwarding
- name: Enable IP forwarding
ansible.posix.sysctl:
name: "{{ item }}"
sysctl_set: true
@ -25,14 +27,14 @@
with_items:
- net.inet.ip.forwarding
- net.inet6.ip6.forwarding
- name: use manual dns servers
- name: Manually set DNS servers
ansible.builtin.copy:
dest: /etc/dhclient.conf
content: "ignore domain-name-servers, domain-name;\n"
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- name: create pfsync interface
- name: Create pfsync interface
ansible.builtin.copy:
dest: /etc/hostname.pfsync0
content: "up syncdev vio1\n"

10
playbooks/git.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=git"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=git
- name: configure instance
- name: Configure instance
hosts: git
user: root
gather_facts: true
@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs

10
playbooks/influxdb.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=influxdb"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=influxdb
- name: configure instance
- name: Configure instance
hosts: influxdb
user: root
gather_facts: true
@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs

10
playbooks/ldap.yml
View file

@ -1,14 +1,16 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=ldap"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=ldap
- name: configure instance
- name: Configure instance
hosts: ldap
user: root
gather_facts: true
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs

14
playbooks/log.yml
View file

@ -1,14 +1,16 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=log"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=log
- name: configure instance
- name: Configure instance
hosts: log
user: root
gather_facts: true
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: /dev/sd1a
fstype: ffs
@ -25,8 +27,8 @@
- web_logs
tasks:
- name: install extra packages
package:
- name: Install extra packages
ansible.builtin.package:
name: "{{ package }}"
state: installed
with_items:

10
playbooks/mail.yml
View file

@ -1,14 +1,16 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=mail"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=mail
- name: configure instance
- name: Configure instance
hosts: mail
user: root
gather_facts: true
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs

10
playbooks/minecraft.yml
View file

@ -1,14 +1,16 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=minecraft"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=minecraft
- name: configure instance
- name: Configure instance
hosts: minecraft
user: root
gather_facts: true
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs

14
playbooks/mirror.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=mirror"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=mirror
- name: configure instance
- name: Configure instance
hosts: mirror
user: root
gather_facts: true
@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@ -78,8 +80,8 @@
- "--delete-excluded"
tasks:
- name: link foo.sh yum repo to web
file:
- name: Link foo.sh yum repo to web
ansible.builtin.file:
dest: /srv/web/{{ inventory_hostname }}/foo.sh
src: /srv/mirrors/foo.sh
state: link

10
playbooks/mongodb.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=mongodb"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=mongodb
- name: configure instance
- name: Configure instance
hosts: mongodb
user: root
gather_facts: true
@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs

6
playbooks/mqtt.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=mqtt"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=mqtt
- name: configure instance
- name: Configure instance
hosts: mqtt
user: root
gather_facts: true

16
playbooks/munin.yml
View file

@ -1,14 +1,16 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=munin"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=munin
- name: configure instance
- name: Configure instance
hosts: munin
user: root
gather_facts: true
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@ -30,8 +32,8 @@
- munin_server
tasks:
- name: require authentication for munin web
copy:
- name: Require authentication for munin web
ansible.builtin.copy:
dest: /etc/httpd/conf.local.d/munin-auth.conf
content: |
<Location />
@ -43,4 +45,4 @@
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
notify: restart apache
notify: Restart apache

19
playbooks/nas.yml
View file

@ -1,16 +1,19 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=nas"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=nas
- name: configure instance
- name: Configure instance
hosts: nas
user: root
gather_facts: true
vars_files:
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export/home
mount:
- name: Mount /export/home
ansible.posix.mount:
name: /export/home
src: LABEL=home
fstype: xfs
@ -18,8 +21,8 @@
passno: "0"
dump: "0"
state: mounted
- name: mount /export/roles
mount:
- name: Mount /export/roles
ansible.posix.mount:
name: /export/roles
src: LABEL=roles
fstype: xfs
@ -37,8 +40,8 @@
principals: "nfs/{{ inventory_hostname }}@FOO.SH"
tasks:
- name: copy exports file
copy:
- name: Copy exports file
ansible.builtin.copy:
dest: /etc/exports
content: |
/export/home 172.20.30.0/24(rw,root_squash,secure,sec=krb5p) \

33
playbooks/nms.yml
View file

@ -1,14 +1,16 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=nms"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=nms
- name: configure instance
- name: Configure instance
hosts: nms
user: root
gather_facts: true
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@ -27,17 +29,20 @@
- tftp
tasks:
- import_role:
- name: Enable UDP rsyslog server
ansible.builtin.import_role:
name: rsyslog
tasks_from: udp-listen
- import_role:
- name: Enable postfix mail relay
ansible.builtin.import_role:
name: postfix
tasks_from: relay
vars:
relay_domains: [foo.sh]
- name: copy dns zone files
copy:
- name: Copy DNS zone files
ansible.builtin.copy:
dest: "/var/lib/unbound/{{ item }}"
src: "/srv/dns/{{ item }}"
mode: 0644
@ -48,18 +53,20 @@
with_items:
- 25.20.172.in-addr.arpa
- oob.foo.sh
- import_role:
- name: Import unbound role
ansible.builtin.import_role:
name: unbound
# convert this to role for restart support
- name: enable ntp server for oob network
lineinfile:
- name: Enable NTP server for oob network
ansible.builtin.lineinfile:
path: /etc/chrony.conf
regexp: "^#?allow .*"
line: "allow 172.20.25.0/24"
- name: install extra tools
package:
- name: Install extra packages
ansible.builtin.package:
name: "{{ item }}"
state: installed
with_items:

6
playbooks/ns.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=ns:!vultr"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=ns:!vultr
- name: configure instance
- name: Configure instance
hosts: ns
user: root
gather_facts: true

6
playbooks/oci-node.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=ocinode"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=ocinode
- name: configure instance
- name: Configure instance
hosts: ocinode
user: root
gather_facts: true

28
playbooks/print.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=print"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=print
- name: configure instance
- name: Configure instance
hosts: print
user: root
gather_facts: true
@ -15,14 +17,15 @@
- mkhomedir
tasks:
- name: run handlers to get interfaces configured
meta: flush_handlers
- name: Run handlers to get interfaces configured
ansible.builtin.meta: flush_handlers
- import_role:
- name: Import dhcpd role
ansible.builtin.import_role:
name: dhcpd
- name: copy dns zone files
copy:
- name: Copy DNS zone files
ansible.builtin.copy:
dest: "/var/lib/unbound/{{ item }}"
src: "/srv/dns/{{ item }}"
mode: 0644
@ -33,12 +36,17 @@
with_items:
- 24.20.172.in-addr.arpa
- print.foo.sh
- import_role:
- name: Install unbound role
ansible.builtin.import_role:
name: unbound
- import_role:
- name: Install cups_server role
ansible.builtin.import_role:
name: cups_server
- import_role:
- name: Install keytab for CUPS
ansible.builtin.import_role:
name: keytab
vars:
keytab: /etc/cups/cups.keytab

6
playbooks/proxy.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=proxy"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=proxy
- name: configure instance
- name: Configure instance
hosts: proxy
user: root
gather_facts: true

26
playbooks/relay.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=relay"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=relay
- name: configure instance
- name: Configure instance
hosts: relay
user: root
gather_facts: true
@ -14,16 +16,12 @@
- ifstated
- relayd
- nginx/server
tasks:
- include_role:
name: nginx/site
vars:
site: "{{ sitename }}"
- role: nginx/site
site: ldap.foo.sh
redirect: https://www.foo.sh/
- role: nginx/site
site: ldap01.foo.sh
redirect: https://www.foo.sh/
- role: nginx/site
site: loghost.foo.sh
redirect: https://www.foo.sh/
with_items:
- ldap.foo.sh
- ldap01.foo.sh
- loghost.foo.sh
loop_control:
loop_var: sitename

22
playbooks/shell.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=shell"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=shell
- name: configure instance
- name: Configure instance
hosts: shell
user: root
gather_facts: true
@ -26,8 +28,8 @@
plaintext: true
tasks:
- name: install extra package groups
dnf:
- name: Install extra package groups
ansible.builtin.dnf:
name:
- "@development"
- "@fonts"
@ -38,8 +40,8 @@
- fprintd-pam
- gnome-initial-setup
- name: install extra packages
package:
- name: Install extra packages
ansible.builtin.package:
name: "{{ package }}"
state: installed
with_items:
@ -69,8 +71,8 @@
loop_control:
loop_var: package
- name: add software packaged in roles
include_role:
- name: Add software packaged in roles
ansible.builtin.include_role:
name: "{{ role }}"
with_items:
- cups
@ -84,8 +86,8 @@
loop_control:
loop_var: role
- name: add home.foo.sh hosts to ssh config
copy:
- name: Add home.foo.sh hosts to ssh config
ansible.builtin.copy:
dest: /etc/ssh/ssh_config.d/home.foo.sh.conf
content: |
Host *.home.foo.sh !gw.home.foo.sh

10
playbooks/sqldb.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=sqldb"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=sqldb
- name: configure instance
- name: Configure instance
hosts: sqldb
user: root
gather_facts: true
@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs

15
playbooks/static.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=static"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=static
- name: configure instance
- name: Configure instance
hosts: static
user: root
gather_facts: true
@ -21,13 +23,14 @@
- apache
tasks:
- name: allow apache to access nfs mounts from selinux
seboolean:
- name: Allow apache to access nfs mounts from selinux
ansible.posix.seboolean:
name: httpd_use_nfs
state: true
persistent: true
- name: share role and home directories to apache
copy:
- name: Share role and home directories to apache
ansible.builtin.copy:
dest: /etc/httpd/conf.local.d/public_html.conf
content: |
UserDir enabled

14
playbooks/vmhost.yml
View file

@ -1,5 +1,5 @@
---
- name: configure instance
- name: Configure instance
hosts: vmhost
user: root
gather_facts: true
@ -8,8 +8,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export/libvirt/hdd
ansible.builtin.mount:
- name: Mount /export/libvirt/hdd
ansible.posix.mount:
name: /export/libvirt/hdd
src: LABEL=hdd
fstype: xfs
@ -17,8 +17,8 @@
passno: "0"
dump: "0"
state: mounted
- name: mount /export/libvirt/nvme
ansible.builtin.mount:
- name: Mount /export/libvirt/nvme
ansible.posix.mount:
name: /export/libvirt/nvme
src: LABEL=nvme
fstype: xfs
@ -26,8 +26,8 @@
passno: "0"
dump: "0"
state: mounted
- name: mount /export/libvirt/ssd
ansible.builtin.mount:
- name: Mount /export/libvirt/ssd
ansible.posix.mount:
name: /export/libvirt/ssd
src: LABEL=ssd
fstype: xfs

41
playbooks/zm.yml
View file

@ -1,7 +1,9 @@
---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=zm"
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: >-
include/deploy-kvm-guest.yml myhosts=zm
- name: configure instance
- name: Configure instance
hosts: zm
user: root
gather_facts: true
@ -10,8 +12,8 @@
- "{{ ansible_private }}/vars.yml"
pre_tasks:
- name: mount /export
mount:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
@ -29,17 +31,17 @@
group: apache
tasks:
- name: run handlers to get interfaces configured
meta: flush_handlers
- name: Run handlers to get interfaces configured
ansible.builtin.meta: flush_handlers
# TODO: this should really be fixed
- name: put selinux in permissive state
selinux:
- name: Put selinux in permissive state
ansible.posix.selinux:
policy: targeted
state: permissive
- name: copy dns zone files
copy:
- name: Copy DNS zone files
ansible.builtin.copy:
dest: "/var/lib/unbound/{{ item }}"
src: "/srv/dns/{{ item }}"
mode: 0644
@ -50,22 +52,25 @@
with_items:
- 26.20.172.in-addr.arpa
- cam.foo.sh
- import_role:
- name: Include unbound role
ansible.builtin.import_role:
name: unbound
- include_role:
- name: Include dhcpd and zoneminder roles
ansible.builtin.include_role:
name: "{{ item }}"
with_items:
- dhcpd
- zoneminder
- name: install extra packages for debugging
package:
- name: Install extra packages for debugging
ansible.builtin.package:
name: rtmpdump
state: installed
- name: require authentication for munin web
copy:
- name: Require authentication for zoneminder
ansible.builtin.copy:
dest: /etc/httpd/conf.local.d/zoneminder-auth.conf
content: |
<Location /zm>
@ -79,8 +84,8 @@
group: "{{ ansible_wheel }}"
notify: Restart apache
- name: enable ntp server for cam network
lineinfile:
- name: Enable NTP server for cam network
ansible.builtin.lineinfile:
path: /etc/chrony.conf
regexp: "^#?allow .*"
line: "allow 172.20.26.0/24"