112 lines
3.3 KiB
YAML
112 lines
3.3 KiB
YAML
---
|
|
- name: Deploy KVM virtual machines
|
|
ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
|
|
vars:
|
|
myhosts: adm
|
|
|
|
- name: Configure instance
|
|
hosts: adm
|
|
user: root
|
|
gather_facts: true
|
|
|
|
vars_files:
|
|
- "{{ ansible_private }}/vars.yml"
|
|
|
|
pre_tasks:
|
|
- name: Mount /export
|
|
ansible.posix.mount:
|
|
name: /export
|
|
src: LABEL=/export
|
|
fstype: xfs
|
|
opts: noatime,nosuid,nodev
|
|
passno: "0"
|
|
dump: "0"
|
|
state: mounted
|
|
|
|
roles:
|
|
- base
|
|
- ansible_host
|
|
- certbot
|
|
- sshca
|
|
- ssh_known_hosts
|
|
- role: keytab
|
|
keytab_principals:
|
|
- "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
|
- nfs_client
|
|
- role: autofs
|
|
autofs_home: false
|
|
- sssd
|
|
- mkhomedir
|
|
- rpm_build
|
|
- web_build
|
|
|
|
tasks:
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- httpd-tools # htpasswd
|
|
- knot-utils # kdig (dns over tls)
|
|
- libvirt-client # kvm host client
|
|
- make # generic building
|
|
- mariadb # mariadb client tools
|
|
- nmap # check for open ports
|
|
- nsd # check dns zone files
|
|
- podman # building containers
|
|
- pylint # python linting
|
|
- python3-flake8 # python linting
|
|
- speedtest-cli # testing network speed
|
|
- ShellCheck # shell script linting
|
|
- virt-install # install kvm guests
|
|
- wget # still in backbone for downloads
|
|
- whois # read whois data
|
|
- yamllint # yaml linting
|
|
- name: Disable IP host key checking from SSH
|
|
ansible.builtin.copy:
|
|
content: |
|
|
Host *.home.foo.sh
|
|
CheckHostIP no
|
|
Host shell??.foo.sh
|
|
CheckHostIP no
|
|
dest: /root/.ssh/config
|
|
mode: "0600"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Clone dns repo
|
|
ansible.builtin.git:
|
|
dest: /export/dns
|
|
repo: https://adm01.home.foo.sh/dns.git
|
|
update: true
|
|
version: master
|
|
environment:
|
|
GIT_SSL_CAINFO: "{{ tls_certs }}/ca.crt"
|
|
GIT_SSL_CERT: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
|
|
GIT_SSL_KEY: "{{ tls_private }}/{{ inventory_hostname }}.key"
|
|
when: 'inventory_hostname != "adm01.home.foo.sh"'
|
|
- name: Link dns repo
|
|
ansible.builtin.file:
|
|
dest: /srv/dns
|
|
src: /export/dns
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
follow: false
|
|
- name: Add cron job to sync dns repo
|
|
ansible.builtin.cron:
|
|
name: sync dns repository
|
|
job: >-
|
|
GIT_SSL_CAINFO="{{ tls_certs }}/ca.crt"
|
|
GIT_SSL_CERT="{{ tls_certs }}/{{ inventory_hostname }}.crt"
|
|
GIT_SSL_KEY="{{ tls_private }}/{{ inventory_hostname }}.key"
|
|
git -C /srv/dns pull -q
|
|
minute: "02"
|
|
when: 'inventory_hostname != "adm01.home.foo.sh"'
|
|
- name: Links dns repo to web
|
|
ansible.builtin.file:
|
|
dest: "/srv/web/{{ inventory_hostname }}/dns.git"
|
|
src: /srv/dns/.git
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|