92 lines
2 KiB
YAML
92 lines
2 KiB
YAML
---
|
|
- name: Deploy KVM virtual machines
|
|
ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
|
|
vars:
|
|
myhosts: nms
|
|
|
|
- name: Configure instance
|
|
hosts: nms
|
|
user: root
|
|
gather_facts: true
|
|
|
|
pre_tasks:
|
|
- name: Mount /export
|
|
ansible.posix.mount:
|
|
name: /export
|
|
src: LABEL=/export
|
|
fstype: xfs
|
|
opts: noatime,noexec,nosuid,nodev
|
|
passno: "0"
|
|
dump: "0"
|
|
state: mounted
|
|
|
|
vars_files:
|
|
- "{{ ansible_private }}/vars.yml"
|
|
|
|
roles:
|
|
- base
|
|
- cups
|
|
- nginx
|
|
- role: nginx_site
|
|
nginx_site_name: oob.foo.sh
|
|
nginx_site_plaintext: false
|
|
- role: keytab
|
|
keytab_principals:
|
|
- "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
|
|
- nfs_client
|
|
- role: autofs
|
|
autofs_home: false
|
|
- sssd
|
|
- mkhomedir
|
|
- aten_pdu
|
|
- routeros
|
|
- snmp_exporter
|
|
|
|
tasks:
|
|
- name: Enable UDP rsyslog server
|
|
ansible.builtin.import_role:
|
|
name: rsyslog
|
|
tasks_from: udp-listen
|
|
|
|
- name: Enable postfix mail relay
|
|
ansible.builtin.import_role:
|
|
name: postfix
|
|
tasks_from: relay
|
|
vars:
|
|
relay_domains: [foo.sh]
|
|
|
|
- name: Import unbound role
|
|
ansible.builtin.import_role:
|
|
name: unbound
|
|
|
|
- name: Import dhcpd role
|
|
ansible.builtin.import_role:
|
|
name: dhcpd
|
|
|
|
# convert this to role for restart support
|
|
- name: Enable NTP server for oob network
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/chrony.conf
|
|
regexp: "^#?allow .*"
|
|
line: "allow 172.20.25.0/24"
|
|
|
|
- name: Install extra packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- nmap
|
|
- rcs
|
|
- unzip
|
|
- wget
|
|
|
|
- name: Create sw-backup script
|
|
ansible.builtin.copy:
|
|
dest: /usr/local/bin/sw-backup
|
|
content: |
|
|
#!/bin/sh
|
|
set -eu
|
|
ssh "admin@${1}" /export > "/srv/backup/${1}.rsc"
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|