infra/roles/common/tasks/main.yml

---
- set_fact: ansible_pkg_mgr=apt_rpm
- set_fact: node="{{inventory_hostname_short}}"
- set_fact: node="{{stack.nodes[inventory_hostname_short]}}"

- name: wait nodes for connection
  wait_for_connection:
    delay: 3
    timeout: 60

# Disable 'vagrant' user if exists. This operation is needed for boxes
# designed to be used by Vagrant. We don't need 'vagrant' user because
# there is a user named 'test' for our needs.
- name: Disable vagrant user
  user:
    name: vagrant
    state: absent
    remove: yes

- name: disable apt-cache in tmpfs
  block:
    - lineinfile:
        path: /etc/rc.d/rc.local
        regexp: '^/etc/rc\.d/scripts/apt-cache-on-tmp.*'
        state: absent
        backrefs: yes
    - file:
        path: /etc/apt/apt.conf.d/tmp.cache.conf
        state: absent

- name: purge apt.sources
  shell: find /etc/apt/sources.list.d/ -name '*.list' -delete
  changed_when: false

- name: purge all repos with apt-repo
  command: apt-repo rm all
  changed_when: False

- name: set apt sources
  template:
    src: "apt.list.j2"
    dest: "/etc/apt/sources.list.d/{{item}}.list"
  with_items: "{{env.apt.sources}}"

- name: set current branch in rpmmacros
  lineinfile:
    path: /etc/rpm/macros
    regexp: "^[\t ]%_priority_distbranch[\t ]*"
    line: "%_priority_distbranch {{ node.platform }}"
    state: present
    create: yes
    backup: yes

- name: update packages list
  shell: apt-get update

- name: update apt and rpm
  shell: apt-get install -y apt rpm

- name: dist-upgrade
  shell: apt-get -y dist-upgrade

- name: include additional apt repos from tasks
  block:
    - name: include additional apt repos from tasks
      template:
        src: "apt.list.tasks.j2"
        dest: "/etc/apt/sources.list.d/tasks.list"
    - name: update with tasks repos
      shell: |
        apt-get update
        apt-get dist-upgrade -yq
  when: stack.apt_sources_from_tasks is defined and stack.apt_sources_from_tasks | length > 0

- name: allow apt downgrade packages
  template:
    src: "downgrade.j2"
    dest: "/etc/apt/preferences.d/downgrade"
  when: node.arch == 'e2k'

- name: install common packages
  apt_rpm:
    pkg: ntpdate,curl
    state: installed
    update_cache: yes

- name: install Alterator`s modules
  apt_rpm:
      pkg: alterator,alterator-net-eth
#      pkg: alterator,alterator-alternatives,alterator-audit,alterator-bind,alterator-datetime,alterator-dhcp,alterator-groups,alterator-mirror,alterator-mkimage,alterator-net-bond,alterator-net-bridge,alterator-net-domain,alterator-net-eth,alterator-net-functions,alterator-net-iptables,alterator-net-routing,alterator-net-vlan,alterator-packages,alterator-services,alterator-sshd,alterator-sysconfig,alterator-users,alterator-vsftpd,alterator-xinetd
      state: installed

# FIX: don't know how to switch from dhcp to static via alterator
# just remove this line from options file for now
#- name: remove options for eth0
#  lineinfile:
#      dest: /etc/net/ifaces/eth0/options
#      regexp: '^BOOTPROTO=dhcp.*'
#      backrefs: yes
#      state: absent

- name: disable IPv6
  sysctl: name={{ item }} value=1 state=present
  with_items:
    - net.ipv6.conf.all.disable_ipv6
    - net.ipv6.conf.default.disable_ipv6
    - net.ipv6.conf.lo.disable_ipv6

- name: blacklisting IPv6 module
  template:
    src: ipv6-disable.conf.j2
    dest: /etc/modprobe.d/options-local.conf

    #- name: configure NICs
    #  include_tasks: configure_nics.yml
    #  with_dict: "{{node.net}}"
    #  loop_control:
    #      loop_var: nic
    #      #  when: node.net is defined
    #
    #- name: apply NICs config
    #  shell: |
    #    alterator-cmdline /net-eth action write commit "#t"
    #    service network restart
    #  changed_when: false
    #  async: 100
    #  poll: 0
    #
    #- name: update .tmp/ssh_config after NICs reconfiguration
    #  include_role: name="inventory"
    #
    #- name: wait for the host`s NIC to come back
    #  wait_for_connection:
    #    delay: 2
    #    timeout: 300

- debug: msg="{{hostvars['localhost']['other_nics_to_vlan']}}"

- name: enable vlans on other interfaces
  include_role:
    name: pve
    tasks_from: enable_vlans.yml
  when: hostvars['localhost']['other_nics_to_vlan']

- name: configure PBR
  include_tasks: configure_pbr.yml
  with_dict: "{{node.net}}"
  loop_control:
      loop_var: nic

# TODO: need to make it idempotent!
#- name: set hostname
#  shell: '[[ $(hostname) == "{{inventory_hostname_short}}.{{stack.domain}}" ]] || { alterator-cmdline -d /net-eth action write computer_name "{{inventory_hostname_short}}.{{stack.domain}}" commit "#t"; echo changed; }'
#  register: result
#  notify: restart network
#  changed_when: '"changed" in result.stdout'

- name: delete .bash_logout
  file:
    path: /root/.bash_logout
    state: absent

- meta: flush_handlers

- setup:

- name: register users keys
  template:
    dest: /etc/openssh/authorized_keys/root
    src: authorized_keys
    owner: root
    group: root
    mode: 0644

- name: read public ssh host key
  slurp:
    src: /etc/openssh/ssh_host_ed25519_key.pub
  register: host_key

- name: store public ssh host key in local file
  lineinfile:
    regexp: "^{{ inventory_hostname_short}} "
    line: "{{ inventory_hostname_short}},{{ inventory_hostname_short }}.{{ stack.domain | lower }} {{ host_key.content | b64decode | trim }}"
    path: ".tmp/{{ stack_name }}.known_hosts"
    create: yes
  delegate_to: localhost

- name: mount nfs shares
  mount:
    src: "{{item.from}}"
    path: "{{item.to}}"
    fstype: "{{item.fstype}}"
    state: mounted
  with_items: "{{node.mounts}}"
  when: node.mounts is defined
inial public version 2018-10-02 09:12:23 +03:00			`---`
			`- set_fact: ansible_pkg_mgr=apt_rpm`
			`- set_fact: node="{{inventory_hostname_short}}"`
			`- set_fact: node="{{stack.nodes[inventory_hostname_short]}}"`

			`- name: wait nodes for connection`
			`wait_for_connection:`
			`delay: 3`
			`timeout: 60`

[ODDJOB-18] Disable 'vagrant' user We have boxes built for both Vagrant and testing purposes. We don't need 'vagrant' user when performing tests so this step deletes this user completely from the VM. 2019-06-24 15:03:41 +03:00			`# Disable 'vagrant' user if exists. This operation is needed for boxes`
			`# designed to be used by Vagrant. We don't need 'vagrant' user because`
			`# there is a user named 'test' for our needs.`
			`- name: Disable vagrant user`
			`user:`
			`name: vagrant`
			`state: absent`
			`remove: yes`

inial public version 2018-10-02 09:12:23 +03:00			`- name: disable apt-cache in tmpfs`
			`block:`
			`- lineinfile:`
			`path: /etc/rc.d/rc.local`
			`regexp: '^/etc/rc\.d/scripts/apt-cache-on-tmp.*'`
			`state: absent`
			`backrefs: yes`
			`- file:`
			`path: /etc/apt/apt.conf.d/tmp.cache.conf`
			`state: absent`

			`- name: purge apt.sources`
			`shell: find /etc/apt/sources.list.d/ -name '*.list' -delete`
			`changed_when: false`

Add apr-repo rm all before repo settings 2022-04-05 21:45:40 +03:00			`- name: purge all repos with apt-repo`
			`command: apt-repo rm all`
			`changed_when: False`

inial public version 2018-10-02 09:12:23 +03:00			`- name: set apt sources`
			`template:`
			`src: "apt.list.j2"`
			`dest: "/etc/apt/sources.list.d/{{item}}.list"`
			`with_items: "{{env.apt.sources}}"`

Add rpm distbranch macros 2022-04-05 21:14:55 +03:00			`- name: set current branch in rpmmacros`
			`lineinfile:`
			`path: /etc/rpm/macros`
			`regexp: "^[\t ]%_priority_distbranch[\t ]*"`
			`line: "%_priority_distbranch {{ node.platform }}"`
			`state: present`
			`create: yes`
			`backup: yes`

inial public version 2018-10-02 09:12:23 +03:00			`- name: update packages list`
			`shell: apt-get update`

fix apt and rpm upgrade 2019-05-24 18:30:49 +03:00			`- name: update apt and rpm`
			`shell: apt-get install -y apt rpm`

dist-upgrade all nodes 2019-05-24 15:06:10 +03:00			`- name: dist-upgrade`
fix apt and rpm upgrade 2019-05-24 18:30:49 +03:00			`shell: apt-get -y dist-upgrade`
dist-upgrade all nodes 2019-05-24 15:06:10 +03:00
inial public version 2018-10-02 09:12:23 +03:00			`- name: include additional apt repos from tasks`
update packages in case of tasks is defined 2018-11-07 16:27:30 +03:00			`block:`
			`- name: include additional apt repos from tasks`
			`template:`
			`src: "apt.list.tasks.j2"`
			`dest: "/etc/apt/sources.list.d/tasks.list"`
			`- name: update with tasks repos`
			`shell: \|`
			`apt-get update`
use `yes` in apt-get install 2018-11-07 16:42:57 +03:00			`apt-get dist-upgrade -yq`
check tasks list length 2018-11-08 10:43:45 +03:00			`when: stack.apt_sources_from_tasks is defined and stack.apt_sources_from_tasks \| length > 0`
inial public version 2018-10-02 09:12:23 +03:00
			`- name: allow apt downgrade packages`
			`template:`
			`src: "downgrade.j2"`
			`dest: "/etc/apt/preferences.d/downgrade"`
			`when: node.arch == 'e2k'`

			`- name: install common packages`
			`apt_rpm:`
			`pkg: ntpdate,curl`
			`state: installed`
			`update_cache: yes`

			- name: install Alterator`s modules
			`apt_rpm:`
			`pkg: alterator,alterator-net-eth`
			`# pkg: alterator,alterator-alternatives,alterator-audit,alterator-bind,alterator-datetime,alterator-dhcp,alterator-groups,alterator-mirror,alterator-mkimage,alterator-net-bond,alterator-net-bridge,alterator-net-domain,alterator-net-eth,alterator-net-functions,alterator-net-iptables,alterator-net-routing,alterator-net-vlan,alterator-packages,alterator-services,alterator-sshd,alterator-sysconfig,alterator-users,alterator-vsftpd,alterator-xinetd`
			`state: installed`

			`# FIX: don't know how to switch from dhcp to static via alterator`
			`# just remove this line from options file for now`
Refactoring 2022-03-29 03:12:05 +03:00			`#- name: remove options for eth0`
			`# lineinfile:`
			`# dest: /etc/net/ifaces/eth0/options`
			`# regexp: '^BOOTPROTO=dhcp.*'`
			`# backrefs: yes`
			`# state: absent`
inial public version 2018-10-02 09:12:23 +03:00
			`- name: disable IPv6`
			`sysctl: name={{ item }} value=1 state=present`
			`with_items:`
			`- net.ipv6.conf.all.disable_ipv6`
			`- net.ipv6.conf.default.disable_ipv6`
			`- net.ipv6.conf.lo.disable_ipv6`

			`- name: blacklisting IPv6 module`
			`template:`
			`src: ipv6-disable.conf.j2`
			`dest: /etc/modprobe.d/options-local.conf`

Refactoring 2022-03-29 03:12:05 +03:00			`#- name: configure NICs`
			`# include_tasks: configure_nics.yml`
			`# with_dict: "{{node.net}}"`
			`# loop_control:`
			`# loop_var: nic`
			`# # when: node.net is defined`
			`#`
			`#- name: apply NICs config`
			`# shell: \|`
			`# alterator-cmdline /net-eth action write commit "#t"`
			`# service network restart`
			`# changed_when: false`
			`# async: 100`
			`# poll: 0`
			`#`
			`#- name: update .tmp/ssh_config after NICs reconfiguration`
			`# include_role: name="inventory"`
			`#`
			#- name: wait for the host`s NIC to come back
			`# wait_for_connection:`
			`# delay: 2`
			`# timeout: 300`
inial public version 2018-10-02 09:12:23 +03:00
prevent wrong behaviour when more than one dhcp on interfaces firts we check that the VM has already get some IP address and if so we just deploy as usual. If VM have no IP address on any interface we throw all interfaces except first (eth0) to the `empty vlan` that have no DHCP server enabled. VLAD ID defined in environment variable. After network configuration inside VM we restore propper VLAN IDs on all interfaces. This approach should help in situations when DHCP available on more than one interfaces and those interfaces configured as dhcp-clients, thus more than one default gw will be configured with some metrics and all traffic will be routed to the right one or will be not. 2019-06-27 12:13:45 +03:00			`- debug: msg="{{hostvars['localhost']['other_nics_to_vlan']}}"`

			`- name: enable vlans on other interfaces`
			`include_role:`
			`name: pve`
			`tasks_from: enable_vlans.yml`
			`when: hostvars['localhost']['other_nics_to_vlan']`

configure PBR after interfaces has come back 2019-06-05 10:10:05 +03:00			`- name: configure PBR`
			`include_tasks: configure_pbr.yml`
			`with_dict: "{{node.net}}"`
			`loop_control:`
			`loop_var: nic`

inial public version 2018-10-02 09:12:23 +03:00			`# TODO: need to make it idempotent!`
Refactoring 2022-03-29 03:12:05 +03:00			`#- name: set hostname`
			`# shell: '[[ $(hostname) == "{{inventory_hostname_short}}.{{stack.domain}}" ]] \|\| { alterator-cmdline -d /net-eth action write computer_name "{{inventory_hostname_short}}.{{stack.domain}}" commit "#t"; echo changed; }'`
			`# register: result`
			`# notify: restart network`
			`# changed_when: '"changed" in result.stdout'`
inial public version 2018-10-02 09:12:23 +03:00
			`- name: delete .bash_logout`
			`file:`
			`path: /root/.bash_logout`
			`state: absent`

			`- meta: flush_handlers`

			`- setup:`

			`- name: register users keys`
			`template:`
			`dest: /etc/openssh/authorized_keys/root`
			`src: authorized_keys`
			`owner: root`
			`group: root`
			`mode: 0644`

gather remote ssh host keys 2018-10-25 15:04:17 +03:00			`- name: read public ssh host key`
			`slurp:`
fetch ed25519 host keys 2018-11-01 21:59:05 +03:00			`src: /etc/openssh/ssh_host_ed25519_key.pub`
gather remote ssh host keys 2018-10-25 15:04:17 +03:00			`register: host_key`

			`- name: store public ssh host key in local file`
			`lineinfile:`
fetch ed25519 host keys 2018-11-01 21:59:05 +03:00			`regexp: "^{{ inventory_hostname_short}} "`
use fqdn in known_hosts 2018-11-01 22:59:05 +03:00			`line: "{{ inventory_hostname_short}},{{ inventory_hostname_short }}.{{ stack.domain \| lower }} {{ host_key.content \| b64decode \| trim }}"`
gather remote ssh host keys 2018-10-25 15:04:17 +03:00			`path: ".tmp/{{ stack_name }}.known_hosts"`
			`create: yes`
			`delegate_to: localhost`

inial public version 2018-10-02 09:12:23 +03:00			`- name: mount nfs shares`
			`mount:`
			`src: "{{item.from}}"`
			`path: "{{item.to}}"`
			`fstype: "{{item.fstype}}"`
			`state: mounted`
			`with_items: "{{node.mounts}}"`
			`when: node.mounts is defined`