forked from saratov/infra
192 lines
5.4 KiB
YAML
192 lines
5.4 KiB
YAML
---
|
|
- set_fact: ansible_pkg_mgr=apt_rpm
|
|
- set_fact: node="{{inventory_hostname_short}}"
|
|
- set_fact: node="{{stack.nodes[inventory_hostname_short]}}"
|
|
|
|
- name: wait nodes for connection
|
|
wait_for_connection:
|
|
delay: 3
|
|
timeout: 60
|
|
|
|
# Disable 'vagrant' user if exists. This operation is needed for boxes
|
|
# designed to be used by Vagrant. We don't need 'vagrant' user because
|
|
# there is a user named 'test' for our needs.
|
|
- name: Disable vagrant user
|
|
user:
|
|
name: vagrant
|
|
state: absent
|
|
remove: yes
|
|
|
|
- name: disable apt-cache in tmpfs
|
|
block:
|
|
- lineinfile:
|
|
path: /etc/rc.d/rc.local
|
|
regexp: '^/etc/rc\.d/scripts/apt-cache-on-tmp.*'
|
|
state: absent
|
|
backrefs: yes
|
|
- file:
|
|
path: /etc/apt/apt.conf.d/tmp.cache.conf
|
|
state: absent
|
|
|
|
- name: purge apt.sources
|
|
shell: find /etc/apt/sources.list.d/ -name '*.list' -delete
|
|
changed_when: false
|
|
|
|
- name: set apt sources
|
|
template:
|
|
src: "apt.list.j2"
|
|
dest: "/etc/apt/sources.list.d/{{item}}.list"
|
|
with_items: "{{env.apt.sources}}"
|
|
|
|
- name: set current branch in rpmmacros
|
|
lineinfile:
|
|
path: /etc/rpm/macros
|
|
regexp: "^[\t ]%_priority_distbranch[\t ]*"
|
|
line: "%_priority_distbranch {{ node.platform }}"
|
|
state: present
|
|
create: yes
|
|
backup: yes
|
|
|
|
- name: update packages list
|
|
shell: apt-get update
|
|
|
|
- name: update apt and rpm
|
|
shell: apt-get install -y apt rpm
|
|
|
|
- name: dist-upgrade
|
|
shell: apt-get -y dist-upgrade
|
|
|
|
- name: include additional apt repos from tasks
|
|
block:
|
|
- name: include additional apt repos from tasks
|
|
template:
|
|
src: "apt.list.tasks.j2"
|
|
dest: "/etc/apt/sources.list.d/tasks.list"
|
|
- name: update with tasks repos
|
|
shell: |
|
|
apt-get update
|
|
apt-get dist-upgrade -yq
|
|
when: stack.apt_sources_from_tasks is defined and stack.apt_sources_from_tasks | length > 0
|
|
|
|
- name: allow apt downgrade packages
|
|
template:
|
|
src: "downgrade.j2"
|
|
dest: "/etc/apt/preferences.d/downgrade"
|
|
when: node.arch == 'e2k'
|
|
|
|
- name: install common packages
|
|
apt_rpm:
|
|
pkg: ntpdate,curl
|
|
state: installed
|
|
update_cache: yes
|
|
|
|
- name: install Alterator`s modules
|
|
apt_rpm:
|
|
pkg: alterator,alterator-net-eth
|
|
# pkg: alterator,alterator-alternatives,alterator-audit,alterator-bind,alterator-datetime,alterator-dhcp,alterator-groups,alterator-mirror,alterator-mkimage,alterator-net-bond,alterator-net-bridge,alterator-net-domain,alterator-net-eth,alterator-net-functions,alterator-net-iptables,alterator-net-routing,alterator-net-vlan,alterator-packages,alterator-services,alterator-sshd,alterator-sysconfig,alterator-users,alterator-vsftpd,alterator-xinetd
|
|
state: installed
|
|
|
|
# FIX: don't know how to switch from dhcp to static via alterator
|
|
# just remove this line from options file for now
|
|
#- name: remove options for eth0
|
|
# lineinfile:
|
|
# dest: /etc/net/ifaces/eth0/options
|
|
# regexp: '^BOOTPROTO=dhcp.*'
|
|
# backrefs: yes
|
|
# state: absent
|
|
|
|
- name: disable IPv6
|
|
sysctl: name={{ item }} value=1 state=present
|
|
with_items:
|
|
- net.ipv6.conf.all.disable_ipv6
|
|
- net.ipv6.conf.default.disable_ipv6
|
|
- net.ipv6.conf.lo.disable_ipv6
|
|
|
|
- name: blacklisting IPv6 module
|
|
template:
|
|
src: ipv6-disable.conf.j2
|
|
dest: /etc/modprobe.d/options-local.conf
|
|
|
|
#- name: configure NICs
|
|
# include_tasks: configure_nics.yml
|
|
# with_dict: "{{node.net}}"
|
|
# loop_control:
|
|
# loop_var: nic
|
|
# # when: node.net is defined
|
|
#
|
|
#- name: apply NICs config
|
|
# shell: |
|
|
# alterator-cmdline /net-eth action write commit "#t"
|
|
# service network restart
|
|
# changed_when: false
|
|
# async: 100
|
|
# poll: 0
|
|
#
|
|
#- name: update .tmp/ssh_config after NICs reconfiguration
|
|
# include_role: name="inventory"
|
|
#
|
|
#- name: wait for the host`s NIC to come back
|
|
# wait_for_connection:
|
|
# delay: 2
|
|
# timeout: 300
|
|
|
|
- debug: msg="{{hostvars['localhost']['other_nics_to_vlan']}}"
|
|
|
|
- name: enable vlans on other interfaces
|
|
include_role:
|
|
name: pve
|
|
tasks_from: enable_vlans.yml
|
|
when: hostvars['localhost']['other_nics_to_vlan']
|
|
|
|
- name: configure PBR
|
|
include_tasks: configure_pbr.yml
|
|
with_dict: "{{node.net}}"
|
|
loop_control:
|
|
loop_var: nic
|
|
|
|
# TODO: need to make it idempotent!
|
|
#- name: set hostname
|
|
# shell: '[[ $(hostname) == "{{inventory_hostname_short}}.{{stack.domain}}" ]] || { alterator-cmdline -d /net-eth action write computer_name "{{inventory_hostname_short}}.{{stack.domain}}" commit "#t"; echo changed; }'
|
|
# register: result
|
|
# notify: restart network
|
|
# changed_when: '"changed" in result.stdout'
|
|
|
|
- name: delete .bash_logout
|
|
file:
|
|
path: /root/.bash_logout
|
|
state: absent
|
|
|
|
- meta: flush_handlers
|
|
|
|
- setup:
|
|
|
|
- name: register users keys
|
|
template:
|
|
dest: /etc/openssh/authorized_keys/root
|
|
src: authorized_keys
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: read public ssh host key
|
|
slurp:
|
|
src: /etc/openssh/ssh_host_ed25519_key.pub
|
|
register: host_key
|
|
|
|
- name: store public ssh host key in local file
|
|
lineinfile:
|
|
regexp: "^{{ inventory_hostname_short}} "
|
|
line: "{{ inventory_hostname_short}},{{ inventory_hostname_short }}.{{ stack.domain | lower }} {{ host_key.content | b64decode | trim }}"
|
|
path: ".tmp/{{ stack_name }}.known_hosts"
|
|
create: yes
|
|
delegate_to: localhost
|
|
|
|
- name: mount nfs shares
|
|
mount:
|
|
src: "{{item.from}}"
|
|
path: "{{item.to}}"
|
|
fstype: "{{item.fstype}}"
|
|
state: mounted
|
|
with_items: "{{node.mounts}}"
|
|
when: node.mounts is defined
|