From 22051c8a217d1901cbbefc00ee13b27eb22d4e0d Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 15 May 2019 01:23:45 +0200 Subject: [PATCH] Add the bootstrap roles and some tasks collections. --- .../centos-common/meta/main.yml | 11 ++++++++++ .../deb-ubuntu-common/meta/main.yml | 13 ++++++++++++ .../debian-ubuntu-dist-upgrade.yml | 10 +++++++++ .../debian-ubuntu-full-upgrade.yml | 12 +++++++++++ .../debian-ubuntu-start-iptables.yml | 10 +++++++++ .../generic-tasks/fix-letsencrypt-conf.yml | 10 +++++++++ library/generic-tasks/reboot-hosts.yml | 9 ++++++++ library/generic-tasks/send-command.yml | 10 +++++++++ library/generic-tasks/smtp-clients.yml | 21 +++++++++++++++++++ 9 files changed, 106 insertions(+) create mode 100644 library/bootstrap-roles/centos-common/meta/main.yml create mode 100644 library/bootstrap-roles/deb-ubuntu-common/meta/main.yml create mode 100644 library/generic-tasks/debian-ubuntu-dist-upgrade.yml create mode 100644 library/generic-tasks/debian-ubuntu-full-upgrade.yml create mode 100644 library/generic-tasks/debian-ubuntu-start-iptables.yml create mode 100644 library/generic-tasks/fix-letsencrypt-conf.yml create mode 100644 library/generic-tasks/reboot-hosts.yml create mode 100644 library/generic-tasks/send-command.yml create mode 100644 library/generic-tasks/smtp-clients.yml diff --git a/library/bootstrap-roles/centos-common/meta/main.yml b/library/bootstrap-roles/centos-common/meta/main.yml new file mode 100644 index 0000000..765d399 --- /dev/null +++ b/library/bootstrap-roles/centos-common/meta/main.yml @@ -0,0 +1,11 @@ +--- +dependencies: + - role: '../../library/centos/roles/centos-bootstrap' + - role: '../../library/roles/dell-server-utilities' + - role: '../../library/roles/sshd_config' + - { role: '../../library/roles/postfix-relay', when: postfix_relay_client is defined and postfix_relay_client } + - role: '../../library/centos/roles/firewalld' + - role: '../../library/centos/roles/fail2ban' + - { role: '../../library/roles/cloud-init', when: ansible_product_name == "oVirt Node" } + - { role: '../../library/centos/roles/letsencrypt-acmetool-client', when: letsencrypt_acme_install } + - { role: '../../library/centos/roles/prometheus-node-exporter', when: prometheus_enabled } diff --git a/library/bootstrap-roles/deb-ubuntu-common/meta/main.yml b/library/bootstrap-roles/deb-ubuntu-common/meta/main.yml new file mode 100644 index 0000000..d9e546d --- /dev/null +++ b/library/bootstrap-roles/deb-ubuntu-common/meta/main.yml @@ -0,0 +1,13 @@ +--- +dependencies: + - role: '../../library/roles/ubuntu-deb-general' + - { role: '../../library/roles/cloud-init', when: ansible_product_name == "oVirt Node" } + - { role: '../../library/roles/data_disk', when: additional_disks is defined and additional_disks } + - role: '../../library/roles/sshd_config' + - { role: '../library/roles/letsencrypt-acmetool-client', when: letsencrypt_acme_install is defined and letsencrypt_acme_install } + - { role: '../library/roles/letsencrypt-acme-sh-client', when: letsencrypt_acme_sh_install is defined and letsencrypt_acme_sh_install } + - role: '../../library/roles/iptables' + #- { role: '../../library/roles/ganglia', when: ganglia_enabled is defined } + - { role: '../../library/roles/nagios', when: nagios_enabled is defined } + - { role: '../../library/roles/prometheus-node-exporter', when: prometheus_enabled } + diff --git a/library/generic-tasks/debian-ubuntu-dist-upgrade.yml b/library/generic-tasks/debian-ubuntu-dist-upgrade.yml new file mode 100644 index 0000000..02adda6 --- /dev/null +++ b/library/generic-tasks/debian-ubuntu-dist-upgrade.yml @@ -0,0 +1,10 @@ +--- +- hosts: all + remote_user: root + gather_facts: False + serial: "30%" + max_fail_percentage: 20 + tasks: + - name: Run dist-upgrade after updating the apt cache + apt: upgrade=dist update_cache=yes + diff --git a/library/generic-tasks/debian-ubuntu-full-upgrade.yml b/library/generic-tasks/debian-ubuntu-full-upgrade.yml new file mode 100644 index 0000000..e6f5b76 --- /dev/null +++ b/library/generic-tasks/debian-ubuntu-full-upgrade.yml @@ -0,0 +1,12 @@ +--- +- hosts: all + remote_user: root + gather_facts: False + vars_files: + - ../vars/isti-global.yml + tasks: + - name: Update the apt cache + apt: update_cache=yes + - name: Run full upgrade + apt: upgrade=full + diff --git a/library/generic-tasks/debian-ubuntu-start-iptables.yml b/library/generic-tasks/debian-ubuntu-start-iptables.yml new file mode 100644 index 0000000..801d827 --- /dev/null +++ b/library/generic-tasks/debian-ubuntu-start-iptables.yml @@ -0,0 +1,10 @@ +--- +- hosts: all + remote_user: root + gather_facts: False + vars_files: + - ../vars/isti-global.yml + tasks: + - name: Start the iptables firewall + service: name=iptables-persistent state=restarted enabled=yes + diff --git a/library/generic-tasks/fix-letsencrypt-conf.yml b/library/generic-tasks/fix-letsencrypt-conf.yml new file mode 100644 index 0000000..329ea7b --- /dev/null +++ b/library/generic-tasks/fix-letsencrypt-conf.yml @@ -0,0 +1,10 @@ +--- +- hosts: all + remote_user: "{{ d4science_ansible_user | default('root') }}" + become: '{{ d4science_ansible_become | default(False) }}' + become_user: "{{ d4science_ansible_become_user | default('root') }}" + serial: '{{ hosts_serial | default(10) }}' + gather_facts: False + roles: + - { role: ../library/roles/letsencrypt-acmetool-client, when: letsencrypt_acme_install is defined and letsencrypt_acme_install } + diff --git a/library/generic-tasks/reboot-hosts.yml b/library/generic-tasks/reboot-hosts.yml new file mode 100644 index 0000000..af96600 --- /dev/null +++ b/library/generic-tasks/reboot-hosts.yml @@ -0,0 +1,9 @@ +- name: Reboot host + command: shutdown -r now "Ansible updates triggered" + async: 0 + poll: 0 + ignore_errors: true + +- name: waiting for server to come back + local_action: wait_for host={{ inventory_hostname }} + state=started diff --git a/library/generic-tasks/send-command.yml b/library/generic-tasks/send-command.yml new file mode 100644 index 0000000..3f3f6be --- /dev/null +++ b/library/generic-tasks/send-command.yml @@ -0,0 +1,10 @@ +--- +- hosts: "{{ hosts_list }}" + remote_user: root + vars_files: + - ../vars/isti-global.yml + tasks: + - name: Send a shell command + shell: {{ shell_command }} + #shell: conntrack -D -p tcp --sport 443 -s 146.48.122.82 + diff --git a/library/generic-tasks/smtp-clients.yml b/library/generic-tasks/smtp-clients.yml new file mode 100644 index 0000000..c83016c --- /dev/null +++ b/library/generic-tasks/smtp-clients.yml @@ -0,0 +1,21 @@ +--- +# This playbook creates the usernames needed by the relay clients to connect to the relay server. +# +- hosts: smtp_clients + remote_user: root + vars_files: + - ../library/vars/isti-global.yml + - ../library/isti_vars/relay_host.yml + tasks: + - name: Create the user that will be used for the smtp authentication + user: name={{ postfix_smtp_relay_user }} comment="{{ ansible_fqdn }} smtp user" createhome=no home=/dev/null shell=/bin/true + delegate_to: "{{ postfix_relay_host }}" + register: smtp_add_user + tags: smtp + + - name: Set the user password on the relay server + shell: echo "{{ postfix_smtp_relay_user }}:{{ postfix_smtp_relay_pwd }}" | chpasswd + delegate_to: "{{ postfix_relay_host }}" + when: smtp_add_user is changed + tags: smtp +