Add the bootstrap roles and some tasks collections.
This commit is contained in:
parent
4cb34462d9
commit
22051c8a21
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: '../../library/centos/roles/centos-bootstrap'
|
||||||
|
- role: '../../library/roles/dell-server-utilities'
|
||||||
|
- role: '../../library/roles/sshd_config'
|
||||||
|
- { role: '../../library/roles/postfix-relay', when: postfix_relay_client is defined and postfix_relay_client }
|
||||||
|
- role: '../../library/centos/roles/firewalld'
|
||||||
|
- role: '../../library/centos/roles/fail2ban'
|
||||||
|
- { role: '../../library/roles/cloud-init', when: ansible_product_name == "oVirt Node" }
|
||||||
|
- { role: '../../library/centos/roles/letsencrypt-acmetool-client', when: letsencrypt_acme_install }
|
||||||
|
- { role: '../../library/centos/roles/prometheus-node-exporter', when: prometheus_enabled }
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: '../../library/roles/ubuntu-deb-general'
|
||||||
|
- { role: '../../library/roles/cloud-init', when: ansible_product_name == "oVirt Node" }
|
||||||
|
- { role: '../../library/roles/data_disk', when: additional_disks is defined and additional_disks }
|
||||||
|
- role: '../../library/roles/sshd_config'
|
||||||
|
- { role: '../library/roles/letsencrypt-acmetool-client', when: letsencrypt_acme_install is defined and letsencrypt_acme_install }
|
||||||
|
- { role: '../library/roles/letsencrypt-acme-sh-client', when: letsencrypt_acme_sh_install is defined and letsencrypt_acme_sh_install }
|
||||||
|
- role: '../../library/roles/iptables'
|
||||||
|
#- { role: '../../library/roles/ganglia', when: ganglia_enabled is defined }
|
||||||
|
- { role: '../../library/roles/nagios', when: nagios_enabled is defined }
|
||||||
|
- { role: '../../library/roles/prometheus-node-exporter', when: prometheus_enabled }
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
remote_user: root
|
||||||
|
gather_facts: False
|
||||||
|
serial: "30%"
|
||||||
|
max_fail_percentage: 20
|
||||||
|
tasks:
|
||||||
|
- name: Run dist-upgrade after updating the apt cache
|
||||||
|
apt: upgrade=dist update_cache=yes
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
remote_user: root
|
||||||
|
gather_facts: False
|
||||||
|
vars_files:
|
||||||
|
- ../vars/isti-global.yml
|
||||||
|
tasks:
|
||||||
|
- name: Update the apt cache
|
||||||
|
apt: update_cache=yes
|
||||||
|
- name: Run full upgrade
|
||||||
|
apt: upgrade=full
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
remote_user: root
|
||||||
|
gather_facts: False
|
||||||
|
vars_files:
|
||||||
|
- ../vars/isti-global.yml
|
||||||
|
tasks:
|
||||||
|
- name: Start the iptables firewall
|
||||||
|
service: name=iptables-persistent state=restarted enabled=yes
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
remote_user: "{{ d4science_ansible_user | default('root') }}"
|
||||||
|
become: '{{ d4science_ansible_become | default(False) }}'
|
||||||
|
become_user: "{{ d4science_ansible_become_user | default('root') }}"
|
||||||
|
serial: '{{ hosts_serial | default(10) }}'
|
||||||
|
gather_facts: False
|
||||||
|
roles:
|
||||||
|
- { role: ../library/roles/letsencrypt-acmetool-client, when: letsencrypt_acme_install is defined and letsencrypt_acme_install }
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
- name: Reboot host
|
||||||
|
command: shutdown -r now "Ansible updates triggered"
|
||||||
|
async: 0
|
||||||
|
poll: 0
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: waiting for server to come back
|
||||||
|
local_action: wait_for host={{ inventory_hostname }}
|
||||||
|
state=started
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- hosts: "{{ hosts_list }}"
|
||||||
|
remote_user: root
|
||||||
|
vars_files:
|
||||||
|
- ../vars/isti-global.yml
|
||||||
|
tasks:
|
||||||
|
- name: Send a shell command
|
||||||
|
shell: {{ shell_command }}
|
||||||
|
#shell: conntrack -D -p tcp --sport 443 -s 146.48.122.82
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
# This playbook creates the usernames needed by the relay clients to connect to the relay server.
|
||||||
|
#
|
||||||
|
- hosts: smtp_clients
|
||||||
|
remote_user: root
|
||||||
|
vars_files:
|
||||||
|
- ../library/vars/isti-global.yml
|
||||||
|
- ../library/isti_vars/relay_host.yml
|
||||||
|
tasks:
|
||||||
|
- name: Create the user that will be used for the smtp authentication
|
||||||
|
user: name={{ postfix_smtp_relay_user }} comment="{{ ansible_fqdn }} smtp user" createhome=no home=/dev/null shell=/bin/true
|
||||||
|
delegate_to: "{{ postfix_relay_host }}"
|
||||||
|
register: smtp_add_user
|
||||||
|
tags: smtp
|
||||||
|
|
||||||
|
- name: Set the user password on the relay server
|
||||||
|
shell: echo "{{ postfix_smtp_relay_user }}:{{ postfix_smtp_relay_pwd }}" | chpasswd
|
||||||
|
delegate_to: "{{ postfix_relay_host }}"
|
||||||
|
when: smtp_add_user is changed
|
||||||
|
tags: smtp
|
||||||
|
|
Loading…
Reference in New Issue