Add the bootstrap roles and some tasks collections.

2019-05-15 01:23:45 +02:00 · 2019-05-15 01:23:45 +02:00 · 22051c8a21
parent 4cb34462d9
commit 22051c8a21
9 changed files with 106 additions and 0 deletions
--- a/library/bootstrap-roles/centos-common/meta/main.yml
+++ b/library/bootstrap-roles/centos-common/meta/main.yml
@ -0,0 +1,11 @@
+---
+dependencies:
+  - role: '../../library/centos/roles/centos-bootstrap'
+  - role: '../../library/roles/dell-server-utilities'
+  - role: '../../library/roles/sshd_config'
+  - { role: '../../library/roles/postfix-relay', when: postfix_relay_client is defined and postfix_relay_client }
+  - role: '../../library/centos/roles/firewalld'
+  - role: '../../library/centos/roles/fail2ban'
+  - { role: '../../library/roles/cloud-init', when:  ansible_product_name == "oVirt Node" }
+  - { role: '../../library/centos/roles/letsencrypt-acmetool-client', when: letsencrypt_acme_install }
+  - { role: '../../library/centos/roles/prometheus-node-exporter', when: prometheus_enabled }
--- a/library/bootstrap-roles/deb-ubuntu-common/meta/main.yml
+++ b/library/bootstrap-roles/deb-ubuntu-common/meta/main.yml
@ -0,0 +1,13 @@
+---
+dependencies:
+  - role: '../../library/roles/ubuntu-deb-general'
+  - { role: '../../library/roles/cloud-init', when:  ansible_product_name == "oVirt Node" }
+  - { role: '../../library/roles/data_disk', when: additional_disks is defined and additional_disks }
+  - role: '../../library/roles/sshd_config'
+  - { role: '../library/roles/letsencrypt-acmetool-client', when: letsencrypt_acme_install is defined and letsencrypt_acme_install }
+  - { role: '../library/roles/letsencrypt-acme-sh-client', when: letsencrypt_acme_sh_install is defined and letsencrypt_acme_sh_install }
+  - role: '../../library/roles/iptables'
+  #- { role: '../../library/roles/ganglia', when: ganglia_enabled is defined }
+  - { role: '../../library/roles/nagios', when: nagios_enabled is defined }
+  - { role: '../../library/roles/prometheus-node-exporter', when: prometheus_enabled }
+
--- a/library/generic-tasks/debian-ubuntu-dist-upgrade.yml
+++ b/library/generic-tasks/debian-ubuntu-dist-upgrade.yml
@ -0,0 +1,10 @@
+---
+- hosts: all
+  remote_user: root
+  gather_facts: False
+  serial: "30%"
+  max_fail_percentage: 20
+  tasks:
+    - name: Run dist-upgrade after updating the apt cache
+      apt: upgrade=dist update_cache=yes
+
--- a/library/generic-tasks/debian-ubuntu-full-upgrade.yml
+++ b/library/generic-tasks/debian-ubuntu-full-upgrade.yml
@ -0,0 +1,12 @@
+---
+- hosts: all
+  remote_user: root
+  gather_facts: False
+  vars_files:
+    - ../vars/isti-global.yml
+  tasks:
+   - name: Update the apt cache
+     apt: update_cache=yes
+   - name: Run full upgrade
+     apt: upgrade=full
+
--- a/library/generic-tasks/debian-ubuntu-start-iptables.yml
+++ b/library/generic-tasks/debian-ubuntu-start-iptables.yml
@ -0,0 +1,10 @@
+---
+- hosts: all
+  remote_user: root
+  gather_facts: False
+  vars_files:
+    - ../vars/isti-global.yml
+  tasks:
+   - name: Start the iptables firewall
+     service: name=iptables-persistent state=restarted enabled=yes
+
--- a/library/generic-tasks/fix-letsencrypt-conf.yml
+++ b/library/generic-tasks/fix-letsencrypt-conf.yml
@ -0,0 +1,10 @@
+---
+- hosts: all
+  remote_user: "{{ d4science_ansible_user | default('root') }}"
+  become: '{{ d4science_ansible_become | default(False) }}'
+  become_user: "{{ d4science_ansible_become_user | default('root') }}"
+  serial: '{{ hosts_serial | default(10) }}'
+  gather_facts: False
+  roles:
+    - { role: ../library/roles/letsencrypt-acmetool-client, when: letsencrypt_acme_install is defined and letsencrypt_acme_install }
+
--- a/library/generic-tasks/reboot-hosts.yml
+++ b/library/generic-tasks/reboot-hosts.yml
@ -0,0 +1,9 @@
+- name: Reboot host
+  command: shutdown -r now "Ansible updates triggered"
+  async: 0
+  poll: 0
+  ignore_errors: true
+
+- name: waiting for server to come back
+  local_action: wait_for host={{ inventory_hostname }}
+                state=started
--- a/library/generic-tasks/send-command.yml
+++ b/library/generic-tasks/send-command.yml
@ -0,0 +1,10 @@
+---
+- hosts: "{{ hosts_list }}"
+  remote_user: root
+  vars_files:
+    - ../vars/isti-global.yml
+  tasks:
+    - name: Send a shell command
+      shell: {{ shell_command }}
+      #shell: conntrack -D -p tcp --sport 443 -s 146.48.122.82
+
--- a/library/generic-tasks/smtp-clients.yml
+++ b/library/generic-tasks/smtp-clients.yml
@ -0,0 +1,21 @@
+---
+# This playbook creates the usernames needed by the relay clients to connect to the relay server.
+#
+- hosts: smtp_clients
+  remote_user: root
+  vars_files:
+    - ../library/vars/isti-global.yml
+    - ../library/isti_vars/relay_host.yml
+  tasks:
+    - name: Create the user that will be used for the smtp authentication
+      user: name={{ postfix_smtp_relay_user }} comment="{{ ansible_fqdn }} smtp user" createhome=no home=/dev/null shell=/bin/true
+      delegate_to: "{{ postfix_relay_host }}"
+      register: smtp_add_user
+      tags: smtp
+
+    - name: Set the user password on the relay server
+      shell: echo "{{ postfix_smtp_relay_user }}:{{ postfix_smtp_relay_pwd }}" | chpasswd
+      delegate_to: "{{ postfix_relay_host }}"
+      when: smtp_add_user is changed
+      tags: smtp
+