skylab/omni-ansible
Archived
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ongoing baseline establishment work

Browse Source 
Create provision playbook with modular platform-interop framework
Implement first version of update-system playbook
Implement var organization
Implement basic structure of inventory file
This commit is contained in:
Ethan N. Paul
2018-11-27 01:30:55 -05:00
parent ba4ce45f96
commit 2901a1685d
13 changed files with 242 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
omni.yml
View File

@@ -5,6 +5,8 @@ servers:
enable_ssh: True enable_ssh: True
enable_ssh_password_auth: False enable_ssh_password_auth: False
enable_sudo_password: True enable_sudo_password: True
enable_networkd: True
generate_keys: False
hosts: hosts:
romulus.net.enp.one: romulus.net.enp.one:
vars: vars:
@@ -31,6 +33,8 @@ vms:
enable_ssh: True enable_ssh: True
enable_ssh_password_auth: False enable_ssh_password_auth: False
enable_sudo_password: False enable_sudo_password: False
enable_networkd: True
generate_keys: False
hosts: hosts:
vm-host-nginx: vm-host-nginx:
vars: vars:
@@ -64,6 +68,8 @@ workstations:
enable_ssh: False enable_ssh: False
enable_ssh_password_auth: False enable_ssh_password_auth: False
enable_sudo_password: True enable_sudo_password: True
enable_networkd: False
generate_keys: False
hosts: hosts:
omega: omega:
vars: vars:

114
playbooks/common.yml
View File

@@ -1,114 +0,0 @@
---
- name: Set hostname
become: true
hostname:
name: "{{ default_host if default_host is defined else inventory_hostname }}"
- name: Install CentOS-specific repositories
become: true
when: ansible_distribution == "CentOS"
block:
- name: Enable Extra Packages for Enterprise Linux
yum_repository:
name: epel
description: Extra Packages for Enterprise Linux
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
- name: Install Extra Packages for Enterprise Linux GPG key
rpm_key:
state: present
key: https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
- name: Enable Inline with Upstream Stable
yum:
state: latest
name: https://centos7.iuscommunity.org/ius-release.rpm
- name: Install selinux and firewalld python bindings
become: true
block:
- name: Install python bindings using DNF
when: ansible_distribution == "Fedora"
dnf:
name: "{{ item }}"
state: latest
with_items:
- libselinux-python
- policycoreutils-python
- python-firewall
- name: Install python bindings using YUM
when: ansible_distribution == "CentOS"
yum:
state: latest
name:
- libselinux-python
- policycoreutils-python
- python-firewall
- name: Install networkd on CentOS
when: ansible_distribution == "CentOS"
become: true
yum:
state: latest
name: "{{ item }}"
with_items:
- systemd-resolved
- systemd-networkd
# The directory is deleted ahead of creation to ensure that no old configs
# remain after runnign ansible
- name: Delete networkd config directory
file:
path: /etc/systemd/network
state: absent
- name: Create the networkd config directory
file:
path: /etc/systemd/network
state: directory
- name: Make .network files
template:
src: dot.network.j2
dest: "/etc/systemd/network/{{ item.key }}.network"
with_dict: "{{ networking }}"
- name: Register static entries
delegate_to: {{ router.address }}
edgeos_config:
save: true
lines:
- set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }}
- set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }}
- name: Disable network scripts and NetworkManager
service:
name: "{{ item }}"
enabled: false
with_items:
- network
- NetworkManager
- NetworkManager-wait-online
- name: Enable systemd-networkd and systemd-resolved
service:
name: "{{ item }}"
enabled: true
state: started
with_items:
- systemd-networkd
- systemd-networkd-wait-online
- systemd-resolved
- name: Symlink so systemd-resolved uses /etc/resolv.conf
file:
dest: /etc/resolv.conf
src: /run/systemd/resolve/resolv.conf
state: link
force: true
setype: net_conf_t
- name: Symlink so /etc/resolv.conf uses systemd
file:
dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
src: /usr/lib/systemd/system/systemd-resolved.service
state: link
force: true

73
playbooks/files/bashrc.sh Normal file
View File

@@ -0,0 +1,73 @@
function up() { cd $(eval printf '../'%.0s {1..$1}); }
alias fuck='sudo $(history -p \!\!)'
alias doc='cd ~/Documents'
alias explorer='nautilus'
alias version='uname -orp && lsb_release -a | grep Description'
alias activate='source ./bin/activate'
alias ipconfig='ip address show'
alias cls='clear'
alias mklink='ln -s'
alias ls='ls -lshF --color --group-directories-first --time-style=long-iso'
function venv() {
DIR="/home/$USER/.virtualenvs"
[[ -d $DIR ]] || mkdir $DIR
if [ ! -v $1 ] || [ $1 -eq '--help' ] || [ $1 -eq '-h' ]; then
echo "Custom python Virtualenv manager
\"Because pipenv is too hard and everything else sucks\"
Commands:
list List available virtualenvs
show Alias of list
delete <venv> Delete a virtualenv
del Alias of delete
rm Alias of delete
load <venv> Activate a virtualenv for usage
new <venv> <python> Create a new virtualenv. If <python> is not specified,
then the system default python is used
"
elif [ ! -v $1 ] || [ $1 -eq "list" ] || [ $1 -eq "show" ]; then
echo "hello"
ls $DIR
elif [ $1 -eq "del" ] || [ $1 -eq "rm" ]; then
if [ ! -v $2 ]; then
echo "Error: virtualenv name parameter not provided"
else
if [ ! -d "$DIR/$2" ]; then
echo "Error: virtualenv $2 does not exist"
else
rm -rf $DIR/$2
fi
fi
elif [ $1 -eq "new" ]; then
if [ ! -v $2 ]; then
echo "Error: virtualenv name parameter not provided"
else
if [ -d "$DIR/$2" ]; then
echo "Error: virtualenv $2 already exits"
elif [ -v $3 ]; then
virtualenv $2 --python=$3
else
virtualenv $2
fi
fi
elif [ $1 -eq "load" ]; then
if [ ! -v $2 ]; then
echo "Error: virtualenv name parameter not provided"
elif [ ! -d "$DIR/$2" ]; then
echo "Error: virtualenv $2 does not exist"
else
source $DIR/$2/bin/activate
fi
else
echo "No parameter provided"
fi
}

74
playbooks/provision.yml Normal file
View File

@@ -0,0 +1,74 @@
---
- hosts: all
name: Init
tasks:
- name: Check system compatibility
when: ansible_distribution != "CentOS" and ansible_distribution != "Red Hat Enterprise Linux" and ansible_distribution != "Fedora"
meta: end_play
debug:
msg: "Standard configuration deployment is only supported on Fedora 27/28, Centos 7.5, and RHEL"
- name: Set hostname
become: true
hostname:
name: "{{ default_host if default_host is defined else inventory_hostname }}"
- name: Install MOTD
become: true
template:
src: motd.j2
dest: /etc/motd
mode: 0644
- name: Install global bashrc
become: true
template:
src: bashrc.j2
dest: /etc/profile.d/30-omni-bashrc.sh
mode: 0644
- hosts: all
name: System packages
tasks:
- import_tasks: common/centos/repositories.yml
when: ansible_distribution == "CentOS"
- import_tasks: common/centos/packages.yml
when: ansible_distribution == "CentOS"
- import_tasks: common/fedora/packages.yml
when: ansible_distribution == "Fedora"
# - import_tasks: common/debian/packages.yml
# when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
- import_playbook: update-system.yml
- hosts: all
name: Replace NetworkManager with systemd-networkd
tasks:
- name: Install systemd-networkd
when: enable_networkd == true
block:
- import_tasks: common/centos/networkd.yml
when: ansible_distribution == "CentOS"
- import_tasks: common/fedora/networkd.yml
when: ansible_distribution == "Fedora"
# - import_tasks: common/debian/networkd.yml
# when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
- name: Configure systemd-networkd
when: enable_networkd == true
- import_tasks: common/networkd.yml
- hosts: all
name: Register static DHCP entries
tasks:
- name: Install static DHCP leases
delegate_to: {{ router.address }}
when: networking is defined
edgeos_config:
save: true
lines:
- set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }}
- set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }}
with_dict: "{{ networking }}"

11
playbooks/templates/motd.j2 Normal file
View File

@@ -0,0 +1,11 @@
______ _ _ __ _ _______
| ___ \ | \ / | | \ | | |__ __|
| | | | | \ / | | \ \ | | | |
| | | | | \/ | | |\ \ | | | |
| | | | | |\ /| | | | \ \| | | |
| |___| | | | \/ | | | | \ \ | __| |__
\______| |_| |_| |_| \__| |______/
{{ description | default('ENPN Distributed System') }}
{{ ansible_distribution }} {{ ansible_distribution_version }} - Ansible'd {{ ansible_date_time.date }}

24
playbooks/update-system.yml
View File

@@ -0,0 +1,24 @@
---
- hosts: all
name: Upgrade packages
tasks:
- name: Upgrade YUM packages
when: ansible_distribution == "CentOS"
become: true
yum:
state: latest
name: *
exclude: kernel*{{ ',' + exclude_upgrade | default('') }}
- name: Upgrade DNF packages
when: ansible_distribution == "Fedora"
become: true
dnf:
state: latest
name: *
exclude: kernel*{{ ',' + exclude_upgrade | default('') }}
# - name: Upgrade APT packages
# when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
# become: true
# apt:

1
playbooks/vars Symbolic link
View File

@@ -0,0 +1 @@
../vars

14
roles/hypervisor/tasks/main.yml
View File

@@ -4,6 +4,13 @@
debug: debug:
msg: "Hypervisor deployment is only supported on CentOS and RHEL" msg: "Hypervisor deployment is only supported on CentOS and RHEL"
- name: Temporarily disable IUS and EPEL repositories
become: true
command: mv /etc/yum.repos.d/{{ item }}.repo /etc/yum.repos.d/{{ item }}.repo.bak
with_items:
- ius
- epel
- name: Install OVirt repository - name: Install OVirt repository
become: true become: true
yum: yum:
@@ -15,3 +22,10 @@
yum: yum:
name: ovirt-engine name: ovirt-engine
state: latest state: latest
- name: Re-enable IUS and EPEL repositories
become: true
command: mv /etc/yum.repos.d/{{ item }}.repo.bak /etc/yum.repos.d/{{ item }}.repo
with_items:
- ius
- epel

0
tasks/centos.yml Normal file
View File

2
vars/global.yml Normal file
View File

@@ -0,0 +1,2 @@
---
ansible_user: ansible

8
vars/network.yml Normal file
View File

@@ -0,0 +1,8 @@
---
domain: net.enp.one
router:
address: router.tre2.local
static:
server: DOMAIN
subnet: 10.42.101.0/24

29
vars/packages.yml Normal file
View File

@@ -0,0 +1,29 @@
---
packages_global:
- cmake
- curl
- gcc
- gcc-c++
- git
- libselinux-python
- make
- nano
- openssl-devel
- policycoreutils-python
- python-devel
- python-firewall
- python-virtualenv
- unzip
- vim
- vim-minimal
packages_dnf:
- python3-devel
packages_yum:
- bash-completion
- bash-completion-extras
- nc
- nfs-utils
- python36u
- wget

10
group_vars/all.yml → vars/users.yml
View File

@@ -1,14 +1,4 @@
--- ---
ansible_user: ansible
domain: net.enp.one
router:
address: router.tre2.local
static:
server: DOMAIN
subnet: 10.42.101.0/24
users: users:
# - name: username (required) # - name: username (required)
# fullname: user's full name (optional) # fullname: user's full name (optional)