Verified Commit a23adf9f authored by Tomáš Sapák's avatar Tomáš Sapák
Browse files

Initial commit

parents
.vault_pass
[defaults]
inventory=ansible_hosts
retry_files_enabled = False
[stable]
stable.ics.muni.cz
REMOTE_USER: "root"
BECOME: "false"
SSH_KEY: [ 'sapak139890.pub' ]
---
- name: restart sshd
systemd:
name: "{{ SSHD_UNIT }}"
state: restarted
enabled: yes
---
- name: Install packages Debian
apt: name=mc,needrestart,aptitude state=present update_cache=yes cache_valid_time=3600
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Setup needrestart for Debian
shell: "needrestart -r a -b"
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
register: result
changed_when: "result.rc > 0"
- name: Add EPEL to CentOS
yum_repository:
name: epel
description: EPEL YUM repo
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
gpgcheck: no
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Install packages CentOS
yum: name=mc,yum-utils state=latest update_cache=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Empty motd file
copy: content="\n" dest=/etc/motd owner=root group=root mode=0644
- name: Set sshd unit for Debian
set_fact:
SSHD_UNIT: "ssh"
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Set sshd unit for Centos
set_fact:
SSHD_UNIT: "sshd"
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Force cert auth for root over ssh
lineinfile: dest=/etc/ssh/sshd_config regexp='^PermitRootLogin' line='PermitRootLogin without-password'
notify:
- restart sshd
- name: More packages for Debian
apt: name={{ item }} state=present update_cache=yes cache_valid_time=3600
with_items: '{{ PACKAGES }}'
when: PACKAGES is defined and ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' )
- name: More packages for Red Hat
yum: name={{ item }} state=latest update_cache=yes
with_items: '{{ PACKAGES }}'
when: PACKAGES is defined and ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' )
- name: Install prerequisites
apt: name={{item}} update_cache=yes
with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- name: Add Docker GPG key
apt_key: url=https://download.docker.com/linux/ubuntu/gpg
- name: Add Docker APT repository
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ansible_distribution_release}} stable
- name: Install Docker
apt: name=docker-ce
---
- name: Install pip and virtualenv
apt: name=python-pip,virtualenv state=present update_cache=yes cache_valid_time=3600
- name: Install docker-py
pip:
name: docker-py
- name: Create a rancher container
docker_container:
name: rancher
image: rancher/server:preview
restart_policy: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /data/rancher:/var/lib/rancher
---
- name: reboot machine
shell: sleep 2 && shutdown -r now
async: 1
poll: 0
- name: waiting for server to come back
local_action: wait_for host={{ inventory_hostname }} state=started port=22 delay=30 timeout=300 connect_timeout=15
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqZDO96SGyqv3dL8AwRol9msigdVDJSxXHO2gwPcDD3zD5n41ClB5yQW34J9ekWph8O+DIhCUaljwYvWnQrUHtBFobT7DJDWjShcCeoHdugoyTP3RozDlh7WgZU9vrPrM1Jg90KIT69xh04+gEJeFwWSF7gryQQZVllw4HctKh9fh53i+3RvgF1Pw4cNwqD2mzIKpl+ayqVxGmIs8RuX5VUeUKQVXHJGEI2PYxvhaH+o9L6RDH8UTJkGZZZnTkuz21mF+B0BaJ0C+I2rg3l5yrk3Qt5ttiHFPjTN+9ajWIQQVoM4/7cJKLfAa/hpztpvReqDpjAs10umMUzpfTdBt9 tom@athe-note
---
- name: Set authorized key took from file
authorized_key:
user: root
state: present
key: "{{ lookup('file', item) }}"
with_items: '{{ SSH_KEY }}'
when: SSH_KEY is defined
---
- name: Upgrade
include_role:
name: upgrade
- name: Restart CentOS services when required
shell: 'needs-restarting -s | while read line ; do systemctl restart $line && echo $line; done'
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
register: result
changed_when: result.stdout != ""
- name: Reboot CentOS when required
shell: "if ! needs-restarting -r; then (exit 0); else (exit 1); fi"
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
register: reboot
changed_when: "reboot.rc == 0"
failed_when: "reboot.rc > 1"
- name: Reboot
include_role:
name: reboot
when: ( reboot.rc is defined ) and ( reboot.rc == 0 )
- name: Restart Debian services when required
shell: 'needrestart -b | grep NEEDRESTART-SVC | cut -d" " -f 2 | while read line ; do systemctl restart $line && echo $line; done'
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
register: result
changed_when: result.stdout != ""
- name: Reboot Debian when required
shell: '[ `/usr/sbin/needrestart -b | grep NEEDRESTART-KSTA | cut -d" " -f2` -gt 1 ]'
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
register: reboot
changed_when: "reboot.rc == 0"
failed_when: "reboot.rc > 1"
- name: Reboot
include_role:
name: reboot
when: ( reboot.rc is defined ) and ( reboot.rc == 0 )
---
- name: update a server Debian
apt: update_cache=yes cache_valid_time=3600 allow_unauthenticated=yes force=yes
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: upgrade a server Debian
apt: upgrade=full
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: upgrade a server CentOS
yum: name=* state=latest update_cache=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
runtime! debian.vim
syntax on
if has("autocmd")
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
endif
set showcmd " Show (partial) command in status line.
set showmatch " Show matching brackets.
set smartcase " Do smart case matching
set incsearch " Incremental search
if filereadable("/etc/vim/vimrc.local")
source /etc/vim/vimrc.local
endif
syntax on
if has("autocmd")
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
endif
set showcmd " Show (partial) command in status line.
set showmatch " Show matching brackets.
set smartcase " Do smart case matching
set incsearch " Incremental search
if filereadable("/etc/vim/vimrc.local")
source /etc/vim/vimrc.local
endif
---
- name: Install VIM package Debian
apt: name=vim state=present update_cache=yes cache_valid_time=3600
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Install VIM package CentOS
yum: name=vim state=latest update_cache=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Setup VIM config Debian
copy: src=vimrc dest=/etc/vim/vimrc
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Setup VIM config CentOS
copy: src=vimrc.centos dest=/etc/vimrc
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
---
- name: Install open-vm-tools on Debian
apt: name=open-vm-tools state=present update_cache=yes cache_valid_time=3600
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Install open-vm-tools on CentOS
yum: name=open-vm-tools state=latest update_cache=yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- name: Get vmware tools timesync status
shell: "vmware-toolbox-cmd timesync status"
register: result
changed_when: "result.rc != 0"
failed_when: "result.rc > 69"
- name: Enable vmware tools timesync
command: vmware-toolbox-cmd timesync enable
when: ( result.stdout is defined ) and ( result.stdout != 'Enabled' )
- hosts: stable
gather_facts: False
remote_user: "{{ REMOTE_USER }}"
become: "{{ BECOME }}"
pre_tasks:
- name: Install python for Ansible
raw: test -e /usr/bin/python || (test -e /usr/bin/apt && apt -y update && apt install -y python-minimal; test -e /usr/bin/yum && yum install -y python2 python-simplejson )
changed_when: False
- setup: # aka gather_facts
- name: Setup linux
hosts: stable
remote_user: "{{ REMOTE_USER }}"
become: "{{ BECOME }}"
roles:
- ssh-key
- vim
- base-system
- docker
- { role: vmware-tools, when: ansible_virtualization_type == "VMware" }
- rancher
- upgrade-reboot
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment