gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6f411c9743'
${ noResults }
hetzner-ansible/roles/common/tasks/main.yml

255 lines
5.6 KiB
YAML
Raw Blame History

---
### tags:
### users
### install
### upgrade
### config
### update_etc_hosts
### root_authorized_keys
- name: "Set hostname to <{{ inventory_hostname }}>"
hostname:
name: "{{ inventory_hostname }}"
- name: "Setting hosts configuration in /etc/hosts"
blockinfile:
marker: "# {mark} managed by ansible (hosts config for {{ inventory_hostname }})"
path: "/etc/hosts"
state: present
create: yes
block: |
{% for host in shared_service_hosts %}
{{ host.ip }} {{ host.name }}
{% endfor %}
tags:
- update_etc_hosts
- name: "Adding authorized keys for root"
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', 'users/' + item + '/ssh.pub') }}"
loop: '{{ smardigo_plattform_users }}'
tags:
- never
- root_authorized_keys
- name: "Removing outdated authorized keys for root"
ansible.posix.authorized_key:
user: root
state: absent
key: "{{ lookup('file', 'users/outdated/' + item.path) }}"
with_filetree: "users/outdated"
tags:
- never
- root_authorized_keys
- name: "Read current users"
shell: "getent passwd | awk -F: '$3 > 999 {print $1}'"
register: current_users
changed_when: false
tags:
- users
- name: "Remove outdated users"
user: name={{item}} state=absent remove=yes
with_items: "{{ current_users.stdout_lines }}"
when: not ((item in default_plattform_users) or (item in smardigo_plattform_users))
tags:
- users
- name: "Create users"
user:
name: '{{ item }}'
groups: '{{ sudo_group }}'
shell: '/bin/bash'
state: present
append: yes
loop: '{{ smardigo_plattform_users }}'
loop_control:
index_var: index
tags:
- users
# TODO check usage of key_options "no-agent-forwarding, no-agent-forwarding, no-X11-forwarding"
- name: "Set up authorized users"
ansible.posix.authorized_key:
user: '{{ item }}'
state: present
exclusive: true
key: "{{ lookup('file', '{{ playbook_dir }}/users/{{ item }}/ssh.pub') }}"
loop: '{{ smardigo_plattform_users | difference(["elastic"]) }}'
tags:
- users
- name: "Ensure docker configuration directory exists"
file:
path: '/home/{{ item }}/.docker/'
state: directory
owner: '{{ item }}'
group: '{{ item }}'
loop: '{{ smardigo_plattform_users }}'
when: docker_enabled
tags:
- users
- config
- name: "Insert/Update docker configuration"
template:
src: 'configs/docker/config.json.j2'
dest: '/home/{{ item }}/.docker/config.json'
owner: '{{ item }}'
group: '{{ item }}'
mode: 0600
loop: '{{ smardigo_plattform_users }}'
when: docker_enabled
tags:
- users
- config
- name: "Install common dependencies"
apt:
name: [
'mc',
'vim',
'zip',
'curl',
'htop',
'net-tools',
'bash-completion',
]
state: 'present'
when: ansible_distribution == "Ubuntu"
tags:
- install
- name: 'Ensures </etc/bash_completion.d> directory exists'
file:
state: directory
path: '/etc/bash_completion.d'
tags:
- install
- name: "Download docker bash completion"
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/docker/cli/v20.10.6/contrib/completion/bash/docker
dest: /etc/bash_completion.d/docker
mode: '644'
when: docker_enabled
tags:
- install
- name: "Download docker-compose bash completion"
ansible.builtin.get_url:
url: "https://raw.githubusercontent.com/docker/compose/{{ docker_compose_version }}/contrib/completion/bash/docker-compose"
dest: "/etc/bash_completion.d/docker-compose"
mode: '644'
when: docker_enabled
tags:
- install
- name: "Upgrade all packages"
apt:
name: '*'
state: latest
tags:
- install
- upgrade
when: ansible_distribution == "Ubuntu"
- name: "Ensure docker configuration directory exists"
file:
path: '/root/.docker/'
state: directory
owner: 'root'
group: 'root'
when: docker_enabled
tags:
- config
- name: "Insert/Update docker configuration"
template:
src: 'configs/docker/config.json.j2'
dest: '/root/.docker/config.json'
owner: 'root'
group: 'root'
mode: 0600
when: docker_enabled
tags:
- config
- name: "Ensure docker daemon configuration directory exists"
file:
path: '/etc/docker'
state: directory
owner: 'root'
group: 'root'
when: docker_enabled
tags:
- config
- name: "Ensure docker daemon configuration directory exists"
file:
path: '/etc/docker'
state: directory
owner: 'root'
group: 'root'
when: docker_enabled
tags:
- config
- name: "Remove docker daemon configuration when docker_enabled=false"
file:
state: absent
path: '/etc/docker/daemon.json'
when: docker_enabled == false
tags:
- config
- name: "Insert/Update docker daemon configuration"
template:
src: 'configs/docker/daemon.json.j2'
dest: '/etc/docker/daemon.json'
owner: 'root'
group: 'root'
mode: 0600
when: docker_enabled
tags:
- config
- name: "Check docker networks"
include_role:
name: _docker
tasks_from: networks
- name: sshd configuration file update
template:
src: 'configs/sshd/sshd_config.j2'
dest: '/etc/ssh/sshd_config.new'
owner: 'root'
group: 'root'
mode: 0644
notify:
- restart ssh
# elasticsearch production mode requirements
- name: "Set vm.max_map_count"
sysctl:
name: vm.max_map_count
value: '262144'
sysctl_set: yes
state: present
tags:
- config
# elasticsearch production mode requirements
- name: "Set fs.file-max"
sysctl:
name: fs.file-max
value: '65536'
sysctl_set: yes
state: present
tags:
- config
Reference in New Issue View Git Blame Copy Permalink