gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c63d557861'
${ noResults }
hetzner-ansible/roles/common/tasks/main.yml

221 lines
5.0 KiB
YAML
Raw Blame History

---
# This playbook contains common plays that will be run on all nodes.
### tags:
### local_ssh_config
### users
### install
### config
- name: "Send mattermost messsge"
uri:
url: "{{ mattermost_hook_smardigo }}"
method: POST
body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}"
body_format: json
headers:
Content-Type: "application/json"
delegate_to: 127.0.0.1
become: false
when:
- send_status_messages
- name: Gather current server infos
hcloud_server_info:
api_token: "{{ hetzner_authentication_token }}"
register: hetzner_server_infos
delegate_to: 127.0.0.1
become: false
- name: Save current server infos as variable (fact)
set_fact:
hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
delegate_to: 127.0.0.1
become: false
- name: Read ip for {{ inventory_hostname }}
set_fact:
stage_server_ip: "{{ item.ipv4_address }}"
when: item.name == inventory_hostname
with_items: "{{ hetzner_server_infos_json }}"
delegate_to: 127.0.0.1
become: false
- name: 'Insert/Update ssh config in ~/.ssh/config'
blockinfile:
marker: '# {mark} managed by ansible (ssh config for {{ inventory_hostname }})'
path: '~/.ssh/config'
create: yes
block: |
Host {{ inventory_hostname }}
HostName {{ stage_server_ip }}
delegate_to: 127.0.0.1
become: false
throttle: 1
tags:
- local_ssh_config
- name: "Set hostname to <{{ stage_server_hostname }}>"
hostname:
name: "{{ stage_server_hostname }}"
- name: Add hostname to /etc/hosts file
lineinfile:
dest: /etc/hosts
regexp: '^127\.0\.1\.1'
line: "127.0.1.1 {{ stage_server_hostname }}"
state: present
when: ansible_facts['distribution'] == "Ubuntu"
- name: "Read current users"
shell: "getent passwd | awk -F: '$3 > 999 {print $1}'"
register: current_users
tags:
- users
- name: "Remove outdated users"
user: name={{item}} state=absent remove=yes
with_items: "{{ current_users.stdout_lines }}"
when: not ((item in default_plattform_users) or (item in smardigo_plattform_users))
tags:
- users
- name: "Create users"
user:
name: '{{ item }}'
groups: '{{ sudo_group }}'
shell: '/bin/bash'
state: present
append: yes
loop: '{{ smardigo_plattform_users }}'
loop_control:
index_var: index
tags:
- users
# TODO check usage of key_options "no-agent-forwarding, no-agent-forwarding, no-X11-forwarding"
- name: "Set up authorized keys"
authorized_key:
user: '{{ item }}'
state: present
exclusive: true
key: "{{ lookup('file', '{{ inventory_dir }}/keys/{{ item }}/id_rsa.pub') }}"
loop: '{{ smardigo_plattform_users }}'
tags:
- users
- name: "Ensure docker configuration directory exists"
file:
path: '/home/{{ item }}/.docker/'
state: directory
owner: '{{ item }}'
group: '{{ item }}'
loop: '{{ smardigo_plattform_users }}'
tags:
- users
- name: "Insert/Update docker configuration"
template:
src: 'configs/docker/config.json.j2'
dest: '/home/{{ item }}/.docker/config.json'
owner: '{{ item }}'
group: '{{ item }}'
mode: 0600
loop: '{{ smardigo_plattform_users }}'
tags:
- users
- name: "Install common dependencies"
apt:
name: [
'mc',
'vim',
'zip',
'curl',
'htop',
'net-tools',
]
state: 'present'
when: ansible_distribution == "Ubuntu"
tags:
- install
- name: "Upgrade all packages"
apt:
name: '*'
state: latest
tags:
- install
when: ansible_distribution == "Ubuntu"
- name: "Ensure docker configuration directory exists"
file:
path: '/root/.docker/'
state: directory
owner: 'root'
group: 'root'
tags:
- config
- name: "Insert/Update docker configuration"
template:
src: 'configs/docker/config.json.j2'
dest: '/root/.docker/config.json'
owner: 'root'
group: 'root'
mode: 0600
tags:
- config
- name: "Insert/Update docker daemon configuration"
template:
src: 'configs/docker/daemon.json.j2'
dest: '/etc/docker/daemon.json'
owner: 'root'
group: 'root'
mode: 0600
tags:
- config
- name: sshd configuration file update
template:
src: 'configs/sshd/sshd_config.j2'
dest: '/etc/ssh/sshd_config'
backup: yes
mode: 0644
notify:
- restart ssh
# elasticsearch production mode requirements
- name: "Set vm.max_map_count"
sysctl:
name: vm.max_map_count
value: '262144'
sysctl_set: yes
state: present
tags:
- config
# elasticsearch production mode requirements
- name: "Set fs.file-max"
sysctl:
name: fs.file-max
value: '65536'
sysctl_set: yes
state: present
tags:
- config
- name: "Send mattermost messsge"
uri:
url: "{{ mattermost_hook_smardigo }}"
method: POST
body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}"
body_format: json
headers:
Content-Type: "application/json"
delegate_to: 127.0.0.1
become: false
when:
- send_status_messages
Reference in New Issue View Git Blame Copy Permalink