gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ea5c025101'
${ noResults }
hetzner-ansible/roles/common/tasks/main.yml

248 lines
5.5 KiB
YAML
Raw Blame History

---
# This playbook contains common plays that will be run on all nodes.
### tags:
### local_ssh_config
### users
### install
### config
- name: "Send mattermost messsge"
uri:
url: "{{ mattermost_hook_smardigo }}"
method: POST
body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}"
body_format: json
headers:
Content-Type: "application/json"
delegate_to: 127.0.0.1
become: false
when:
- send_status_messages
- name: 'Insert/Update ssh config in ~/.ssh/config'
blockinfile:
marker: '# {mark} managed by ansible (ssh config for {{ inventory_hostname }})'
path: '~/.ssh/config'
create: yes
block: |
Host {{ inventory_hostname }}
HostName {{ stage_server_ip }}
when:
- local_ssh_config
delegate_to: 127.0.0.1
become: false
throttle: 1
tags:
- local_ssh_config
- name: "Set hostname to <{{ stage_server_hostname }}>"
hostname:
name: "{{ stage_server_hostname }}"
- name: "Setting hosts configuration in /etc/hosts"
blockinfile:
marker: "# {mark} managed by ansible (hosts config for {{ stage_server_hostname }})"
path: "/etc/hosts"
state: present
create: yes
block: |
{% for host in shared_service_hosts %}
{{ host.ip }} {{ host.name }}
{% endfor %}
- name: "Read current users"
shell: "getent passwd | awk -F: '$3 > 999 {print $1}'"
register: current_users
changed_when: false
tags:
- users
- name: "Remove outdated users"
user: name={{item}} state=absent remove=yes
with_items: "{{ current_users.stdout_lines }}"
when: not ((item in default_plattform_users) or (item in smardigo_plattform_users))
tags:
- users
- name: "Create users"
user:
name: '{{ item }}'
groups: '{{ sudo_group }}'
shell: '/bin/bash'
state: present
append: yes
loop: '{{ smardigo_plattform_users }}'
loop_control:
index_var: index
tags:
- users
# TODO check usage of key_options "no-agent-forwarding, no-agent-forwarding, no-X11-forwarding"
- name: "Set up authorized users"
ansible.posix.authorized_key:
user: '{{ item }}'
state: present
exclusive: true
key: "{{ lookup('file', '{{ playbook_dir }}/users/{{ item }}/id_rsa.pub') }}"
loop: '{{ smardigo_plattform_users | difference(["elastic"]) }}'
tags:
- users
- name: "Ensure docker configuration directory exists"
file:
path: '/home/{{ item }}/.docker/'
state: directory
owner: '{{ item }}'
group: '{{ item }}'
loop: '{{ smardigo_plattform_users }}'
tags:
- users
- name: "Insert/Update docker configuration"
template:
src: 'configs/docker/config.json.j2'
dest: '/home/{{ item }}/.docker/config.json'
owner: '{{ item }}'
group: '{{ item }}'
mode: 0600
loop: '{{ smardigo_plattform_users }}'
tags:
- users
- config
- name: "Install common dependencies"
apt:
name: [
'mc',
'vim',
'zip',
'curl',
'htop',
'net-tools',
'bash-completion',
]
state: 'present'
when: ansible_distribution == "Ubuntu"
tags:
- install
- name: Download docker-compose bash completion
get_url:
url: https://raw.githubusercontent.com/docker/cli/v20.10.6/contrib/completion/bash/docker
dest: /usr/share/bash-completion/docker
mode: '644'
tags:
- install
- name: Download docker-compose bash completion
get_url:
url: https://raw.githubusercontent.com/docker/compose/1.29.1/contrib/completion/bash/docker-compose
dest: /usr/share/bash-completion/docker-compose
mode: '644'
tags:
- install
- name: "Upgrade all packages"
apt:
name: '*'
state: latest
tags:
- install
when: ansible_distribution == "Ubuntu"
- name: "Ensure docker configuration directory exists"
file:
path: '/root/.docker/'
state: directory
owner: 'root'
group: 'root'
tags:
- config
- name: "Insert/Update docker configuration"
template:
src: 'configs/docker/config.json.j2'
dest: '/root/.docker/config.json'
owner: 'root'
group: 'root'
mode: 0600
tags:
- config
- name: "Ensure docker daemon configuration directory exists"
file:
path: '/etc/docker'
state: directory
owner: 'root'
group: 'root'
tags:
- config
- name: "Ensure docker daemon configuration directory exists"
file:
path: '/etc/docker'
state: directory
owner: 'root'
group: 'root'
tags:
- config
- name: "Insert/Update docker daemon configuration"
template:
src: 'configs/docker/daemon.json.j2'
dest: '/etc/docker/daemon.json'
owner: 'root'
group: 'root'
mode: 0600
tags:
- config
- name: "Check docker networks"
include_role:
name: _docker
tasks_from: networks
- name: sshd configuration file update
template:
src: 'configs/sshd/sshd_config.j2'
dest: '/etc/ssh/sshd_config.new'
owner: 'root'
group: 'root'
mode: 0644
notify:
- restart ssh
# elasticsearch production mode requirements
- name: "Set vm.max_map_count"
sysctl:
name: vm.max_map_count
value: '262144'
sysctl_set: yes
state: present
tags:
- config
# elasticsearch production mode requirements
- name: "Set fs.file-max"
sysctl:
name: fs.file-max
value: '65536'
sysctl_set: yes
state: present
tags:
- config
- name: "Send mattermost messsge"
uri:
url: "{{ mattermost_hook_smardigo }}"
method: POST
body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}"
body_format: json
headers:
Content-Type: "application/json"
delegate_to: 127.0.0.1
become: false
when:
- send_status_messages
Reference in New Issue View Git Blame Copy Permalink