ansible/akb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2021-11-05 15:17:35 +01:00
parent 8729f427ad
commit 6a4a07d564
10 changed files with 541 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ansible-dependencies-bullseye-sudo.yml Normal file
View File

@ -0,0 +1,23 @@
---
- hosts: initial_setup
gather_facts: false
vars:
# created with:
#
# echo -n 'E*********%' | ansible-vault encrypt_string --stdin-name 'ansible_become_password'
#
ansible_become_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34396433383837666135346136643137633333316131633235353039613361626631346434653636
6431366536663636323537633965306135343239626434660a386663353837396263333035356365
32636236383566316565383137613232353066313032373430643631303433616265323566663165
3539316363386538370a353937613535313538366562616334313566366332393532616630636133
6562
roles:
- ansible_dependencies-bullseye
- ansible_user

15
ansible-dependencies-bullseye.yml Normal file
View File

@ -0,0 +1,15 @@
---
- hosts: initial_setup
remote_user: root
become: false
gather_facts: false
vars_prompt:
- name: ansible_ssh_pass
prompt: "Give root's password here"
roles:
- ansible_dependencies-bullseye
- ansible_user

15
common.yml
View File

@ -16,5 +16,20 @@
# ansible-playbook first_run.yml -i hosts -u root --ask-pass # ansible-playbook first_run.yml -i hosts -u root --ask-pass
- hosts: all - hosts: all
vars:
# created with:
#
# echo -n 'E*********%' | ansible-vault encrypt_string --stdin-name 'ansible_become_password'
#
ansible_become_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34396433383837666135346136643137633333316131633235353039613361626631346434653636
6431366536663636323537633965306135343239626434660a386663353837396263333035356365
32636236383566316565383137613232353066313032373430643631303433616265323566663165
3539316363386538370a353937613535313538366562616334313566366332393532616630636133
6562
roles: roles:
- common - common

118
group_vars/all/main.yml
View File

@ -328,6 +328,123 @@ apt_initial_install_buster:
- socat - socat
- wakeonlan - wakeonlan
apt_initial_install_bullseye:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- cron
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- universal-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.32
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline-dev
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- zsh
- lua5.4
- btrfs-progs
- fdisk
apt_initial_install_xenial: apt_initial_install_xenial:
- apt-transport-https - apt-transport-https
- dbus - dbus
@ -1569,7 +1686,6 @@ luks_device: []
apt_ansible_dependencies: apt_ansible_dependencies:
- python - python
- python-apt
- python3 - python3
- python3-apt - python3-apt
- lsb-release - lsb-release

2
hosts
View File

@ -12,6 +12,7 @@ ab12.akb.netz
192.168.63.168 192.168.63.168
file-akb.akb.netz ansible_user=root file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root 192.168.82.20 ansible_user=root
gw-akb.oopen.de ansible_become=true ansible_become_method=sudo ansible_user=chris
[client_pc] [client_pc]
ab1.akb.netz ab1.akb.netz
@ -67,3 +68,4 @@ file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root 192.168.82.20 ansible_user=root
[gateway_server] [gateway_server]
gw-akb.oopen.de ansible_become=true ansible_become_method=sudo ansible_user=chris

47
roles/ansible_dependencies-bullseye/tasks/main.yml Normal file
View File

@ -0,0 +1,47 @@
---
- name: re-synchronize the package index files from their sources
raw: apt-get update
- name: Ensure aptitude is present
raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
- name: Ensure python2 is present (This is necessary for ansible to work properly)
raw: test -e /usr/bin/python2 || (apt -y update && apt install -y python-is-python2)
- name: Ensure python3 is present (This is necessary for ansible to work properly)
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3)
- name: Ensure python-apt-common is present (This is necessary for ansible to work properly)
raw: test -e /usr/bin/python2 && (apt -y update && apt install -y python-apt-common)
- name: Ensure python-apt is present (This is necessary for ansible to work properly)
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt)
- name: dpkg --configure -a
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
- ansible-dependencies
- name: apt upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
tags:
- ansible-dependencies
- name: apt install ansible dependencies
apt:
name: "{{ apt_ansible_dependencies }}"
state: "{{ apt_install_state }}"
tags:
- ansible-dependencies

36
roles/common/tasks/apt.yml
View File

@ -65,6 +65,7 @@
name: "{{ apt_initial_install_stretch }}" name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}" state: "{{ apt_install_state }}"
when: when:
- - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
- ansible_facts['distribution'] == "Debian" - ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9" - ansible_facts['distribution_major_version'] == "9"
tags: tags:
@ -76,12 +77,25 @@
name: "{{ apt_initial_install_buster }}" name: "{{ apt_initial_install_buster }}"
state: "{{ apt_install_state }}" state: "{{ apt_install_state }}"
when: when:
- apt_initial_install_buster is defined and apt_initial_install_buster|length > 0
- ansible_facts['distribution'] == "Debian" - ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" - ansible_facts['distribution_major_version'] == "10"
tags: tags:
- apt-initial-install - apt-initial-install
- name: (apt.yml) Initial install debian packages (bullseye)
apt:
name: "{{ apt_initial_install_bullseye }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (bionic) - name: (apt.yml) Initial install ubuntu packages (bionic)
apt: apt:
name: "{{ apt_initial_install_bionic }}" name: "{{ apt_initial_install_bionic }}"
@ -122,30 +136,14 @@
- apt-microcode - apt-microcode
- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch) - name: (apt.yml) Install CPU microcode (debian buster/bullseye)
apt: apt:
name: "{{ microcode_amd_package }}" name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- apt_backports_enable
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("AMD")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
apt:
name: "{{ microcode_intel_package }}"
state: present state: present
default_release: "{{ ansible_distribution_release }}" default_release: "{{ ansible_distribution_release }}"
when: when:
- ansible_facts['distribution'] == "Debian" - ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
- ansible_facts['processor']|string is search("Intel") - ansible_facts['processor']|string is search("Intel")
tags: tags:
- apt-initial-install - apt-initial-install

275
roles/common/tasks/apt.yml.NEW Normal file
View File

@ -0,0 +1,275 @@
---
- name: (apt.yml) update configuration file - /etc/apt/sources.list
template:
src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
dest: /etc/apt/sources.list
owner: root
group: root
mode: 0644
register: apt_config_updated
when: apt_manage_sources_list|bool
tags:
- apt-configuration
- name: (apt.yml) apt update
apt:
update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: apt_update|bool
tags:
- apt-update
- apt-upgrade
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) dpkg --configure
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) apt upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
tags:
- apt-upgrade
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) Initial install debian packages (stretch)
apt:
name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}"
when:
- - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (buster)
apt:
name: "{{ apt_initial_install_buster }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_buster is defined and apt_initial_install_buster|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (bullseye)
apt:
name: "{{ apt_initial_install_bullseye }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (bionic)
apt:
name: "{{ apt_initial_install_bionic }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (xenial)
apt:
name: "{{ apt_initial_install_xenial }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
tags:
- apt-initial-install
- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (debian buster/bullseye)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (ubuntu bionic)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (ubuntu xenial)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install lxc_host related packages
apt:
name: "{{ apt_lxc_host_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_lxc_host_pkgs|bool
tags:
- apt-lxc-hosts-pkgs
- name: (apt.yml) Install compiler related packages
apt:
name: "{{ apt_compiler_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_compiler_pkgs|bool
tags:
- apt-compiler-pkgs
- name: (apt.yml) Install postgresql_server related packages
apt:
name: "{{ apt_postgresql_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_postgresql_pkgs|bool
tags:
- apt-postgresql-server-pkgs
- name: (apt.yml) Install webserver related packages
apt:
name: "{{ apt_webserver_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_webserver_pkgs|bool
tags:
- apt-webserver-pkgs
- name: (apt.yml) Install extra packages
apt:
name: "{{ apt_extra_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_extra_pkgs|bool
tags:
- apt-extra-pkgs
- name: (apt.yml) Remove unwanted packages
apt:
name: "{{ apt_remove }}"
state: absent
purge: "{{ apt_remove_purge }}"
tags:
- apt-remove
- name: (apt.yml) autoremove
apt:
autoremove: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_autoremove|bool
tags:
- apt-autoremove
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) clean
command: apt-get -y clean
args:
warn: false
changed_when: false
when: apt_clean|bool
tags:
- apt-clean
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-mysql-server-pkgs
- apt-webserver-pkgs
# Fix error if install/update of repository mysql-/mariadb-client breaks
# link '/etc/mysql/my.cnf' in case mysql/mariadb was installed from source
#
- name: (apt.yml) Check if file '/usr/local/mysql/etc/my.cnf' exists
stat:
path: /usr/local/mysql/etc/my.cnf
register: usr_local_mysql_etc_my_cnf
when: groups['mysql_server']|string is search(inventory_hostname) or
groups['apache2_webserver']|string is search(inventory_hostname) or
groups['nextcloud_server']|string is search(inventory_hostname)
tags:
- apt-webserver-pkgs
- apt-mysql-server-pkgs
- check_mysql_cnf
#- name: debug
# debug:
# msg:
# - usr_local_mysql_etc_my_cnf.stst.exists = {{ usr_local_mysql_etc_my_cnf.stat.exists }}
# - "Variable usr_local_mysql_etc_my_cnf: {{ usr_local_mysql_etc_my_cnf }}"
# tags:
# - check_mysql_cnf
- name: (apt.yml) Create a symbolic link /etc/my.cnf -> /usr/local/mysql/etc/my.cnf
file:
src: /usr/local/mysql/etc/my.cnf
dest: /etc/mysql/my.cnf
owner: root
group: root
state: link
when:
- (groups['mysql_server']|string is search(inventory_hostname) or
groups['apache2_webserver']|string is search(inventory_hostname) or
groups['nextcloud_server']|string is search(inventory_hostname))
- usr_local_mysql_etc_my_cnf.stat.exists
tags:
- apt-webserver-pkgs
- apt-mysql-server-pkgs
- check_mysql_cnf

22
roles/common/templates/etc/apt/sources.list.Debian.j2
View File

@ -1,10 +1,26 @@
# {{ ansible_managed | comment }} # {{ ansible_managed }}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main {{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main {% if ansible_facts['distribution_major_version'] | int >= 11 %}
{{ '# ' if not apt_src_enable else '' }}deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main deb http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
{% else %}
deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
{% endif %}
{% if not apt_src_enable %}
{% if ansible_facts['distribution_major_version'] | int >= 11 %}
#deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
{% else %}
#deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
{% endif %}
{% else %}
{% if ansible_facts['distribution_major_version'] | int >= 11 %}
deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
{% else %}
deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
{% endif %}
{% endif %}
# {{ ansible_lsb.codename }}-updates, previously known as 'volatile' # {{ ansible_lsb.codename }}-updates, previously known as 'volatile'
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main

11
roles/common/templates/etc/apt/sources.list.Ubuntu.j2 Normal file
View File

@ -0,0 +1,11 @@
# {{ ansible_managed }}
deb {{ apt_ubuntu_mirror }} {{ ansible_lsb.codename }} main restricted universe multiverse
deb {{ apt_ubuntu_mirror }} {{ ansible_lsb.codename }}-updates main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-security main restricted universe multiverse
{% if apt_backports_enable %}
deb {{ apt_ubuntu_mirror }} {{ ansible_lsb.codename }}-backports main restricted universe multiverse
{% endif %}