ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2023-04-06 11:53:54 +02:00
parent 912ec16cdb
commit 12c86849c2
59 changed files with 1065 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
roles/common/tasks/basic.yml
View File

@ -11,6 +11,8 @@
name: "{{ item }}"
state: present
with_items: "{{ locales }}"
when:
- ansible_facts['distribution'] == "Debian"
tags:
- locales
@ -150,28 +152,38 @@
- name: (basic.yml) install unattended-upgrades
apt: pkg=unattended-upgrades state=present
when:
- ansible_facts['distribution'] == "Debian"
tags:
- unattended-upgrades
- name: (basic.yml) install apt-listchanges
apt: pkg=apt-listchanges state=present
when:
- ansible_facts['distribution'] == "Debian"
tags:
- unattended-upgrades
- name: (basic.yml) remove apticron
apt: pkg=apticron state=absent
when:
- ansible_facts['distribution'] == "Debian"
tags:
- unattended-upgrades
- name: (basic.yml) check if /etc/apt/apt.conf.d/20auto-upgrades exists
stat: path=/etc/apt/apt.conf.d/20auto-upgrades
register: ua_enabled
when:
- ansible_facts['distribution'] == "Debian"
tags:
- unattended-upgrades
- name: (basic.yml) activate unattended upgrades
shell: DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true dpkg-reconfigure -plow unattended-upgrades
when: ua_enabled.stat.exists == False
when:
- ansible_facts['distribution'] == "Debian"
- ua_enabled.stat.exists == False
tags:
- unattended-upgrades
@ -182,6 +194,8 @@
owner: root
group: root
mode: 0644
when:
- ansible_facts['distribution'] == "Debian"
tags:
- unattended-upgrades
@ -193,5 +207,7 @@
owner: root
group: root
mode: 0644
when:
- ansible_facts['distribution'] == "Debian"
tags:
- unattended-upgrades

59
roles/common/tasks/caching-nameserver.yml
View File

@ -1,11 +1,17 @@
---
# ---
# Install 'bind' apt based OS
# ---
- name: (caching-nameserver.yml) update
apt:
update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: apt_update|bool
when:
- ansible_distribution == "Debian"
- apt_update|bool
tags:
- apt-caching-nameserver
@ -17,7 +23,9 @@
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
when:
- ansible_distribution == "Debian"
- apt_update|bool
tags:
- apt-caching-nameserver
@ -27,19 +35,52 @@
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
when:
- ansible_distribution == "Debian"
- apt_dpkg_configure|bool
tags:
- apt-caching-nameserver
- name: (caching-nameserver.yml) Install bind9 packages
- name: (caching-nameserver.yml) Install bind packages (using apt)
apt:
name: "{{ apt_bind9_pkgs }}"
name: "{{ apt_bind_pkgs }}"
state: present
when: apt_install_bind9_packages|bool == true
when:
- ansible_distribution == "Debian"
- install_bind_packages|bool == true
tags:
- apt-caching-nameserver
# ---
# Install 'bind' - yum based OS
# ---
- name: (yum.yml) Install system updates for centos systems
yum:
name: '*'
state: latest
update_cache: yes
#cache_valid_time: 3600
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
tags:
- yum-update
- name: (yum.yml) Install bind packages (using yum)
yum:
name: "{{ yum_bind_pks }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
tags:
- yum-caching-nameserver
# ---
# Configure bind on debian systems
# --
- name: (caching-nameserver.yml) Create directory /var/log/named if it does not exist
file:
@ -48,6 +89,8 @@
owner: bind
group: bind
mode: '0755'
when:
- ansible_distribution == "Debian"
- name: (caching-nameserver.yml) update named.conf.options configuration file (normal server)
@ -64,6 +107,7 @@
- apt-caching-nameserver
- caching-nameserver
when:
- ansible_distribution == "Debian"
- inventory_hostname not in groups["gateway_server"]
# --------------------
@ -89,6 +133,7 @@
- apt-caching-nameserver
- caching-nameserver
when:
- ansible_distribution == "Debian"
- inventory_hostname in groups["gateway_server"]
# - not file_named_conf_options.stat.exists
@ -107,4 +152,6 @@
mode: '0644'
tags:
- apt-caching-nameserver
when:
- ansible_distribution == "Debian"

35
roles/common/tasks/main.yml
View File

@ -26,11 +26,26 @@
# apt-autoremove
# apt-clean
- import_tasks: apt.yml
when:
- ansible_facts['distribution'] == "Debian"
tags: apt
#
# yum-update
# yum-base-install
# yum-initial-install
- import_tasks: yum.yml
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
tags: yum
- import_tasks: tor.yml
when: inventory_hostname in groups['mail_server']
when:
- inventory_hostname in groups['mail_server']
- ansible_facts['distribution'] == "Debian"
tags:
- tor-service
@ -44,6 +59,8 @@
# zsh-config
#
- import_tasks: shell.yml
when:
- ansible_facts['distribution'] == "Debian"
tags:
- shell-config
- vim-config
@ -208,7 +225,23 @@
# tags supportetd inside caching-nameserver.yml
#
# apt-caching-nameserver
# yum-caching-nameserver
#
- import_tasks: caching-nameserver.yml
when: groups['caching_nameserver']|string is search(inventory_hostname)
tags: caching-nameserver
- import_tasks: systemd-services_debian_based_OS.yml
when:
- ansible_os_family == "Debian"
tags:
- services
- import_tasks: systemd-services_redhat_based_OS.yml
when:
- ansible_os_family == "RedHat"
tags:
- services

43
roles/common/tasks/redis-server.yml
View File

@ -1,11 +1,17 @@
---
- name: (redis-server.yml) Set var '_redis_conf'
set_fact:
_redis_conf: "{{ '/etc/redis.conf' if ansible_distribution == 'CentOS' else '/etc/redis/redis.conf' }}"
- name: (redis-server.yml) update
apt:
update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: apt_update|bool
when:
- ansible_facts['distribution'] == "Debian"
- apt_update|bool
tags:
- redis-server
@ -17,7 +23,9 @@
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
when:
- ansible_facts['distribution'] == "Debian"
- apt_update|bool
tags:
- redis-server
@ -27,15 +35,30 @@
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
when:
- ansible_facts['distribution'] == "Debian"
- apt_upgrade|bool
tags:
- redis-server
- name: (redis-server.yml) Install redis-server packages
- name: (redis-server.yml) Install redis-server packages (debian system)
apt:
name: redis-server
state: present
when:
- ansible_facts['distribution'] == "Debian"
tags:
- redis-server
- name: (redis-server.yml) Install redis packages (centos system)
yum:
name: redis
state: latest
update_cache: yes
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
tags:
- redis-server
@ -79,23 +102,23 @@
tags:
- redis-server
- name: (redis-server.yml) Check if file '/etc/redis/redis.conf.ORIG' exists
- name: (redis-server.yml) Check if redis configuration file exists
stat:
path: /etc/redis/redis.conf.ORIG
path: "{{ _redis_conf }}.ORIG"
register: redis_conf_exists
tags:
- redis-server
- name: (redis-server.yml) Backup existing file /etc/redis/redis.conf.
command: cp -a /etc/redis/redis.conf /etc/redis/redis.conf.ORIG
- name: (redis-server.yml) Backup existing redis configuration file.
command: cp -a "{{ _redis_conf }}" "{{ _redis_conf }}".ORIG
when:
- redis_conf_exists.stat.exists == False
tags:
- redis-server
- name: (redis-server.yml) adjust configuration '/etc/redis/redis.conf'
- name: (redis-server.yml) adjust redis configuration
lineinfile:
dest: /etc/redis/redis.conf
dest: "{{ _redis_conf }}"
regexp: "{{ item.regexp }}"
insertafter: "{{ item.insertafter }}"
line: "{{ item.key }} {{ item.val }}"

2
roles/common/tasks/samba-config-server.yml
View File

@ -19,7 +19,7 @@
path: "{{ item.path }}"
owner: "root"
group: "{{ item.group_write_list | default('root', true) }}"
mode: '2770'
mode: "{{ dir_create_mask | default('2770', true) }}"
state: directory
recurse: no
with_items: "{{ samba_shares }}"

61
roles/common/tasks/systemd-services_debian_based_OS.yml Normal file
View File

@ -0,0 +1,61 @@
---
- name: (systemd-services.yml) Check if Service Exists (Debian based OS)
shell: 'systemctl list-unit-files | grep -q -e "^{{ item }}.service";'
changed_when: "service_exists.rc > 1"
failed_when: "service_exists.rc > 1"
register: service_exists
with_items:
- "{{ debian_services_active_and_started }}"
#- debug: msg="{{ service_exists.results }}"
- name: (systemd-services.yml) Check if Service is disabled (Debian based OS)
shell: 'systemctl list-unit-files | grep -e "^{{ item.item }}.service" | grep -q "disabled";'
register: service_is_enabled
changed_when: "service_is_enabled.rc == 0"
failed_when: "service_is_enabled.rc > 1"
with_items:
- "{{ service_exists.results }}"
loop_control:
label: '{{ item.item }}'
when:
- item.rc == 0
#- debug: msg="{{ service_is_enabled.results }}"
- name: (systemd-services.yml) Enable service
systemd:
name: "{{ item.item.item }}.service"
enabled: true
with_items:
- "{{ service_is_enabled.results }}"
loop_control:
label: '{{ item.item.item }}'
when:
- item.changed
- name: (systemd-services.yml) Check if Service is active
shell: 'systemctl is-active {{ item.item }}.service'
register: service_is_active
changed_when: 'service_is_active.stdout == "inactive"'
failed_when: 'service_is_active.rc > 3'
with_items:
- "{{ service_exists.results }}"
loop_control:
label: '{{ item.item }}'
when:
- item.rc == 0
- name: (systemd-services.yml) Start service
systemd:
name: "{{ item.item.item }}.service"
state: started
with_items:
- "{{ service_is_active.results }}"
loop_control:
label: '{{ item.item.item }}'
when:
- item.changed

64
roles/common/tasks/systemd-services_redhat_based_OS.yml Normal file
View File

@ -0,0 +1,64 @@
---
- name: (systemd-services.yml) Check if Service Exists (RedHat based OS)
shell: 'systemctl list-unit-files | grep -q -e "^{{ item }}.service";'
changed_when: "service_exists.rc > 1"
failed_when: "service_exists.rc > 1"
register: service_exists
with_items:
- "{{ redhat_services_active_and_started }}"
when:
- ansible_os_family == "RedHat"
#- debug: msg="{{ service_exists.results }}"
- name: (systemd-services.yml) Check if Service is disabled (RedHat based OS)
shell: 'systemctl list-unit-files | grep -e "^{{ item.item }}.service" | grep -q "disabled";'
register: service_is_enabled
changed_when: "service_is_enabled.rc == 0"
failed_when: "service_is_enabled.rc > 1"
with_items:
- "{{ service_exists.results }}"
loop_control:
label: '{{ item.item }}'
when:
- item.rc == 0
- ansible_os_family == "RedHat"
#- debug: msg="{{ service_is_enabled.results }}"
- name: (systemd-services.yml) Enable service
systemd:
name: "{{ item.item.item }}.service"
enabled: true
with_items:
- "{{ service_is_enabled.results }}"
loop_control:
label: '{{ item.item.item }}'
when:
- item.changed
- name: (systemd-services.yml) Check if Service is active
shell: 'systemctl is-active {{ item.item }}.service'
register: service_is_active
changed_when: 'service_is_active.stdout == "inactive"'
failed_when: 'service_is_active.rc > 3'
with_items:
- "{{ service_exists.results }}"
loop_control:
label: '{{ item.item }}'
when:
- item.rc == 0
- name: (systemd-services.yml) Start service
systemd:
name: "{{ item.item.item }}.service"
state: started
with_items:
- "{{ service_is_active.results }}"
loop_control:
label: '{{ item.item.item }}'
when:
- item.changed

92
roles/common/tasks/users-systemfiles.yml
View File

@ -83,7 +83,7 @@
- bash
# --
# Copy .profile
# Copy .profile (Debian System)
# ---
- name: (users-systemfiles.yml) Check if users file '.profile.ORIG' exists
@ -93,6 +93,8 @@
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
when:
- ansible_facts['distribution'] == "Debian"
tags:
- profile
@ -101,7 +103,9 @@
loop: "{{ profile_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when: item.stat.exists == False
when:
- ansible_facts['distribution'] == "Debian"
- item.stat.exists == False
tags:
- profile
@ -116,6 +120,7 @@
loop_control:
label: '{{ item.item.name }}'
when:
- ansible_facts['distribution'] == "Debian"
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
tags:
@ -125,12 +130,16 @@
stat:
path: /root/.profile.ORIG
register: profile_root_orig_exists
when:
- ansible_facts['distribution'] == "Debian"
tags:
- profile
- name: (users-systemfiles.yml) Backup existing users .profile file
command: cp -a /root/.profile /root/.profile.ORIG
when: profile_root_orig_exists.stat.exists == False
when:
- ansible_facts['distribution'] == "Debian"
- profile_root_orig_exists.stat.exists == False
tags:
- profile
@ -142,10 +151,87 @@
group: root
mode: 0644
when:
- ansible_facts['distribution'] == "Debian"
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
tags:
- profile
# --
# Copy .bash_profile (CentOS/Fedora?/RedHat? System)
# ---
- name: (users-systemfiles.yml) Check if users file '.bash_profile.ORIG' exists
stat:
path: "~{{ item.name }}/.bash_profile.ORIG"
register: bash_profile_user_orig_exists
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
when:
- ansible_facts['distribution'] == "CentOS"
tags:
- profile
- name: (users-systemfiles.yml) Backup existing users .bash_profile file
command: cp -a ~{{ item.item.name }}/.bash_profile ~{{ item.item.name }}/.bash_profile.ORIG
loop: "{{ bash_profile_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- ansible_facts['distribution'] == "CentOS"
- item.stat.exists == False
tags:
- profile
- name: (users-systemfiles.yml) copy .bash_profile if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bash_profile') }}"
dest: "~{{ item.item.name }}/.bash_profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_default_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- ansible_facts['distribution'] == "CentOS"
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bash_profile')
tags:
- profile
- name: (users-systemfiles.yml) Check if file '/root/.bash_profile.ORIG' exists
stat:
path: /root/.bash_profile.ORIG
register: profile_root_orig_exists
when:
- ansible_facts['distribution'] == "CentOS"
tags:
- profile
- name: (users-systemfiles.yml) Backup existing users .bash_profile file
command: cp -a /root/.bash_profile /root/.bash_profile.ORIG
when:
- ansible_facts['distribution'] == "CentOS"
- profile_root_orig_exists.stat.exists == False
tags:
- profile
- name: (users-systemfiles.yml) copy .bash_profile for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bash_profile') }}"
dest: "/root/.bash_profile"
owner: root
group: root
mode: 0644
when:
- ansible_facts['distribution'] == "CentOS"
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_bash_profile')
tags:
- profile
# --
# Copy .vimrc

53
roles/common/tasks/yum.yml Normal file
View File

@ -0,0 +1,53 @@
---
- name: (yum.yml) Install system updates for centos systems
yum:
name: '*'
state: latest
update_cache: yes
#cache_valid_time: 3600
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
tags:
- yum-update
- name: Install the EPEL Repository in CentOS 7
yum:
name: epel-release
state: latest
# Its more eficient to in
- name: (yum.yml) Base install CentOS packages (CentOS 7)
yum:
name: "{{ yum_base_install_centos_7 }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "7"
tags:
- yum-base-install
- name: (yum.yml) Initial install CentOS packages (CentOS 7)
yum:
name: "{{ yum_initial_install_centos_7 }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "7"
tags:
- yum-initial-install
- name: (yum.yml) Install lxc_host related packages
yum:
name: "{{ yum_lxc_host_pkgs }}"
state: "{{ yum_install_state }}"
when:
- groups['lxc_host']|string is search(inventory_hostname)
tags:
- yum-lxc-hosts-pkgs