From 0de89ad423e6aa8a4dfb38237e797b7bde11056a Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 30 May 2019 17:52:45 +0200 Subject: [PATCH] Initial commit --- .gitignore | 1 + README.ad-hoc | 21 ++++++++++++++ ansible.cfg | 35 +++++++++++++++++++++++ hosts | 46 ++++++++++++++++++++++++++++++ update-git-repositories.retry | 3 ++ update-git-repositories.yml | 7 +++++ upgrade.yml | 53 +++++++++++++++++++++++++++++++++++ 7 files changed, 166 insertions(+) create mode 100644 .gitignore create mode 100644 README.ad-hoc create mode 100644 ansible.cfg create mode 100644 hosts create mode 100644 update-git-repositories.retry create mode 100644 update-git-repositories.yml create mode 100644 upgrade.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.swp diff --git a/README.ad-hoc b/README.ad-hoc new file mode 100644 index 0000000..bd963d0 --- /dev/null +++ b/README.ad-hoc @@ -0,0 +1,21 @@ +# ---- +# Execute 'ad-hoc' command through ansible with extended privileges +# --- + +ansibl all --become --become-method sudo --ask-become-pass -a 'whoami' + +ansible all --become --become-method sudo --ask-become-pass -a 'uptime' + +# - Note: +# - alternatively, you can out the following entrie into your 'ansible-cfg' file: +# - +# - [privilege_escalation] +# - become=True +# - become_method=sudo +# - become_ask_pass=True +# - +# - Now you can omit the the 'becom' flags: +# - +ansible all -a 'whoami' +ansible all -a 'uptime' + diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..c659472 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,35 @@ +# config file for ansible -- http://ansible.com/ +# ============================================== +# exmaple:https://raw.github.com/ansible/ansible/devel/examples/ansible.cfg +# +# nearly all parameters can be overridden in ansible-playbook +# or with command line flags. ansible will read ANSIBLE_CONFIG, +# ansible.cfg in the current working directory, .ansible.cfg in +# the home directory or /etc/ansible/ansible.cfg, whichever it +# finds first + +[defaults] +ansible_managed = Ansible managed file, do not edit directly +#gathering = smart +#fact_caching = jsonfile +#fact_caching_connection = ~/.cache/ +#fact_caching_timeout = 86400 +#forks = 20 +inventory = ./hosts +#remote_user = ansible +#roles_path = ./roles +#vault_password_file = open_the_vault.sh +#retry_files_enabled = False +#allow_world_readable_tmpfiles = True + +[privilege_escalation] +become=True +become_method=sudo +become_ask_pass=True + +[ssh_connection] + +# By default, this option is disabled to preserve compatibility with +# sudoers configurations that have requiretty (the default on many distros). +# +#pipelining = True diff --git a/hosts b/hosts new file mode 100644 index 0000000..c168c2e --- /dev/null +++ b/hosts @@ -0,0 +1,46 @@ + +[lxc-hosts] +server16.warenform.de +server18.warenform.de +server20.warenform.de +server22.warenform.de +server23.warenform.de +server24.warenform.de +server25.warenform.de +server26.warenform.de + +[lxc-guest] + +# - server16.warenform.de +helden.warenform.de + +# - server18.warenform.de +piwik.warenform.de + +# - server20.warenform.de +cloud-giz.warenform.de + +# - server22.warenform.de +nd.warenform.de +nd-archiv.warenform.de +nd-live.warenform.de + +# - server23.warenform.de +dns0.warenform.de +vvn-www.warenform.de +vvn-shop.warenform.de + +# - server24.warenform.de +lists.mx.warenform.de +mx.warenform.de + +# - server25.warenform.de +web0.warenform.de +web1.warenform.de + +# - server26.warenform.de +backup.warenform.de +git.warenform.de + +# - Vserver von Sinma +dns1.warenform.de diff --git a/update-git-repositories.retry b/update-git-repositories.retry new file mode 100644 index 0000000..8455850 --- /dev/null +++ b/update-git-repositories.retry @@ -0,0 +1,3 @@ +backup.warenform.de +git.warenform.de +server26.warenform.de diff --git a/update-git-repositories.yml b/update-git-repositories.yml new file mode 100644 index 0000000..c16801b --- /dev/null +++ b/update-git-repositories.yml @@ -0,0 +1,7 @@ +--- + +- hosts: all + + tasks: + - name: Update git repositories + shell: /root/bin/admin-stuff/update_git_repositories.sh diff --git a/upgrade.yml b/upgrade.yml new file mode 100644 index 0000000..9674db6 --- /dev/null +++ b/upgrade.yml @@ -0,0 +1,53 @@ +--- +- hosts: debian + become: yes + + tasks: + + - name: Update packages list + apt: update_cache=yes + when: ansible_os_family == 'Debian' + + - name: List packages to upgrade (1/2) + shell: aptitude -q -F%p --disable-columns search "~U" + register: updates + changed_when: False + when: ansible_os_family == 'Debian' + + - name: List packages to upgrade (2/2) + debug: msg="{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})" + when: (ansible_os_family == 'Debian' and updates.stdout_lines) + + - name: Upgrade packages + apt: upgrade=safe + when: ansible_os_family == 'Debian' + + - name: Check what the new version is + shell: lsb_release -r | awk '{print $2}' + changed_when: False + register: new_release + + - name: /jessie/ install the needrestart package if it is missing + apt: name=needrestart state=present default_release=jessie-backports + when: ansible_distribution_release == 'jessie' + + - name: /jessie/ list services to restart (1/3) + shell: needrestart -blrl | awk '/^NEEDRESTART-SVC/{print $2}' + register: services + changed_when: False + when: ansible_distribution_release == 'jessie' + +# - name: /jessie/ merge services list (2/3) +# set_fact: +# services: "{{ services }}" + +# - name: list services to restart (3/3) +# debug: msg="{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (", ") }})" +# when: (ansible_os_family == 'Debian' and services.stdout_lines) + +# - name: list services to restart (2/3) +# debug: msg="{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (", ") }})" +# when: (ansible_os_family == 'Debian' and services.stdout_lines) + + - name: cache cleanup + shell: apt-get autoclean