Browse Source

import common roles

master
parent
commit
056e5a4bb8
36 changed files with 208 additions and 429 deletions
  1. +9
    -0
      access.yaml
  2. +70
    -0
      cameras.yaml
  3. +8
    -0
      desktop.yaml
  4. +1
    -0
      docs/LIVE-ROOT-PASSWORD
  5. +0
    -9
      group_vars/all/ips.yml
  6. +0
    -48
      group_vars/all/networks.yml
  7. +0
    -1
      group_vars/all/site.yml
  8. +2
    -3
      group_vars/all/users.yml
  9. +0
    -1
      group_vars/all/virt.yml
  10. +0
    -11
      group_vars/vdesks/netif.yml
  11. +0
    -7
      group_vars/vdesks/users.yml
  12. +0
    -2
      group_vars/vdesks/virt.yml
  13. +0
    -26
      group_vars/vpn_servers/netif.yml
  14. +0
    -10
      host_files/kita-pro-vdesk/root/.local/share/fish/fish_history
  15. +0
    -6
      host_files/kita-pro-vpn/fastd/vpn/peer.conf
  16. +0
    -108
      host_files/kita-pro-vpn/root/.local/share/fish/fish_history
  17. +0
    -23
      host_vars/kita-pro-vdesk/netif.yml
  18. +0
    -1
      host_vars/kita-pro-vdesk/ssh_host_key.yml
  19. +0
    -1
      host_vars/kita-pro-vdesk/staging.yml
  20. +0
    -19
      host_vars/kita-pro-vdesk/virt.yml
  21. +0
    -67
      host_vars/kita-pro-vpn/netif.yml
  22. +0
    -1
      host_vars/kita-pro-vpn/ssh_host_key.yml
  23. +0
    -1
      host_vars/kita-pro-vpn/staging.yml
  24. +0
    -19
      host_vars/kita-pro-vpn/virt.yml
  25. +0
    -33
      host_vars/tg-srv-0/netif.yml
  26. +7
    -0
      live.yaml
  27. +8
    -0
      maintenance.yaml
  28. +9
    -0
      rollover.yaml
  29. +6
    -0
      servers-common.yaml
  30. +6
    -0
      servers-network.yaml
  31. +4
    -0
      servers.yaml
  32. +12
    -0
      teamviewer.yaml
  33. +56
    -0
      users.yaml
  34. +10
    -0
      vdesks-custom.yaml
  35. +0
    -8
      vdesks-provisioning.yaml
  36. +0
    -24
      vdesks.yaml

+ 9
- 0
access.yaml View File

@@ -0,0 +1,9 @@
---

- hosts:
- servers
- desktops
- laptops
remote_user: root
roles:
- name: root_user

+ 70
- 0
cameras.yaml View File

@@ -0,0 +1,70 @@
---

- hosts: servers[0]
remote_user: root
handlers:
- name: reload systemd daemon
command: systemctl daemon-reload
- name: restart camera-download service
systemd:
name: camera-download@{{item}}.service
state: restarted
with_items: "{{groups.cameras}}"
tasks:
- name: install debian packages
apt:
pkg:
- gphoto2
- fping
- name: camera-download script
copy:
content: |
#!/usr/bin/fish
source /etc/camera-download/$argv[1].fish
cd $dir
while sleep 1
echo waiting for PING reply from $ip
if fping -4 -r60 -B1 -p5000 -q $ip
echo got PING reply from $ip - starting camera download
gphoto2 --port ptpip:$ip --get-all-files --skip-existing --force-overwrite --recurse --delete-all-files
end
end
dest: /usr/local/bin/camera-download
mode: 0755
notify: restart camera-download service
- name: camera-download config directory
file:
path: /etc/camera-download
state: directory
- name: camera-download config
copy:
content: |
set ip {{hostvars[item].ip}}
set dir {{hostvars[item].camera_download_directory}}
dest: /etc/camera-download/{{item}}.fish
with_items: "{{groups.cameras}}"
notify: restart camera-download service
- name: camera-download systemd service
copy:
content: |
[Unit]
Description=run camera-download

[Service]
User={{camera_download_user}}
Group={{camera_download_group}}
Type=simple
ExecStart=/usr/local/bin/camera-download %i

[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/camera-download@.service
notify:
- reload systemd daemon
- restart camera-download service
- name: enable and start camera-download service
systemd:
name: camera-download@{{item}}.service
state: started
enabled: yes
with_items: "{{groups.cameras}}"

+ 8
- 0
desktop.yaml View File

@@ -0,0 +1,8 @@
---

- hosts: desktops:laptops
remote_user: root
tasks:
- name: kita-pro-desktop
import_role:
name: kita-pro-desktop

+ 1
- 0
docs/LIVE-ROOT-PASSWORD View File

@@ -0,0 +1 @@
boat orange winner park

+ 0
- 9
group_vars/all/ips.yml View File

@@ -1,9 +0,0 @@
ips:
- host: kita-pro-vdesk
ip: 172.23.48.1
network: kita-pro-service-net
subnet: 172.23.48.0/24
- host: kita-pro-vpn
ip: 172.23.48.2
network: kita-pro-service-net
subnet: 172.23.48.0/24

+ 0
- 48
group_vars/all/networks.yml View File

@@ -1,48 +0,0 @@
networks:

tg-net:
subnets:
- fd47:17e0:993c::/48
- 172.23/16

kita-pro-net:
parent: tg-net
site: kita-pro
subnets:
- fd47:17e0:993c:30::/60
- 172.23.48/20

kita-pro-service-net:
parent: tg-net
site: kita-pro
subnets:
- fd47:17e0:993c:30::/64
- 172.23.48/24

testkita-net:
parent: tg-net
site: testkita
subnets:
- fd47:17e0:993c:31::/64
- 172.23.49/24

kita-stjs-net:
parent: tg-net
site: kita-pro
subnets:
- fd47:17e0:993c:3d::/64
- 172.23.61/24

kita-stma-net:
parent: tg-net
site: kita-pro
subnets:
- fd47:17e0:993c:3e::/64
- 172.23.62/24

kita-stwg-net:
parent: tg-net
site: kita-pro
subnets:
- fd47:17e0:993c:3f::/64
- 172.23.63/24

+ 0
- 1
group_vars/all/site.yml View File

@@ -1 +0,0 @@
site_name: kita-pro

+ 2
- 3
group_vars/all/users.yml View File

@@ -1,4 +1,3 @@
root_ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwdEkFBdQfY5YB6LR1l+copG7rZXlGLQyWWwhZdNkpW chaotika
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOC5/P9eYaHzOZGB/HE7zpjbCiYkfPFBzMvqIglFOWLe ansible-generated on tg-devops-emardely
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaeOFGQL7P71uJyGh5naztKyzM+9aUJT8moCzG/DlcW ansible-generated on kita-pro-vdesk
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwdEkFBdQfY5YB6LR1l+copG7rZXlGLQyWWwhZdNkpW markus.brechtel
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaeOFGQL7P71uJyGh5naztKyzM+9aUJT8moCzG/DlcW markus.brechtel@kita-pro-vdesk

+ 0
- 1
group_vars/all/virt.yml View File

@@ -1 +0,0 @@
virt_host: tg-srv-0

+ 0
- 11
group_vars/vdesks/netif.yml View File

@@ -1,11 +0,0 @@
netif_primary: virt
netifs_profile:
virt:
networks:
- kita-pro-service-net
type: virt_ptp
virt_host_netif: virt
dns_resolvers:
- fd47:17e0:993c:c2::c:1
- fd47:17e0:993c:c2::c:2
- fd47:17e0:993c:c2::c:3

+ 0
- 7
group_vars/vdesks/users.yml View File

@@ -1,7 +0,0 @@
users:
chaotika:
uid: 4716
gid: 4716
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwdEkFBdQfY5YB6LR1l+copG7rZXlGLQyWWwhZdNkpW chaotika
linger: true

+ 0
- 2
group_vars/vdesks/virt.yml View File

@@ -1,2 +0,0 @@
virt_memory: 4096
virt_vcpu: 4

+ 0
- 26
group_vars/vpn_servers/netif.yml View File

@@ -1,26 +0,0 @@
netif_primary: virt
netifs_profile:
virt:
networks:
- kita-pro-service-net
type: virt_ptp
virt_host_netif: virt
dns_resolvers:
- fd47:17e0:993c:c2::c:1
- fd47:17e0:993c:c2::c:2
- fd47:17e0:993c:c2::c:3
vpn:
type: fastd
networks:
- kita-pro-service-net
fastd_port: 10060
fastd_peers: []
babeld: true
mesh:
networks:
- kita-pro-service-net
type: virt_bridge
virt_host_netif: mesh
babeld:
redistribute_networks:
- kita-pro-net

+ 0
- 10
host_files/kita-pro-vdesk/root/.local/share/fish/fish_history View File

@@ -1,10 +0,0 @@
- cmd: reboot
when: 1536583700
- cmd: reboot
when: 1536680205
- cmd: nano /etc/hosts
when: 1536912724
paths:
- /etc/hosts
- cmd: apt install pwgen
when: 1536912876

+ 0
- 6
host_files/kita-pro-vpn/fastd/vpn/peer.conf View File

@@ -1,6 +0,0 @@
key "c61a1701cf00cde38efcbd88d7b365f4d18c45290ffda6900677b18dcd3d0287";
remote 172.23.48.2:10060;
remote 51.68.177.5:10060;
remote [fd47:17e0:993c:30:47:baff:fe21:28f9]:10060;
remote [fd47:17e0:993c:30:47:d4ff:fe1c:ac1d]:10060;
float yes;

+ 0
- 108
host_files/kita-pro-vpn/root/.local/share/fish/fish_history View File

@@ -1,108 +0,0 @@
- cmd: top
when: 1536587819
- cmd: cat /dev/urandom
when: 1536588003
- cmd: cat /dev/urandom | base32
when: 1536588018
paths:
- /dev/urandom
- cmd: cat /dev/urandom | base64
when: 1536588024
paths:
- /dev/urandom
- cmd: cat /etc/network/interfaces
when: 1536588218
paths:
- /etc/network/interfaces
- cmd: cat /etc/network/interfaces.d/virt
when: 1536588220
paths:
- /etc/network/interfaces.d/virt
- cmd: nano /etc/network/interfaces
when: 1536588487
paths:
- /etc/network/interfaces
- cmd: nano /etc/network/interfaces.d/virt
when: 1536588490
paths:
- /etc/network/interfaces.d/virt
- cmd: systemctl status babeld@vpn
when: 1536591535
- cmd: nano /etc/fastd/vpn/fastd.conf
when: 1536591642
paths:
- /etc/fastd/vpn/fastd.conf
- cmd: nano /etc/fastd/vpn/peers/kita-stwg-9.conf
when: 1536591654
- cmd: mv /etc/fastd/vpn/peers/kita-stwg-9.conf /etc/fastd/vpn/peers/kita-stwg-9
when: 1536591678
paths:
- /etc/fastd/vpn/peers/kita-stwg-9.conf
- cmd: systemctl restart fastd@vpn
when: 1536591681
- cmd: systemctl status fastd@vpn
when: 1536591691
- cmd: tcpdump -h
when: 1537775177
- cmd: ping fd47:17e0:993c:3f:47:b9ff:fed9:2951
when: 1537775501
- cmd: nano /etc/hosts
when: 1537775509
paths:
- /etc/hosts
- cmd: ifup mesh
when: 1537779973
- cmd: ip a
when: 1537779975
- cmd: systemctl status babeld
when: 1537780044
- cmd: reboot
when: 1537780101
- cmd: systemctl status babeld.service
when: 1537780115
- cmd: ip -6 route
when: 1537780118
- cmd: tcpdump -i enp7s1
when: 1537780217
- cmd: ip r
when: 1537780250
- cmd: ip -6 r
when: 1537780256
- cmd: tcpdump -i enp7s2
when: 1537780259
- cmd: ip a
when: 1537783936
- cmd: nano /etc/fastd/vpn/peers/kita-stwg-9.conf
when: 1537783943
- cmd: nano /etc/fastd/vpn/peers/kita-stwg-9
when: 1537783950
paths:
- /etc/fastd/vpn/peers/kita-stwg-9
- cmd: nano /etc/fastd/vpn/fastd.conf
when: 1537783956
paths:
- /etc/fastd/vpn/fastd.conf
- cmd: ip -6 route
when: 1537783978
- cmd: nano /etc/babeld.conf
when: 1537783998
paths:
- /etc/babeld.conf
- cmd: nano /etc/babeld.conf
when: 1537784089
paths:
- /etc/babeld.conf
- cmd: ip -6 route
when: 1537784189
- cmd: ip route
when: 1537784208
- cmd: ip -6 route
when: 1537784221
- cmd: cat /etc/babeld.conf
when: 1537784227
paths:
- /etc/babeld.conf
- cmd: cat /etc/babeld.conf
when: 1537784523
paths:
- /etc/babeld.conf

+ 0
- 23
host_vars/kita-pro-vdesk/netif.yml View File

@@ -1,23 +0,0 @@
ansible_host: fd47:17e0:993c:30:47:aff:fed8:5484
netifs:
virt:
device: enp7s1
dns_resolvers:
- fd47:17e0:993c:c2::c:1
- fd47:17e0:993c:c2::c:2
- fd47:17e0:993c:c2::c:3
eui64: 47:aff:fed8:5484
id: 305124627588
ips:
- ip: fd47:17e0:993c:30:47:aff:fed8:5484/64
type: eui64
- ip: 172.23.48.1/24
type: host
ll6: fe80::47:aff:fed8:5484
mac: 02:47:0a:d8:54:84
networks:
- kita-pro-service-net
type: virt_ptp
virt_host_netif: virt
virt_pci_id: 0
ssh_ip: fd47:17e0:993c:30:47:aff:fed8:5484

+ 0
- 1
host_vars/kita-pro-vdesk/ssh_host_key.yml View File

@@ -1 +0,0 @@
ssh_host_key_ed25519_public: AAAAC3NzaC1lZDI1NTE5AAAAIABTb/3+sP5/TUhCMKcHqcKQfVBuG+QGbPI1VHvF9G03

+ 0
- 1
host_vars/kita-pro-vdesk/staging.yml View File

@@ -1 +0,0 @@
stage: production

+ 0
- 19
host_vars/kita-pro-vdesk/virt.yml View File

@@ -1,19 +0,0 @@
filesystems:
- device: /dev/vda
fstype: ext4
keep: true
mount_point: /
swap_devices:
- device: /dev/vdb
uuid: 4c5c7c6a-1331-5447-874a-3a7be8985c6b
virt_console: serial
virt_disks:
- boot: true
name: root
size: 32G
type: qcow2
- name: swap
size: 2G
type: raw
virt_host: tg-srv-0
virt_uuid: 1d23b7cf-fc5c-40bd-a127-1caa2bf64b40

+ 0
- 67
host_vars/kita-pro-vpn/netif.yml View File

@@ -1,67 +0,0 @@
ansible_host: fd47:17e0:993c:30:47:baff:fe21:28f9
netifs:
mesh:
babeld:
redistribute_networks:
- kita-pro-net
device: enp7s2
eui64: 47:d4ff:fe1c:ac1d
id: 308501326877
ips:
- ip: fd47:17e0:993c:30:47:d4ff:fe1c:ac1d/64
type: eui64
- ip: 172.23.48.2/24
type: host
ll6: fe80::47:d4ff:fe1c:ac1d
mac: 02:47:d4:1c:ac:1d
networks:
- kita-pro-service-net
type: virt_bridge
virt_host_netif: mesh
virt_pci_id: 1
virt:
device: enp7s1
dns_resolvers:
- fd47:17e0:993c:c2::c:1
- fd47:17e0:993c:c2::c:2
- fd47:17e0:993c:c2::c:3
eui64: 47:baff:fe21:28f9
id: 308065413369
ips:
- ip: fd47:17e0:993c:30:47:baff:fe21:28f9/64
type: eui64
- ip: 172.23.48.2/24
type: host
- ip: 51.68.177.5/32
type: static
ll6: fe80::47:baff:fe21:28f9
mac: 02:47:ba:21:28:f9
networks:
- kita-pro-service-net
type: virt_ptp
virt_host_netif: virt
virt_pci_id: 0
vpn:
babeld: true
device: vpn
eui64: 47:cdff:fe01:ea1f
fastd_key: c61a1701cf00cde38efcbd88d7b365f4d18c45290ffda6900677b18dcd3d0287
fastd_peers: []
fastd_port: 10060
fastd_remote:
- 172.23.48.2:10060
- 51.68.177.5:10060
- '[fd47:17e0:993c:30:47:baff:fe21:28f9]:10060'
- '[fd47:17e0:993c:30:47:d4ff:fe1c:ac1d]:10060'
id: 308382132767
ips:
- ip: fd47:17e0:993c:30:47:cdff:fe01:ea1f/64
type: eui64
- ip: 172.23.48.2/24
type: host
ll6: fe80::47:cdff:fe01:ea1f
mac: 02:47:cd:01:ea:1f
networks:
- kita-pro-service-net
type: fastd
ssh_ip: fd47:17e0:993c:30:47:baff:fe21:28f9

+ 0
- 1
host_vars/kita-pro-vpn/ssh_host_key.yml View File

@@ -1 +0,0 @@
ssh_host_key_ed25519_public: AAAAC3NzaC1lZDI1NTE5AAAAIJNs5NesENwxBenS5ErcgdKqDdqBOBT90t2GWBrIbyVq

+ 0
- 1
host_vars/kita-pro-vpn/staging.yml View File

@@ -1 +0,0 @@
stage: staging

+ 0
- 19
host_vars/kita-pro-vpn/virt.yml View File

@@ -1,19 +0,0 @@
filesystems:
- device: /dev/vda
fstype: ext4
keep: true
mount_point: /
swap_devices:
- device: /dev/vdb
uuid: a5434f37-3986-5feb-9abc-f22f0a5ecb60
virt_console: serial
virt_disks:
- boot: true
name: root
size: 32G
type: qcow2
- name: swap
size: 2G
type: raw
virt_host: tg-srv-0
virt_uuid: 5adee200-b8c7-4e7d-bf71-d2381ec85fbb

+ 0
- 33
host_vars/tg-srv-0/netif.yml View File

@@ -1,33 +0,0 @@
ansible_host: tg-srv-0.thengo.net
netifs:
virt:
device: virt
eui64: 47:9ff:fee0:9d4
id: 305108355540
ips:
- ip: fd47:17e0:993c:0:47:9ff:fee0:9d4/64
type: eui64
- ip: 172.23.0.1/24
type: host
ll6: fe80::47:9ff:fee0:9d4
mac: 02:47:09:e0:09:d4
networks:
- tg-srv-0
type: bridge
mesh:
babeld:
redistribute_networks:
- tg-net
device: mesh
eui64: 47:9ff:fee0:9d4
id: 305108355540
ips:
- ip: fd47:17e0:993c:f:47:9ff:fee0:9d4/64
type: eui64
- ip: 172.23.15.1/24
type: host
ll6: fe80::47:9ff:fee0:9d4
mac: 02:47:09:e0:09:d4
networks:
- tg-srv-mesh
type: bridge

+ 7
- 0
live.yaml View File

@@ -0,0 +1,7 @@
---

- hosts: vdesks
remote_user: root
roles:
- name: live-build
root_password: $6$8ZibwB8fIEdq8Vp$MX1bKxjuRh41LDK7JV6VZ3aOLXR5k6RDA.hSnUzCG1cB2QYy9A0b9VYF5zF5QHtAPwpyQhep2hOm.OnTdf5Kx1

+ 8
- 0
maintenance.yaml View File

@@ -0,0 +1,8 @@
---

- hosts: desktops:laptops
remote_user: root
roles:
- name: display_manager
- name: staging
next_stage: maintenance

+ 9
- 0
rollover.yaml View File

@@ -0,0 +1,9 @@
---

- import_playbook: maintenance.yaml
#- import_playbook: servers.yaml
- import_playbook: users.yaml
- import_playbook: shares.yaml
#- import_playbook: printers.yaml
- import_playbook: printers.yaml
- import_playbook: desktop.yaml

+ 6
- 0
servers-common.yaml View File

@@ -0,0 +1,6 @@
---

- hosts: servers
remote_user: root
roles:
- name: common

+ 6
- 0
servers-network.yaml View File

@@ -0,0 +1,6 @@
---

- hosts: servers
remote_user: root
roles:
- name: network

+ 4
- 0
servers.yaml View File

@@ -0,0 +1,4 @@
---

- import_playbook: servers-network.yaml
- import_playbook: servers-common.yaml

+ 12
- 0
teamviewer.yaml View File

@@ -0,0 +1,12 @@
---

- hosts: desktops
remote_user: root
tasks:
- name: download teamviewer
get_url:
url: https://download.teamviewer.com/download/linux/teamviewer_amd64.deb
dest: /opt/teamviewer_amd64.deb
- name: teamviewer package
apt:
deb: /opt/teamviewer_amd64.deb

+ 56
- 0
users.yaml View File

@@ -0,0 +1,56 @@
---

- hosts: servers:desktops:laptops
remote_user: root
roles:
- name: root_user
- name: users

- hosts: desktops:laptops
remote_user: root
tasks:
- fetch:
src: /etc/ssh/ssh_host_ed25519_key.pub
dest: host_files/{{ inventory_hostname }}
- name: /etc/ssh/ssh_config
template:
src: ssh_config.j2
dest: /etc/ssh/ssh_config
- name: /etc/ssh/ssh_known_hosts
template:
src: ssh_known_hosts.j2
dest: /etc/ssh/ssh_known_hosts
mode: 'u=rw,g=r,o=r'

- hosts:
- servers
- desktops
- laptops
remote_user: root
tasks:

- name: fetch ssh public keys
fetch:
src: /home/{{item}}/.ssh/id_ed25519.pub
dest: host_files
fail_on_missing: yes
loop: "{{ users.keys() | list }}"

- name: delete ssh known hosts user files
shell: rm /home/*/.ssh/known_hosts
failed_when: false

- hosts:
- servers
remote_user: root
tasks:
- name: read ssh public keys
local_action: command fish -c 'cat host_files/*/home/{{item}}/.ssh/id_ed25519.pub'
loop: "{{ users.keys() | list }}"
register: _ssh_public_keys

- name: authorize ssh public keys
copy:
content: "{{ _ssh_public_keys | json_query(\"results[?item=='\"+item+\"'].stdout\") | join(\"\n\") }}"
dest: /home/{{item}}/.ssh/authorized_keys
loop: "{{ users.keys() | list }}"

+ 10
- 0
vdesks-custom.yaml View File

@@ -0,0 +1,10 @@
---

- hosts: vdesks
remote_user: root
tasks:
- import_role:
name: debian-installer
tasks_from: setup
vars:
debian_installer_nonfree_firmware: true

+ 0
- 8
vdesks-provisioning.yaml View File

@@ -1,8 +0,0 @@
---

- hosts: vdesks:&provisioning
remote_user: root
gather_facts: false
roles:
- role: netif
- role: virt_provision

+ 0
- 24
vdesks.yaml View File

@@ -1,24 +0,0 @@
---

- hosts: vdesks
gather_facts: false
roles:
- name: staging
default_stage: provisioning

- import_playbook: vdesks-provisioning.yaml
- import_playbook: vdesks-network.yaml

- hosts: vdesks:&provisioning
remote_user: root
roles:
- name: staging
next_stage: staging

- import_playbook: vdesks-common.yaml

- hosts: vdesks:&staging
remote_user: root
roles:
- name: staging
next_stage: production