223 lines
5.9 KiB
YAML
223 lines
5.9 KiB
YAML
|
# playbook.yml:
|
||
|
---
|
||
|
- name: "common config"
|
||
|
hosts: all
|
||
|
remote_user: "{{ ssh_user }}"
|
||
|
become: yes
|
||
|
vars_files:
|
||
|
- variables.yml
|
||
|
vars:
|
||
|
ansible_ssh_private_key_file: "{{ ssh_key }}"
|
||
|
serial:
|
||
|
- 1
|
||
|
|
||
|
tasks:
|
||
|
- name: Populate service facts
|
||
|
service_facts:
|
||
|
|
||
|
#Disable apparmor if present:
|
||
|
|
||
|
- name: Stop and disable apparmor if present
|
||
|
ansible.builtin.service:
|
||
|
name: apparmor
|
||
|
enabled: no
|
||
|
state: stopped
|
||
|
when: "'apparmor' in services"
|
||
|
|
||
|
|
||
|
#set hostname:
|
||
|
|
||
|
- name: change hostname to myserver
|
||
|
hostname:
|
||
|
name: "{{ machine_hostname }}"
|
||
|
|
||
|
- name: add myself to /etc/hosts
|
||
|
lineinfile:
|
||
|
dest: /etc/hosts
|
||
|
regexp: '^127\.0\.0\.1[ \t]+localhost'
|
||
|
line: '127.0.0.1 localhost {{ machine_hostname }}'
|
||
|
state: present
|
||
|
|
||
|
- name: Set timezone to {{ timezone }}
|
||
|
timezone:
|
||
|
name: "{{ timezone }}"
|
||
|
|
||
|
|
||
|
#update repos and install packages
|
||
|
|
||
|
- name: Update repositories cache
|
||
|
apt:
|
||
|
update_cache: yes
|
||
|
|
||
|
- name: Install a list of packages
|
||
|
apt:
|
||
|
pkg:
|
||
|
- screen
|
||
|
- htop
|
||
|
- telnet
|
||
|
- bind9
|
||
|
- python
|
||
|
- tinc
|
||
|
- git
|
||
|
- gpg
|
||
|
|
||
|
#on debian 10 install haproxy 2.2 from external repos
|
||
|
|
||
|
- name: on DEB10 add repo key for haproxy
|
||
|
ansible.builtin.apt_key:
|
||
|
url: https://haproxy.debian.net/bernat.debian.org.gpg
|
||
|
state: present
|
||
|
when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
|
||
|
|
||
|
- name: on DEB10 add repo for haproxy
|
||
|
ansible.builtin.apt_repository:
|
||
|
repo: deb http://haproxy.debian.net buster-backports-2.2 main
|
||
|
state: present
|
||
|
filename: deb10_haproxy.list
|
||
|
when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
|
||
|
|
||
|
- name: DEB11 install haproxy
|
||
|
apt:
|
||
|
pkg:
|
||
|
- haproxy
|
||
|
when: ansible_distribution == 'Debian' and ansible_distribution_version == '11'
|
||
|
|
||
|
|
||
|
# - name: "Check if listed package is installed or not on Debian Linux family"
|
||
|
# command: dpkg-query -l haproxy
|
||
|
# register: package_check
|
||
|
#
|
||
|
# - name: Delete content & directory
|
||
|
# file:
|
||
|
# state: absent
|
||
|
# path: /etc/haproxy/
|
||
|
# when: package_check is failed and ansible_distribution == 'Debian' and ansible_distribution_version == '10'
|
||
|
|
||
|
# - name: DEB10 install haproxy
|
||
|
## shell: apt install haproxy=2.2.\*
|
||
|
# shell: apt install haproxy=2.*
|
||
|
# when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
|
||
|
|
||
|
- name: DEB10 install haproxy
|
||
|
apt:
|
||
|
name: haproxy
|
||
|
state: latest
|
||
|
default_release: buster-backports
|
||
|
when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
|
||
|
|
||
|
- name: Create a directory /scripts if not present
|
||
|
ansible.builtin.file:
|
||
|
path: /scripts/
|
||
|
state: directory
|
||
|
mode: '0755'
|
||
|
|
||
|
#Generate SSH key
|
||
|
|
||
|
- name: check if the ssh has already been generated
|
||
|
stat:
|
||
|
path: "{{ hap_git_key }}"
|
||
|
register: ssh_hap_key_exists
|
||
|
|
||
|
- name: Generate an OpenSSH keypair
|
||
|
openssh_keypair:
|
||
|
path: "{{ hap_git_key }}"
|
||
|
# type: ed25519
|
||
|
type: rsa
|
||
|
size: 4096
|
||
|
state: present
|
||
|
when: ssh_hap_key_exists.stat.exists == False
|
||
|
|
||
|
- name: store the pubkey
|
||
|
shell: cat "{{ hap_git_key }}.pub"
|
||
|
register: cat_git_hap_key
|
||
|
|
||
|
- name: Add ssh key to your host
|
||
|
pause:
|
||
|
prompt: "Please add the ssh pubkey to your git repo: {{ cat_git_hap_key.stdout }} ------ and then press ENTER"
|
||
|
when: ssh_hap_key_exists.stat.exists == False
|
||
|
|
||
|
#Sync git repo:
|
||
|
|
||
|
- name: Git checkout
|
||
|
ansible.builtin.git:
|
||
|
repo: "{{ hap_git_repo }}"
|
||
|
dest: "{{ hap_git_dest }}"
|
||
|
key_file: "{{ hap_git_key }}"
|
||
|
accept_hostkey: yes
|
||
|
|
||
|
- name: Template a file to /etc/file.conf
|
||
|
ansible.builtin.template:
|
||
|
src: repo/git_hap-config_autoupdate.j2
|
||
|
dest: "{{ hap_git_script }}"
|
||
|
|
||
|
- name: execute first sync
|
||
|
shell: "bash {{ hap_git_script }}"
|
||
|
|
||
|
- name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
|
||
|
ansible.builtin.cron:
|
||
|
name: "sync haproxy config"
|
||
|
minute: "*/2"
|
||
|
job: "bash {{ hap_git_script }}"
|
||
|
|
||
|
|
||
|
#BIND: register pubip:
|
||
|
- name: retrieve your public ip
|
||
|
shell: curl ifconfig.co/ip
|
||
|
register: machine_pub_ip
|
||
|
|
||
|
#BIND: add zonefile from template:
|
||
|
- name: bind add file db."{{ zone }}.{{ domain }}"
|
||
|
ansible.builtin.template:
|
||
|
src: repo/bind_zone.j2
|
||
|
dest: "/etc/bind/db.{{ zone }}.{{ domain }}"
|
||
|
|
||
|
#BIND: configure bind to read the new zonefile:
|
||
|
- name: Insert/Update "Match User" configuration block in /etc/ssh/sshd_config
|
||
|
blockinfile:
|
||
|
path: /etc/bind/named.conf
|
||
|
block: |
|
||
|
zone "{{ zone }}.{{ domain }}" {
|
||
|
type master;
|
||
|
file "/etc/bind/db.{{ zone }}.{{ domain }}";
|
||
|
};
|
||
|
|
||
|
#BIND restart:
|
||
|
- name: Restart bind
|
||
|
ansible.builtin.service:
|
||
|
name: bind9
|
||
|
state: restarted
|
||
|
|
||
|
|
||
|
##################################
|
||
|
### Demo
|
||
|
|
||
|
- name: create directory for http server
|
||
|
ansible.builtin.file:
|
||
|
path: /tmp/httpserver/
|
||
|
state: directory
|
||
|
mode: '0755'
|
||
|
|
||
|
- name: Template a file to /etc/file.conf
|
||
|
ansible.builtin.template:
|
||
|
src: repo/index.j2
|
||
|
dest: "/tmp/httpserver/index.html"
|
||
|
|
||
|
- name: launch test http server
|
||
|
shell: "(cd /tmp/httpserver/; python3 -m http.server 8000 >/dev/null 2>&1 &)"
|
||
|
async: 10
|
||
|
poll: 0
|
||
|
|
||
|
# shell: "cd /tmp/httpserver && python3 -m http.server 8000 &> /dev/null &"
|
||
|
|
||
|
|
||
|
####################################
|
||
|
#END:
|
||
|
#
|
||
|
# - name: End message
|
||
|
# ansible.builtin.debug:
|
||
|
# msg:
|
||
|
# - "-------------------------------------"
|
||
|
# - "The configuration should be complete, you can run final_output.sh on your"
|
||
|
# - "local machine to have the configuration to add to your DNS configuration."
|
||
|
# - "Have fun!"
|