summaryrefslogtreecommitdiffstats
path: root/ansible/node/roles/common/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/node/roles/common/tasks')
-rw-r--r--ansible/node/roles/common/tasks/generic/autocluster.yml5
-rw-r--r--ansible/node/roles/common/tasks/generic/hosts.yml5
-rw-r--r--ansible/node/roles/common/tasks/generic/mount_home.yml12
-rw-r--r--ansible/node/roles/common/tasks/generic/resolv_conf.yml5
-rw-r--r--ansible/node/roles/common/tasks/generic/rsyslog.yml7
-rw-r--r--ansible/node/roles/common/tasks/generic/selinux.yml4
-rw-r--r--ansible/node/roles/common/tasks/generic/ssh.yml5
-rw-r--r--ansible/node/roles/common/tasks/generic/timezone.yml12
-rw-r--r--ansible/node/roles/common/tasks/main.yml25
-rw-r--r--ansible/node/roles/common/tasks/redhat/firewall.yml6
-rw-r--r--ansible/node/roles/common/tasks/redhat/ntp.yml18
-rw-r--r--ansible/node/roles/common/tasks/redhat/packages.yml53
12 files changed, 157 insertions, 0 deletions
diff --git a/ansible/node/roles/common/tasks/generic/autocluster.yml b/ansible/node/roles/common/tasks/generic/autocluster.yml
new file mode 100644
index 0000000..753b225
--- /dev/null
+++ b/ansible/node/roles/common/tasks/generic/autocluster.yml
@@ -0,0 +1,5 @@
+---
+- name: create autocluster state directory
+ file:
+ path: /root/.autocluster
+ state: directory
diff --git a/ansible/node/roles/common/tasks/generic/hosts.yml b/ansible/node/roles/common/tasks/generic/hosts.yml
new file mode 100644
index 0000000..6983826
--- /dev/null
+++ b/ansible/node/roles/common/tasks/generic/hosts.yml
@@ -0,0 +1,5 @@
+---
+- name: create /etc/hosts
+ template:
+ src: hosts.j2
+ dest: /etc/hosts
diff --git a/ansible/node/roles/common/tasks/generic/mount_home.yml b/ansible/node/roles/common/tasks/generic/mount_home.yml
new file mode 100644
index 0000000..8a49816
--- /dev/null
+++ b/ansible/node/roles/common/tasks/generic/mount_home.yml
@@ -0,0 +1,12 @@
+---
+- name: ensure that an fstab entry exists to NFS mount /home
+ lineinfile:
+ path: /etc/fstab
+ regexp: '^.*:/home /home nfs.*'
+ # Do not use locking, since this starts/needs rpc.statd, which is
+ # stopped/started by CTDB
+ line: '{{ virthost }}:/home /home nfs nfsvers=3,intr,nolock 0 0'
+
+- name: ensure that /home is mounted
+ shell: >
+ findmnt -n /home || mount /home
diff --git a/ansible/node/roles/common/tasks/generic/resolv_conf.yml b/ansible/node/roles/common/tasks/generic/resolv_conf.yml
new file mode 100644
index 0000000..b6704ee
--- /dev/null
+++ b/ansible/node/roles/common/tasks/generic/resolv_conf.yml
@@ -0,0 +1,5 @@
+---
+- name: configure resolver
+ template:
+ src: resolv.conf.j2
+ dest: /etc/resolv.conf
diff --git a/ansible/node/roles/common/tasks/generic/rsyslog.yml b/ansible/node/roles/common/tasks/generic/rsyslog.yml
new file mode 100644
index 0000000..88535af
--- /dev/null
+++ b/ansible/node/roles/common/tasks/generic/rsyslog.yml
@@ -0,0 +1,7 @@
+---
+- name: add autocluster-specific rsyslog configuration
+ copy:
+ src: rsyslog.conf
+ dest: /etc/rsyslog.d/autocluster.conf
+ notify:
+ - restart rsyslog
diff --git a/ansible/node/roles/common/tasks/generic/selinux.yml b/ansible/node/roles/common/tasks/generic/selinux.yml
new file mode 100644
index 0000000..b7e9c2f
--- /dev/null
+++ b/ansible/node/roles/common/tasks/generic/selinux.yml
@@ -0,0 +1,4 @@
+---
+- selinux:
+ policy: targeted
+ state: permissive
diff --git a/ansible/node/roles/common/tasks/generic/ssh.yml b/ansible/node/roles/common/tasks/generic/ssh.yml
new file mode 100644
index 0000000..c3bff9f
--- /dev/null
+++ b/ansible/node/roles/common/tasks/generic/ssh.yml
@@ -0,0 +1,5 @@
+---
+- name: configure passwordless SSH
+ copy:
+ src: ssh_config
+ dest: /root/.ssh/config
diff --git a/ansible/node/roles/common/tasks/generic/timezone.yml b/ansible/node/roles/common/tasks/generic/timezone.yml
new file mode 100644
index 0000000..87b0ba4
--- /dev/null
+++ b/ansible/node/roles/common/tasks/generic/timezone.yml
@@ -0,0 +1,12 @@
+---
+- name: configure node timezone
+ timezone:
+ hwclock: UTC
+ name: "{{timezone}}"
+
+- name: hand hack timezone to avoid reboot
+ file:
+ src: /usr/share/zoneinfo/{{timezone}}
+ path: /etc/localtime
+ state: link
+ force: yes
diff --git a/ansible/node/roles/common/tasks/main.yml b/ansible/node/roles/common/tasks/main.yml
new file mode 100644
index 0000000..104d9f5
--- /dev/null
+++ b/ansible/node/roles/common/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- include_tasks: "{{ ansible_os_family | lower }}/{{ task }}.yml"
+ with_list:
+ - packages
+ - firewall
+ - ntp
+ loop_control:
+ loop_var: task
+
+- meta: flush_handlers
+
+- include_tasks: generic/{{ task }}.yml
+ with_list:
+ - selinux
+ - autocluster
+ - hosts
+ - resolv_conf
+ - ssh
+ - timezone
+ - rsyslog
+ - mount_home
+ loop_control:
+ loop_var: task
+
+- meta: flush_handlers
diff --git a/ansible/node/roles/common/tasks/redhat/firewall.yml b/ansible/node/roles/common/tasks/redhat/firewall.yml
new file mode 100644
index 0000000..bf5eeb4
--- /dev/null
+++ b/ansible/node/roles/common/tasks/redhat/firewall.yml
@@ -0,0 +1,6 @@
+---
+- name: disable firewall
+ service:
+ name: firewalld
+ enabled: no
+ state: stopped
diff --git a/ansible/node/roles/common/tasks/redhat/ntp.yml b/ansible/node/roles/common/tasks/redhat/ntp.yml
new file mode 100644
index 0000000..3495457
--- /dev/null
+++ b/ansible/node/roles/common/tasks/redhat/ntp.yml
@@ -0,0 +1,18 @@
+---
+- name: ensure NTP server is installed
+ package:
+ name: chrony
+ state: installed
+
+- name: ensure NTP server is configured
+ template:
+ src: chrony.conf.j2
+ dest: /etc/chrony.conf
+ notify:
+ - restart NTP server redhat
+
+- name: ensure NTP server is running and enabled
+ service:
+ name: chronyd
+ state: started
+ enabled: yes
diff --git a/ansible/node/roles/common/tasks/redhat/packages.yml b/ansible/node/roles/common/tasks/redhat/packages.yml
new file mode 100644
index 0000000..b2430e5
--- /dev/null
+++ b/ansible/node/roles/common/tasks/redhat/packages.yml
@@ -0,0 +1,53 @@
+---
+- name: disable Network Manager on next boot
+ service:
+ name: NetworkManager
+ enabled: no
+ # Note that this only works because the interfaces of interest
+ # have been marked in Vagrant as: nm_controlled: "no" - otherwise
+ # NetworkManager would stop and take the interfaces down with it!
+ state: stopped
+
+- name: disable EPEL to speed things up
+ package:
+ name: epel-release
+ state: absent
+
+- name: find non-autocluster YUM repo files
+ find:
+ paths: /etc/yum.repos.d/
+ patterns: '(?!autocluster-)^.*\.repo$'
+ use_regex: yes
+ register: find_results
+ when: repositories_delete_existing
+
+- name: Remove non-autocluster repo files
+ file:
+ path: "{{ f['path'] }}"
+ state: absent
+ with_list: "{{ find_results['files'] }}"
+ loop_control:
+ loop_var: f
+ when: repositories_delete_existing
+
+- name: Add local distro repos
+ yum_repository:
+ name: "autocluster-{{ repo.name }}"
+ description: "{{ repo.name }}"
+ baseurl: "{{ repo.baseurl | default(repository_baseurl) }}/{{ repo.path }}"
+ gpgcheck: "{{ repo.gpgcheck | default('yes') }}"
+ proxy: _none_
+ when: repo.type == "distro"
+ with_list: "{{ repositories }}"
+ loop_control:
+ loop_var: repo
+
+- name: ensure optional dependencies for Ansible template handling
+ package:
+ name: libselinux-python
+ state: present
+
+- name: ensure NFS client tools are installed
+ package:
+ name: nfs-utils
+ state: present
generated by cgit (git 2.34.1) at 2024-05-22 22:14:45 +0000