diff options
| -rw-r--r-- | roles/badges/backend/tasks/main.yml | 16 | ||||
| -rw-r--r-- | roles/badges/backend/templates/setps1.sh.j2 | 8 | ||||
| -rw-r--r-- | roles/base/tasks/main.yml | 412 | ||||
| -rw-r--r-- | roles/base/templates/setps1.sh.j2 | 8 |
4 files changed, 32 insertions, 412 deletions
diff --git a/roles/badges/backend/tasks/main.yml b/roles/badges/backend/tasks/main.yml index 6775ef3c0..97c90e030 100644 --- a/roles/badges/backend/tasks/main.yml +++ b/roles/badges/backend/tasks/main.yml @@ -167,3 +167,19 @@ - scripts - badges - badges/backend + +#Set PS1 to show prod/stage environment at PS1 +#Should work in sh/bash. Needs tested in other shells +# +- name: set PS1 for prod and stage in /etc/profile.d + copy: > + src=templates/setps1.sh.j2 + dest=/etc/profile.d/setps1.sh + owner=root + group=sysadmin-badges + mode=644 + when: {{ env in ['production','staging'] }} + tags: + - base + - config + diff --git a/roles/badges/backend/templates/setps1.sh.j2 b/roles/badges/backend/templates/setps1.sh.j2 new file mode 100644 index 000000000..6eca2dcb3 --- /dev/null +++ b/roles/badges/backend/templates/setps1.sh.j2 @@ -0,0 +1,8 @@ +# Set PS1 based on env: +# +{% if {{ env }} in 'production' %} +PS1="\e[0;31m[PROD]\e[m[\u@\h \W]\$ " +{% elif {{ env }} in 'staging' %} +PS1="[STG]\e[m[\u@\h \W]\$ " +{% endif }% + diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml deleted file mode 100644 index 8139bb042..000000000 --- a/roles/base/tasks/main.yml +++ /dev/null @@ -1,412 +0,0 @@ ---- - -# -# This is the base role for all machines. -# Things in here are things we want to do to every machine no matter what. -# - -# XXX fixme # a datacenter 'fact' from setup -- name: /etc/resolv.conf - copy: src={{ item }} dest=/etc/resolv.conf - with_first_found: - - "{{ resolvconf }}" - - resolv.conf/{{ ansible_fqdn }} - - resolv.conf/{{ host_group }} - - resolv.conf/{{ datacenter }} - - resolv.conf/resolv.conf - tags: - - config - - resolvconf - - base - - ifcfg - -- name: check for NetworkManager/nmcli - command: /usr/bin/test -f /usr/bin/nmcli - register: nmclitest - ignore_errors: true - changed_when: false - failed_when: "1 != 1" - always_run: true - tags: - - config - - resolvconf - - base - - ifcfg - -- name: disable resolv.conf control from NM - ini_file: dest=/etc/NetworkManager/NetworkManager.conf section=main option=dns value=none - notify: - - restart NetworkManager - when: ansible_distribution_major_version|int >=7 and nmclitest|success and ( not ansible_ifcfg_blacklist) - tags: - - config - - resolvconf - - base - - ifcfg - -- name: get interface uuid - shell: nmcli -f "DEVICE,UUID" c show --active | grep -E '^eth|^br' - register: if_uuid - changed_when: false - failed_when: 'if_uuid.stdout == ""' - always_run: yes - when: ansible_distribution_major_version|int >=7 and nmclitest|success and ( not ansible_ifcfg_blacklist ) - tags: - - config - - ifcfg - - base - -- name: copy ifcfg files - non virthost - template: src=ifcfg.j2 dest=/etc/sysconfig/network-scripts/ifcfg-{{item}} mode=644 - with_items: - - "{{ ansible_interfaces }}" - notify: -# - restart NetworkManager - - reload NetworkManager-connections - - apply interface-changes - when: (virthost is not defined) and (not item.startswith('tun')) and (not item.startswith('virbr')) and (not item.startswith('vnet')) and (hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['type'] == 'ether') and (ansible_distribution_major_version|int >=7) and hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['active'] and nmclitest|success and ( not ansible_ifcfg_blacklist ) - tags: - - config - - ifcfg - - base - -- name: global default packages to install (yum) - yum: state=present name={{ item }} - with_items: - - "{{ global_pkgs_inst }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int < 22 - -- name: global default packages to install (dnf) - dnf: state=present name={{ item }} - with_items: - - "{{ global_pkgs_inst }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined - -- debug: msg="{{ansible_nodename}} {{inventory_hostname}} {{ansible_distribution_major_version|int}}" - -- name: make sure hostname is set right on rhel7 hosts - command: hostnamectl set-hostname {{ inventory_hostname }} - when: ( ansible_nodename != inventory_hostname ) and ansible_distribution_major_version|int == 7 - -- name: sshd_config - copy: src={{ item }} dest=/etc/ssh/sshd_config mode=600 - with_first_found: - - "{{ sshd_config }}" - - ssh/sshd_config.{{ ansible_fqdn }} - - ssh/sshd_config.{{ host_group }} - - ssh/sshd_config.{{ dist_tag }} - - ssh/sshd_config.{{ ansible_distribution }} - - ssh/sshd_config.{{ ansible_distribution_version }} - - ssh/sshd_config.default - notify: - - restart sshd - tags: - - sshd_config - - config - - sshd - - base - -- name: set root passwd - user: name=root password={{ rootpw }} state=present - tags: - - rootpw - - base - when: not (inventory_hostname.startswith('rawhide') or inventory_hostname.startswith('branched') or inventory_hostname.startswith('compose') or inventory_hostname.startswith('build') or inventory_hostname.startswith('arm') or inventory_hostname.startswith('bkernel') or inventory_hostname.startswith('koji01.stg') or inventory_hostname.startswith('aarch64') or inventory_hostname.startswith('s390') or inventory_hostname.startswith('fed-cloud09')) - -- name: add ansible root key - authorized_key: user=root key="{{ item }}" - with_file: - - ansible-pub-key - tags: - - config - - base - -- name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network - lineinfile: dest=/etc/sysconfig/network create=yes backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS= - tags: - - config - - base - -- name: dist pkgs to remove (yum) - yum: state=absent name={{ item }} - with_items: - - "{{ base_pkgs_erase }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int < 22 - -- name: dist pkgs to install (yum) - yum: state=present name={{ item }} - with_items: - - "{{ base_pkgs_inst }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int < 22 - -- name: dist pkgs to remove (dnf) - dnf: state=absent name={{ item }} - with_items: - - "{{ base_pkgs_erase }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined - -- name: dist pkgs to install (dnf) - dnf: state=present name={{ item }} - with_items: - - "{{ base_pkgs_inst }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined - -- name: dist disabled services - service: state=stopped enabled=false name={{ item }} - with_items: - - "{{ service_disabled }}" - tags: - - service - - config - - base - -- name: dist enabled services - service: state=running enabled=true name={{ item }} - with_items: - - "{{ service_enabled }}" - tags: - - service - - config - - base - -- name: iptables - template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 validate="/sbin/iptables-restore --text %s" - with_first_found: - - iptables/iptables.{{ datacenter }} - - iptables/iptables.{{ ansible_fqdn }} - - iptables/iptables.{{ host_group }} - - iptables/iptables.{{ env }} - - iptables/iptables - when: not inventory_hostname.startswith('fed-cloud09') - notify: - - restart iptables - - reload libvirtd - tags: - - iptables - - config - - base - -- name: iptables service enabled - service: name=iptables state=started enabled=true - tags: - - iptables - - service - - base - -- name: ip6tables - template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=600 backup=yes - with_first_found: - - iptables/ip6tables.{{ datacenter }} - - iptables/ip6tables.{{ ansible_fqdn }} - - iptables/ip6tables.{{ host_group }} - - iptables/ip6tables.{{ env }} - - iptables/ip6tables - when: not inventory_hostname.startswith('fed-cloud09') - notify: - - restart ip6tables - - reload libvirtd - tags: - - ip6tables - - config - - base - -- name: ip6tables service enabled - service: name=ip6tables state=started enabled=true - tags: - - ip6tables - - service - - base - -- name: enable journald persistence - file: path=/var/log/journal state=directory - owner=root group=systemd-journal mode=2755 - when: ansible_distribution_major_version|int >= 7 - tags: - - journald - - config - - base - notify: - - flush journald tmpfiles to persistent store - -- name: rsyslog.conf - copy: src={{ item }} dest=/etc/rsyslog.conf mode=644 - with_first_found: - - rsyslog/rsyslog.conf.{{ ansible_fqdn }} - - rsyslog/rsyslog.conf.{{ dist_tag }} - - rsyslog/rsyslog.conf.default - notify: - - restart rsyslog - tags: - - rsyslogd - - config - - base - -- name: rsyslog log rotate for rsyslog servers - copy: src=rsyslog/merged-rsyslog dest=/etc/logrotate.d/merged-rsyslog mode=644 - when: inventory_hostname.startswith('log') - notify: - - restart rsyslog - tags: - - rsyslogd - - config - - base - -- name: add rsyslog config to /etc/rsyslog.d - copy: src={{ item }} dest=/etc/rsyslog.d/ owner=root group=root mode=0644 - with_fileglob: - - rsyslog/*.conf - notify: - - restart rsyslog - tags: - - rsyslogd - - config - - base - -- name: log everything to log01 except on mirrorlist, do not log local4 there. - copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644 - when: not inventory_hostname.startswith(('mirrorlist','copr','jenkins')) - tags: - - rsyslogd - - config - - base - -- name: log everything to log01 except on mirrorlist, do log local4 there. - copy: src=rsyslog/rsyslog-log01-nolocal4 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644 - when: inventory_hostname.startswith('mirrorlist') - tags: - - rsyslogd - - config - - base - - base - -- name: /etc/postfix/main.cf - copy: src={{ item }} dest=/etc/postfix/main.cf - with_first_found: - - "{{ postfix_maincf }}" - - "postfix/main.cf/main.cf.{{ ansible_fqdn }}" - - "postfix/main.cf/main.cf.{{ host_group }}" - - "postfix/main.cf/main.cf.{{ postfix_group }}" - - "postfix/main.cf/main.cf.{{ datacenter }}" - - "postfix/main.cf/main.cf" - notify: - - restart postfix - tags: - - postfix - - config - - base - -- name: install /etc/postfix/master.cf file - copy: src={{ item }} dest=/etc/postfix/master.cf mode=0644 - with_first_found: - - "{{ postfix_mastercf }}" - - "postfix/master.cf/master.cf.{{ ansible_fqdn }}" - - "postfix/master.cf/master.cf.{{ inventory_hostname }}" - - "postfix/master.cf/master.cf.{{ host_group }}" - - "postfix/master.cf/master.cf.{{ postfix_group }}" - - "postfix/master.cf/master.cf" - when: inventory_hostname.startswith('smtp-mm') - notify: - - restart postfix - tags: - - postfix - - config - - base - -- name: enable postfix to start - service: name=postfix state=running enabled=true - tags: - - service - - base - -- name: install /etc/postfix/transport file - copy: src="postfix/{{ postfix_transport_filename }}" dest=/etc/postfix/transport - when: inventory_hostname.startswith(('smtp-mm','bastion')) - notify: - - restart postfix - - rebuild postfix transport - tags: - - postfix - - base - - config - -- name: install ntp.conf - template: src=ntp/ntp.conf.j2 dest=/etc/ntp.conf - tags: - - ntp - - config - - base - -- name: install ntp step-tickers - copy: src=ntp/step-tickers dest=/etc/ntp/step-tickers - tags: - - ntp - - config - - base - -- name: Start ntpd - service: name=ntpd state=running enabled=true - tags: - - ntp - - service - - base - -# -# This task installs some common scripts to /usr/local/bin -# scripts are under roles/base/files/common-scripts -# - -- name: Install common scripts - copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755 - with_fileglob: - - common-scripts/* - tags: - - config - - base - -- name: install a sync httpd logs cron script only on log01 - copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=755 - when: inventory_hostname.startswith('log01') - tags: - - config - - base - -- name: Drop in a little system_identification note - template: src=system_identification dest=/etc/system_identification - tags: - - config - - base - -# -# Blacklist the cdc_ether module as we don't want it loading mgmt usb0 and spewing to logs. -# -- name: Blacklist cdc_ether module - copy: src=blacklist-cdc_ether.conf dest=/etc/modprobe.d/blacklist-cdc_ether.conf - when: ansible_virtualization_role == 'host' - tags: - - config - - base - - cdc_ether - -# -# Watchdog stuff -# -- name: Set up watchdog - include: watchdog.yml diff --git a/roles/base/templates/setps1.sh.j2 b/roles/base/templates/setps1.sh.j2 new file mode 100644 index 000000000..6eca2dcb3 --- /dev/null +++ b/roles/base/templates/setps1.sh.j2 @@ -0,0 +1,8 @@ +# Set PS1 based on env: +# +{% if {{ env }} in 'production' %} +PS1="\e[0;31m[PROD]\e[m[\u@\h \W]\$ " +{% elif {{ env }} in 'staging' %} +PS1="[STG]\e[m[\u@\h \W]\$ " +{% endif }% + |