mirror of
https://git.libreschool.org/paspo/brasatore.git
synced 2024-11-24 07:08:45 +00:00
playbook ansible WIP
This commit is contained in:
parent
f4bf1813f6
commit
a2083f79d1
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
hosts.ini
|
6
ansible.cfg
Normal file
6
ansible.cfg
Normal file
@ -0,0 +1,6 @@
|
||||
[defaults]
|
||||
retry_files_enabled = False
|
||||
host_key_checking=False
|
||||
inventory=hosts.ini
|
||||
roles_path=roles
|
||||
pipelining=True
|
15
hosts.ini.example
Normal file
15
hosts.ini.example
Normal file
@ -0,0 +1,15 @@
|
||||
[all:vars]
|
||||
ansible_connection=ssh
|
||||
ansible_user=root
|
||||
hostname=brasatore
|
||||
lan_iface=eth0
|
||||
wan_iface=wlan0
|
||||
dhcp_start=172.16.77.50
|
||||
dhcp_end=172.16.77.150
|
||||
lan_ip=172.16.77.1
|
||||
lan_subnet=255.255.255.0
|
||||
ssh_key=https://github.com/paspo.keys
|
||||
|
||||
|
||||
[default]
|
||||
192.168.1.22 hostname=brasatore-test LAN_IFACE=ens224 WAN_IFACE=ens192
|
4
playbook.yml
Normal file
4
playbook.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
- hosts: all
|
||||
roles:
|
||||
- pxeserver
|
26
roles/pxeserver/handlers/main.yaml
Normal file
26
roles/pxeserver/handlers/main.yaml
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
- name: reboot
|
||||
reboot:
|
||||
become: true
|
||||
|
||||
- name: nginx_restart
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
become: true
|
||||
|
||||
- name: dnsmasq_restart
|
||||
service:
|
||||
name: dnsmasq
|
||||
state: restarted
|
||||
become: true
|
||||
|
||||
- name: nfs_reload_exports
|
||||
shell: exportfs -r
|
||||
become: true
|
||||
|
||||
- name: nfs_restart
|
||||
service:
|
||||
name: nfs-kernel-server
|
||||
state: restarted
|
||||
become: true
|
83
roles/pxeserver/tasks/common.yml
Normal file
83
roles/pxeserver/tasks/common.yml
Normal file
@ -0,0 +1,83 @@
|
||||
---
|
||||
- name: Set up multiple authorized keys
|
||||
authorized_key:
|
||||
user: root
|
||||
state: present
|
||||
key: "{{ ssh_key }}"
|
||||
|
||||
- name: Set hostname
|
||||
template:
|
||||
src: etc_hostname
|
||||
dest: /etc/hostname
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
become: true
|
||||
|
||||
- name: Set hostname (hosts file)
|
||||
template:
|
||||
src: etc_hosts
|
||||
dest: /etc/hosts
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
become: true
|
||||
notify: reboot
|
||||
|
||||
- name: Updating package cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
become: true
|
||||
ignore_errors: true
|
||||
|
||||
- name: Installing common packages
|
||||
apt:
|
||||
name:
|
||||
[
|
||||
"htop",
|
||||
"screen",
|
||||
"ntpdate",
|
||||
"unattended-upgrades",
|
||||
"dnsmasq",
|
||||
"nginx",
|
||||
"iptables",
|
||||
"ipxe",
|
||||
"syslinux-common",
|
||||
"unzip",
|
||||
"nfs-kernel-server",
|
||||
"iptables-persistent"
|
||||
]
|
||||
state: latest
|
||||
become: true
|
||||
ignore_errors: true
|
||||
|
||||
- name: Upgrade all packages to the latest version
|
||||
apt:
|
||||
name: "*"
|
||||
state: latest
|
||||
become: true
|
||||
ignore_errors: true
|
||||
|
||||
- name: Configure NTP
|
||||
ini_file:
|
||||
path: /etc/systemd/timesyncd.conf
|
||||
section: Time
|
||||
option: NTP
|
||||
value: pool.ntp.org
|
||||
become: true
|
||||
|
||||
- name: sets the timezone
|
||||
timezone:
|
||||
name: "Europe/Rome"
|
||||
become: true
|
||||
|
||||
- name: Create storage directories
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
with_items:
|
||||
- /srv/pxe/iso
|
||||
- /srv/pxe/mount
|
||||
- /srv/tftp
|
30
roles/pxeserver/tasks/dns.yml
Normal file
30
roles/pxeserver/tasks/dns.yml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: DNSMASQ dhcp
|
||||
template:
|
||||
src: dnsmasq/dhcp
|
||||
dest: /etc/dnsmasq.d/dhcp
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
become: true
|
||||
notify: dnsmasq_restart
|
||||
|
||||
- name: DNSMASQ tftp
|
||||
template:
|
||||
src: dnsmasq/tftp
|
||||
dest: /etc/dnsmasq.d/tftp
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
become: true
|
||||
notify: dnsmasq_restart
|
||||
|
||||
- name: DNSMASQ dns
|
||||
template:
|
||||
src: dnsmasq/dns
|
||||
dest: /etc/dnsmasq.d/dns
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
become: true
|
||||
notify: dnsmasq_restart
|
6
roles/pxeserver/tasks/main.yml
Normal file
6
roles/pxeserver/tasks/main.yml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
- include: common.yml
|
||||
- include: nginx.yml
|
||||
- include: dns.yml
|
||||
- include: nfs.yml
|
31
roles/pxeserver/tasks/nfs.yml
Normal file
31
roles/pxeserver/tasks/nfs.yml
Normal file
@ -0,0 +1,31 @@
|
||||
---
|
||||
|
||||
- name: NFS rpcmountd options
|
||||
lineinfile:
|
||||
path: /etc/default/nfs-kernel-server
|
||||
regexp: '^RPCMOUNTDOPTS='
|
||||
line: 'RPCMOUNTDOPTS="--manage-gids --port 4047"'
|
||||
become: true
|
||||
notify: nfs_restart
|
||||
|
||||
- name: NFS services ports
|
||||
lineinfile:
|
||||
path: /etc/services
|
||||
line: "{{ item }}"
|
||||
with_items:
|
||||
- mountd 4047/tcp
|
||||
- mountd 4047/udp
|
||||
- lockd 4048/tcp
|
||||
- lockd 4048/udp
|
||||
become: true
|
||||
notify: nfs_restart
|
||||
|
||||
- name: NFS exports
|
||||
template:
|
||||
src: nfs_exports
|
||||
dest: /etc/exports
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
become: true
|
||||
notify: nfs_reload_exports
|
23
roles/pxeserver/tasks/nginx.yml
Normal file
23
roles/pxeserver/tasks/nginx.yml
Normal file
@ -0,0 +1,23 @@
|
||||
---
|
||||
- name: NGINX site config
|
||||
template:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/sites-available/pxe
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
become: true
|
||||
notify: nginx_restart
|
||||
|
||||
- name: NGINX remove default config
|
||||
ansible.builtin.file:
|
||||
path: /etc/nginx/sites-enabled/default
|
||||
state: absent
|
||||
notify: nginx_restart
|
||||
|
||||
- name: NGINX enable site
|
||||
ansible.builtin.file:
|
||||
src: /etc/nginx/sites-available/pxe
|
||||
dest: /etc/nginx/sites-enabled/pxe
|
||||
state: link
|
||||
notify: nginx_restart
|
5
roles/pxeserver/templates/dnsmasq/dhcp
Normal file
5
roles/pxeserver/templates/dnsmasq/dhcp
Normal file
@ -0,0 +1,5 @@
|
||||
dhcp-range={{ dhcp_start }},{{ dhcp_end }},4h
|
||||
dhcp-option=option:router,{{ lan_ip }}
|
||||
dhcp-option=option:dns-server,{{ lan_ip }}
|
||||
dhcp-authoritative
|
||||
log-dhcp
|
6
roles/pxeserver/templates/dnsmasq/dns
Normal file
6
roles/pxeserver/templates/dnsmasq/dns
Normal file
@ -0,0 +1,6 @@
|
||||
bogus-priv
|
||||
no-resolv
|
||||
server=9.9.9.9
|
||||
server=1.1.1.2
|
||||
expand-hosts
|
||||
log-queries
|
3
roles/pxeserver/templates/dnsmasq/tftp
Normal file
3
roles/pxeserver/templates/dnsmasq/tftp
Normal file
@ -0,0 +1,3 @@
|
||||
enable-tftp
|
||||
tftp-root=/srv/tftp
|
||||
tftp-no-fail
|
1
roles/pxeserver/templates/etc_hostname
Normal file
1
roles/pxeserver/templates/etc_hostname
Normal file
@ -0,0 +1 @@
|
||||
{{ hostname }}
|
6
roles/pxeserver/templates/etc_hosts
Normal file
6
roles/pxeserver/templates/etc_hosts
Normal file
@ -0,0 +1,6 @@
|
||||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
127.0.1.1 {{ hostname }}
|
1
roles/pxeserver/templates/nfs_exports
Normal file
1
roles/pxeserver/templates/nfs_exports
Normal file
@ -0,0 +1 @@
|
||||
/srv/pxe {{ lan_ip }}/{{ lan_subnet }}(ro,async,no_root_squash,no_subtree_check,crossmnt)
|
8
roles/pxeserver/templates/nginx.conf
Normal file
8
roles/pxeserver/templates/nginx.conf
Normal file
@ -0,0 +1,8 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
root /srv/pxe;
|
||||
location / {
|
||||
autoindex on;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user