From d11deec1d89e33004aadcb061a11a74c106305ad Mon Sep 17 00:00:00 2001 From: Salt Date: Sat, 17 Oct 2020 01:00:06 -0500 Subject: [PATCH] Taking a dump --- inventory/group_vars/all.yml | 4 ++++ roles/ansible-pull/defaults/main.yml | 5 +++++ roles/ansible-pull/files/vaultpass | 6 ++++++ roles/ansible-pull/handlers/main.yml | 5 +++++ roles/ansible-pull/tasks/main.yml | 18 ++++++++++++++++++ .../templates/ansible-pull.service | 16 ++++++++++++++++ .../ansible-pull/templates/ansible-pull.timer | 11 +++++++++++ roles/common/handlers/main.yml | 5 +++++ roles/common/tasks/ansible.yml | 11 +++++++++++ roles/common/tasks/main.yml | 4 ++++ roles/common/tasks/system.yml | 10 ++++++++++ site.yml | 4 ++++ 12 files changed, 99 insertions(+) create mode 100644 inventory/group_vars/all.yml create mode 100644 roles/ansible-pull/defaults/main.yml create mode 100644 roles/ansible-pull/files/vaultpass create mode 100644 roles/ansible-pull/handlers/main.yml create mode 100644 roles/ansible-pull/tasks/main.yml create mode 100644 roles/ansible-pull/templates/ansible-pull.service create mode 100644 roles/ansible-pull/templates/ansible-pull.timer create mode 100644 roles/common/handlers/main.yml create mode 100644 roles/common/tasks/ansible.yml create mode 100644 roles/common/tasks/system.yml diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml new file mode 100644 index 0000000..0fdd332 --- /dev/null +++ b/inventory/group_vars/all.yml @@ -0,0 +1,4 @@ +# vim:ft=ansible: +ansible_pull_repo: "https://git.9iron.club/salt/ansible" +ansible_pull_commit: rewrite +common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible" diff --git a/roles/ansible-pull/defaults/main.yml b/roles/ansible-pull/defaults/main.yml new file mode 100644 index 0000000..2023639 --- /dev/null +++ b/roles/ansible-pull/defaults/main.yml @@ -0,0 +1,5 @@ +# vim:ft=ansible: +ansible_pull_boot_delay: 15min +ansible_pull_commit: master +ansible_pull_time: "*-*-* 01:00:00" +ansible_pull_playbook: site.yml diff --git a/roles/ansible-pull/files/vaultpass b/roles/ansible-pull/files/vaultpass new file mode 100644 index 0000000..0131d94 --- /dev/null +++ b/roles/ansible-pull/files/vaultpass @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +31383561303637303735386663306631333063623336643030643634333262336664363461613239 +6230623439393465656161663432393732633662383833640a373433343236353835363130653937 +31346233663237383666306536633962613534623735366531666561656335393964316230633161 +3930636537313364380a376432363431346636363565383734613638316161643036623636656532 +66333038393738663464343534633766643734393165626538633962376161376262 diff --git a/roles/ansible-pull/handlers/main.yml b/roles/ansible-pull/handlers/main.yml new file mode 100644 index 0000000..ec085e4 --- /dev/null +++ b/roles/ansible-pull/handlers/main.yml @@ -0,0 +1,5 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +- name: restart ansiblepull timer + systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started + become: yes diff --git a/roles/ansible-pull/tasks/main.yml b/roles/ansible-pull/tasks/main.yml new file mode 100644 index 0000000..d7ce701 --- /dev/null +++ b/roles/ansible-pull/tasks/main.yml @@ -0,0 +1,18 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +- name: configure ansible-pull + block: + - name: assure vault password file + copy: src=vaultpass dest="~/ansiblevaultpass" mode="0600" + become: yes + become_user: ansible + - name: configure systemd service + template: src=ansible-pull.service dest=/etc/systemd/system/ansible-pull.service + notify: restart ansiblepull timer + - name: configure systemd timer + template: src=ansible-pull.timer dest=/etc/systemd/system/ansible-pull.timer + notify: restart ansiblepull timer + - name: enable timer + systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started + notify: restart ansiblepull timer + become: yes diff --git a/roles/ansible-pull/templates/ansible-pull.service b/roles/ansible-pull/templates/ansible-pull.service new file mode 100644 index 0000000..92e9928 --- /dev/null +++ b/roles/ansible-pull/templates/ansible-pull.service @@ -0,0 +1,16 @@ +# vim:ft=dosini: +[Unit] +Description=Ansible pull service +StartLimitIntervalSec=3600 +StartLimitBurst=5 + +[Service] +User=ansible +Group=ansible +Environment=ANSIBLE_CONFIG=~/ansible-pull-repo/ansible-pull.cfg +ExecStart=/usr/local/bin/ansible-pull --accept-host-key -U "{{ ansible_pull_repo }}" -d "~/ansible-pull-repo" --vault-password-file "~/ansiblevaultpass" "{{ ansible_pull_playbook }}" +Restart=on-failure +RestartSec=90 + +[Install] +WantedBy=multi-user.target diff --git a/roles/ansible-pull/templates/ansible-pull.timer b/roles/ansible-pull/templates/ansible-pull.timer new file mode 100644 index 0000000..ea34077 --- /dev/null +++ b/roles/ansible-pull/templates/ansible-pull.timer @@ -0,0 +1,11 @@ +# vim:ft=dosini: +[Unit] +Description=Ansible pull timer + +[Timer] +Persistent=true +OnBootSec={{ ansible_pull_boot_delay }} +OnCalendar={{ ansible_pull_time }} + +[Install] +WantedBy=timers.target diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml new file mode 100644 index 0000000..9cdfca7 --- /dev/null +++ b/roles/common/handlers/main.yml @@ -0,0 +1,5 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +- name: restart cron + service: name=cron state=restarted + become: yes diff --git a/roles/common/tasks/ansible.yml b/roles/common/tasks/ansible.yml new file mode 100644 index 0000000..d32b396 --- /dev/null +++ b/roles/common/tasks/ansible.yml @@ -0,0 +1,11 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +- name: configure ansible user + block: + - name: create ansible user + user: name=ansible password_lock=yes + - name: configure ansible user keys + authorized_key: user=ansible manage_dir=yes key={{ common_ansible_pubkey }} + - name: configure ansible user sudo + lineinfile: path=/etc/sudoers line="ansible ALL=(ALL:ALL) NOPASSWD:ALL" + become: yes diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 15675c7..273cef2 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -2,3 +2,7 @@ # vim:ft=ansible: - name: configure basic packages include_tasks: packages.yml +- name: configure system + include_tasks: system.yml +- name: configure ansible user + include_tasks: ansible.yml diff --git a/roles/common/tasks/system.yml b/roles/common/tasks/system.yml new file mode 100644 index 0000000..1b35bc7 --- /dev/null +++ b/roles/common/tasks/system.yml @@ -0,0 +1,10 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +- name: configure system + block: + - name: configure hostname + hostname: name={{ inventory_hostname }} + - name: configure timezone + timezone: name=America/Chicago + notify: restart cron + become: yes diff --git a/site.yml b/site.yml index 1e9a74d..d98a4d4 100755 --- a/site.yml +++ b/site.yml @@ -1,5 +1,9 @@ #!/usr/bin/env ansible-playbook # vim:ft=ansible: +--- - hosts: all roles: - role: common + tags: [ common ] + - role: ansible-pull + tags: [ ansible, common ]