Taking a dump
This commit is contained in:
parent
8b7ad3b450
commit
d11deec1d8
4
inventory/group_vars/all.yml
Normal file
4
inventory/group_vars/all.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
ansible_pull_repo: "https://git.9iron.club/salt/ansible"
|
||||||
|
ansible_pull_commit: rewrite
|
||||||
|
common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible"
|
5
roles/ansible-pull/defaults/main.yml
Normal file
5
roles/ansible-pull/defaults/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
ansible_pull_boot_delay: 15min
|
||||||
|
ansible_pull_commit: master
|
||||||
|
ansible_pull_time: "*-*-* 01:00:00"
|
||||||
|
ansible_pull_playbook: site.yml
|
6
roles/ansible-pull/files/vaultpass
Normal file
6
roles/ansible-pull/files/vaultpass
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31383561303637303735386663306631333063623336643030643634333262336664363461613239
|
||||||
|
6230623439393465656161663432393732633662383833640a373433343236353835363130653937
|
||||||
|
31346233663237383666306536633962613534623735366531666561656335393964316230633161
|
||||||
|
3930636537313364380a376432363431346636363565383734613638316161643036623636656532
|
||||||
|
66333038393738663464343534633766643734393165626538633962376161376262
|
5
roles/ansible-pull/handlers/main.yml
Normal file
5
roles/ansible-pull/handlers/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
- name: restart ansiblepull timer
|
||||||
|
systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started
|
||||||
|
become: yes
|
18
roles/ansible-pull/tasks/main.yml
Normal file
18
roles/ansible-pull/tasks/main.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
- name: configure ansible-pull
|
||||||
|
block:
|
||||||
|
- name: assure vault password file
|
||||||
|
copy: src=vaultpass dest="~/ansiblevaultpass" mode="0600"
|
||||||
|
become: yes
|
||||||
|
become_user: ansible
|
||||||
|
- name: configure systemd service
|
||||||
|
template: src=ansible-pull.service dest=/etc/systemd/system/ansible-pull.service
|
||||||
|
notify: restart ansiblepull timer
|
||||||
|
- name: configure systemd timer
|
||||||
|
template: src=ansible-pull.timer dest=/etc/systemd/system/ansible-pull.timer
|
||||||
|
notify: restart ansiblepull timer
|
||||||
|
- name: enable timer
|
||||||
|
systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started
|
||||||
|
notify: restart ansiblepull timer
|
||||||
|
become: yes
|
16
roles/ansible-pull/templates/ansible-pull.service
Normal file
16
roles/ansible-pull/templates/ansible-pull.service
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# vim:ft=dosini:
|
||||||
|
[Unit]
|
||||||
|
Description=Ansible pull service
|
||||||
|
StartLimitIntervalSec=3600
|
||||||
|
StartLimitBurst=5
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=ansible
|
||||||
|
Group=ansible
|
||||||
|
Environment=ANSIBLE_CONFIG=~/ansible-pull-repo/ansible-pull.cfg
|
||||||
|
ExecStart=/usr/local/bin/ansible-pull --accept-host-key -U "{{ ansible_pull_repo }}" -d "~/ansible-pull-repo" --vault-password-file "~/ansiblevaultpass" "{{ ansible_pull_playbook }}"
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=90
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
11
roles/ansible-pull/templates/ansible-pull.timer
Normal file
11
roles/ansible-pull/templates/ansible-pull.timer
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# vim:ft=dosini:
|
||||||
|
[Unit]
|
||||||
|
Description=Ansible pull timer
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
Persistent=true
|
||||||
|
OnBootSec={{ ansible_pull_boot_delay }}
|
||||||
|
OnCalendar={{ ansible_pull_time }}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
5
roles/common/handlers/main.yml
Normal file
5
roles/common/handlers/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
- name: restart cron
|
||||||
|
service: name=cron state=restarted
|
||||||
|
become: yes
|
11
roles/common/tasks/ansible.yml
Normal file
11
roles/common/tasks/ansible.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
- name: configure ansible user
|
||||||
|
block:
|
||||||
|
- name: create ansible user
|
||||||
|
user: name=ansible password_lock=yes
|
||||||
|
- name: configure ansible user keys
|
||||||
|
authorized_key: user=ansible manage_dir=yes key={{ common_ansible_pubkey }}
|
||||||
|
- name: configure ansible user sudo
|
||||||
|
lineinfile: path=/etc/sudoers line="ansible ALL=(ALL:ALL) NOPASSWD:ALL"
|
||||||
|
become: yes
|
@ -2,3 +2,7 @@
|
|||||||
# vim:ft=ansible:
|
# vim:ft=ansible:
|
||||||
- name: configure basic packages
|
- name: configure basic packages
|
||||||
include_tasks: packages.yml
|
include_tasks: packages.yml
|
||||||
|
- name: configure system
|
||||||
|
include_tasks: system.yml
|
||||||
|
- name: configure ansible user
|
||||||
|
include_tasks: ansible.yml
|
||||||
|
10
roles/common/tasks/system.yml
Normal file
10
roles/common/tasks/system.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
- name: configure system
|
||||||
|
block:
|
||||||
|
- name: configure hostname
|
||||||
|
hostname: name={{ inventory_hostname }}
|
||||||
|
- name: configure timezone
|
||||||
|
timezone: name=America/Chicago
|
||||||
|
notify: restart cron
|
||||||
|
become: yes
|
Loading…
Reference in New Issue
Block a user