Compare commits
3 Commits
7fee7bdcf1
...
e86003f245
Author | SHA1 | Date | |
---|---|---|---|
e86003f245 | |||
e414f92fed | |||
0eafe43b7f |
59
contrib/docker.sh
Executable file
59
contrib/docker.sh
Executable file
@ -0,0 +1,59 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# docker.sh
|
||||||
|
# Spins up a Docker container with the contents of this repo ready to run
|
||||||
|
#
|
||||||
|
# NOTE: This file contains a reference to itself
|
||||||
|
#
|
||||||
|
set -e
|
||||||
|
if [ -n "$ANSIBLE_SSH_KEY" ]; then
|
||||||
|
# Set up an unprivileged user with the same UID-GID as the user who owns the volume
|
||||||
|
targetUID="$(stat -c %u /etc/ansible)"
|
||||||
|
targetGID="$(stat -c %g /etc/ansible)"
|
||||||
|
printf "\e[37mCreating a user with $targetUID:$targetGID...\e[0m\n"
|
||||||
|
groupadd ansible -g "$targetGID"
|
||||||
|
useradd ansible \
|
||||||
|
-d /home/ansible \
|
||||||
|
-g ansible \
|
||||||
|
-s /bin/bash
|
||||||
|
# And has sudo rights
|
||||||
|
mkdir /etc/sudoers.d
|
||||||
|
echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/50-playbookuser
|
||||||
|
# And owns their home
|
||||||
|
chown ansible. ~ansible
|
||||||
|
|
||||||
|
# Dump the private key as fast as possible to reduce leak
|
||||||
|
printf '\e[37mInstalling private key...\e[0m\n'
|
||||||
|
mkdir -p ~ansible/.ssh
|
||||||
|
echo "$ANSIBLE_SSH_KEY" > ~ansible/.ssh/desu
|
||||||
|
unset ANSIBLE_SSH_KEY
|
||||||
|
chmod 0600 ~ansible/.ssh/desu
|
||||||
|
chown ansible. ~ansible/.ssh/desu
|
||||||
|
|
||||||
|
# Give the ansible user a managable profile
|
||||||
|
cp /etc/ansible/roles/common/templates/profile.sh /etc/profile.d/50-ansible.sh
|
||||||
|
|
||||||
|
# Install the packages we need to test things in the repo
|
||||||
|
printf '\e[37mUpdating repositories...\e[0m\n'
|
||||||
|
apt-get update > /dev/null 2>&1
|
||||||
|
printf '\e[37mInstalling packages from APT...\e[0m\n'
|
||||||
|
apt-get install -y openssh-client python3-docker python3-pip sudo vim > /dev/null 2>&1
|
||||||
|
printf '\e[37mInstalling packages from PIP (this may take a minute)...\e[0m\n'
|
||||||
|
pip install -q ansible ansible-lint
|
||||||
|
|
||||||
|
# Drop to the ansible user
|
||||||
|
printf '\e[32mAnsible is ready to run\e[0m\n'
|
||||||
|
printf ' * \e[33mThe repo is located at /etc/ansible\e[0m\n'
|
||||||
|
printf ' * For documentation, see README.md\n'
|
||||||
|
printf ' * For the main playbook, see site.yml\n'
|
||||||
|
printf 'You have passwordless sudo in this container\n'
|
||||||
|
printf '\n'
|
||||||
|
exec sudo -u ansible -i
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
ANSIBLE_SSH_KEY="$(cat ~/.ssh/desu)"
|
||||||
|
docker run -it \
|
||||||
|
-e "ANSIBLE_SSH_KEY=$ANSIBLE_SSH_KEY" \
|
||||||
|
-v "$PWD:/etc/ansible" \
|
||||||
|
ubuntu:focal \
|
||||||
|
bash -c 'cd /etc/ansible && ./contrib/docker.sh && exec bash'
|
@ -36,9 +36,6 @@ all:
|
|||||||
keepalived_priority: 47
|
keepalived_priority: 47
|
||||||
pi-kub-node-5.desu.ltd:
|
pi-kub-node-5.desu.ltd:
|
||||||
keepalived_priority: 46
|
keepalived_priority: 46
|
||||||
pitest:
|
|
||||||
hosts:
|
|
||||||
pi-test-1.desu.ltd:
|
|
||||||
desktop:
|
desktop:
|
||||||
hosts:
|
hosts:
|
||||||
dsk-ryzen-0.desu.ltd:
|
dsk-ryzen-0.desu.ltd:
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
- hosts: pistorage
|
- hosts: pistorage
|
||||||
tasks:
|
tasks:
|
||||||
- name: assure mount directory
|
- name: assure mount directory
|
||||||
file: path=/data state=directory
|
file: path=/data state=directory mode=0755
|
||||||
tags: [ pis, storage ]
|
tags: [ pis, storage ]
|
||||||
- name: assure mount
|
- name: assure mount
|
||||||
mount: path=/data src=LABEL=mass state=mounted fstype=ext4
|
mount: path=/data src=LABEL=mass state=mounted fstype=ext4
|
||||||
@ -13,7 +13,7 @@
|
|||||||
- hosts: pi-storage-1.desu.ltd
|
- hosts: pi-storage-1.desu.ltd
|
||||||
tasks:
|
tasks:
|
||||||
- name: assure directories in mount
|
- name: assure directories in mount
|
||||||
file: path=/data/{{ item }} state=directory
|
file: path=/data/{{ item }} state=directory mode=0755
|
||||||
with_items:
|
with_items:
|
||||||
- nfs
|
- nfs
|
||||||
- postgresql
|
- postgresql
|
||||||
|
Loading…
Reference in New Issue
Block a user