Compare commits

..

3 Commits

Author SHA1 Message Date
e86003f245 Decom pi-test-1 2021-06-20 20:06:10 -05:00
e414f92fed Add a spin-up script to contrib 2021-06-20 20:05:56 -05:00
0eafe43b7f Clearing up some lint complaints 2021-06-20 19:15:15 -05:00
3 changed files with 61 additions and 5 deletions

59
contrib/docker.sh Executable file
View File

@ -0,0 +1,59 @@
#! /bin/sh
#
# docker.sh
# Spins up a Docker container with the contents of this repo ready to run
#
# NOTE: This file contains a reference to itself
#
set -e
if [ -n "$ANSIBLE_SSH_KEY" ]; then
# Set up an unprivileged user with the same UID-GID as the user who owns the volume
targetUID="$(stat -c %u /etc/ansible)"
targetGID="$(stat -c %g /etc/ansible)"
printf "\e[37mCreating a user with $targetUID:$targetGID...\e[0m\n"
groupadd ansible -g "$targetGID"
useradd ansible \
-d /home/ansible \
-g ansible \
-s /bin/bash
# And has sudo rights
mkdir /etc/sudoers.d
echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/50-playbookuser
# And owns their home
chown ansible. ~ansible
# Dump the private key as fast as possible to reduce leak
printf '\e[37mInstalling private key...\e[0m\n'
mkdir -p ~ansible/.ssh
echo "$ANSIBLE_SSH_KEY" > ~ansible/.ssh/desu
unset ANSIBLE_SSH_KEY
chmod 0600 ~ansible/.ssh/desu
chown ansible. ~ansible/.ssh/desu
# Give the ansible user a managable profile
cp /etc/ansible/roles/common/templates/profile.sh /etc/profile.d/50-ansible.sh
# Install the packages we need to test things in the repo
printf '\e[37mUpdating repositories...\e[0m\n'
apt-get update > /dev/null 2>&1
printf '\e[37mInstalling packages from APT...\e[0m\n'
apt-get install -y openssh-client python3-docker python3-pip sudo vim > /dev/null 2>&1
printf '\e[37mInstalling packages from PIP (this may take a minute)...\e[0m\n'
pip install -q ansible ansible-lint
# Drop to the ansible user
printf '\e[32mAnsible is ready to run\e[0m\n'
printf ' * \e[33mThe repo is located at /etc/ansible\e[0m\n'
printf ' * For documentation, see README.md\n'
printf ' * For the main playbook, see site.yml\n'
printf 'You have passwordless sudo in this container\n'
printf '\n'
exec sudo -u ansible -i
exit
fi
ANSIBLE_SSH_KEY="$(cat ~/.ssh/desu)"
docker run -it \
-e "ANSIBLE_SSH_KEY=$ANSIBLE_SSH_KEY" \
-v "$PWD:/etc/ansible" \
ubuntu:focal \
bash -c 'cd /etc/ansible && ./contrib/docker.sh && exec bash'

View File

@ -36,9 +36,6 @@ all:
keepalived_priority: 47 keepalived_priority: 47
pi-kub-node-5.desu.ltd: pi-kub-node-5.desu.ltd:
keepalived_priority: 46 keepalived_priority: 46
pitest:
hosts:
pi-test-1.desu.ltd:
desktop: desktop:
hosts: hosts:
dsk-ryzen-0.desu.ltd: dsk-ryzen-0.desu.ltd:

View File

@ -5,7 +5,7 @@
- hosts: pistorage - hosts: pistorage
tasks: tasks:
- name: assure mount directory - name: assure mount directory
file: path=/data state=directory file: path=/data state=directory mode=0755
tags: [ pis, storage ] tags: [ pis, storage ]
- name: assure mount - name: assure mount
mount: path=/data src=LABEL=mass state=mounted fstype=ext4 mount: path=/data src=LABEL=mass state=mounted fstype=ext4
@ -13,7 +13,7 @@
- hosts: pi-storage-1.desu.ltd - hosts: pi-storage-1.desu.ltd
tasks: tasks:
- name: assure directories in mount - name: assure directories in mount
file: path=/data/{{ item }} state=directory file: path=/data/{{ item }} state=directory mode=0755
with_items: with_items:
- nfs - nfs
- postgresql - postgresql