diff --git a/group_vars/all.yml b/inventory/group_vars/all.yml similarity index 78% rename from group_vars/all.yml rename to inventory/group_vars/all.yml index a6efca2..e511d19 100755 --- a/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -35,7 +35,7 @@ iscsi_target_iqn: iqn.2005-10.org.freenas.ctl:pve-iscsi # Alma new VM provisioning # hostname: "prod3" timezone: "America/Denver" -staging_ip: "10.133.7.240" +# staging_ip: "10.133.7.240" # network_config: # interface: "ens18" # address: "{{ staging_host }}" @@ -43,5 +43,10 @@ staging_ip: "10.133.7.240" # gateway: "10.133.7.1" # dns: ["10.133.7.1"] -# nfs_mounts: -# - { src: "nas:/mnt/media", path: "/mnt/media", opts: "defaults,nfsvers=4" } +nfs_mounts: + - { src: "nas:/mnt/ALEXANDRIA/media", path: "/mnt/media", opts: "defaults,nfsvers=4" } + - { src: "nas:/mnt/ALEXANDRIA/school", path: "/mnt/school", opts: "defaults,nfsvers=4" } + - { src: "nas:/mnt/ALEXANDRIA/os-images", path: "/mnt/os-images", opts: "defaults,nfsvers=4" } + +provision_mgmt_ip: 10.69.1.102 +provision_hostname: prod2 diff --git a/group_vars/cluster_prep.yml b/inventory/group_vars/cluster_prep.yml similarity index 100% rename from group_vars/cluster_prep.yml rename to inventory/group_vars/cluster_prep.yml diff --git a/inventory/hosts.yml b/inventory/hosts.yml index 1ec4e18..85e852b 100755 --- a/inventory/hosts.yml +++ b/inventory/hosts.yml @@ -18,4 +18,4 @@ all: school: ansible_host: school staging-vm: - ansible_host: 10.133.7.240 + ansible_host: 10.133.7.243 diff --git a/playbooks/apply-firewalld.yml b/playbooks/apply-firewalld.yml new file mode 100644 index 0000000..0cac4bb --- /dev/null +++ b/playbooks/apply-firewalld.yml @@ -0,0 +1,5 @@ +- name: Apply firewalld config + hosts: staging-vm + become: yes + roles: + - role: provision/alma/firewall \ No newline at end of file diff --git a/playbooks/provision-alma.yml b/playbooks/provision-alma.yml index 0b5045d..f63c858 100644 --- a/playbooks/provision-alma.yml +++ b/playbooks/provision-alma.yml @@ -1,8 +1,12 @@ -- name: Provision AlmaLinux 10 VM - hosts: new-vm +--- +- name: Provision AlmaLinux 9 VM + hosts: staging-vm become: yes roles: + - role: server/users - role: provision/alma/common - # - role: provision/alma/network - # - role: provision/alma/nfs - # - role: provision/alma/docker + - role: provision/alma/network + - role: provision/alma/firewall + - role: provision/alma/nfs + - role: docker/install + - role: server/reboot \ No newline at end of file diff --git a/playbooks/sysprep-alma.yml b/playbooks/sysprep-alma.yml index b03e358..b914705 100644 --- a/playbooks/sysprep-alma.yml +++ b/playbooks/sysprep-alma.yml @@ -2,4 +2,12 @@ hosts: staging-vm become: yes roles: - - role: provision/alma/sysprep \ No newline at end of file + - role: provision/alma/sysprep + tasks: + - name: Reboot machine and send a message + ansible.builtin.reboot: + msg: "Going down in 5..." + # - name: Shutdown the machine for templating + # community.general.shutdown: + # msg: "I must go now..." + # delay: 5 \ No newline at end of file diff --git a/roles/docker/install/tasks/main.yml b/roles/docker/install/tasks/main.yml index 86b2c7c..f2ad28d 100755 --- a/roles/docker/install/tasks/main.yml +++ b/roles/docker/install/tasks/main.yml @@ -1,45 +1,30 @@ --- -- name: Update apt cache - ansible.builtin.apt: - update_cache: yes +- name: Install plugins-core to manage DNF repos + ansible.builtin.dnf: + name: + - dnf-plugins-core -- name: Install prerequisite packages - ansible.builtin.apt: - name: - - ca-certificates - - curl - state: present +- name: Add Docker repo + ansible.builtin.command: dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo -- name: Create apt keyrings directory - ansible.builtin.file: - path: /etc/apt/keyrings - state: directory - mode: '0755' +- name: Install Docker Engine + ansible.builtin.dnf: + name: + - install + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin -- name: Download Docker GPG key - ansible.builtin.get_url: - url: "https://download.docker.com/linux/ubuntu/gpg" - dest: /etc/apt/keyrings/docker.asc - mode: '0644' +- name: Enable and start Docker Engine + ansible.builtin.systemd_service: + state: started + enabled: true -- name: Add Docker apt repository - ansible.builtin.apt_repository: - repo: "deb [arch={{ docker_arch }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" - filename: docker - state: present - vars: - docker_arch: "{{ ansible_architecture | regex_replace('x86_64', 'amd64') }}" +- name: Verify with Hello World + ansible.builtin.command: docker run hello-world + register: docker_out -- name: Update apt cache after adding Docker repository - ansible.builtin.apt: - update_cache: true - -- name: Install Docker packages - ansible.builtin.apt: - name: - - docker-ce - - docker-ce-cli - - containerd.io - - docker-buildx-plugin - - docker-compose-plugin - state: present \ No newline at end of file +- ansible.builtin.debug: + var: docker_out diff --git a/roles/docker/install/tasks/main2.yml b/roles/docker/install/tasks/main2.yml new file mode 100644 index 0000000..86b2c7c --- /dev/null +++ b/roles/docker/install/tasks/main2.yml @@ -0,0 +1,45 @@ +--- +- name: Update apt cache + ansible.builtin.apt: + update_cache: yes + +- name: Install prerequisite packages + ansible.builtin.apt: + name: + - ca-certificates + - curl + state: present + +- name: Create apt keyrings directory + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + +- name: Download Docker GPG key + ansible.builtin.get_url: + url: "https://download.docker.com/linux/ubuntu/gpg" + dest: /etc/apt/keyrings/docker.asc + mode: '0644' + +- name: Add Docker apt repository + ansible.builtin.apt_repository: + repo: "deb [arch={{ docker_arch }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + filename: docker + state: present + vars: + docker_arch: "{{ ansible_architecture | regex_replace('x86_64', 'amd64') }}" + +- name: Update apt cache after adding Docker repository + ansible.builtin.apt: + update_cache: true + +- name: Install Docker packages + ansible.builtin.apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + state: present \ No newline at end of file diff --git a/roles/docker/remove/defaults/main.yml b/roles/docker/remove/defaults/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/docker/remove/handlers/main.yml b/roles/docker/remove/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/docker/remove/tasks/main.yml b/roles/docker/remove/tasks/main.yml new file mode 100644 index 0000000..530f0a4 --- /dev/null +++ b/roles/docker/remove/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- name: Remove old docker stuff + ansible.builtin.dnf: + name: + - docker + - docker-client + - docker-client-latest + - docker-common + - docker-latest + - docker-latest-logrotate + - docker-logrotate + - docker-engine + state: absent \ No newline at end of file diff --git a/roles/docker/remove/templates/main.yml b/roles/docker/remove/templates/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/provision/alma/common/tasks/main.yml b/roles/provision/alma/common/tasks/main.yml index df1846d..6a700bc 100644 --- a/roles/provision/alma/common/tasks/main.yml +++ b/roles/provision/alma/common/tasks/main.yml @@ -4,9 +4,10 @@ register: output changed_when: output.rc != 0 -# - name: Set hostname -# ansible.builtin.hostname: -# name: "{{ hostname }}" +- name: Set hostname + ansible.builtin.hostname: + name: "{{ provision_hostname }}" + use: systemd - name: Upgrade all packages ansible.builtin.dnf: diff --git a/roles/provision/alma/firewall/tasks/main.yml b/roles/provision/alma/firewall/tasks/main.yml index 497319d..5865bc6 100644 --- a/roles/provision/alma/firewall/tasks/main.yml +++ b/roles/provision/alma/firewall/tasks/main.yml @@ -1,5 +1,22 @@ +--- - name: Enable and start firewalld - ansible.builtin.service: + ansible.builtin.systemd: name: firewalld enabled: yes state: started + +- name: Set internal to default + ansible.builtin.command: firewall-cmd --set-default-zone=internal + +- name: Remove ens18 from public + ansible.builtin.command: firewall-cmd --zone=public --remove-interface=ens18 --permanent + +- name: Assign interface ens18 to "internal" zone + ansible.posix.firewalld: + interface: ens18 + zone: internal + state: enabled + permanent: true + +- name: Reload firewalld to apply changes + ansible.builtin.command: firewall-cmd --reload diff --git a/roles/provision/alma/network/tasks/main.yml b/roles/provision/alma/network/tasks/main.yml index 5722879..937d8a1 100644 --- a/roles/provision/alma/network/tasks/main.yml +++ b/roles/provision/alma/network/tasks/main.yml @@ -1,15 +1,20 @@ -- name: Configure static network - ansible.builtin.template: - src: ifcfg-template.j2 - dest: "/etc/sysconfig/network-scripts/ifcfg-{{ network_config.interface }}" - # notify: Restart network +--- +- name: Set up MGMT interface manually + nmcli: + conn_name: mgmt + ip4: "{{ provision_mgmt_ip }}" + method4: "manual" + ifname: ens19 + dns4_search: lan.xbazzi.com + type: ethernet + state: present -# - name: Ensure NetworkManager is enabled -# ansible.builtin.service: -# name: NetworkManager -# enabled: true -# state: restarted +- name: Remove ens18 default connection + nmcli: + conn_name: ens18 + state: absent - # handlers: - # - name: Restart network - # command: nmcli connection reload +- name: Remove ens19 default connection + nmcli: + conn_name: Wired connection 1 + state: absent \ No newline at end of file diff --git a/roles/provision/alma/nfs/tasks/main.yml b/roles/provision/alma/nfs/tasks/main.yml index ef40666..05602e7 100644 --- a/roles/provision/alma/nfs/tasks/main.yml +++ b/roles/provision/alma/nfs/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Install NFS client ansible.builtin.dnf: name: nfs-utils @@ -7,8 +8,8 @@ ansible.builtin.file: path: "{{ item.path }}" state: directory - owner: root - group: root + owner: nfsuser + group: nfsuser mode: '0755' loop: "{{ nfs_mounts }}" diff --git a/roles/provision/alma/sysprep/tasks/main.yml b/roles/provision/alma/sysprep/tasks/main.yml index 3a87b6f..7737dc7 100644 --- a/roles/provision/alma/sysprep/tasks/main.yml +++ b/roles/provision/alma/sysprep/tasks/main.yml @@ -124,14 +124,9 @@ - name: Sync changes to disk ansible.builtin.command: sync -- name: Shutdown the machine for templating - community.general.shutdown: - delay: 5 - - name: Remove old local SSH known_hosts entry become_user: xbazzi local_action: module: command args: cmd: ssh-keygen -R "{{ hostvars['staging-vm'].ansible_host }}" - diff --git a/roles/server/reboot/defaults/main.yml b/roles/server/reboot/defaults/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/server/reboot/handlers/main.yml b/roles/server/reboot/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/server/reboot/tasks/main.yml b/roles/server/reboot/tasks/main.yml new file mode 100644 index 0000000..785d796 --- /dev/null +++ b/roles/server/reboot/tasks/main.yml @@ -0,0 +1,4 @@ +--- + - name: Reboot machine and send a message + ansible.builtin.reboot: + msg: "Going down in 5..." \ No newline at end of file diff --git a/roles/server/reboot/templates/main.yml b/roles/server/reboot/templates/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/server/users/defaults/main.yml b/roles/server/users/defaults/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/server/users/handlers/main.yml b/roles/server/users/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/server/users/tasks/main.yml b/roles/server/users/tasks/main.yml new file mode 100644 index 0000000..aa8ea17 --- /dev/null +++ b/roles/server/users/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: Add xbazzi group + ansible.builtin.group: + name: xbazzi + state: present + gid: 1337 + +- name: Add xbazzi user + ansible.builtin.user: + name: xbazzi + create_home: true + shell: /bin/bash + groups: wheel,xbazzi + state: present + uid: 1337 + + +# - name: Add ansible group +# ansible.builtin.group: +# name: ansible +# state: present +# gid: 1001 + +# - name: Add ansible user +# ansible.builtin.user: +# name: ansible +# create_home: true +# shell: /bin/bash +# groups: wheel,ansible +# state: present +# uid: 1001 + +- name: Add nfsuser group + ansible.builtin.group: + name: nfsuser + state: present + gid: 3005 + +- name: Add nfsuser user + ansible.builtin.user: + name: nfsuser + create_home: true + shell: /bin/bash + groups: wheel + state: present + uid: 3005 diff --git a/roles/server/users/templates/main.yml b/roles/server/users/templates/main.yml new file mode 100644 index 0000000..e69de29