-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathbootstrap.yml
executable file
·155 lines (135 loc) · 3.44 KB
/
bootstrap.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
#!/usr/bin/env -v -S ansible-playbook --flush-cache
# vim: set filetype=ansible:
---
- name: Create host inventory file
hosts: all
connection: local
gather_facts: no
tasks:
- name: Create host file for inventory
file:
name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
state: touch
- name: Gather group names
hosts: localhost
gather_facts: no
connection: local
tasks:
- name: Groups
debug:
var: group_names
- hosts: disabled
gather_facts: no
connection: local
tasks:
- name: remove old host key
known_hosts:
name: "{{ inventory_hostname }}"
state: absent
- name: Check for hostkey
command: "ssh-keyscan -H -T 10 {{inventory_hostname}}"
with_items: "{{ inventory_hostname }}"
register: ssh_known_host_results
tags:
- skip_ansible_lint
- name: Results of keyscan
debug:
var: ssh_known_host_results.results
- name: remove old host key
known_hosts:
name: "{{ inventory_hostname }}"
key: "{{ ssh_known_host_results.results }}"
state: present
- hosts: all:!unmanaged
gather_facts: no
roles:
- role: group_by
# Raspberry Pi
- hosts: armv7l
gather_facts: no
remote_user: "{{ deployment_user }}"
tasks:
#
# python python-dnf python-passlib libselinux-python python-firewall
- hosts: Fedora
gather_facts: no
remote_user: "{{ deployment_user }}"
tasks:
- name: make sure python2 is installed
raw: "dnf -y -e0 -d0 install {{ item }}"
become: true
with_items:
- redhat-lsb-core
- python
- python-dnf
- python-passlib
- libselinux-python
- python-firewall
- firewalld
- dnf-automatic
tags:
- skip_ansible_lint
- name: Set SELINUX
selinux:
policy: "{{ selinux_policy }}"
state: "{{ selinux_state }}"
- hosts: FreeBSD
remote_user: "{{ deployment_user }}"
roles:
- role: bootstrap/FreeBSD
- hosts: MacOSX
remote_user: "{{ deployment_user }}"
roles:
- role: bootstrap/MacOSX
- hosts: Debian
remote_user: "{{ bootstrap_user }}"
tasks:
- name: set vim as default editor
alternatives:
name: editor
path: /usr/bin/vim.basic
become: true
- name: set chassis type
command: "hostnamectl --static --transient --pretty set-hostname {{ inventory_hostname }}"
tags:
- skip_ansible_lint
become: true
- hosts: Ubuntu
remote_user: "{{ bootstrap_user }}"
tasks:
- name: install vim if it has not been installed
apt:
name: vim
update_cache: yes
tags:
- skip_ansible_lint
become: true
- name: set chassis type
command: hostnamectl set-chassis server
tags:
- skip_ansible_lint
become: true
- hosts: all:!unmanaged
remote_user: "{{ deployment_user }}"
tasks:
- name: Gather host type
setup:
gather_subset: '!all'
- name: create ansible_distribution group
group_by: key={{ ansible_distribution }}
- hosts: all:!unmanaged
remote_user: "{{ deployment_user }}"
roles:
- role: bootstrap
- role: sudoers
- role: python
- role: sshd
- role: deploy
- role: hostname
- role: unattended-upgrades
- role: bootstrap_completed
- include: playbooks/upgrade.yml
- hosts: all:!unmanaged
remote_user: "{{ deployment_user }}"
roles:
- { role: f500.dumpall, dumpall_flat_mode: yes, dumpall_host_destination: examine/ }