diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2018-09-17 23:09:05 +0200 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-09-17 23:09:05 +0200 |
commit | eac6bfa06de01222ceb33a6865c01fc46d99769f (patch) | |
tree | 1515a344dacb54db571df4b25cb14ee06d094e85 /ansible/roles | |
parent | 4d6a0f553ae4cbdeec73dffe4aabb3110c0e09c0 (diff) | |
download | infra-eac6bfa06de01222ceb33a6865c01fc46d99769f.tar.gz infra-eac6bfa06de01222ceb33a6865c01fc46d99769f.tar.bz2 infra-eac6bfa06de01222ceb33a6865c01fc46d99769f.tar.xz infra-eac6bfa06de01222ceb33a6865c01fc46d99769f.zip |
o Lots of VM work.
Diffstat (limited to 'ansible/roles')
-rw-r--r-- | ansible/roles/lxc-host/tasks/main.yml | 32 | ||||
-rw-r--r-- | ansible/roles/lxc-host/tasks/per-host.yml | 48 | ||||
-rw-r--r-- | ansible/roles/lxc-machine/handlers/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/lxc-machine/tasks/main.yml | 22 | ||||
-rw-r--r-- | ansible/roles/mw-backend/tasks/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/unix-machine/handlers/main.yml | 3 | ||||
-rw-r--r-- | ansible/roles/unix-machine/tasks/main.yml | 31 |
7 files changed, 109 insertions, 29 deletions
diff --git a/ansible/roles/lxc-host/tasks/main.yml b/ansible/roles/lxc-host/tasks/main.yml index 676e27e..ba511c9 100644 --- a/ansible/roles/lxc-host/tasks/main.yml +++ b/ansible/roles/lxc-host/tasks/main.yml @@ -1,23 +1,11 @@ ---- -#- debug: -# msg: key="{{ item.key }}", ipv4="{{ item.value.ipv4 }}" -# with_dict: "{{ lxc_containers }}" -- name: Set IPv4 address - lineinfile: - path: "/var/lib/lxc/{{ item.key }}/config" - regexp: "lxc.network.ipv4 *=" - line: "lxc.network.ipv4 = {{ item.value.ipv4.address }}/{{ item.value.ipv4.netmask }}" - with_dict: "{{ lxc_containers }}" -- name: Set IPv4 gateway - lineinfile: - path: "/var/lib/lxc/{{ item.key }}/config" - regexp: "lxc.network.ipv4.gateway *=" - line: "lxc.network.ipv4.gateway = {{ item.value.ipv4.gateway }}" - insertafter: "lxc.network.ipv4 *=" - with_dict: "{{ lxc_containers }}" -- name: Set logfile - lineinfile: - path: "/var/lib/lxc/{{ item.key }}/config" - regexp: "lxc.logfile *=" - line: "lxc.logfile = /var/lib/lxc/{{ item.key }}/{{ item.key }}.log" +- name: Remove default network setup packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - python-lxc + +- include_tasks: per-host.yml + vars: + i: "{{ item }}" with_dict: "{{ lxc_containers }}" diff --git a/ansible/roles/lxc-host/tasks/per-host.yml b/ansible/roles/lxc-host/tasks/per-host.yml new file mode 100644 index 0000000..d38267e --- /dev/null +++ b/ansible/roles/lxc-host/tasks/per-host.yml @@ -0,0 +1,48 @@ +- debug: + msg: "LXC HOST: {{ i.key }}" + +- name: lxc.network.type = veth + register: type + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.network.type *=" + line: "lxc.network.type = veth" +- name: lxc.network.link = br0 + register: link + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.network.link *=" + line: "lxc.network.link = br0" +- name: Set IPv4 address {{ i.key }} + register: ipv4 + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.network.ipv4 *=" + line: "lxc.network.ipv4 = {{ i.value.ipv4.address }}/{{ i.value.ipv4.netmask }}" +- name: Set IPv4 gateway + register: ipv4_gateway + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.network.ipv4.gateway *=" + line: "lxc.network.ipv4.gateway = {{ i.value.ipv4.gateway }}" + insertafter: "lxc.network.ipv4 *=" +- name: Set logfile + register: logfile + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.logfile *=" + line: "lxc.logfile = /var/lib/lxc/{{ i.key }}/{{ i.key }}.log" + +#- name: state? +# debug: +# msg: "state={{ i.value.state }}" +#- name: do restart? +# debug: +# msg: "DO RESTART: {{ i.key }}" +# when: i.value.state == 'started' + +- name: restart lxc container {{ i.key }} + when: i.value.state == 'started' and (type.changed or link.changed or ipv4.changed or logfile.changed) + lxc_container: + name: "{{ i.key }}" + state: restarted diff --git a/ansible/roles/lxc-machine/handlers/main.yml b/ansible/roles/lxc-machine/handlers/main.yml index 3f96231..bb3f202 100644 --- a/ansible/roles/lxc-machine/handlers/main.yml +++ b/ansible/roles/lxc-machine/handlers/main.yml @@ -3,4 +3,3 @@ service: name: systemd-sysctl.service state: restarted - diff --git a/ansible/roles/lxc-machine/tasks/main.yml b/ansible/roles/lxc-machine/tasks/main.yml index e75dcd9..c60b9e8 100644 --- a/ansible/roles/lxc-machine/tasks/main.yml +++ b/ansible/roles/lxc-machine/tasks/main.yml @@ -1,10 +1,12 @@ -- name: disable ipv6 - tags: - - disable-ipv6 - copy: - dest: /etc/sysctl.d/99-disable-ipv6.conf - content: net.ipv6.conf.all.disable_ipv6=1 +- tags: enable-ipv6 + file: + path: "/etc/sysctl.d/{{ item }}" + state: absent notify: restart sysctl + with_items: + - 99-ipv6.conf + - 99-enable-ipv6.conf + - 99-disable-ipv6.conf - name: /etc/hosts copy: @@ -18,6 +20,14 @@ ff02::1 ip6-allnodes ff02::2 ip6-allrouters +- name: Remove default network setup packages + apt: + name: "{{ item }}" + state: absent + with_items: + - ifupdown + - net-tools + - name: system setup tags: - packages diff --git a/ansible/roles/mw-backend/tasks/main.yml b/ansible/roles/mw-backend/tasks/main.yml index bbe7473..d1abd8c 100644 --- a/ansible/roles/mw-backend/tasks/main.yml +++ b/ansible/roles/mw-backend/tasks/main.yml @@ -24,6 +24,7 @@ - meta: flush_handlers +# TODO: Remove, use unix-machine instead - name: packages apt: name: "{{ item }}" diff --git a/ansible/roles/unix-machine/handlers/main.yml b/ansible/roles/unix-machine/handlers/main.yml new file mode 100644 index 0000000..ce78323 --- /dev/null +++ b/ansible/roles/unix-machine/handlers/main.yml @@ -0,0 +1,3 @@ +- name: update apt cache + apt: + update_cache: yes diff --git a/ansible/roles/unix-machine/tasks/main.yml b/ansible/roles/unix-machine/tasks/main.yml new file mode 100644 index 0000000..78e346a --- /dev/null +++ b/ansible/roles/unix-machine/tasks/main.yml @@ -0,0 +1,31 @@ +- name: /etc/apt/apt.conf.d/99force-ipv4 + copy: + dest: /etc/apt/apt.conf.d/99force-ipv4 + content: 'Acquire::ForceIPv4 "true";' +- name: /etc/apt/sources.list + notify: update apt cache + copy: + dest: /etc/apt/sources.list + content: | + deb [arch=i386] http://deb.debian.org/debian stretch main contrib non-free + deb [arch=i386] http://security.debian.org/ stretch/updates main contrib non-free + +- meta: flush_handlers + +# Make sure etckeeper installed very early +- name: packages (early) + tags: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - git + - etckeeper + +- name: packages + tags: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - iputils-ping |