aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2018-09-17 23:09:05 +0200
committerTrygve Laugstøl <trygvis@inamo.no>2018-09-17 23:09:05 +0200
commiteac6bfa06de01222ceb33a6865c01fc46d99769f (patch)
tree1515a344dacb54db571df4b25cb14ee06d094e85 /ansible/roles
parent4d6a0f553ae4cbdeec73dffe4aabb3110c0e09c0 (diff)
downloadinfra-eac6bfa06de01222ceb33a6865c01fc46d99769f.tar.gz
infra-eac6bfa06de01222ceb33a6865c01fc46d99769f.tar.bz2
infra-eac6bfa06de01222ceb33a6865c01fc46d99769f.tar.xz
infra-eac6bfa06de01222ceb33a6865c01fc46d99769f.zip
o Lots of VM work.
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/lxc-host/tasks/main.yml32
-rw-r--r--ansible/roles/lxc-host/tasks/per-host.yml48
-rw-r--r--ansible/roles/lxc-machine/handlers/main.yml1
-rw-r--r--ansible/roles/lxc-machine/tasks/main.yml22
-rw-r--r--ansible/roles/mw-backend/tasks/main.yml1
-rw-r--r--ansible/roles/unix-machine/handlers/main.yml3
-rw-r--r--ansible/roles/unix-machine/tasks/main.yml31
7 files changed, 109 insertions, 29 deletions
diff --git a/ansible/roles/lxc-host/tasks/main.yml b/ansible/roles/lxc-host/tasks/main.yml
index 676e27e..ba511c9 100644
--- a/ansible/roles/lxc-host/tasks/main.yml
+++ b/ansible/roles/lxc-host/tasks/main.yml
@@ -1,23 +1,11 @@
----
-#- debug:
-# msg: key="{{ item.key }}", ipv4="{{ item.value.ipv4 }}"
-# with_dict: "{{ lxc_containers }}"
-- name: Set IPv4 address
- lineinfile:
- path: "/var/lib/lxc/{{ item.key }}/config"
- regexp: "lxc.network.ipv4 *="
- line: "lxc.network.ipv4 = {{ item.value.ipv4.address }}/{{ item.value.ipv4.netmask }}"
- with_dict: "{{ lxc_containers }}"
-- name: Set IPv4 gateway
- lineinfile:
- path: "/var/lib/lxc/{{ item.key }}/config"
- regexp: "lxc.network.ipv4.gateway *="
- line: "lxc.network.ipv4.gateway = {{ item.value.ipv4.gateway }}"
- insertafter: "lxc.network.ipv4 *="
- with_dict: "{{ lxc_containers }}"
-- name: Set logfile
- lineinfile:
- path: "/var/lib/lxc/{{ item.key }}/config"
- regexp: "lxc.logfile *="
- line: "lxc.logfile = /var/lib/lxc/{{ item.key }}/{{ item.key }}.log"
+- name: Remove default network setup packages
+ apt:
+ name: "{{ item }}"
+ install_recommends: no
+ with_items:
+ - python-lxc
+
+- include_tasks: per-host.yml
+ vars:
+ i: "{{ item }}"
with_dict: "{{ lxc_containers }}"
diff --git a/ansible/roles/lxc-host/tasks/per-host.yml b/ansible/roles/lxc-host/tasks/per-host.yml
new file mode 100644
index 0000000..d38267e
--- /dev/null
+++ b/ansible/roles/lxc-host/tasks/per-host.yml
@@ -0,0 +1,48 @@
+- debug:
+ msg: "LXC HOST: {{ i.key }}"
+
+- name: lxc.network.type = veth
+ register: type
+ lineinfile:
+ path: "/var/lib/lxc/{{ i.key }}/config"
+ regexp: "lxc.network.type *="
+ line: "lxc.network.type = veth"
+- name: lxc.network.link = br0
+ register: link
+ lineinfile:
+ path: "/var/lib/lxc/{{ i.key }}/config"
+ regexp: "lxc.network.link *="
+ line: "lxc.network.link = br0"
+- name: Set IPv4 address {{ i.key }}
+ register: ipv4
+ lineinfile:
+ path: "/var/lib/lxc/{{ i.key }}/config"
+ regexp: "lxc.network.ipv4 *="
+ line: "lxc.network.ipv4 = {{ i.value.ipv4.address }}/{{ i.value.ipv4.netmask }}"
+- name: Set IPv4 gateway
+ register: ipv4_gateway
+ lineinfile:
+ path: "/var/lib/lxc/{{ i.key }}/config"
+ regexp: "lxc.network.ipv4.gateway *="
+ line: "lxc.network.ipv4.gateway = {{ i.value.ipv4.gateway }}"
+ insertafter: "lxc.network.ipv4 *="
+- name: Set logfile
+ register: logfile
+ lineinfile:
+ path: "/var/lib/lxc/{{ i.key }}/config"
+ regexp: "lxc.logfile *="
+ line: "lxc.logfile = /var/lib/lxc/{{ i.key }}/{{ i.key }}.log"
+
+#- name: state?
+# debug:
+# msg: "state={{ i.value.state }}"
+#- name: do restart?
+# debug:
+# msg: "DO RESTART: {{ i.key }}"
+# when: i.value.state == 'started'
+
+- name: restart lxc container {{ i.key }}
+ when: i.value.state == 'started' and (type.changed or link.changed or ipv4.changed or logfile.changed)
+ lxc_container:
+ name: "{{ i.key }}"
+ state: restarted
diff --git a/ansible/roles/lxc-machine/handlers/main.yml b/ansible/roles/lxc-machine/handlers/main.yml
index 3f96231..bb3f202 100644
--- a/ansible/roles/lxc-machine/handlers/main.yml
+++ b/ansible/roles/lxc-machine/handlers/main.yml
@@ -3,4 +3,3 @@
service:
name: systemd-sysctl.service
state: restarted
-
diff --git a/ansible/roles/lxc-machine/tasks/main.yml b/ansible/roles/lxc-machine/tasks/main.yml
index e75dcd9..c60b9e8 100644
--- a/ansible/roles/lxc-machine/tasks/main.yml
+++ b/ansible/roles/lxc-machine/tasks/main.yml
@@ -1,10 +1,12 @@
-- name: disable ipv6
- tags:
- - disable-ipv6
- copy:
- dest: /etc/sysctl.d/99-disable-ipv6.conf
- content: net.ipv6.conf.all.disable_ipv6=1
+- tags: enable-ipv6
+ file:
+ path: "/etc/sysctl.d/{{ item }}"
+ state: absent
notify: restart sysctl
+ with_items:
+ - 99-ipv6.conf
+ - 99-enable-ipv6.conf
+ - 99-disable-ipv6.conf
- name: /etc/hosts
copy:
@@ -18,6 +20,14 @@
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
+- name: Remove default network setup packages
+ apt:
+ name: "{{ item }}"
+ state: absent
+ with_items:
+ - ifupdown
+ - net-tools
+
- name: system setup
tags:
- packages
diff --git a/ansible/roles/mw-backend/tasks/main.yml b/ansible/roles/mw-backend/tasks/main.yml
index bbe7473..d1abd8c 100644
--- a/ansible/roles/mw-backend/tasks/main.yml
+++ b/ansible/roles/mw-backend/tasks/main.yml
@@ -24,6 +24,7 @@
- meta: flush_handlers
+# TODO: Remove, use unix-machine instead
- name: packages
apt:
name: "{{ item }}"
diff --git a/ansible/roles/unix-machine/handlers/main.yml b/ansible/roles/unix-machine/handlers/main.yml
new file mode 100644
index 0000000..ce78323
--- /dev/null
+++ b/ansible/roles/unix-machine/handlers/main.yml
@@ -0,0 +1,3 @@
+- name: update apt cache
+ apt:
+ update_cache: yes
diff --git a/ansible/roles/unix-machine/tasks/main.yml b/ansible/roles/unix-machine/tasks/main.yml
new file mode 100644
index 0000000..78e346a
--- /dev/null
+++ b/ansible/roles/unix-machine/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: /etc/apt/apt.conf.d/99force-ipv4
+ copy:
+ dest: /etc/apt/apt.conf.d/99force-ipv4
+ content: 'Acquire::ForceIPv4 "true";'
+- name: /etc/apt/sources.list
+ notify: update apt cache
+ copy:
+ dest: /etc/apt/sources.list
+ content: |
+ deb [arch=i386] http://deb.debian.org/debian stretch main contrib non-free
+ deb [arch=i386] http://security.debian.org/ stretch/updates main contrib non-free
+
+- meta: flush_handlers
+
+# Make sure etckeeper installed very early
+- name: packages (early)
+ tags: packages
+ apt:
+ name: "{{ item }}"
+ install_recommends: no
+ with_items:
+ - git
+ - etckeeper
+
+- name: packages
+ tags: packages
+ apt:
+ name: "{{ item }}"
+ install_recommends: no
+ with_items:
+ - iputils-ping