diff options
| -rw-r--r-- | ansible/host_vars/knot.yml | 8 | ||||
| -rw-r--r-- | ansible/mw.yml | 10 | ||||
| -rw-r--r-- | ansible/roles/lxc-host/tasks/main.yml | 32 | ||||
| -rw-r--r-- | ansible/roles/lxc-host/tasks/per-host.yml | 48 | ||||
| -rw-r--r-- | ansible/roles/lxc-machine/handlers/main.yml | 1 | ||||
| -rw-r--r-- | ansible/roles/lxc-machine/tasks/main.yml | 22 | ||||
| -rw-r--r-- | ansible/roles/mw-backend/tasks/main.yml | 1 | ||||
| -rw-r--r-- | ansible/roles/unix-machine/handlers/main.yml | 3 | ||||
| -rw-r--r-- | ansible/roles/unix-machine/tasks/main.yml | 31 | ||||
| -rw-r--r-- | ansible/sz-ds.yml | 4 |
10 files changed, 129 insertions, 31 deletions
diff --git a/ansible/host_vars/knot.yml b/ansible/host_vars/knot.yml index f7bc64a..d01de6e 100644 --- a/ansible/host_vars/knot.yml +++ b/ansible/host_vars/knot.yml @@ -1,10 +1,18 @@ lxc_containers: + mw: + state: started + ipv4: + address: 10.0.3.2 + netmask: 24 + gateway: 10.0.3.1 sz-prod: + state: started ipv4: address: 10.0.3.3 netmask: 24 gateway: 10.0.3.1 sz-test: + state: stopped ipv4: address: 10.0.3.4 netmask: 24 diff --git a/ansible/mw.yml b/ansible/mw.yml index 1ae18da..d4d6c1a 100644 --- a/ansible/mw.yml +++ b/ansible/mw.yml @@ -5,5 +5,11 @@ - secrets.yml roles: - timezone - - lxc-machine - - mw-backend + tasks: + - name: unix-machine + import_role: name=unix-machine + tags: unix-machine + + - name: lxc-machine + import_role: name=lxc-machine + tags: lxc-machine diff --git a/ansible/roles/lxc-host/tasks/main.yml b/ansible/roles/lxc-host/tasks/main.yml index 676e27e..ba511c9 100644 --- a/ansible/roles/lxc-host/tasks/main.yml +++ b/ansible/roles/lxc-host/tasks/main.yml @@ -1,23 +1,11 @@ ---- -#- debug: -# msg: key="{{ item.key }}", ipv4="{{ item.value.ipv4 }}" -# with_dict: "{{ lxc_containers }}" -- name: Set IPv4 address - lineinfile: - path: "/var/lib/lxc/{{ item.key }}/config" - regexp: "lxc.network.ipv4 *=" - line: "lxc.network.ipv4 = {{ item.value.ipv4.address }}/{{ item.value.ipv4.netmask }}" - with_dict: "{{ lxc_containers }}" -- name: Set IPv4 gateway - lineinfile: - path: "/var/lib/lxc/{{ item.key }}/config" - regexp: "lxc.network.ipv4.gateway *=" - line: "lxc.network.ipv4.gateway = {{ item.value.ipv4.gateway }}" - insertafter: "lxc.network.ipv4 *=" - with_dict: "{{ lxc_containers }}" -- name: Set logfile - lineinfile: - path: "/var/lib/lxc/{{ item.key }}/config" - regexp: "lxc.logfile *=" - line: "lxc.logfile = /var/lib/lxc/{{ item.key }}/{{ item.key }}.log" +- name: Remove default network setup packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - python-lxc + +- include_tasks: per-host.yml + vars: + i: "{{ item }}" with_dict: "{{ lxc_containers }}" diff --git a/ansible/roles/lxc-host/tasks/per-host.yml b/ansible/roles/lxc-host/tasks/per-host.yml new file mode 100644 index 0000000..d38267e --- /dev/null +++ b/ansible/roles/lxc-host/tasks/per-host.yml @@ -0,0 +1,48 @@ +- debug: + msg: "LXC HOST: {{ i.key }}" + +- name: lxc.network.type = veth + register: type + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.network.type *=" + line: "lxc.network.type = veth" +- name: lxc.network.link = br0 + register: link + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.network.link *=" + line: "lxc.network.link = br0" +- name: Set IPv4 address {{ i.key }} + register: ipv4 + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.network.ipv4 *=" + line: "lxc.network.ipv4 = {{ i.value.ipv4.address }}/{{ i.value.ipv4.netmask }}" +- name: Set IPv4 gateway + register: ipv4_gateway + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.network.ipv4.gateway *=" + line: "lxc.network.ipv4.gateway = {{ i.value.ipv4.gateway }}" + insertafter: "lxc.network.ipv4 *=" +- name: Set logfile + register: logfile + lineinfile: + path: "/var/lib/lxc/{{ i.key }}/config" + regexp: "lxc.logfile *=" + line: "lxc.logfile = /var/lib/lxc/{{ i.key }}/{{ i.key }}.log" + +#- name: state? +# debug: +# msg: "state={{ i.value.state }}" +#- name: do restart? +# debug: +# msg: "DO RESTART: {{ i.key }}" +# when: i.value.state == 'started' + +- name: restart lxc container {{ i.key }} + when: i.value.state == 'started' and (type.changed or link.changed or ipv4.changed or logfile.changed) + lxc_container: + name: "{{ i.key }}" + state: restarted diff --git a/ansible/roles/lxc-machine/handlers/main.yml b/ansible/roles/lxc-machine/handlers/main.yml index 3f96231..bb3f202 100644 --- a/ansible/roles/lxc-machine/handlers/main.yml +++ b/ansible/roles/lxc-machine/handlers/main.yml @@ -3,4 +3,3 @@ service: name: systemd-sysctl.service state: restarted - diff --git a/ansible/roles/lxc-machine/tasks/main.yml b/ansible/roles/lxc-machine/tasks/main.yml index e75dcd9..c60b9e8 100644 --- a/ansible/roles/lxc-machine/tasks/main.yml +++ b/ansible/roles/lxc-machine/tasks/main.yml @@ -1,10 +1,12 @@ -- name: disable ipv6 - tags: - - disable-ipv6 - copy: - dest: /etc/sysctl.d/99-disable-ipv6.conf - content: net.ipv6.conf.all.disable_ipv6=1 +- tags: enable-ipv6 + file: + path: "/etc/sysctl.d/{{ item }}" + state: absent notify: restart sysctl + with_items: + - 99-ipv6.conf + - 99-enable-ipv6.conf + - 99-disable-ipv6.conf - name: /etc/hosts copy: @@ -18,6 +20,14 @@ ff02::1 ip6-allnodes ff02::2 ip6-allrouters +- name: Remove default network setup packages + apt: + name: "{{ item }}" + state: absent + with_items: + - ifupdown + - net-tools + - name: system setup tags: - packages diff --git a/ansible/roles/mw-backend/tasks/main.yml b/ansible/roles/mw-backend/tasks/main.yml index bbe7473..d1abd8c 100644 --- a/ansible/roles/mw-backend/tasks/main.yml +++ b/ansible/roles/mw-backend/tasks/main.yml @@ -24,6 +24,7 @@ - meta: flush_handlers +# TODO: Remove, use unix-machine instead - name: packages apt: name: "{{ item }}" diff --git a/ansible/roles/unix-machine/handlers/main.yml b/ansible/roles/unix-machine/handlers/main.yml new file mode 100644 index 0000000..ce78323 --- /dev/null +++ b/ansible/roles/unix-machine/handlers/main.yml @@ -0,0 +1,3 @@ +- name: update apt cache + apt: + update_cache: yes diff --git a/ansible/roles/unix-machine/tasks/main.yml b/ansible/roles/unix-machine/tasks/main.yml new file mode 100644 index 0000000..78e346a --- /dev/null +++ b/ansible/roles/unix-machine/tasks/main.yml @@ -0,0 +1,31 @@ +- name: /etc/apt/apt.conf.d/99force-ipv4 + copy: + dest: /etc/apt/apt.conf.d/99force-ipv4 + content: 'Acquire::ForceIPv4 "true";' +- name: /etc/apt/sources.list + notify: update apt cache + copy: + dest: /etc/apt/sources.list + content: | + deb [arch=i386] http://deb.debian.org/debian stretch main contrib non-free + deb [arch=i386] http://security.debian.org/ stretch/updates main contrib non-free + +- meta: flush_handlers + +# Make sure etckeeper installed very early +- name: packages (early) + tags: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - git + - etckeeper + +- name: packages + tags: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - iputils-ping diff --git a/ansible/sz-ds.yml b/ansible/sz-ds.yml index 354a069..58252b7 100644 --- a/ansible/sz-ds.yml +++ b/ansible/sz-ds.yml @@ -5,6 +5,10 @@ roles: - timezone tasks: + - name: unix-machine + import_role: name=unix-machine + tags: unix-machine + - name: lxc-machine import_role: name=lxc-machine tags: lxc-machine |