Browse Source

ansible

wip
aynic.os 7 months ago
parent
commit
ce449b3966
  1. 2
      CHANGELOG.md
  2. 2
      Makefile
  3. 4
      ansible/ansible.mk
  4. 17
      ansible/def.ansible.mk
  5. 8
      ansible/install.mk
  6. 21
      ansible/inventories/host_vars/default
  7. 32
      ansible/inventories/host_vars/localhost
  8. 49
      ansible/inventories/host_vars/myos
  9. 2
      ansible/playbooks/aws-cli.yml
  10. 2
      ansible/playbooks/disks.yml
  11. 21
      ansible/roles/aws-cli/tasks/main.yml
  12. 16
      ansible/roles/disks/tasks/main.yml
  13. 3
      ansible/roles/docker/defaults/main.yml
  14. 7
      ansible/roles/docker/tasks/check.yml
  15. 8
      ansible/roles/docker/tasks/package.yml
  16. 152
      ansible/roles/hosts/README.md
  17. 136
      ansible/roles/hosts/defaults/main.yml
  18. 18
      ansible/roles/hosts/files/.bash_profile
  19. 7
      ansible/roles/hosts/files/.dircolors_aliases
  20. 1
      ansible/roles/hosts/files/.docker_aliases
  21. 38
      ansible/roles/hosts/files/.profile
  22. 8
      ansible/roles/hosts/files/.resty_aliases
  23. 2
      ansible/roles/hosts/files/.sh_functions
  24. 5
      ansible/roles/hosts/files/.shrc
  25. 1
      ansible/roles/hosts/files/.vim_aliases
  26. 12
      ansible/roles/hosts/files/etc/profile.d/rc.sh
  27. 34
      ansible/roles/hosts/files/etc/profile.d/rc_functions.sh
  28. 1
      ansible/roles/hosts/files/etc/ssh/github.com.pub
  29. 7
      ansible/roles/hosts/tasks/cloudinit.yml
  30. 15
      ansible/roles/hosts/tasks/dir.yml
  31. 1
      ansible/roles/hosts/tasks/git.yml
  32. 13
      ansible/roles/hosts/tasks/main.yml
  33. 55
      ansible/roles/hosts/tasks/ssh.yml
  34. 67
      ansible/roles/hosts/tasks/user.yml
  35. 0
      ansible/roles/hosts/templates/cloud.cfg.j2
  36. 3
      ansible/roles/hosts/templates/env.j2
  37. 22
      ansible/roles/hosts/templates/ssh_config.j2
  38. 31
      ansible/roles/hosts/templates/tmux_config.j2
  39. 1
      ansible/roles/hosts/templates/tmux_session.j2
  40. 10
      ansible/roles/hosts/tests/goss/bash.yml
  41. 12
      ansible/roles/hosts/tests/goss/bash_common.yml
  42. 13
      ansible/roles/hosts/tests/goss/bash_debian.yml
  43. 14
      ansible/roles/hosts/tests/goss/file.yml
  44. 5
      ansible/roles/hosts/tests/goss/main.yml
  45. 4
      ansible/roles/hosts/tests/goss/main_alpine.yml
  46. 5
      ansible/roles/hosts/tests/goss/main_debian.yml
  47. 5
      ansible/roles/hosts/tests/goss/main_redhat.yml
  48. 26
      ansible/roles/hosts/tests/goss/package.yml
  49. 12
      ansible/roles/hosts/tests/goss/package_alpine.yml
  50. 10
      ansible/roles/hosts/tests/goss/package_debian.yml
  51. 8
      ansible/roles/hosts/tests/goss/package_redhat.yml
  52. 9
      ansible/roles/hosts/tests/goss/root.yml
  53. 8
      ansible/roles/hosts/tests/goss/ssh.yml
  54. 10
      ansible/roles/hosts/vars/alpine.yml
  55. 4
      ansible/roles/hosts/vars/debian.yml
  56. 2
      ansible/roles/hosts/vars/fedora-5.yml
  57. 4
      ansible/roles/hosts/vars/redhat.yml
  58. 2
      aws/aws.mk
  59. 4
      docker/cli/Dockerfile
  60. 21
      docker/registrator/Dockerfile
  61. 4
      docker/theia/Dockerfile
  62. 17
      make/apps/common.mk
  63. 10
      make/apps/def.build.mk
  64. 2
      make/apps/def.docker.mk
  65. 12
      make/apps/def.mk
  66. 19
      make/apps/docker.mk
  67. 14
      make/apps/install.mk
  68. 2
      make/apps/myos/def.mk
  69. 10
      make/apps/myos/def.ssh.mk
  70. 24
      make/common.mk
  71. 3
      make/def.docker.mk
  72. 74
      make/def.mk
  73. 2
      make/env.mk
  74. 2
      make/monorepo/def.mk
  75. 30
      make/monorepo/subrepo.mk
  76. 1
      make/utils.mk
  77. 4
      packer/def.packer.ansible.mk
  78. 10
      packer/def.packer.mk
  79. 4
      stack/base.mk
  80. 10
      stack/base/base.yml

2
CHANGELOG.md

@ -2,4 +2,4 @@
## v1.0-alpha
First public release. Code as Doc.
First public release. Code is doc.

2
Makefile

@ -10,6 +10,6 @@ app-build: base install-build-config
$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call make,app-build-$(service)))
$(call make,docker-commit)
app-install: base node
app-install: ansible-run base node
app-start: ssh-add

4
ansible/ansible.mk

@ -20,9 +20,9 @@ ansible-pull@%: ssh-get-PrivateIpAddress-$(SERVER_NAME)
# target ansible-run: Fire ssh-add ansible-run-localhost
.PHONY: ansible-run
ansible-run: ssh-add ansible-run-localhost
ansible-run: ansible-run-localhost
# target ansible-run-%: Fire docker-build-ansible, Call ansible-playbook ANSIBLE_PLAYBOOK
.PHONY: ansible-run-%
ansible-run-%: $(if $(DOCKER_RUN),docker-build-ansible)
ansible-run-%: $(if $(DOCKER_RUN),docker-build-ansible,install-ansible)
$(call ansible-playbook,$(if $(ANSIBLE_TAGS),--tags $(ANSIBLE_TAGS)) $(if $(ANSIBLE_EXTRA_VARS),--extra-vars '$(patsubst target=localhost,target=$*,$(ANSIBLE_EXTRA_VARS))') $(if $(findstring true,$(DRYRUN)),--check) $(if $(ANSIBLE_INVENTORY),--inventory $(ANSIBLE_INVENTORY)) $(ANSIBLE_PLAYBOOK))

17
ansible/def.ansible.mk

@ -1,3 +1,4 @@
ANSIBLE_ARGS ?= $(if $(filter-out 0,$(UID)),$(if $(shell sudo -l 2>/dev/null |grep 'NOPASSWD: ALL'),,-K))$(if $(DOCKER_RUN),$(if $(shell ssh-add -l >/dev/null 2>&1 || echo false), -k))
ANSIBLE_AWS_ACCESS_KEY_ID ?= $(AWS_ACCESS_KEY_ID)
ANSIBLE_AWS_DEFAULT_OUTPUT ?= $(AWS_DEFAULT_OUTPUT)
ANSIBLE_AWS_DEFAULT_REGION ?= $(AWS_DEFAULT_REGION)
@ -9,19 +10,25 @@ ANSIBLE_DISKS_NFS_PATH ?= $(NFS_PATH)
ANSIBLE_DOCKER_IMAGE_TAG ?= $(DOCKER_IMAGE_TAG)
ANSIBLE_DOCKER_REGISTRY ?= $(DOCKER_REGISTRY)
ANSIBLE_EXTRA_VARS ?= target=localhost
ANSIBLE_GIT_DIRECTORY ?= /src/$(subst git@,,$(subst ssh://,,$(GIT_REPOSITORY)))
ANSIBLE_GIT_DIRECTORY ?= /src/$(subst $(space),/,$(strip $(call reverse,$(subst ., ,$(APP_REPOSITORY_HOST)))))/$(APP_REPOSITORY_PATH)
ANSIBLE_GIT_KEY_FILE ?= $(if $(ANSIBLE_SSH_PRIVATE_KEYS),~$(ANSIBLE_USERNAME)/.ssh/$(notdir $(firstword $(ANSIBLE_SSH_PRIVATE_KEYS))))
ANSIBLE_GIT_REPOSITORY ?= $(GIT_REPOSITORY)
ANSIBLE_GIT_VERSION ?= $(BRANCH)
ANSIBLE_INVENTORY ?= ansible/inventories
ANSIBLE_PLAYBOOK ?= ansible/playbook.yml
ANSIBLE_SSH_PRIVATE_KEYS ?= $(SSH_PRIVATE_KEYS)
ANSIBLE_SSH_AUTHORIZED_KEYS ?= $(strip $(SSH_AUTHORIZED_KEYS))
ANSIBLE_SSH_BASTION_HOSTNAME ?= $(firstword $(SSH_BASTION_HOSTNAME))
ANSIBLE_SSH_BASTION_USERNAME ?= $(firstword $(SSH_BASTION_USERNAME))
ANSIBLE_SSH_PRIVATE_IP_RANGE ?= $(strip $(SSH_PRIVATE_IP_RANGE))
ANSIBLE_SSH_PRIVATE_KEYS ?= $(strip $(SSH_PRIVATE_KEYS))
ANSIBLE_SSH_PUBLIC_HOSTS ?= $(strip $(SSH_PUBLIC_HOSTS))
ANSIBLE_SSH_USERNAME ?= $(firstword $(SSH_USER))
ANSIBLE_SERVER_NAME ?= $(SERVER_NAME)
ANSIBLE_USERNAME ?= root
ANSIBLE_USERNAME ?= $(USER)
ANSIBLE_VERBOSE ?= $(if $(DEBUG),-vvvv,$(if $(VERBOSE),-v))
CMDS += ansible ansible-playbook
DOCKER_RUN_OPTIONS += --add-host=host.docker.internal:$(DOCKER_INTERNAL_DOCKER_HOST)
ENV_VARS += ANSIBLE_AWS_ACCESS_KEY_ID ANSIBLE_AWS_DEFAULT_OUTPUT ANSIBLE_AWS_DEFAULT_REGION ANSIBLE_AWS_SECRET_ACCESS_KEY ANSIBLE_CONFIG ANSIBLE_DISKS_NFS_DISK ANSIBLE_DISKS_NFS_OPTIONS ANSIBLE_DISKS_NFS_PATH ANSIBLE_DOCKER_IMAGE_TAG ANSIBLE_DOCKER_REGISTRY ANSIBLE_EXTRA_VARS ANSIBLE_GIT_DIRECTORY ANSIBLE_GIT_KEY_FILE ANSIBLE_GIT_REPOSITORY ANSIBLE_GIT_VERSION ANSIBLE_INVENTORY ANSIBLE_PLAYBOOK ANSIBLE_SSH_PRIVATE_KEYS ANSIBLE_USERNAME ANSIBLE_VERBOSE
ENV_VARS += ANSIBLE_AWS_ACCESS_KEY_ID ANSIBLE_AWS_DEFAULT_OUTPUT ANSIBLE_AWS_DEFAULT_REGION ANSIBLE_AWS_SECRET_ACCESS_KEY ANSIBLE_CONFIG ANSIBLE_DISKS_NFS_DISK ANSIBLE_DISKS_NFS_OPTIONS ANSIBLE_DISKS_NFS_PATH ANSIBLE_DOCKER_IMAGE_TAG ANSIBLE_DOCKER_REGISTRY ANSIBLE_EXTRA_VARS ANSIBLE_GIT_DIRECTORY ANSIBLE_GIT_KEY_FILE ANSIBLE_GIT_REPOSITORY ANSIBLE_GIT_VERSION ANSIBLE_INVENTORY ANSIBLE_PLAYBOOK ANSIBLE_SSH_AUTHORIZED_KEYS ANSIBLE_SSH_BASTION_HOSTNAME ANSIBLE_SSH_BASTION_USERNAME ANSIBLE_SSH_PRIVATE_IP_RANGE ANSIBLE_SSH_PRIVATE_KEYS ANSIBLE_SSH_PUBLIC_HOSTS ANSIBLE_SSH_USERNAME ANSIBLE_USERNAME ANSIBLE_VERBOSE
# function ansible: Call run ansible ANSIBLE_ARGS with arg 1
define ansible
@ -37,5 +44,5 @@ endef
## TODO: run ansible in docker and target localhost outside docker when DOCKER=true
define ansible-pull
$(call INFO,ansible-pull,$(1))
$(RUN) $(call env-run,ansible-pull $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(1))
$(call env-run,$(RUN) ansible-pull $(ANSIBLE_ARGS) $(ANSIBLE_VERBOSE) $(1))
endef

8
ansible/install.mk

@ -0,0 +1,8 @@
##
# INSTALL
# target install-ansible; Install ansible on local host
.PHONY: install-ansible
install-ansible:
$(if $(shell type -p ansible),,$(RUN) $(INSTALL) ansible)

21
ansible/inventories/host_vars/default

@ -16,21 +16,12 @@ hosts_git_repositories:
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
hosts_packages:
- { "name": "ansible", "state": "present" }
- { "name": "coreutils", "state": "present" }
- { "name": "curl", "state": "present" }
- { "name": "git", "state": "present" }
- { "name": "groff", "state": "present" }
- { "name": "htop", "state": "present" }
- { "name": "less", "state": "present" }
- { "name": "lsof", "state": "present" }
- { "name": "make", "state": "present" }
- { "name": "openssh-client", "state": "present" }
- { "name": "util-linux", "state": "present" }
- { "name": "vim", "state": "present" }
- { "name": "zsh", "state": "present" }
hosts_ssh_private_keys: "{{ lookup('env','ANSIBLE_SSH_PRIVATE_KEYS').split(' ').default([]) }}"
hosts_ssh_users:
- aya
hosts_rc_functions:
- 10_prompt_set
- 10_ps1_set
- 30_pfetch
- 30_screen_attach
- 40_ssh_add
hosts_user_env:
- ANSIBLE_AWS_ACCESS_KEY_ID
- ANSIBLE_AWS_SECRET_ACCESS_KEY

32
ansible/inventories/host_vars/localhost

@ -1,25 +1,23 @@
---
# file: inventories/host_vars/localhost
aws_access_key_id: "{{ lookup('env','ANSIBLE_AWS_ACCESS_KEY_ID') }}"
aws_output_format: "{{ lookup('env','ANSIBLE_AWS_DEFAULT_OUTPUT') or 'json' }}"
aws_region: "{{ lookup('env','ANSIBLE_AWS_DEFAULT_REGION') or 'eu-west-1' }}"
aws_secret_access_key: "{{ lookup('env','ANSIBLE_AWS_SECRET_ACCESS_KEY') }}"
disks_additional_disks:
- disk: /dev/xvdb
disable_periodic_fsck: true
fstype: ext4
mount_options: defaults
mount: /var/lib/docker
service: docker
- disk: "{{ lookup('env','ANSIBLE_DISKS_NFS_DISK') }}"
fstype: nfs
mount_options: "{{ lookup('env','ANSIBLE_DISKS_NFS_OPTIONS') }}"
mount: "{{ lookup('env','ANSIBLE_DISKS_NFS_PATH') }}"
disks_additional_services:
- rpc.statd
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
hosts_enable_local: true
hosts_enable_rc: true
hosts_enable_zram: true
hosts_git_repositories:
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
hosts_packages:
- { "name": "ansible", "state": "present" }
hosts_user_env:
- ANSIBLE_CONFIG
- ANSIBLE_DOCKER_IMAGE_TAG
- ANSIBLE_DOCKER_REGISTRY
- ANSIBLE_EXTRA_VARS
- ANSIBLE_GIT_DIRECTORY
- ANSIBLE_GIT_KEY_FILE
- ANSIBLE_GIT_REPOSITORY
- ANSIBLE_INVENTORY
- ANSIBLE_PLAYBOOK
- ENV

49
ansible/inventories/host_vars/myos

@ -0,0 +1,49 @@
---
# file: inventories/host_vars/myos
aws_access_key_id: "{{ lookup('env','ANSIBLE_AWS_ACCESS_KEY_ID') }}"
aws_output_format: "{{ lookup('env','ANSIBLE_AWS_DEFAULT_OUTPUT') or 'json' }}"
aws_region: "{{ lookup('env','ANSIBLE_AWS_DEFAULT_REGION') or 'eu-west-1' }}"
aws_secret_access_key: "{{ lookup('env','ANSIBLE_AWS_SECRET_ACCESS_KEY') }}"
disks_additional_disks:
- disk: /dev/xvdb
disable_periodic_fsck: true
fstype: ext4
mount_options: defaults
mount: /var/lib/docker
service: docker
- disk: "{{ lookup('env','ANSIBLE_DISKS_NFS_DISK') }}"
fstype: nfs
mount_options: "{{ lookup('env','ANSIBLE_DISKS_NFS_OPTIONS') }}"
mount: "{{ lookup('env','ANSIBLE_DISKS_NFS_PATH') }}"
disks_additional_services:
- rpc.statd
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
hosts_enable_local: true
hosts_enable_rc: true
hosts_enable_zram: true
hosts_packages:
- { "name": "ansible", "state": "present" }
hosts_rc_functions:
- 10_prompt_set
- 10_ps1_set
- 30_pfetch
- 30_screen_attach
- 40_ssh_add
hosts_user_env:
- ANSIBLE_AWS_ACCESS_KEY_ID
- ANSIBLE_AWS_SECRET_ACCESS_KEY
- ANSIBLE_CONFIG
- ANSIBLE_DISKS_NFS_DISK
- ANSIBLE_DISKS_NFS_OPTIONS
- ANSIBLE_DISKS_NFS_PATH
- ANSIBLE_DOCKER_IMAGE_TAG
- ANSIBLE_DOCKER_REGISTRY
- ANSIBLE_EXTRA_VARS
- ANSIBLE_GIT_DIRECTORY
- ANSIBLE_GIT_KEY_FILE
- ANSIBLE_GIT_REPOSITORY
- ANSIBLE_INVENTORY
- ANSIBLE_PLAYBOOK
- ENV

2
ansible/playbooks/aws-cli.yml

@ -1,6 +1,6 @@
---
# file: playbooks/aws-cli.yml
- hosts: '{{ target | default("all") }}'
- hosts: '{{ target | default("aws") }}'
roles:
- aws-cli

2
ansible/playbooks/disks.yml

@ -1,6 +1,6 @@
---
# file: playbooks/disks.yml
- hosts: '{{ target | default("all") }}'
- hosts: '{{ target | default("disks") }}'
roles:
- disks

21
ansible/roles/aws-cli/tasks/main.yml

@ -101,16 +101,17 @@
tags: 'aws'
when: ec2_tags.tags is defined
- name: aws - prune docker objects (including non-dangling images)
docker_prune:
containers: yes
images: yes
images_filters:
dangling: false
networks: yes
volumes: yes
builder_cache: yes
tags: 'aws'
# ansible v2.8
# - name: aws - prune docker objects
# docker_prune:
# containers: yes
# images: yes
# images_filters:
# dangling: false
# networks: yes
# volumes: yes
# builder_cache: yes
# tags: 'aws'
- name: aws - launch docker containers
docker_container:

16
ansible/roles/disks/tasks/main.yml

@ -3,23 +3,27 @@
name=py3-pip
state=present
when: ansible_os_family|lower == "alpine"
become: yes
- name: 'Install Python PIP'
package: >
name=python-pip
state=present
when: ansible_os_family|lower != "alpine"
become: yes
- name: 'Install python-pathlib'
pip: >
name=pathlib
state=present
become: yes
- name: "Discover NVMe EBS"
disks_ebs_config:
config: "{{ disks_additional_disks }}"
register: __disks_ebs_config
when: disks_discover_aws_nvme_ebs | default(True) | bool
become: yes
- set_fact:
disks_additional_disks: "{{ disks_additional_disks|defaut([]) + __disks_ebs_config['ansible_facts']['config'] }}"
@ -32,6 +36,7 @@
use: '{{ disks_package_use }}'
when: disks_additional_disks
tags: ['disks', 'pkgs']
become: yes
- name: "Install additional fs progs"
package:
@ -40,6 +45,7 @@
with_items: "{{ disks_additional_packages|default([]) }}"
when: disks_additional_packages is defined
tags: ['disks', 'pkgs']
become: yes
- name: disks - start additional services
service:
@ -48,6 +54,7 @@
state: started
with_items: "{{ disks_additional_services|default([]) }}"
tags: ['disks', 'pkgs']
become: yes
- name: "Get disk alignment for disks"
shell: |
@ -85,6 +92,7 @@
executable: '/bin/bash'
with_items: '{{ disks_additional_disks }}'
tags: ['disks']
become: yes
- name: "Create filesystem on the first partition"
filesystem:
@ -97,6 +105,7 @@
- '{{ disks_stat.results }}'
when: item.1.stat.exists
tags: ['disks']
become: yes
- name: "Disable periodic fsck and reserved space on ext3 or ext4 formatted disks"
environment:
@ -107,6 +116,7 @@
- '{{ disks_stat.results }}'
when: "disks_additional_disks and ( item.0.fstype == 'ext4' or item.0.fstype == 'ext3' ) and item.0.disable_periodic_fsck|default(false)|bool and item.1.stat.exists"
tags: ['disks']
become: yes
- name: "Ensure the mount directory exists"
file:
@ -114,6 +124,7 @@
state: directory
with_items: '{{ disks_additional_disks }}'
tags: ['disks']
become: yes
- name: "Get UUID for partition"
environment:
@ -145,6 +156,7 @@
register: disks_additional_disks_handler_notify
notify:
- restart services
become: yes
- name: "Mount additional disks - nfs"
mount:
@ -159,6 +171,7 @@
register: disks_additional_disks_nfs_handler_notify
notify:
- restart services - nfs
become: yes
- name: "Ensure the permissions are set correctly"
file:
@ -168,6 +181,7 @@
state: directory
with_items: '{{ disks_additional_disks }}'
when: item.user is defined or item.group is defined
tags: ['disk']
tags: ['disks']
become: yes
- meta: flush_handlers

3
ansible/roles/docker/defaults/main.yml

@ -4,9 +4,6 @@
# minimum kernel version
docker_check_kernel: '3.10'
# architecture
docker_check_machine: 'x86_64'
# The docker package name
docker_package: docker

7
ansible/roles/docker/tasks/check.yml

@ -7,10 +7,3 @@
docker requires a minimum kernel version of {{docker_check_kernel}}
on {{ansible_distribution}} {{ansible_distribution_version}}
when: ansible_kernel is version(docker_check_kernel, "<")
- name: check - machine architecture
fail:
msg: >
docker requires a {{docker_check_machine}} version
of {{ansible_distribution}} {{ansible_distribution_version}}
when: ansible_machine != docker_check_machine

8
ansible/roles/docker/tasks/package.yml

@ -9,11 +9,17 @@
- name: package - add docker GPG key
apt_key: url=https://download.docker.com/linux/debian/gpg
when: ansible_os_family|lower == "debian"
become: yes
- name: package - define arch
set_fact:
docker_apt_arch: "{% if ansible_machine == 'aarch64' %}arm64{% endif %}{% if ansible_machine == 'x86_64' %}amd64{% endif %}"
- name: add docker APT repository
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable
repo: deb [arch={{docker_apt_arch}}] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable
when: ansible_os_family|lower == "debian"
become: yes
- name: package - add docker package
package: name="{{docker_package}}" state=present

152
ansible/roles/hosts/README.md

@ -1,21 +1,21 @@
# Ansible role to customize servers
An ansible role to customize your servers after a fresh install
An ansible role to customize servers after a fresh install
## Role Variables
* `hosts_ssh_users` - A list of github usernames. We will fetch ssh keys from their github account and add it to the authorized_keys of the ansible user.
* `hosts_enable_cloudinit` - Install and configure cloud-init
``` yaml
# a list of github usernames to get public keys
hosts_ssh_users: []
# enable cloud-init
hosts_enable_cloudinit: false
```
* `hosts_enable_zram` - Activate zram swap devices. This option allows to create virtual swap devices compressed in RAM. It can increase hosts performances, specially on hosts without physical swap.
* `hosts_enable_local` - Run ansible pull at boot
``` yaml
# Activate zram swap devices
hosts_enable_zram: false
# enable rc.local script
hosts_enable_local: false
```
* `hosts_enable_rc` - Run user specific functions on ssh connection. This allow a user to customize his session when connecting to a server, like attaching automaticaly a screen session for example.
@ -25,80 +25,136 @@ hosts_enable_zram: false
hosts_enable_rc: false
```
* `hosts_enable_zram` - Activate zram swap devices. This option allows to create virtual swap devices compressed in RAM. It can increase hosts performances, specially on hosts without physical swap.
``` yaml
# Activate zram swap devices
hosts_enable_zram: false
```
* `hosts_git_repositories` - Clone git repositories.
``` yaml
# git repositories to clone
hosts_git_repositories:
- { "repo": "https://github.com/aya/myos", "dest": "/src/com/github/aya/myos", "key_file": "~/.ssh/id_rsa", "version": "master" }
```
* `hosts_packages` - A list of packages to install on your servers. This list should be overrided for a specific distro.
``` yaml
# packages specific to a distribution
hosts_packages: []
```
* `hosts_packages_common` - A common list of packages to install on your servers. This list should be common to all distros.
``` yaml
# packages common to all distributions
hosts_packages_common:
- { "name": "bash", "state": "present" }
```
* `hosts_packages_distro` - A list of packages to install on your servers. This list is specific to your distro.
``` yaml
# packages specific to a distribution
hosts_packages_distro:
- { "name": "vim-nox", "state": "present" }
```
* `hosts_rc_functions` - List of user specific functions to run on ssh connection. Here you can add any function to be called when you connect to the host. Default functions are available in the /etc/profile.d/rc_functions.sh file.
``` yaml
# list of rc functions to call at user connection
hosts_rc_functions:
# customize PS1 variable
- 01_custom_ps1
# customize PROMPT variable
# - 02_custom_prompt
# launch a ssh agent and load all private keys located in ~/.ssh
# - 03_ssh_agent
# create and/or attach a tmux session
# - 04_attach_tmux
# create and/or attach a screen session
- 05_attach_screen
# load shell functions
- 00_source
# customize PROMPT variable
- 10_prompt_set
# customize PS1 variable
- 10_ps1_set
# create and/or attach a tmux session
- 20_tmux_attach
# display host infos
- 30_pfetch
# create and/or attach a screen session
- 30_screen_attach
# launch ssh agent and load private keys in ~/.ssh
- 40_ssh_add
```
* `hosts_rc_cleanup` - List of rc functions you do not want to run anymore. If you had previously activated a rc function in `hosts_rc_functions`, you can add it to `hosts_rc_cleanup` to disable it.
``` yaml
# list of rc functions to cleanup (remove files)
# hosts_rc_cleanup:
# - 03_ssh_agent
# - 04_attach_tmux
hosts_rc_cleanup:
- 01_custom_ps1
- 02_custom_prompt
- 03_ssh_agent
- 04_attach_tmux
- 05_attach_screen
```
* `hosts_etc_bashrc` - The location of the /etc/bashrc file on the current distro
* `hosts_ssh_authorized_keys` - A list of urls. Fetch ssh public keys from urls and add them to file ~/.ssh/authorized_keys of the ansible user.
``` yaml
# location of /etc/bashrc
hosts_etc_bashrc: /etc/bashrc
# a list of urls to get ssh public keys
hosts_ssh_authorized_keys:
- https://github.com/aya.keys
```
* `hosts_packages` - A list of packages to install on your servers. This list should be overrided for a specific distro.
* `hosts_ssh_bastion_hostname` - Hostname of ssh bastion. Needed to add myos-bastion to file ~/.ssh/myos/config of the ansible user.
``` yaml
# packages specific to a distribution
hosts_packages: []
# hostname of myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_bastion_hostname: 8.4.2.1
```
* `hosts_packages_common` - A common list of packages to install on your servers. This list should be common to all distros.
* `hosts_ssh_bastion_username` - Username of ssh bastion. Needed to add myos-bastion to file ~/.ssh/myos/config of the ansible user.
``` yaml
# packages common to all distributions
hosts_packages_common:
- { "name": "bash", "state": "present" }
- { "name": "ca-certificates", "state": "present" }
- { "name": "rsync", "state": "present" }
- { "name": "screen", "state": "present" }
- { "name": "tzdata", "state": "present" }
# hostname of myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_bastion_username: root
```
## Example
* `hosts_ssh_private_ip_range` - Ip range to pass through ssh bastion.
To launch this role on your `hosts` servers, run the default playbook.
``` yaml
# ip range proxyfied through myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_private_ip_range: 10.* 192.168.42.*
```
``` bash
$ ansible-playbook playbook.yml
* `hosts_ssh_private_keys` - A list of ssh private keys to copy. Default to ~/.ssh/id_rsa
``` yaml
# a list of urls to get ssh public keys
hosts_ssh_private_keys:
- ~/.ssh/id_rsa
```
It will install the following packages : bash, ca-certificates, rsync, screen, tzdata and vim (plus libselinux-python on redhat).
* `hosts_ssh_public_hosts` - A list of host names to get ssh fingerprint
## Common configurations
``` yaml
# a list of public hosts to add to ~/.ssh/known_hosts
hosts_ssh_public_hosts:
- github.com
- gitlab.com
```
This example configuration will add the [ssh keys from aya's github user](https://github.com/aya.keys) to your remote ~/.ssh/authorized_keys.
It will create a ~/.rc.d and touch 01_custom_ps1 and 02_attach_screen files into this directory, resulting in a customized PS1 and automaticaly attaching a screen on (re)connection on the remote server.
* `hosts_ssh_username` - ssh user used to ssh on remote hosts
``` yaml
hosts_ssh_users:
- aya
hosts_enable_rc: true
hosts_rc_functions:
- 01_custom_ps1
- 02_attach_screen
# ssh username to ssh on remote hosts
hosts_ssh_username: root
```
## Example
To launch this role on your `hosts` servers, run the default playbook.
``` bash
$ ansible-playbook playbook.yml
```
## Tests

136
ansible/roles/hosts/defaults/main.yml

@ -1,72 +1,7 @@
---
# file: defaults/main.yml
# enable cloud-init
hosts_enable_cloudinit: false
# enable rc.local script
hosts_enable_local: false
# run user specific rc functions on ssh connection
hosts_enable_rc: false
# Activate zram swap devices on host
hosts_enable_zram: false
# git repositories to clone
hosts_git_repositories: []
# - { "repo": "ssh://git@github.com/aya/infra", "dest": "/src" }
# list of rc functions to call at user connection
hosts_rc_functions:
# customize PS1 variable
- 01_custom_ps1
# customize PROMPT variable
- 02_custom_prompt
# launch a ssh agent and load all private keys located in ~/.ssh
- 03_ssh_agent
# create and/or attach a tmux session
# - 04_attach_tmux
# create and/or attach a screen session
- 05_attach_screen
# display system information
- 06_pfetch
# list of rc functions to cleanup (remove files)
# hosts_rc_cleanup:
# - 03_ssh_agent
# - 04_attach_tmux
# packages to install
hosts_packages: []
# packages specific to a distribution
hosts_packages_distro: []
# packages common to all distributions
hosts_packages_common:
- { "name": "bash", "state": "present" }
- { "name": "ca-certificates", "state": "present" }
- { "name": "rsync", "state": "present" }
- { "name": "screen", "state": "present" }
- { "name": "tzdata", "state": "present" }
# a list of SSH private keys to copy
hosts_ssh_private_keys: []
# - ~/.ssh/id_rsa
# a list of public hosts keys to add to known_hosts
hosts_ssh_public_hosts_keys:
- { "name": "github.com", "key": "files/etc/ssh/github.com.pub" }
# a list of github usernames to get public keys
hosts_ssh_users: []
# - aya
# a list of environment variables to write to user ~/.env
hosts_user_env: []
# - SHELL
# cloud-init config
hosts_cloudinit_config:
users:
- default
@ -140,3 +75,72 @@ hosts_cloudinit_config:
templates_dir: /etc/cloud/templates/
ssh_svcname: sshd
# enable cloud-init
hosts_enable_cloudinit: false
# enable rc.local script
hosts_enable_local: false
# run user specific rc functions on ssh connection
hosts_enable_rc: false
# Activate zram swap devices on host
hosts_enable_zram: false
# git repositories to clone
hosts_git_repositories: []
# packages to install
hosts_packages: []
# packages common to all distributions
hosts_packages_common:
- { "name": "bash", "state": "present" }
- { "name": "ca-certificates", "state": "present" }
- { "name": "curl", "state": "present" }
- { "name": "git", "state": "present" }
- { "name": "htop", "state": "present" }
- { "name": "less", "state": "present" }
- { "name": "lsof", "state": "present" }
- { "name": "make", "state": "present" }
- { "name": "rsync", "state": "present" }
- { "name": "screen", "state": "present" }
- { "name": "tmux", "state": "present" }
- { "name": "tzdata", "state": "present" }
# packages specific to a distribution
hosts_packages_distro: []
# list of rc functions to cleanup (remove files)
hosts_rc_cleanup: []
# list of rc functions to call at user connection
hosts_rc_functions:
- 10_prompt_set
- 10_ps1_set
- 30_pfetch
- 40_ssh_add
# a list of urls to get public keys to add to ~/.ssh/authorized_keys
hosts_ssh_authorized_keys: "{{ lookup('env','ANSIBLE_SSH_AUTHORIZED_KEYS').split(' ') }}"
# hostname of myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_bastion_hostname: "{{ lookup('env','ANSIBLE_SSH_BASTION_HOSTNAME') }}"
# username of myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_bastion_username: "{{ lookup('env','ANSIBLE_SSH_BASTION_USERNAME') or ansible_user }}"
# ip range proxyfied through myos-bastion to add in ~/.ssh/myos/config
hosts_ssh_private_ip_range: "{{ lookup('env','ANSIBLE_SSH_PRIVATE_IP_RANGE') }}"
# a list of SSH private keys to copy
hosts_ssh_private_keys: "{{ lookup('env','ANSIBLE_SSH_PRIVATE_KEYS').split(' ') }}"
# a list of public hosts to add to known_hosts
hosts_ssh_public_hosts: "{{ lookup('env','ANSIBLE_SSH_PUBLIC_HOSTS').split(' ') }}"
# remote ssh user
hosts_ssh_username: "{{ lookup('env','ANSIBLE_SSH_USERNAME') or ansible_user }}"
# a list of environment variables to write to user ~/.env
hosts_user_env: []

18
ansible/roles/hosts/files/.bash_profile

@ -0,0 +1,18 @@
# ~/.bash_profile: executed by the command interpreter for bash login shell.
[ -f ~/.profile ] && source ~/.profile
# bash-completion
if ! shopt -oq posix && [ -z "${BASH_COMPLETION_VERSINFO-}" ]; then
if [ ${BASH_VERSINFO[0]} -gt 4 ] \
|| [ ${BASH_VERSINFO[0]} -eq 4 -a ${BASH_VERSINFO[1]} -ge 1 ]; then
shopt -q progcomp && for file in \
/{*/local,usr}/share/bash-completion/bash_completion \
/etc/bash_completion; do
[ -r "$file" ] && . "$file"
done
fi
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ]; then
. "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion"
fi
fi

7
ansible/roles/hosts/files/.dircolors_aliases

@ -0,0 +1,7 @@
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
alias dir='dir --color=auto'
alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'

1
ansible/roles/hosts/files/.docker_aliases

@ -0,0 +1 @@
alias ctop='docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop:latest'

38
ansible/roles/hosts/files/.profile

@ -0,0 +1,38 @@
# ~/.profile: executed by the command interpreter for login shells.
# set -x
umask 027
# source ~/.*aliases and ~/.*functions files
for source in aliases functions; do
for file in "$HOME"/.*"$source"; do
[ -f "$file" ] || continue
# remove $HOME/. prefix from file
file="${file#${HOME}/.}"
# remove _$source suffix from $file
command="${file%_$source}"
# source file if command exists, ie ~/.bash_aliases
command -v "$command" >/dev/null 2>&1 && . "${HOME}/.$file"
# remove $source suffix from $file, ie ~/.aliases
command="${file%$source}"
# source file if command empty, ie ~/.aliases
[ -z "$command" ] && . "${HOME}/.$file"
done
done
# source ~/.*shrc
for file in "$HOME"/.*shrc; do
[ -f "$file" ] || continue
# remove $HOME/. prefix from file
file="${file#${HOME}/.}"
# source file if match current shell
[ "$(basename ${SHELL})" = "${file%rc}" ] && . "${HOME}/.$file"
done
# set PATH to include user's bin
for path in /*/local/sbin /*/local/bin /*/local/*/bin "${HOME}"/.*/bin; do
[ -d "$path" ] || continue
case ":${PATH}:" in
*:"$path":*) ;;
*) export PATH="${path}:$PATH" ;;
esac
done

8
ansible/roles/hosts/files/.resty_aliases

@ -0,0 +1,8 @@
alias DELETE='resty-delete'
alias GET='resty-get'
alias HEAD='resty-head'
alias OPTIONS='resty-options'
alias PATCH='resty-patch'
alias POST='resty-post'
alias PUT='resty-put'
alias TRACE='resty-trace'

2
ansible/roles/hosts/files/.sh_functions

@ -0,0 +1,2 @@
gam () { "~/.gam/gam" "$@" ; }
gyb () { "~/.gyb/gyb" "$@" ; }

5
ansible/roles/hosts/files/.shrc

@ -0,0 +1,5 @@
export EDITOR=vim
export GIT_PS1_SHOWUPSTREAM=auto
export GIT_PS1_SHOWDIRTYSTATE=true
export GIT_PS1_HIDE_IF_PWD_IGNORED=true
export PAGER=less

1
ansible/roles/hosts/files/.vim_aliases

@ -0,0 +1 @@
alias vi='vim'

12
ansible/roles/hosts/files/etc/profile.d/rc.sh

@ -1,11 +1,11 @@
# shellcheck shell=sh
## rc.sh calls user defined functions
# author: Yann "aya" Autissier
# license: MIT
# updated: 2021/03/04
# file rc.sh: Call user defined functions
## author: Yann "aya" Autissier
## license: MIT
## version: 20210620
case $- in
# if we are in an interactive shell
# if this is an interactive shell
*i*)
# load user stuff from ~/.rc.d/* files
for file in "${HOME}"/.rc.d/*; do
@ -41,3 +41,5 @@ case $- in
unset IFS
;;
esac
# vim:ts=2:sw=2:sts=2:et

34
ansible/roles/hosts/files/etc/profile.d/rc_functions.sh

@ -1,10 +1,10 @@
# shellcheck shell=sh
## rc_function.sh defines customs shell functions
# author: Yann "aya" Autissier
# license: MIT
# updated: 2021/03/04
# file rc_functions.sh: Define shell functions
## author: Yann "aya" Autissier
## license: MIT
## version: 20210620
## force() runs a command sine die
# function force: Run a command sine die
force() {
if [ $# -gt 0 ]; then
while true; do
@ -14,7 +14,7 @@ force() {
fi
}
## force8() runs a command sine die if not already running
# function force8: Run a command sine die if not already running
force8() {
if [ $# -gt 0 ]; then
while true; do
@ -38,13 +38,13 @@ force8() {
fi
}
## load_average() prints the current load average
# function load_average; Print the current load average
load_average() {
awk '{printf "%.1f\n" $1}' /proc/loadavg 2>/dev/null\
|| uptime 2>/dev/null |awk '{printf "%.1f\n", $(NF-2)}'
}
## process_count() prints number of "processes"/"running processes"/"D-state"
# function process_count: Print number of "processes"/"running processes"/"D-state"
process_count() {
ps ax -o stat 2>/dev/null |awk '
$1 ~ /R/ {process_running++};
@ -52,7 +52,7 @@ process_count() {
END { print NR-1"/"process_running+0"/"process_dstate+0; }'
}
## prompt_set() exports custom PROMPT_COMMAND
# function prompt_set: Export custom PROMPT_COMMAND
prompt_set() {
case "${TERM}" in
screen*)
@ -81,7 +81,7 @@ prompt_set() {
unset ESCAPE_CODE_DCS ESCAPE_CODE_ST
}
## ps1_set() exports custom PS1
# function ps1_set: Export custom PS1
ps1_set() {
case "$0" in
*sh)
@ -164,7 +164,7 @@ ps1_set() {
PS1_USER PS1_USER_COLOR PS1_STATUS PS1_WORKDIR
}
## screen_attach() attaches existing screen session or creates a new one
# function screen_attach: Attach existing screen session or Create a new one
screen_attach() {
command -v screen >/dev/null 2>&1 || return
SCREEN_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')"
@ -182,12 +182,12 @@ screen_attach() {
unset SCREEN_SESSION
}
## screen_detach() detaches current screen session
# function screen_detach: Detach current screen session
screen_detach() {
screen -d
}
## ssh_add() loads all private keys in ~/.ssh/ to ssh agent
# function ssh_add: Load all private keys in ~/.ssh/ to ssh agent
ssh_add() {
command -v ssh-agent >/dev/null 2>&1 && command -v ssh-add >/dev/null 2>&1 || return
SSH_AGENT_DIR="/tmp/ssh-$(id -u)"
@ -224,7 +224,7 @@ ssh_add() {
unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_AGENT_DIR SSH_AGENT_SOCK SSH_PRIVATE_KEYS
}
## ssh_del() removes all private keys in ~/.ssh/ from ssh agent
# function ssh_del: removes all private keys in ~/.ssh/ from ssh agent
ssh_del() {
command -v ssh-add >/dev/null 2>&1 || return
# attach to agent
@ -250,7 +250,7 @@ ssh_del() {
unset GREP_RECURSIVE_CHAR GREP_RECURSIVE_FLAG SSH_PRIVATE_KEYS
}
## tmux_attach() attaches existing tmux session or creates a new one
# function tmux_attach: Attach existing tmux session or Create a new one
tmux_attach() {
command -v tmux >/dev/null 2>&1 || return
TMUX_SESSION="$(id -nu)@$(hostname |sed 's/\..*//')"
@ -263,12 +263,12 @@ tmux_attach() {
unset TMUX_SESSION
}
## tmux_detach() detaches current tmux session
# function tmux_detach: Detach current tmux session
tmux_detach() {
tmux detach
}
## user_count() prints number of "users sessions"/"users"/"logged users"
# function user_count: Print number of "users sessions"/"users"/"logged users"
user_count() {
ps ax -o user,tty 2>/dev/null |awk '
$2 ~ /^(pts|tty)/ { users_session++; logged[$1]++; };

1
ansible/roles/hosts/files/etc/ssh/github.com.pub

@ -1 +0,0 @@
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

7
ansible/roles/hosts/tasks/cloudinit.yml

@ -7,10 +7,9 @@
when: hosts_enable_cloudinit|default(false) and ansible_os_family|lower != "alpine"
- name: cloudinit - install cloud-init packages
apk: name="{{item.name}}" state="{{item.state}}"
apk:
name: cloud-init
state: present
name: "{{ item.name}}"
state: "{{ item.state }}"
repository:
- http://dl-cdn.alpinelinux.org/alpine/edge/main
- http://dl-cdn.alpinelinux.org/alpine/edge/testing
@ -25,7 +24,7 @@
- name: cloudinit - update /etc/cloud/cloud.cfg
template:
src: etc/cloud/cloud.cfg.j2
src: cloud.cfg.j2
dest: /etc/cloud/cloud.cfg
force: yes
when: hosts_enable_cloudinit|default(false)

15
ansible/roles/hosts/tasks/dir.yml

@ -0,0 +1,15 @@
---
# file: tasks/dir.yml
- name: dir - create directories
with_items:
- ~/.config
- ~/.config/git
- ~/.ssh
- ~/.ssh/myos
- ~/.tmux
- ~/.tmux/myos
file:
path: "{{item}}"
state: directory

1
ansible/roles/hosts/tasks/git.yml

@ -8,3 +8,4 @@
dest: "{{ item.dest|default('/src') }}"
key_file: "{{ item.key_file|default('~/.ssh/id_rsa') }}"
version: "{{ item.version|default('HEAD') }}"
become: yes

13
ansible/roles/hosts/tasks/main.yml

@ -10,21 +10,24 @@
- import_tasks: cloudinit.yml
tags:
- cloudinit
- import_tasks: packages.yml
tags:
- packages
- import_tasks: ssh.yml
- import_tasks: dir.yml
tags:
- ssh
- dir
- import_tasks: files.yml
tags:
- files
- import_tasks: git.yml
tags:
- git
- import_tasks: packages.yml
tags:
- packages
- import_tasks: service.yml
tags:
- service
- import_tasks: ssh.yml
tags:
- ssh
- import_tasks: user.yml
tags:
- user

55
ansible/roles/hosts/tasks/ssh.yml

@ -1,24 +1,30 @@
---
# file: tasks/ssh.yml
- name: ssh - add keys to file ~/.ssh/authorized_keys
authorized_key: user="root" key=https://github.com/{{item}}.keys
with_items: "{{hosts_ssh_users|default([])}}"
become: yes
- name: ssh - copy ssh private keys
with_items: "{{hosts_ssh_private_keys|default([])}}"
copy: src={{item}} dest=~/.ssh/ mode=0400
become: yes
- name: ssh - add ssh_authorized_keys to file ~/.ssh/authorized_keys
authorized_key: user="{{ ansible_user|default('root') }}" key="{{ item }}"
with_items: "{{ hosts_ssh_authorized_keys|default([]) }}"
ignore_errors: true
- name: ssh - add public hosts keys to known_hosts
with_items: "{{hosts_ssh_public_hosts_keys|default([])}}"
- name: ssh - add ssh_public_hosts keys to known_hosts
with_items: "{{ hosts_ssh_public_hosts|default([]) }}"
known_hosts:
name: "{{item.name}}"
key: "{{ lookup('file', '{{item.key}}') }}"
become: yes
name: "{{ item }}"
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa -H ' + item) }}"
ignore_errors: true
- name: ssh - define configuration
- name: ssh - copy ssh_private_keys to ~/.ssh/
with_items: "{{ hosts_ssh_private_keys|default([]) }}"
copy: src="{{ item }}" dest=~/.ssh/ mode=0400
ignore_errors: true
- name: ssh - update ~/.ssh/myos/config
template:
src: ssh_config.j2
dest: ~/.ssh/myos/config
mode: 0400
- name: ssh - define sshd configuration
set_fact:
sshd_config:
- dest: /etc/conf.d/dropbear
@ -27,22 +33,25 @@
- dest: /etc/ssh/sshd_config
line: Banner /etc/issue.net
regex: ^#?Banner
- dest: /etc/ssh/sshd_config
line: PermitRootLogin prohibit-password
regex: ^#?PermitRootLogin
- name: ssh - stat configuration file
- name: ssh - stat sshd configuration file
changed_when: false
register: sshd_config_stat
stat:
path: '{{item.dest}}'
with_items: '{{sshd_config|default([])}}'
path: "{{ item.dest }}"
with_items: "{{ sshd_config|default([]) }}"
- name: ssh - configure sshd
become: yes
lineinfile:
backrefs: true
dest: '{{item.0.dest}}'
line: '{{item.0.line}}'
regex: '{{item.0.regex}}'
dest: "{{ item.0.dest }}"
line: "{{ item.0.line }}"
regex: "{{ item.0.regex }}"
with_together:
- '{{sshd_config|default([])}}'
- '{{sshd_config_stat.results}}'
- "{{ sshd_config|default([]) }}"
- "{{ sshd_config_stat.results }}"
when: item.1.stat.exists

67
ansible/roles/hosts/tasks/user.yml

@ -3,7 +3,7 @@
- name: user - create ~/.env
template:
src: .env.j2
src: env.j2
dest: ~/.env
force: no
mode: 0400
@ -11,40 +11,49 @@
- name: user - create ~/.rc.d
file: path=~/.rc.d/ state={{hosts_enable_rc|default(false)|ternary('directory', 'absent')}} mode="0700"
- name: user - activate rc functions
- name: user - source /etc/profile.d/rc_functions.sh
with_items:
- /etc/profile.d/rc_functions.sh
lineinfile: dest=~/.rc.d/00_source create=yes line="{{ item }}" mode="0600"
when: hosts_enable_rc|default(false)
- name: user - enable rc functions
with_items: "{{hosts_rc_functions|default([])}}"
file: path="~/.rc.d/{{item}}" state="touch" mode="0600"
when: hosts_enable_rc|default(false)
- name: user - disable rc functions
with_items: "{{hosts_rc_cleanup|default([])}}"
file: path="~/.rc.d/{{item}}" state="absent" mode="0600"
file: path="~/.rc.d/{{item}}" state="absent"
when: hosts_enable_rc|default(false)
- name: user - create directories
- name: user - copy ~/.*aliases ~/.*functions ~/.*profile ~/.shrc
with_items:
- ".dircolors_aliases"
- ".docker_aliases"
- ".resty_aliases"
- ".vim_aliases"
- ".sh_functions"
- ".bash_profile"
- ".profile"
- ".shrc"
copy: src=../files/{{item}} dest=~/{{item}} mode="0640" backup="yes"
- name: user - update ~/.bashrc
with_items:
- ~/.config
- ~/.config/git
file:
path: "{{item}}"
state: directory
- PS1="╭∩╮$PS1"
- unset user_count process_count
lineinfile: dest=~/.bashrc create=yes line='{{item}}'
- name: user - update ~/.config/git/ignore
with_items:
- '.nfs*'
- '*~'
- '*.log'
- '*.pyc'
- '*.swp'
lineinfile: dest=~/.config/git/ignore create=yes line='{{item}}'
- name: user - update ~/.profile
with_items:
- alias ctop='docker run --rm -ti --volume /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop:latest'
- alias vi='vim'
- export EDITOR='vim'
- export PAGER='less'
lineinfile: dest=~/.profile create=yes line='{{item}}'
- name: user - update ~/.screenrc
with_items:
- defscrollback 1024
@ -52,9 +61,31 @@
- shell -$SHELL
lineinfile: dest=~/.screenrc create=yes line='{{item}}'
- name: user - update ~/.ssh/config
with_items:
- include myos/config
lineinfile: dest=~/.ssh/config create=yes line='{{item}}'
- name: user - update ~/.tmux.conf
with_items:
- source-file ~/.tmux/myos/config
lineinfile: dest=~/.tmux.conf create=yes line='{{item}}'
- name: user - update ~/.tmux/myos/config
template:
src: tmux_config.j2
dest: ~/.tmux/myos/config
mode: 0400
- name: user - update ~/.tmux/myos/session
template:
src: tmux_session.j2
dest: ~/.tmux/myos/session
mode: 0400
- name: user - update ~/.vimrc
with_items:
- :set et ai bg=dark sw=4 ts=4 encoding=utf-8 mouse=""
- :set et ai bg=dark sw=2 ts=2 encoding=utf-8 mouse=""
- :syn on
- :filetype plugin indent on
lineinfile: dest=~/.vimrc create=yes line='{{item}}'

0
ansible/roles/hosts/templates/etc/cloud/cloud.cfg.j2 → ansible/roles/hosts/templates/cloud.cfg.j2

3
ansible/roles/hosts/templates/.env.j2 → ansible/roles/hosts/templates/env.j2

@ -1,5 +1,4 @@
{% for var in hosts_user_env|default([]) %}
{{var}}={{ lookup('env',var) }}
{% endfor %}
ENV_USER_VARS={{hosts_user_env |default([]) |join(' ')}} DOCKER
DOCKER=false
ENV_USER_VARS={{hosts_user_env |default([]) |join(' ')}}

22
ansible/roles/hosts/templates/ssh_config.j2

@ -0,0 +1,22 @@
Host *
LogLevel quiet
Compression yes
{% if hosts_ssh_bastion_hostname|length %}
Host myos-bastion
HostName {{ hosts_ssh_bastion_hostname }}
{% if hosts_ssh_bastion_username|length %}
User {{ hosts_ssh_bastion_username }}
{% endif %}
{% endif %}
{% if hosts_ssh_private_ip_range|length %}
Host {{ hosts_ssh_private_ip_range }}
{% if hosts_ssh_bastion_hostname|length %}
ProxyCommand ssh -q myos-bastion nc -q0 %h 22
{% endif %}
HostName %h
{% if hosts_ssh_username|length %}
User {{ hosts_ssh_username }}
{% endif %}
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
{% endif %}

31
ansible/roles/hosts/templates/tmux_config.j2

@ -0,0 +1,31 @@
# this is myos's tmux configuration !
bind r source-file ~/.tmux.conf\; display-message "tmux.conf reloaded!"
bind R move-window -r
bind C-s source ~/.tmux/myos/session
bind C-n switch-client -n\; refresh-client -S
bind C-p switch-client -p\; refresh-client -S
bind Escape copy-mode
bind Y run "tmux save-buffer - |xsel -i"
bind P run "xsel -o |tmux load-buffer -; tmux paste-buffer"
bind C-c run "tmux save-buffer - | xclip -i -sel clipboard >/dev/null"
bind C-v run "tmux set-buffer \"$(xclip -o -sel clipboard)\"; tmux paste-buffer"
bind -n S-down new-window
bind -n S-left prev
bind -n S-right next
bind -n C-left swap-window -t -1
bind -n C-right swap-window -t +1
set -g aggressive-resize on
set -g status-keys vi
set -g mode-keys vi
set -g monitor-activity on
set -g visual-activity on
set -g allow-rename on
set -g default-terminal "screen"
set -g history-limit 4242
set -g status-bg black
set -g status-fg white
set -g status-interval 60
set -g status-left-length 30
set -g status-left '<#[fg=green]#S#[default]> '
set -g status-right '#[fg=yellow] %d/%m %H:%M#[default]'
set -g update-environment "SSH_ASKPASS SSH_AUTH_SOCK SSH_CONNECTION"

1
ansible/roles/hosts/templates/tmux_session.j2

@ -0,0 +1 @@
run-shell "aws --region eu-west-1 ec2 describe-instances --no-paginate --query 'Reservations[*].Instances[*].[Tags[?Key==\`Name\`].Value,PrivateIpAddress]' --output text |sed '$!N;s/\\n/ /;/^None/d;' |awk '$2 ~ /^myos\.[0-9a-z]+\.\${USER}$/' |while read ip host; do env_user=\${host%myos.}; env=\$(host#.*); num=\$(echo \${ip} |tr . '\n' |awk '{n = n*256 + \$1} END {print n}'); tmux neww -t myos-\${env}:\${num} -n \${ip} '/bin/bash -cli \"force ssh \${ip}\"'; done"

10
ansible/roles/hosts/tests/goss/bash.yml

@ -1,10 +0,0 @@
file:
/etc/bashrc:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains:
- "source /etc/profile.d/bashrc.sh"

12
ansible/roles/hosts/tests/goss/bash_common.yml

@ -1,12 +0,0 @@
file:
/etc/profile.d/bashrc.sh:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains:
- /^function git_branch/
- /^function process_count/
- /^function load_average/

13
ansible/roles/hosts/tests/goss/bash_debian.yml

@ -1,13 +0,0 @@
file:
/etc/bash.bashrc:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains:
- "source /etc/profile.d/bashrc.sh"
gossfile:
bash_common.yml: {}

14
ansible/roles/hosts/tests/goss/file.yml

@ -0,0 +1,14 @@
file:
/etc/profile.d/rc.sh:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
/etc/profile.d/rc_functions.sh:
exists: true
mode: "0644"
owner: root
group: root
filetype: file

5
ansible/roles/hosts/tests/goss/main.yml

@ -1,5 +1,4 @@
gossfile:
file.yml: {}
package.yml: {}
bash.yml: {}
root.yml: {}
# ssh.yml: {}
ssh.yml: {}

4
ansible/roles/hosts/tests/goss/main_alpine.yml

@ -0,0 +1,4 @@
gossfile:
file.yml: {}
package_alpine.yml: {}
ssh.yml: {}

5
ansible/roles/hosts/tests/goss/main_debian.yml

@ -1,5 +1,4 @@
gossfile:
file.yml: {}
package_debian.yml: {}
bash_debian.yml: {}
root.yml: {}
# ssh.yml: {}
ssh.yml: {}

5
ansible/roles/hosts/tests/goss/main_redhat.yml

@ -1,5 +1,4 @@
gossfile:
file.yml: {}
package_redhat.yml: {}
bash.yml: {}
root.yml: {}
# ssh.yml: {}
ssh.yml: {}

26
ansible/roles/hosts/tests/goss/package.yml

@ -1,5 +1,25 @@
gossfile:
package_common.yml: {}
package:
vim:
bash:
installed: true
ca-certificates:
installed: true
curl:
installed: true
git:
installed: true
htop:
installed: true
less:
installed: true
lsof:
installed: true
make:
installed: true
rsync:
installed: true
screen:
installed: true
tmux:
installed: true
tzdata:
installed: true

12
ansible/roles/hosts/tests/goss/package_common.yml → ansible/roles/hosts/tests/goss/package_alpine.yml

@ -1,11 +1,13 @@
gossfile:
package.yml: {}
package:
bash:
coreutils:
installed: true
ca-certificates:
groff:
installed: true
screen:
openssh-client:
installed: true
rsync:
util-linux:
installed: true
tzdata:
vim:
installed: true

10
ansible/roles/hosts/tests/goss/package_debian.yml

@ -1,5 +1,13 @@
gossfile:
package_common.yml: {}
package.yml: {}
package:
coreutils:
installed: true
groff:
installed: true
openssh-client:
installed: true
util-linux:
installed: true
vim-nox:
installed: true

8
ansible/roles/hosts/tests/goss/package_redhat.yml

@ -1,5 +1,11 @@
gossfile:
package_common.yml: {}
package.yml: {}
package:
groff-base:
installed: true
libselinux-python:
installed: true
openssh-clients:
installed: true
vim-minimal:
installed: true

9
ansible/roles/hosts/tests/goss/root.yml

@ -1,9 +0,0 @@
file:
/root/.screenrc:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains:
- /^hardstatus alwayslastline/

8
ansible/roles/hosts/tests/goss/ssh.yml

@ -7,11 +7,3 @@ file:
filetype: file
contains:
- /^PermitRootLogin prohibit-password/
/root/.ssh/authorized_keys:
exists: true
mode: "0600"
owner: root
group: root
filetype: file
contains:
- "Jpb0EeFEebgvi7Kpp6gpIXKFEeuuE"