ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

A lot of updates

Browse Source
This commit is contained in:
Patrick Toal
2021-02-08 13:43:02 -05:00
parent 27a716cc66
commit d2ee346de5
10 changed files with 1638 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bootstrap.yml
View File

@@ -30,3 +30,13 @@
become: yes
roles:
- role: toal-common
- name: Packages
hosts: all
become: yes
tasks:
- name: Host Packages
package:
state: present
name: "{{ host_packages }}"

7
collections/requirements.yml
View File

@@ -8,6 +8,7 @@ collections:
- name: freeipa.ansible_freeipa
source: https://galaxy.ansible.com
version: 0.3.1
- name: ovirt.ovirt
source: https://galaxy.ansible.com
@@ -20,3 +21,9 @@ collections:
- name: community.general
source: https://galaxy.ansible.com
- name: jjaswanson4.install_satellite
source: https://galaxy.ansible.com
- name: jjaswanson4.configure_satellite
source: https://galaxy.ansible.com

6
interface_config.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# Configure host interface and network switch
# First use-case is bond's
#
- name: Host Network
hosts: "{{ }}"

6
minecraft.yml
View File

@@ -2,9 +2,9 @@
hosts: tag_mc_mineos:&tag_ansible
become: true
vars:
nodejs_version: "8.x"
mineos_repo: "https://github.com/sage905/mineos-node.git"
mineos_version: "pam_auth"
# nodejs_version: "8.x"
# mineos_repo: "https://github.com/sage905/mineos-node.git"
#mineos_version: "pam_auth"
roles:
- ansible-role-nodejs
- sage905.mineos

1081
myports.txt Normal file
View File

File diff suppressed because it is too large Load Diff

76
requested.txt Normal file
View File

@@ -0,0 +1,76 @@
ack
asciidoctor
asciinema
aspell-dict-ca
aspell-dict-en
aspell-dict-uk
astyle
automake
avahi
cdrtools
certbot
cracklib
curl
dash
davix
db62
dbus-python37
dupd
emacs
emacs-mac-app-devel
fd
ffmpeg
gconf
gdk-pixbuf2
git-delta
gmime
gnutar
go
gtk2
gtk3
html2text
icedtea6-plugs
ipmitool
isync
jq
kubectl-1.17
libglade2
libvterm
minicom
mpvim
msmtp
mtr
mu
ncdu
nut
nvm
offlineimap
oniguruma6
openconnect
OpenIPMI
openjfx11
openssh
p5.28-yaml-libyaml
pass
perl5
php-crack
plantuml
Platypus
poppler
py-boto3
py-libxml2
py27-opengl-accelerate
py27-pygtk
py37-curl
py37-msgpack
py37-SDL2
py38-powerline
py38-virtualenvwrapper
ranger
ripgrep
sassc
terminal-notifier
topgrade
virt-viewer
xapian-bindings-python27
yarn

287
restore_ports.tcl Executable file
View File

@@ -0,0 +1,287 @@
#!/bin/sh
# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# \
if /usr/bin/which -s port-tclsh; then exec port-tclsh "$0" -i `which port-tclsh` "$@"; else exec /usr/bin/tclsh "$0" -i /usr/bin/tclsh "$@"; fi
#
# Install a list of ports given in the form produced by 'port installed', in
# correct dependency order so as to preserve the selected variants.
#
# Todo:
# Handle conflicting ports somehow
# Once "good enough", integrate into port
set MY_VERSION 0.1
proc printUsage {} {
puts "Usage: $::argv0 \[-hV\] \[-p macports-prefix\] \[filename\]"
puts " -h This help"
puts " -p Use a different MacPorts prefix"
puts " (defaults to /opt/local)"
puts " -V show version and MacPorts version being used"
}
proc dependenciesForPort {portName variantInfo} {
set dependencyList [list]
set portSearchResult [mportlookup $portName]
if {[llength $portSearchResult] < 2} {
ui_warn "Skipping $portName (not in the ports tree)"
return $dependencyList
}
array set portInfo [lindex $portSearchResult 1]
if {[catch {set mport [mportopen $portInfo(porturl) [list subport $portInfo(name)] $variantInfo]} result]} {
global errorInfo
puts stderr "$errorInfo"
return -code error "Unable to open port '$portName': $result"
}
array unset portInfo
array set portInfo [mportinfo $mport]
mportclose $mport
foreach dependencyType {depends_fetch depends_extract depends_build depends_lib depends_run} {
if {[info exists portInfo($dependencyType)] && [string length $portInfo($dependencyType)] > 0} {
foreach dependency $portInfo($dependencyType) {
lappend dependencyList [lindex [split $dependency :] end]
}
}
}
return $dependencyList
}
proc sort_ports {portList} {
array set port_installed {}
array set port_deps {}
array set port_in_list {}
set newList [list]
foreach port $portList {
set name [lindex $port 0]
#ui_msg "name = $name"
set version [lindex $port 1]
set variants ""
if {[regexp {^@([^+]+?)(_(\d+)(([-+][^-+]+)*))?$} $version - - - - variantstr] && [info exists variantstr]} {
while 1 {
set nextplus [string last + $variantstr]
set nextminus [string last - $variantstr]
if {$nextplus > $nextminus} {
set next $nextplus
set sign +
} else {
set next $nextminus
set sign -
}
if {$next == -1} {
break
}
set v [string range $variantstr [expr $next + 1] end]
lappend variants $v $sign
set variantstr [string range $variantstr 0 [expr $next - 1]]
}
}
#ui_msg "variants = $variants"
set active 0
if {[llength $port] > 2 && [lindex $port 2] == "(active)"} {
set active 1
}
#ui_msg "active = $active"
if {![info exists port_in_list($name)]} {
set port_in_list($name) 1
set port_installed($name) 0
} else {
incr port_in_list($name)
}
if {![info exists port_deps(${name},${variants})]} {
set port_deps(${name},${variants}) [dependenciesForPort $name $variants]
}
lappend newList [list $active $name $variants]
}
set operationList [list]
while {[llength $newList] > 0} {
set oldLen [llength $newList]
foreach port $newList {
foreach {active name variants} $port break
# ensure active versions are installed after inactive versions,
# since installing will also activate and we don't want to
# displace the active version
if {$active && $port_installed($name) < ($port_in_list($name) - 1)} {
continue
}
set installable 1
foreach dep $port_deps(${name},${variants}) {
# XXX maybe check dep is active here?
if {[info exists port_installed($dep)] && $port_installed($dep) == 0} {
set installable 0
break
}
}
if {$installable} {
lappend operationList [list $name $variants $active]
incr port_installed($name)
set index [lsearch $newList [list $active $name $variants]]
#ui_msg "deleting \"[list $active $name $variants]\" from list"
#ui_msg "list with element: $newList"
set newList [lreplace $newList $index $index]
#ui_msg "list without element: $newList"
}
}
if {[llength $newList] == $oldLen} {
ui_error "we appear to be stuck, exiting..."
return -code error "infinite loop"
}
}
return $operationList
}
proc install_ports {operationList} {
foreach op $operationList {
set name [string trim [lindex $op 0]]
set variations [lindex $op 1]
set active [lindex $op 2]
if {!$active} {
set install_target install
} else {
set install_target activate
}
if {[catch {set res [mportlookup $name]} result]} {
global errorInfo
ui_debug "$errorInfo"
return -code error "lookup of portname $name failed: $result"
}
if {[llength $res] < 2} {
# not in the index, but we already warned about that earlier
continue
}
array unset portinfo
array set portinfo [lindex $res 1]
set porturl $portinfo(porturl)
# XXX should explicitly turn off default variants that don't appear in the list
if {[catch {set workername [mportopen $porturl [list subport $portinfo(name)] $variations]} result]} {
global errorInfo
puts stderr "$errorInfo"
return -code error "Unable to open port '$name': $result"
}
if {[catch {set result [mportexec $workername $install_target]} result]} {
global errorInfo
mportclose $workername
ui_msg "$errorInfo"
return -code error "Unable to execute target 'install' for port '$name': $result"
} else {
mportclose $workername
}
# XXX some ports may be reactivated to fulfil dependencies - check again at the end?
}
}
proc read_portlist {filename} {
if {$filename == "-"} {
set infile stdin
} else {
set infile [open $filename r]
}
set data [read -nonewline $infile]
set portList [split $data \n]
close $infile
if {[lindex $portList 0] == "The following ports are currently installed:"} {
set portList [lrange $portList 1 end]
}
return $portList
}
# Begin
set macportsPrefix /opt/local
set showVersion 0
array set ui_options {}
set origArgv $::argv
while {[string index [lindex $::argv 0] 0] == "-" } {
switch [string range [lindex $::argv 0] 1 end] {
h {
printUsage
exit 0
}
i {
set interp_path [lindex $::argv 1]
set ::argv [lrange $::argv 1 end]
}
p {
if {[llength $::argv] < 2} {
puts stderr "-p needs a path"
printUsage
exit 1
}
set macportsPrefix [lindex $::argv 1]
set ::argv [lrange $::argv 1 end]
set userPrefix 1
}
V {
set showVersion 1
}
v {
set ui_options(ports_verbose) yes
}
default {
puts stderr "Unknown option [lindex $::argv 0]"
printUsage
exit 1
}
}
set ::argv [lrange $::argv 1 end]
}
# check that default prefix exists
if {![info exists userPrefix] && ![file isdirectory $macportsPrefix]} {
error "prefix '$macportsPrefix' does not exist; maybe you need to use the -p option?"
}
if {[info exists interp_path]} {
set prefixFromInterp [file dirname [file dirname $interp_path]]
} else {
# presumably the user ran '/some/prefix/bin/port-tclsh restore_ports.tcl'
set prefixFromInterp ""
if {[info exists userPrefix]} {
error "the -p option cannot be used when running with an explicit interpreter (e.g. 'port-tclsh restore_ports.tcl') - run just './restore_ports.tcl' instead."
}
}
# make sure we're running in the port-tclsh associated with the correct prefix
if {$prefixFromInterp ne "" && $prefixFromInterp ne $macportsPrefix} {
if {[file executable ${macportsPrefix}/bin/port-tclsh]} {
exec ${macportsPrefix}/bin/port-tclsh $argv0 -i ${macportsPrefix}/bin/port-tclsh {*}[lrange $origArgv 2 end] <@stdin >@stdout 2>@stderr
exit 0
} else {
error "prefix '$macportsPrefix' does not appear to have a working port-tclsh"
}
}
package require macports
package require Pextlib 1.0
umask 022
mportinit ui_options
if {$showVersion} {
puts "Version $MY_VERSION"
puts "MacPorts version [macports::version]"
exit 0
}
if {[llength $::argv] == 0} {
set filename "-"
} else {
set filename [lindex $::argv 0]
}
set portList [read_portlist $filename]
#ui_msg "portlist = $portList"
set operationList [sort_ports $portList]
install_ports $operationList

74
roles/sage905.mineos/tasks/main.yml
View File

@@ -6,10 +6,12 @@
- "rhel-*-optional-rpms"
- "rhel-*-extras-rpms"
state: enabled
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version <= "7")
- name: Ensure EPEL is available
yum:
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm
disable_gpg_check: true
state: present
- name: Install Development Tools
@@ -20,39 +22,37 @@
- name: Install MineOS Dependencies
become: true
yum:
name: ['bind-utils', 'screen',
'git', 'wget', 'java-1.8.0-openjdk-headless.x86_64', 'openssl', 'openssl-devel', 'rsync', 'rdiff-backup', 'pam-devel']
name: ['bind-utils', 'screen', 'git', 'wget', 'java-1.8.0-openjdk-headless.x86_64', 'openssl', 'openssl-devel', 'rsync', 'rdiff-backup', 'pam-devel']
state: present
enablerepo: epel
when: ansible_os_family == 'RedHat'
- name: enable LDAP enumeration in SSSD
ini_file:
section: domain/idm.toal.ca
path: /etc/sssd/sssd.conf
option: enumerate
value: yes
state: present
backup: yes # not required. Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
create: no
notify: restart_sssd
# - name: enable LDAP enumeration in SSSD
# ini_file:
# section: domain/idm.toal.ca
# path: /etc/sssd/sssd.conf
# option: enumerate
# value: yes
# state: present
# backup: yes # not required. Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
# create: no
# notify: restart_sssd
# - name: Create minecraft group
# become: true
# group: name=minecraft state=present system=yes
- name: Create minecraft group
become: true
group: name=minecraft state=present system=yes
# - name: Create minecraft user
# become: true
# user:
# name: minecraft
# comment: "Minecraft Server"
# createhome: yes
# system: yes
# groups: minecraft
# home: /var/games/minecraft
# shell: /bin/bash
# state: present
- name: Create minecraft user
become: true
user:
name: minecraft
comment: "Minecraft Server"
createhome: yes
system: yes
groups: minecraft
home: /var/games/minecraft
shell: /bin/bash
state: present
- name: Create Directories
@@ -112,14 +112,16 @@
creates: /etc/ssl/certs/mineos.key
notify: Restart mineos
# TODO: Lock versions of npm packages : userid to 0.3.1 and posix to 4.2.0
- name: Get new nan
npm:
name: nan
global: true
state: present
production: true
version: "2.14.0"
name: nan
global: true
state: present
production: true
version: "2.14.0"
unsafe_perm: true
- name: Get Node Modules
become: true
@@ -127,7 +129,8 @@
npm:
path: /usr/games/minecraft
state: present
production: true
production: true
unsafe_perm: true
notify: Restart mineos
- name: Install PAM Module for MineOS Authentication
@@ -138,6 +141,7 @@
path: /usr/games/minecraft
state: present
production: true
unsafe_perm: true
notify: Restart mineos
- name: Link to executable
@@ -170,4 +174,4 @@
zone: public
service: https
immediate: yes
permanent: true
permanent: true

167
satellite.yml
View File

@@ -1,7 +1,9 @@
# Playbook to install Satellite server on RHV
- name: Prepare RHV for Build
hosts: localhost
#TODO: Fix Partitioning, as /var/lib/pulp doesn't get it's own partition now.
- name: Preflight Setup
hosts: "{{ vm_name }}"
gather_facts: no
tasks:
- name: Obtain SSO token from username / password credentials
@@ -9,7 +11,34 @@
url: "{{ ovirt_url }}"
username: "{{ ovirt_username }}"
password: "{{ ovirt_password }}"
delegate_to: localhost
- name: Add host to satellite group
add_host:
hostname: '{{ vm_name }}'
groups: satellite
changed_when: false
- name: Get VM Tags
ovirt.ovirt.ovirt_tag_info:
vm: "{{ vm_name }}"
register: vmtags_result
delegate_to: localhost
ignore_errors: true
- name: Add host to provisioned group
add_host:
hostname: '{{ vm_name }}'
groups: provisioned
when:
- vmtags_result.ovirt_tags is defined
- vmtags_result.ovirt_tags|length > 0
- "'provisioned' in vmtags_result.ovirt_tags|map(attribute='name')|list"
- name: Build VM
hosts: "{{ vm_name }}:!provisioned"
gather_facts: no
tasks:
- name: ISO is uploaded to RHV
redhat.rhv.ovirt_disk:
name: "{{ rhel_iso_filename }}"
@@ -21,21 +50,16 @@
format: raw
content_type: iso
register: iso_disk
delegate_to: localhost
- name: Create VMs
hosts: "{{ vm_name }}"
connection: local
gather_facts: no
# Never run this, unless specifically enabled
vars:
# Hack to work around virtualenv python interpreter
ansible_python_interpreter: "{{ ansible_playbook_python }}"
tasks:
- name: Remove known_hosts entry
known_hosts:
name: "{{ vm_name }}"
name: "{{ item }}"
state: absent
loop:
- "{{ vm_name }}"
- "{{ ansible_host }}"
delegate_to: localhost
- name: Create VM disk
ovirt_disk:
@@ -49,6 +73,7 @@
storage_domain: "ssdvdo0"
async: 300
poll: 15
delegate_to: localhost
- name: Create Satellite VM in RHV
ovirt_vm:
@@ -71,6 +96,7 @@
async: 300
poll: 15
register: vm_result
delegate_to: localhost
- name: Assign NIC
ovirt_nic:
@@ -81,17 +107,13 @@
state: plugged
vm: "{{ vm_name }}"
register: nic_result
delegate_to: localhost
- name: Prepare First Boot Resources
hosts: "{{ vm_name }}"
connection: local
gather_facts: no
tasks:
- name: Create directory for initial boot files
tempfile:
state: directory
register: kstmpdir
delegate_to: localhost
- name: Extract ISO files
community.general.iso_extract:
@@ -100,25 +122,21 @@
files:
- isolinux/vmlinuz
- isolinux/initrd.img
delegate_to: localhost
# TODO Move out vars
- name: Copy Files to Webserver
hosts: webserver.mgmt.toal.ca
become: yes
tasks:
- name: Generate Kickstart File
template:
src: templates/ks.cfg
dest: "/var/www/ks/{{ vm_name }}.cfg"
become: yes
delegate_to: webserver.mgmt.toal.ca
- name: Prepare Hypervisor
hosts: "{{ vm_host }}"
tasks:
- name: Temporary Directory
file:
path: "/tmp/{{ vm_name }}"
state: directory
mode: 0755
delegate_to: "{{ vm_host }}"
- name: Transfer files to Hypervisor
copy:
@@ -127,14 +145,12 @@
loop:
- vmlinuz
- initrd.img
delegate_to: "{{ vm_host }}"
# NOTE: This is not idempotent
- name: First Boot
hosts: localhost
hosts: "{{ vm_name }}:!provisioned"
gather_facts: no
vars:
# Hack to work around virtualenv python interpreter
ansible_python_interpreter: "{{ ansible_playbook_python }}"
tasks:
- block:
@@ -148,6 +164,7 @@
kernel_params: "ks=http://192.168.1.199/ks/{{ vm_name }}.cfg inst.stage2=hd:LABEL=RHEL-7.9\\x20Server.x86_64"
initrd_path: "/tmp/{{ vm_name }}/initrd.img"
state: running
delegate_to: localhost
- name: Wait for system to shut down after installation
@@ -157,22 +174,33 @@
until: vm_info['ovirt_vms'][0]['status'] == "down"
delay: 20
retries: 60
delegate_to: localhost
when: hostvars[vm_name].vm_result.vm.status != 'up'
- name: Power up VM
ovirt_vm:
name: "{{ vm_name }}"
state: running
delegate_to: localhost
- name: VM is running
connection: local
ovirt_vm:
name: "{{ vm_name }}"
state: running
boot_devices:
- hd
delegate_to: localhost
- name: Ensure Satellite is reachable
- name: Set provisioned tag
ovirt_tag:
name: provisioned
vms:
- "{{ vm_name }}"
state: present
delegate_to: localhost
- name: OS Preparation
hosts: "{{ vm_name }}"
gather_facts: no
@@ -196,6 +224,32 @@
# TODO This shouldn't be hard-coded
pool_ids: 8a85f99c727637ad0172e1ba2856736d
- name: Firewall
firewalld:
port: "{{ item }}"
state: enabled
permanent: yes
loop:
- "80/tcp"
- "81/tcp"
- "443/tcp"
- "5647/tcp"
- "8000/tcp"
- "8140/tcp"
- "9090/tcp"
- "53/udp"
- "53/tcp"
- "67/udp"
- "69/udp"
- "5000/tcp"
notify: Reload Firewall
handlers:
- name: Reload Firewall
service:
name: firewalld
state: reloaded
- name: Set up IPA Client
hosts: "{{ vm_name }}"
become: yes
@@ -203,20 +257,20 @@
ipaclient_realm: IDM.TOAL.CA
ipaclient_mkhomedir: true
ipaclient_domain: "mgmt.toal.ca"
ipasssd_enable_dns_updates: true
ipaclient_ssh_trust_dns: yes
ipaclient_all_ip_addresses: yes
collections:
- freeipa.ansible_freeipa
pre_tasks:
- name: Set hostname
- name: Hostname is set
hostname:
name: "{{ vm_name }}"
roles:
- role: debian-freeipa-client
when: ansible_os_family == "Debian"
- role: ipaclient
state: present
when: ansible_os_family == "RedHat"
#TODO Automatically set up DNS GSSAPI per: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.8/html/installing_satellite_server_from_a_connected_network/configuring-external-services#configuring-external-idm-dns_satellite
- name: Set up Basic Lab Packages
hosts: "{{ vm_name }}"
@@ -224,6 +278,39 @@
roles:
- role: toal-common
- name: Configure Satellite Servers
- name: Install Satellite Servers
hosts: "{{ vm_name }}"
become: true
roles:
- role: jjaswanson4.install_satellite.install_satellite
- name: Configure Satellite Servers
hosts: "{{ vm_name }}"
collections:
- jjaswanson4.configure_satellite
tasks:
- name: include configure_foreman role with katello independent pieces
include_role:
name: configure_satellite_foreman
- name: build satellite by organization
include_role:
name: configure_satellite_katello
loop_control:
loop_var: organization
loop: "{{ satellite.katello }}"
- name: do that again but for katello dependent pieces
include_role:
name: configure_satellite_foreman
vars:
requires_katello_content: true
# - name: Customize Satellite Installation
# hosts: "{{ vm_name }}"
# collections:
# - freeipa.ansible_freeipa
# tasks:
# - name:

2
test.yml Normal file
View File

@@ -0,0 +1,2 @@
---
- name: this is an example