A lot of updates

2021-02-08 13:43:02 -05:00
parent 27a716cc66
commit d2ee346de5
10 changed files with 1638 additions and 78 deletions
--- a/bootstrap.yml
+++ b/bootstrap.yml
@@ -30,3 +30,13 @@
  become: yes
  roles:
    - role: toal-common
 - name: Packages
  hosts: all
  become: yes
  tasks:
    - name: Host Packages
      package:
        state: present
        name: "{{ host_packages }}"
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@@ -8,6 +8,7 @@ collections:
  - name: freeipa.ansible_freeipa  
    source: https://galaxy.ansible.com
    version: 0.3.1  
  - name: ovirt.ovirt
    source: https://galaxy.ansible.com
@@ -20,3 +21,9 @@ collections:
  - name: community.general
    source: https://galaxy.ansible.com
  - name: jjaswanson4.install_satellite    
    source: https://galaxy.ansible.com
  - name: jjaswanson4.configure_satellite    
    source: https://galaxy.ansible.com
--- a/interface_config.yml
+++ b/interface_config.yml
@@ -0,0 +1,6 @@
 ---
 # Configure host interface and network switch
 # First use-case is bond's
 #
 - name: Host Network
  hosts: "{{  }}"
--- a/minecraft.yml
+++ b/minecraft.yml
@@ -2,9 +2,9 @@
  hosts: tag_mc_mineos:&tag_ansible
  become: true
  vars:
-    nodejs_version: "8.x"
+    #   nodejs_version: "8.x"
-    mineos_repo: "https://github.com/sage905/mineos-node.git"
+      #    mineos_repo: "https://github.com/sage905/mineos-node.git"
-    mineos_version: "pam_auth"
+      #mineos_version: "pam_auth"
  roles:
    - ansible-role-nodejs
    - sage905.mineos
--- a/myports.txt
+++ b/myports.txt
--- a/requested.txt
+++ b/requested.txt
@@ -0,0 +1,76 @@
 ack
 asciidoctor
 asciinema
 aspell-dict-ca
 aspell-dict-en
 aspell-dict-uk
 astyle
 automake
 avahi
 cdrtools
 certbot
 cracklib
 curl
 dash
 davix
 db62
 dbus-python37
 dupd
 emacs
 emacs-mac-app-devel
 fd
 ffmpeg
 gconf
 gdk-pixbuf2
 git-delta
 gmime
 gnutar
 go
 gtk2
 gtk3
 html2text
 icedtea6-plugs
 ipmitool
 isync
 jq
 kubectl-1.17
 libglade2
 libvterm
 minicom
 mpvim
 msmtp
 mtr
 mu
 ncdu
 nut
 nvm
 offlineimap
 oniguruma6
 openconnect
 OpenIPMI
 openjfx11
 openssh
 p5.28-yaml-libyaml
 pass
 perl5
 php-crack
 plantuml
 Platypus
 poppler
 py-boto3
 py-libxml2
 py27-opengl-accelerate
 py27-pygtk
 py37-curl
 py37-msgpack
 py37-SDL2
 py38-powerline
 py38-virtualenvwrapper
 ranger
 ripgrep
 sassc
 terminal-notifier
 topgrade
 virt-viewer
 xapian-bindings-python27
 yarn
--- a/restore_ports.tcl
+++ b/restore_ports.tcl
@@ -0,0 +1,287 @@
 #!/bin/sh
 # -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
 # \
 if /usr/bin/which -s port-tclsh; then exec port-tclsh "$0" -i `which port-tclsh` "$@"; else exec /usr/bin/tclsh "$0" -i /usr/bin/tclsh "$@"; fi
 #
 # Install a list of ports given in the form produced by 'port installed', in
 # correct dependency order so as to preserve the selected variants.
 #
 # Todo:
 # Handle conflicting ports somehow
 # Once "good enough", integrate into port
 set MY_VERSION 0.1
 proc printUsage {} {
   puts "Usage: $::argv0 \[-hV\] \[-p macports-prefix\] \[filename\]"
   puts "   -h   This help"
   puts "   -p   Use a different MacPorts prefix"
   puts "        (defaults to /opt/local)"
   puts "   -V   show version and MacPorts version being used"
 }
 proc dependenciesForPort {portName variantInfo} {
   set dependencyList [list]
   set portSearchResult [mportlookup $portName]
   if {[llength $portSearchResult] < 2} {
      ui_warn "Skipping $portName (not in the ports tree)"
      return $dependencyList
   }
   array set portInfo [lindex $portSearchResult 1]
   if {[catch {set mport [mportopen $portInfo(porturl) [list subport $portInfo(name)] $variantInfo]} result]} {
      global errorInfo
      puts stderr "$errorInfo"
      return -code error "Unable to open port '$portName': $result"
   }
   array unset portInfo
   array set portInfo [mportinfo $mport]
   mportclose $mport
   foreach dependencyType {depends_fetch depends_extract depends_build depends_lib depends_run} {
      if {[info exists portInfo($dependencyType)] && [string length $portInfo($dependencyType)] > 0} {
         foreach dependency $portInfo($dependencyType) {
            lappend dependencyList [lindex [split $dependency :] end]
         }
      }
   }
   return $dependencyList
 }
 proc sort_ports {portList} {
    array set port_installed {}
    array set port_deps {}
    array set port_in_list {}
    set newList [list]
    foreach port $portList {
        set name [lindex $port 0]
        #ui_msg "name = $name"
        set version [lindex $port 1]
        set variants ""
        if {[regexp {^@([^+]+?)(_(\d+)(([-+][^-+]+)*))?$} $version - - - - variantstr] && [info exists variantstr]} {
            while 1 {
                set nextplus [string last + $variantstr]
                set nextminus [string last - $variantstr]
                if {$nextplus > $nextminus} {
                    set next $nextplus
                    set sign +
                } else {
                    set next $nextminus
                    set sign -
                }
                if {$next == -1} {
                    break
                }
                set v [string range $variantstr [expr $next + 1] end]
                lappend variants $v $sign
                set variantstr [string range $variantstr 0 [expr $next - 1]]
            }
        }
        #ui_msg "variants = $variants"
        set active 0
        if {[llength $port] > 2 && [lindex $port 2] == "(active)"} {
            set active 1
        }
        #ui_msg "active = $active"
        if {![info exists port_in_list($name)]} {
            set port_in_list($name) 1
            set port_installed($name) 0
        } else {
            incr port_in_list($name)
        }
        if {![info exists port_deps(${name},${variants})]} {
            set port_deps(${name},${variants}) [dependenciesForPort $name $variants]
        }
        lappend newList [list $active $name $variants]
    }
    set operationList [list]
    while {[llength $newList] > 0} {
        set oldLen [llength $newList]
        foreach port $newList {
            foreach {active name variants} $port break
            # ensure active versions are installed after inactive versions,
            # since installing will also activate and we don't want to
            # displace the active version
            if {$active && $port_installed($name) < ($port_in_list($name) - 1)} {
                continue
            }
            set installable 1
            foreach dep $port_deps(${name},${variants}) {
                # XXX maybe check dep is active here?
                if {[info exists port_installed($dep)] && $port_installed($dep) == 0} {
                    set installable 0
                    break
                }
            }
            if {$installable} {
                lappend operationList [list $name $variants $active]
                incr port_installed($name)
                set index [lsearch $newList [list $active $name $variants]]
                #ui_msg "deleting \"[list $active $name $variants]\" from list"
                #ui_msg "list with element: $newList"
                set newList [lreplace $newList $index $index]
                #ui_msg "list without element: $newList"
            }
        }
        if {[llength $newList] == $oldLen} {
            ui_error "we appear to be stuck, exiting..."
            return -code error "infinite loop"
        }
    }
    return $operationList
 }
 proc install_ports {operationList} {
    foreach op $operationList {
        set name [string trim [lindex $op 0]]
        set variations [lindex $op 1]
        set active [lindex $op 2]
        if {!$active} {
            set install_target install
        } else {
            set install_target activate
        }
        if {[catch {set res [mportlookup $name]} result]} {
            global errorInfo
            ui_debug "$errorInfo"
            return -code error "lookup of portname $name failed: $result"
        }
        if {[llength $res] < 2} {
            # not in the index, but we already warned about that earlier
            continue
        }
        array unset portinfo
        array set portinfo [lindex $res 1]
        set porturl $portinfo(porturl)
        # XXX should explicitly turn off default variants that don't appear in the list
        if {[catch {set workername [mportopen $porturl [list subport $portinfo(name)] $variations]} result]} {
            global errorInfo
            puts stderr "$errorInfo"
            return -code error "Unable to open port '$name': $result"
        }
        if {[catch {set result [mportexec $workername $install_target]} result]} {
            global errorInfo
            mportclose $workername
            ui_msg "$errorInfo"
            return -code error "Unable to execute target 'install' for port '$name': $result"
        } else {
            mportclose $workername
        }
        # XXX some ports may be reactivated to fulfil dependencies - check again at the end?
    }
 }
 proc read_portlist {filename} {
    if {$filename == "-"} {
        set infile stdin
    } else {
        set infile [open $filename r]
    }
    set data [read -nonewline $infile]
    set portList [split $data \n]
    close $infile
    if {[lindex $portList 0] == "The following ports are currently installed:"} {
        set portList [lrange $portList 1 end]
    }
    return $portList
 }
 # Begin
 set macportsPrefix /opt/local
 set showVersion 0
 array set ui_options {}
 set origArgv $::argv
 while {[string index [lindex $::argv 0] 0] == "-" } {
   switch [string range [lindex $::argv 0] 1 end] {
      h {
         printUsage
         exit 0
      }
      i {
         set interp_path [lindex $::argv 1]
         set ::argv [lrange $::argv 1 end]
      }
      p {
         if {[llength $::argv] < 2} {
            puts stderr "-p needs a path"
            printUsage
            exit 1
         }
         set macportsPrefix [lindex $::argv 1]
         set ::argv [lrange $::argv 1 end]
         set userPrefix 1
      }
      V {
         set showVersion 1
      }
      v {
        set ui_options(ports_verbose) yes
      }
      default {
         puts stderr "Unknown option [lindex $::argv 0]"
         printUsage
         exit 1
      }
   }
   set ::argv [lrange $::argv 1 end]
 }
 # check that default prefix exists
 if {![info exists userPrefix] && ![file isdirectory $macportsPrefix]} {
    error "prefix '$macportsPrefix' does not exist; maybe you need to use the -p option?"
 }
 if {[info exists interp_path]} {
    set prefixFromInterp [file dirname [file dirname $interp_path]]
 } else {
    # presumably the user ran '/some/prefix/bin/port-tclsh restore_ports.tcl'
    set prefixFromInterp ""
    if {[info exists userPrefix]} {
        error "the -p option cannot be used when running with an explicit interpreter (e.g. 'port-tclsh restore_ports.tcl') - run just './restore_ports.tcl' instead."
    }
 }
 # make sure we're running in the port-tclsh associated with the correct prefix
 if {$prefixFromInterp ne "" && $prefixFromInterp ne $macportsPrefix} {
    if {[file executable ${macportsPrefix}/bin/port-tclsh]} {
        exec ${macportsPrefix}/bin/port-tclsh $argv0 -i ${macportsPrefix}/bin/port-tclsh {*}[lrange $origArgv 2 end] <@stdin >@stdout 2>@stderr
        exit 0
    } else {
        error "prefix '$macportsPrefix' does not appear to have a working port-tclsh"
    }
 }
 package require macports
 package require Pextlib 1.0
 umask 022
 mportinit ui_options
 if {$showVersion} {
   puts "Version $MY_VERSION"
   puts "MacPorts version [macports::version]"
   exit 0
 }
 if {[llength $::argv] == 0} {
   set filename "-"
 } else {
    set filename [lindex $::argv 0]
 }
 set portList [read_portlist $filename]
 #ui_msg "portlist = $portList"
 set operationList [sort_ports $portList]
 install_ports $operationList
--- a/roles/sage905.mineos/tasks/main.yml
+++ b/roles/sage905.mineos/tasks/main.yml
@@ -6,10 +6,12 @@
     - "rhel-*-optional-rpms"
     - "rhel-*-extras-rpms"
    state: enabled
  when: (ansible_os_family == "RedHat" and ansible_distribution_major_version <= "7")
 - name: Ensure EPEL is available
  yum:
-    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm
    disable_gpg_check: true
    state: present
 - name: Install Development Tools
@@ -20,39 +22,37 @@
 - name: Install MineOS Dependencies
  become: true
  yum: 
-    name: ['bind-utils', 'screen',
+    name: ['bind-utils', 'screen', 'git', 'wget', 'java-1.8.0-openjdk-headless.x86_64', 'openssl', 'openssl-devel', 'rsync', 'rdiff-backup', 'pam-devel']
 'git', 'wget', 'java-1.8.0-openjdk-headless.x86_64', 'openssl', 'openssl-devel', 'rsync', 'rdiff-backup', 'pam-devel']
    state: present 
    enablerepo: epel
  when:  ansible_os_family == 'RedHat'
- name: enable LDAP enumeration in SSSD
+# - name: enable LDAP enumeration in SSSD
-  ini_file:
+#   ini_file:
-      section: domain/idm.toal.ca
+#       section: domain/idm.toal.ca
-      path: /etc/sssd/sssd.conf   
+#       path: /etc/sssd/sssd.conf   
-      option: enumerate
+#       option: enumerate
-      value: yes
+#       value: yes
-      state: present
+#       state: present
-      backup: yes # not required. Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
+#       backup: yes # not required. Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
-      create: no
+#       create: no
-  notify: restart_sssd
+#   notify: restart_sssd
-# - name: Create minecraft group
+- name: Create minecraft group
-#   become: true
+  become: true
-#   group: name=minecraft state=present system=yes
+  group: name=minecraft state=present system=yes
-# - name: Create minecraft user
+- name: Create minecraft user
-#   become: true
+  become: true
-#   user:
+  user:
-#    name: minecraft
+   name: minecraft
-#    comment: "Minecraft Server"
+   comment: "Minecraft Server"
-#    createhome: yes
+   createhome: yes
-#    system: yes
+   system: yes
-#    groups: minecraft
+   groups: minecraft
-#    home: /var/games/minecraft
+   home: /var/games/minecraft
-#    shell: /bin/bash
+   shell: /bin/bash
-#    state: present
+   state: present
 - name: Create Directories
@@ -112,14 +112,16 @@
    creates: /etc/ssl/certs/mineos.key
  notify: Restart mineos
    # TODO: Lock versions of npm packages : userid to 0.3.1 and posix to 4.2.0
 - name: Get new nan
  npm:
-      name: nan
+    name: nan
-      global: true
+    global: true
-      state: present
+    state: present
-      production: true
+    production: true
-      version: "2.14.0"
+    version: "2.14.0"
    unsafe_perm: true  
 - name: Get Node Modules
  become: true
@@ -127,7 +129,8 @@
  npm: 
    path: /usr/games/minecraft 
    state: present 
-    production: true
+    production: true 
    unsafe_perm: true  
  notify: Restart mineos
 - name: Install PAM Module for MineOS Authentication
@@ -138,6 +141,7 @@
    path: /usr/games/minecraft 
    state: present 
    production: true
    unsafe_perm: true  
  notify: Restart mineos
 - name: Link to executable
@@ -170,4 +174,4 @@
      zone: public  
      service: https
      immediate: yes
-      permanent: true
+      permanent: true
--- a/satellite.yml
+++ b/satellite.yml
@@ -1,7 +1,9 @@
 # Playbook to install Satellite server on RHV
- name: Prepare RHV for Build
+#TODO: Fix Partitioning, as /var/lib/pulp doesn't get it's own partition now.
-  hosts: localhost
+
 - name: Preflight Setup
  hosts: "{{ vm_name }}"
  gather_facts: no
  tasks:
    - name: Obtain SSO token from username / password credentials
@@ -9,7 +11,34 @@
        url: "{{ ovirt_url }}"
        username: "{{ ovirt_username }}"
        password: "{{ ovirt_password }}"
      delegate_to: localhost
    - name: Add host to satellite group
      add_host:
        hostname: '{{ vm_name }}'
        groups: satellite
      changed_when: false
    - name: Get VM Tags
      ovirt.ovirt.ovirt_tag_info:
        vm: "{{ vm_name }}"
      register: vmtags_result
      delegate_to: localhost
      ignore_errors: true
    - name: Add host to provisioned group
      add_host:
        hostname: '{{ vm_name }}'
        groups: provisioned
      when:
        - vmtags_result.ovirt_tags is defined
        - vmtags_result.ovirt_tags|length > 0
        - "'provisioned' in vmtags_result.ovirt_tags|map(attribute='name')|list"
 - name: Build VM
  hosts: "{{ vm_name }}:!provisioned"
  gather_facts: no
  tasks:
    - name: ISO is uploaded to RHV
      redhat.rhv.ovirt_disk:
        name: "{{ rhel_iso_filename }}"
@@ -21,21 +50,16 @@
        format: raw
        content_type: iso
      register: iso_disk
      delegate_to: localhost
 - name: Create VMs
  hosts: "{{ vm_name }}"
  connection: local
  gather_facts: no
  # Never run this, unless specifically enabled
  vars:
    # Hack to work around virtualenv python interpreter
    ansible_python_interpreter: "{{ ansible_playbook_python }}"
  tasks:
    - name: Remove known_hosts entry
      known_hosts:
-        name: "{{ vm_name }}"
+        name: "{{ item }}"
        state: absent
      loop:
        - "{{ vm_name }}"
        - "{{ ansible_host }}"
      delegate_to: localhost
    - name: Create VM disk
      ovirt_disk:
@@ -49,6 +73,7 @@
        storage_domain: "ssdvdo0"
      async: 300
      poll: 15
      delegate_to: localhost
    - name: Create Satellite VM in RHV
      ovirt_vm:
@@ -71,6 +96,7 @@
      async: 300
      poll: 15
      register: vm_result
      delegate_to: localhost
    - name: Assign NIC
      ovirt_nic:
@@ -81,17 +107,13 @@
        state: plugged
        vm: "{{ vm_name }}"
      register: nic_result
      delegate_to: localhost
 - name: Prepare First Boot Resources
  hosts: "{{ vm_name }}"
  connection: local
  gather_facts: no
  tasks:
    - name: Create directory for initial boot files
      tempfile:
        state: directory
      register: kstmpdir
      delegate_to: localhost
    - name: Extract ISO files
      community.general.iso_extract:
@@ -100,25 +122,21 @@
        files:
          - isolinux/vmlinuz
          - isolinux/initrd.img
      delegate_to: localhost
 # TODO Move out vars
 - name: Copy Files to Webserver
  hosts: webserver.mgmt.toal.ca
  become: yes
  tasks:
    - name: Generate Kickstart File
      template:
        src: templates/ks.cfg
        dest: "/var/www/ks/{{ vm_name }}.cfg"
      become: yes
      delegate_to: webserver.mgmt.toal.ca
 - name: Prepare Hypervisor
  hosts: "{{ vm_host }}"
  tasks:
    - name: Temporary Directory
      file:
        path: "/tmp/{{ vm_name }}"
        state: directory
        mode: 0755
      delegate_to: "{{ vm_host }}"
    - name: Transfer files to Hypervisor
      copy:
@@ -127,14 +145,12 @@
      loop:
        - vmlinuz
        - initrd.img
      delegate_to: "{{ vm_host }}"
 # NOTE: This is not idempotent
 - name: First Boot
-  hosts: localhost
+  hosts: "{{ vm_name }}:!provisioned"
  gather_facts: no
  vars:
    # Hack to work around virtualenv python interpreter
    ansible_python_interpreter: "{{ ansible_playbook_python }}"
  tasks:
    - block:
@@ -148,6 +164,7 @@
          kernel_params: "ks=http://192.168.1.199/ks/{{ vm_name }}.cfg inst.stage2=hd:LABEL=RHEL-7.9\\x20Server.x86_64"
          initrd_path: "/tmp/{{ vm_name }}/initrd.img"
          state: running
        delegate_to: localhost
      - name: Wait for system to shut down after installation
@@ -157,22 +174,33 @@
        until: vm_info['ovirt_vms'][0]['status'] == "down"
        delay: 20
        retries: 60
        delegate_to: localhost
      when: hostvars[vm_name].vm_result.vm.status != 'up'
    - name: Power up VM
      ovirt_vm:
        name: "{{ vm_name }}"
        state: running
      delegate_to: localhost
    - name: VM is running
      connection: local
      ovirt_vm:
          name: "{{ vm_name }}"
          state: running
          boot_devices:
          - hd
      delegate_to: localhost
- name: Ensure Satellite is reachable
+    - name: Set provisioned tag
      ovirt_tag:
        name: provisioned
        vms:
          - "{{ vm_name }}"
        state: present
      delegate_to: localhost
 - name: OS Preparation
  hosts: "{{ vm_name }}"
  gather_facts: no
@@ -196,6 +224,32 @@
        # TODO This shouldn't be hard-coded
        pool_ids: 8a85f99c727637ad0172e1ba2856736d
    - name: Firewall
      firewalld:
        port: "{{ item }}"
        state: enabled
        permanent: yes
      loop:
        - "80/tcp"
        - "81/tcp"
        - "443/tcp"
        - "5647/tcp"
        - "8000/tcp"
        - "8140/tcp"
        - "9090/tcp"
        - "53/udp"
        - "53/tcp"
        - "67/udp"
        - "69/udp"
        - "5000/tcp"
      notify: Reload Firewall
  handlers:
    - name: Reload Firewall
      service:
        name: firewalld
        state: reloaded
 - name: Set up IPA Client
  hosts: "{{ vm_name }}"
  become: yes
@@ -203,20 +257,20 @@
    ipaclient_realm: IDM.TOAL.CA
    ipaclient_mkhomedir: true
    ipaclient_domain: "mgmt.toal.ca"
-    ipasssd_enable_dns_updates: true
+    ipaclient_ssh_trust_dns: yes
    ipaclient_all_ip_addresses: yes
  collections:
    - freeipa.ansible_freeipa
  pre_tasks:
-    - name: Set hostname
+    - name: Hostname is set
      hostname:
        name: "{{ vm_name }}"
  roles:
    - role: debian-freeipa-client
      when: ansible_os_family == "Debian"
    - role: ipaclient
      state: present
-      when: ansible_os_family == "RedHat"
+
 #TODO Automatically set up DNS GSSAPI per:  https://access.redhat.com/documentation/en-us/red_hat_satellite/6.8/html/installing_satellite_server_from_a_connected_network/configuring-external-services#configuring-external-idm-dns_satellite
 - name: Set up Basic Lab Packages
  hosts: "{{ vm_name }}"
@@ -224,6 +278,39 @@
  roles:
    - role: toal-common
- name: Configure Satellite Servers
+- name: Install Satellite Servers
  hosts: "{{ vm_name }}"
  become: true
  roles:
    - role: jjaswanson4.install_satellite.install_satellite
 - name: Configure Satellite Servers
  hosts: "{{ vm_name }}"
  collections:
    - jjaswanson4.configure_satellite
  tasks:
    - name: include configure_foreman role with katello independent pieces
      include_role:
        name: configure_satellite_foreman
    - name: build satellite by organization
      include_role:
        name: configure_satellite_katello
      loop_control:
        loop_var: organization
      loop: "{{ satellite.katello }}"
    - name: do that again but for katello dependent pieces
      include_role:
        name: configure_satellite_foreman
      vars:
        requires_katello_content: true
 # - name: Customize Satellite Installation
 #   hosts: "{{ vm_name }}"
 #   collections:
 #     - freeipa.ansible_freeipa
 #   tasks:
 #     - name:
--- a/test.yml
+++ b/test.yml
@@ -0,0 +1,2 @@
 ---
 - name: this is an example