Catching up with current dev

2022-04-19 12:01:03 -05:00
parent a881363b9b
commit d1140cf78b
15 changed files with 423 additions and 109 deletions
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@@ -4,24 +4,50 @@
 # This playbook details how an entire datacenter should be deployed
 # 
 # Parameters: 
-# threads: Number of threads to use; default is 8.
-
- hosts: managed
+# threads: Number of threads to use; default is 16.
+#
+- hosts: Nazara
  order: sorted
-  serial: "{{ threads | default('8') }}"
+  serial: "{{ threads | default('16') }}"
  gather_facts: true
  ignore_unreachable: true
  vars_files:
     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
  vars:
+     - ansible_password: "{{ passwords[inventory_hostname] }}"
+     - ansible_become_password: "{{ passwords[inventory_hostname] }}"
  roles:
-      - basics
-      - SSH
-      - Sharingan-Data
+     - Nazara

- hosts: geth-hubs
+- hosts: managed
  order: sorted
-  serial: "{{ threads | default('8') }}"
+  serial: "{{ threads | default('16') }}"
+  gather_facts: true
+  ignore_unreachable: true
+  vars_files:
+     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
+  vars: # This is the only segment that should need these variables, as the basics role should take care of sudo and the SSH key.
+     - ansible_password: "{{ passwords[inventory_hostname] }}"
+     - ansible_become_password: "{{ passwords[inventory_hostname] }}"
+  roles:
+      - ShadowArch
+      - SSH
+      - Sharingan
+
+- hosts: Core
+  order: sorted
+  serial: "{{ threads | default('16') }}"
+  gather_facts: true
+  ignore_unreachable: true
+  vars_files:
+     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
+  roles: 
+      - hardware
+      - SSL
+
+- hosts: geth_hubs
+  order: sorted
+  serial: "{{ threads | default('16') }}"
  gather_facts: true
  ignore_unreachable: true
  vars_files:
@@ -29,16 +55,14 @@
  roles: 
      - Geth-Hub

+- hosts: Node0
+  order: sorted
+  serial: "{{ threads | default('16') }}"
+  gather_facts: true
+  ignore_unreachable: true
+  vars_files:
+     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
+  roles: 
+      - hardware
+      - Node

-# - hosts: Core
-#   order: sorted
-#   serial: "{{ threads | default('8') }}"
-#   gather_facts: true
-#   ignore_unreachable: true
-#   vars_files:
-#      - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
-#   vars:
-#   roles: 
-#      - Yggdrasil
-#      - WebServer
-#      - TheRaven
--- a/playbooks/geth-major-patch.yml
+++ b/playbooks/geth-major-patch.yml
@@ -9,13 +9,12 @@
 # 
 #
 # Patch then restart a node
- hosts: "{{ targetlist | default('all') }}"
+- hosts: "{{ targets | default('geth_hubs') }}"
  order: sorted
  ignore_unreachable: true
  serial: 1
  vars: 
    ansible_become: yes
-    ansible_become_user: root
    ansible_become_method: sudo
    oldmajor: stretch
    newmajor: buster
--- a/playbooks/one-role.yml
+++ b/playbooks/one-role.yml
@@ -20,6 +20,7 @@
  vars: 
      ansible_ssh_port: "{{ sshport | default('22') }}" 
      therole: "{{ role | default('Uptime') }}"
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
  vars_files:
     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"

--- a/playbooks/patching-verification.yml
+++ b/playbooks/patching-verification.yml
@@ -4,7 +4,7 @@
 # Variables:
 # - hosts: what hosts in the inventory to use
 # - threads: how many to check in parallel
- hosts: "{{ hosts | default('all') }}"
+- hosts: "{{ hosts | default('managed') }}"
  order: sorted
  serial: "{{ threads | default('4') }}"
  ignore_unreachable: true
--- a/playbooks/patching.yml
+++ b/playbooks/patching.yml
@@ -7,44 +7,26 @@
 # - target: the host grouper in the inventory -- default: all
 #
 # Patch then restart a node
- hosts: "{{ target | default('all') }}"
+
+- hosts: Node0
  order: sorted
-  ignore_unreachable: true
  serial: 1
  vars: 
    ansible_become: yes
-    ansible_become_user: root
    ansible_become_method: sudo
  vars_files:
    - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
-  tasks:
-    - name: Check /var free percentage
-      command: /bin/bash -c "df -m /var | tail -n 1 | awk '{ print $5; }' | sed 's/%//' "
-      become: no
-      register: df_output
-
-    - name: Verify /var space
-      assert: 
-        that: 
-          - 90 > {{ df_output.stdout }}
-        fail_msg: "Not enough free space"
-
-    - name: Patching all packages (ArchLinux)
-      ignore_errors: yes
-      when: ansible_os_family == "Archlinux"
-      pacman:
-        upgrade: yes
-        update_cache: yes
-
-    - name: Patching all packages (Debian)
-      ignore_errors: yes
-      when: ansible_os_family == "Debian"
-      apt:
-        upgrade: yes
-        update_cache: yes
-
-    - name: Reboot
-      ignore_errors: yes
-      reboot:
-          reboot_timeout: 2
+  roles:
+    - patching

+- hosts: managed
+  order: sorted
+  ignore_unreachable: true
+  serial: 4
+  vars: 
+    ansible_become: yes
+    ansible_become_method: sudo
+  vars_files:
+    - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
+  roles:
+    - patching
--- a/playbooks/sshkey.yml
+++ b/playbooks/sshkey.yml
@@ -13,53 +13,27 @@
 #
 - hosts: "{{ targets | default('managed') }}"
  order: sorted
-  serial: "{{ threads | default('1') }}"
-  gather_facts: false
+  serial: "{{ threads | default('8') }}"
+  gather_facts: true
  ignore_unreachable: true
  vars: 
+      ansible_ssh_password: "{{ passwords[inventory_hostname] }}"
      ansible_ssh_port: "{{ sshport | default('22') }}" 
      keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
  vars_files:
     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"

  tasks:
+      # Scanning SSH keys has been replaced with ../bin/generate-ssh-keyscan
+     
      - name: Get key
        delegate_to: localhost
        command: "cat {{ keyfile }}"
        register: key

-      - name: Ensure known_hosts is commented
-        delegate_to: localhost
-        lineinfile:
-            dest: ~/.ssh/known_hosts
-            create: yes
-            state: present
-            line: "# {{ inventory_hostname + '.' + replica_domain }}"
-
-      # Thanks to https://gist.github.com/shirou/6928012
-      - name: Ensure ssh host RSA key known
-        delegate_to: localhost
-        lineinfile:
-            dest: ~/.ssh/known_hosts
-            create: yes
-            state: present
-            line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
-
-      # Thanks to https://gist.github.com/shirou/6928012
-      - name: Ensure ssh host ED25519 key known
-        delegate_to: localhost
-        lineinfile:
-            dest: ~/.ssh/known_hosts
-            create: yes
-            state: present
-            line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -ted25519 -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
-
      - authorized_key:
-            user: "{{ depriv_user }}"
+            user: "{{ ansible_user_id }}"
            key: "{{ key.stdout }}"
            state: present
            exclusive: true
        name: "Pass authorized key"
-        vars:
-          ansible_ssh_password: "{{ vars['passwords'][inventory_hostname] }}"
-
--- a/playbooks/vars-debugging.yml
+++ b/playbooks/vars-debugging.yml
@@ -25,5 +25,4 @@

  tasks:
      - debug: 
-          msg: "{{ lookup('vars', variablename) }}"
-
+          msg: "{{ lookup('vars',variablename) }}"