AniNIX/Kapisi
3
0
Fork 0
Code Issues 27 Pull Requests Projects 1 Releases Wiki Activity

Updating Ubiqtorate

Browse Source
This commit is contained in:
DarkFeather
2020-10-08 16:33:19 -05:00
parent eaeae93a0f
commit e12c8ff0c6
53 changed files with 1645 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
playbooks/deploy.yml Normal file
View File

@@ -0,0 +1,100 @@
---
# deploy.yml
#
# This playbook details how an entire datacenter should be deployed
#
# Parameters:
# threads: Number of threads to use; default is 8.
- hosts: all
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: true
ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
vars:
roles:
- basics
- networking
- SSH
- Sharingan-Data
- hosts: DarkNet
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: true
ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
vars:
roles:
- DarkNet
- SSH
- hosts: Core
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: true
ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
vars:
roles:
- SSL
- Yggdrasil
- WebServer
- Foundation
- IRC
- Sharingan-IDS
- hosts: Maat
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: true
ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
vars:
roles:
- Maat
- hosts: Sharingan
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: true
ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
vars:
roles:
- Sharingan
- hosts: MaatBuilder
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: true
ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
vars:
roles:
- MaatBuilder
- hosts: Nazara
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: true
ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
vars:
roles:
- MaatBuilder

62
playbooks/geth-major-patch.yml Normal file
View File

@@ -0,0 +1,62 @@
---
# patching.yml
#
# This playbook can be used to patch all the servers in an inventory to the latest on the repo servers
# Variables:
# - hosts: the host grouper in the inventory -- default: all
# - action: update or upgrade -- default: update
# - delay: minutes to wait after a reboot -- default 5
#
#
# Patch then restart a node
- hosts: "{{ targetlist | default('all') }}"
order: sorted
ignore_unreachable: true
serial: 1
vars:
ansible_become: yes
ansible_become_user: root
ansible_become_method: sudo
oldmajor: stretch
newmajor: buster
tasks:
- name: Check /var free percentage
command: /bin/bash -c "df -m /var | tail -n 1 | awk '{ print $5; }' | sed 's/%//' "
become: no
register: df_output
- name: Verify /var space
assert:
that:
- 90 > {{ df_output.stdout }}
fail_msg: "Not enough free space"
- apt:
name: python-apt
state: present
- name: apt dist-upgrade
apt:
update_cache: yes
upgrade: dist
ignore_errors: yes
- name: Replace repo
command: "sed -i 's/{{ oldmajor }}/{{ newmajor }}/g' /etc/apt/sources.list"
become: yes
- name: Update packages
apt:
upgrade: full
update_cache: yes
autoremove: yes
autoclean: yes
ignore_errors: yes
# - name: Perform firmware-update
# command: rpi-update
# become: yes
- reboot:
- wait_for_connection:

28
playbooks/one-role.yml Normal file
View File

@@ -0,0 +1,28 @@
# ---
# one-role.yml
#
# Test a single role against a host or group of hosts.
#
# Parameters:
# targets: group in the inventory to use
# threads: number of simultaneous executions
# role: role to run
# sshport (optional): override 22/tcp/ssh for Ansible control
#
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
# Also set ANSIBLE_VAULT_PASSWORD_FILE to your password file location if you want it.
#
- hosts: "{{ targets | default('all') }}"
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: true
ignore_unreachable: true
vars:
ansible_ssh_port: "{{ sshport | default('22') }}"
therole: "{{ role | default('Uptime') }}"
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
roles:
- "{{ therole }}"

27
playbooks/patching-verification.yml Normal file
View File

@@ -0,0 +1,27 @@
---
# patching.yml
#
# Variables:
# - hosts: what hosts in the inventory to use
# - threads: how many to check in parallel
- hosts: "{{ hosts | default('all') }}"
order: sorted
serial: "{{ threads | default('4') }}"
ignore_unreachable: true
vars:
ansible_become: no
tasks:
- name: Check updates
yum:
list=updates
update_cache=true
ignore_errors: true
register: yumupdates
- name: Patching succeeded
ignore_errors: true
assert:
that:
- yumupdates.results|length == 0
- df_output.stdout is search("rhel-7-server-rpms-nist")

52
playbooks/patching.yml Normal file
View File

@@ -0,0 +1,52 @@
---
# patching.yml
#
# This playbook can be used to patch all the servers in an inventory to the latest on the repo servers
# Variables:
# - hosts: the host grouper in the inventory -- default: all
# - action: update or upgrade -- default: update
# - delay: minutes to wait after a reboot -- default 5
#
#
# Patch then restart a node
- hosts: "{{ hosts | default('all') }}"
order: sorted
ignore_unreachable: true
serial: 1
vars:
ansible_become: yes
ansible_become_user: root
ansible_become_method: sudo
vars_files:
- "{{ playbook_dir }}/../.vault"
tasks:
- name: Check /var free percentage
command: /bin/bash -c "df -m /var | tail -n 1 | awk '{ print $5; }' | sed 's/%//' "
become: no
register: df_output
- name: Verify /var space
assert:
that:
- 90 > {{ df_output.stdout }}
fail_msg: "Not enough free space"
- name: Patching
ignore_errors: yes
yum:
name: '*'
state: latest
update_cache: yes
# disablerepo: '*'
enablerepo: rhel-7-server-rpms-nist
register: patching_output
- debug:
msg: "{{ patching_output }}"
- name: Reboot
reboot:
- name: Wait for reboot
wait_for_connection:

1
playbooks/roles Symbolic link
View File

@@ -0,0 +1 @@
../roles/

45
playbooks/sshkey.yml Normal file
View File

@@ -0,0 +1,45 @@
# ---
# sshkey.yml
#
# ssh-keyscan and copy your SSH key to hosts
#
# Parameters:
# targets: group in the inventory to use
# threads: number of simultaneous executions
# pubkey: file to hand off
# sshport (optional): override 22/tcp/ssh for Ansible control
#
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
#
- hosts: "{{ targets | default('all') }}"
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: false
ignore_unreachable: true
vars:
ansible_ssh_port: "{{ sshport | default('22') }}"
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
tasks:
- name: Get key
delegate_to: localhost
command: "cat {{ keyfile }}"
register: key
# Thanks to https://gist.github.com/shirou/6928012
- name: Ensure ssh host key known
delegate_to: localhost
lineinfile:
dest: ~/.ssh/known_hosts
create: yes
state: present
line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
- authorized_key:
user: "{{ lookup('env','USER') }}"
key: "{{ key.stdout }}"
state: present
exclusive: true
name: "Pass authorized key"

29
playbooks/vars-debugging.yml Normal file
View File

@@ -0,0 +1,29 @@
# ---
# one-role.yml
#
# Test a single role against a host or group of hosts.
#
# Parameters:
# targets: group in the inventory to use
# threads: number of simultaneous executions
# variablename: the variable to print
# sshport (optional): override 22/tcp/ssh for Ansible control
#
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
# Also set ANSIBLE_VAULT_PASSWORD_FILE to your password file location if you want it.
#
- hosts: "{{ targets | default('all') }}"
order: sorted
serial: "{{ threads | default('8') }}"
gather_facts: true
ignore_unreachable: true
vars:
ansible_ssh_port: "{{ sshport | default('22') }}"
variablename: "{{ variable | default('ansible_os_family') }}"
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
tasks:
- debug:
msg: "{{ lookup('vars', variablename) }}"