changes
This commit is contained in:
parent
e969093d67
commit
68cce1fd3a
|
@ -4,22 +4,12 @@
|
|||
name: proftpd
|
||||
state: present
|
||||
update_cache: yes
|
||||
- name: enable proftpd service
|
||||
service:
|
||||
name: proftpd
|
||||
enabled: yes
|
||||
- name: start proftpd service
|
||||
|
||||
- name: enable proftpd
|
||||
service:
|
||||
name: proftpd
|
||||
state: started
|
||||
|
||||
|
||||
# make `/mirror/root` dir
|
||||
|
||||
# will this overwrite the /mirror/root/include ?
|
||||
|
||||
# double check perms
|
||||
|
||||
# proftpd requires modules (how to install ?)
|
||||
- name: copy over config files
|
||||
copy:
|
||||
|
@ -31,8 +21,6 @@
|
|||
loop:
|
||||
- { src: blacklist.dat, dest: blacklist.dat, mode: "644" }
|
||||
# - { src: dhparams.pem, dest: dhparams.pem, mode: "644" }
|
||||
# generate this file with:
|
||||
# openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096|6144|7680|8192 >> dhparams.pem
|
||||
- { src: ldap.conf, dest: ldap.conf, mode: "600" }
|
||||
- { src: modules.conf, dest: modules.conf, mode: "644" }
|
||||
- { src: proftpd.conf, dest: proftpd.conf, mode: "644" }
|
||||
|
@ -40,7 +28,18 @@
|
|||
- { src: tls.conf, dest: tls.conf, mode: "644" }
|
||||
- { src: virtuals.conf, dest: virtuals.conf, mode: "644" }
|
||||
|
||||
- name: reload proftpd service
|
||||
- name: create dhparams.pem
|
||||
# not regenerated every playbook run
|
||||
command:
|
||||
cmd: >
|
||||
openssl dhparam
|
||||
-outform PEM -2|-5
|
||||
1024|1536|2048|3072|4096|6144|7680|8192
|
||||
>> /etc/proftpd/dhparams.pem
|
||||
creates: /etc/proftpd/dhparams.pem
|
||||
|
||||
- name: restart and enable proftpd
|
||||
service:
|
||||
name: proftpd
|
||||
state: reloaded
|
||||
state: restarted
|
||||
enabled: yes
|
|
@ -5,9 +5,14 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
# TODO: start/restart cron
|
||||
|
||||
- name: copy mirror home
|
||||
- name: restart and enable cron
|
||||
systemd:
|
||||
name: cron
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: copy files for /home/mirror
|
||||
copy:
|
||||
src: "{{ role_path }}/templates/mirror/"
|
||||
dest: /home/mirror
|
||||
|
@ -15,21 +20,14 @@
|
|||
group: mirror
|
||||
mode: preserve
|
||||
|
||||
- name: copy include
|
||||
- name: copy files for /mirror/root
|
||||
copy:
|
||||
src: "{{ role_path }}/templates/root/root/include/"
|
||||
dest: /mirror/root/include
|
||||
src: "{{ role_path }}/templates/root/root/"
|
||||
dest: /mirror/root
|
||||
owner: root
|
||||
group: csc-mirror
|
||||
mode: preserve
|
||||
|
||||
- name: create merlin directories
|
||||
file:
|
||||
path: /mirror/merlin
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
|
||||
- name: create merlin subdirectories
|
||||
file:
|
||||
path: "/mirror/merlin/{{ item.file }}"
|
||||
|
@ -37,30 +35,30 @@
|
|||
group: "{{ item.owner }}"
|
||||
mode: "0755"
|
||||
loop:
|
||||
- { file: bin, owner: root }
|
||||
- { file: dev, owner: root }
|
||||
- { file: bin, owner: root }
|
||||
- { file: run, owner: mirror }
|
||||
|
||||
- name: copy over arthur and busybox
|
||||
- name: copy arthur and busybox into merlin
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
dest: "/mirror/merlin/{{ item.dest }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
loop:
|
||||
- src: "{{ role_path }}/templates/root/merlin/arthur"
|
||||
dest: "/mirror/merlin/arthur"
|
||||
dest: "arthur"
|
||||
- src: "/usr/bin/busybox"
|
||||
dest: "/mirror/merlin/bin/busybox"
|
||||
dest: "bin/busybox"
|
||||
|
||||
- name: create symlinks
|
||||
- name: create symlinks from busybox and arthur
|
||||
# noqa deprecated-command-syntax
|
||||
# need chdir to create relative symlinks
|
||||
command:
|
||||
cmd: "ln -s {{ item.src }} {{ item.dest }}"
|
||||
chdir: "/mirror/merlin/run"
|
||||
creates: "/mirror/merlin/run/{{ item.dest }}"
|
||||
chdir: "/mirror/merlin/bin"
|
||||
creates: "/mirror/merlin/bin/{{ item.dest }}"
|
||||
loop:
|
||||
- { src: busybox, dest: cd }
|
||||
- { src: busybox, dest: cp }
|
||||
|
@ -71,12 +69,33 @@
|
|||
- { src: busybox, dest: sleep }
|
||||
- { src: ../arthur, dest: arthur }
|
||||
|
||||
# startup merlin to get
|
||||
# /mirror/merlin/run/merlin.sock
|
||||
# then symlink to /mirror/merlin/merlin.sock
|
||||
# and /home/mirror/merlin/merlin.sock
|
||||
# https://tldp.org/LDP/lfs/LFS-BOOK-6.1.1-HTML/chapter06/devices.html
|
||||
- name: create special files
|
||||
# /dev/(random|urandom) normally has "-m 0444"
|
||||
# donno why mirror has writable random and urandom
|
||||
command:
|
||||
cmd: "mknod -m 0666 /mirror/merlin/dev/{{ item.file }} c 1 {{ item.type }}"
|
||||
creates: "/mirror/merlin/dev/{{ item.file }}"
|
||||
loop:
|
||||
- { type: "3", file: "null" }
|
||||
- { type: "8", file: "random" }
|
||||
- { type: "9", file: "urandom" }
|
||||
|
||||
# in /mirror/merlin/dev need to create null random urandom with mknod
|
||||
- name: create first merlin.sock symlink
|
||||
# noqa deprecated-command-syntax
|
||||
# need chdir to create relative symlinks
|
||||
command:
|
||||
cmd: "ln -s run/merlin.sock merlin.sock"
|
||||
chdir: "/mirror/merlin"
|
||||
creates: "/mirror/merlin/merlin.sock"
|
||||
|
||||
# might not need the root/merlin/(bin|dev|run) and just make the empty dirs
|
||||
# where does arthur come from?
|
||||
- name: create second merlin.sock symlink
|
||||
file:
|
||||
src: "/mirror/merlin/merlin.sock"
|
||||
dest: "/home/mirror/merlin/merlin.sock"
|
||||
owner: root
|
||||
group: root
|
||||
state: link
|
||||
|
||||
# TODO: copy over merlin.service and start/enable service
|
||||
# this will create /mirror/merlin/run/merlin.sock
|
|
@ -1,12 +1,12 @@
|
|||
---
|
||||
- name: Install nginx
|
||||
- name: install nginx
|
||||
apt:
|
||||
name: nginx
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Start nginx service
|
||||
service:
|
||||
- name: start nginx
|
||||
systemd:
|
||||
name: nginx
|
||||
state: started
|
||||
|
||||
|
@ -39,16 +39,18 @@
|
|||
group: root
|
||||
mode: "0755"
|
||||
|
||||
- name: Find all files in sites-available
|
||||
find:
|
||||
paths: /etc/nginx/sites-available
|
||||
register: sites
|
||||
- name: enable debian.conf and mirror.conf
|
||||
# noqa deprecated-command-syntax
|
||||
command:
|
||||
cmd: "ln -s ../sites-available/{{ item }} {{ item }}"
|
||||
chdir: "/etc/nginx/sites-enabled"
|
||||
creates: "/etc/nginx/sites-enabled/{{ item }}"
|
||||
loop:
|
||||
- debian.conf
|
||||
- mirror.conf
|
||||
|
||||
- name: Link to sites-enabled
|
||||
file:
|
||||
src: "{{ item.path }}"
|
||||
path: "/etc/nginx/sites-enabled/{{ item.path | basename }}"
|
||||
state: link
|
||||
with_items: "{{ sites.files }}"
|
||||
|
||||
# restart nginx service
|
||||
- name: restart and enable nginx
|
||||
systemd:
|
||||
name: nginx
|
||||
state: restarted
|
||||
enabled: yes
|
|
@ -1,22 +0,0 @@
|
|||
Will not copy ssl certs (dev env will not support ssl?)
|
||||
```
|
||||
mime.types ->
|
||||
/etc/nginx/mime.types
|
||||
```
|
||||
```
|
||||
nginx.conf ->
|
||||
/etc/nginx/nginx.conf
|
||||
```
|
||||
```
|
||||
includes/ ->
|
||||
/etc/nginx/includes/
|
||||
```
|
||||
```
|
||||
sites-available/ ->
|
||||
/etc/nginx/sites-available/
|
||||
```
|
||||
To enable the sites
|
||||
```
|
||||
ln -s /etc/nginx/sites-available/debian.conf /etc/nginx/sites-enabled/
|
||||
ln -s /etc/nginx/sites-available/mirror.conf /etc/nginx/sites-enabled/
|
||||
```
|
|
@ -4,19 +4,24 @@
|
|||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: start rsync
|
||||
systemd:
|
||||
name: rsync
|
||||
state: started
|
||||
|
||||
- name: copy rsync configs
|
||||
template:
|
||||
copy:
|
||||
src: "{{ role_path }}/templates/{{ item.src }}"
|
||||
dest: /etc/{{ item.dest }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
loop:
|
||||
- { src: "rsyncd.conf.j2", dest: "rsyncd.conf" }
|
||||
- { src: "rsyncd-filter.conf.j2", dest: "rsyncd-filter.conf" }
|
||||
- { src: "rsyncd.conf", dest: "rsyncd.conf" }
|
||||
- { src: "rsyncd-filter.conf", dest: "rsyncd-filter.conf" }
|
||||
|
||||
- name: enable and start rsync daemon
|
||||
- name: restart and enable rsync
|
||||
systemd:
|
||||
name: rsync
|
||||
enabled: true
|
||||
state: started
|
||||
state: restarted
|
||||
enabled: true
|
0
roles/rsync/templates/rsyncd-filter.conf.j2 → roles/rsync/templates/rsyncd-filter.conf
Executable file → Normal file
0
roles/rsync/templates/rsyncd-filter.conf.j2 → roles/rsync/templates/rsyncd-filter.conf
Executable file → Normal file
0
roles/rsync/templates/rsyncd.conf.j2 → roles/rsync/templates/rsyncd.conf
Executable file → Normal file
0
roles/rsync/templates/rsyncd.conf.j2 → roles/rsync/templates/rsyncd.conf
Executable file → Normal file
|
@ -1,4 +1,4 @@
|
|||
- name: ensure groups are created
|
||||
- name: create groups
|
||||
group:
|
||||
name: "{{ item.group }}"
|
||||
gid: "{{ item.gid }}"
|
||||
|
@ -9,7 +9,7 @@
|
|||
- { group: syscom, gid: 10001 }
|
||||
- { group: csc-mirror, gid: 10014 }
|
||||
|
||||
- name: ensure users are created
|
||||
- name: create users
|
||||
user:
|
||||
name: "{{ item.user }}"
|
||||
shell: "{{ item.shell }}"
|
||||
|
@ -34,14 +34,21 @@
|
|||
|
||||
# why are the file permissions like this?
|
||||
|
||||
- name: create /mirror and /mirror/merlin
|
||||
- name: create /mirror
|
||||
file:
|
||||
path: /mirror
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
|
||||
- name: create /mirror/merlin
|
||||
file:
|
||||
path: /mirror/merlin
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
recurse: yes
|
||||
|
||||
- name: create /mirror/root
|
||||
file:
|
||||
|
@ -51,10 +58,9 @@
|
|||
group: syscom
|
||||
mode: "0775"
|
||||
|
||||
# only .cscmirror1 is owned by mirror:mirror
|
||||
# .cscmirror(2|3) is owned by root:root
|
||||
|
||||
- name: create zfs mountpoint
|
||||
# inconsistency: only .cscmirror1 is owned by mirror
|
||||
# .cscmirror(2|3) is owned by root
|
||||
file:
|
||||
path: /mirror/root/.cscmirror
|
||||
state: directory
|
||||
|
@ -87,7 +93,7 @@
|
|||
- /dev/vde
|
||||
- /dev/vdf
|
||||
|
||||
- name: concatenate disks into single line
|
||||
- name: join disk pathes onto one line
|
||||
set_fact:
|
||||
disk_arg: "{{ disks | join(' ') }}"
|
||||
|
||||
|
@ -106,6 +112,6 @@
|
|||
{{ disk_arg }}
|
||||
when: zpool_exists.rc != 0
|
||||
|
||||
# mount all zpools
|
||||
# zfs mount -a
|
||||
# may need to mount it (also check that it will automount on boot)
|
||||
# - name: mount zool
|
||||
# command: zfs mount -a
|
||||
# when: zpool_exists.rc != 0
|
Loading…
Reference in New Issue