changes

1 year ago · 68cce1fd3a
parent e969093d67
commit 68cce1fd3a
8 changed files with 106 additions and 97 deletions
--- a/roles/ftp/tasks/main.yml
+++ b/roles/ftp/tasks/main.yml
@ -4,22 +4,12 @@
    name: proftpd
    state: present
    update_cache: yes
- name: enable proftpd service
-  service:
-    name: proftpd
-    enabled: yes
- name: start proftpd service
+
+- name: enable proftpd
  service:
    name: proftpd
    state: started

-
-# make `/mirror/root` dir
-
-# will this overwrite the /mirror/root/include ?
-
-# double check perms
-
 # proftpd requires modules (how to install ?)
 - name: copy over config files
  copy:
@ -31,8 +21,6 @@
  loop:
    - { src: blacklist.dat, dest: blacklist.dat, mode: "644" }
 #    - { src: dhparams.pem, dest: dhparams.pem, mode: "644" }
-# generate this file with:
-# openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096|6144|7680|8192 >> dhparams.pem
    - { src: ldap.conf, dest: ldap.conf, mode: "600" }
    - { src: modules.conf, dest: modules.conf, mode: "644" }
    - { src: proftpd.conf, dest: proftpd.conf, mode: "644" }
@ -40,7 +28,18 @@
    - { src: tls.conf, dest: tls.conf, mode: "644" }
    - { src: virtuals.conf, dest: virtuals.conf, mode: "644" }

- name: reload proftpd service
+- name: create dhparams.pem
+  # not regenerated every playbook run
+  command:
+    cmd: >
+      openssl dhparam 
+      -outform PEM -2|-5 
+      1024|1536|2048|3072|4096|6144|7680|8192 
+      >> /etc/proftpd/dhparams.pem
+    creates: /etc/proftpd/dhparams.pem
+
+- name: restart and enable proftpd
  service:
    name: proftpd
-    state: reloaded
+    state: restarted
+    enabled: yes
--- a/roles/mirror/tasks/main.yml
+++ b/roles/mirror/tasks/main.yml
@ -5,9 +5,14 @@
    owner: root
    group: root
    mode: "0644"
-# TODO: start/restart cron

- name: copy mirror home
+- name: restart and enable cron
+  systemd:
+    name: cron
+    state: restarted
+    enabled: yes
+
+- name: copy files for /home/mirror
  copy:
    src: "{{ role_path }}/templates/mirror/"
    dest: /home/mirror
@ -15,21 +20,14 @@
    group: mirror
    mode: preserve

- name: copy include
+- name: copy files for /mirror/root
  copy: 
-    src: "{{ role_path }}/templates/root/root/include/"
-    dest: /mirror/root/include
+    src: "{{ role_path }}/templates/root/root/"
+    dest: /mirror/root
    owner: root
    group: csc-mirror
    mode: preserve

- name: create merlin directories
-  file:
-    path: /mirror/merlin
-    owner: root
-    group: root
-    mode: "0755"
-
 - name: create merlin subdirectories
  file:
    path: "/mirror/merlin/{{ item.file }}"
@ -37,30 +35,30 @@
    group: "{{ item.owner }}"
    mode: "0755"
  loop:
-    - { file: bin, owner: root }
    - { file: dev, owner: root }
+    - { file: bin, owner: root }
    - { file: run, owner: mirror }

- name: copy over arthur and busybox
+- name: copy arthur and busybox into merlin
  copy:
    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
+    dest: "/mirror/merlin/{{ item.dest }}"
    owner: root
    group: root
    mode: "0755"
  loop:
    - src: "{{ role_path }}/templates/root/merlin/arthur"
-      dest: "/mirror/merlin/arthur"
+      dest: "arthur"
    - src: "/usr/bin/busybox"
-      dest: "/mirror/merlin/bin/busybox"
+      dest: "bin/busybox"

- name: create symlinks
+- name: create symlinks from busybox and arthur
  # noqa deprecated-command-syntax
  # need chdir to create relative symlinks
  command: 
    cmd: "ln -s {{ item.src }} {{ item.dest }}"
-    chdir: "/mirror/merlin/run"
-    creates: "/mirror/merlin/run/{{ item.dest }}"
+    chdir: "/mirror/merlin/bin"
+    creates: "/mirror/merlin/bin/{{ item.dest }}"
  loop:
    - { src: busybox, dest: cd }
    - { src: busybox, dest: cp }
@ -71,12 +69,33 @@
    - { src: busybox, dest: sleep }
    - { src: ../arthur, dest: arthur }

-# startup merlin to get
-# /mirror/merlin/run/merlin.sock
-# then symlink to /mirror/merlin/merlin.sock 
-# and /home/mirror/merlin/merlin.sock
+  # https://tldp.org/LDP/lfs/LFS-BOOK-6.1.1-HTML/chapter06/devices.html
+- name: create special files
+  # /dev/(random|urandom) normally has "-m 0444"
+  # donno why mirror has writable random and urandom
+  command:
+    cmd: "mknod -m 0666 /mirror/merlin/dev/{{ item.file }} c 1 {{ item.type }}"
+    creates: "/mirror/merlin/dev/{{ item.file }}"
+  loop:
+    - { type: "3", file: "null" }
+    - { type: "8", file: "random" }
+    - { type: "9", file: "urandom" }
+
+- name: create first merlin.sock symlink
+  # noqa deprecated-command-syntax
+  # need chdir to create relative symlinks
+  command: 
+    cmd: "ln -s run/merlin.sock merlin.sock"
+    chdir: "/mirror/merlin"
+    creates: "/mirror/merlin/merlin.sock"

-# in /mirror/merlin/dev need to create null random urandom with mknod
+- name: create second merlin.sock symlink
+  file:
+    src: "/mirror/merlin/merlin.sock"
+    dest: "/home/mirror/merlin/merlin.sock"
+    owner: root
+    group: root
+    state: link

-# might not need the root/merlin/(bin|dev|run) and just make the empty dirs
-# where does arthur come from?
+# TODO: copy over merlin.service and start/enable service 
+# this will create /mirror/merlin/run/merlin.sock
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -1,12 +1,12 @@
 ---
- name: Install nginx
+- name: install nginx
  apt:
    name: nginx
    state: present
    update_cache: true

- name: Start nginx service
-  service:
+- name: start nginx
+  systemd:
    name: nginx
    state: started

@ -39,16 +39,18 @@
    group: root
    mode: "0755"

- name: Find all files in sites-available
-  find:
-    paths: /etc/nginx/sites-available
-  register: sites
-
- name: Link to sites-enabled
-  file:
-    src: "{{ item.path }}"
-    path: "/etc/nginx/sites-enabled/{{ item.path | basename }}"
-    state: link
-  with_items: "{{ sites.files }}"
+- name: enable debian.conf and mirror.conf
+  # noqa deprecated-command-syntax
+  command: 
+    cmd: "ln -s ../sites-available/{{ item }} {{ item }}"
+    chdir: "/etc/nginx/sites-enabled"
+    creates: "/etc/nginx/sites-enabled/{{ item }}"
+  loop:
+    - debian.conf
+    - mirror.conf

-# restart nginx service
+- name: restart and enable nginx
+  systemd:
+    name: nginx
+    state: restarted
+    enabled: yes
--- a/roles/nginx/templates/README.md
+++ b/roles/nginx/templates/README.md
@ -1,22 +0,0 @@
-Will not copy ssl certs (dev env will not support ssl?)
-```
-mime.types ->
-/etc/nginx/mime.types
-```
-```
-nginx.conf ->
-/etc/nginx/nginx.conf
-```
-```
-includes/ ->
-/etc/nginx/includes/
-```
-```
-sites-available/ ->
-/etc/nginx/sites-available/
-```
-To enable the sites
-```
-ln -s /etc/nginx/sites-available/debian.conf /etc/nginx/sites-enabled/
-ln -s /etc/nginx/sites-available/mirror.conf /etc/nginx/sites-enabled/
-```
--- a/roles/rsync/tasks/main.yml
+++ b/roles/rsync/tasks/main.yml
@ -4,19 +4,24 @@
    state: present
    update_cache: yes

+- name: start rsync
+  systemd:
+    name: rsync
+    state: started
+
 - name: copy rsync configs
-  template:
+  copy:
    src: "{{ role_path }}/templates/{{ item.src }}"
    dest: /etc/{{ item.dest }}
    owner: root
    group: root
    mode: "0644"
  loop:
-    - { src: "rsyncd.conf.j2", dest: "rsyncd.conf" } 
-    - { src: "rsyncd-filter.conf.j2", dest: "rsyncd-filter.conf" } 
+    - { src: "rsyncd.conf", dest: "rsyncd.conf" } 
+    - { src: "rsyncd-filter.conf", dest: "rsyncd-filter.conf" } 

- name: enable and start rsync daemon
+- name: restart and enable rsync
  systemd:
    name: rsync
-    enabled: true
-    state: started
+    state: restarted
+    enabled: true
--- a/roles/rsync/templates/rsyncd-filter.conf.j2
+++ b/roles/rsync/templates/rsyncd-filter.conf.j2
--- a/roles/rsync/templates/rsyncd.conf.j2
+++ b/roles/rsync/templates/rsyncd.conf.j2
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@ -1,4 +1,4 @@
- name: ensure groups are created
+- name: create groups
  group:
    name: "{{ item.group }}"
    gid: "{{ item.gid }}"
@ -9,7 +9,7 @@
    - { group: syscom, gid: 10001 }
    - { group: csc-mirror, gid: 10014 }

- name: ensure users are created
+- name: create users 
  user:
    name: "{{ item.user }}"
    shell: "{{ item.shell }}"
@ -34,14 +34,21 @@

 # why are the file permissions like this?

- name: create /mirror and /mirror/merlin
+- name: create /mirror
+  file:
+    path: /mirror
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+
+- name: create /mirror/merlin
  file:
    path: /mirror/merlin
    state: directory
    owner: root
    group: root
    mode: "0755"
-    recurse: yes

 - name: create /mirror/root
  file:
@ -51,10 +58,9 @@
    group: syscom
    mode: "0775"

-# only .cscmirror1 is owned by mirror:mirror
-# .cscmirror(2|3) is owned by root:root
-
 - name: create zfs mountpoint
+# inconsistency: only .cscmirror1 is owned by mirror
+# .cscmirror(2|3) is owned by root
  file:
    path: /mirror/root/.cscmirror
    state: directory
@ -87,7 +93,7 @@
      - /dev/vde 
      - /dev/vdf

- name: concatenate disks into single line
+- name: join disk pathes onto one line
  set_fact:
    disk_arg: "{{ disks | join(' ') }}"

@ -106,6 +112,6 @@
    {{ disk_arg }}
  when: zpool_exists.rc != 0

-# mount all zpools 
-# zfs mount -a
-# may need to mount it (also check that it will automount on boot)
+# - name: mount zool
+#   command: zfs mount -a 
+#   when: zpool_exists.rc != 0