public
/
mirror-env
10
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

update mirror and system setup roles

This commit is contained in:
Andrew Wang 2021-09-26 02:32:22 -04:00
parent 5cee6914d5
commit 98c4b94cd4
9 changed files with 183 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
libvirt/main.yml
View File

@ -31,7 +31,7 @@
- name: fetch ubuntu iso
get_url:
url: https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso
url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
# Installing VMs from Ready Images
@ -103,22 +103,36 @@
# copy over pub key into /root/.ssh/authorized_keys
# add line to ssh config that allows ssh as root
# this should execute in order right?
- name: setup mirror vm
hosts: 192.168.123.2
tasks:
- name: setup system
import_role:
name: "../roles/system"
# - modify ssh config to allow root login
# - copy over ssh public keys (if provided)
roles:
- "../roles/system"
- "../roles/mirror"
# - "../roles/ftp"
# - "../roles/nginx"
# - "../roles/rsync"
# tasks:
# allow root login from here
# become: root
- name: setup mirror
import_role:
name: "../roles/mirror"
- name: setup other services
import_role:
name: "../roles/{{ item }}"
loop:
- ftp
- nginx
- rsync
# - mirrormanager
# loop does not work...
# - name: setup system
# import_role:
# name: "../roles/system"
# - name: setup mirror
# import_role:
# name: "../roles/mirror"
# - name: setup ftp
# import_role:
# name: "../roles/ftp"
# - name: setup nginx
# import_role:
# name: "../roles/nginx"
# - name: setup rsync
# import_role:
# name: "../roles/rsync"
# - name: setup rsync
# import_role: "../roles/mirrormanager"

65
roles/README.md
View File

@ -1,42 +1,33 @@
## TODO
- modify configs when appropriate
- net.ipv4.ip_forward=1 for both host and vm
- create 3 users
- local (does nothing?)
- mirror (does something)
- push (ssh authorized_keys for pushing)
### Storage
symlink projects from `/mirror/root/.cscmirror` to `/mirror/root`
### dirs of importance
### Merlin
check wiki for more details
### Push Sync
create `push` user and ssh keypair in `/home/push/.ssh/authorized_keys`
check wiki for more details
### Sync Scripts
add sync scripts to `~mirror/bin`
merge all mirror stuff into mirror role
setup role that creates zpools and users
# to write
- ftp
- mirror
- setup
- local
# to update
## to update
- hosts + ansible.cfg
- group_vars
- quote the file mode (0777 -> '0777')
- add directory_mode to set directory permission
- double check src and dest behaviour with trailing /
- could check that copy works like rsync
- could check that copy works like rsync
## other info
troubleshooting: try to load the kvm module with `modprobe kvm_intel`
interface should automatically come up but can also use
$ virt-viewer --domain-name mirror
if vm is on a remote machine
$ virt-viewer --connect qemu+ssh://user@host.example.com/system vmnamehere
for now just have a folder of screenshots
- change name of lvm volume from "lv0-root" to just "root"
troubleshooting: ignore "failed to unmount /cdrom" and just ctrl+c in viewer
login into your created user (from install), change to root, and create password for root
$ sudo su
type in your password
$ passwd
create root password
may already be mounted but just to be sure
$ zfs mount -a
- mirror hosts
- http://mirror.csclub.uwaterloo.ca (the mirror)
- http://ca.releases.ubuntu.com (ubuntu releases)
- http://ca.ceph.com (ceph releases)
- http://debian.csclub.uwaterloo.ca (csclub's debian packages)

2
roles/ftp/tasks/main.yml
View File

@ -18,7 +18,7 @@
dest: /etc/proftpd/proftpd.conf
# owner: root
# group: root
# mode: 0755
# mode: "0755"
# also need to get

25
roles/mirror.txt
View File

@ -1,25 +0,0 @@
troubleshooting: try to load the kvm module with `modprobe kvm_intel`
interface should automatically come up but can also use
$ virt-viewer --domain-name mirror
if vm is on a remote machine
$ virt-viewer --connect qemu+ssh://user@host.example.com/system vmnamehere
for now just have a folder of screenshots
- change name of lvm volume from "lv0-root" to just "root"
troubleshooting: ignore "failed to unmount /cdrom" and just ctrl+c in viewer
login into your created user (from install), change to root, and create password for root
$ sudo su
type in your password
$ passwd
create root password
may already be mounted but just to be sure
$ zfs mount -a
- mirror hosts
- http://mirror.csclub.uwaterloo.ca (the mirror)
- http://ca.releases.ubuntu.com (ubuntu releases)
- http://ca.ceph.com (ceph releases)
- http://debian.csclub.uwaterloo.ca (csclub's debian packages)

91
roles/mirror/tasks/main.yml
View File

@ -1,73 +1,58 @@
# setup will folders and users for us to use here
# merlin will create
# /mirror/merlin/run + run/merlin.sock
# do we need to create ln -s from /mirror/merlin/run/merlin.sock to /mirror/merlin/merlin.sock
# - name: set up /home/mirror
- name: copy over crond job
- name: copy cron job
copy:
src: "{{ role_path }}/templates/csc-mirror"
src: "{{ role_path }}/templates/cron/csc-mirror"
dest: /etc/cron.d/csc-mirror
owner: root
group: root
mode: 0644
# restart cron
mode: "0644"
# TODO: start/restart cron
# create mirror home dir in user role
# - name: mirror home
# file:
# path: /home/mirror
# state: directory
# owner: mirror
# group: mirror
# mode: 0755
# recurse: yes
# also create /mirror/root
- name: Copy index files
- name: copy mirror home
copy:
src: "{{ role_path }}/templates/mirror-index"
dest: /home/mirror/mirror-index
src: "{{ role_path }}/templates/mirror/"
dest: /home/mirror
owner: mirror
group: mirror
mode: 0775
mode: preserve
- name: Copy assets
copy:
src: "{{ role_path }}/templates/include"
- name: copy include
copy:
src: "{{ role_path }}/templates/root/root/include/"
dest: /mirror/root/include
owner: root
group: csc-mirror
mode: 0755
mode: preserve
- name: copy merlin
copy:
src: "{{ role_path }}/templates/root/merlin/"
dest: /mirror/merlin
owner: root
group: root
mode: "0755"
# merlin goes goes under /home
- name: set /mirror/merlin/run permissions
file:
path: /mirror/merlin/run
state: directory
owner: mirror
group: mirrot
mode: "0755"
# csc-mirror goes under /etc/cron.d
# include and merlin go under /mirror
# delete symlinks and recreate when installing
# the git repo @mirror only update with /home/mirror
# could just rsync whatever is in that repo to /home/mirror
# unable to read files with +s
# - /mirror/merlin/run/merlin.sock
# what the: looks like python will create this
# may need to ln -s from run/merlin.sock to /mirror/merlin/merlin.sock and /home/mirror/merlin/merlin.sock
# apt install busybox-static
# then move to /mirror/merlin/run and create symblinks
# once this is
# for busybox
# ln -s /bin/busybox ls
# then ./ls will execute ls from busybox
# in /mirror/merlin/dev need to create null random urandom with mknod
# startup merlin to get
# /mirror/merlin/run/merlin.sock
# then symlink to /mirror/merlin/merlin.sock
# and /home/mirror/merlin/merlin.sock
# in /mirror/merlin/dev need to create null random urandom with mknod
# might not need the root/merlin/(bin|dev|run) and just make the empty dirs
# where does arthur come from?

0
roles/mirror/templates/root/merlin/run/.gitkeep Normal file
View File

29
roles/nginx/tasks/main.yml
View File

@ -2,7 +2,7 @@
- name: Install nginx
apt:
name: nginx
state: latest
state: present
update_cache: true
- name: Start nginx service
@ -10,29 +10,34 @@
name: nginx
state: started
# not great if user already has the correct configs
- name: Remove pre-existing sites-available and sites-enabled
file:
state: absent
path: "{{item}}"
path: "{{ item }}"
loop:
- /etc/nginx/sites-available
- /etc/nginx/sites-enabled
- name: Copy nginx config files
copy:
src: "{{role_path}}/templates/{{item.src}}"
dest: "/etc/nginx/{{item.dest}}"
src: "{{ role_path }}/templates/{{ item.src }}"
dest: "/etc/nginx/{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- {src: nginx.conf, dest: nginx.conf}
- {src: mime.types, dest: mime.types}
- {src: includes, dest: ""}
- {src: sites-available, dest: ""}
- { src: nginx.conf, dest: nginx.conf, mode: "0644" }
- { src: mime.types, dest: mime.types, mode: "0644" }
- { src: includes/, dest: includes, mode: "0755" }
- { src: sites-available/, dest: sites-available, mode: "0755" }
- name: Make new sites-enabled
file:
path: /etc/nginx/sites-enabled
state: directory
owner: root
group: root
mode: "0755"
- name: Find all files in sites-available
find:
@ -41,9 +46,9 @@
- name: Link to sites-enabled
file:
src: "{{item.path}}"
path: "/etc/nginx/sites-enabled/{{item.path|basename}}"
src: "{{ item.path }}"
path: "/etc/nginx/sites-enabled/{{ item.path | basename }}"
state: link
with_items: "{{sites.files}}"
with_items: "{{ sites.files }}"
# restart nginx service

2
roles/rsync/tasks/main.yml
View File

@ -10,7 +10,7 @@
dest: /etc/{{ item.dest }}
owner: root
group: root
mode: 0644
mode: "0644"
loop:
- { src: "rsyncd.conf.j2", dest: "rsyncd.conf" }
- { src: "rsyncd-filter.conf.j2", dest: "rsyncd-filter.conf" }

131
roles/system/tasks/main.yml
View File

@ -1,10 +1,74 @@
- name: ensure groups are created
group:
name: "{{ item.group }}"
gid: "{{ item.gid }}"
loop:
- { group: local, gid: 1000 }
- { group: mirror, gid: 1001 }
- { group: push, gid: 1002 }
- { group: syscom, gid: 10001 }
- { group: csc-mirror, gid: 10014 }
- name: ensure users are created
user:
name: "{{ item.user }}"
shell: "{{ item.shell }}"
uid: "{{ item.uid }}"
group: "{{ item.user }}"
create_home: "{{ item.home }}"
loop:
- { user: local, uid: 1000 }
- { user: mirror, uid: 1001 }
- { user: push, uid: 1002, shell: /bin/sh }
- { user: syscom, uid: 10001, home: no }
- { user: csc-mirror, uid: 10014, home: no }
- name: add mirror to push group
user:
name: mirror
groups: push
append: yes
# TODO: ssh to push user should chroot to /mirror/merlin
# mirror does not have entry in sshd_config as would have expected
# why are the file permissions like this?
- name: create /mirror and /mirror/merlin
file:
path: /mirror/merlin
state: directory
owner: root
group: root
mode: "0755"
recurse: yes
- name: create /mirror/root
file:
path: /mirror/root
state: directory
owner: mirror
group: syscom
mode: "0775"
# only .cscmirror1 is owned by mirror:mirror
# .cscmirror(2|3) is owned by root:root
- name: create zfs mountpoint
file:
path: /mirror/root/.cscmirror
state: directory
owner: mirror
group: mirror
mode: "0755"
- name: install zfs
apt:
name: zfsutils-linux
state: present
update_cache: yes
# in hosts/group_vars we can do
# create the var using
# vars:
# disks:
# - /dev/vdc
@ -23,21 +87,10 @@
- /dev/vde
- /dev/vdf
- name: concatenate disks
- name: concatenate disks into single line
set_fact:
disk_arg: "{{ disks | join(' ') }}"
# also create /mirror/merlin
# double check that /mirror perms are correct
- name: create zfs mountpoint
file:
path: /mirror/root/.cscmirror
state: directory
owner: root
group: root
mode: 0777
recurse: yes
- name: zpool exists
command: "zpool status cscmirror > /dev/null 2>&1"
check_mode: yes
@ -56,54 +109,4 @@
# mount all zpools
# zfs mount -a
# may need to mount it (also check that it will automount on boot)
- name: local group
group:
name: local
gid: 1000
- name: local user
user:
name: local
shell: /bin/bash
uid: 1000
group: local
create_home: yes
- name: mirror group
group:
name: mirror
gid: 1001
- name: mirror user
user:
name: mirror
shell: /bin/bash
uid: 1001
group: mirror
create_home: yes
- name: push group
group:
name: push
gid: 1002
- name: push user
user:
name: push
shell: /bin/sh
uid: 1002
group: push
create_home: yes
# ssh to push user should chroot to /mirror/merlin
# - create users (and their home dirs)
# - mirror (most mirror related things are owned by this user)
# - local (does nothing)
# - push (stores some authorized_keys so upstream can push to us)
# - csc-mirror (system user, donno what does)
# - modify ssh config to allow root login
# - copy over ssh public keys (if provided)
# may need to mount it (also check that it will automount on boot)