update mirror and system setup roles
This commit is contained in:
parent
5cee6914d5
commit
98c4b94cd4
|
@ -31,7 +31,7 @@
|
|||
|
||||
- name: fetch ubuntu iso
|
||||
get_url:
|
||||
url: https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso
|
||||
url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
|
||||
dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
|
||||
|
||||
# Installing VMs from Ready Images
|
||||
|
@ -103,22 +103,36 @@
|
|||
# copy over pub key into /root/.ssh/authorized_keys
|
||||
# add line to ssh config that allows ssh as root
|
||||
|
||||
# this should execute in order right?
|
||||
- name: setup mirror vm
|
||||
hosts: 192.168.123.2
|
||||
tasks:
|
||||
- name: setup system
|
||||
import_role:
|
||||
name: "../roles/system"
|
||||
# - modify ssh config to allow root login
|
||||
# - copy over ssh public keys (if provided)
|
||||
roles:
|
||||
- "../roles/system"
|
||||
- "../roles/mirror"
|
||||
# - "../roles/ftp"
|
||||
# - "../roles/nginx"
|
||||
# - "../roles/rsync"
|
||||
# tasks:
|
||||
# allow root login from here
|
||||
# become: root
|
||||
|
||||
- name: setup mirror
|
||||
import_role:
|
||||
name: "../roles/mirror"
|
||||
|
||||
- name: setup other services
|
||||
import_role:
|
||||
name: "../roles/{{ item }}"
|
||||
loop:
|
||||
- ftp
|
||||
- nginx
|
||||
- rsync
|
||||
# - mirrormanager
|
||||
# loop does not work...
|
||||
# - name: setup system
|
||||
# import_role:
|
||||
# name: "../roles/system"
|
||||
# - name: setup mirror
|
||||
# import_role:
|
||||
# name: "../roles/mirror"
|
||||
# - name: setup ftp
|
||||
# import_role:
|
||||
# name: "../roles/ftp"
|
||||
# - name: setup nginx
|
||||
# import_role:
|
||||
# name: "../roles/nginx"
|
||||
# - name: setup rsync
|
||||
# import_role:
|
||||
# name: "../roles/rsync"
|
||||
# - name: setup rsync
|
||||
# import_role: "../roles/mirrormanager"
|
|
@ -1,42 +1,33 @@
|
|||
## TODO
|
||||
- modify configs when appropriate
|
||||
- net.ipv4.ip_forward=1 for both host and vm
|
||||
- create 3 users
|
||||
- local (does nothing?)
|
||||
- mirror (does something)
|
||||
- push (ssh authorized_keys for pushing)
|
||||
|
||||
### Storage
|
||||
symlink projects from `/mirror/root/.cscmirror` to `/mirror/root`
|
||||
|
||||
### dirs of importance
|
||||
|
||||
### Merlin
|
||||
check wiki for more details
|
||||
|
||||
### Push Sync
|
||||
create `push` user and ssh keypair in `/home/push/.ssh/authorized_keys`
|
||||
|
||||
check wiki for more details
|
||||
|
||||
### Sync Scripts
|
||||
add sync scripts to `~mirror/bin`
|
||||
|
||||
|
||||
merge all mirror stuff into mirror role
|
||||
|
||||
setup role that creates zpools and users
|
||||
|
||||
# to write
|
||||
- ftp
|
||||
- mirror
|
||||
- setup
|
||||
- local
|
||||
|
||||
# to update
|
||||
## to update
|
||||
- hosts + ansible.cfg
|
||||
- group_vars
|
||||
- quote the file mode (0777 -> '0777')
|
||||
- add directory_mode to set directory permission
|
||||
- double check src and dest behaviour with trailing /
|
||||
- could check that copy works like rsync
|
||||
- could check that copy works like rsync
|
||||
## other info
|
||||
troubleshooting: try to load the kvm module with `modprobe kvm_intel`
|
||||
|
||||
interface should automatically come up but can also use
|
||||
$ virt-viewer --domain-name mirror
|
||||
if vm is on a remote machine
|
||||
$ virt-viewer --connect qemu+ssh://user@host.example.com/system vmnamehere
|
||||
|
||||
for now just have a folder of screenshots
|
||||
- change name of lvm volume from "lv0-root" to just "root"
|
||||
troubleshooting: ignore "failed to unmount /cdrom" and just ctrl+c in viewer
|
||||
|
||||
login into your created user (from install), change to root, and create password for root
|
||||
$ sudo su
|
||||
type in your password
|
||||
$ passwd
|
||||
create root password
|
||||
|
||||
may already be mounted but just to be sure
|
||||
$ zfs mount -a
|
||||
|
||||
- mirror hosts
|
||||
- http://mirror.csclub.uwaterloo.ca (the mirror)
|
||||
- http://ca.releases.ubuntu.com (ubuntu releases)
|
||||
- http://ca.ceph.com (ceph releases)
|
||||
- http://debian.csclub.uwaterloo.ca (csclub's debian packages)
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
dest: /etc/proftpd/proftpd.conf
|
||||
# owner: root
|
||||
# group: root
|
||||
# mode: 0755
|
||||
# mode: "0755"
|
||||
|
||||
|
||||
# also need to get
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
troubleshooting: try to load the kvm module with `modprobe kvm_intel`
|
||||
|
||||
interface should automatically come up but can also use
|
||||
$ virt-viewer --domain-name mirror
|
||||
if vm is on a remote machine
|
||||
$ virt-viewer --connect qemu+ssh://user@host.example.com/system vmnamehere
|
||||
|
||||
for now just have a folder of screenshots
|
||||
- change name of lvm volume from "lv0-root" to just "root"
|
||||
troubleshooting: ignore "failed to unmount /cdrom" and just ctrl+c in viewer
|
||||
|
||||
login into your created user (from install), change to root, and create password for root
|
||||
$ sudo su
|
||||
type in your password
|
||||
$ passwd
|
||||
create root password
|
||||
|
||||
may already be mounted but just to be sure
|
||||
$ zfs mount -a
|
||||
|
||||
- mirror hosts
|
||||
- http://mirror.csclub.uwaterloo.ca (the mirror)
|
||||
- http://ca.releases.ubuntu.com (ubuntu releases)
|
||||
- http://ca.ceph.com (ceph releases)
|
||||
- http://debian.csclub.uwaterloo.ca (csclub's debian packages)
|
|
@ -1,73 +1,58 @@
|
|||
# setup will folders and users for us to use here
|
||||
|
||||
# merlin will create
|
||||
# /mirror/merlin/run + run/merlin.sock
|
||||
|
||||
# do we need to create ln -s from /mirror/merlin/run/merlin.sock to /mirror/merlin/merlin.sock
|
||||
|
||||
# - name: set up /home/mirror
|
||||
|
||||
|
||||
|
||||
|
||||
- name: copy over crond job
|
||||
- name: copy cron job
|
||||
copy:
|
||||
src: "{{ role_path }}/templates/csc-mirror"
|
||||
src: "{{ role_path }}/templates/cron/csc-mirror"
|
||||
dest: /etc/cron.d/csc-mirror
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
# restart cron
|
||||
mode: "0644"
|
||||
# TODO: start/restart cron
|
||||
|
||||
# create mirror home dir in user role
|
||||
# - name: mirror home
|
||||
# file:
|
||||
# path: /home/mirror
|
||||
# state: directory
|
||||
# owner: mirror
|
||||
# group: mirror
|
||||
# mode: 0755
|
||||
# recurse: yes
|
||||
|
||||
# also create /mirror/root
|
||||
|
||||
- name: Copy index files
|
||||
- name: copy mirror home
|
||||
copy:
|
||||
src: "{{ role_path }}/templates/mirror-index"
|
||||
dest: /home/mirror/mirror-index
|
||||
src: "{{ role_path }}/templates/mirror/"
|
||||
dest: /home/mirror
|
||||
owner: mirror
|
||||
group: mirror
|
||||
mode: 0775
|
||||
mode: preserve
|
||||
|
||||
- name: Copy assets
|
||||
copy:
|
||||
src: "{{ role_path }}/templates/include"
|
||||
- name: copy include
|
||||
copy:
|
||||
src: "{{ role_path }}/templates/root/root/include/"
|
||||
dest: /mirror/root/include
|
||||
owner: root
|
||||
group: csc-mirror
|
||||
mode: 0755
|
||||
mode: preserve
|
||||
|
||||
- name: copy merlin
|
||||
copy:
|
||||
src: "{{ role_path }}/templates/root/merlin/"
|
||||
dest: /mirror/merlin
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
|
||||
# merlin goes goes under /home
|
||||
- name: set /mirror/merlin/run permissions
|
||||
file:
|
||||
path: /mirror/merlin/run
|
||||
state: directory
|
||||
owner: mirror
|
||||
group: mirrot
|
||||
mode: "0755"
|
||||
|
||||
# csc-mirror goes under /etc/cron.d
|
||||
|
||||
# include and merlin go under /mirror
|
||||
|
||||
|
||||
# delete symlinks and recreate when installing
|
||||
|
||||
# the git repo @mirror only update with /home/mirror
|
||||
|
||||
# could just rsync whatever is in that repo to /home/mirror
|
||||
|
||||
# unable to read files with +s
|
||||
# - /mirror/merlin/run/merlin.sock
|
||||
# what the: looks like python will create this
|
||||
# may need to ln -s from run/merlin.sock to /mirror/merlin/merlin.sock and /home/mirror/merlin/merlin.sock
|
||||
# apt install busybox-static
|
||||
# then move to /mirror/merlin/run and create symblinks
|
||||
# once this is
|
||||
|
||||
# for busybox
|
||||
# ln -s /bin/busybox ls
|
||||
# then ./ls will execute ls from busybox
|
||||
|
||||
# in /mirror/merlin/dev need to create null random urandom with mknod
|
||||
# startup merlin to get
|
||||
# /mirror/merlin/run/merlin.sock
|
||||
# then symlink to /mirror/merlin/merlin.sock
|
||||
# and /home/mirror/merlin/merlin.sock
|
||||
|
||||
# in /mirror/merlin/dev need to create null random urandom with mknod
|
||||
|
||||
# might not need the root/merlin/(bin|dev|run) and just make the empty dirs
|
||||
# where does arthur come from?
|
|
@ -2,7 +2,7 @@
|
|||
- name: Install nginx
|
||||
apt:
|
||||
name: nginx
|
||||
state: latest
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Start nginx service
|
||||
|
@ -10,29 +10,34 @@
|
|||
name: nginx
|
||||
state: started
|
||||
|
||||
# not great if user already has the correct configs
|
||||
- name: Remove pre-existing sites-available and sites-enabled
|
||||
file:
|
||||
state: absent
|
||||
path: "{{item}}"
|
||||
path: "{{ item }}"
|
||||
loop:
|
||||
- /etc/nginx/sites-available
|
||||
- /etc/nginx/sites-enabled
|
||||
|
||||
- name: Copy nginx config files
|
||||
copy:
|
||||
src: "{{role_path}}/templates/{{item.src}}"
|
||||
dest: "/etc/nginx/{{item.dest}}"
|
||||
src: "{{ role_path }}/templates/{{ item.src }}"
|
||||
dest: "/etc/nginx/{{ item.dest }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "{{ item.mode }}"
|
||||
loop:
|
||||
- {src: nginx.conf, dest: nginx.conf}
|
||||
- {src: mime.types, dest: mime.types}
|
||||
- {src: includes, dest: ""}
|
||||
- {src: sites-available, dest: ""}
|
||||
- { src: nginx.conf, dest: nginx.conf, mode: "0644" }
|
||||
- { src: mime.types, dest: mime.types, mode: "0644" }
|
||||
- { src: includes/, dest: includes, mode: "0755" }
|
||||
- { src: sites-available/, dest: sites-available, mode: "0755" }
|
||||
|
||||
- name: Make new sites-enabled
|
||||
file:
|
||||
path: /etc/nginx/sites-enabled
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
|
||||
- name: Find all files in sites-available
|
||||
find:
|
||||
|
@ -41,9 +46,9 @@
|
|||
|
||||
- name: Link to sites-enabled
|
||||
file:
|
||||
src: "{{item.path}}"
|
||||
path: "/etc/nginx/sites-enabled/{{item.path|basename}}"
|
||||
src: "{{ item.path }}"
|
||||
path: "/etc/nginx/sites-enabled/{{ item.path | basename }}"
|
||||
state: link
|
||||
with_items: "{{sites.files}}"
|
||||
with_items: "{{ sites.files }}"
|
||||
|
||||
# restart nginx service
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
dest: /etc/{{ item.dest }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
loop:
|
||||
- { src: "rsyncd.conf.j2", dest: "rsyncd.conf" }
|
||||
- { src: "rsyncd-filter.conf.j2", dest: "rsyncd-filter.conf" }
|
||||
|
|
|
@ -1,10 +1,74 @@
|
|||
- name: ensure groups are created
|
||||
group:
|
||||
name: "{{ item.group }}"
|
||||
gid: "{{ item.gid }}"
|
||||
loop:
|
||||
- { group: local, gid: 1000 }
|
||||
- { group: mirror, gid: 1001 }
|
||||
- { group: push, gid: 1002 }
|
||||
- { group: syscom, gid: 10001 }
|
||||
- { group: csc-mirror, gid: 10014 }
|
||||
|
||||
- name: ensure users are created
|
||||
user:
|
||||
name: "{{ item.user }}"
|
||||
shell: "{{ item.shell }}"
|
||||
uid: "{{ item.uid }}"
|
||||
group: "{{ item.user }}"
|
||||
create_home: "{{ item.home }}"
|
||||
loop:
|
||||
- { user: local, uid: 1000 }
|
||||
- { user: mirror, uid: 1001 }
|
||||
- { user: push, uid: 1002, shell: /bin/sh }
|
||||
- { user: syscom, uid: 10001, home: no }
|
||||
- { user: csc-mirror, uid: 10014, home: no }
|
||||
|
||||
- name: add mirror to push group
|
||||
user:
|
||||
name: mirror
|
||||
groups: push
|
||||
append: yes
|
||||
|
||||
# TODO: ssh to push user should chroot to /mirror/merlin
|
||||
# mirror does not have entry in sshd_config as would have expected
|
||||
|
||||
# why are the file permissions like this?
|
||||
|
||||
- name: create /mirror and /mirror/merlin
|
||||
file:
|
||||
path: /mirror/merlin
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
recurse: yes
|
||||
|
||||
- name: create /mirror/root
|
||||
file:
|
||||
path: /mirror/root
|
||||
state: directory
|
||||
owner: mirror
|
||||
group: syscom
|
||||
mode: "0775"
|
||||
|
||||
# only .cscmirror1 is owned by mirror:mirror
|
||||
# .cscmirror(2|3) is owned by root:root
|
||||
|
||||
- name: create zfs mountpoint
|
||||
file:
|
||||
path: /mirror/root/.cscmirror
|
||||
state: directory
|
||||
owner: mirror
|
||||
group: mirror
|
||||
mode: "0755"
|
||||
|
||||
- name: install zfs
|
||||
apt:
|
||||
name: zfsutils-linux
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
# in hosts/group_vars we can do
|
||||
# create the var using
|
||||
# vars:
|
||||
# disks:
|
||||
# - /dev/vdc
|
||||
|
@ -23,21 +87,10 @@
|
|||
- /dev/vde
|
||||
- /dev/vdf
|
||||
|
||||
- name: concatenate disks
|
||||
- name: concatenate disks into single line
|
||||
set_fact:
|
||||
disk_arg: "{{ disks | join(' ') }}"
|
||||
|
||||
# also create /mirror/merlin
|
||||
# double check that /mirror perms are correct
|
||||
- name: create zfs mountpoint
|
||||
file:
|
||||
path: /mirror/root/.cscmirror
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0777
|
||||
recurse: yes
|
||||
|
||||
- name: zpool exists
|
||||
command: "zpool status cscmirror > /dev/null 2>&1"
|
||||
check_mode: yes
|
||||
|
@ -56,54 +109,4 @@
|
|||
|
||||
# mount all zpools
|
||||
# zfs mount -a
|
||||
# may need to mount it (also check that it will automount on boot)
|
||||
|
||||
- name: local group
|
||||
group:
|
||||
name: local
|
||||
gid: 1000
|
||||
|
||||
- name: local user
|
||||
user:
|
||||
name: local
|
||||
shell: /bin/bash
|
||||
uid: 1000
|
||||
group: local
|
||||
create_home: yes
|
||||
|
||||
- name: mirror group
|
||||
group:
|
||||
name: mirror
|
||||
gid: 1001
|
||||
|
||||
- name: mirror user
|
||||
user:
|
||||
name: mirror
|
||||
shell: /bin/bash
|
||||
uid: 1001
|
||||
group: mirror
|
||||
create_home: yes
|
||||
|
||||
- name: push group
|
||||
group:
|
||||
name: push
|
||||
gid: 1002
|
||||
|
||||
- name: push user
|
||||
user:
|
||||
name: push
|
||||
shell: /bin/sh
|
||||
uid: 1002
|
||||
group: push
|
||||
create_home: yes
|
||||
|
||||
# ssh to push user should chroot to /mirror/merlin
|
||||
|
||||
|
||||
# - create users (and their home dirs)
|
||||
# - mirror (most mirror related things are owned by this user)
|
||||
# - local (does nothing)
|
||||
# - push (stores some authorized_keys so upstream can push to us)
|
||||
# - csc-mirror (system user, donno what does)
|
||||
# - modify ssh config to allow root login
|
||||
# - copy over ssh public keys (if provided)
|
||||
# may need to mount it (also check that it will automount on boot)
|
Loading…
Reference in New Issue