From 98c4b94cd4ede5e88db0b6b6e89bbeb137333e19 Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Sun, 26 Sep 2021 02:32:22 -0400 Subject: [PATCH] update mirror and system setup roles --- libvirt/main.yml | 48 ++++--- roles/README.md | 65 ++++----- roles/ftp/tasks/main.yml | 2 +- roles/mirror.txt | 25 ---- roles/mirror/tasks/main.yml | 91 +++++------- .../mirror/templates/root/merlin/run/.gitkeep | 0 roles/nginx/tasks/main.yml | 29 ++-- roles/rsync/tasks/main.yml | 2 +- roles/system/tasks/main.yml | 131 +++++++++--------- 9 files changed, 183 insertions(+), 210 deletions(-) delete mode 100644 roles/mirror.txt create mode 100644 roles/mirror/templates/root/merlin/run/.gitkeep diff --git a/libvirt/main.yml b/libvirt/main.yml index f214265..135fa42 100644 --- a/libvirt/main.yml +++ b/libvirt/main.yml @@ -31,7 +31,7 @@ - name: fetch ubuntu iso get_url: - url: https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso + url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso" dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso" # Installing VMs from Ready Images @@ -103,22 +103,36 @@ # copy over pub key into /root/.ssh/authorized_keys # add line to ssh config that allows ssh as root +# this should execute in order right? - name: setup mirror vm hosts: 192.168.123.2 - tasks: - - name: setup system - import_role: - name: "../roles/system" +# - modify ssh config to allow root login +# - copy over ssh public keys (if provided) + roles: + - "../roles/system" + - "../roles/mirror" + # - "../roles/ftp" + # - "../roles/nginx" + # - "../roles/rsync" + # tasks: + # allow root login from here + # become: root - - name: setup mirror - import_role: - name: "../roles/mirror" - - - name: setup other services - import_role: - name: "../roles/{{ item }}" - loop: - - ftp - - nginx - - rsync - # - mirrormanager \ No newline at end of file + # loop does not work... + # - name: setup system + # import_role: + # name: "../roles/system" + # - name: setup mirror + # import_role: + # name: "../roles/mirror" + # - name: setup ftp + # import_role: + # name: "../roles/ftp" + # - name: setup nginx + # import_role: + # name: "../roles/nginx" + # - name: setup rsync + # import_role: + # name: "../roles/rsync" + # - name: setup rsync + # import_role: "../roles/mirrormanager" \ No newline at end of file diff --git a/roles/README.md b/roles/README.md index 03ec2aa..97ff825 100644 --- a/roles/README.md +++ b/roles/README.md @@ -1,42 +1,33 @@ -## TODO -- modify configs when appropriate -- net.ipv4.ip_forward=1 for both host and vm -- create 3 users - - local (does nothing?) - - mirror (does something) - - push (ssh authorized_keys for pushing) - -### Storage -symlink projects from `/mirror/root/.cscmirror` to `/mirror/root` - -### dirs of importance - -### Merlin -check wiki for more details - -### Push Sync -create `push` user and ssh keypair in `/home/push/.ssh/authorized_keys` - -check wiki for more details - -### Sync Scripts -add sync scripts to `~mirror/bin` - - -merge all mirror stuff into mirror role - -setup role that creates zpools and users - -# to write -- ftp -- mirror -- setup -- local - -# to update +## to update - hosts + ansible.cfg - group_vars - quote the file mode (0777 -> '0777') - add directory_mode to set directory permission - double check src and dest behaviour with trailing / - - could check that copy works like rsync \ No newline at end of file + - could check that copy works like rsync +## other info +troubleshooting: try to load the kvm module with `modprobe kvm_intel` + +interface should automatically come up but can also use +$ virt-viewer --domain-name mirror +if vm is on a remote machine +$ virt-viewer --connect qemu+ssh://user@host.example.com/system vmnamehere + +for now just have a folder of screenshots +- change name of lvm volume from "lv0-root" to just "root" +troubleshooting: ignore "failed to unmount /cdrom" and just ctrl+c in viewer + +login into your created user (from install), change to root, and create password for root +$ sudo su +type in your password +$ passwd +create root password + +may already be mounted but just to be sure +$ zfs mount -a + +- mirror hosts + - http://mirror.csclub.uwaterloo.ca (the mirror) + - http://ca.releases.ubuntu.com (ubuntu releases) + - http://ca.ceph.com (ceph releases) + - http://debian.csclub.uwaterloo.ca (csclub's debian packages) diff --git a/roles/ftp/tasks/main.yml b/roles/ftp/tasks/main.yml index f2daba5..ecc0b03 100644 --- a/roles/ftp/tasks/main.yml +++ b/roles/ftp/tasks/main.yml @@ -18,7 +18,7 @@ dest: /etc/proftpd/proftpd.conf # owner: root # group: root - # mode: 0755 + # mode: "0755" # also need to get diff --git a/roles/mirror.txt b/roles/mirror.txt deleted file mode 100644 index df804ae..0000000 --- a/roles/mirror.txt +++ /dev/null @@ -1,25 +0,0 @@ -troubleshooting: try to load the kvm module with `modprobe kvm_intel` - -interface should automatically come up but can also use -$ virt-viewer --domain-name mirror -if vm is on a remote machine -$ virt-viewer --connect qemu+ssh://user@host.example.com/system vmnamehere - -for now just have a folder of screenshots -- change name of lvm volume from "lv0-root" to just "root" -troubleshooting: ignore "failed to unmount /cdrom" and just ctrl+c in viewer - -login into your created user (from install), change to root, and create password for root -$ sudo su -type in your password -$ passwd -create root password - -may already be mounted but just to be sure -$ zfs mount -a - -- mirror hosts - - http://mirror.csclub.uwaterloo.ca (the mirror) - - http://ca.releases.ubuntu.com (ubuntu releases) - - http://ca.ceph.com (ceph releases) - - http://debian.csclub.uwaterloo.ca (csclub's debian packages) diff --git a/roles/mirror/tasks/main.yml b/roles/mirror/tasks/main.yml index b705aac..44ac83a 100644 --- a/roles/mirror/tasks/main.yml +++ b/roles/mirror/tasks/main.yml @@ -1,73 +1,58 @@ -# setup will folders and users for us to use here - -# merlin will create -# /mirror/merlin/run + run/merlin.sock - -# do we need to create ln -s from /mirror/merlin/run/merlin.sock to /mirror/merlin/merlin.sock - -# - name: set up /home/mirror - - - - -- name: copy over crond job +- name: copy cron job copy: - src: "{{ role_path }}/templates/csc-mirror" + src: "{{ role_path }}/templates/cron/csc-mirror" dest: /etc/cron.d/csc-mirror owner: root group: root - mode: 0644 -# restart cron + mode: "0644" +# TODO: start/restart cron -# create mirror home dir in user role -# - name: mirror home -# file: -# path: /home/mirror -# state: directory -# owner: mirror -# group: mirror -# mode: 0755 -# recurse: yes - -# also create /mirror/root - -- name: Copy index files +- name: copy mirror home copy: - src: "{{ role_path }}/templates/mirror-index" - dest: /home/mirror/mirror-index + src: "{{ role_path }}/templates/mirror/" + dest: /home/mirror owner: mirror group: mirror - mode: 0775 + mode: preserve -- name: Copy assets - copy: - src: "{{ role_path }}/templates/include" +- name: copy include + copy: + src: "{{ role_path }}/templates/root/root/include/" dest: /mirror/root/include owner: root group: csc-mirror - mode: 0755 + mode: preserve +- name: copy merlin + copy: + src: "{{ role_path }}/templates/root/merlin/" + dest: /mirror/merlin + owner: root + group: root + mode: "0755" -# merlin goes goes under /home +- name: set /mirror/merlin/run permissions + file: + path: /mirror/merlin/run + state: directory + owner: mirror + group: mirrot + mode: "0755" -# csc-mirror goes under /etc/cron.d - -# include and merlin go under /mirror - - -# delete symlinks and recreate when installing - -# the git repo @mirror only update with /home/mirror - -# could just rsync whatever is in that repo to /home/mirror - -# unable to read files with +s -# - /mirror/merlin/run/merlin.sock -# what the: looks like python will create this -# may need to ln -s from run/merlin.sock to /mirror/merlin/merlin.sock and /home/mirror/merlin/merlin.sock +# apt install busybox-static +# then move to /mirror/merlin/run and create symblinks +# once this is # for busybox # ln -s /bin/busybox ls # then ./ls will execute ls from busybox -# in /mirror/merlin/dev need to create null random urandom with mknod \ No newline at end of file +# startup merlin to get +# /mirror/merlin/run/merlin.sock +# then symlink to /mirror/merlin/merlin.sock +# and /home/mirror/merlin/merlin.sock + +# in /mirror/merlin/dev need to create null random urandom with mknod + +# might not need the root/merlin/(bin|dev|run) and just make the empty dirs +# where does arthur come from? \ No newline at end of file diff --git a/roles/mirror/templates/root/merlin/run/.gitkeep b/roles/mirror/templates/root/merlin/run/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 6ab52c5..d1b1cb3 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -2,7 +2,7 @@ - name: Install nginx apt: name: nginx - state: latest + state: present update_cache: true - name: Start nginx service @@ -10,29 +10,34 @@ name: nginx state: started -# not great if user already has the correct configs - name: Remove pre-existing sites-available and sites-enabled file: state: absent - path: "{{item}}" + path: "{{ item }}" loop: - /etc/nginx/sites-available - /etc/nginx/sites-enabled - name: Copy nginx config files copy: - src: "{{role_path}}/templates/{{item.src}}" - dest: "/etc/nginx/{{item.dest}}" + src: "{{ role_path }}/templates/{{ item.src }}" + dest: "/etc/nginx/{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" loop: - - {src: nginx.conf, dest: nginx.conf} - - {src: mime.types, dest: mime.types} - - {src: includes, dest: ""} - - {src: sites-available, dest: ""} + - { src: nginx.conf, dest: nginx.conf, mode: "0644" } + - { src: mime.types, dest: mime.types, mode: "0644" } + - { src: includes/, dest: includes, mode: "0755" } + - { src: sites-available/, dest: sites-available, mode: "0755" } - name: Make new sites-enabled file: path: /etc/nginx/sites-enabled state: directory + owner: root + group: root + mode: "0755" - name: Find all files in sites-available find: @@ -41,9 +46,9 @@ - name: Link to sites-enabled file: - src: "{{item.path}}" - path: "/etc/nginx/sites-enabled/{{item.path|basename}}" + src: "{{ item.path }}" + path: "/etc/nginx/sites-enabled/{{ item.path | basename }}" state: link - with_items: "{{sites.files}}" + with_items: "{{ sites.files }}" # restart nginx service diff --git a/roles/rsync/tasks/main.yml b/roles/rsync/tasks/main.yml index e2145bb..e5f801a 100755 --- a/roles/rsync/tasks/main.yml +++ b/roles/rsync/tasks/main.yml @@ -10,7 +10,7 @@ dest: /etc/{{ item.dest }} owner: root group: root - mode: 0644 + mode: "0644" loop: - { src: "rsyncd.conf.j2", dest: "rsyncd.conf" } - { src: "rsyncd-filter.conf.j2", dest: "rsyncd-filter.conf" } diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml index c92a5ed..6d54e33 100755 --- a/roles/system/tasks/main.yml +++ b/roles/system/tasks/main.yml @@ -1,10 +1,74 @@ +- name: ensure groups are created + group: + name: "{{ item.group }}" + gid: "{{ item.gid }}" + loop: + - { group: local, gid: 1000 } + - { group: mirror, gid: 1001 } + - { group: push, gid: 1002 } + - { group: syscom, gid: 10001 } + - { group: csc-mirror, gid: 10014 } + +- name: ensure users are created + user: + name: "{{ item.user }}" + shell: "{{ item.shell }}" + uid: "{{ item.uid }}" + group: "{{ item.user }}" + create_home: "{{ item.home }}" + loop: + - { user: local, uid: 1000 } + - { user: mirror, uid: 1001 } + - { user: push, uid: 1002, shell: /bin/sh } + - { user: syscom, uid: 10001, home: no } + - { user: csc-mirror, uid: 10014, home: no } + +- name: add mirror to push group + user: + name: mirror + groups: push + append: yes + +# TODO: ssh to push user should chroot to /mirror/merlin +# mirror does not have entry in sshd_config as would have expected + +# why are the file permissions like this? + +- name: create /mirror and /mirror/merlin + file: + path: /mirror/merlin + state: directory + owner: root + group: root + mode: "0755" + recurse: yes + +- name: create /mirror/root + file: + path: /mirror/root + state: directory + owner: mirror + group: syscom + mode: "0775" + +# only .cscmirror1 is owned by mirror:mirror +# .cscmirror(2|3) is owned by root:root + +- name: create zfs mountpoint + file: + path: /mirror/root/.cscmirror + state: directory + owner: mirror + group: mirror + mode: "0755" + - name: install zfs apt: name: zfsutils-linux state: present update_cache: yes -# in hosts/group_vars we can do +# create the var using # vars: # disks: # - /dev/vdc @@ -23,21 +87,10 @@ - /dev/vde - /dev/vdf -- name: concatenate disks +- name: concatenate disks into single line set_fact: disk_arg: "{{ disks | join(' ') }}" -# also create /mirror/merlin -# double check that /mirror perms are correct -- name: create zfs mountpoint - file: - path: /mirror/root/.cscmirror - state: directory - owner: root - group: root - mode: 0777 - recurse: yes - - name: zpool exists command: "zpool status cscmirror > /dev/null 2>&1" check_mode: yes @@ -56,54 +109,4 @@ # mount all zpools # zfs mount -a -# may need to mount it (also check that it will automount on boot) - -- name: local group - group: - name: local - gid: 1000 - -- name: local user - user: - name: local - shell: /bin/bash - uid: 1000 - group: local - create_home: yes - -- name: mirror group - group: - name: mirror - gid: 1001 - -- name: mirror user - user: - name: mirror - shell: /bin/bash - uid: 1001 - group: mirror - create_home: yes - -- name: push group - group: - name: push - gid: 1002 - -- name: push user - user: - name: push - shell: /bin/sh - uid: 1002 - group: push - create_home: yes - -# ssh to push user should chroot to /mirror/merlin - - -# - create users (and their home dirs) -# - mirror (most mirror related things are owned by this user) -# - local (does nothing) -# - push (stores some authorized_keys so upstream can push to us) -# - csc-mirror (system user, donno what does) -# - modify ssh config to allow root login -# - copy over ssh public keys (if provided) \ No newline at end of file +# may need to mount it (also check that it will automount on boot) \ No newline at end of file