update mirror and system setup roles
This commit is contained in:
parent
5cee6914d5
commit
98c4b94cd4
|
@ -31,7 +31,7 @@
|
||||||
|
|
||||||
- name: fetch ubuntu iso
|
- name: fetch ubuntu iso
|
||||||
get_url:
|
get_url:
|
||||||
url: https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso
|
url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
|
||||||
dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
|
dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
|
||||||
|
|
||||||
# Installing VMs from Ready Images
|
# Installing VMs from Ready Images
|
||||||
|
@ -103,22 +103,36 @@
|
||||||
# copy over pub key into /root/.ssh/authorized_keys
|
# copy over pub key into /root/.ssh/authorized_keys
|
||||||
# add line to ssh config that allows ssh as root
|
# add line to ssh config that allows ssh as root
|
||||||
|
|
||||||
|
# this should execute in order right?
|
||||||
- name: setup mirror vm
|
- name: setup mirror vm
|
||||||
hosts: 192.168.123.2
|
hosts: 192.168.123.2
|
||||||
tasks:
|
# - modify ssh config to allow root login
|
||||||
- name: setup system
|
# - copy over ssh public keys (if provided)
|
||||||
import_role:
|
roles:
|
||||||
name: "../roles/system"
|
- "../roles/system"
|
||||||
|
- "../roles/mirror"
|
||||||
|
# - "../roles/ftp"
|
||||||
|
# - "../roles/nginx"
|
||||||
|
# - "../roles/rsync"
|
||||||
|
# tasks:
|
||||||
|
# allow root login from here
|
||||||
|
# become: root
|
||||||
|
|
||||||
- name: setup mirror
|
# loop does not work...
|
||||||
import_role:
|
# - name: setup system
|
||||||
name: "../roles/mirror"
|
# import_role:
|
||||||
|
# name: "../roles/system"
|
||||||
- name: setup other services
|
# - name: setup mirror
|
||||||
import_role:
|
# import_role:
|
||||||
name: "../roles/{{ item }}"
|
# name: "../roles/mirror"
|
||||||
loop:
|
# - name: setup ftp
|
||||||
- ftp
|
# import_role:
|
||||||
- nginx
|
# name: "../roles/ftp"
|
||||||
- rsync
|
# - name: setup nginx
|
||||||
# - mirrormanager
|
# import_role:
|
||||||
|
# name: "../roles/nginx"
|
||||||
|
# - name: setup rsync
|
||||||
|
# import_role:
|
||||||
|
# name: "../roles/rsync"
|
||||||
|
# - name: setup rsync
|
||||||
|
# import_role: "../roles/mirrormanager"
|
|
@ -1,42 +1,33 @@
|
||||||
## TODO
|
## to update
|
||||||
- modify configs when appropriate
|
|
||||||
- net.ipv4.ip_forward=1 for both host and vm
|
|
||||||
- create 3 users
|
|
||||||
- local (does nothing?)
|
|
||||||
- mirror (does something)
|
|
||||||
- push (ssh authorized_keys for pushing)
|
|
||||||
|
|
||||||
### Storage
|
|
||||||
symlink projects from `/mirror/root/.cscmirror` to `/mirror/root`
|
|
||||||
|
|
||||||
### dirs of importance
|
|
||||||
|
|
||||||
### Merlin
|
|
||||||
check wiki for more details
|
|
||||||
|
|
||||||
### Push Sync
|
|
||||||
create `push` user and ssh keypair in `/home/push/.ssh/authorized_keys`
|
|
||||||
|
|
||||||
check wiki for more details
|
|
||||||
|
|
||||||
### Sync Scripts
|
|
||||||
add sync scripts to `~mirror/bin`
|
|
||||||
|
|
||||||
|
|
||||||
merge all mirror stuff into mirror role
|
|
||||||
|
|
||||||
setup role that creates zpools and users
|
|
||||||
|
|
||||||
# to write
|
|
||||||
- ftp
|
|
||||||
- mirror
|
|
||||||
- setup
|
|
||||||
- local
|
|
||||||
|
|
||||||
# to update
|
|
||||||
- hosts + ansible.cfg
|
- hosts + ansible.cfg
|
||||||
- group_vars
|
- group_vars
|
||||||
- quote the file mode (0777 -> '0777')
|
- quote the file mode (0777 -> '0777')
|
||||||
- add directory_mode to set directory permission
|
- add directory_mode to set directory permission
|
||||||
- double check src and dest behaviour with trailing /
|
- double check src and dest behaviour with trailing /
|
||||||
- could check that copy works like rsync
|
- could check that copy works like rsync
|
||||||
|
## other info
|
||||||
|
troubleshooting: try to load the kvm module with `modprobe kvm_intel`
|
||||||
|
|
||||||
|
interface should automatically come up but can also use
|
||||||
|
$ virt-viewer --domain-name mirror
|
||||||
|
if vm is on a remote machine
|
||||||
|
$ virt-viewer --connect qemu+ssh://user@host.example.com/system vmnamehere
|
||||||
|
|
||||||
|
for now just have a folder of screenshots
|
||||||
|
- change name of lvm volume from "lv0-root" to just "root"
|
||||||
|
troubleshooting: ignore "failed to unmount /cdrom" and just ctrl+c in viewer
|
||||||
|
|
||||||
|
login into your created user (from install), change to root, and create password for root
|
||||||
|
$ sudo su
|
||||||
|
type in your password
|
||||||
|
$ passwd
|
||||||
|
create root password
|
||||||
|
|
||||||
|
may already be mounted but just to be sure
|
||||||
|
$ zfs mount -a
|
||||||
|
|
||||||
|
- mirror hosts
|
||||||
|
- http://mirror.csclub.uwaterloo.ca (the mirror)
|
||||||
|
- http://ca.releases.ubuntu.com (ubuntu releases)
|
||||||
|
- http://ca.ceph.com (ceph releases)
|
||||||
|
- http://debian.csclub.uwaterloo.ca (csclub's debian packages)
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
dest: /etc/proftpd/proftpd.conf
|
dest: /etc/proftpd/proftpd.conf
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
# mode: 0755
|
# mode: "0755"
|
||||||
|
|
||||||
|
|
||||||
# also need to get
|
# also need to get
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
troubleshooting: try to load the kvm module with `modprobe kvm_intel`
|
|
||||||
|
|
||||||
interface should automatically come up but can also use
|
|
||||||
$ virt-viewer --domain-name mirror
|
|
||||||
if vm is on a remote machine
|
|
||||||
$ virt-viewer --connect qemu+ssh://user@host.example.com/system vmnamehere
|
|
||||||
|
|
||||||
for now just have a folder of screenshots
|
|
||||||
- change name of lvm volume from "lv0-root" to just "root"
|
|
||||||
troubleshooting: ignore "failed to unmount /cdrom" and just ctrl+c in viewer
|
|
||||||
|
|
||||||
login into your created user (from install), change to root, and create password for root
|
|
||||||
$ sudo su
|
|
||||||
type in your password
|
|
||||||
$ passwd
|
|
||||||
create root password
|
|
||||||
|
|
||||||
may already be mounted but just to be sure
|
|
||||||
$ zfs mount -a
|
|
||||||
|
|
||||||
- mirror hosts
|
|
||||||
- http://mirror.csclub.uwaterloo.ca (the mirror)
|
|
||||||
- http://ca.releases.ubuntu.com (ubuntu releases)
|
|
||||||
- http://ca.ceph.com (ceph releases)
|
|
||||||
- http://debian.csclub.uwaterloo.ca (csclub's debian packages)
|
|
|
@ -1,73 +1,58 @@
|
||||||
# setup will folders and users for us to use here
|
- name: copy cron job
|
||||||
|
|
||||||
# merlin will create
|
|
||||||
# /mirror/merlin/run + run/merlin.sock
|
|
||||||
|
|
||||||
# do we need to create ln -s from /mirror/merlin/run/merlin.sock to /mirror/merlin/merlin.sock
|
|
||||||
|
|
||||||
# - name: set up /home/mirror
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- name: copy over crond job
|
|
||||||
copy:
|
copy:
|
||||||
src: "{{ role_path }}/templates/csc-mirror"
|
src: "{{ role_path }}/templates/cron/csc-mirror"
|
||||||
dest: /etc/cron.d/csc-mirror
|
dest: /etc/cron.d/csc-mirror
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
# restart cron
|
# TODO: start/restart cron
|
||||||
|
|
||||||
# create mirror home dir in user role
|
- name: copy mirror home
|
||||||
# - name: mirror home
|
|
||||||
# file:
|
|
||||||
# path: /home/mirror
|
|
||||||
# state: directory
|
|
||||||
# owner: mirror
|
|
||||||
# group: mirror
|
|
||||||
# mode: 0755
|
|
||||||
# recurse: yes
|
|
||||||
|
|
||||||
# also create /mirror/root
|
|
||||||
|
|
||||||
- name: Copy index files
|
|
||||||
copy:
|
copy:
|
||||||
src: "{{ role_path }}/templates/mirror-index"
|
src: "{{ role_path }}/templates/mirror/"
|
||||||
dest: /home/mirror/mirror-index
|
dest: /home/mirror
|
||||||
owner: mirror
|
owner: mirror
|
||||||
group: mirror
|
group: mirror
|
||||||
mode: 0775
|
mode: preserve
|
||||||
|
|
||||||
- name: Copy assets
|
- name: copy include
|
||||||
copy:
|
copy:
|
||||||
src: "{{ role_path }}/templates/include"
|
src: "{{ role_path }}/templates/root/root/include/"
|
||||||
dest: /mirror/root/include
|
dest: /mirror/root/include
|
||||||
owner: root
|
owner: root
|
||||||
group: csc-mirror
|
group: csc-mirror
|
||||||
mode: 0755
|
mode: preserve
|
||||||
|
|
||||||
|
- name: copy merlin
|
||||||
|
copy:
|
||||||
|
src: "{{ role_path }}/templates/root/merlin/"
|
||||||
|
dest: /mirror/merlin
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
# merlin goes goes under /home
|
- name: set /mirror/merlin/run permissions
|
||||||
|
file:
|
||||||
|
path: /mirror/merlin/run
|
||||||
|
state: directory
|
||||||
|
owner: mirror
|
||||||
|
group: mirrot
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
# csc-mirror goes under /etc/cron.d
|
# apt install busybox-static
|
||||||
|
# then move to /mirror/merlin/run and create symblinks
|
||||||
# include and merlin go under /mirror
|
# once this is
|
||||||
|
|
||||||
|
|
||||||
# delete symlinks and recreate when installing
|
|
||||||
|
|
||||||
# the git repo @mirror only update with /home/mirror
|
|
||||||
|
|
||||||
# could just rsync whatever is in that repo to /home/mirror
|
|
||||||
|
|
||||||
# unable to read files with +s
|
|
||||||
# - /mirror/merlin/run/merlin.sock
|
|
||||||
# what the: looks like python will create this
|
|
||||||
# may need to ln -s from run/merlin.sock to /mirror/merlin/merlin.sock and /home/mirror/merlin/merlin.sock
|
|
||||||
|
|
||||||
# for busybox
|
# for busybox
|
||||||
# ln -s /bin/busybox ls
|
# ln -s /bin/busybox ls
|
||||||
# then ./ls will execute ls from busybox
|
# then ./ls will execute ls from busybox
|
||||||
|
|
||||||
# in /mirror/merlin/dev need to create null random urandom with mknod
|
# startup merlin to get
|
||||||
|
# /mirror/merlin/run/merlin.sock
|
||||||
|
# then symlink to /mirror/merlin/merlin.sock
|
||||||
|
# and /home/mirror/merlin/merlin.sock
|
||||||
|
|
||||||
|
# in /mirror/merlin/dev need to create null random urandom with mknod
|
||||||
|
|
||||||
|
# might not need the root/merlin/(bin|dev|run) and just make the empty dirs
|
||||||
|
# where does arthur come from?
|
|
@ -2,7 +2,7 @@
|
||||||
- name: Install nginx
|
- name: Install nginx
|
||||||
apt:
|
apt:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: latest
|
state: present
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
- name: Start nginx service
|
- name: Start nginx service
|
||||||
|
@ -10,29 +10,34 @@
|
||||||
name: nginx
|
name: nginx
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
# not great if user already has the correct configs
|
|
||||||
- name: Remove pre-existing sites-available and sites-enabled
|
- name: Remove pre-existing sites-available and sites-enabled
|
||||||
file:
|
file:
|
||||||
state: absent
|
state: absent
|
||||||
path: "{{item}}"
|
path: "{{ item }}"
|
||||||
loop:
|
loop:
|
||||||
- /etc/nginx/sites-available
|
- /etc/nginx/sites-available
|
||||||
- /etc/nginx/sites-enabled
|
- /etc/nginx/sites-enabled
|
||||||
|
|
||||||
- name: Copy nginx config files
|
- name: Copy nginx config files
|
||||||
copy:
|
copy:
|
||||||
src: "{{role_path}}/templates/{{item.src}}"
|
src: "{{ role_path }}/templates/{{ item.src }}"
|
||||||
dest: "/etc/nginx/{{item.dest}}"
|
dest: "/etc/nginx/{{ item.dest }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
loop:
|
loop:
|
||||||
- {src: nginx.conf, dest: nginx.conf}
|
- { src: nginx.conf, dest: nginx.conf, mode: "0644" }
|
||||||
- {src: mime.types, dest: mime.types}
|
- { src: mime.types, dest: mime.types, mode: "0644" }
|
||||||
- {src: includes, dest: ""}
|
- { src: includes/, dest: includes, mode: "0755" }
|
||||||
- {src: sites-available, dest: ""}
|
- { src: sites-available/, dest: sites-available, mode: "0755" }
|
||||||
|
|
||||||
- name: Make new sites-enabled
|
- name: Make new sites-enabled
|
||||||
file:
|
file:
|
||||||
path: /etc/nginx/sites-enabled
|
path: /etc/nginx/sites-enabled
|
||||||
state: directory
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
- name: Find all files in sites-available
|
- name: Find all files in sites-available
|
||||||
find:
|
find:
|
||||||
|
@ -41,9 +46,9 @@
|
||||||
|
|
||||||
- name: Link to sites-enabled
|
- name: Link to sites-enabled
|
||||||
file:
|
file:
|
||||||
src: "{{item.path}}"
|
src: "{{ item.path }}"
|
||||||
path: "/etc/nginx/sites-enabled/{{item.path|basename}}"
|
path: "/etc/nginx/sites-enabled/{{ item.path | basename }}"
|
||||||
state: link
|
state: link
|
||||||
with_items: "{{sites.files}}"
|
with_items: "{{ sites.files }}"
|
||||||
|
|
||||||
# restart nginx service
|
# restart nginx service
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
dest: /etc/{{ item.dest }}
|
dest: /etc/{{ item.dest }}
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
loop:
|
loop:
|
||||||
- { src: "rsyncd.conf.j2", dest: "rsyncd.conf" }
|
- { src: "rsyncd.conf.j2", dest: "rsyncd.conf" }
|
||||||
- { src: "rsyncd-filter.conf.j2", dest: "rsyncd-filter.conf" }
|
- { src: "rsyncd-filter.conf.j2", dest: "rsyncd-filter.conf" }
|
||||||
|
|
|
@ -1,10 +1,74 @@
|
||||||
|
- name: ensure groups are created
|
||||||
|
group:
|
||||||
|
name: "{{ item.group }}"
|
||||||
|
gid: "{{ item.gid }}"
|
||||||
|
loop:
|
||||||
|
- { group: local, gid: 1000 }
|
||||||
|
- { group: mirror, gid: 1001 }
|
||||||
|
- { group: push, gid: 1002 }
|
||||||
|
- { group: syscom, gid: 10001 }
|
||||||
|
- { group: csc-mirror, gid: 10014 }
|
||||||
|
|
||||||
|
- name: ensure users are created
|
||||||
|
user:
|
||||||
|
name: "{{ item.user }}"
|
||||||
|
shell: "{{ item.shell }}"
|
||||||
|
uid: "{{ item.uid }}"
|
||||||
|
group: "{{ item.user }}"
|
||||||
|
create_home: "{{ item.home }}"
|
||||||
|
loop:
|
||||||
|
- { user: local, uid: 1000 }
|
||||||
|
- { user: mirror, uid: 1001 }
|
||||||
|
- { user: push, uid: 1002, shell: /bin/sh }
|
||||||
|
- { user: syscom, uid: 10001, home: no }
|
||||||
|
- { user: csc-mirror, uid: 10014, home: no }
|
||||||
|
|
||||||
|
- name: add mirror to push group
|
||||||
|
user:
|
||||||
|
name: mirror
|
||||||
|
groups: push
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
# TODO: ssh to push user should chroot to /mirror/merlin
|
||||||
|
# mirror does not have entry in sshd_config as would have expected
|
||||||
|
|
||||||
|
# why are the file permissions like this?
|
||||||
|
|
||||||
|
- name: create /mirror and /mirror/merlin
|
||||||
|
file:
|
||||||
|
path: /mirror/merlin
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0755"
|
||||||
|
recurse: yes
|
||||||
|
|
||||||
|
- name: create /mirror/root
|
||||||
|
file:
|
||||||
|
path: /mirror/root
|
||||||
|
state: directory
|
||||||
|
owner: mirror
|
||||||
|
group: syscom
|
||||||
|
mode: "0775"
|
||||||
|
|
||||||
|
# only .cscmirror1 is owned by mirror:mirror
|
||||||
|
# .cscmirror(2|3) is owned by root:root
|
||||||
|
|
||||||
|
- name: create zfs mountpoint
|
||||||
|
file:
|
||||||
|
path: /mirror/root/.cscmirror
|
||||||
|
state: directory
|
||||||
|
owner: mirror
|
||||||
|
group: mirror
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
- name: install zfs
|
- name: install zfs
|
||||||
apt:
|
apt:
|
||||||
name: zfsutils-linux
|
name: zfsutils-linux
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
# in hosts/group_vars we can do
|
# create the var using
|
||||||
# vars:
|
# vars:
|
||||||
# disks:
|
# disks:
|
||||||
# - /dev/vdc
|
# - /dev/vdc
|
||||||
|
@ -23,21 +87,10 @@
|
||||||
- /dev/vde
|
- /dev/vde
|
||||||
- /dev/vdf
|
- /dev/vdf
|
||||||
|
|
||||||
- name: concatenate disks
|
- name: concatenate disks into single line
|
||||||
set_fact:
|
set_fact:
|
||||||
disk_arg: "{{ disks | join(' ') }}"
|
disk_arg: "{{ disks | join(' ') }}"
|
||||||
|
|
||||||
# also create /mirror/merlin
|
|
||||||
# double check that /mirror perms are correct
|
|
||||||
- name: create zfs mountpoint
|
|
||||||
file:
|
|
||||||
path: /mirror/root/.cscmirror
|
|
||||||
state: directory
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0777
|
|
||||||
recurse: yes
|
|
||||||
|
|
||||||
- name: zpool exists
|
- name: zpool exists
|
||||||
command: "zpool status cscmirror > /dev/null 2>&1"
|
command: "zpool status cscmirror > /dev/null 2>&1"
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
@ -56,54 +109,4 @@
|
||||||
|
|
||||||
# mount all zpools
|
# mount all zpools
|
||||||
# zfs mount -a
|
# zfs mount -a
|
||||||
# may need to mount it (also check that it will automount on boot)
|
# may need to mount it (also check that it will automount on boot)
|
||||||
|
|
||||||
- name: local group
|
|
||||||
group:
|
|
||||||
name: local
|
|
||||||
gid: 1000
|
|
||||||
|
|
||||||
- name: local user
|
|
||||||
user:
|
|
||||||
name: local
|
|
||||||
shell: /bin/bash
|
|
||||||
uid: 1000
|
|
||||||
group: local
|
|
||||||
create_home: yes
|
|
||||||
|
|
||||||
- name: mirror group
|
|
||||||
group:
|
|
||||||
name: mirror
|
|
||||||
gid: 1001
|
|
||||||
|
|
||||||
- name: mirror user
|
|
||||||
user:
|
|
||||||
name: mirror
|
|
||||||
shell: /bin/bash
|
|
||||||
uid: 1001
|
|
||||||
group: mirror
|
|
||||||
create_home: yes
|
|
||||||
|
|
||||||
- name: push group
|
|
||||||
group:
|
|
||||||
name: push
|
|
||||||
gid: 1002
|
|
||||||
|
|
||||||
- name: push user
|
|
||||||
user:
|
|
||||||
name: push
|
|
||||||
shell: /bin/sh
|
|
||||||
uid: 1002
|
|
||||||
group: push
|
|
||||||
create_home: yes
|
|
||||||
|
|
||||||
# ssh to push user should chroot to /mirror/merlin
|
|
||||||
|
|
||||||
|
|
||||||
# - create users (and their home dirs)
|
|
||||||
# - mirror (most mirror related things are owned by this user)
|
|
||||||
# - local (does nothing)
|
|
||||||
# - push (stores some authorized_keys so upstream can push to us)
|
|
||||||
# - csc-mirror (system user, donno what does)
|
|
||||||
# - modify ssh config to allow root login
|
|
||||||
# - copy over ssh public keys (if provided)
|
|
Loading…
Reference in New Issue