davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add files via upload

Browse source
This commit is contained in:
David Rotermund 2024-04-16 20:06:17 +02:00 committed by GitHub
parent 193e98165b
commit 736e64aed0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 302 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
README.md
View file

@ -15,15 +15,6 @@ echo ansibleuser:$passwd_value | chpasswd
echo "ansibleuser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible echo "ansibleuser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible
``` ```
## Beware of SELinux
```
cat /etc/selinux/config | sed s/"$SELINUX=enforcing"/"SELINUX=disabled"/g > /etc/selinux/config_xxx
\cp /etc/selinux/config_xxx /etc/selinux/config
\rm /etc/selinux/config_xxx
reboot
```
# How to make the server ready # How to make the server ready
Once: Once:
@ -36,9 +27,7 @@ ssh-keygen
And then for every computer: And then for every computer:
``` ```
ip="computername"
passwd_value="PUT_A_PASSWORD_HERE" passwd_value="PUT_A_PASSWORD_HERE"
sshpass -p "$passwd_value" ssh-copy-id -o "StrictHostKeyChecking accept-new" ansibleuser@$ip sshpass -p "$passwd_value" ssh-copy-id -o "StrictHostKeyChecking accept-new" ansibleuser@COMPUTERNAME
scp ~/.ssh/id* ansibleuser@$ip:~/.ssh
``` ```

38
backup_cups.yaml Normal file
View file

@ -0,0 +1,38 @@
---
- name: backup cups
hosts: all
become: true
gather_facts: true
tasks:
- name: make backup folder
ansible.builtin.file:
path: "/cups_backup/"
owner: "ansibleuser"
group: "ansibleuser"
mode: '0700'
state: "directory"
- name: delete old file
ansible.builtin.file:
path: "/cups_backup/cups_{{ ansible_hostname }}.tgz"
state: "absent"
- name: create archive
community.general.archive:
dest: "/cups_backup/cups_{{ ansible_hostname }}.tgz"
path: "/etc/cups"
owner: "ansibleuser"
- name: create sudo permision
lineinfile:
path: "/etc/sudoers.d/root"
create: true
state: present
line: "root ALL=(ansibleuser) NOPASSWD: ALL"
- name: scp file into safety
ansible.builtin.shell: 'scp -o "StrictHostKeyChecking accept-new" /cups_backup/cups_{{ ansible_hostname }}.tgz ansibleuser@10.10.0.2:/home/backup_ansible/'
become: false

38
backup_dns.yaml Normal file
View file

@ -0,0 +1,38 @@
---
- name: backup docker volume
hosts: all
become: true
gather_facts: true
tasks:
- name: make backup folder
ansible.builtin.file:
path: "/docker_backup/"
owner: "ansibleuser"
group: "ansibleuser"
mode: '0700'
state: "directory"
- name: delete old file
ansible.builtin.file:
path: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz"
state: "absent"
- name: create archive
community.general.archive:
dest: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz"
path: "/var/lib/docker/volumes"
owner: "ansibleuser"
- name: create sudo permision
lineinfile:
path: "/etc/sudoers.d/root"
create: true
state: present
line: "root ALL=(ansibleuser) NOPASSWD: ALL"
- name: scp file into safety
ansible.builtin.shell: 'scp -o "StrictHostKeyChecking accept-new" /docker_backup/docker_volume_{{ ansible_hostname }}.tgz ansibleuser@10.10.0.2:/home/backup_ansible/'
become: false

3
install_checkmk_client_phase_b.yaml
View file

@ -7,3 +7,6 @@
- name: register check client - name: register check client
shell: "myhostname=`hostname` ; cmk-agent-ctl register --server 10.10.0.3:8000 --site cmk --user automation --trust-cert --password '{{ password }}' --hostname $myhostname" shell: "myhostname=`hostname` ; cmk-agent-ctl register --server 10.10.0.3:8000 --site cmk --user automation --trust-cert --password '{{ password }}' --hostname $myhostname"
# firewall-cmd --zone=public --add-port=6556/tcp --permanent
# firewall-cmd --zone=public --add-port=6556/tcp

89
install_cups.yaml Normal file
View file

@ -0,0 +1,89 @@
---
- name: install cups
hosts: all
become: true
tasks:
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install client
ansible.builtin.dnf:
name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
disable_gpg_check: true
- name: ldap
include_tasks: yaml_sub/ldap.yaml
- name: sssd
include_tasks: yaml_sub/sssd.yaml
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install nfs tools
dnf:
name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Make sure rpcbind service unit is started
systemd_service:
enabled: true
state: started
name: rpcbind
- name: mount_info
include_tasks: yaml_sub/mount_info.yaml
- name: install cups
ansible.builtin.dnf:
name: cups,cups-client,cups-libs,cups-lpd,hplip,gutenprint,gutenprint-cups
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
disablerepo:
- oneAPI
- name: Set Cups (2)
lineinfile:
path: /etc/cups/cupsd.conf
state: absent
line: "Listen localhost:631"
create: true
- name: Set Cups (2)
lineinfile:
path: /etc/cups/cupsd.conf
state: present
line: "Listen *:631"
create: true
- name: Make sure cups is started
systemd_service:
name: cups
enabled: true
state: started
- name: Make sure cups-browsed is started
systemd_service:
name: cups-browsed
enabled: true
state: started

122
install_semaphore.yaml
View file

@ -4,10 +4,92 @@
become: true become: true
tasks: tasks:
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install client
ansible.builtin.dnf:
name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
disable_gpg_check: true
- name: ldap
include_tasks: yaml_sub/ldap.yaml
- name: sssd
include_tasks: yaml_sub/sssd.yaml
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install nfs tools
dnf:
name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Make sure rpcbind service unit is started
systemd_service:
enabled: true
state: started
name: rpcbind
- name: mount_info
include_tasks: yaml_sub/mount_info.yaml
- name: remove other files - name: remove other files
include_tasks: yaml_sub/install_docker.yaml include_tasks: yaml_sub/install_docker.yaml
- name: install python3-request
dnf:
name: python3-requests+security
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Create network semaphoreNet
community.docker.docker_network:
name: semaphoreNet
- name: Create volume semaphore_maria_db
community.docker.docker_volume:
name: semaphore_maria_db
state: present
- name: Create mariab container
community.docker.docker_container:
name: semaphoremariadb
image: mariadb
state: started
recreate: no
restart_policy: always
env:
MARIADB_DATABASE: "semaphore"
MARIADB_USER: "semaphore"
MARIADB_PASSWORD: "{{ sqlpwd }}"
MARIADB_ROOT_PASSWORD : "{{ sqlrootpwd }}"
MYSQL_ROOT_HOST: '%'
networks:
- name: semaphoreNet
comparisons:
networks: strict
volumes:
- "semaphore_maria_db:/var/lib/mysql"
- name: Create volume semaphore_etc - name: Create volume semaphore_etc
community.docker.docker_volume: community.docker.docker_volume:
name: semaphore_etc name: semaphore_etc
@ -18,6 +100,11 @@
name: semaphore_lib name: semaphore_lib
state: present state: present
- name: Create volume semaphore_tmp
community.docker.docker_volume:
name: semaphore_tmp
state: present
- name: Create semaphore container - name: Create semaphore container
community.docker.docker_container: community.docker.docker_container:
name: semaphore name: semaphore
@ -28,14 +115,33 @@
published_ports: published_ports:
- "3000:3000/tcp" - "3000:3000/tcp"
volumes: volumes:
- semaphore_etc:/etc/semaphore - "semaphore_etc:/etc/semaphore"
- semaphore_lib:/var/lib/semaphore - "semaphore_lib:/var/lib/semaphore"
- "semaphore_tmp:/tmp/semaphore/"
env: env:
SEMAPHORE_DB_DIALECT: bolt SEMAPHORE_DB_USER: "semaphore"
SEMAPHORE_ADMIN_PASSWORD: changeme SEMAPHORE_DB_PASS: "{{ sqlpwd }}"
SEMAPHORE_ADMIN_NAME: admin SEMAPHORE_DB_HOST: "semaphoremariadb"
SEMAPHORE_ADMIN_EMAIL: davrot@uni-bremen.de SEMAPHORE_DB_PORT: "3306"
SEMAPHORE_ADMIN: admin SEMAPHORE_DB_DIALECT: "mysql"
TZ: Europe/Berlin SEMAPHORE_DB: "semaphore"
SEMAPHORE_PLAYBOOK_PATH: "/tmp/semaphore/"
SEMAPHORE_ADMIN_PASSWORD: "{{ semapwd }}"
SEMAPHORE_ADMIN_NAME: "admin"
SEMAPHORE_ADMIN_EMAIL: "davrot@uni-bremen.de"
SEMAPHORE_ADMIN: "admin"
SEMAPHORE_ACCESS_KEY_ENCRYPTION: "{{ semakey }}"
SEMAPHORE_LDAP_ACTIVATED: 'no'
TZ: "Europe/Berlin"
networks:
- name: semaphoreNet
- name: bridge
comparisons:
networks: strict

19
update_cups.yaml Normal file
View file

@ -0,0 +1,19 @@
---
- name: update cups setting
hosts: all
become: true
tasks:
- name: Unset Cups
lineinfile:
path: /etc/cups/client.conf
state: absent
line: "ServerName 10.10.10.16"
create: true
- name: Set Cups
lineinfile:
path: /etc/cups/client.conf
state: present
line: "ServerName 10.10.0.8"
create: true