hogweed1/ansible-repo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

resolv.conf solved!

Browse Source
This commit is contained in:
hogweed1
2025-02-06 02:20:33 +10:00
parent fe33aee2fe
commit 4ba0cadf07
31 changed files with 1296 additions and 530 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
playbooks/_common-setup.yml Normal file
View File

@@ -0,0 +1,6 @@
#### TODO обе роли - пакаджесы и юзеры
---
- import_playbook: packages.yml
- import_playbook: resolvconf.yml
- import_playbook: users.yml
- import_playbook: exporters.yml

40
playbooks/exporters.yml
View File

@@ -1,21 +1,21 @@
---
- name: node exporter!
hosts: all
gather_facts: yes
become: yes
roles:
#- role:
#- prometheus.prometheus.ipmi_exporter
- prometheus.prometheus.node_exporter
#node_exporter_local_cache_path: "/tmp/node_exporter_cache"
- name: for hardware monitoring
hosts: physical_machines
gather_facts: yes
become: yes
roles:
- role: prometheus.prometheus.ipmi_exporter
ipmi_exporter_system_user: root
ipmi_exporter_version: "1.9.0"
---
- name: node exporter!
hosts: all:!lxc
gather_facts: yes
become: yes
roles:
#- role:
#- prometheus.prometheus.ipmi_exporter
- prometheus.prometheus.node_exporter
#node_exporter_local_cache_path: "/tmp/node_exporter_cache"
- name: for hardware monitoring
hosts: king-albert.guaranteedstruggle.host
gather_facts: yes
become: yes
roles:
- role: prometheus.prometheus.ipmi_exporter
ipmi_exporter_system_user: root
ipmi_exporter_version: "1.9.0"

120
playbooks/packages.yml
View File

@@ -1,59 +1,63 @@
---
- name: packages
hosts: all
become: true
become_method: sudo
tasks:
- name: Install the packages versions
ansible.builtin.package:
name:
- htop
#- iperf3
- git
- curl
- net-tools
- vim
- sudo
#state: latest
state: present
- name: check-stuff packages
hosts: net-stuff
become: true
become_method: sudo
tasks:
- name: Install the packages versions
ansible.builtin.package:
name:
- iperf3
#state: latest
state: present
- name: ceph packages
hosts: semyons
become: true
become_method: sudo
tasks:
- name: Install the packages versions
ansible.builtin.package:
name:
- ceph
#state: latest
state: present
- name: iptables
hosts:
- kubernetes
- docker
become: true
become_method: sudo
tasks:
- name: Install the packages versions
ansible.builtin.package:
name:
- iptables
#state: latest
---
- name: packages
hosts: all
become: true
become_method: sudo
tasks:
- name: Install the packages versions
ansible.builtin.package:
name:
- htop
#- iperf3
- git
- curl
- net-tools
- vim
- sudo
- tree
- jq
- rsync
#state: latest
state: present
- name: check-stuff packages
hosts: net-stuff
become: true
become_method: sudo
tasks:
- name: Install the packages versions
ansible.builtin.package:
name:
- iperf3
#state: latest
state: present
- name: ceph packages
hosts: semyons
become: true
become_method: sudo
tasks:
- name: Install the packages versions
ansible.builtin.package:
name:
- ceph
#state: latest
state: present
- name: iptables
hosts:
- kubernetes
- docker
become: true
become_method: sudo
tasks:
- name: Install the packages versions
ansible.builtin.package:
name:
- iptables
#state: latest
state: present

38
playbooks/pingo.yml
View File

@@ -1,20 +1,20 @@
---
- name: pingu
hosts: all
# remote_user: root
gather_facts: no
become: yes
tasks:
- name: pingu!
ansible.builtin.ping:
# - name: Send notify to Telegram
# community.general.telegram:
# token: '6472915685:AAHPvgrQoqG7DxtfbnHWPe3Lfild-CGJ1j8'
# api_args:
# chat_id: -4023350326
# parse_mode: "markdown"
# text: "Your precious application has been deployed: https://example.com"
# disable_web_page_preview: true
---
- name: pingu
hosts: all
# remote_user: root
gather_facts: no
become: no # yes
tasks:
- name: pingu!
ansible.builtin.ping:
# - name: Send notify to Telegram
# community.general.telegram:
# token: '6472915685:AAHPvgrQoqG7DxtfbnHWPe3Lfild-CGJ1j8'
# api_args:
# chat_id: -4023350326
# parse_mode: "markdown"
# text: "Your precious application has been deployed: https://example.com"
# disable_web_page_preview: true
# disable_notification: true

65
playbooks/resolvconf.yml Normal file
View File

@@ -0,0 +1,65 @@
---
- name: make resolv.conf work fine
hosts: all
become: yes
tasks:
- name: Install the packages versions
ansible.builtin.package:
name:
- systemd-resolved
state: present
- name: Make small file
register: systemd_resolved_conf
copy:
dest: "/etc/systemd/resolved.conf"
content: |
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
# See resolved.conf(5) for details.
[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
DNS=192.168.0.88
FallbackDNS=192.168.0.1
Domains=guaranteedstruggle.host,just-for-me.internal
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#CacheFromLocalhost=no
DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
- name: Make fix for resolv-conf rewriting
copy:
dest: "/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate"
content: |
#!/bin/sh
make_resolv_conf(){
:
}
mode: +x
- name: restart service
service:
name: systemd-resolved
state: restarted
when: systemd_resolved_conf.changed

38
playbooks/run-puppet.yml
View File

@@ -1,19 +1,19 @@
---
- name: run it
hosts: puppets
gather_facts: no
become: yes
tasks:
- name: run 'em
community.general.puppet:
summarize: true
- name: run it 2
hosts: samehost-zero.guaranteedstruggle.host
gather_facts: no
become: yes
tasks:
- name: run this
community.general.puppet:
summarize: yes
certname: samehost-zero.guaranteedstuggle.host
---
- name: run it
hosts: puppets
gather_facts: no
become: yes
tasks:
- name: run 'em
community.general.puppet:
summarize: true
- name: run it 2
hosts: samehost-zero.guaranteedstruggle.host
gather_facts: no
become: yes
tasks:
- name: run this
community.general.puppet:
summarize: yes
certname: samehost-zero.guaranteedstuggle.host

133
playbooks/software/prometheus.yml Normal file
View File

@@ -0,0 +1,133 @@
---
- name: prom
hosts:
- prometheus.guaranteedstruggle.host
vars:
prom_version: '2.55.1'
gather_facts: yes
become: yes
tasks:
- name: Ensure group "prometheus" exists
ansible.builtin.group:
name: prometheus
state: present
- name: Add user "prometheus"
ansible.builtin.user:
name: prometheus
groups: prometheus
shell: /sbin/nologin
create_home: no
append: yes
comment: "prometheus nologin User"
state: present
- name: Creates directory
ansible.builtin.file:
path: /etc/prometheus
state: directory
group: prometheus
owner: prometheus
- name: Creates directory
ansible.builtin.file:
path: /usr/share/prometheus
state: directory
group: prometheus
owner: prometheus
- name: Creates directory
ansible.builtin.file:
path: /prometheus-data
state: directory
group: prometheus
owner: prometheus
- name: Unarchive a file that needs to be downloaded (added in 2.0)
ansible.builtin.unarchive:
src: https://github.com/prometheus/prometheus/releases/download/v{{prom_version}}/prometheus-{{prom_version}}.linux-amd64.tar.gz
dest: /usr/share/prometheus
creates: /usr/share/prometheus/prometheus-{{prom_version}}.linux-amd64
remote_src: yes
- name: Create a symbolic link
ansible.builtin.file:
src: /usr/share/prometheus/prometheus-{{prom_version}}.linux-amd64/prometheus
dest: /usr/sbin/prometheus
owner: prometheus
group: prometheus
state: link
- name: Create a symbolic link
ansible.builtin.file:
src: /usr/share/prometheus/prometheus-{{prom_version}}.linux-amd64/promtool
dest: /usr/sbin/promtool
owner: prometheus
group: prometheus
state: link
- name: Copy prometheus.yaml
register: prometheus_config_file
copy:
src: ../../files/prometheus/prometheus.yaml
dest: /etc/prometheus/prometheus.yaml
notify:
- reload prometheus
- name: Copy web-config
register: web_config_file
copy:
src: ../../files/prometheus/web-config.yaml
dest: /etc/prometheus/web-config.yaml
notify:
- reload prometheus
- name: Copy rules.yaml
register: rules_file
copy:
src: ../../files/prometheus/rules.yaml
dest: /etc/prometheus/rules.yaml
notify:
- reload prometheus
- name: Copy alerts.yaml
register: alerts_file
copy:
src: ../../files/prometheus/alerts.yaml
dest: /etc/prometheus/alerts.yaml
notify:
- reload prometheus
- name: Copy prometheus.service
register: prometheus_service_file
copy:
src: ../../files/prometheus/prometheus.service
dest: /etc/systemd/system/prometheus.service
- name: ensure service
ansible.builtin.systemd_service:
name: prometheus
state: started
enabled: true
# - name: reload service
# ansible.builtin.systemd_service:
# name: prometheus
# state: reloaded
# when:
# - rules_file.changed
# - alerts_file.changed
# - prometheus_service_file.changed
# - web_config_file.changed
- name: Just force systemd to reread configs
ansible.builtin.systemd_service:
daemon_reload: true
when: prometheus_service_file.changed
handlers:
- name: reload prometheus
ansible.builtin.systemd_service:
name: prometheus
state: reloaded
#### TODO как откатывать неудачную проверку promtool'ом ?

54
playbooks/users.yml
View File

@@ -1,28 +1,28 @@
---
- name: users
hosts: all
become: yes
tasks:
- name: make-me
ansible.builtin.user:
name: hogweed1
shell: /bin/bash
create_home: yes
# python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")'
password: $6$KHOI$0Dq28VBwgtNFvfbQQ.4s6koctN6e5ZWRRBhWp0lkKKiel8y2qhc89E0CY479b4EX5.CnfDhS8rlaOATk/rXLu0
- name: Set authorized key taken from file
ansible.posix.authorized_key:
user: hogweed1
state: present
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHTnXy693g6ivEJ6D5VrTBnjEjIe/a00cU7/9Hb79Zf hogweed1@vdk2ch.ru"
- name: Make users passwordless for sudo in group wheel
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%hogweed1'
line: '%hogweed1 ALL=(ALL) NOPASSWD: ALL'
---
- name: users
hosts: all
become: yes
tasks:
- name: make-me
ansible.builtin.user:
name: hogweed1
shell: /bin/bash
create_home: yes
# python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")'
password: $6$KHOI$0Dq28VBwgtNFvfbQQ.4s6koctN6e5ZWRRBhWp0lkKKiel8y2qhc89E0CY479b4EX5.CnfDhS8rlaOATk/rXLu0
- name: Set authorized key taken from file
ansible.posix.authorized_key:
user: hogweed1
state: present
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHTnXy693g6ivEJ6D5VrTBnjEjIe/a00cU7/9Hb79Zf hogweed1@vdk2ch.ru"
- name: Make users passwordless for sudo in group wheel
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%hogweed1'
line: '%hogweed1 ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'