cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-04 02:03:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cwchristerw:d694c4cbf6fd572a96699d76b3b0aa874114e47c
Branches Tags
cwchristerw:master
...
compare: cwchristerw:b059214c0aaed8a286cf3ec4602594dc31be9249
Branches Tags
cwchristerw:master

3 Commits
d694c4cbf6 ... b059214c0a

Author SHA1 Message Date
Christer Warén
b059214c0a Update data directory location to be static in root user directory 2025-08-06 15:57:26 +03:00
Christer Warén
72af6d2110 Update DHCP server configuration 2025-08-06 15:51:31 +03:00
Christer Warén
587d9032ac Update network device configurations to INSTRUCTIONS.md 2025-08-06 15:28:04 +03:00
6 changed files with 212 additions and 151 deletions
Expand all files Collapse all files

200
INSTRUCTIONS.md
View File

@@ -14,12 +14,12 @@
r1.net.tjas r1.net.tjas
``` ```
!
version 12.4 version 12.4
service timestamps debug datetime msec service timestamps debug datetime msec
service timestamps log datetime msec service timestamps log datetime msec
no service password-encryption no service password-encryption
! !
!
hostname r1.net.tjas hostname r1.net.tjas
! !
boot-start-marker boot-start-marker
@@ -35,14 +35,14 @@ resource policy
memory-size iomem 5 memory-size iomem 5
ip subnet-zero ip subnet-zero
! !
! !
ip cef ip cef
! !
! !
! !
! !
! !
! !
interface FastEthernet0/0 interface FastEthernet0/0
ip address dhcp ip address dhcp
no ip redirects no ip redirects
@@ -52,124 +52,120 @@ interface FastEthernet0/0
duplex full duplex full
speed auto speed auto
no mop enabled no mop enabled
! !
interface FastEthernet0/1 interface FastEthernet0/1
no ip address no ip address
duplex auto duplex auto
speed auto speed auto
! !
interface FastEthernet0/1.10 interface FastEthernet0/1.10
description "TINU - INTERNET" description "TINU - INTERNET"
encapsulation dot1Q 10 encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.0 ip address 192.168.1.1 255.255.255.224
ip helper-address 192.168.2.10 ip helper-address 192.168.2.10
no snmp trap link-status no snmp trap link-status
! !
interface FastEthernet0/1.20 interface FastEthernet0/1.20
description "JUVA - INTRA" description "JUVA - INTRA"
encapsulation dot1Q 20 encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.0 ip address 192.168.2.1 255.255.255.224
ip helper-address 192.168.2.10 ip helper-address 192.168.2.10
no snmp trap link-status no snmp trap link-status
! !
interface FastEthernet0/1.30 interface FastEthernet0/1.30
description "AITO - TOIMISTO" description "AITO - TOIMISTO"
encapsulation dot1Q 30 encapsulation dot1Q 30
ip address 192.168.3.1 255.255.255.0 ip address 192.168.3.1 255.255.255.224
ip helper-address 192.168.2.10 ip helper-address 192.168.2.10
no snmp trap link-status no snmp trap link-status
! !
interface FastEthernet0/1.69 interface FastEthernet0/1.69
description "SIVE - HALLINTA" description "SIVE - HALLINTA"
encapsulation dot1Q 69 encapsulation dot1Q 69
ip address 192.168.69.1 255.255.255.0 ip address 192.168.69.1 255.255.255.192
ip helper-address 192.168.69.20 ip helper-address 192.168.69.20
no snmp trap link-status no snmp trap link-status
! !
interface GigabitEthernet0/0/0 interface GigabitEthernet0/0/0
no ip address no ip address
shutdown shutdown
negotiation auto negotiation auto
! !
ip classless ip classless
! !
ip http server ip http server
! !
access-list 1 permit 192.168.0.0 !
access-list 1 permit 192.168.1.0
access-list 1 permit 192.168.2.0
access-list 1 permit 192.168.3.0
access-list 1 deny any
!
control-plane control-plane
! !
! !
line con 0 line con 0
line aux 0 line aux 0
line vty 0 4 line vty 0 4
password ******** password TJAS1234
login login
! !
scheduler allocate 20000 1000 scheduler allocate 20000 1000
! !
end end
``` ```
s1.net.tjas s1.net.tjas
``` ```
hostname "s1.net.tjas" hostname "s1.net.tjas"
snmp-server community "public" Unrestricted snmp-server community "public" Unrestricted
vlan 1 vlan 1
name "DEFAULT_VLAN" name "DEFAULT_VLAN"
untagged 1-52 untagged 1-52
ip address dhcp-bootp ip address dhcp-bootp
exit exit
vlan 10 vlan 10
name "TINU" name "TINU"
ip address 192.168.1.2 255.255.255.0 ip address 192.168.1.2 255.255.255.224
tagged 1 tagged 1
exit exit
vlan 20 vlan 20
name "JUVA" name "JUVA"
tagged 1-2 no ip address
exit tagged 1-2
vlan 30 exit
name "AITO" vlan 30
tagged 1,3 name "AITO"
exit no ip address
vlan 69 tagged 1,3
name "SIVE" exit
ip address 192.168.69.11 255.255.255.0 vlan 69
tagged 1,2,3 name "SIVE"
exit ip address 192.168.69.11 255.255.255.192
ip authorized-managers 192.168.69.20 tagged 1-3
exit
ip authorized-managers 192.168.69.20 255.255.255.255
ip ssh ip ssh
password manager password manager
``` ```
s2.net.tjas s2.net.tjas
``` ```
hostname "s2.net.tjas" hostname "s2.net.tjas"
snmp-server community "public" Unrestricted snmp-server community "public" Unrestricted
vlan 1 vlan 1
name "DEFAULT_VLAN" name "DEFAULT_VLAN"
untagged 25-28 untagged 25-28
ip address dhcp-bootp ip address dhcp-bootp
no untagged 1-24 no untagged 1-24
exit exit
vlan 20 vlan 20
name "JUVA" name "JUVA"
untagged 2-24 untagged 2-24
ip address 192.168.2.2 255.255.255.0 ip address 192.168.2.2 255.255.255.224
tagged 1 tagged 1-2
exit exit
vlan 69 vlan 69
name "SIVE" name "SIVE"
ip address 192.168.69.12 255.255.255.0 ip address 192.168.69.12 255.255.255.192
tagged 1,2 tagged 1-2
exit exit
ip authorized-managers 192.168.69.20 255.255.255.255 ip authorized-managers 192.168.69.20 255.255.255.255
ip ssh ip ssh
password manager password manager
``` ```
@@ -177,26 +173,26 @@ password manager
s3.net.tjas s3.net.tjas
``` ```
hostname "s3.net.tjas" hostname "s3.net.tjas"
snmp-server community "public" Unrestricted snmp-server community "public" Unrestricted
vlan 1 vlan 1
name "DEFAULT_VLAN" name "DEFAULT_VLAN"
untagged 25-28 untagged 25-28
ip address dhcp-bootp ip address dhcp-bootp
no untagged 1-24 no untagged 1-24
exit exit
vlan 30 vlan 30
name "AITO" name "AITO"
untagged 2-24 ip address 192.168.3.2 255.255.255.224
ip address 192.168.3.2 255.255.255.0 tagged 1,13-24
tagged 1 untagged
exit exit
vlan 69 vlan 69
name "SIVE" name "SIVE"
untagged 2-24 untagged 2-24
ip address 192.168.69.13 255.255.255.0 ip address 192.168.69.13 255.255.255.192
tagged 1 tagged 1
exit exit
ip authorized-managers 192.168.69.20 255.255.255.255 ip authorized-managers 192.168.69.20 255.255.255.255
ip ssh ip ssh
password manager password manager
``` ```

83
files/dhcp/dhcpd.conf
View File

@@ -106,20 +106,85 @@ authoritative;
# } # }
#} #}
subnet 192.168.1.0 netmask 255.255.255.0 { subnet 192.168.1.0 netmask 255.255.255.240 {
range 192.168.1.2 192.168.1.254; range 192.168.1.2 192.168.1.14;
option routers 192.168.1.1; option routers 192.168.1.1;
option broadcast-address 192.168.1.255; option broadcast-address 192.168.1.15;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.1.1;
}
host s1.net.tjas {
hardware ethernet 9c:8e:99:9b:c3:80;
fixed-address 192.168.1.2;
}
} }
subnet 192.168.2.0 netmask 255.255.255.0 { subnet 192.168.2.0 netmask 255.255.255.224 {
range 192.168.2.2 192.168.2.254; range 192.168.2.2 192.168.2.30;
option routers 192.168.2.1; option routers 192.168.2.1;
option broadcast-address 192.168.2.255; option broadcast-address 192.168.2.31;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.2.1;
}
host s2.net.tjas {
hardware ethernet 00:24:a8:f1:c7:40;
fixed-address 192.168.2.2;
}
host olympus.intra.tjas {
hardware ethernet 90:1b:0e:5b:18:fa;
fixed-address 192.168.2.10;
}
} }
subnet 192.168.3.0 netmask 255.255.255.0 { subnet 192.168.3.0 netmask 255.255.255.224 {
range 192.168.3.2 192.168.3.254; range 192.168.3.2 192.168.3.30;
option routers 192.168.3.1; option routers 192.168.3.1;
option broadcast-address 192.168.3.255; option broadcast-address 192.168.3.31;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.3.1;
}
host s3.net.tjas {
hardware ethernet 00:1f:fe:ab:9e:c0;
fixed-address 192.168.3.2;
}
}
subnet 192.168.69.0 netmask 255.255.255.192 {
range 192.168.69.2 192.168.69.62;
option broadcast-address 192.168.69.63;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.69.1;
}
host s1.net.tjas {
hardware ethernet 9c:8e.99:9b:c3:80;
fixed-address 192.168.3.11;
}
host s2.net.tjas {
hardware ethernet 00:24:a8:f1:c7:40;
fixed-address 192.168.3.12;
}
host s3.net.tjas {
hardware ethernet 00:1f:fe:ab:9e:c0;
fixed-address 192.168.3.13;
}
host olympus.intra.tjas {
hardware ethernet 90:1b:0e:5b:18:fa;
fixed-address 192.168.69.20;
}
} }

24
init.sh
View File

@@ -35,32 +35,32 @@ ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnall
apt-get install -y python3-pip python3-venv jq git curl lsb-release apt-get install -y python3-pip python3-venv jq git curl lsb-release
echo -e "\n\n" echo -e "\n\n"
mkdir -p ~/.ssh/keys/pvjjk-1vos-tjas &> /dev/null mkdir -p /root/.ssh/keys/pvjjk-1vos-tjas &> /dev/null
if [[ ! -f ~/.ssh/keys/pvjjk-1vos-tjas/infra ]] if [[ ! -f /root/.ssh/keys/pvjjk-1vos-tjas/infra ]]
then then
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..." ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
ssh-keygen -f ~/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn) ssh-keygen -f /root/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn)
echo -e "\n\n" echo -e "\n\n"
fi fi
ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..." ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
python3 -m venv ~/.venv/ansible python3 -m venv /root/.venv/ansible
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansiblen riippuvuudet..." ti-header "Asennetaan Ansiblen riippuvuudet..."
~/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect /root/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansible..." ti-header "Asennetaan Ansible..."
~/.venv/ansible/bin/pip3 install ansible /root/.venv/ansible/bin/pip3 install ansible
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansible kokoelmat..." ti-header "Asennetaan Ansible kokoelmat..."
~/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade /root/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
echo -e "\n\n" echo -e "\n\n"
ti-header "Lisää SSH-avain Infra-repon käyttöön..." ti-header "Lisää SSH-avain Infra-repon käyttöön..."
cat ~/.ssh/keys/pvjjk-1vos-tjas/infra.pub cat /root/.ssh/keys/pvjjk-1vos-tjas/infra.pub
echo -n "Onko avain lisätty Github-repoon? [K/E]" echo -n "Onko avain lisätty Github-repoon? [K/E]"
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]] while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -69,8 +69,8 @@ do
done done
echo -e "\n\n" echo -e "\n\n"
mkdir -p ~/.ansible/vault &> /dev/null mkdir -p /root/.ansible/vault &> /dev/null
if [[ ! -f ~/.ansible/vault/pvjjk-1vos-tjas ]] if [[ ! -f /root/.ansible/vault/pvjjk-1vos-tjas ]]
then then
ti-header "Syötä Ansible Vaultin salasana..." ti-header "Syötä Ansible Vaultin salasana..."
echo -n "Salasana: " echo -n "Salasana: "
@@ -80,14 +80,14 @@ then
if [[ ! -z $VAULT_PASSWORD ]] if [[ ! -z $VAULT_PASSWORD ]]
then then
echo "$VAULT_PASSWORD" > ~/.ansible/vault/pvjjk-1vos-tjas echo "$VAULT_PASSWORD" > /root/.ansible/vault/pvjjk-1vos-tjas
fi fi
done done
echo -e "\n\n" echo -e "\n\n"
fi fi
ti-header "Suoritetaan Infran asennus..." ti-header "Suoritetaan Infran asennus..."
~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer /root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer
echo -e "\n\n" echo -e "\n\n"
echo " echo "

28
tasks/deployer.yml
View File

@@ -2,7 +2,7 @@
- name: "Deployer - SSH - Add Authorized Keys" - name: "Deployer - SSH - Add Authorized Keys"
ansible.builtin.template: ansible.builtin.template:
src: './files/ssh/authorized_keys' src: './files/ssh/authorized_keys'
dest: '~/.ssh/authorized_keys' dest: '/root/.ssh/authorized_keys'
tags: tags:
- ssh - ssh
@@ -24,14 +24,14 @@
- name: "Deployer - Yggdrasil - Configure - Create Folder" - name: "Deployer - Yggdrasil - Configure - Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: "~/data/yggdrasil/" path: "/root/data/yggdrasil/"
state: directory state: directory
tags: tags:
- yggdrasil - yggdrasil
- name: "Deployer - Yggdrasil - Configure - Create Subfolders" - name: "Deployer - Yggdrasil - Configure - Create Subfolders"
ansible.builtin.file: ansible.builtin.file:
dest: '~/data/yggdrasil/{{ item.path }}' dest: '/root/data/yggdrasil/{{ item.path }}'
state: directory state: directory
with_filetree: './files/yggdrasil/' with_filetree: './files/yggdrasil/'
loop_control: loop_control:
@@ -44,7 +44,7 @@
- name: "Deployer - Yggdrasil - Configure - Generating & Transferring Files" - name: "Deployer - Yggdrasil - Configure - Generating & Transferring Files"
ansible.builtin.template: ansible.builtin.template:
src: '{{ item.src }}' src: '{{ item.src }}'
dest: '~/data/yggdrasil/{{ item.path }}' dest: '/root/data/yggdrasil/{{ item.path }}'
register: deployerTaskY1 register: deployerTaskY1
with_filetree: './files/yggdrasil/' with_filetree: './files/yggdrasil/'
loop_control: loop_control:
@@ -71,7 +71,7 @@
containers.podman.podman_image: containers.podman.podman_image:
name: pvjjk-1vos-tjas/nginx name: pvjjk-1vos-tjas/nginx
tag: latest tag: latest
path: "~/data/yggdrasil" path: "/root/data/yggdrasil"
build: build:
format: docker format: docker
force: true force: true
@@ -120,7 +120,7 @@
- name: "Deployer - MariaDB - Create Folder" - name: "Deployer - MariaDB - Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: ~/data/mariadb path: /root/data/mariadb
state: directory state: directory
tags: tags:
- mariadb - mariadb
@@ -140,7 +140,7 @@
restart: on restart: on
network: host network: host
volumes: volumes:
- "~/data/mariadb:/var/lib/mysql" - "/root/data/mariadb:/var/lib/mysql"
restart_policy: always restart_policy: always
env: env:
MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}" MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}"
@@ -207,14 +207,14 @@
- name: "Deployer - PowerDNS - Configure - Create Folder" - name: "Deployer - PowerDNS - Configure - Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: "~/data/powerdns/" path: "/root/data/powerdns/"
state: directory state: directory
tags: tags:
- powerdns - powerdns
- name: "Deployer - PowerDNS - Configure - Create Subfolders" - name: "Deployer - PowerDNS - Configure - Create Subfolders"
ansible.builtin.file: ansible.builtin.file:
dest: '~/data/powerdns/{{ item.path }}' dest: '/root/data/powerdns/{{ item.path }}'
state: directory state: directory
with_filetree: './files/powerdns/' with_filetree: './files/powerdns/'
loop_control: loop_control:
@@ -227,7 +227,7 @@
- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files" - name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
ansible.builtin.template: ansible.builtin.template:
src: '{{ item.src }}' src: '{{ item.src }}'
dest: '~/data/powerdns/{{ item.path }}' dest: '/root/data/powerdns/{{ item.path }}'
register: deployerTaskP1 register: deployerTaskP1
with_filetree: './files/powerdns/' with_filetree: './files/powerdns/'
loop_control: loop_control:
@@ -253,7 +253,7 @@
network: host network: host
restart_policy: always restart_policy: always
volumes: volumes:
- "~/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro" - /root/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
when: when:
- (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined - (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
tags: tags:
@@ -261,14 +261,14 @@
- name: "Deployer - Nginx - Configure - Create Folder" - name: "Deployer - Nginx - Configure - Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: "~/data/nginx/" path: "/root/data/nginx/"
state: directory state: directory
tags: tags:
- nginx - nginx
- name: "Deployer - Nginx - Configure - Create Subfolders" - name: "Deployer - Nginx - Configure - Create Subfolders"
ansible.builtin.file: ansible.builtin.file:
dest: '~/data/nginx/{{ item.path }}' dest: '/root/data/nginx/{{ item.path }}'
state: directory state: directory
with_filetree: './files/nginx/' with_filetree: './files/nginx/'
loop_control: loop_control:
@@ -281,7 +281,7 @@
- name: "Deployer - Nginx - Configure - Generating & Transferring Files" - name: "Deployer - Nginx - Configure - Generating & Transferring Files"
ansible.builtin.template: ansible.builtin.template:
src: '{{ item.src }}' src: '{{ item.src }}'
dest: '~/data/nginx/{{ item.path }}' dest: '/root/data/nginx/{{ item.path }}'
register: deployerTaskN1 register: deployerTaskN1
with_filetree: './files/nginx/' with_filetree: './files/nginx/'
loop_control: loop_control:

22
tasks/installer.yml
View File

@@ -12,14 +12,14 @@
- "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1" - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
- name: "Init : Python 3 : Configure - Virtual Environment : Test" - name: "Init : Python 3 : Configure - Virtual Environment : Test"
ansible.builtin.raw: "~/.venv/ansible/bin/pip3" ansible.builtin.raw: "/root/.venv/ansible/bin/pip3"
register: task632 register: task632
changed_when: false changed_when: false
failed_when: false failed_when: false
- name: "Init : Python 3 : Configure - Virtual Environment : Delete" - name: "Init : Python 3 : Configure - Virtual Environment : Delete"
ansible.builtin.file: ansible.builtin.file:
path: "~/.venv/ansible" path: "/root/.venv/ansible"
state: absent state: absent
when: when:
- "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1" - "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
@@ -29,7 +29,7 @@
name: pip name: pip
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
- name: "Installer : Tools : Install" - name: "Installer : Tools : Install"
@@ -102,22 +102,22 @@
name: ansible name: ansible
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
tags: tags:
- ansible - ansible
- name: "Installer : Ansible : Create Folder" - name: "Installer : Ansible : Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: ~/bin path: /root/bin
state: directory state: directory
tags: tags:
- ansible - ansible
- name: "Installer : Ansible : Create Symbolic Links" - name: "Installer : Ansible : Create Symbolic Links"
ansible.builtin.file: ansible.builtin.file:
src: ~/.venv/ansible/bin/{{ binary }} src: /root/.venv/ansible/bin/{{ binary }}
dest: ~/bin/{{ binary }} dest: /root/bin/{{ binary }}
state: link state: link
vars: vars:
binaries: binaries:
@@ -144,7 +144,7 @@
name: "{{ library }}" name: "{{ library }}"
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
vars: vars:
libraries: libraries:
@@ -164,7 +164,7 @@
name: pymysql name: pymysql
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
tags: tags:
- mariadb - mariadb
@@ -184,7 +184,7 @@
name: "PVJJK 1.VOS TJAS - Infra - Maintenance" name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
hour: "*/3" hour: "*/3"
minute: "0" minute: "0"
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance" job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance"
tags: tags:
- cron - cron
@@ -192,6 +192,6 @@
ansible.builtin.cron: ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Deployer" name: "PVJJK 1.VOS TJAS - Infra - Deployer"
minute: "*/5" minute: "*/5"
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer" job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer"
tags: tags:
- cron - cron

6
tasks/maintenance.yml
View File

@@ -4,7 +4,7 @@
name: "{{ library }}" name: "{{ library }}"
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
vars: vars:
libraries: libraries:
@@ -24,7 +24,7 @@
name: ansible name: ansible
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
- name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql" - name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
@@ -32,7 +32,7 @@
name: pymysql name: pymysql
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
- name: "Maintenance : Podman : Prune" - name: "Maintenance : Podman : Prune"