cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-05 15:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cwchristerw:master
Branches Tags
cwchristerw:master
...
compare: cwchristerw:dfb32da69248a75bac85b7036c560462ad6bf634
Branches Tags
cwchristerw:master

5 Commits
master ... dfb32da692

Author SHA1 Message Date
Christer Warén
dfb32da692 Update olympus host variables 2025-08-06 16:24:00 +03:00
Christer Warén
47db2224af Install Kea server as new DHCP server in Deployer tasks 2025-08-06 16:23:27 +03:00
Christer Warén
b059214c0a Update data directory location to be static in root user directory 2025-08-06 15:57:26 +03:00
Christer Warén
72af6d2110 Update DHCP server configuration 2025-08-06 15:51:31 +03:00
Christer Warén
587d9032ac Update network device configurations to INSTRUCTIONS.md 2025-08-06 15:28:04 +03:00
7 changed files with 274 additions and 206 deletions
Expand all files Collapse all files

44
INSTRUCTIONS.md
View File

@@ -14,12 +14,12 @@
r1.net.tjas r1.net.tjas
``` ```
!
version 12.4 version 12.4
service timestamps debug datetime msec service timestamps debug datetime msec
service timestamps log datetime msec service timestamps log datetime msec
no service password-encryption no service password-encryption
! !
!
hostname r1.net.tjas hostname r1.net.tjas
! !
boot-start-marker boot-start-marker
@@ -61,28 +61,28 @@ interface FastEthernet0/1
interface FastEthernet0/1.10 interface FastEthernet0/1.10
description "TINU - INTERNET" description "TINU - INTERNET"
encapsulation dot1Q 10 encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.0 ip address 192.168.1.1 255.255.255.224
ip helper-address 192.168.2.10 ip helper-address 192.168.2.10
no snmp trap link-status no snmp trap link-status
! !
interface FastEthernet0/1.20 interface FastEthernet0/1.20
description "JUVA - INTRA" description "JUVA - INTRA"
encapsulation dot1Q 20 encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.0 ip address 192.168.2.1 255.255.255.224
ip helper-address 192.168.2.10 ip helper-address 192.168.2.10
no snmp trap link-status no snmp trap link-status
! !
interface FastEthernet0/1.30 interface FastEthernet0/1.30
description "AITO - TOIMISTO" description "AITO - TOIMISTO"
encapsulation dot1Q 30 encapsulation dot1Q 30
ip address 192.168.3.1 255.255.255.0 ip address 192.168.3.1 255.255.255.224
ip helper-address 192.168.2.10 ip helper-address 192.168.2.10
no snmp trap link-status no snmp trap link-status
! !
interface FastEthernet0/1.69 interface FastEthernet0/1.69
description "SIVE - HALLINTA" description "SIVE - HALLINTA"
encapsulation dot1Q 69 encapsulation dot1Q 69
ip address 192.168.69.1 255.255.255.0 ip address 192.168.69.1 255.255.255.192
ip helper-address 192.168.69.20 ip helper-address 192.168.69.20
no snmp trap link-status no snmp trap link-status
! !
@@ -95,11 +95,6 @@ ip classless
! !
ip http server ip http server
! !
access-list 1 permit 192.168.0.0
access-list 1 permit 192.168.1.0
access-list 1 permit 192.168.2.0
access-list 1 permit 192.168.3.0
access-list 1 deny any
! !
control-plane control-plane
! !
@@ -107,7 +102,7 @@ control-plane
line con 0 line con 0
line aux 0 line aux 0
line vty 0 4 line vty 0 4
password ******** password TJAS1234
login login
! !
scheduler allocate 20000 1000 scheduler allocate 20000 1000
@@ -126,26 +121,27 @@ vlan 1
exit exit
vlan 10 vlan 10
name "TINU" name "TINU"
ip address 192.168.1.2 255.255.255.0 ip address 192.168.1.2 255.255.255.224
tagged 1 tagged 1
exit exit
vlan 20 vlan 20
name "JUVA" name "JUVA"
no ip address
tagged 1-2 tagged 1-2
exit exit
vlan 30 vlan 30
name "AITO" name "AITO"
no ip address
tagged 1,3 tagged 1,3
exit exit
vlan 69 vlan 69
name "SIVE" name "SIVE"
ip address 192.168.69.11 255.255.255.0 ip address 192.168.69.11 255.255.255.192
tagged 1,2,3 tagged 1-3
exit exit
ip authorized-managers 192.168.69.20 ip authorized-managers 192.168.69.20 255.255.255.255
ip ssh ip ssh
password manager password manager
``` ```
s2.net.tjas s2.net.tjas
@@ -161,13 +157,13 @@ vlan 1
vlan 20 vlan 20
name "JUVA" name "JUVA"
untagged 2-24 untagged 2-24
ip address 192.168.2.2 255.255.255.0 ip address 192.168.2.2 255.255.255.224
tagged 1 tagged 1-2
exit exit
vlan 69 vlan 69
name "SIVE" name "SIVE"
ip address 192.168.69.12 255.255.255.0 ip address 192.168.69.12 255.255.255.192
tagged 1,2 tagged 1-2
exit exit
ip authorized-managers 192.168.69.20 255.255.255.255 ip authorized-managers 192.168.69.20 255.255.255.255
ip ssh ip ssh
@@ -186,14 +182,14 @@ vlan 1
exit exit
vlan 30 vlan 30
name "AITO" name "AITO"
untagged 2-24 ip address 192.168.3.2 255.255.255.224
ip address 192.168.3.2 255.255.255.0 tagged 1,13-24
tagged 1 untagged
exit exit
vlan 69 vlan 69
name "SIVE" name "SIVE"
untagged 2-24 untagged 2-24
ip address 192.168.69.13 255.255.255.0 ip address 192.168.69.13 255.255.255.192
tagged 1 tagged 1
exit exit
ip authorized-managers 192.168.69.20 255.255.255.255 ip authorized-managers 192.168.69.20 255.255.255.255

83
files/dhcp/dhcpd.conf
View File

@@ -106,20 +106,85 @@ authoritative;
# } # }
#} #}
subnet 192.168.1.0 netmask 255.255.255.0 { subnet 192.168.1.0 netmask 255.255.255.240 {
range 192.168.1.2 192.168.1.254; range 192.168.1.2 192.168.1.14;
option routers 192.168.1.1; option routers 192.168.1.1;
option broadcast-address 192.168.1.255; option broadcast-address 192.168.1.15;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.1.1;
}
host s1.net.tjas {
hardware ethernet 9c:8e:99:9b:c3:80;
fixed-address 192.168.1.2;
}
} }
subnet 192.168.2.0 netmask 255.255.255.0 { subnet 192.168.2.0 netmask 255.255.255.224 {
range 192.168.2.2 192.168.2.254; range 192.168.2.2 192.168.2.30;
option routers 192.168.2.1; option routers 192.168.2.1;
option broadcast-address 192.168.2.255; option broadcast-address 192.168.2.31;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.2.1;
}
host s2.net.tjas {
hardware ethernet 00:24:a8:f1:c7:40;
fixed-address 192.168.2.2;
}
host olympus.intra.tjas {
hardware ethernet 90:1b:0e:5b:18:fa;
fixed-address 192.168.2.10;
}
} }
subnet 192.168.3.0 netmask 255.255.255.0 { subnet 192.168.3.0 netmask 255.255.255.224 {
range 192.168.3.2 192.168.3.254; range 192.168.3.2 192.168.3.30;
option routers 192.168.3.1; option routers 192.168.3.1;
option broadcast-address 192.168.3.255; option broadcast-address 192.168.3.31;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.3.1;
}
host s3.net.tjas {
hardware ethernet 00:1f:fe:ab:9e:c0;
fixed-address 192.168.3.2;
}
}
subnet 192.168.69.0 netmask 255.255.255.192 {
range 192.168.69.2 192.168.69.62;
option broadcast-address 192.168.69.63;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.69.1;
}
host s1.net.tjas {
hardware ethernet 9c:8e.99:9b:c3:80;
fixed-address 192.168.3.11;
}
host s2.net.tjas {
hardware ethernet 00:24:a8:f1:c7:40;
fixed-address 192.168.3.12;
}
host s3.net.tjas {
hardware ethernet 00:1f:fe:ab:9e:c0;
fixed-address 192.168.3.13;
}
host olympus.intra.tjas {
hardware ethernet 90:1b:0e:5b:18:fa;
fixed-address 192.168.69.20;
}
} }

24
init.sh
View File

@@ -35,32 +35,32 @@ ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnall
apt-get install -y python3-pip python3-venv jq git curl lsb-release apt-get install -y python3-pip python3-venv jq git curl lsb-release
echo -e "\n\n" echo -e "\n\n"
mkdir -p ~/.ssh/keys/pvjjk-1vos-tjas &> /dev/null mkdir -p /root/.ssh/keys/pvjjk-1vos-tjas &> /dev/null
if [[ ! -f ~/.ssh/keys/pvjjk-1vos-tjas/infra ]] if [[ ! -f /root/.ssh/keys/pvjjk-1vos-tjas/infra ]]
then then
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..." ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
ssh-keygen -f ~/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn) ssh-keygen -f /root/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn)
echo -e "\n\n" echo -e "\n\n"
fi fi
ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..." ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
python3 -m venv ~/.venv/ansible python3 -m venv /root/.venv/ansible
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansiblen riippuvuudet..." ti-header "Asennetaan Ansiblen riippuvuudet..."
~/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect /root/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansible..." ti-header "Asennetaan Ansible..."
~/.venv/ansible/bin/pip3 install ansible /root/.venv/ansible/bin/pip3 install ansible
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansible kokoelmat..." ti-header "Asennetaan Ansible kokoelmat..."
~/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade /root/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
echo -e "\n\n" echo -e "\n\n"
ti-header "Lisää SSH-avain Infra-repon käyttöön..." ti-header "Lisää SSH-avain Infra-repon käyttöön..."
cat ~/.ssh/keys/pvjjk-1vos-tjas/infra.pub cat /root/.ssh/keys/pvjjk-1vos-tjas/infra.pub
echo -n "Onko avain lisätty Github-repoon? [K/E]" echo -n "Onko avain lisätty Github-repoon? [K/E]"
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]] while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -69,8 +69,8 @@ do
done done
echo -e "\n\n" echo -e "\n\n"
mkdir -p ~/.ansible/vault &> /dev/null mkdir -p /root/.ansible/vault &> /dev/null
if [[ ! -f ~/.ansible/vault/pvjjk-1vos-tjas ]] if [[ ! -f /root/.ansible/vault/pvjjk-1vos-tjas ]]
then then
ti-header "Syötä Ansible Vaultin salasana..." ti-header "Syötä Ansible Vaultin salasana..."
echo -n "Salasana: " echo -n "Salasana: "
@@ -80,14 +80,14 @@ then
if [[ ! -z $VAULT_PASSWORD ]] if [[ ! -z $VAULT_PASSWORD ]]
then then
echo "$VAULT_PASSWORD" > ~/.ansible/vault/pvjjk-1vos-tjas echo "$VAULT_PASSWORD" > /root/.ansible/vault/pvjjk-1vos-tjas
fi fi
done done
echo -e "\n\n" echo -e "\n\n"
fi fi
ti-header "Suoritetaan Infran asennus..." ti-header "Suoritetaan Infran asennus..."
~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer /root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer
echo -e "\n\n" echo -e "\n\n"
echo " echo "

73
inventories/pvjjk-1vos-tjas/host_vars/olympus.intra.tjas
View File

@@ -1,34 +1,41 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-tjas $ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-tjas
33376562363863333566646437313135363332623231643964346461613335623062303161643566 64373537356265383835646633393666313433353930616236393663366439636536616464383132
3038343664303937646664393536356463633966613633320a626663353131613163316234316433 6236316531333431663830663665613830363061666439320a373539613430323231643335373266
31323230383964383634636338333836613264613064316664616537313934303830303166386633 35653439666564373238303933636165393731303662323931663966623035323761396531346132
6363653364646434360a633235636339336531666234666134666166653539623634343363643161 6164333533613038350a643431343134353965383932336262356431613965363431616130386639
33656438306262356132346163626566656166653333643465366136653465373535353838383439 31663335336535613863636336356531623836323130383030343838393934616332303631366433
64626663376536633834336564663665353632393537326366313130633330646562666238353936 63643462633265613761376361393538656137333066353532353830313839326230656235663639
30363230323330316534343165373433663036393866626438613035636339616164303761333135 65373735363039616535623561306462353837386238623362356661303133623264623335336538
65316437663663663764663463333833663937346636383364303366393264393061383164353533 39393864356434306161396361346134663331343534616262653737663163346166393837653632
33323230383464313565316134346334343565643331653333316437396461633133323662626635 31613539383933303936626665356538633862343233343534396462316264363637333730633434
61633362303261643039313566616537316333346562366165373961383734663934653236663934 39653838386537386434643531356662626663656134313434316665353565653538636133313436
39653261663730373136363130626332303836636362613661306164643361363062353864393465 32653632323366333365356561656335303834643264626561636232333235326662613963363631
66383833653261383562313939656465623736656132383530313739313264356335616631613864 61656239626438393266356133636562633265333735373061303336393539393139373065393163
30373338346563346361383462336338303235306139346530363665376335363230386232323734 39303533386330646336303232323261373832356461326463383962393562636638356534353639
61316463656135356431313236613132323937303533356433376633626462303632616462663730 62306132303536386364323932393265633737363334343033393731376230323830323632376164
30313163306233616164306136643032393839353230373439653363323863383266363432356438 62616535623065636361646235383932383366636339663938333162393563376266653930306135
35366361623731353934646230333165636635346166366530633863343936393138306534343563 38336636613764363065323662666166333934326465643636663833396436303538316431356437
65396136656438613931313965396638353333313962663133663632613430396331656230356264 38316338653131623566356463313262343334316330333166613938623965326663636437363865
66343731396534633761323863303936323937306334366539346264373936663231613961313637 38366565316631653334363764626264326665316239353066633161303933666336623038663665
65306161356539366234613131386565343666653133363635336335316263663431373837636636 35306434326537663836333930623765363165643261323336376435393561353033363432353535
63633232623733343932363862366233326666626164313330353830383563316533636539636263 65623034313466343065336135346162353739663934623635323830326139386463653831393466
35386339393663623739623663396333643662343031363530343738663833663166313632376433 64636633393239306538306663653836363866333335613536653434373762383330373464353330
63303861633063333365306137373739633030393133333733636266306237383034653635396664 38326132616232323137336539626164306232643131636538326630653136326532353739336163
32373831636435613235623862613037663838333731386336656665646634373339626637653661 66383733306431343039323437313533313966643138313862386563613431316264363834303565
30343435323934626538353631383533363163633662326263646364383437383961656136626664 37313161616637306130363432616139666635303361396361383230666236376435353965386430
61306662646435343538333737386535623763376566373833393133353030346563326136383435 66316666336162303239383263333134353765353639623030613932643761333030626265616366
66363838343539383462313933366531333339333032363530636235633461316162643065313333 63303763663361633062316233313265663865623730343866366164326139653239303135376134
36633338326530653336353030363536363932663038373337653766373630313237343536323762 36643933363937646534643335393130313766346263646230613963343835306135396138643436
66633137383631333333386532303864633930663031653639373438643564613338646463623963 33643638313833623566393464623131386532666661343264393039666233396666333035383265
31323366373330346430393435393638363032613864633334303138363765363162613638346234 34656461633932656237653936643331653831336666643461336162643337323166373461346333
31633831313535373862646132616562623532303266623666333164613638646339643838333839 61653066333532333566323366653833346238373664623830393237353661613435656162646234
31623533393830353234303664313662373737373139323035366430646266393939626333376136 38316137346463653731613938316665663963353531393132646430646161656366616565663034
33346432356339323732393864363838656430633035303864636436393066393531333030636337 37303530373532656339323737353061303732343930646639373231323032383863323161393761
61333432666539333534383663313964636433306161353465346366333766623138 65313061666664363730313562353931323034396535343636303137636134623639356663623432
65383964376434343237653933383834613366353362633830646664316436653836323030616563
64343435383436353332626534366538646637353166656135353038383564393739356664333530
37353764643964313037663936656335323532643963316430343038303366326163323432343862
33376264356634653533653561353164376632393465623638376535623562643464633930323466
36653932656237366532313834323566343232623935333166636462656664656239616636623036
64313366373165666133386232643334643562633634353938373064316461633435383066646437
63363466613135633130

72
tasks/deployer.yml
View File

@@ -2,7 +2,7 @@
- name: "Deployer - SSH - Add Authorized Keys" - name: "Deployer - SSH - Add Authorized Keys"
ansible.builtin.template: ansible.builtin.template:
src: './files/ssh/authorized_keys' src: './files/ssh/authorized_keys'
dest: '~/.ssh/authorized_keys' dest: '/root/.ssh/authorized_keys'
tags: tags:
- ssh - ssh
@@ -24,14 +24,14 @@
- name: "Deployer - Yggdrasil - Configure - Create Folder" - name: "Deployer - Yggdrasil - Configure - Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: "~/data/yggdrasil/" path: "/root/data/yggdrasil/"
state: directory state: directory
tags: tags:
- yggdrasil - yggdrasil
- name: "Deployer - Yggdrasil - Configure - Create Subfolders" - name: "Deployer - Yggdrasil - Configure - Create Subfolders"
ansible.builtin.file: ansible.builtin.file:
dest: '~/data/yggdrasil/{{ item.path }}' dest: '/root/data/yggdrasil/{{ item.path }}'
state: directory state: directory
with_filetree: './files/yggdrasil/' with_filetree: './files/yggdrasil/'
loop_control: loop_control:
@@ -44,7 +44,7 @@
- name: "Deployer - Yggdrasil - Configure - Generating & Transferring Files" - name: "Deployer - Yggdrasil - Configure - Generating & Transferring Files"
ansible.builtin.template: ansible.builtin.template:
src: '{{ item.src }}' src: '{{ item.src }}'
dest: '~/data/yggdrasil/{{ item.path }}' dest: '/root/data/yggdrasil/{{ item.path }}'
register: deployerTaskY1 register: deployerTaskY1
with_filetree: './files/yggdrasil/' with_filetree: './files/yggdrasil/'
loop_control: loop_control:
@@ -71,7 +71,7 @@
containers.podman.podman_image: containers.podman.podman_image:
name: pvjjk-1vos-tjas/nginx name: pvjjk-1vos-tjas/nginx
tag: latest tag: latest
path: "~/data/yggdrasil" path: "/root/data/yggdrasil"
build: build:
format: docker format: docker
force: true force: true
@@ -96,31 +96,9 @@
tags: tags:
- yggdrasil - yggdrasil
# - name: "Deployer - DHCP - Install"
# ansible.builtin.apt:
# name:
# - isc-dhcp-server
# state: latest
# - name: "Deployer - DHCP - Config"
# ansible.builtin.template:
# src: './files/dhcp/dhcpd.conf'
# dest: '/etc/dhcp/dhcpd.conf'
# register: deployerTaskD1
# tags:
# - dhcp
# - name: "Deployer : DHCP : Restart"
# ansible.builtin.systemd_service:
# name: isc-dhcp-server
# state: restarted
# enabled: true
# when:
# - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined
- name: "Deployer - MariaDB - Create Folder" - name: "Deployer - MariaDB - Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: ~/data/mariadb path: /root/data/mariadb
state: directory state: directory
tags: tags:
- mariadb - mariadb
@@ -140,7 +118,7 @@
restart: on restart: on
network: host network: host
volumes: volumes:
- "~/data/mariadb:/var/lib/mysql" - "/root/data/mariadb:/var/lib/mysql"
restart_policy: always restart_policy: always
env: env:
MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}" MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}"
@@ -205,16 +183,38 @@
tags: tags:
- mariadb - mariadb
- name: "Deployer - Kea - Install"
ansible.builtin.apt:
name:
- kea
state: latest
# - name: "Deployer - DHCP - Config"
# ansible.builtin.template:
# src: './files/dhcp/dhcpd.conf'
# dest: '/etc/dhcp/dhcpd.conf'
# register: deployerTaskD1
# tags:
# - dhcp
# - name: "Deployer : DHCP : Restart"
# ansible.builtin.systemd_service:
# name: isc-dhcp-server
# state: restarted
# enabled: true
# when:
# - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined
- name: "Deployer - PowerDNS - Configure - Create Folder" - name: "Deployer - PowerDNS - Configure - Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: "~/data/powerdns/" path: "/root/data/powerdns/"
state: directory state: directory
tags: tags:
- powerdns - powerdns
- name: "Deployer - PowerDNS - Configure - Create Subfolders" - name: "Deployer - PowerDNS - Configure - Create Subfolders"
ansible.builtin.file: ansible.builtin.file:
dest: '~/data/powerdns/{{ item.path }}' dest: '/root/data/powerdns/{{ item.path }}'
state: directory state: directory
with_filetree: './files/powerdns/' with_filetree: './files/powerdns/'
loop_control: loop_control:
@@ -227,7 +227,7 @@
- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files" - name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
ansible.builtin.template: ansible.builtin.template:
src: '{{ item.src }}' src: '{{ item.src }}'
dest: '~/data/powerdns/{{ item.path }}' dest: '/root/data/powerdns/{{ item.path }}'
register: deployerTaskP1 register: deployerTaskP1
with_filetree: './files/powerdns/' with_filetree: './files/powerdns/'
loop_control: loop_control:
@@ -253,7 +253,7 @@
network: host network: host
restart_policy: always restart_policy: always
volumes: volumes:
- "~/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro" - /root/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
when: when:
- (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined - (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
tags: tags:
@@ -261,14 +261,14 @@
- name: "Deployer - Nginx - Configure - Create Folder" - name: "Deployer - Nginx - Configure - Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: "~/data/nginx/" path: "/root/data/nginx/"
state: directory state: directory
tags: tags:
- nginx - nginx
- name: "Deployer - Nginx - Configure - Create Subfolders" - name: "Deployer - Nginx - Configure - Create Subfolders"
ansible.builtin.file: ansible.builtin.file:
dest: '~/data/nginx/{{ item.path }}' dest: '/root/data/nginx/{{ item.path }}'
state: directory state: directory
with_filetree: './files/nginx/' with_filetree: './files/nginx/'
loop_control: loop_control:
@@ -281,7 +281,7 @@
- name: "Deployer - Nginx - Configure - Generating & Transferring Files" - name: "Deployer - Nginx - Configure - Generating & Transferring Files"
ansible.builtin.template: ansible.builtin.template:
src: '{{ item.src }}' src: '{{ item.src }}'
dest: '~/data/nginx/{{ item.path }}' dest: '/root/data/nginx/{{ item.path }}'
register: deployerTaskN1 register: deployerTaskN1
with_filetree: './files/nginx/' with_filetree: './files/nginx/'
loop_control: loop_control:

22
tasks/installer.yml
View File

@@ -12,14 +12,14 @@
- "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1" - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
- name: "Init : Python 3 : Configure - Virtual Environment : Test" - name: "Init : Python 3 : Configure - Virtual Environment : Test"
ansible.builtin.raw: "~/.venv/ansible/bin/pip3" ansible.builtin.raw: "/root/.venv/ansible/bin/pip3"
register: task632 register: task632
changed_when: false changed_when: false
failed_when: false failed_when: false
- name: "Init : Python 3 : Configure - Virtual Environment : Delete" - name: "Init : Python 3 : Configure - Virtual Environment : Delete"
ansible.builtin.file: ansible.builtin.file:
path: "~/.venv/ansible" path: "/root/.venv/ansible"
state: absent state: absent
when: when:
- "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1" - "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
@@ -29,7 +29,7 @@
name: pip name: pip
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
- name: "Installer : Tools : Install" - name: "Installer : Tools : Install"
@@ -102,22 +102,22 @@
name: ansible name: ansible
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
tags: tags:
- ansible - ansible
- name: "Installer : Ansible : Create Folder" - name: "Installer : Ansible : Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: ~/bin path: /root/bin
state: directory state: directory
tags: tags:
- ansible - ansible
- name: "Installer : Ansible : Create Symbolic Links" - name: "Installer : Ansible : Create Symbolic Links"
ansible.builtin.file: ansible.builtin.file:
src: ~/.venv/ansible/bin/{{ binary }} src: /root/.venv/ansible/bin/{{ binary }}
dest: ~/bin/{{ binary }} dest: /root/bin/{{ binary }}
state: link state: link
vars: vars:
binaries: binaries:
@@ -144,7 +144,7 @@
name: "{{ library }}" name: "{{ library }}"
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
vars: vars:
libraries: libraries:
@@ -164,7 +164,7 @@
name: pymysql name: pymysql
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
tags: tags:
- mariadb - mariadb
@@ -184,7 +184,7 @@
name: "PVJJK 1.VOS TJAS - Infra - Maintenance" name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
hour: "*/3" hour: "*/3"
minute: "0" minute: "0"
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance" job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance"
tags: tags:
- cron - cron
@@ -192,6 +192,6 @@
ansible.builtin.cron: ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Deployer" name: "PVJJK 1.VOS TJAS - Infra - Deployer"
minute: "*/5" minute: "*/5"
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer" job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer"
tags: tags:
- cron - cron

6
tasks/maintenance.yml
View File

@@ -4,7 +4,7 @@
name: "{{ library }}" name: "{{ library }}"
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
vars: vars:
libraries: libraries:
@@ -24,7 +24,7 @@
name: ansible name: ansible
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
- name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql" - name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
@@ -32,7 +32,7 @@
name: pymysql name: pymysql
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: ~/.venv/ansible virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
- name: "Maintenance : Podman : Prune" - name: "Maintenance : Podman : Prune"