diff --git a/roles/ffmwu-bird/read.me b/roles/ffmwu-bird/read.me deleted file mode 100644 index 5f42885..0000000 --- a/roles/ffmwu-bird/read.me +++ /dev/null @@ -1,6 +0,0 @@ -The ffmwu-bird role sets up the bird config for gates or other meshing -servers (distinction made by group membership). It will ensure empty -include files for ICVPN integration; integration itself to be configured -by different role. bird package should be installed elsewhere. - -Relies on host_var "ffrl_exit_conf" and ... . diff --git a/roles/ffmwu-bird/tasks/main.yml b/roles/ffmwu-bird/tasks/main.yml deleted file mode 100644 index cd2807e..0000000 --- a/roles/ffmwu-bird/tasks/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- - -- name: standardise dir ownership - file: - path: /etc/bird - state: directory - owner: admin - group: bird - mode: 0750 - -- name: standardise file ownerships - file: - path: "{{b_item}}" - state: touch - owner: admin - group: bird - mode: 0750 - with_items: - - /etc/bird/bird.conf - - /etc/bird/mwu_peers_v4.inc - - /etc/bird/ffrl_peers_v4.inc - - /etc/bird/icvpn_peers_v4.inc - - /etc/bird/icvpn_roa_v4.inc - - /etc/bird/bird6.conf - - /etc/bird/icvpn_peers_v6.inc - - /etc/bird/icvpn_roa_v6.inc - - /etc/bird/mwu_peers_v6.inc - - /etc/bird/ffrl_peers_v6.inc - loop_control: - loop_var: b_item - -- name: template out bird.confs - template: - backup: yes - dest: /etc/bird/{{b_item}} - src: "{{b_item}}" - #validate !!! - with_items: - - bird.conf - - bird6.conf - loop_control: - loop_var: b_item - -# FIXME: construct mwu includes - -# FIXME: construct ffrl includes diff --git a/roles/ffmwu-bird/templates/bird.conf b/roles/ffmwu-bird/templates/bird.conf deleted file mode 100644 index 5c4b518..0000000 --- a/roles/ffmwu-bird/templates/bird.conf +++ /dev/null @@ -1,258 +0,0 @@ -timeformat protocol iso long; - -# local addresses -{% if 'gates' in group_names %} -define local_addr_ffrl = {{hostvar}}185.66.195.38; -define local_addr_icvpn = {{hostvar}}10.207.37.161; # ingwer = mwu161 -define local_addr_mwu = 10.37.0.{{mwu server id}}; -{% else %} -define local_addr_mwu = 10.37.1.{{mwu server id}}; -{% endif %} - -# AS -define mwu_as = 65037; # private AS of mwu -{% if 'gates' in group_names %} -define ffrl_as = 201701; # public AS of rheinland -{% endif %} - -{% if 'gates' in group_names %} -router id local_addr_ffrl; - -table ffrl; # BGP Peerings FFRL - -# ROA -roa table roa_icvpn { - include "ebgp_roa_v4.inc"; -} -{% else %} -router id local_addr_mwu; -{% endif %} - -# functions -function is_default() { - return net ~ [ - 0.0.0.0/0 - ]; -} - -function is_freifunk() { - return net ~ [ - 10.0.0.0/8{16,24} - ]; -} - -function is_dn42() { - return net ~ [ - 172.20.0.0/14{20,28} - ]; -} - -function is_chaosvpn() { - return net ~ [ - 172.31.0.0/16+ - ]; -} - -function is_mwu_self_nets() { - return net ~ [ - 10.56.0.0/16+, - 10.37.0.0/16+ - ]; -} - -function is_wi_self_net() { - return net ~ [ - 10.56.0.0/16+ - ]; -} - -function is_mz_self_net() { - return net ~ [ - 10.37.0.0/16+ - ]; -} - -{% if 'gates' in group_names %} -function is_local_addr_ffrl() { - return net ~ [ - {{hostvar}}185.66.195.38/32 - ]; -} - -function is_ffrl_tunnel_nets() { - return net ~ [ - {{hostvar}}100.64.2.234/31, - {{hostvar}}100.64.2.236/31, - {{hostvar}}100.64.2.238/31, - {{hostvar}}100.64.2.240/31, - {{hostvar}}100.64.1.112/31, - {{hostvar}}100.64.1.114/31 - ]; -} -{% endif %} - -# filters -{% if 'gates' in group_names %} -filter ebgp_icvpn_import_filter { - if is_mwu_self_nets() then reject; - if is_chaosvpn() then accept; - if roa_check(roa_icvpn) = ROA_VALID then { - if is_freifunk() then accept; - if is_dn42() then accept; - } else { - if roa_check(roa_icvpn) = ROA_UNKNOWN then { - if is_dn42() then { -# print "ROA UNKNOWN for dn42 net, accepting: ", net, " ASN: ", bgp_path.last; - accept; - } - if is_freifunk() then { -# print "ROA UNKNOWN for freifunk net, accepting: ", net, " ASN: ", bgp_path.last; - accept; - } - } - if roa_check(roa_icvpn) = ROA_INVALID then { - if is_freifunk() then { -# print "ROA INVALID for freifunk net, accept: ", net, " ASN: ", bgp_path.last; - accept; - } - } - reject; - } - reject; -} - -filter ebgp_ffrl_import_filter { - if is_default() then accept; - reject; -} - -filter ebgp_ffrl_export_filter { - if is_local_addr_ffrl() then accept; - reject; -} -{% else %} -# sanity check: don't allow critical overrides -filter ebgp_icvpn_import_filter { - if is_mwu_self_nets() then reject; - if is_default() then reject; - if is_freifunk() then accept; - if is_dn42() then accept; - if is_chaosvpn() then accept; - reject; -} -{% endif %} - -# protocols -# necessary to inform bird about devices -protocol device { - scan time 30; -}; - -protocol kernel kernel_mwu { - scan time 30; - import none; - export filter { - if is_mwu_self_nets() then - reject; - krt_prefsrc = local_addr_icvpn; - accept; - }; - kernel table ipt_icvpn; -}; - -{% if 'gates' in group_names %} -# learn about directly connected community subnets -protocol direct mwu_subnets { - interface "mzBR"; - interface "wiBR"; - import where is_mwu_self_nets(); -}; - -protocol static ffrl_uplink_hostroute { - table ffrl; - route 185.66.195.38/32 reject; -} - -protocol direct ffrl_tunnels { - table ffrl; - interface "ffrl-*"; - import where is_ffrl_tunnel_nets(); -} - -protocol kernel kernel_ffrl { - scan time 30; - import none; - export filter { - krt_prefsrc = local_addr_ffrl; - accept; - }; - table ffrl; - kernel table ipt_ffinetexit; -}; -{% endif %} - -# Templates -# templates for iBGP -{% if 'gates' in group_names %} -template bgp bgp_ibgp_mwu { - local local_addr_mwu as mwu_as; - import keep filtered on; - import all; # EXPERIMENT !!!!! - export where source = RTS_BGP; - direct; - gateway direct; -}; -{% else %} -template bgp bgp_ibgp_mwu { - local local_addr_mwu as mwu_as; - import filter ebgp_icvpn_import_filter; - export none; - direct; - gateway direct; -}; -{% endif %} - -{% if 'gates' in group_names %} -# templates for eBGP -template bgp ebgp_ic { - local local_addr_icvpn as mwu_as; - import keep filtered on; - import filter ebgp_icvpn_import_filter; - export filter { - if is_mwu_self_nets() then { # own nets - accept; - } - if source = RTS_BGP then { - if is_freifunk() || is_dn42() then { - accept; - } - } - reject; - }; - direct; -}; - -template bgp ffrl_uplink { - table ffrl; - local as mwu_as; - import keep filtered; - import filter ebgp_ffrl_import_filter; - export filter ebgp_ffrl_export_filter; - next hop self; - direct; -}; -{% endif %} - -# P E E R I N G S -# iBGP -include "mwu_peers_v4.inc"; - -{% if 'gates' in group_names %} -# P E E R I N G S -# eBGP FFRL exit -include "ffrl_peers_v4.inc"; - -# P E E R I N G S -# eBGP ICVPN -include "icvpn_peers_v4.inc"; -{% endif %} diff --git a/roles/ffmwu-meshing/meta/main.yml b/roles/ffmwu-meshing/meta/main.yml deleted file mode 100644 index ce24f2c..0000000 --- a/roles/ffmwu-meshing/meta/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -dependencies: -- { role: ffmwu-server } -- { role: packages, pkg_repo_list: "{{meshing_pkg_repo_list}}", - pkg_pkg_list: "{{meshing_pkg_pkg_list}}", - pkg_pip_list: "{{meshing_pkg_pip_list}}", - really_do: "{{ansible_managed_meshing}}" } diff --git a/roles/ffmwu-meshing/tasks/backend-scripts.yml b/roles/ffmwu-meshing/tasks/backend-scripts.yml deleted file mode 100644 index 0565ae6..0000000 --- a/roles/ffmwu-meshing/tasks/backend-scripts.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- - -- name: ensure backend-scripts-log-dir - file: path=~/.cronlog state=directory mode=0700 - -# FIXME: maybe move behind next block? -- name: clone backend scripts - git: - dest: "~/clones/backend-scripts" - repo: "https://github.com/freifunk-mwu/backend-scripts.git" - accept_hostkey: yes - -- block: # replaces backend script bootstrap_git_all.py - - name: generate host key - command: ssh-keygen -t ed25519 -N "" -f {{ansible_hostname}}_rsa - args: - chdir: ~/.ssh - creates: ~/.ssh/{{ansible_hostname}}_rsa - register: keypair - - - name: generate ssh config entry - blockinfile: - block: | - Host github_mwu - User git - Hostname github.com - PreferredAuthentications publickey - IdentityFile ~/.ssh/{{ansible_hostname}}_rsa - create: yes - dest: ~/.ssh/config - marker: "# {mark} ANSIBLE MANAGED BLOCK github_mwu" - mode: 0640 - - - name: change git user name - git_config: - scope: global - name: "user.name" - value: "{{ansible_hostname}}" - - - name: change git user email - git_config: - scope: global - name: "user.email" - value: "{{ansible_hostname}}@{{ansible_fqdn}}" - - # block end - -- block: - - name: read new pubkey - shell: cat ~/.ssh/{{ansible_hostname}}_rsa.pub - register: ssh_pub_key - - - name: read existing github token from spinat - shell: cat ~/.ssh/github-ansible-token - register: github_access_token - delegate_to: spinat.freifunk-mwu.de - - - name: register new pubkey with github freifunkmwu account - github_key: - name: "Server {{ansible_hostname}}" - token: "{{github_access_token.stdout}}" - pubkey: "{{ssh_pub_key.stdout}}" - # FIXME: force yes ??? - force: no - - when: keypair.changed - -- name: manage crontab - PATH - cron: env=yes name=PATH value="/home/admin/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" - -- name: manage crontab - entries - cron: name={{mwu_m_item.n}} job={{mwu_m_item.j}} minute={{mwu_m_item.mi}} - hour={{mwu_m_item.h}} day={{mwu_m_item.d}} month={{mwu_m_item.mo}} - weekday={{mwu_m_item.w}} - with_items: - - { n: "sync_meshkeys", mi: "*/15", h: "*", d: "*", mo: "*", w: "*", j: "/usr/bin/python3 $HOME/clones/backend-scripts/sync_meshkeys_gw.py > $HOME/.cronlog/sync_meshkeys.log" } - # FIXME: define hostvar for mi - - { n: "snapshot_configs", mi: "23", h: "5,23", d: "*", mo: "*", w: "*", j: "/usr/bin/python3 $HOME/clones/backend-scripts/snapshot_configs_all.py > $HOME/.cronlog/snapshot_configs.log" } - loop_control: - loop_var: mwu_m_item diff --git a/roles/ffmwu-meshing/tasks/fastd-community.yml b/roles/ffmwu-meshing/tasks/fastd-community.yml deleted file mode 100644 index a2d01ff..0000000 --- a/roles/ffmwu-meshing/tasks/fastd-community.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# this file included in a loop, called seperately for each community -# => configure fastd for one community here -# make a difference between gates an meshing-only servers -# hash describing community expected as "mf_com"; also expected: "f_ssh_keyfile" - -- name: ensure fastd config dir - {{mf_com.abbreviation}} - file: path=/etc/fastd/{{mf_com.abbreviation}}VPN/peers - state=directory mode=0750 - -#- debug: var=mf_com - -#- debug: var=f_ssh_keyfile - -- name: include either gate ... - include: fastd-gate.yml - when: fastd_config == 'gate' - -- name: ... or meshing-only style - include: fastd-meshonly.yml - when: fastd_config == 'meshing-only' diff --git a/roles/ffmwu-meshing/tasks/fastd-config.yml b/roles/ffmwu-meshing/tasks/fastd-config.yml deleted file mode 100644 index 2054e28..0000000 --- a/roles/ffmwu-meshing/tasks/fastd-config.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- - -# hash describing community expected as "mf_com"; -# also expected: "f_ssh_keyfile" and "mf_com_repo" - -- name: clone key repo - {{mf_com.abbreviation}} - git: - dest: "{{mf_com_repo}}" - key_file: "{{f_ssh_keyfile.stdout}}" - repo: "ssh://git@github.com/{{mf_com.repo}}" - update: no - accept_hostkey: yes - - # the following is a crude but functional work-around the problem that - # the git module wouldn't clone the repo with the ssh-config-entry - # in the url, but git wouldn't push without it (due to missing - # connection to the ssh key) -- name: change git url to pushable - git_config: - repo: "{{mf_com_repo}}" - scope: local - name: "remote.origin.url" - value: "ssh://github_mwu/{{mf_com.repo}}" - -- name: generate fastd key pair - {{mf_com.abbreviation}} - command: fastd --generate-key - creates="/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf" - register: f_key_pair - -- block: - -# - debug: var=f_key_pair - - - name: write out fastd secret key - {{mf_com.abbreviation}} - lineinfile: - backup: yes - create: yes - dest: "/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf" - insertbefore: BOF - line: secret "{{f_key_pair.stdout_lines[0] |regex_replace('^Secret. ','')}}"; - mode: 0400 - regexp: '^secret ".*";' - state: present - - - name: write out fastd public key - {{mf_com.abbreviation}} - lineinfile: - create: yes - dest: "{{mf_com_repo}}/servers/{{fastd_alias}}" - insertbefore: BOF - line: key "{{f_key_pair.stdout_lines[1] |regex_replace('^Public. ','')}}"; - mode: 0440 - regexp: '^key ".*";' - state: present - register: f_pub_key - ignore_errors: True - - - name: delete secret in case of public failure - {{mf_com.abbreviation}} - file: path="/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf" state=absent - when: f_pub_key.failed is defined - - - fail: msg="FAILED writing fastd key pair" - when: f_pub_key.failed is defined - - when: f_key_pair.changed - # end of block - -- name: template out fastd.conf - {{mf_com.abbreviation}} - template: - backup: yes - dest: "/etc/fastd/{{mf_com.abbreviation}}VPN/fastd.conf" - mode: 0640 - src: "{{mf_com_templ}}" - validate: 'fastd --verify-config -c %s' diff --git a/roles/ffmwu-meshing/tasks/fastd-gate.yml b/roles/ffmwu-meshing/tasks/fastd-gate.yml deleted file mode 100644 index f9dbe7e..0000000 --- a/roles/ffmwu-meshing/tasks/fastd-gate.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# this file included by fastd-community.yml, which is included in a loop, -# called seperately for each community -# => configure fastd for one community here -# hash describing community expected as "mf_com"; also expected: "f_ssh_keyfile" - -#- debug: var=mf_com - -#- debug: var=f_ssh_keyfile - -- set_fact: - mf_com_repo: "/etc/fastd/{{mf_com.abbreviation}}VPN/peers" - mf_com_templ: "fastd.conf-gate" - -- include: fastd-config.yml diff --git a/roles/ffmwu-meshing/tasks/fastd-meshonly.yml b/roles/ffmwu-meshing/tasks/fastd-meshonly.yml deleted file mode 100644 index 698024d..0000000 --- a/roles/ffmwu-meshing/tasks/fastd-meshonly.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# this file included by fastd-community.yml, which is included in a loop, -# called seperately for each community -# => configure fastd for one community here -# hash describing community expected as "mf_com"; also expected: "f_ssh_keyfile" - -#- debug: var=mf_com - -#- debug: var=f_ssh_keyfile - -- name: prepare secure temp dir - command: mktemp -d --tmpdir ansible-tmp-mf{{mf_com.abbreviation}}.XXXXXXXXXX - register: tmpdir - -- set_fact: - mf_com_repo: "{{tmpdir.stdout}}" - mf_com_templ: "fastd.conf-meshing" - -- include: fastd-config.yml - -- name: git add new public key - command: git add servers - chdir="{{mf_com_repo}}" - -- name: git commit new public key - command: git commit -m "add {{ansible_hostname}}" - chdir="{{mf_com_repo}}" - -- name: git push new public key - command: git push - chdir="{{mf_com_repo}}" - -- name: clean up - file: path="{{mf_com_repo}}" state=absent diff --git a/roles/ffmwu-meshing/tasks/fastd.yml b/roles/ffmwu-meshing/tasks/fastd.yml deleted file mode 100644 index 623339e..0000000 --- a/roles/ffmwu-meshing/tasks/fastd.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- name: ensure correct ownership of /etc/fastd - file: path=/etc/fastd state=directory mode=0750 owner=admin group=admin - -- name: find ssh keyfile name for use with git - shell: grep IdentityFile ~/.ssh/config | awk '{print $2}' - register: f_ssh_keyfile - changed_when: False - - # configure communtity, one by one -- include: fastd-community.yml mf_com={{mwu_mf_item.value}} - with_dict: "{{community_params}}" - loop_control: - loop_var: mwu_mf_item diff --git a/roles/ffmwu-meshing/tasks/main.yml b/roles/ffmwu-meshing/tasks/main.yml deleted file mode 100644 index d8e2cc9..0000000 --- a/roles/ffmwu-meshing/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -# we don't want to disrupt servers where this role is manually maintained! -# thus: warning and block statement - -- name: full-stop if meshing role is manually maintained on this server - debug: msg="meshing role skipped to not disrupt manual maintenance - set ansible_managed_meshing to True to enable ansible control" - when: (not ansible_managed_meshing is defined) or (not ansible_managed_meshing) - -- block: - - # backend scripts - - include: backend-scripts.yml - - # fastd - - include: fastd.yml - - when: (ansible_managed_meshing is defined) and (ansible_managed_meshing) -# end block diff --git a/roles/ffmwu-meshing/templates/fastd.conf-gate b/roles/ffmwu-meshing/templates/fastd.conf-gate deleted file mode 100644 index ac953db..0000000 --- a/roles/ffmwu-meshing/templates/fastd.conf-gate +++ /dev/null @@ -1,34 +0,0 @@ -# fastd.conf -# from https://github.com/freifunk-mwu/ansible-ffmwu.git - -log level warn; -hide ip addresses yes; -hide mac addresses yes; - -interface "{{mf_com.abbreviation}}VPN"; -method "salsa2012+umac"; # new method (faster) - -# Bind to v4 and v6 interfaces -bind {{ansible_default_ipv4.address}}:{{mf_com.fastd_port}}; -{% if ansible_default_ipv6.address is defined %} -bind [{{ansible_default_ipv6.address}}]:{{mf_com.fastd_port}}; -{% endif %} - -include "/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf"; -mtu 1406; # 1492 - IPv4/IPv6 Header - fastd Header... - -peer group "vpn_nodes" { -# p#eer limit 200; - include peers from "/etc/fastd/{{mf_com.abbreviation}}VPN/peers"; # servers 2 b moved out ... -{% if mf_com.xtra_peers is defined %} - {% for xtra in mf_com.xtra_peers %} - include peers from "/etc/fastd/{{mf_com.abbreviation}}VPN/{{xtra}}"; - {% endfor %} -{% endif %} -} - -peer group "servers" { - include peers from "/etc/fastd/{{mf_com.abbreviation}}VPN/peers/servers"; # yet 2 b filled ... -} - -status socket "/var/run/fastd-{{mf_com.abbreviation}}.status"; diff --git a/roles/ffmwu-meshing/templates/fastd.conf-meshing b/roles/ffmwu-meshing/templates/fastd.conf-meshing deleted file mode 100644 index b41c62f..0000000 --- a/roles/ffmwu-meshing/templates/fastd.conf-meshing +++ /dev/null @@ -1,43 +0,0 @@ -# fastd.conf -# from https://github.com/freifunk-mwu/ansible-ffmwu.git - -log level warn; -hide ip addresses yes; -hide mac addresses yes; - -interface "{{mf_com.abbreviation}}VPN"; -method "salsa2012+umac"; # new method (faster) - -# Bind to v4 and v6 interfaces -bind {{ansible_default_ipv4.address}}:{{mf_com.fastd_port}}; -{% if ansible_default_ipv6.address is defined %} -bind [{{ansible_default_ipv6.address}}]:{{mf_com.fastd_port}}; -{% endif %} - -include "/etc/fastd/{{mf_com.abbreviation}}VPN/secret.conf"; -mtu 1406; # 1492 - IPv4/IPv6 Header - fastd Header... - -secure handshakes yes; -mode tap; - -peer group "mesh_vpn_backbone" { - peer limit 4; - peer "gw_ingwer" { - key "9b74e90fd68df749e45718eced65268260872e4cf74369b9bf9e9fb42411efe9"; - remote ipv6 "ingwer.freifunk-mwu.de" port {{mf_com.fastd_port}}; - } - peer "gw_lotuswurzel" { - key "d73479cc97a87ffd4b256a873e505f3264408ed077b248358c52e8dc82bbfc07"; - remote ipv6 "lotuswurzel.freifunk-mwu.de" port {{mf_com.fastd_port}}; - } - peer "gw_spinat" { - key "9e59a202eccabe1aac37d8000e762ecb05e17b3e521f7a54ab693af66e4adfb7"; - remote ipv6 "spinat.freifunk-mwu.de" port {{mf_com.fastd_port}}; - } - peer "gw_wasserfloh" { - key "9c00e0534a9dc5232e9bfacb304261f21f24604ad233b648bf52d6b40ca60884"; - remote ipv6 "wasserfloh.freifunk-mwu.de" port {{mf_com.fastd_port}}; - } -} - -status socket "/var/run/fastd-{{mf_com.abbreviation}}.status"; diff --git a/roles/ffmwu-meshing/vars/main.yml b/roles/ffmwu-meshing/vars/main.yml deleted file mode 100644 index c238309..0000000 --- a/roles/ffmwu-meshing/vars/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- - -meshing_pkg_repo_list: - repo_keys: - - neoraider: - id: "16EF3F64CB201D9C" - server: keyserver.ubuntu.com - - freifunk-mwu: - id: "286CC7A4" - server: keyserver.ubuntu.com - repos: - - fastd: - repo: 'deb https://repo.universe-factory.net/debian/ sid main' - update_cache: no - - batman: - repo: 'deb http://ppa.launchpad.net/freifunk-mwu/batman-adv/ubuntu trusty main' - update_cache: no - - batman_src: - repo: 'deb-src http://ppa.launchpad.net/freifunk-mwu/batman-adv/ubuntu trusty main' - update_cache: yes - -meshing_pkg_pkg_list: -- git -- haveged -- python3-pip -- fastd -- batctl -- batman-adv-source - -meshing_pkg_pip_list: # example -- py-cpuinfo - -#- photon_core diff --git a/roles/packages/README.md b/roles/packages/README.md deleted file mode 100644 index 8952f5c..0000000 --- a/roles/packages/README.md +++ /dev/null @@ -1,34 +0,0 @@ -This role installs apt and python packages on the target host. Necessary -apt repos can be defined. -It expects the arguments pkg_repo_list, pkg_pkg_list and pkg_pip_list -to be filled. If any argument is undefined, the repectibe action will -be skipped. See below for examples. - -``` -pkg_repo_list: # example - repo_keys: - - cool_guy: - id: "67678686" - server: keyserver.ubuntu.com - - smart_guy: - id: "2f2f2f2f2" - server: keyserver.ubuntu.com - repos: - - cool_game: - repo: 'deb http://ppa.launchpad.net/cool/game/ubuntu trusty main' - update_cache: no - - smart_tool: - repo: 'deb http://ppa.launchpad.net/samrt/tool/ubuntu trusty main' - update_cache: yes # smart to have yes on last and only last entry - -pkg_pkg_list: # example -- cool-game -- smart-tool -- python3-pip # remember this one when wanting to use pkg_pip_list - -pkg_pip_list: # example -- smart-tool-py-interface - -# this flag controls the execution of the role; used to subdue if needed -really_do: True -``` diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml deleted file mode 100644 index 81c049c..0000000 --- a/roles/packages/tasks/main.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- - -# we don't want to disrupt servers where this role is manually maintained! -# thus: warning and block statement - -- name: full-stop if package role is manually maintained on this server - debug: msg="package role skipped to not disrupt manual maintenance - set really_do to True to enable ansible control" - when: (not really_do is defined) or (not really_do) - -# observe value of really_do -- block: - - # ensure apt keys and apt repos if defined - - block: - - - name: ensure defined apt keys - apt_key: - state: present - id: "{{pkg_item.id}}" - keyserver: "{{pkg_item.server}}" - with_items: "{{ (pkg_repo_list|default({})).repo_keys | default([]) }}" - loop_control: - loop_var: pkg_item - # see defaults in with - when: (pkg_repo_list is defined) and (pkg_repo_list.repo_keys is defined) - - - name: ensure defined apt repos - apt_repository: - state: present - repo: "{{pkg_item.repo}}" - update_cache: "{{pkg_item.update_cache}}" - filename: freifunk - with_items: "{{ (pkg_repo_list|default({})).repos | default([]) }}" - loop_control: - loop_var: pkg_item - # see defaults in with - when: (pkg_repo_list is defined) and (pkg_repo_list.repos is defined) - - # see defaults in with - when: pkg_repo_list is defined - # end block - - - name: ensure defined apt packages - apt: - state: present - name: "{{mwu_m_item}}" - update_cache: yes - cache_valid_time: 21600 - with_items: "{{meshing_pkg_pkg_list | default([])}}" - loop_control: - loop_var: mwu_m_item - # see default in with - when: meshing_pkg_pkg_list is defined - - - name: ensure defined python libs - pip: name={{mwu_m_item}} executable=pip3 - with_items: "{{meshing_pkg_pip_list | default([])}}" - loop_control: - loop_var: mwu_m_item - # see default in with - when: meshing_pkg_pip_list is defined - - when: (really_do is defined) and (really_do) -# end block