From 4131825286caf29a36da7d5749ae46ab6347dc9a Mon Sep 17 00:00:00 2001 From: n0trax Date: Thu, 7 Sep 2017 09:32:15 +0200 Subject: [PATCH] Modify prerequisites role and integrate prerequisites role into all playbooks (#4) --- Readme.md | 6 ++++-- playbooks/build-server.yml | 6 +++--- playbooks/gateways.yml | 3 +-- playbooks/localtestvm-meshing.yml | 8 +++----- playbooks/localtestvm-provide.yml | 1 - playbooks/localtestvm-test-prereqs.yml | 9 --------- playbooks/meshing.yml | 8 +++----- playbooks/servers.yml | 6 ++---- playbooks/test-prereqs.yml | 8 -------- roles/prerequisites/tasks/main.yml | 14 ++++++++++++++ roles/prerequisites/vars/main.yml | 4 ++++ roles/test-prerequisites/tasks/main.yml | 23 ----------------------- 12 files changed, 34 insertions(+), 62 deletions(-) delete mode 100755 playbooks/localtestvm-test-prereqs.yml delete mode 100755 playbooks/test-prereqs.yml create mode 100755 roles/prerequisites/tasks/main.yml create mode 100644 roles/prerequisites/vars/main.yml delete mode 100755 roles/test-prerequisites/tasks/main.yml diff --git a/Readme.md b/Readme.md index 528b142..05759ce 100644 --- a/Readme.md +++ b/Readme.md @@ -4,7 +4,7 @@ Wir, die Freifunk MWU Community, nutzen Ansible um unsere Freifunk Server aufzus diesem Repository verwalten wir unsere Ansible Roles und Playbooks. Ein Server muss minimal vorbereitet sein, bevor dieser per Ansible z.B. zu einem Freifunk-Gateway gemacht werden -kann. Insbesondere müssen die folgenden Voraussetzungen erfüllt sein (diese werden vom playbook `test-prereqs.yml` getestet): +kann. Die folgenden Voraussetzungen müssen erfüllt sein: - Ein dedizierter (v)server muss existieren und unter einer IPv4- und einer IPv6-Adresse öffentlich erreichbar sein. - Die Adressen müssen im MWU-DNS eingetragen sein. @@ -12,6 +12,9 @@ kann. Insbesondere müssen die folgenden Voraussetzungen erfüllt sein (diese we - Für ansible muss Python 2.5 oder Python 2.4 + python-simplejson installiert sein. - Es muss einen User admin geben, auf den die Admins Zugriff haben; dieser muss Root-Zugang über sudo haben. +Die Voraussetzungen werden von der Rolle `prerequisites` geprüft, die Rolle sollte als erste Rolle in jedem +Playbook eingebunden sein. + Die Server werden mit ihren FQDNs im Ansible Inventory hinterlegt, bedenkt das für eure ssh-config. ## Variablen für jedes Mesh @@ -134,7 +137,6 @@ ffrl_exit_server: tunnel_ipv6_netmask: ``` -- Testen, ob alle Voraussetzungen erfüllt sind: `ansible-playbook playbooks/test-prerequisites.yml` - Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml` - Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben. - Um die Rollen nur auf das neu aufzusetzende Gateway anzuwenden: `ansible-playbook playbooks/gateways.yml --limit=$FQDN` diff --git a/playbooks/build-server.yml b/playbooks/build-server.yml index 7b76e33..3bf1f7c 100755 --- a/playbooks/build-server.yml +++ b/playbooks/build-server.yml @@ -1,7 +1,7 @@ #!/usr/bin/ansible-playbook ---- + - hosts: ffmwu-build-servers remote_user: admin - roles: - - ffmwu-build + - prerequisites + - ffmwu-build diff --git a/playbooks/gateways.yml b/playbooks/gateways.yml index 87fe129..5a0231c 100755 --- a/playbooks/gateways.yml +++ b/playbooks/gateways.yml @@ -1,10 +1,9 @@ #!/usr/bin/ansible-playbook ---- - hosts: ffmwu-gateways remote_user: admin - roles: + - prerequisites - server-repos - server-basic - service-haveged diff --git a/playbooks/localtestvm-meshing.yml b/playbooks/localtestvm-meshing.yml index 0d6cd3a..e6cde23 100755 --- a/playbooks/localtestvm-meshing.yml +++ b/playbooks/localtestvm-meshing.yml @@ -1,11 +1,9 @@ #!/usr/bin/ansible-playbook ---- - include: loctevm-provide.yml - hosts: test-vms remote_user: admin - strategy: linear - - roles: - - ffmwu-meshing + roles: + - prerequisites + - ffmwu-meshing diff --git a/playbooks/localtestvm-provide.yml b/playbooks/localtestvm-provide.yml index 2fca683..6f75733 100755 --- a/playbooks/localtestvm-provide.yml +++ b/playbooks/localtestvm-provide.yml @@ -1,5 +1,4 @@ #!/usr/bin/ansible-playbook ---- # localhost (aka 127.0.0.1) is the hypervisor (hard-coded) - hosts: test-vms diff --git a/playbooks/localtestvm-test-prereqs.yml b/playbooks/localtestvm-test-prereqs.yml deleted file mode 100755 index 46a4096..0000000 --- a/playbooks/localtestvm-test-prereqs.yml +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/ansible-playbook ---- - -- hosts: test-vms - remote_user: admin - strategy: free - - roles: - - ffmwu-prereqs diff --git a/playbooks/meshing.yml b/playbooks/meshing.yml index c1bfe50..6dc49f4 100755 --- a/playbooks/meshing.yml +++ b/playbooks/meshing.yml @@ -1,9 +1,7 @@ #!/usr/bin/ansible-playbook ---- - hosts: meshing-srv remote_user: admin - strategy: linear - - roles: - - ffmwu-meshing + roles: + - prerequisites + - ffmwu-meshing diff --git a/playbooks/servers.yml b/playbooks/servers.yml index 157eb00..d5a05d0 100755 --- a/playbooks/servers.yml +++ b/playbooks/servers.yml @@ -1,9 +1,7 @@ #!/usr/bin/ansible-playbook ---- - hosts: ff-servers remote_user: admin - strategy: linear - roles: - - ffmwu-server + - prerequisites + - ffmwu-server diff --git a/playbooks/test-prereqs.yml b/playbooks/test-prereqs.yml deleted file mode 100755 index f96d426..0000000 --- a/playbooks/test-prereqs.yml +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/ansible-playbook ---- - -- hosts: ffmwu-servers - remote_user: admin - - roles: - - test-prerequisites diff --git a/roles/prerequisites/tasks/main.yml b/roles/prerequisites/tasks/main.yml new file mode 100755 index 0000000..6ec8837 --- /dev/null +++ b/roles/prerequisites/tasks/main.yml @@ -0,0 +1,14 @@ +--- + +- name: Check DNS entries and target distribution + assert: + that: + - "dns_host_ipv4_address in ansible_all_ipv4_addresses" + - "dns_host_ipv6_address in ansible_all_ipv6_addresses" + - "ansible_distribution == 'Debian'" + - "ansible_distribution_major_version == '9'" + +- name: Test root access for admin account + command: "true" + changed_when: False + become: True diff --git a/roles/prerequisites/vars/main.yml b/roles/prerequisites/vars/main.yml new file mode 100644 index 0000000..f0e8dca --- /dev/null +++ b/roles/prerequisites/vars/main.yml @@ -0,0 +1,4 @@ +--- + +dns_host_ipv4_address: "{{ lookup('dig', inventory_hostname, 'qtype=A') }}" +dns_host_ipv6_address: "{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}" diff --git a/roles/test-prerequisites/tasks/main.yml b/roles/test-prerequisites/tasks/main.yml deleted file mode 100755 index 9b45590..0000000 --- a/roles/test-prerequisites/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: assert IPv4 DNS entry - local_action: shell dig +short A {{ inventory_hostname }} | egrep '^{{ ansible_default_ipv4.address }}' - changed_when: False - -- name: assert IPv6 DNS entry - local_action: shell dig +short AAAA {{ inventory_hostname }} | egrep '^{{ ansible_default_ipv6.address }}' - changed_when: False - -- name: Test access to admin account - command: "true" - changed_when: False - -- name: Test root access for admin account - command: "true" - changed_when: False - become: True - -- name: Check for correct OS type and version - fail: msg="unsupported OS type or version - {{ ansible_distribution }} {{ ansible_distribution_major_version }}" - when: - - ansible_distribution != "Debian" - - ansible_distribution_major_version|int != "9"