Modify prerequisites role and integrate prerequisites role into all playbooks (#4)
This commit is contained in:
parent
d05233a26d
commit
4131825286
12 changed files with 34 additions and 62 deletions
|
@ -4,7 +4,7 @@ Wir, die Freifunk MWU Community, nutzen Ansible um unsere Freifunk Server aufzus
|
|||
diesem Repository verwalten wir unsere Ansible Roles und Playbooks.
|
||||
|
||||
Ein Server muss minimal vorbereitet sein, bevor dieser per Ansible z.B. zu einem Freifunk-Gateway gemacht werden
|
||||
kann. Insbesondere müssen die folgenden Voraussetzungen erfüllt sein (diese werden vom playbook `test-prereqs.yml` getestet):
|
||||
kann. Die folgenden Voraussetzungen müssen erfüllt sein:
|
||||
|
||||
- Ein dedizierter (v)server muss existieren und unter einer IPv4- und einer IPv6-Adresse öffentlich erreichbar sein.
|
||||
- Die Adressen müssen im MWU-DNS eingetragen sein.
|
||||
|
@ -12,6 +12,9 @@ kann. Insbesondere müssen die folgenden Voraussetzungen erfüllt sein (diese we
|
|||
- Für ansible muss Python 2.5 oder Python 2.4 + python-simplejson installiert sein.
|
||||
- Es muss einen User admin geben, auf den die Admins Zugriff haben; dieser muss Root-Zugang über sudo haben.
|
||||
|
||||
Die Voraussetzungen werden von der Rolle `prerequisites` geprüft, die Rolle sollte als erste Rolle in jedem
|
||||
Playbook eingebunden sein.
|
||||
|
||||
Die Server werden mit ihren FQDNs im Ansible Inventory hinterlegt, bedenkt das für eure ssh-config.
|
||||
|
||||
## Variablen für jedes Mesh
|
||||
|
@ -134,7 +137,6 @@ ffrl_exit_server:
|
|||
tunnel_ipv6_netmask:
|
||||
|
||||
```
|
||||
- Testen, ob alle Voraussetzungen erfüllt sind: `ansible-playbook playbooks/test-prerequisites.yml`
|
||||
- Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml`
|
||||
- Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben.
|
||||
- Um die Rollen nur auf das neu aufzusetzende Gateway anzuwenden: `ansible-playbook playbooks/gateways.yml --limit=$FQDN`
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
|
||||
- hosts: ffmwu-build-servers
|
||||
remote_user: admin
|
||||
|
||||
roles:
|
||||
- ffmwu-build
|
||||
- prerequisites
|
||||
- ffmwu-build
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
|
||||
- hosts: ffmwu-gateways
|
||||
remote_user: admin
|
||||
|
||||
roles:
|
||||
- prerequisites
|
||||
- server-repos
|
||||
- server-basic
|
||||
- service-haveged
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
|
||||
- include: loctevm-provide.yml
|
||||
|
||||
- hosts: test-vms
|
||||
remote_user: admin
|
||||
strategy: linear
|
||||
|
||||
roles:
|
||||
- ffmwu-meshing
|
||||
- prerequisites
|
||||
- ffmwu-meshing
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
# localhost (aka 127.0.0.1) is the hypervisor (hard-coded)
|
||||
|
||||
- hosts: test-vms
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
|
||||
- hosts: test-vms
|
||||
remote_user: admin
|
||||
strategy: free
|
||||
|
||||
roles:
|
||||
- ffmwu-prereqs
|
|
@ -1,9 +1,7 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
|
||||
- hosts: meshing-srv
|
||||
remote_user: admin
|
||||
strategy: linear
|
||||
|
||||
roles:
|
||||
- ffmwu-meshing
|
||||
- prerequisites
|
||||
- ffmwu-meshing
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
|
||||
- hosts: ff-servers
|
||||
remote_user: admin
|
||||
strategy: linear
|
||||
|
||||
roles:
|
||||
- ffmwu-server
|
||||
- prerequisites
|
||||
- ffmwu-server
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
#!/usr/bin/ansible-playbook
|
||||
---
|
||||
|
||||
- hosts: ffmwu-servers
|
||||
remote_user: admin
|
||||
|
||||
roles:
|
||||
- test-prerequisites
|
14
roles/prerequisites/tasks/main.yml
Executable file
14
roles/prerequisites/tasks/main.yml
Executable file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
|
||||
- name: Check DNS entries and target distribution
|
||||
assert:
|
||||
that:
|
||||
- "dns_host_ipv4_address in ansible_all_ipv4_addresses"
|
||||
- "dns_host_ipv6_address in ansible_all_ipv6_addresses"
|
||||
- "ansible_distribution == 'Debian'"
|
||||
- "ansible_distribution_major_version == '9'"
|
||||
|
||||
- name: Test root access for admin account
|
||||
command: "true"
|
||||
changed_when: False
|
||||
become: True
|
4
roles/prerequisites/vars/main.yml
Normal file
4
roles/prerequisites/vars/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
dns_host_ipv4_address: "{{ lookup('dig', inventory_hostname, 'qtype=A') }}"
|
||||
dns_host_ipv6_address: "{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}"
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
- name: assert IPv4 DNS entry
|
||||
local_action: shell dig +short A {{ inventory_hostname }} | egrep '^{{ ansible_default_ipv4.address }}'
|
||||
changed_when: False
|
||||
|
||||
- name: assert IPv6 DNS entry
|
||||
local_action: shell dig +short AAAA {{ inventory_hostname }} | egrep '^{{ ansible_default_ipv6.address }}'
|
||||
changed_when: False
|
||||
|
||||
- name: Test access to admin account
|
||||
command: "true"
|
||||
changed_when: False
|
||||
|
||||
- name: Test root access for admin account
|
||||
command: "true"
|
||||
changed_when: False
|
||||
become: True
|
||||
|
||||
- name: Check for correct OS type and version
|
||||
fail: msg="unsupported OS type or version - {{ ansible_distribution }} {{ ansible_distribution_major_version }}"
|
||||
when:
|
||||
- ansible_distribution != "Debian"
|
||||
- ansible_distribution_major_version|int != "9"
|
Loading…
Reference in a new issue