safeguard not to disrupt manually managed systems

inventory/host_vars/aubergine.freifunk-mwu.de

@@ -0,0 +1,4 @@
+---
+
+ansible_managed_server: True
+# not yet: ansible_managed_meshing

inventory/host_vars/churro.freifunk-mwu.de

@@ -0,0 +1,4 @@
+---
+
+ansible_managed_server: True
+# not yet: ansible_managed_meshing

inventory/host_vars/glueckskeks.freifunk-mwu.de

@@ -0,0 +1,4 @@
+---
+
+ansible_managed_server: True
+# not yet: ansible_managed_meshing

inventory/host_vars/ingwer.freifunk-mwu.de

@@ -0,0 +1,4 @@
+---
+
+ansible_managed_server: True
+# not yet: ansible_managed_meshing

inventory/host_vars/linse.freifunk-mwu.de

@@ -0,0 +1,3 @@
+---
+
+ansible_managed_server: True

inventory/host_vars/local-test-vm.ffmwu.local

@@ -1,5 +1,8 @@
 ---
 
+ansible_managed_server: True
+ansible_managed_meshing: True
+
 # communities inherited as mz, wi
 
 fastd_config: 'meshing-only'

inventory/host_vars/lotuswurzel.freifunk-mwu.de

@@ -0,0 +1,4 @@
+---
+
+ansible_managed_server: True
+# not yet: ansible_managed_meshing

inventory/host_vars/milchreis.freifunk-mwu.de

@@ -1,4 +1,7 @@
 ---
 
+ansible_managed_server: True
+ansible_managed_build: True
+
 h_v_add_auth_keys: |
     ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJhcbPmN6qjd+KI5t8tOVJYqS/8Jef2bAUZFlLYU6kBxZDa0Qu7Hg30z50hFcavoM6Dnh24kiZHsvCdKZ3u8mr6WhaJzDPxDm8YKk2U5WOKrQ48eq4LKU3dIOiO/5M0u90P51hF90J8/bgmp9HpNL31/8g6RT2kjBkwk62ATXF4eb0kyENHPdDn2axInKQ3z8sxhpCWhWE6J/LKIPI5J66E7F+CR7rhvk2h0ikGyBy8xZhJWY/U/IDyDV0JmvW6TNmXi4bUvUhm2lY7PRen6Xvq5UAEjC3K4YtcBCLrNtfyIR7N7vHTuuaDUjdOGCF88KdzxZ5AxIPmhN9WVj+HydCJjB1TiAzINg2egZ3Ot4juXVAi5QbU5Addw0yJdoTwGHe0mrjQ1e+VsMziDR2wZvpsU+x+D8xWmsBAh+V4vDm9gowVo5vPfFMRxAlPktNtrERSNB84OwCLtrhDc+a6BGxVuR1EHbt9H2hAUfsxRVSmwGGm5bG4QOI/DbUsARhthiYQ2Q7cNXGl0UrMkxfFpO86fiH35j3F8Cqr9oQTJOnaK64e8+zwbw+L0XxVPtAPgIGsNeNbam+ALIlbj9RQP1Cin0dlq3QCdEZ1UWdcN38RL+z27LzMgubFnapnWnlmnjqtfKAXldwwQxe1qsdWvzMA4PE/AEUF+NL5w89TYUWdw== maesto@GLaDOS

inventory/host_vars/suesskartoffel.freifunk-mwu.de

@@ -1,4 +1,7 @@
 ---
 
+ansible_managed_server: True
+# not yet: ansible_managed_meshing
+
 h_v_add_auth_keys: |
     ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt00Ozv50kIis7YKBaey5alVps98ZzW4CVO9tA8AHvsGXn8cleROjcGdbz/YwPm2RH+A+GQrRqCuEf3SPVxvthlVUuHQPKzDdX3PpcakN05CoEwR3zVwjwdzXaO3fKbN5ZCEUKTpaJU6Lngi6vO6HLzsuYloSJs3t7PGpV1xp3YESyXX7D78w9YRJSe2n3WMrA40lQ91u79V0efoX1mKQYzPH86uwhWsOqi08DvE6gxsqKMY6P06nljmsQOFsdX8S/HVrWtIcnne50b63vPMMLRkOLa5FP6qMIjU3LiirrpL80r1gmVZGVRHO6uJr+mrOb6A76cZ7LT8jaKFgnVhOyw== msslovi0@wyoming.local

inventory/host_vars/wasserfloh.freifunk-mwu.de

@@ -0,0 +1,4 @@
+---
+
+ansible_managed_server: True
+# not yet: ansible_managed_meshing

inventory/host_vars/zuckerwatte.freifunk-mwu.de

@@ -1,5 +1,8 @@
 ---
 
+ansible_managed_server: True
+# not yet: ansible_managed_meshing
+
 h_v_add_auth_keys: |
     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHs63QNerevCI6wt2Gpq/IpHTPVeHIP8aKIOrRCUlKWR ccgx@small-x
     ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAwbfFERETgOAF7iOJFTfJAXQwOWykceRXa151PWG+hiln8X2729tdFyEhztL0tJ0ln+VCj29KLc4mG23qCBW48d35btZTkdVUhFSY/PY/bMQEBiWG2MCAWxJ329i/Blw92xvlFARJNhyPzKSxgYYGRhkncbcKXoX9QWhCBY8KfH+08X9tFOxj4osYn/+dXm7Sg5mqJG4ETmdAAy5afNGE+K+NyBafcg35Y+gBfxNzilGc2/2I0lSsiEcUr+StNxhMMZ/NtQ1N2G9iPziqpu/LYlPl/2mtya+6MPtfSfoYpggIyMqcT+KSPsmxyJod0SrI1vgrX7qa0aJV08dN+gThDb8pOBEb6NG2iQEIbmTKy7XoSpF13lnAVDtPv20PjLpUR6IKZtWNnlN2hVtZLhgyeEIDMnVjmNwloItkqsKP1H96eLSoj1g9B9IOYPPxq5pf6VJKizFAI0jsxGZk0gX/QX4DoVxrD57KXrHKEuFAM4eIjHKMXeRq3Ewbn3bHT1QXevjwBtoW2hxY8Pligc0W0sHt2jW0MxaSiE0LM+hGk0Jy9rquC3+gGU7fD2kLM6nff3wzQJXCORkfdyqvMFUqwpkZmjL4qCypt04peTwkWzs/W4LlHWyc4CJGp0jKIAOA8JRxs/FJf9CyN8N+0AY6xXAZ1UPqs+wPkZ9j5hYcaHs= magic

inventory/host_vars/zwiebel.freifunk-mwu.de

@@ -0,0 +1,4 @@
+---
+
+ansible_managed_server: True
+# not yet: ansible_managed_meshing

roles/ffmwu-build/tasks/main.yml

@@ -1,5 +1,17 @@
 ---
-- include: packages.yml
-- include: git-repos.yml
-- include: rsyncd.yml
-- include: web.yml
+
+# we don't want to disrupt servers where this role is manually maintained!
+# thus: warning and block statement
+
+- name: full-stop if build role is manually maintained on this server
+  debug: msg="build role skipped to not disrupt manual maintenance - set ansible_managed_build to True to enable ansible control"
+  when: (not ansible_managed_build is defined) or (not ansible_managed_build)
+
+- block:
+  - include: packages.yml
+  - include: git-repos.yml
+  - include: rsyncd.yml
+  - include: web.yml
+
+  when: (ansible_managed_build is defined) and (ansible_managed_build)
+# end block

roles/ffmwu-meshing/tasks/main.yml

@@ -1,10 +1,21 @@
 ---
 
-  # arp and python packages
-- include: mwu-m-pkgs.yml
+# we don't want to disrupt servers where this role is manually maintained!
+# thus: warning and block statement
 
-  # backend scripts
-- include: mwu-m-bes.yml
+- name: full-stop if meshing role is manually maintained on this server
+  debug: msg="meshing role skipped to not disrupt manual maintenance - set ansible_managed_meshing to True to enable ansible control"
+  when: (not ansible_managed_meshing is defined) or (not ansible_managed_meshing)
 
-  # fastd
-- include: mwu-m-fastd.yml
+- block:
+    # arp and python packages
+  - include: mwu-m-pkgs.yml
+
+    # backend scripts
+  - include: mwu-m-bes.yml
+
+    # fastd
+  - include: mwu-m-fastd.yml
+
+  when: (ansible_managed_meshing is defined) and (ansible_managed_meshing)
+# end block

roles/ffmwu-server/tasks/main.yml

@@ -1,41 +1,49 @@
 ---
 
-#- name: test key concatenation
-#  debug: msg=" would/will set keys; {{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}"
+# we don't want to disrupt servers where this role is manually maintained!
+# thus: warning and block statement
 
-- name: ensure needed system users are present
-  user: name=admin comment="Freifunk MWU Admin" shell=/bin/bash state=present
-  become: True
+- name: full-stop if server role is manually maintained on this server
+  debug: msg="server role skipped to not disrupt manual maintenance - set ansible_managed_server to True to enable ansible control"
+  when: (not ansible_managed_server is defined) or (not ansible_managed_server)
 
-- name: ensure all wanted ssh keys exclusively
-  authorized_key: exclusive=True state=present user=admin
-              key={{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}
+- block:
+  - name: ensure needed system users are present
+    user: name=admin comment="Freifunk MWU Admin" shell=/bin/bash state=present
+    become: True
 
-- name: ensure some basic packages
-  apt:
-    state: present
-    name: "{{mwu_s_item}}"
-    update_cache: yes
-    cache_valid_time: 21600
-  with_items:
-    - software-properties-common
-    - apt-transport-https
-    - man-db
-    - mosh
-    - ntp
-    - sudo
-    - sysfsutils
-    - vim
-    - vnstat
-    - vnstati
-  loop_control:
-    loop_var: mwu_s_item
-  become: True
+  - name: ensure all wanted ssh keys exclusively
+    authorized_key: exclusive=True state=present user=admin
+                key={{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}
 
-- name: ensure vim is default editor
-  alternatives: name=editor path=/usr/bin/vim.basic
-  become: True
+  - name: ensure some basic packages
+    apt:
+      state: present
+      name: "{{mwu_s_item}}"
+      update_cache: yes
+      cache_valid_time: 21600
+    with_items:
+      - software-properties-common
+      - apt-transport-https
+      - man-db
+      - mosh
+      - ntp
+      - sudo
+      - sysfsutils
+      - vim
+      - vnstat
+      - vnstati
+    loop_control:
+      loop_var: mwu_s_item
+    become: True
 
-- name: set timezone to Europe/Berlin
-  timezone: name=Europe/Berlin
-  become: True
+  - name: ensure vim is default editor
+    alternatives: name=editor path=/usr/bin/vim.basic
+    become: True
+
+  - name: set timezone to Europe/Berlin
+    timezone: name=Europe/Berlin
+    become: True
+
+  when: (ansible_managed_server is defined) and (ansible_managed_server)
+# end block