safeguard not to disrupt manually managed systems

This commit is contained in:
kaba 2016-11-28 17:00:44 +01:00
parent 1ec708a20b
commit 7ea7290b4f
15 changed files with 118 additions and 44 deletions

View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

View file

@ -0,0 +1,3 @@
---
ansible_managed_server: True

View file

@ -1,5 +1,8 @@
---
ansible_managed_server: True
ansible_managed_meshing: True
# communities inherited as mz, wi
fastd_config: 'meshing-only'

View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

View file

@ -1,4 +1,7 @@
---
ansible_managed_server: True
ansible_managed_build: True
h_v_add_auth_keys: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJhcbPmN6qjd+KI5t8tOVJYqS/8Jef2bAUZFlLYU6kBxZDa0Qu7Hg30z50hFcavoM6Dnh24kiZHsvCdKZ3u8mr6WhaJzDPxDm8YKk2U5WOKrQ48eq4LKU3dIOiO/5M0u90P51hF90J8/bgmp9HpNL31/8g6RT2kjBkwk62ATXF4eb0kyENHPdDn2axInKQ3z8sxhpCWhWE6J/LKIPI5J66E7F+CR7rhvk2h0ikGyBy8xZhJWY/U/IDyDV0JmvW6TNmXi4bUvUhm2lY7PRen6Xvq5UAEjC3K4YtcBCLrNtfyIR7N7vHTuuaDUjdOGCF88KdzxZ5AxIPmhN9WVj+HydCJjB1TiAzINg2egZ3Ot4juXVAi5QbU5Addw0yJdoTwGHe0mrjQ1e+VsMziDR2wZvpsU+x+D8xWmsBAh+V4vDm9gowVo5vPfFMRxAlPktNtrERSNB84OwCLtrhDc+a6BGxVuR1EHbt9H2hAUfsxRVSmwGGm5bG4QOI/DbUsARhthiYQ2Q7cNXGl0UrMkxfFpO86fiH35j3F8Cqr9oQTJOnaK64e8+zwbw+L0XxVPtAPgIGsNeNbam+ALIlbj9RQP1Cin0dlq3QCdEZ1UWdcN38RL+z27LzMgubFnapnWnlmnjqtfKAXldwwQxe1qsdWvzMA4PE/AEUF+NL5w89TYUWdw== maesto@GLaDOS

View file

@ -1,4 +1,7 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing
h_v_add_auth_keys: |
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt00Ozv50kIis7YKBaey5alVps98ZzW4CVO9tA8AHvsGXn8cleROjcGdbz/YwPm2RH+A+GQrRqCuEf3SPVxvthlVUuHQPKzDdX3PpcakN05CoEwR3zVwjwdzXaO3fKbN5ZCEUKTpaJU6Lngi6vO6HLzsuYloSJs3t7PGpV1xp3YESyXX7D78w9YRJSe2n3WMrA40lQ91u79V0efoX1mKQYzPH86uwhWsOqi08DvE6gxsqKMY6P06nljmsQOFsdX8S/HVrWtIcnne50b63vPMMLRkOLa5FP6qMIjU3LiirrpL80r1gmVZGVRHO6uJr+mrOb6A76cZ7LT8jaKFgnVhOyw== msslovi0@wyoming.local

View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

View file

@ -1,5 +1,8 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing
h_v_add_auth_keys: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHs63QNerevCI6wt2Gpq/IpHTPVeHIP8aKIOrRCUlKWR ccgx@small-x
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAwbfFERETgOAF7iOJFTfJAXQwOWykceRXa151PWG+hiln8X2729tdFyEhztL0tJ0ln+VCj29KLc4mG23qCBW48d35btZTkdVUhFSY/PY/bMQEBiWG2MCAWxJ329i/Blw92xvlFARJNhyPzKSxgYYGRhkncbcKXoX9QWhCBY8KfH+08X9tFOxj4osYn/+dXm7Sg5mqJG4ETmdAAy5afNGE+K+NyBafcg35Y+gBfxNzilGc2/2I0lSsiEcUr+StNxhMMZ/NtQ1N2G9iPziqpu/LYlPl/2mtya+6MPtfSfoYpggIyMqcT+KSPsmxyJod0SrI1vgrX7qa0aJV08dN+gThDb8pOBEb6NG2iQEIbmTKy7XoSpF13lnAVDtPv20PjLpUR6IKZtWNnlN2hVtZLhgyeEIDMnVjmNwloItkqsKP1H96eLSoj1g9B9IOYPPxq5pf6VJKizFAI0jsxGZk0gX/QX4DoVxrD57KXrHKEuFAM4eIjHKMXeRq3Ewbn3bHT1QXevjwBtoW2hxY8Pligc0W0sHt2jW0MxaSiE0LM+hGk0Jy9rquC3+gGU7fD2kLM6nff3wzQJXCORkfdyqvMFUqwpkZmjL4qCypt04peTwkWzs/W4LlHWyc4CJGp0jKIAOA8JRxs/FJf9CyN8N+0AY6xXAZ1UPqs+wPkZ9j5hYcaHs= magic

View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

View file

@ -1,5 +1,17 @@
---
- include: packages.yml
- include: git-repos.yml
- include: rsyncd.yml
- include: web.yml
# we don't want to disrupt servers where this role is manually maintained!
# thus: warning and block statement
- name: full-stop if build role is manually maintained on this server
debug: msg="build role skipped to not disrupt manual maintenance - set ansible_managed_build to True to enable ansible control"
when: (not ansible_managed_build is defined) or (not ansible_managed_build)
- block:
- include: packages.yml
- include: git-repos.yml
- include: rsyncd.yml
- include: web.yml
when: (ansible_managed_build is defined) and (ansible_managed_build)
# end block

View file

@ -1,10 +1,21 @@
---
# arp and python packages
- include: mwu-m-pkgs.yml
# we don't want to disrupt servers where this role is manually maintained!
# thus: warning and block statement
# backend scripts
- include: mwu-m-bes.yml
- name: full-stop if meshing role is manually maintained on this server
debug: msg="meshing role skipped to not disrupt manual maintenance - set ansible_managed_meshing to True to enable ansible control"
when: (not ansible_managed_meshing is defined) or (not ansible_managed_meshing)
# fastd
- include: mwu-m-fastd.yml
- block:
# arp and python packages
- include: mwu-m-pkgs.yml
# backend scripts
- include: mwu-m-bes.yml
# fastd
- include: mwu-m-fastd.yml
when: (ansible_managed_meshing is defined) and (ansible_managed_meshing)
# end block

View file

@ -1,41 +1,49 @@
---
#- name: test key concatenation
# debug: msg=" would/will set keys; {{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}"
# we don't want to disrupt servers where this role is manually maintained!
# thus: warning and block statement
- name: ensure needed system users are present
user: name=admin comment="Freifunk MWU Admin" shell=/bin/bash state=present
become: True
- name: full-stop if server role is manually maintained on this server
debug: msg="server role skipped to not disrupt manual maintenance - set ansible_managed_server to True to enable ansible control"
when: (not ansible_managed_server is defined) or (not ansible_managed_server)
- name: ensure all wanted ssh keys exclusively
authorized_key: exclusive=True state=present user=admin
key={{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}
- block:
- name: ensure needed system users are present
user: name=admin comment="Freifunk MWU Admin" shell=/bin/bash state=present
become: True
- name: ensure some basic packages
apt:
state: present
name: "{{mwu_s_item}}"
update_cache: yes
cache_valid_time: 21600
with_items:
- software-properties-common
- apt-transport-https
- man-db
- mosh
- ntp
- sudo
- sysfsutils
- vim
- vnstat
- vnstati
loop_control:
loop_var: mwu_s_item
become: True
- name: ensure all wanted ssh keys exclusively
authorized_key: exclusive=True state=present user=admin
key={{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}
- name: ensure vim is default editor
alternatives: name=editor path=/usr/bin/vim.basic
become: True
- name: ensure some basic packages
apt:
state: present
name: "{{mwu_s_item}}"
update_cache: yes
cache_valid_time: 21600
with_items:
- software-properties-common
- apt-transport-https
- man-db
- mosh
- ntp
- sudo
- sysfsutils
- vim
- vnstat
- vnstati
loop_control:
loop_var: mwu_s_item
become: True
- name: set timezone to Europe/Berlin
timezone: name=Europe/Berlin
become: True
- name: ensure vim is default editor
alternatives: name=editor path=/usr/bin/vim.basic
become: True
- name: set timezone to Europe/Berlin
timezone: name=Europe/Berlin
become: True
when: (ansible_managed_server is defined) and (ansible_managed_server)
# end block