freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

safeguard not to disrupt manually managed systems

Browse source
This commit is contained in:
kaba 2016-11-28 17:00:44 +01:00
parent 1ec708a20b
commit 7ea7290b4f
15 changed files with 118 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
inventory/host_vars/aubergine.freifunk-mwu.de Normal file
View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

4
inventory/host_vars/churro.freifunk-mwu.de Normal file
View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

4
inventory/host_vars/glueckskeks.freifunk-mwu.de Normal file
View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

4
inventory/host_vars/ingwer.freifunk-mwu.de Normal file
View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

3
inventory/host_vars/linse.freifunk-mwu.de Normal file
View file

@ -0,0 +1,3 @@
---
ansible_managed_server: True

3
inventory/host_vars/local-test-vm.ffmwu.local
View file

@ -1,5 +1,8 @@
---
ansible_managed_server: True
ansible_managed_meshing: True
# communities inherited as mz, wi
fastd_config: 'meshing-only'

4
inventory/host_vars/lotuswurzel.freifunk-mwu.de Normal file
View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

3
inventory/host_vars/milchreis.freifunk-mwu.de
View file

@ -1,4 +1,7 @@
---
ansible_managed_server: True
ansible_managed_build: True
h_v_add_auth_keys: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJhcbPmN6qjd+KI5t8tOVJYqS/8Jef2bAUZFlLYU6kBxZDa0Qu7Hg30z50hFcavoM6Dnh24kiZHsvCdKZ3u8mr6WhaJzDPxDm8YKk2U5WOKrQ48eq4LKU3dIOiO/5M0u90P51hF90J8/bgmp9HpNL31/8g6RT2kjBkwk62ATXF4eb0kyENHPdDn2axInKQ3z8sxhpCWhWE6J/LKIPI5J66E7F+CR7rhvk2h0ikGyBy8xZhJWY/U/IDyDV0JmvW6TNmXi4bUvUhm2lY7PRen6Xvq5UAEjC3K4YtcBCLrNtfyIR7N7vHTuuaDUjdOGCF88KdzxZ5AxIPmhN9WVj+HydCJjB1TiAzINg2egZ3Ot4juXVAi5QbU5Addw0yJdoTwGHe0mrjQ1e+VsMziDR2wZvpsU+x+D8xWmsBAh+V4vDm9gowVo5vPfFMRxAlPktNtrERSNB84OwCLtrhDc+a6BGxVuR1EHbt9H2hAUfsxRVSmwGGm5bG4QOI/DbUsARhthiYQ2Q7cNXGl0UrMkxfFpO86fiH35j3F8Cqr9oQTJOnaK64e8+zwbw+L0XxVPtAPgIGsNeNbam+ALIlbj9RQP1Cin0dlq3QCdEZ1UWdcN38RL+z27LzMgubFnapnWnlmnjqtfKAXldwwQxe1qsdWvzMA4PE/AEUF+NL5w89TYUWdw== maesto@GLaDOS

3
inventory/host_vars/suesskartoffel.freifunk-mwu.de
View file

@ -1,4 +1,7 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing
h_v_add_auth_keys: |
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt00Ozv50kIis7YKBaey5alVps98ZzW4CVO9tA8AHvsGXn8cleROjcGdbz/YwPm2RH+A+GQrRqCuEf3SPVxvthlVUuHQPKzDdX3PpcakN05CoEwR3zVwjwdzXaO3fKbN5ZCEUKTpaJU6Lngi6vO6HLzsuYloSJs3t7PGpV1xp3YESyXX7D78w9YRJSe2n3WMrA40lQ91u79V0efoX1mKQYzPH86uwhWsOqi08DvE6gxsqKMY6P06nljmsQOFsdX8S/HVrWtIcnne50b63vPMMLRkOLa5FP6qMIjU3LiirrpL80r1gmVZGVRHO6uJr+mrOb6A76cZ7LT8jaKFgnVhOyw== msslovi0@wyoming.local

4
inventory/host_vars/wasserfloh.freifunk-mwu.de Normal file
View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

3
inventory/host_vars/zuckerwatte.freifunk-mwu.de
View file

@ -1,5 +1,8 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing
h_v_add_auth_keys: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHs63QNerevCI6wt2Gpq/IpHTPVeHIP8aKIOrRCUlKWR ccgx@small-x
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAwbfFERETgOAF7iOJFTfJAXQwOWykceRXa151PWG+hiln8X2729tdFyEhztL0tJ0ln+VCj29KLc4mG23qCBW48d35btZTkdVUhFSY/PY/bMQEBiWG2MCAWxJ329i/Blw92xvlFARJNhyPzKSxgYYGRhkncbcKXoX9QWhCBY8KfH+08X9tFOxj4osYn/+dXm7Sg5mqJG4ETmdAAy5afNGE+K+NyBafcg35Y+gBfxNzilGc2/2I0lSsiEcUr+StNxhMMZ/NtQ1N2G9iPziqpu/LYlPl/2mtya+6MPtfSfoYpggIyMqcT+KSPsmxyJod0SrI1vgrX7qa0aJV08dN+gThDb8pOBEb6NG2iQEIbmTKy7XoSpF13lnAVDtPv20PjLpUR6IKZtWNnlN2hVtZLhgyeEIDMnVjmNwloItkqsKP1H96eLSoj1g9B9IOYPPxq5pf6VJKizFAI0jsxGZk0gX/QX4DoVxrD57KXrHKEuFAM4eIjHKMXeRq3Ewbn3bHT1QXevjwBtoW2hxY8Pligc0W0sHt2jW0MxaSiE0LM+hGk0Jy9rquC3+gGU7fD2kLM6nff3wzQJXCORkfdyqvMFUqwpkZmjL4qCypt04peTwkWzs/W4LlHWyc4CJGp0jKIAOA8JRxs/FJf9CyN8N+0AY6xXAZ1UPqs+wPkZ9j5hYcaHs= magic

4
inventory/host_vars/zwiebel.freifunk-mwu.de Normal file
View file

@ -0,0 +1,4 @@
---
ansible_managed_server: True
# not yet: ansible_managed_meshing

20
roles/ffmwu-build/tasks/main.yml
View file

@ -1,5 +1,17 @@
---
- include: packages.yml
- include: git-repos.yml
- include: rsyncd.yml
- include: web.yml
# we don't want to disrupt servers where this role is manually maintained!
# thus: warning and block statement
- name: full-stop if build role is manually maintained on this server
debug: msg="build role skipped to not disrupt manual maintenance - set ansible_managed_build to True to enable ansible control"
when: (not ansible_managed_build is defined) or (not ansible_managed_build)
- block:
- include: packages.yml
- include: git-repos.yml
- include: rsyncd.yml
- include: web.yml
when: (ansible_managed_build is defined) and (ansible_managed_build)
# end block

17
roles/ffmwu-meshing/tasks/main.yml
View file

@ -1,10 +1,21 @@
---
# we don't want to disrupt servers where this role is manually maintained!
# thus: warning and block statement
- name: full-stop if meshing role is manually maintained on this server
debug: msg="meshing role skipped to not disrupt manual maintenance - set ansible_managed_meshing to True to enable ansible control"
when: (not ansible_managed_meshing is defined) or (not ansible_managed_meshing)
- block:
# arp and python packages
- include: mwu-m-pkgs.yml
- include: mwu-m-pkgs.yml
# backend scripts
- include: mwu-m-bes.yml
- include: mwu-m-bes.yml
# fastd
- include: mwu-m-fastd.yml
- include: mwu-m-fastd.yml
when: (ansible_managed_meshing is defined) and (ansible_managed_meshing)
# end block

22
roles/ffmwu-server/tasks/main.yml
View file

@ -1,17 +1,22 @@
---
#- name: test key concatenation
# debug: msg=" would/will set keys; {{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}"
# we don't want to disrupt servers where this role is manually maintained!
# thus: warning and block statement
- name: ensure needed system users are present
- name: full-stop if server role is manually maintained on this server
debug: msg="server role skipped to not disrupt manual maintenance - set ansible_managed_server to True to enable ansible control"
when: (not ansible_managed_server is defined) or (not ansible_managed_server)
- block:
- name: ensure needed system users are present
user: name=admin comment="Freifunk MWU Admin" shell=/bin/bash state=present
become: True
- name: ensure all wanted ssh keys exclusively
- name: ensure all wanted ssh keys exclusively
authorized_key: exclusive=True state=present user=admin
key={{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}
- name: ensure some basic packages
- name: ensure some basic packages
apt:
state: present
name: "{{mwu_s_item}}"
@ -32,10 +37,13 @@
loop_var: mwu_s_item
become: True
- name: ensure vim is default editor
- name: ensure vim is default editor
alternatives: name=editor path=/usr/bin/vim.basic
become: True
- name: set timezone to Europe/Berlin
- name: set timezone to Europe/Berlin
timezone: name=Europe/Berlin
become: True
when: (ansible_managed_server is defined) and (ansible_managed_server)
# end block