make some stuff distro-agnostic
This commit is contained in:
parent
dc0781b13b
commit
46c14b88b7
13 changed files with 41 additions and 173 deletions
|
@ -1,3 +1,13 @@
|
||||||
---
|
---
|
||||||
create_username: "{{ lookup('env','USER') }}"
|
create_username: "{{ lookup('env','USER') }}"
|
||||||
create_pwgen: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigits,punctuation length=32') }}"
|
create_pwgen: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigits,punctuation length=32') }}"
|
||||||
|
sudo_group_by_fam:
|
||||||
|
Debian: sudo
|
||||||
|
RedHat: wheel
|
||||||
|
created_users_groups: # sorted by os_family
|
||||||
|
Debian:
|
||||||
|
- "{{ sudo_group_by_fam[ansible_os_family] }}"
|
||||||
|
RedHat:
|
||||||
|
- "{{ sudo_group_by_fam[ansible_os_family] }}"
|
||||||
|
- adm
|
||||||
|
- disk
|
||||||
|
|
3
roles/create-user/handlers/main.yml
Normal file
3
roles/create-user/handlers/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
- name: print generated password
|
||||||
|
debug:
|
||||||
|
var: create_pwgen
|
|
@ -1,23 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: creating user {{ create_username }} in sudo group (Debian/Ubuntu)
|
|
||||||
user:
|
|
||||||
name: "{{ create_username }}"
|
|
||||||
password: "{{ create_pwgen | password_hash('sha512') }}"
|
|
||||||
state: present
|
|
||||||
shell: /bin/bash
|
|
||||||
groups: sudo
|
|
||||||
append: yes
|
|
||||||
generate_ssh_key: yes
|
|
||||||
ssh_key_bits: 2048
|
|
||||||
ssh_key_file: .ssh/id_rsa
|
|
||||||
update_password: on_create
|
|
||||||
register: user_created
|
|
||||||
|
|
||||||
- name: enable nopasswd sudo (Debian/Ubuntu)
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/sudoers
|
|
||||||
regexp: '^%sudo'
|
|
||||||
line: "%sudo ALL=(ALL:ALL) NOPASSWD:ALL"
|
|
||||||
state: present
|
|
||||||
validate: 'visudo -cf %s'
|
|
|
@ -1,23 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: creating user {{ create_username }} in wheel group (RHEL/CentOS/Fedora)
|
|
||||||
user:
|
|
||||||
name: "{{ create_username }}"
|
|
||||||
password: "{{ create_pwgen | password_hash('sha512') }}"
|
|
||||||
state: present
|
|
||||||
shell: /bin/bash
|
|
||||||
groups: wheel
|
|
||||||
append: yes
|
|
||||||
generate_ssh_key: yes
|
|
||||||
ssh_key_bits: 2048
|
|
||||||
ssh_key_file: .ssh/id_rsa
|
|
||||||
update_password: on_create
|
|
||||||
register: user_created
|
|
||||||
|
|
||||||
- name: enable nopasswd sudo (RHEL/CentOS/Fedora)
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/sudoers
|
|
||||||
regexp: '^%wheel'
|
|
||||||
line: "%wheel ALL=(ALL) NOPASSWD: ALL"
|
|
||||||
state: present
|
|
||||||
validate: 'visudo -cf %s'
|
|
|
@ -1,21 +1,39 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- include_tasks: deb.yml
|
- name: Create user {{ create_username }}
|
||||||
when: ansible_distribution in ["Debian", "Ubuntu"]
|
become: true
|
||||||
|
user:
|
||||||
|
name: "{{ create_username }}"
|
||||||
|
password: "{{ create_pwgen | password_hash('sha512') }}"
|
||||||
|
state: present
|
||||||
|
shell: /bin/bash
|
||||||
|
groups: "{{ created_users_groups[ansible_os_family] }}"
|
||||||
|
append: true
|
||||||
|
generate_ssh_key: false
|
||||||
|
ssh_key_bits: 2048
|
||||||
|
ssh_key_file: .ssh/id_rsa
|
||||||
|
update_password: on_create
|
||||||
|
register: user_created
|
||||||
|
notify: print generated password
|
||||||
|
|
||||||
- include_tasks: el.yml
|
- name: enable nopasswd sudo
|
||||||
when: ansible_distribution in ["CentOS", "Red Hat Enterprise Linux", "RedHat", "Fedora"]
|
become: true
|
||||||
|
lineinfile:
|
||||||
- name: print generated password for {{ create_username }} on each host
|
dest: /etc/sudoers
|
||||||
debug: var=create_pwgen
|
regexp: '^{{ create_username }}'
|
||||||
when: user_created is changed
|
line: "{{ create_username }} ALL=(ALL:ALL) NOPASSWD:ALL"
|
||||||
|
insertafter: '^%{{ sudo_group_by_fam[ansible_os_family] }}.*$'
|
||||||
|
state: present
|
||||||
|
validate: 'visudo -cf %s'
|
||||||
|
|
||||||
- name: copy current pubkeys to ~{{ create_username }}/.ssh/authorized_keys
|
- name: copy current pubkeys to ~{{ create_username }}/.ssh/authorized_keys
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ create_username }}"
|
user: "{{ create_username }}"
|
||||||
state: present
|
state: present
|
||||||
key: "{{ item }}"
|
key: "{{ item }}"
|
||||||
|
# key: "{{ URL_PUBKEYS }}"
|
||||||
|
ignore_errors: true # doesn't support sk-ecdsa-sha2-nistp256 keys
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"
|
|
||||||
- "{{ lookup('file','~/.ssh/id_rsa.pub') }}"
|
|
||||||
- "{{ lookup('file','~/.ssh/id_ecdsa.pub') }}"
|
- "{{ lookup('file','~/.ssh/id_ecdsa.pub') }}"
|
||||||
|
# - "{{ lookup('file','~/.ssh/id_ecdsa_sk.pub') }}"
|
||||||
|
# - "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- name: raise somaxconn
|
|
||||||
sysctl:
|
|
||||||
name: net.core.somaxconn
|
|
||||||
value: "1024"
|
|
|
@ -1,3 +0,0 @@
|
||||||
# Make 'systemctl enable tmp.mount' work:
|
|
||||||
[Install]
|
|
||||||
WantedBy=local-fs.target
|
|
|
@ -1,20 +0,0 @@
|
||||||
---
|
|
||||||
- block:
|
|
||||||
- name: create tmp.mount.d dir
|
|
||||||
file:
|
|
||||||
path: /etc/systemd/system/tmp.mount.d/
|
|
||||||
state: directory
|
|
||||||
mode: '0755'
|
|
||||||
register: tmpmnt_directory_state
|
|
||||||
- name: add drop-in fix
|
|
||||||
copy:
|
|
||||||
dest: "/etc/systemd/system/tmp.mount.d/fix-enable.conf"
|
|
||||||
src: "fix-enable.conf"
|
|
||||||
register: fix_enable_conf
|
|
||||||
- name: enable tmp.mount
|
|
||||||
systemd:
|
|
||||||
daemon_reload: yes
|
|
||||||
masked: no
|
|
||||||
name: tmp.mount
|
|
||||||
enabled: yes
|
|
||||||
when: (ansible_distribution in ["CentOS"] and ansible_distribution_major_version in ["8"]) or (ansible_distribution in ["Fedora"] and ansible_distribution_major_version in ["31", "32"])
|
|
|
@ -1,16 +0,0 @@
|
||||||
---
|
|
||||||
zfs_disk: /dev/vdb
|
|
||||||
zfs_arc_size_mb: "{{ (ansible_memtotal_mb * 0.20)|int|abs }}"
|
|
||||||
zfs_arc_size_bytes: "{{ zfs_arc_size_mb }}000000"
|
|
||||||
EL_ZFS_PKGS:
|
|
||||||
- kernel-devel
|
|
||||||
- "@Development tools"
|
|
||||||
- dkms
|
|
||||||
- libuuid-devel
|
|
||||||
- libblkid-devel
|
|
||||||
- libtirpc-devel
|
|
||||||
- openssl-devel
|
|
||||||
- zfs
|
|
||||||
UBUNTU_ZFS_PKGS:
|
|
||||||
- zfsutils-linux
|
|
||||||
- zfs-initramfs
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: install zfs packages
|
|
||||||
package:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
with_items: "{{ EL_ZFS_PKGS | difference(ansible_facts.packages) }}"
|
|
||||||
register: zfs_installed
|
|
|
@ -1,39 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: include zfs-release tasks (CentOS/RHEL/Fedora)
|
|
||||||
include_tasks: zfs-release.yml
|
|
||||||
when: ('zfs-release' not in ansible_facts.packages) and (ansible_distribution in ["CentOS" , "Red Hat Enterprise Linux", "RedHat", "Fedora" ])
|
|
||||||
|
|
||||||
- name: include zfs installation tasks (Ubuntu)
|
|
||||||
include_tasks: ubuntu.yml
|
|
||||||
when: ansible_distribution in ["Ubuntu"]
|
|
||||||
|
|
||||||
- name: include zfs installation tasks (CentOS/RHEL/Fedora)
|
|
||||||
include_tasks: el.yml
|
|
||||||
when: (ansible_distribution in ["CentOS" , "Red Hat Enterprise Linux", "RedHat", "Fedora" ] and not is_atomic)
|
|
||||||
|
|
||||||
- name: load zfs module
|
|
||||||
modprobe:
|
|
||||||
name: zfs
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: add zfs to modules-load.d
|
|
||||||
copy:
|
|
||||||
dest: "/etc/modules-load.d/zfs.conf"
|
|
||||||
content: |
|
|
||||||
zfs
|
|
||||||
register: zfsload
|
|
||||||
|
|
||||||
# does not adjust to 20% of each host, depends on consistency between hosts - inconsistency leads to disproportionate allocations
|
|
||||||
- name: set zfs_arc_max to 20% of system memory
|
|
||||||
lineinfile:
|
|
||||||
path: "/etc/modprobe.d/zfs.conf"
|
|
||||||
regexp: '^options zfs zfs_arc_max='
|
|
||||||
line: 'options zfs zfs_arc_max="{{ zfs_arc_size_bytes }}"'
|
|
||||||
create: yes
|
|
||||||
|
|
||||||
# really bad idempotence in here...
|
|
||||||
#- name: create zpool
|
|
||||||
# command: "zpool create -f -O compression=lz4 data {{ zfs_disk }} -o ashift=13 -O secondarycache=all"
|
|
||||||
# args:
|
|
||||||
# creates: /etc/zvol/data/*
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: install ZFS packages
|
|
||||||
package:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
with_items: "{{ UBUNTU_ZFS_PKGS | difference(ansible_facts.packages) }}"
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: install zfs-release package (EPEL 7)
|
|
||||||
yum:
|
|
||||||
name: "http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm"
|
|
||||||
state: present
|
|
||||||
when: (ansible_distribution_major_version == "7")
|
|
||||||
|
|
||||||
- name: install zfs-release package (EPEL 8)
|
|
||||||
yum:
|
|
||||||
name: "http://download.zfsonlinux.org/epel/zfs-release.el8_1.noarch.rpm"
|
|
||||||
state: present
|
|
||||||
when: (ansible_distribution_major_version == "8")
|
|
||||||
|
|
||||||
- name: install/upgrade zfs-release package (Fedora)
|
|
||||||
dnf:
|
|
||||||
name: "http://download.zfsonlinux.org/fedora/zfs-release.fc{{ansible_distribution_major_version}}.noarch.rpm"
|
|
||||||
state: present
|
|
||||||
when: (ansible_distribution in ["Fedora"] and not is_atomic)
|
|
Loading…
Reference in a new issue