From 26f820738a260ec8717fee720a825ead1c9c9f54 Mon Sep 17 00:00:00 2001 From: Annika Merris Date: Sun, 1 Jun 2025 14:06:33 -0400 Subject: [PATCH] Did tweaks for a new host, added a publickey for my ipad added an update play, made a couple of scripts, because I am too forgetful to remember the full command. Other stuff too, but I kinda forget all of it. --- .../roles/common/files/users/annika/ipad.pub | 1 + .../minilab/roles/common/tasks/users.yaml | 3 - .../roles/postgresql/handlers/main.yaml | 5 ++ .../minilab/roles/postgresql/tasks/main.yaml | 76 +++++++++++++++++++ .../minilab/roles/postgresql/vars/main.yaml | 33 ++++++++ doit | 5 ++ inventory/host_vars/ida.yaml | 2 + inventory/hosts.yaml | 7 +- update | 5 ++ update.yaml | 72 ++++++++++++++++++ 10 files changed, 204 insertions(+), 5 deletions(-) create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/ipad.pub create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/postgresql/handlers/main.yaml create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/postgresql/tasks/main.yaml create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/postgresql/vars/main.yaml create mode 100755 doit create mode 100644 inventory/host_vars/ida.yaml create mode 100755 update create mode 100644 update.yaml diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/ipad.pub b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/ipad.pub new file mode 100644 index 0000000..a16c63f --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/ipad.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzoAgo72d79TekVgwi8ipSRQ+Ol1frmSC46cesmGiOT annika@ipad.local.cobb.lgbt diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml index 57d61c3..82b04b8 100644 --- a/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml +++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml @@ -8,9 +8,6 @@ name: "{{ user_name }}" check_mode: true register: user_exists -# - name: Debug user_exists -# ansible.builtin.debug: -# msg: "user_exists: {{ user_exists }}" - name: Ensure group exists tags: groups,users ansible.builtin.group: diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/handlers/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/handlers/main.yaml new file mode 100644 index 0000000..de0f315 --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/handlers/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Restart Postgres + ansible.builtin.service: + name: postgresql + state: restarted diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/tasks/main.yaml new file mode 100644 index 0000000..a36cbc1 --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/tasks/main.yaml @@ -0,0 +1,76 @@ +--- +- name: Load distro-specific variables + ansible.builtin.include_vars: '{{ item }}' + tags: always + with_first_found: + - files: + - "{{ ansible_distribution }}.yaml" + skip: true + +- name: Configure Postgress + block: + - name: Ensure dependencies are installed + tags: alpine,postgres,software + community.general.apk: + name: "{{ item }}" + state: present + loop: + - postgresql16 + - postgresql16-contrib + - postgresqu16-openrc + when: ansible_distribution == 'Alpine' + - name: Ensure Postgres is started and scheduled to autostart at boot + tags: alpine,postgres,software + ansible.builtin.service: + name: postgresql + state: started + enabled: true + when: ansible_distribution == 'Alpine' + - name: Ensure an administrative user is available + tags: postgres,software + community.general.postgresql_user: + name: "{{ postgresql_root_user }}" + password: "{{ postgresql_root_password }}" + - name: Ensure administrative user has proper permissions + community.general.postgresql_membership: + group: pg_read_all_data + target_role: {{ postgresql_root_user }} + state: present + - name: Allow hosts on internal network to access the database + community.general.postgresql_set: + name: listen_address + value: '10.69.0.0/16' + notify: Restart Postgres + - name: Allow hosts on internal network to access the database + community.general.postgresql_pg_hba: + dest: /etc/postgresql16/pg_hba.conf + contype: host + databases: all + users: all + source: 10.69.0.0/16 + method: md5 + comment: Allow local network devices to access the database + notify: Restart Postgres + - name: Ensure databases exist + community.general.postgresql_db: + name: "{{ item.dbname }}" + loop: "{{ postgresql_databases }}" + - name: Ensure users exist + community.general.postgresql_user: + name: "{{ item.owner }}" + password: "{{ item.pass }}" + state: present + loop: "{{ postgresql_databases }}" + - name: Ensure users have permissions on their databases + community.general.postgresql_privs: + login_db: "{{ item.dbname }}" + state: present + privs: ALL + type: database + obj: "{{ item.dbname }}" + role: "{{ item.owner }}" + + rescue: + - name: Set that this task failed + ansible.builtin.set_fact: + task_failed: true diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/vars/main.yaml new file mode 100644 index 0000000..4cd58ab --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/vars/main.yaml @@ -0,0 +1,33 @@ +--- +postgresql_root_user: root +postgresql_root_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 37336232396462636138336531396132623361353165646531316335626264353637346361326435 + 3961633935393537613562663831363062626633356238610a633034653361656135636261363834 + 39343939343464626230653637313863333630333934653032376638653732393366323361623538 + 6662313435393830380a663633666163363765376632383965313631313137313065376233636536 + 66363962623532383239613335373764666433313637633761356163636238626166383964336538 + 6233323062333134393930353264616537396430363262626462 +postgresql_databases: + - dbname: 'testDB' + owner: 'annika' + pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 37336232396462636138336531396132623361353165646531316335626264353637346361326435 + 3961633935393537613562663831363062626633356238610a633034653361656135636261363834 + 39343939343464626230653637313863333630333934653032376638653732393366323361623538 + 6662313435393830380a663633666163363765376632383965313631313137313065376233636536 + 66363962623532383239613335373764666433313637633761356163636238626166383964336538 + 6233323062333134393930353264616537396430363262626462 + - dbname: 'wikijs' + owner: 'wikijs' + pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 37666465396562613630663764393630623037653664333731376466373661363538353435626439 + 3034663166383836303136333933386164656632383363320a626130333262376337316132626339 + 65656465643563353637346565626562356537366138646232326236333362343533376630333336 + 6536663433623435390a633235313632383136393534633663646633386630363132366331663732 + 34373962666339333534363932303933663236386232363236636232323465636162363631363236 + 3432346330333864303033616430383461616235613461366361 + +# code: language=ansible diff --git a/doit b/doit new file mode 100755 index 0000000..847a2f2 --- /dev/null +++ b/doit @@ -0,0 +1,5 @@ +#!/bin/bash + +clear +echo "" > ansible.log +/workspace/dev/ansible/minilab/.venv/bin/ansible-playbook --vault-password-file vault-password.txt minilab.yaml $@ diff --git a/inventory/host_vars/ida.yaml b/inventory/host_vars/ida.yaml new file mode 100644 index 0000000..ffe3a55 --- /dev/null +++ b/inventory/host_vars/ida.yaml @@ -0,0 +1,2 @@ +--- +server_name: ida diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml index 99c0b41..937e4ef 100644 --- a/inventory/hosts.yaml +++ b/inventory/hosts.yaml @@ -13,18 +13,21 @@ all: ansible_host: 10.69.10.53 reir: ansible_host: 10.69.10.54 - trady: - ansible_host: 10.69.11.5 + trady: + ansible_host: 10.69.11.11 stephanie: ansible_host: 10.69.11.51 nemetona: ansible_host: 10.69.11.52 + ida: + ansible_host: 10.69.11.53 children: alpine: hosts: adguard: stephanie: nemetona: + ida: debian: hosts: maxim: diff --git a/update b/update new file mode 100755 index 0000000..3f44feb --- /dev/null +++ b/update @@ -0,0 +1,5 @@ +#!/bin/bash + +clear +echo "" > ansible.log +/workspace/dev/ansible/minilab/.venv/bin/ansible-playbook update.yaml $@ diff --git a/update.yaml b/update.yaml new file mode 100644 index 0000000..afbf3f4 --- /dev/null +++ b/update.yaml @@ -0,0 +1,72 @@ +--- +- name: Update and reboot all hosts + hosts: all, !stephanie + gather_facts: true + become: true + + tasks: + - name: Perform a dist-upgrade. + ansible.builtin.apt: + upgrade: dist + update_cache: true + when: ansible_distribution in debian_derivatives + # This is equivalent to: apk update && apk upgrade + - name: Update cache and upgrade packages + community.general.apk: + upgrade: true + update_cache: true + when: ansible_distribution == "Alpine" + + - name: Check if a reboot is required. + ansible.builtin.stat: + path: /var/run/reboot-required + get_checksum: true + register: reboot_required_file + # Set a variable for the currently *installed* linux-lts package version. + # Importantly, the shell command reformats the package version string using + # awk and sed into a string that we can match against what will be reported + # by `uname -r`. + # + # I am no awk or sed expert and perhaps my abomination is overly verbose, but + # it works and I can understand it. Longer awk/sed programs tend to confuse me. + - name: Register installed linux-lts kernel version + register: installed_kernel_version + ansible.builtin.shell: | + set -o pipefail + apk list linux-lts --installed | awk '{ print $1 }' | sed 's/linux-lts-//' | sed 's/-r/\n/g' | awk '{printf("%s-",$0)}' | awk '{printf("%slts", $0)}' + changed_when: installed_kernel_version != "" + when: ansible_distribution == "Alpine" + # Set a variable for the currently *running* linux-lts kernel version. We use + # sed to strip off the arch. + - name: Register running linux-lts kernel version + register: running_kernel_version + ansible.builtin.shell: | + set -o pipefail + uname -r | sed 's/-ARCH//' + changed_when: running_kernel_version != "" + when: ansible_distribution == "Alpine" + # This is debugging output to tell us when the installed kernel version doesn't + # match the running kernel version. The real magic happens in the following task. + - name: Check installed_kernel_version != running_kernel_version = ??? + ansible.builtin.debug: + msg: "{{ installed_kernel_version.stdout }} != + {{ running_kernel_version.stdout }} = + {{ installed_kernel_version.stdout != running_kernel_version.stdout }}" + when: ansible_distribution == "Alpine" + # Now compare installed_kernel_version with running_kernel_version. When they + # don't match, this means that we need to reboot. This is not a very sophisticated + # heuristic, but it works. + - name: Reboot if the running kernel version is not the installed kernel version + ansible.builtin.reboot: + reboot_timeout: 30 # These are very simple Alpine servers. They should boot extremely fast. + when: (ansible_distribution == "Alpine") and (installed_kernel_version.stdout != running_kernel_version.stdout) + + + - name: Reboot the server (if required). + ansible.builtin.reboot: + when: reboot_required_file.stat.exists + + - name: Remove dependencies that are no longer required. + ansible.builtin.apt: + autoremove: true + when: ansible_distribution in debian_derivatives