From 68db8239679af29ebb7f15b440a2438c35ad2ec1 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Wed, 30 Jan 2019 13:26:38 +0100 Subject: [PATCH 1/6] Fixed perms on /local. --- roles/compute-vm/tasks/main.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/roles/compute-vm/tasks/main.yml b/roles/compute-vm/tasks/main.yml index ae185e9d4..254712e4a 100644 --- a/roles/compute-vm/tasks/main.yml +++ b/roles/compute-vm/tasks/main.yml @@ -1,23 +1,25 @@ --- -- name: Make local mountpoint +- name: Make /local mount point. file: path: "/local" - mode: 0777 + mode: 0755 state: directory + owner: root + group: root -- name: "check mount point /local" +- name: Check /local mount point. command: mountpoint /local register: mount_local failed_when: false -- name: Create an ext4 filesystem on /dev/vdb +- name: Create an ext4 filesystem on /dev/vdb. filesystem: fstype: ext4 dev: /dev/vdb when: mount_local.rc == 1 -- name: Mount /dev/vdb on /local +- name: Mount /dev/vdb on /local. mount: path: /local src: /dev/vdb @@ -25,9 +27,10 @@ opts: rw,relatime state: present -- name: mount all mountpoints in fstab +- name: Mount all mountpoints from fstab. command: mount -a args: warn: false when: mount_local.rc == 1 +... From 4be724a5eaccea58a6e774547b5d25cb18fed9eb Mon Sep 17 00:00:00 2001 From: pneerincx Date: Wed, 30 Jan 2019 15:31:16 +0100 Subject: [PATCH 2/6] Re-ordered RPMs in alphabetic order. --- roles/cluster/tasks/main.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/cluster/tasks/main.yml b/roles/cluster/tasks/main.yml index 70fecadb6..278c7c2af 100644 --- a/roles/cluster/tasks/main.yml +++ b/roles/cluster/tasks/main.yml @@ -24,21 +24,22 @@ state: latest update_cache: yes name: + - bzip2 - curl + - figlet - git - git-core + - lsof - nano - ncdu + - ncurses-static + - readline-static - screen + - tcl-devel - telnet - tmux - tree - vim - - bzip2 - - ncurses-static - - readline-static - - tcl-devel - - figlet tags: - software ... From 89c3529f519a0fb9b6574f40d10d326780159ad0 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Wed, 30 Jan 2019 15:54:48 +0100 Subject: [PATCH 3/6] Making spacewalk role idempotent... --- roles/spacewalk_client/handlers/main.yml | 13 +++++++++++ roles/spacewalk_client/tasks/main.yml | 29 ++++++++++++++++++------ 2 files changed, 35 insertions(+), 7 deletions(-) create mode 100644 roles/spacewalk_client/handlers/main.yml diff --git a/roles/spacewalk_client/handlers/main.yml b/roles/spacewalk_client/handlers/main.yml new file mode 100644 index 000000000..f0db8780e --- /dev/null +++ b/roles/spacewalk_client/handlers/main.yml @@ -0,0 +1,13 @@ +--- +# +# Important: maintain correct handler order. +# Handlers are executed in the order in which they are defined +# and not in the order in whch they are listed in a "notify: handler_name" statement! +# +- name: Restart spacewalk service. + service: + name: rhnsd + state: restarted + become: yes + listen: restart_rhnsd +... \ No newline at end of file diff --git a/roles/spacewalk_client/tasks/main.yml b/roles/spacewalk_client/tasks/main.yml index b0471e951..d955f751c 100644 --- a/roles/spacewalk_client/tasks/main.yml +++ b/roles/spacewalk_client/tasks/main.yml @@ -13,11 +13,19 @@ - rhnsd - m2crypto - yum-rhn-plugin + notify: + - restart_rhnsd -- name: Restart spacewalk daemon. +- name: Enable spacewalk service. systemd: - name: rhnsd.service - state: restarted + name: "{{ item }}" + enabled: yes + with_items: + - rhnsd.service + notify: + - restart_rhnsd + +- meta: flush_handlers - name: Register client at the spacewalk server. rhn_register: @@ -32,10 +40,16 @@ ignore_errors: yes no_log: True -- name: Disable gpgcheck. - command: sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum/pluginconf.d/rhnplugin.conf - args: - warn: false +#- name: Disable gpgcheck. +# command: sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum/pluginconf.d/rhnplugin.conf +# args: +# warn: false + +- name: Disable gpgcheck for spacewalk repo. + lineinfile: + path: '/etc/yum/pluginconf.d/rhnplugin.conf' + regexp: '^gpgcheck = [0-9].*' + line: 'gpgcheck = 0' - name: Remove all current repo config files. shell: "rm -rf /etc/yum.repos.d/*" @@ -52,3 +66,4 @@ yum: name: '*' state: latest +... From a824382ee4d2757ee3b0d960acdb0d0a94bf22e2 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Wed, 30 Jan 2019 16:44:44 +0100 Subject: [PATCH 4/6] Cleanup. --- roles/spacewalk_client/tasks/main.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/roles/spacewalk_client/tasks/main.yml b/roles/spacewalk_client/tasks/main.yml index d955f751c..77ff5cebc 100644 --- a/roles/spacewalk_client/tasks/main.yml +++ b/roles/spacewalk_client/tasks/main.yml @@ -40,18 +40,13 @@ ignore_errors: yes no_log: True -#- name: Disable gpgcheck. -# command: sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum/pluginconf.d/rhnplugin.conf -# args: -# warn: false - - name: Disable gpgcheck for spacewalk repo. lineinfile: path: '/etc/yum/pluginconf.d/rhnplugin.conf' regexp: '^gpgcheck = [0-9].*' line: 'gpgcheck = 0' -- name: Remove all current repo config files. +- name: Remove all (non-spacewalk) repo config files from /etc/yum.repos.d/. shell: "rm -rf /etc/yum.repos.d/*" args: warn: false From e6e8222c79d6cd647036dd95d0b8e3141cb7cf6a Mon Sep 17 00:00:00 2001 From: pneerincx Date: Thu, 31 Jan 2019 15:45:26 +0100 Subject: [PATCH 5/6] Cleanup: removed commented code. --- users.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/users.yml b/users.yml index 7ec72b35c..2751ed300 100644 --- a/users.yml +++ b/users.yml @@ -8,18 +8,7 @@ - name: Create local sysadmin accounts on all hosts. hosts: all become: True - tasks: -# -# getent group is not usefull as it may fail with: -# The conditional check 'item in ansible_facts.getent_group' failed. -# The error was: error while evaluating conditional (item in ansible_facts.getent_group): 'ansible_facts' is undefined -# and the required groups are not created if they are missing... -# -# - name: Determine available groups. -# getent: -# database: group - - name: Check if required groups are present. group: name: "{{ item.name }}" @@ -27,7 +16,6 @@ with_items: - name: admin - name: docker - - name: Create local sys admin users and append them to relevant groups. user: name: "{{ item.name }}" @@ -38,7 +26,6 @@ with_items: - name: 'remco' comment: 'Remco Rohde' - - name: Deploy authorized keys for admins. authorized_key: user: "{{ item.user }}" @@ -70,7 +57,6 @@ comment: 'Marieke Bijlsma' - name: 'pieter' comment: 'Pieter Neerincx' - - name: Deploy authorized keys for admins. authorized_key: user: "{{ item.user }}" From fc60737ea3bdb5d5e49cd084733fb4651ec35baa Mon Sep 17 00:00:00 2001 From: pneerincx Date: Thu, 31 Jan 2019 15:46:32 +0100 Subject: [PATCH 6/6] Added version number check for Ansible version to main cluster.yml playbook. --- cluster.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cluster.yml b/cluster.yml index 7da05e880..cdaa9df11 100644 --- a/cluster.yml +++ b/cluster.yml @@ -1,6 +1,11 @@ --- - name: Sign host keys of all cluster hosts. hosts: all + pre_tasks: + - name: Verify Ansible version meets requirements. + assert: + that: "ansible_version.full | version_compare('2.4', '>=')" + msg: 'You must update Ansible to at least 2.4.x to use this playbook.' roles: - ssh_host_signer - ssh_known_hosts @@ -82,3 +87,4 @@ - nfs_home_client - import_playbook: users.yml +...