Merge pull request 'refs #8025 Debian roles merged' (!62) from 8025-mergeDebianBase into main

Reviewed-on: #62
Reviewed-by: Xavi Lleó <xavi@verdnatura.es>

.gitignore

@@ -4,8 +4,9 @@ venv
 .vault.yml
 .passbolt.yml
 inventories/local
-inventories/local-*
+inventories/local.yml
-inventories/*/local-*.yml
+inventories/local.yaml
-inventories/*/local-*.yaml
+inventories/host_vars/*/local.yml
-inventories/host_vars/*.local.yml
+inventories/host_vars/*/local.yaml
-inventories/host_vars/*.local.yaml
+inventories/group_vars/*/local.yml
+inventories/group_vars/*/local.yaml

playbooks/debian.yml

@@ -1,18 +1,5 @@
 - name: Configure base Debian host
   hosts: all
   tasks:
-  - name: Configure virtual machine or host (not LXC)
+  - import_role:
-    import_role:
+      name: debian
-      name: debian-host
-    when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm'
-  - name: Configure base system (all)
-    import_role:
-      name: debian-base 
-  - name: Configure guest
-    import_role:
-      name: debian-guest
-    when: ansible_virtualization_role == 'guest'
-  - name: Configure virtual machine
-    import_role:
-      name: debian-qemu
-    when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'

playbooks/kube.yml

@@ -1,5 +1,7 @@
 - name: Configure Kubernetes
   hosts: all
   tasks:
+  - import_role:
+      name: debian
   - import_role:
       name: kube

playbooks/pve.yml

@@ -1,5 +1,7 @@
 - name: Configure PVE
   hosts: all
   tasks:
+  - import_role:
+      name: debian
   - import_role:
       name: pve

roles/debian-base/tasks/main.yml

@@ -1,34 +0,0 @@
-- import_tasks: witness.yml
-  tags: witness
-- import_tasks: root.yml
-  tags: root
-- import_tasks: resolv.yml
-  tags: resolv
-- import_tasks: timesync.yml
-  tags: timesync
-- import_tasks: sshd_configure.yml
-  tags: sshd_configure
-- import_tasks: defuser.yml
-  tags: defuser
-- import_tasks: install.yml
-  tags: install
-- import_tasks: locale.yml
-  tags: locale
-- import_tasks: tzdata.yml
-  tags: tzdata
-- import_tasks: relayhost.yml
-  tags: relayhost
-- import_tasks: motd.yml
-  tags: motd
-- import_tasks: profile.yml
-  tags: profile
-- import_tasks: vim.yml
-  tags: vim
-- import_tasks: nrpe.yml
-  tags: nrpe
-- import_tasks: fail2ban.yml
-  tags: fail2ban
-- import_tasks: bacula.yml
-  tags: bacula
-- import_tasks: vn-repo.yml
-  tags: vn-repo

roles/debian-guest/handlers/main.yml

@@ -1,8 +0,0 @@
-- name: restart-nslcd
-  service:
-    name: nslcd
-    state: restarted
-- name: restart-ssh
-  systemd:
-    name: ssh
-    state: restarted

roles/debian-guest/tasks/main.yml

@@ -1,6 +0,0 @@
-- import_tasks: auth.yml
-  tags: auth
-- import_tasks: sudoers.yml
-  tags: sudoers
-- import_tasks: ssh_keys.yml
-  tags: ssh_keys

roles/debian-host/handlers/main.yml

@@ -1,4 +0,0 @@
-- name: restart-sysctl
-  systemd:
-    name: systemd-sysctl
-    state: restarted

roles/debian-host/tasks/main.yml

@@ -1,6 +0,0 @@
-- import_tasks: hostname.yml
-  tags: hostname
-- import_tasks: sysctl.yml
-  tags: sysctl
-- import_tasks: apparmor.yml
-  tags: apparmor

roles/debian-qemu/defaults/main.yml

@@ -1,8 +0,0 @@
-homes_path: /mnt/homes
-autofs_packages:
-  - nfs-common
-  - autofs
-  - libnfs-utils
-  - autofs-ldap
-blacklist_module_kernel: |
-  blacklist snd_hda_intel

roles/debian-qemu/handlers/main.yml

@@ -1,4 +0,0 @@
-- name: restart-autofs
-  service:
-    name: autofs
-    state: restarted

roles/debian-qemu/tasks/main.yml

@@ -1,10 +0,0 @@
-- import_tasks: agent.yml
-  tags: agent
-- import_tasks: hotplug.yml
-  tags: hotplug
-- import_tasks: autofs.yml
-  tags: autofs
-- import_tasks: blacklist.yml
-  tags: blacklist
-- import_tasks: grub_startup.yml
-  tags: grub_startup

roles/debian/defaults/main.yaml

@@ -39,3 +39,11 @@ base_packages:
 locales_present:
   - en_US.UTF-8
   - es_ES.UTF-8
+homes_path: /mnt/homes
+autofs_packages:
+  - nfs-common
+  - autofs
+  - libnfs-utils
+  - autofs-ldap
+blacklist_module_kernel: |
+  blacklist snd_hda_intel

roles/debian/handlers/main.yml

@@ -18,6 +18,22 @@
   systemd:
     name: sshd
     state: restarted
+- name: restart-sysctl
+  systemd:
+    name: systemd-sysctl
+    state: restarted
+- name: restart-nslcd
+  service:
+    name: nslcd
+    state: restarted
+- name: restart-ssh
+  systemd:
+    name: ssh
+    state: restarted
+- name: restart-autofs
+  service:
+    name: autofs
+    state: restarted
 - name: generate locales
   command: /usr/sbin/locale-gen
 - name: reconfigure tzdata

roles/debian/tasks/main.yml

@@ -0,0 +1,71 @@
+
+- name: Configure virtual machine or host (not LXC)
+  when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm'
+  block:
+    - import_tasks: hostname.yml
+      tags: hostname
+    - import_tasks: sysctl.yml
+      tags: sysctl
+    - import_tasks: apparmor.yml
+      tags: apparmor
+
+- name: Configure base system (all)
+  block:
+    - import_tasks: witness.yml
+      tags: witness
+    - import_tasks: root.yml
+      tags: root
+    - import_tasks: resolv.yml
+      tags: resolv
+    - import_tasks: timesync.yml
+      tags: timesync
+    - import_tasks: sshd_configure.yml
+      tags: sshd_configure
+    - import_tasks: defuser.yml
+      tags: defuser
+    - import_tasks: install.yml
+      tags: install
+    - import_tasks: locale.yml
+      tags: locale
+    - import_tasks: tzdata.yml
+      tags: tzdata
+    - import_tasks: relayhost.yml
+      tags: relayhost
+    - import_tasks: motd.yml
+      tags: motd
+    - import_tasks: profile.yml
+      tags: profile
+    - import_tasks: vim.yml
+      tags: vim
+    - import_tasks: nrpe.yml
+      tags: nrpe
+    - import_tasks: fail2ban.yml
+      tags: fail2ban
+    - import_tasks: bacula.yml
+      tags: bacula
+    - import_tasks: vn-repo.yml
+      tags: vn-repo
+
+- name: Configure guest
+  when: ansible_virtualization_role == 'guest'
+  block:
+    - import_tasks: auth.yml
+      tags: auth
+    - import_tasks: sudoers.yml
+      tags: sudoers
+    - import_tasks: ssh_keys.yml
+      tags: ssh_keys
+
+- name: Configure virtual machine
+  when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'
+  block:
+    - import_tasks: agent.yml
+      tags: agent
+    - import_tasks: hotplug.yml
+      tags: hotplug
+    - import_tasks: autofs.yml
+      tags: autofs
+    - import_tasks: blacklist.yml
+      tags: blacklist
+    - import_tasks: grub_startup.yml
+      tags: grub_startup

run-playbook.sh

@@ -2,34 +2,12 @@
 
 EXTRA_ARGS=()
 
-OPTSTRING=":i:l:"
-while getopts ${OPTSTRING} opt; do
-  case ${opt} in
-    i)
-      INVENTORY="$OPTARG"
-      ;;
-    l)
-      LIMIT="$OPTARG"
-      ;;
-  esac
-done
-
 if [ -f .passbolt.yml ]; then
     EXTRA_ARGS+=("--extra-vars" "@.passbolt.yml")
 fi
 if [ -f .vault-pass ]; then
     EXTRA_ARGS+=("--vault-password-file" ".vault-pass")
 fi
-if [[ -n "${LIMIT:-}" && -n "${INVENTORY:-}" ]]; then
-    INVENTORY_DIR=$(dirname "$INVENTORY")
-    LOCAL_HOST_VARS="$INVENTORY_DIR/host_vars/$LIMIT.local"
-    if [ -f "$LOCAL_HOST_VARS.yml" ]; then
-        EXTRA_ARGS+=("--extra-vars" "@$LOCAL_HOST_VARS.yml")
-    fi
-    if [ -f "$LOCAL_HOST_VARS.yaml" ]; then
-        EXTRA_ARGS+=("--extra-vars" "@$LOCAL_HOST_VARS.yaml")
-    fi
-fi
 
 #export PYTHONPATH=./venv/lib/python3.12/site-packages/
 ansible-playbook ${EXTRA_ARGS[@]} $@