From 472384d4039d10dcfe1567b07f64ca6b1f8b744d Mon Sep 17 00:00:00 2001 From: LUXEY Adrien Date: Sun, 14 Mar 2021 15:49:08 +0100 Subject: =?UTF-8?q?premier=20tri=20des=20outils=20de=20base=20=C3=A0=20ins?= =?UTF-8?q?taller=20via=20apt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- os/config/roles/common/tasks/main.yml | 43 +++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 19 deletions(-) (limited to 'os/config/roles/common') diff --git a/os/config/roles/common/tasks/main.yml b/os/config/roles/common/tasks/main.yml index b4d00bb..f31b2c3 100644 --- a/os/config/roles/common/tasks/main.yml +++ b/os/config/roles/common/tasks/main.yml @@ -15,30 +15,35 @@ - name: "Install base tools" apt: name: - - vim - - htop - - screen - - iptables - - iptables-persistent - - nftables - - iproute2 + # Essentials - curl - - iputils-ping - - dnsutils + - less + - sudo + - tar + - unzip + # User tooling + - screen + - vim + # Monitoring - bmon + - htop - iftop + - iputils-ping - iotop - - docker.io - - unzip - - tar - - tcpdump - - less - - parted - - btrfs-tools - - libnss-resolve - - net-tools - strace - - sudo + - tcpdump + # Networking + - iproute2 # advanced net-tools + - iptables # legacy firewall (still used by diplonat) + - iptables-persistent + - net-tools # basic network tools + - nftables # iptables' successor (will replace it eventually) + - dnsutils # now called bind9-dnsutils + # Optional / Dispensable + #- docker.io # Adrien n'approuve pas (il faut utiliser le repo Docker) + - parted + #- btrfs-tools + #- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved state: present - name: "Passwordless sudo" -- cgit v1.2.3 From 005a027fcb6e4c9a4d90da27963617b6463aa7f2 Mon Sep 17 00:00:00 2001 From: LUXEY Adrien Date: Tue, 23 Mar 2021 16:57:10 +0100 Subject: WIP: improving Ansible config while I install my HammerHead --- os/config/roles/common/tasks/main.yml | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) (limited to 'os/config/roles/common') diff --git a/os/config/roles/common/tasks/main.yml b/os/config/roles/common/tasks/main.yml index f31b2c3..3baeb01 100644 --- a/os/config/roles/common/tasks/main.yml +++ b/os/config/roles/common/tasks/main.yml @@ -46,11 +46,40 @@ #- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved state: present +# Install Docker if need be + +- name: Check if Docker is installed + command: 'which docker' + args: + warn: no + register: docker_exists + changed_when: docker_exists.rc != 0 + ignore_errors: true + +- name: "Install Docker" + include_tasks: docker.yml + when: docker_exists.rc != 0 + +# Install Nomad & Consul if need be + +- name: Check if Nomad is installed + command: 'which nomad' + args: + warn: no + register: nomad_exists + changed_when: nomad_exists.rc != 0 + ignore_errors: true + +- name: "Install Nomad & Consul" + include_tasks: hashicorp.yml + when: nomad_exists.rc != 0 + + + - name: "Passwordless sudo" lineinfile: path: /etc/sudoers state: present regexp: '^%sudo' line: '%sudo ALL=(ALL) NOPASSWD: ALL' - validate: 'visudo -cf %s' - + validate: 'visudo -cf %s' \ No newline at end of file -- cgit v1.2.3 From 7852eef5a6d0eefc5914f178549f6845857a5c49 Mon Sep 17 00:00:00 2001 From: LUXEY Adrien Date: Tue, 23 Mar 2021 17:00:27 +0100 Subject: WIP: improving Ansible config while I install my HammerHead - added files... --- os/config/roles/common/tasks/docker.yml | 75 ++++++++++++++++++++++++++++++ os/config/roles/common/tasks/hashicorp.yml | 24 ++++++++++ 2 files changed, 99 insertions(+) create mode 100644 os/config/roles/common/tasks/docker.yml create mode 100644 os/config/roles/common/tasks/hashicorp.yml (limited to 'os/config/roles/common') diff --git a/os/config/roles/common/tasks/docker.yml b/os/config/roles/common/tasks/docker.yml new file mode 100644 index 0000000..a688f4b --- /dev/null +++ b/os/config/roles/common/tasks/docker.yml @@ -0,0 +1,75 @@ +# From the official Docker installation guide for Debian: +# https://docs.docker.com/engine/install/debian/ + +# Uninstall old Docker versions +# $ sudo apt-get remove docker docker-engine docker.io containerd runc +- name: "Remove old Docker versions" + ansible.builtin.apt: + state: absent + name: + - docker + - docker-engine + - docker.io + - containerd + - runc + +# Install dependencies +# > apt-transport-https ca-certificates curl gnupg lsb-release +- name: "Install Docker dependencies" + ansible.builtin.apt: + state: present + name: + - apt-transport-https + - ca-certificates + # - curl # Already installed in main.yml + - gnupg + - lsb-release + +# Dowload Docker's official GPG key +# $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg +- name: "Add Docker's official GPG key to apt" + ansible.builtin.apt_key: + id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 + url: https://download.docker.com/linux/debian/gpg + # Key destination path + keyring: /usr/share/keyrings/docker-archive-keyring.gpg + state: present + + +# Add Docker's repository to apt +# $ echo \ +# "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ +# $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +- name: "Add Docker's repository to APT sources list" + ansible.builtin.apt_repository: + repo: "deb [arch={{ architecture_map[ansible_architecture] }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" + state: present + vars: + architecture_map: + "x86_64": "amd64" + "aarch64": "arm64" + "aarch": "arm64" + "armhf": "armhf" + "armv7l": "armhf" + +# Install Docker engine +# $ sudo apt-get update +# $ sudo apt-get install docker-ce docker-ce-cli containerd.io +- name: "Install Docker engine" + ansible.builtin.apt: + state: present + update_cache: yes + name: + - docker-ce + - docker-ce-cli + - containerd.io + +# Install docker-compose +# $ sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +- name: "Install Docker Compose" + ansible.builtin.get_url: + url: "https://github.com/docker/compose/releases/download/{{ compose_version }}/docker-compose-{{ ansible_system }}-{{ ansible_architecture }}" + dest: /usr/local/bin/docker-compose + mode: "0755" + vars: + compose_version: 1.28.5 \ No newline at end of file diff --git a/os/config/roles/common/tasks/hashicorp.yml b/os/config/roles/common/tasks/hashicorp.yml new file mode 100644 index 0000000..9cf647b --- /dev/null +++ b/os/config/roles/common/tasks/hashicorp.yml @@ -0,0 +1,24 @@ +- name: "Add Hashicorps's official GPG key to apt" + ansible.builtin.apt_key: + url: https://apt.releases.hashicorp.com/gpg + state: present + +- name: "Add Hashicorp's repository to APT sources list" + ansible.builtin.apt_repository: + repo: "deb [arch={{ architecture_map[ansible_architecture] }}] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main" + state: present + vars: + architecture_map: + "x86_64": "amd64" + "aarch64": "arm64" + "aarch": "arm64" + "armhf": "armhf" + "armv7l": "armhf" + +- name: "Install Nomad & Consul" + ansible.builtin.apt: + state: present + update_cache: yes + name: + - nomad + - consul \ No newline at end of file -- cgit v1.2.3