diff --git a/automation/ansible/group_vars/all/packages.yml b/automation/ansible/group_vars/all/packages.yml index 81f9c13..2172a19 100644 --- a/automation/ansible/group_vars/all/packages.yml +++ b/automation/ansible/group_vars/all/packages.yml @@ -1,8 +1,8 @@ --- - global_packages: Debian: - vim - mtr-tiny - traceroute - tcpdump + - ethtool \ No newline at end of file diff --git a/automation/ansible/host_vars/server1/udev.yml.example b/automation/ansible/host_vars/server1/udev.yml.example new file mode 100644 index 0000000..413cda7 --- /dev/null +++ b/automation/ansible/host_vars/server1/udev.yml.example @@ -0,0 +1,5 @@ +--- +udev_rules: + nic: + - 'SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:ce:2a:b2", NAME="xgei0"' + - 'SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:74:5b:6e", NAME="xgei1"' \ No newline at end of file diff --git a/automation/ansible/main.yml b/automation/ansible/main.yml index aa69762..e0fbd51 100644 --- a/automation/ansible/main.yml +++ b/automation/ansible/main.yml @@ -5,8 +5,15 @@ roles: - common -- name: Router +- name: Set up routers hosts: routers roles: - firewall - router + +- name: Restart if required + hosts: all + tasks: + - name: Reboot + ansible.builtin.reboot: + when: restart_required is defined diff --git a/automation/ansible/roles/common/handlers/main.yml b/automation/ansible/roles/common/handlers/main.yml new file mode 100644 index 0000000..53b486a --- /dev/null +++ b/automation/ansible/roles/common/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: update initramfs + ansible.builtin.command: "update-initramfs -u" + # register: restart_required + +- name: trigger udev add + ansible.builtin.command: "udevadm trigger --action=add" \ No newline at end of file diff --git a/automation/ansible/roles/common/tasks/interfaces.yml b/automation/ansible/roles/common/tasks/interfaces.yml new file mode 100644 index 0000000..c4781a6 --- /dev/null +++ b/automation/ansible/roles/common/tasks/interfaces.yml @@ -0,0 +1,27 @@ +--- +- name: Check whether vlan config is valid + ansible.builtin.assert: + that: + - item.value.name is defined if item.value.type == "eth" + - item.value.parent is defined if item.value.type == "vlan" + - item.value.parent in interfaces if item.value.parent is defined + with_items: + - interfaces + +- name: Create physical interfaces + community.general.interfaces_file: + dest: "/etc/network/interfaces.d/{{ item.key }}.conf" + iface: "{{ item.value.name }}" + with_items: + - interfaces | select(item.value.type != "vlan") + +- name: Create vlan interfaces + community.general.interfaces_file: + dest: "/etc/network/interfaces.d/{{ item.key }}.conf" + iface: "{{ interfaces[item.value.parent].name }}.{{ item.value.vlan_id }}" + with_items: + - interfaces | select(item.value.type == "vlan") + +- name: Restart networking + ansible.builtin.notify: + - restart networking diff --git a/automation/ansible/roles/common/tasks/main.yml b/automation/ansible/roles/common/tasks/main.yml index f481242..3e310f7 100644 --- a/automation/ansible/roles/common/tasks/main.yml +++ b/automation/ansible/roles/common/tasks/main.yml @@ -1,7 +1,13 @@ --- - name: Add ssh keys for root - ansible.builtin.include_tasks: root_sshkeys.yml + ansible.posix.authorized_key: + user: root + key: "{{ lookup('ansible.builtin.url', item) }}" + state: present # Note: we don't remove other/existing keys + with_items: + - "{{ global_root_ssh_key_urls | default([]) }}" + - "{{ root_ssh_keys | default([]) }}" - name: Set hostname ansible.builtin.hostname: @@ -12,3 +18,15 @@ ansible.builtin.package: name: sudo state: present + +- name: Install standard packages + ansible.builtin.package: + name: "{{ item }}" + state: present + with_items: + - "{{ global_packages[ansible_os_family] | default([]) }}" + - "{{ local_packages | default([]) }}" + +- name: Configure udev rules + ansible.builtin.include_tasks: udev.yml + when: udev_rules is defined diff --git a/automation/ansible/roles/common/tasks/packages.yml b/automation/ansible/roles/common/tasks/packages.yml deleted file mode 100644 index 9b945ef..0000000 --- a/automation/ansible/roles/common/tasks/packages.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Install standard packages - ansible.builtin.package: - name: "{{ item }}" - state: present - with_items: "{{ - (global_packages[ansible_os_family] | default([])) + - (local_packages | default([])) - }}" diff --git a/automation/ansible/roles/common/tasks/root_sshkeys.yml b/automation/ansible/roles/common/tasks/root_sshkeys.yml deleted file mode 100644 index 621702c..0000000 --- a/automation/ansible/roles/common/tasks/root_sshkeys.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Add public keys for root - ansible.posix.authorized_key: - user: root - key: "{{ lookup('ansible.builtin.url', item) }}" - state: present # Note: we don't remove other/existing keys - with_items: "{{ - (global_root_ssh_key_urls | default([])) + - (root_ssh_keys | default([])) - }}" diff --git a/automation/ansible/roles/common/tasks/udev.yml b/automation/ansible/roles/common/tasks/udev.yml new file mode 100644 index 0000000..0d99efe --- /dev/null +++ b/automation/ansible/roles/common/tasks/udev.yml @@ -0,0 +1,17 @@ +--- +- name: Create /etc/udev/rules.d + ansible.builtin.file: + name: /etc/udev/rules.d + state: directory + mode: "755" + +- name: Template out to udev.d + ansible.builtin.template: + src: udev.rules.j2 + dest: "/etc/udev/rules.d/{{ item.key }}.rules" + mode: "644" + with_items: + - "{{ udev_rules | dict2items }}" + notify: + - update initramfs + - trigger udev add diff --git a/automation/ansible/roles/common/templates/udev.rules.j2 b/automation/ansible/roles/common/templates/udev.rules.j2 new file mode 100644 index 0000000..69faedf --- /dev/null +++ b/automation/ansible/roles/common/templates/udev.rules.j2 @@ -0,0 +1,9 @@ +{%- if item.value is string -%} +{{ item.value }} +{%- elif item.value is iterable -%} +{% for val in item.value -%} +{{ val }} +{% endfor -%} +{%- else -%} +{{ ("udev_rules for " + item.key + " are incorrect")/0 }} +{%- endif -%} \ No newline at end of file