Refactor; allow udev rules to be applied from host_vars

This commit is contained in:
Albert Stefanov 2024-05-04 19:05:06 +03:00
parent ca536c4ee6
commit d28d667b8d
10 changed files with 93 additions and 24 deletions

View File

@ -1,8 +1,8 @@
---
global_packages:
Debian:
- vim
- mtr-tiny
- traceroute
- tcpdump
- ethtool

View File

@ -0,0 +1,5 @@
---
udev_rules:
nic:
- 'SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:ce:2a:b2", NAME="xgei0"'
- 'SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:74:5b:6e", NAME="xgei1"'

View File

@ -5,8 +5,15 @@
roles:
- common
- name: Router
- name: Set up routers
hosts: routers
roles:
- firewall
- router
- name: Restart if required
hosts: all
tasks:
- name: Reboot
ansible.builtin.reboot:
when: restart_required is defined

View File

@ -0,0 +1,7 @@
---
- name: update initramfs
ansible.builtin.command: "update-initramfs -u"
# register: restart_required
- name: trigger udev add
ansible.builtin.command: "udevadm trigger --action=add"

View File

@ -0,0 +1,27 @@
---
- name: Check whether vlan config is valid
ansible.builtin.assert:
that:
- item.value.name is defined if item.value.type == "eth"
- item.value.parent is defined if item.value.type == "vlan"
- item.value.parent in interfaces if item.value.parent is defined
with_items:
- interfaces
- name: Create physical interfaces
community.general.interfaces_file:
dest: "/etc/network/interfaces.d/{{ item.key }}.conf"
iface: "{{ item.value.name }}"
with_items:
- interfaces | select(item.value.type != "vlan")
- name: Create vlan interfaces
community.general.interfaces_file:
dest: "/etc/network/interfaces.d/{{ item.key }}.conf"
iface: "{{ interfaces[item.value.parent].name }}.{{ item.value.vlan_id }}"
with_items:
- interfaces | select(item.value.type == "vlan")
- name: Restart networking
ansible.builtin.notify:
- restart networking

View File

@ -1,7 +1,13 @@
---
- name: Add ssh keys for root
ansible.builtin.include_tasks: root_sshkeys.yml
ansible.posix.authorized_key:
user: root
key: "{{ lookup('ansible.builtin.url', item) }}"
state: present # Note: we don't remove other/existing keys
with_items:
- "{{ global_root_ssh_key_urls | default([]) }}"
- "{{ root_ssh_keys | default([]) }}"
- name: Set hostname
ansible.builtin.hostname:
@ -12,3 +18,15 @@
ansible.builtin.package:
name: sudo
state: present
- name: Install standard packages
ansible.builtin.package:
name: "{{ item }}"
state: present
with_items:
- "{{ global_packages[ansible_os_family] | default([]) }}"
- "{{ local_packages | default([]) }}"
- name: Configure udev rules
ansible.builtin.include_tasks: udev.yml
when: udev_rules is defined

View File

@ -1,10 +0,0 @@
---
- name: Install standard packages
ansible.builtin.package:
name: "{{ item }}"
state: present
with_items: "{{
(global_packages[ansible_os_family] | default([])) +
(local_packages | default([]))
}}"

View File

@ -1,11 +0,0 @@
---
- name: Add public keys for root
ansible.posix.authorized_key:
user: root
key: "{{ lookup('ansible.builtin.url', item) }}"
state: present # Note: we don't remove other/existing keys
with_items: "{{
(global_root_ssh_key_urls | default([])) +
(root_ssh_keys | default([]))
}}"

View File

@ -0,0 +1,17 @@
---
- name: Create /etc/udev/rules.d
ansible.builtin.file:
name: /etc/udev/rules.d
state: directory
mode: "755"
- name: Template out to udev.d
ansible.builtin.template:
src: udev.rules.j2
dest: "/etc/udev/rules.d/{{ item.key }}.rules"
mode: "644"
with_items:
- "{{ udev_rules | dict2items }}"
notify:
- update initramfs
- trigger udev add

View File

@ -0,0 +1,9 @@
{%- if item.value is string -%}
{{ item.value }}
{%- elif item.value is iterable -%}
{% for val in item.value -%}
{{ val }}
{% endfor -%}
{%- else -%}
{{ ("udev_rules for " + item.key + " are incorrect")/0 }}
{%- endif -%}