diff --git a/.ansible-lint b/.ansible-lint index 19eb3102..cdccdc4c 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -4,6 +4,7 @@ exclude_paths: - roles/igor_mukhin.bash_aliases/ - roles/nickjj.ansible-user/ - roles/azavea.ansible-pip/ + - roles/riemers.gitlab-runner/ parseable: true quiet: true diff --git a/.gitmodules b/.gitmodules index b44d9c22..a01ff4c2 100644 --- a/.gitmodules +++ b/.gitmodules @@ -10,9 +10,6 @@ [submodule "roles/geerlingguy.pip"] path = roles/geerlingguy.pip url = https://github.com/geerlingguy/ansible-role-pip -[submodule "roles/ironicbadger.proxmox-nag-removal"] - path = roles/ironicbadger.proxmox-nag-removal - url = https://github.com/IronicBadger/ansible-role-proxmox-nag-removal [submodule "roles/nickjj.ansible-user"] path = roles/nickjj.ansible-user url = https://github.com/nickjj/ansible-user diff --git a/group_vars/all.yml b/group_vars/all.yml index bc90007d..a9bfff6c 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -9,8 +9,7 @@ postfix_smtp_server_port: 587 postfix_smtp_use_tls: "yes" ### mgrote.set_apt_proxy - apt_proxy_server_hostname: acng.grote.lan - apt_proxy_server_port: 9999 + manage_sources_apt_proxy_url: "acng.grote.lan:9999" ### mgrote.restic restic_folders_to_backup: "/usr/local /etc /root /var/www /home" restic_cron_hours: "19" diff --git a/group_vars/virt.yml b/group_vars/proxmox.yml similarity index 99% rename from group_vars/virt.yml rename to group_vars/proxmox.yml index 1e24c8fa..c5f7a346 100644 --- a/group_vars/virt.yml +++ b/group_vars/proxmox.yml @@ -1,5 +1,4 @@ --- - ### geerlingguy.dotfiles dotfiles_repo: "https://github.com/quotengrote/dotfiles.git" dotfiles_repo_local_destination: "/home/mg/dotfiles-repo" diff --git a/inventory b/inventory index db0394df..7cdafa6b 100644 --- a/inventory +++ b/inventory @@ -32,7 +32,7 @@ all: hosts: vm-test.grote.lan: lxc-test2.grote.lan: - virt: + proxmox: hosts: pve-test.grote.lan: pve2.grote.lan: diff --git a/playbooks/base/1_bootstrap.yml b/playbooks/base/1_bootstrap.yml index 92d95444..2d7c3d62 100644 --- a/playbooks/base/1_bootstrap.yml +++ b/playbooks/base/1_bootstrap.yml @@ -30,4 +30,4 @@ update_password: always password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}" -# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Somit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen. +# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen. diff --git a/playbooks/base/5_personalisierung.yml b/playbooks/base/5_personalisierung.yml index f265ec39..0e65a992 100644 --- a/playbooks/base/5_personalisierung.yml +++ b/playbooks/base/5_personalisierung.yml @@ -4,7 +4,7 @@ - { role: mgrote.motd, tags: "motd" } - { role: mgrote.tmux, tags: "tmux", - when: "not 'virt' in group_names" } + when: "not 'proxmox' in group_names" } - { role: geerlingguy.dotfiles, # become_user: "{{ dotfiles_user }}" , become: true, diff --git a/playbooks/base/6_haertung.yml b/playbooks/base/6_haertung.yml index 69c91813..0707541b 100644 --- a/playbooks/base/6_haertung.yml +++ b/playbooks/base/6_haertung.yml @@ -7,4 +7,4 @@ - { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt tags: "ufw", become: true, - when: "not 'virt' in group_names" } + when: "not 'proxmox' in group_names" } diff --git a/playbooks/service/pve.yml b/playbooks/service/proxmox.yml similarity index 83% rename from playbooks/service/pve.yml rename to playbooks/service/proxmox.yml index 51285074..4c154ef0 100644 --- a/playbooks/service/pve.yml +++ b/playbooks/service/proxmox.yml @@ -1,7 +1,7 @@ --- -- hosts: virt +- hosts: proxmox roles: - - { role: ironicbadger.proxmox-nag-removal, tags: "nag", become: yes } + - { role: mgrote.set_apt_proxy, tags: "apt_sources" } - { role: mgrote.apcupsd, tags: "apcupsd" } - { role: mgrote.smart, tags: "smart" } - { role: mgrote.zfs_tools, tags: "zfs_tools" } diff --git a/roles/ironicbadger.proxmox-nag-removal b/roles/ironicbadger.proxmox-nag-removal deleted file mode 160000 index 7581de87..00000000 --- a/roles/ironicbadger.proxmox-nag-removal +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 7581de87e3e118a87df7589a0abb832ca46a9fd1 diff --git a/roles/mgrote.set_apt_proxy/defaults/main.yml b/roles/mgrote.set_apt_proxy/defaults/main.yml index e69de29b..6ae46049 100644 --- a/roles/mgrote.set_apt_proxy/defaults/main.yml +++ b/roles/mgrote.set_apt_proxy/defaults/main.yml @@ -0,0 +1,11 @@ +--- + manage_sources_apt_proxy_url: "" # leer = kein proxy, sonst "acng.grote.lan:9999" + manage_sources_enterprise_repo_path: /etc/apt/sources.list.d/pve-enterprise.list # wo ist das enterprise-repo + manage_sources_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo + manage_sources_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo + manage_sources_apt_repo_no_subscription: deb http://{{ manage_sources_apt_proxy_url }}/download.proxmox.com/debian/pve buster pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen + manage_sources_proxmox_base_repos: # welche debian standard repos sollen gesetzt werden, werden vorher gelöscht damit ein proxy dann gesetzt werden kann + - repo_url: deb http://ftp.de.debian.org/debian buster main contrib + - repo_url: deb http://ftp.de.debian.org/debian buster-updates main contrib + - repo_url: deb http://security.debian.org buster/updates main contrib + manage_sources_debian_repo_path: /etc/apt/sources.list.d/debian.list # , wol sollen die standard-repos gespeichert werden; nicht auf /etc/apt/sources setzen, diese datei wird gelöscht diff --git a/roles/mgrote.set_apt_proxy/handlers/main.yml b/roles/mgrote.set_apt_proxy/handlers/main.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/roles/mgrote.set_apt_proxy/tasks/main.yml b/roles/mgrote.set_apt_proxy/tasks/main.yml index a815458c..b00e3f1a 100644 --- a/roles/mgrote.set_apt_proxy/tasks/main.yml +++ b/roles/mgrote.set_apt_proxy/tasks/main.yml @@ -1,13 +1,13 @@ - - name: sources.list kopieren - become: yes - ansible.builtin.template: - src: "sources.list" - dest: "/etc/apt/sources.list" - backup: yes - register: copy_src +--- + - name: include ubuntu tasks (determined by "ansible_distribution") + include_tasks: ubuntu.yml when: ansible_distribution == 'Ubuntu' - - name: apt_update # noqa 503 503 + - name: include proxmox tasks (determined by group) + include_tasks: proxmox.yml + when: "'proxmox' in group_names" + + - name: update package lists # noqa 503 503 become: yes ansible.builtin.apt: update_cache: yes diff --git a/roles/mgrote.set_apt_proxy/tasks/proxmox.yml b/roles/mgrote.set_apt_proxy/tasks/proxmox.yml new file mode 100644 index 00000000..a15b9411 --- /dev/null +++ b/roles/mgrote.set_apt_proxy/tasks/proxmox.yml @@ -0,0 +1,59 @@ +--- + - name: check if old debian-repositories exists + stat: + path: /etc/apt/sources.list + register: old_debian_repositories + + - name: backup old debian-repositories + become: yes + ansible.builtin.copy: + src: /etc/apt/sources.list + dest: /etc/apt/sources.list.disabled + remote_src: yes + when: old_debian_repositories.stat.exists == true + + - name: remove old debian-repositories + become: yes + ansible.builtin.file: + path: /etc/apt/sources.list + state: absent + when: old_debian_repositories.stat.exists == true + + - name: add new debian-repositories + become: yes + ansible.builtin.apt_repository: + repo: "{{ item.repo_url }}" + state: present + filename: "{{ manage_sources_debian_repo_path }}" + update_cache: no + register: copy_src + loop: "{{ manage_sources_proxmox_base_repos }}" + + - name: remove enterprise-Repository + become: yes + ansible.builtin.file: + path: "{{ manage_sources_enterprise_repo_path }}" + state: absent + + - name: check if pve-no-subscription repo keys exists + stat: + path: "{{ manage_sources_apt_repo_key_path }}" + register: pve_no_subscription_repo_keys + + - name: add pve-no-subscription repo keys + become: yes + ansible.builtin.apt_key: + url: "{{ manage_sources_apt_repo_key_url }}" + state: present + file: "{{ manage_sources_apt_repo_key_path }}" + register: copy_src + when: pve_no_subscription_repo_keys.stat.exists == true + + - name: add pve-no-subscription repo + become: yes + ansible.builtin.apt_repository: + repo: "{{ manage_sources_apt_repo_no_subscription }}" + state: present + filename: pve-no-subscription + update_cache: no + register: copy_src diff --git a/roles/mgrote.set_apt_proxy/tasks/ubuntu.yml b/roles/mgrote.set_apt_proxy/tasks/ubuntu.yml new file mode 100644 index 00000000..0e8acf67 --- /dev/null +++ b/roles/mgrote.set_apt_proxy/tasks/ubuntu.yml @@ -0,0 +1,8 @@ +--- + - name: Ubuntu - copy sources.list + become: yes + ansible.builtin.template: + src: "ubuntu_sources.list" + dest: "/etc/apt/sources.list" + backup: yes + register: copy_src diff --git a/roles/mgrote.set_apt_proxy/templates/sources.list b/roles/mgrote.set_apt_proxy/templates/sources.list deleted file mode 100644 index af89663e..00000000 --- a/roles/mgrote.set_apt_proxy/templates/sources.list +++ /dev/null @@ -1,10 +0,0 @@ -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} main restricted -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates main restricted -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} universe -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates universe -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-backports main restricted universe multiverse -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security main restricted -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security universe -deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse diff --git a/roles/mgrote.set_apt_proxy/templates/ubuntu_sources.list b/roles/mgrote.set_apt_proxy/templates/ubuntu_sources.list new file mode 100644 index 00000000..e5551010 --- /dev/null +++ b/roles/mgrote.set_apt_proxy/templates/ubuntu_sources.list @@ -0,0 +1,10 @@ +deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} main restricted +deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates main restricted +deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} universe +deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates universe +deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse +deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse +deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-backports main restricted universe multiverse +deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security main restricted +deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security universe +deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse