Refactor playbooks into roles

6 files changed, 189 insertions, 0 deletions

diff --git a/personal_infra/playbooks/roles/apply_puppet/tasks/main.yml b/personal_infra/playbooks/roles/apply_puppet/tasks/main.yml
new file mode 100644
index 00000000..627d2929
--- /dev/null
+++ b/personal_infra/playbooks/roles/apply_puppet/tasks/main.yml
@@ -0,0 +1,116 @@
+---
+- name: create local temporary directory
+  tempfile:
+    state: directory
+    path: "{{ inventory_dir }}/tmp"
+  register: local_temp
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: create data directory in local temp
+  file:
+    path: "{{ local_temp.path }}/data"
+    state: directory
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: create hiera.yaml
+  copy:
+    dest: "{{ local_temp.path }}/hiera.yaml"
+    content: |
+      version: 5
+      hierarchy:
+        - name: hostvars
+          path: hostvars.json
+          data_hash: json_data
+        - name: this
+          path: this.json
+          data_hash: json_data
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: dump hostvars
+  copy:
+    dest: "{{ local_temp.path }}/data/hostvars.json"
+    content: "{'hostvars': {{ hostvars }} }"
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: dump this
+  copy:
+    dest: "{{ local_temp.path }}/data/this.json"
+    content: "{{ hostvars[inventory_hostname] }}"
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: install epel
+  package:
+    name: epel-release
+  when: ansible_distribution_file_variety == 'RedHat'
+- name: install puppet
+  package:
+    name: puppet
+- name: get facts
+  command: facter -y
+  register: facter_output
+  tags: puppet_fast
+- name: create facts directory in local temp
+  file:
+    path: "{{ local_temp.path }}/yaml/facts"
+    state: directory
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: dump facts
+  copy:
+    dest: "{{ local_temp.path }}/yaml/facts/{{ inventory_hostname }}.yaml"
+    content: "--- !ruby/object:Puppet::Node::Facts\nvalues:\n  {{ facter_output.stdout | indent(width=2) }}"
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: compile catalogs
+  command: puppet catalog compile --modulepath={{ inventory_dir }}/puppet/modules --hiera_config={{ local_temp.path }}/hiera.yaml --manifest={{ inventory_dir }}/puppet/site --terminus compiler --vardir {{ local_temp.path }}/ --facts_terminus yaml {{ inventory_hostname }}
+  delegate_to: 127.0.0.1
+  register: catalog
+  tags: puppet_fast
+- name: create remote temporary directory
+  tempfile:
+    state: directory
+  register: remote_temp
+  tags: puppet_fast
+- name: write catalog
+  copy:
+    dest: "{{ remote_temp.path }}/catalog.json"
+    content: "{{ catalog.stdout | regex_replace('\\A.*?\\n', multiline=True) }}"
+  tags: puppet_fast
+- name: preview catalog
+  command: puppet apply --catalog {{ remote_temp.path }}/catalog.json --noop --test
+  register: catalog_apply
+  tags: puppet_fast
+- name: display catalog preview stdout
+  debug:
+    msg: "{{ catalog_apply.stdout_lines }}"
+  tags: puppet_fast
+- name: display catalog preview stderr
+  debug:
+    msg: "{{ catalog_apply.stderr_lines }}"
+  tags: puppet_fast
+- name: pause to confirm
+  pause:
+  tags: pause
+- name: apply catalog
+  command: puppet apply --catalog {{ remote_temp.path }}/catalog.json
+  register: catalog_apply
+  tags: puppet_fast
+- name: display catalog apply stdout
+  debug:
+    msg: "{{ catalog_apply.stdout_lines }}"
+  tags: puppet_fast
+- name: display catalog apply stderr
+  debug:
+    msg: "{{ catalog_apply.stderr_lines }}"
+  tags: puppet_fast
+- name: clean up remote temporary directory
+  file:
+    state: absent
+    path: "{{ remote_temp.path }}"
+  tags: puppet_fast
+- name: clean up local temporary directory
+  file:
+    state: absent
+    path: "{{ local_temp.path}}"
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
diff --git a/personal_infra/playbooks/roles/join_ipa/handlers/main.yml b/personal_infra/playbooks/roles/join_ipa/handlers/main.yml
new file mode 100644
index 00000000..da74d5ee
--- /dev/null
+++ b/personal_infra/playbooks/roles/join_ipa/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart_container
+  delegate_to: "{{ proxmox.host }}"
+  command: pct reboot {{ proxmox.id }}
+
diff --git a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
new file mode 100644
index 00000000..eea24430
--- /dev/null
+++ b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: join
+  # TODO:
+  # -N: no NTP (LXC doesn't need NTP)
+  shell: getent passwd admin || ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password|trim }} --mkhomedir -p {{ freeipa.join_user }}
+- name: set idmappings
+  blockinfile:
+    path: /etc/pve/lxc/{{ proxmox.id }}.conf
+    block: |
+      lxc.idmap = u 0 100000 65536
+      lxc.idmap = g 0 100000 65536
+      lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+      lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+  delegate_to: "{{ proxmox.host }}"
+  notify: restart_container
diff --git a/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml b/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml
new file mode 100644
index 00000000..e0dd86f8
--- /dev/null
+++ b/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: download template
+  command: "pveam download local {{ flavors[proxmox.flavor].template }}_amd64.tar.xz"
+  args:
+    creates: "/var/lib/vz/template/cache/{{ flavors[proxmox.flavor].template }}_amd64.tar.xz"
+  delegate_to: "{{ proxmox.host }}"
+- name: create host
+  command: >
+    pct create {{ proxmox.id }} "/var/lib/vz/template/cache/{{ flavors[proxmox.flavor].template }}_amd64.tar.xz"
+      --hostname {{ inventory_hostname }}
+      --storage local-zfs
+      -net0 name=eth0,bridge=vmbr0,ip=dhcp
+      -onboot 1
+      --unprivileged
+      --password {{ ansible_password|trim }}
+      --nameserver {{ hostvars[proxmox.host].network.self_internal_ip }}
+      --ostype {{ flavors[proxmox.flavor].pct_ostype }}
+  args:
+    creates: "/etc/pve/lxc/{{ proxmox.id }}.conf"
+  delegate_to: "{{ proxmox.host }}"
+# https://bugzilla.proxmox.com/show_bug.cgi?id=4460
+- name: set hostname
+  copy:
+    content: "{{ inventory_hostname }}"
+    dest: /rpool/data/subvol-{{ proxmox.id }}-disk-0/etc/hostname
+  delegate_to: "{{ proxmox.host }}"
+- name: start host
+  shell: "{ pct status {{ proxmox.id }} | grep running ; } || pct start {{ proxmox.id }}"
+  delegate_to: "{{ proxmox.host }}"
+- name: update packages to prevent automatic updates causing issues later. retry until network available
+  command: pct exec {{ proxmox.id }} -- dnf update -y
+  retries: 10
+  delay: 1
+  until: result.rc == 0
+  register: result
+  delegate_to: "{{ proxmox.host }}"
+- name: install ssh
+  command: pct exec {{ proxmox.id }} -- dnf install -y openssh-server
+  delegate_to: "{{ proxmox.host }}"
+- name: enable ssh
+  command: pct exec {{ proxmox.id }} -- systemctl enable --now sshd
+  delegate_to: "{{ proxmox.host }}"
diff --git a/personal_infra/playbooks/roles/proxmox_create_lxc/vars/main.yml b/personal_infra/playbooks/roles/proxmox_create_lxc/vars/main.yml
new file mode 100644
index 00000000..b9bdcc6a
--- /dev/null
+++ b/personal_infra/playbooks/roles/proxmox_create_lxc/vars/main.yml
@@ -0,0 +1,8 @@
+---
+flavors:
+  el8:
+    template: rockylinux-8-default_20210929
+    pct_ostype: centos
+  el9:
+    template: rockylinux-9-default_20221109
+    pct_ostype: centos
diff --git a/personal_infra/playbooks/roles/verify_root_mail/tasks/main.yml b/personal_infra/playbooks/roles/verify_root_mail/tasks/main.yml
new file mode 100644
index 00000000..da205cf4
--- /dev/null
+++ b/personal_infra/playbooks/roles/verify_root_mail/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: send root mail
+  command:
+    cmd: mail -s "ansible test {{ inventory_hostname }}" root
+    stdin: test