diff options
| author | spmfox <spmfox@foxwd.com> | 2025-04-15 15:00:52 -0400 |
|---|---|---|
| committer | spmfox <spmfox@foxwd.com> | 2025-04-15 15:00:52 -0400 |
| commit | 33af7561882425e6e1a2d3ed56e46f2c5a10033f (patch) | |
| tree | cdac4a3e31162c5f75d7517d14c246289a34edf4 | |
| parent | 422bc9712219fdd4d4719fc98218c76c2a7e86bc (diff) | |
support for remote jobs, support for more host config, quadlet logic tweaking
| -rw-r--r-- | containers-local.yml | 4 | ||||
| -rw-r--r-- | containers-remote.yml | 9 | ||||
| -rw-r--r-- | containers.yml | 16 | ||||
| -rw-r--r-- | roles/containers/tasks/quadlet_start.yml | 9 | ||||
| -rw-r--r-- | roles/host/defaults/main.yml | 6 | ||||
| -rw-r--r-- | roles/host/tasks/firewall.yml | 17 | ||||
| -rw-r--r-- | roles/host/tasks/hostname.yml | 4 | ||||
| -rw-r--r-- | roles/host/tasks/main.yml | 19 | ||||
| -rw-r--r-- | roles/host/tasks/mounts.yml | 9 | ||||
| -rw-r--r-- | roles/host/tasks/packages.yml | 9 | ||||
| -rw-r--r-- | roles/host/tasks/patching.yml | 46 | ||||
| -rw-r--r-- | roles/host/tasks/timezone.yml | 3 | ||||
| -rw-r--r-- | roles/host/tasks/user.yml | 1 | ||||
| -rw-r--r-- | roles/requirements.yml | 4 |
14 files changed, 130 insertions, 26 deletions
diff --git a/containers-local.yml b/containers-local.yml new file mode 100644 index 0000000..313afc0 --- /dev/null +++ b/containers-local.yml @@ -0,0 +1,4 @@ +- hosts: localhost + tasks: + - ansible.builtin.import_role: + name: "containers" diff --git a/containers-remote.yml b/containers-remote.yml new file mode 100644 index 0000000..25f6030 --- /dev/null +++ b/containers-remote.yml @@ -0,0 +1,9 @@ +- hosts: all + become: true + become_method: "machinectl" + become_user: "{{ containers_user if containers_user is defined else 'containers' }}" + vars: + ansible_user: "root" + tasks: + - ansible.builtin.import_role: + name: "containers" diff --git a/containers.yml b/containers.yml deleted file mode 100644 index 5697a8a..0000000 --- a/containers.yml +++ /dev/null @@ -1,16 +0,0 @@ -- hosts: localhost - gather_facts: false - tasks: - - name: Add localhost to all group if no hosts are defined - ansible.builtin.add_host: - name: localhost - ansible_connection: "local" - when: groups['all'] | length == 0 - tags: - - always - - -- hosts: all - tasks: - - ansible.builtin.import_role: - name: "containers" diff --git a/roles/containers/tasks/quadlet_start.yml b/roles/containers/tasks/quadlet_start.yml index ade3da6..f2ec82b 100644 --- a/roles/containers/tasks/quadlet_start.yml +++ b/roles/containers/tasks/quadlet_start.yml @@ -7,21 +7,22 @@ label: "{{ item.name}}.service" loop: "{{ containers_quadlets }}" -- name: Check for quadlet not in active or activating state +- name: Check for failed quadlet ansible.builtin.shell: "systemctl --user is-active {{ item.name }}.service" loop_control: label: "{{ item.name}}.service: {{ quadlet_status.stdout }}" loop: "{{ containers_quadlets }}" register: quadlet_status - failed_when: quadlet_status.stdout not in ['active', 'activating'] + failed_when: quadlet_status.stdout == 'failed' -- name: Wait for quadlet state to go active +- name: Wait for quadlet state to be active or inactive ansible.builtin.shell: "systemctl --user is-active {{ item.name }}.service" loop_control: label: "{{ item.name}}.service: {{ quadlet_status.stdout }}" loop: "{{ containers_quadlets }}" register: quadlet_status - until: quadlet_status.stdout == 'active' + until: quadlet_status.stdout in ['active', 'inactive'] + failed_when: quadlet_status.stdout not in ['active', 'inactive'] delay: 2 retries: 25 diff --git a/roles/host/defaults/main.yml b/roles/host/defaults/main.yml index b56535f..1e7f955 100644 --- a/roles/host/defaults/main.yml +++ b/roles/host/defaults/main.yml @@ -6,5 +6,7 @@ host_shell_login_helper: | podman container list --all --sort status --format={{ '"{{.State}} {{.Status}} {{.Names}}"' }} echo "" -host_containers_user: "containers" -host_unprivileged_port_start: 80 +host_containers_user: "{{ containers_user if containers_user is defined else 'containers' }}" +host_patching: false +host_patching_apply: false +host_patching_reboot: "never" diff --git a/roles/host/tasks/firewall.yml b/roles/host/tasks/firewall.yml new file mode 100644 index 0000000..35138ff --- /dev/null +++ b/roles/host/tasks/firewall.yml @@ -0,0 +1,17 @@ +- name: Modify firewall services + ansible.posix.firewalld: + service: "{{ item.service }}" + state: "{{ item.state }}" + permanent: true + immediate: true + loop: "{{ host_firewall.services }}" + when: host_firewall.services is defined + +- name: Modify firewall ports + ansible.posix.firewalld: + port: "{{ item.port }}" + state: "{{ item.state }}" + permanent: true + immediate: true + loop: "{{ host_firewall.ports }}" + when: host_firewall.ports is defined diff --git a/roles/host/tasks/hostname.yml b/roles/host/tasks/hostname.yml new file mode 100644 index 0000000..92184a2 --- /dev/null +++ b/roles/host/tasks/hostname.yml @@ -0,0 +1,4 @@ +- name: Set hostname + ansible.builtin.hostname: + name: "{{ host_hostname }}" + use: "systemd" diff --git a/roles/host/tasks/main.yml b/roles/host/tasks/main.yml index 3b92a94..0a205da 100644 --- a/roles/host/tasks/main.yml +++ b/roles/host/tasks/main.yml @@ -1,3 +1,12 @@ +- ansible.builtin.import_tasks: hostname.yml + when: host_hostname is defined + +- ansible.builtin.import_tasks: timezone.yml + when: host_timezone is defined + +- ansible.builtin.import_tasks: mounts.yml + when: host_mounts is defined + - ansible.builtin.import_tasks: packages.yml - ansible.builtin.import_tasks: user.yml @@ -8,10 +17,14 @@ - ansible.builtin.import_tasks: systemd-user-network-check.yml +- ansible.builtin.import_tasks: firewall.yml + when: host_firewall is defined + - ansible.builtin.import_tasks: unprivileged-port.yml - tags: - - never - - unprivileged-port + when: host_unprivileged_port_start is defined + +- ansible.builtin.import_tasks: patching.yml + when: host_patching | bool - ansible.builtin.import_tasks: cpanel-dnsonly.yml tags: diff --git a/roles/host/tasks/mounts.yml b/roles/host/tasks/mounts.yml new file mode 100644 index 0000000..05ddcc0 --- /dev/null +++ b/roles/host/tasks/mounts.yml @@ -0,0 +1,9 @@ +- name: Manage mounts + ansible.posix.mount: + path: "{{ item.path }}" + src: "{{ item.src }}" + fstype: "{{ item.fstype }}" + opts: "{{ item.opts }}" + state: "{{ item.state }}" + loop: "{{ host_mounts }}" + when: host_mounts is defined diff --git a/roles/host/tasks/packages.yml b/roles/host/tasks/packages.yml index df78985..c7c21cd 100644 --- a/roles/host/tasks/packages.yml +++ b/roles/host/tasks/packages.yml @@ -1,6 +1,13 @@ -- name: Install systemd-container and podman +- name: Install systemd-container, podman ansible.builtin.package: name: - "systemd-container" - "podman" state: present + +- name: Manage additional packages + ansible.builtin.package: + name: "{{ item.name }}" + state: "{{ item.state }}" + loop: "{{ host_packages }}" + when: host_packages is defined diff --git a/roles/host/tasks/patching.yml b/roles/host/tasks/patching.yml new file mode 100644 index 0000000..35ec727 --- /dev/null +++ b/roles/host/tasks/patching.yml @@ -0,0 +1,46 @@ +- name: Block for RHEL 9 + block: + - name: Install dnf-automatic + ansible.builtin.package: + name: "dnf-automatic" + state: "present" + + - name: Configure /etc/dnf/automatic.conf for reboot + ansible.builtin.lineinfile: + path: "/etc/dnf/automatic.conf" + search_string: "reboot = " + line: "reboot = {{ host_patching_reboot }}" + + - name: Enable and start dnf-automatic-install.timer + ansible.builtin.systemd: + name: "dnf-automatic-install.timer" + enabled: true + state: "started" + when: + - ansible_distribution_file_variety == "RedHat" + - ansible_distribution_major_version == "9" + +- name: Block for Fedora 41 and higher + block: + - name: Install dnf5-plugin-automatic + ansible.builtin.package: + name: "dnf5-plugin-automatic" + state: "present" + + - name: Configure /etc/dnf/automatic.conf for reboot + ansible.builtin.blockinfile: + path: "/etc/dnf/automatic.conf" + create: true + block: | + [commands] + apply_updates = yes + reboot = {{ host_patching_reboot }} + + - name: Enable and start dnf5-automatic.timer + ansible.builtin.systemd: + name: "dnf5-automatic.timer" + enabled: true + state: "started" + when: + - ansible_distribution == "Fedora" + - ansible_distribution_major_version |int >= 41 diff --git a/roles/host/tasks/timezone.yml b/roles/host/tasks/timezone.yml new file mode 100644 index 0000000..06f27b9 --- /dev/null +++ b/roles/host/tasks/timezone.yml @@ -0,0 +1,3 @@ +- name: Set timezone + community.general.timezone: + name: "{{ host_timezone }}" diff --git a/roles/host/tasks/user.yml b/roles/host/tasks/user.yml index 40e9f4c..33d5d88 100644 --- a/roles/host/tasks/user.yml +++ b/roles/host/tasks/user.yml @@ -1,6 +1,7 @@ - name: Create containers user ansible.builtin.user: name: "{{ host_containers_user }}" + shell: "{{ host_containers_user_shell | default(omit) }}" - name: Add containers user to systemd-journal group ansible.builtin.user: diff --git a/roles/requirements.yml b/roles/requirements.yml new file mode 100644 index 0000000..3d76082 --- /dev/null +++ b/roles/requirements.yml @@ -0,0 +1,4 @@ +# ansible-galaxy install -r requirements.yml +collections: + - community.general + - ansible.posix |