Touch anything
* Add quoting * Use fully qualified community names (FQCNs) * Use quoted octal unix-permissions * Replace module "synchronize" with "copy" * Add and fix names to tasks and handlers
This commit is contained in:
parent
4d9e4a4d80
commit
7523e61773
|
@ -1,48 +1,56 @@
|
|||
---
|
||||
# handlers file for fai
|
||||
|
||||
- name: restart tftp server
|
||||
service:
|
||||
- name: "Restart tftp server"
|
||||
ansible.builtin.service:
|
||||
name: tftpd-hpa
|
||||
state: restarted
|
||||
enabled: true
|
||||
listen: restart tftpd
|
||||
|
||||
- name: restart apt-cacher-ng
|
||||
service:
|
||||
- name: "Restarting apt-cacher-ng"
|
||||
ansible.builtin.service:
|
||||
name: apt-cacher-ng
|
||||
state: restarted
|
||||
enabled: true
|
||||
listen: restart apt-cacher-ng
|
||||
|
||||
- name: pack fai configuration
|
||||
shell: "tar -C {{ fai_configdir }} -cf {{ fai_download_dir }}/{{ fai_profiles_archive }} ."
|
||||
- name: "Pack fai configuration"
|
||||
ansible.builtin.shell: |
|
||||
tar -C "{{ fai_configdir }}" \
|
||||
-cf "{{ fai_download_dir + '/' + fai_profiles_archive }}" .
|
||||
listen: pack fai-config
|
||||
|
||||
- name: ensure inetd is refreshed, when config changed
|
||||
service:
|
||||
- name: "Restarting inetd"
|
||||
ansible.builtin.service:
|
||||
name: inetutils-inetd
|
||||
state: restarted
|
||||
listen: restart inetd
|
||||
|
||||
- name: reload ntp config
|
||||
service:
|
||||
- name: "Restarting ntp config"
|
||||
ansible.builtin.service:
|
||||
name: ntp
|
||||
state: restarted
|
||||
listen: restart ntp
|
||||
|
||||
- name: ensure http server is restart after config change
|
||||
service:
|
||||
- name: "Restarting nginx"
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
listen: restart nginx
|
||||
|
||||
- name: apply iptables rules
|
||||
shell: iptables-restore /etc/iptables/rules.v4
|
||||
- name: "apply iptables rules"
|
||||
ansible.builtin.shell: iptables-restore "/etc/iptables/rules.v4"
|
||||
listen: apply iptables
|
||||
|
||||
- name: reload dhcp
|
||||
service:
|
||||
- name: "restart dhcp"
|
||||
ansible.builtin.service:
|
||||
name: isc-dhcp-server
|
||||
state: restarted
|
||||
listen: restart dhcpd
|
||||
|
||||
- name: "Reloading unbound"
|
||||
ansible.builtin.service:
|
||||
name: unbound
|
||||
state: reloaded
|
||||
listen: "reload unbound"
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
- name: install apt cacher
|
||||
package:
|
||||
- name: "Install apt cacher"
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- apt-cacher-ng
|
||||
state: present
|
||||
|
||||
- name: configure apt cacher
|
||||
copy:
|
||||
- name: "Configure apt cacher"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
CacheDir: /var/cache/apt-cacher-ng
|
||||
LogDir: /var/log/apt-cacher-ng
|
||||
|
@ -33,35 +33,35 @@
|
|||
|
||||
# Only serve available files
|
||||
Offlinemode: {% if apt_cacher_offline_mode %}1{% else %}0{% endif %}
|
||||
dest: /etc/apt-cacher-ng/acng.conf
|
||||
dest: "/etc/apt-cacher-ng/acng.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
mode: '0644'
|
||||
notify: restart apt-cacher-ng
|
||||
|
||||
- name: set ubuntu server as backend
|
||||
copy:
|
||||
- name: "Set ubuntu server as backend"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
http://archive.ubuntu.com/ubuntu/
|
||||
dest: /etc/apt-cacher-ng/backends_ubuntu
|
||||
dest: "/etc/apt-cacher-ng/backends_ubuntu"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
mode: '0644'
|
||||
|
||||
- name: ensure service is started and enabled
|
||||
service:
|
||||
- name: "Ensure service is started and enabled"
|
||||
ansible.builtin.service:
|
||||
name: apt-cacher-ng
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: set apt cache also for installer host
|
||||
copy:
|
||||
dest: /etc/apt/apt.conf.d/00proxy
|
||||
- name: "Set apt cache also for installer host"
|
||||
ansible.builtin.copy:
|
||||
dest: "/etc/apt/apt.conf.d/00proxy"
|
||||
content: |
|
||||
Acquire::http::Proxy "http://localhost:3142";
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
mode: '0644'
|
||||
when:
|
||||
- use_apt_cache_for_server
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
- name: setup repos for fai
|
||||
copy:
|
||||
dest: /etc/fai/apt/sources.list
|
||||
- name: "Setup repos for fai"
|
||||
ansible.builtin.copy:
|
||||
dest: "/etc/fai/apt/sources.list"
|
||||
content: |
|
||||
{% if use_apt_cache_for_server %}
|
||||
deb http://localhost:3142/deb.debian.org/debian buster main contrib non-free
|
||||
|
@ -13,15 +13,15 @@
|
|||
deb http://deb.debian.org/debian/ buster-updates main
|
||||
deb http://fai-project.org/download buster koeln
|
||||
{% endif %}
|
||||
mode: u=rw,g=r,o=r
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
register: fai_apt_mirrors
|
||||
|
||||
- name: set loguser
|
||||
copy:
|
||||
dest: /etc/fai/fai.conf
|
||||
mode: u=rw,g=r,o=r
|
||||
- name: "Set loguser"
|
||||
ansible.builtin.copy:
|
||||
dest: "/etc/fai/fai.conf"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
content: |
|
||||
|
|
|
@ -1,20 +1,21 @@
|
|||
- package:
|
||||
- name: "Install package ipxe"
|
||||
ansible.builtin.package:
|
||||
name: ipxe
|
||||
state: present
|
||||
|
||||
- name: copy ipxe
|
||||
copy:
|
||||
- name: "Copy ipxe"
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: /srv/tftp/fai
|
||||
dest: "/srv/tftp/fai"
|
||||
remote_src: yes
|
||||
with_items:
|
||||
- /usr/lib/ipxe/ipxe.efi
|
||||
- /usr/lib/ipxe/ipxe.pxe
|
||||
- /usr/lib/ipxe/ipxe.lkrn
|
||||
- "/usr/lib/ipxe/ipxe.efi"
|
||||
- "/usr/lib/ipxe/ipxe.pxe"
|
||||
- "/usr/lib/ipxe/ipxe.lkrn"
|
||||
notify: restart tftpd
|
||||
|
||||
- name: write ipxe menu
|
||||
copy:
|
||||
- name: "Write ipxe menu"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
#!ipxe
|
||||
set boot-root {{ http_mirror_ipxe_root_url }}
|
||||
|
@ -95,8 +96,8 @@
|
|||
goto start{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
dest: /srv/tftp/fai/menu.ipxe
|
||||
mode: 0644
|
||||
dest: "/srv/tftp/fai/menu.ipxe"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart tftpd
|
||||
|
|
|
@ -1,36 +1,36 @@
|
|||
- name: trust fai key
|
||||
apt_key:
|
||||
- name: "Trust fai key"
|
||||
ansible.builtin.apt_key:
|
||||
id: B11EE3273F6B2DEB528C93DA2BF8D9FE074BCDE4
|
||||
url: https://fai-project.org/download/2BF8D9FE074BCDE4.asc
|
||||
state: present
|
||||
|
||||
- name: add fai repo
|
||||
apt_repository:
|
||||
- name: "Add fai repo"
|
||||
ansible.builtin.apt_repository:
|
||||
repo: deb http://fai-project.org/download {{ debian_release }} koeln
|
||||
state: present
|
||||
|
||||
- name: install all required fai programs
|
||||
package:
|
||||
- name: "Install all required fai programs"
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- fai-server
|
||||
- squashfs-tools
|
||||
- ipxe
|
||||
state: present
|
||||
|
||||
- name: create fai profiles directory
|
||||
file:
|
||||
- name: "Create fai profiles directory"
|
||||
ansible.builtin.file:
|
||||
name: "{{ fai_configdir }}"
|
||||
state: directory
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
mode: '0755'
|
||||
owner: root
|
||||
group: root
|
||||
recurse: true
|
||||
|
||||
- name: create http download directories
|
||||
file:
|
||||
- name: "Create http download directories"
|
||||
ansible.builtin.file:
|
||||
name: "{{ item }}"
|
||||
state: directory
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
mode: '0755'
|
||||
owner: root
|
||||
group: root
|
||||
recurse: true
|
||||
|
|
|
@ -1,37 +1,39 @@
|
|||
- name: create fai dir
|
||||
file:
|
||||
name: /srv/fai/config
|
||||
- name: "Create fai dir"
|
||||
ansible.builtin.file:
|
||||
name: "/srv/fai/config"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
mode: '0755'
|
||||
|
||||
- name: copy fai profiles
|
||||
synchronize:
|
||||
src: profiles/
|
||||
- name: "Copy fai profiles"
|
||||
ansible.builtin.copy:
|
||||
src: "profiles/"
|
||||
dest: "{{ fai_configdir }}"
|
||||
mode: push
|
||||
delete: yes
|
||||
user: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
force: yes
|
||||
recursive: yes
|
||||
notify: pack fai-config
|
||||
|
||||
- name: Set APT proxy
|
||||
template:
|
||||
- name: "Set APT proxy"
|
||||
ansible.builtin.template:
|
||||
src: fai-profile-00-proxy.yml
|
||||
dest: "{{ fai_configdir }}/files/etc/apt/apt.conf.d/00-proxy/HW4F_DESKTOP"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
mode: '0644'
|
||||
notify: pack fai-config
|
||||
|
||||
- name: Set fai provision vars for HW4F profile
|
||||
copy:
|
||||
- name: "Set fai provision vars for HW4F profile"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
# set time
|
||||
### CONFIGURE TIME
|
||||
UTC=yes
|
||||
TIMEZONE=Europe/Berlin
|
||||
|
||||
# some install parameters
|
||||
### INSTALL PARAMETERS
|
||||
STOP_ON_ERROR=700
|
||||
MAXPACKAGES=800
|
||||
|
||||
|
@ -43,6 +45,6 @@
|
|||
dest: "{{ fai_configdir }}/class/HW4F_DESKTOP.var"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
mode: '0644'
|
||||
notify: pack fai-config
|
||||
|
||||
|
|
|
@ -1,44 +1,50 @@
|
|||
- find:
|
||||
paths: /srv/fai/nfsroot/boot
|
||||
- name: "Find linux kernel images"
|
||||
ansible.builtin.find:
|
||||
paths: "/srv/fai/nfsroot/boot"
|
||||
patterns: "vmlinuz-*"
|
||||
register: fai_live_vmlinuz
|
||||
|
||||
- find:
|
||||
paths: /srv/fai/nfsroot/boot
|
||||
- name: "Find linux initial ram-disks"
|
||||
ansible.builtin.find:
|
||||
paths: "/srv/fai/nfsroot/boot"
|
||||
patterns: "initrd.img-*"
|
||||
register: fai_live_initrd
|
||||
|
||||
- set_fact:
|
||||
- name: "Manipulate file pathes"
|
||||
ansible.builtin.set_fact:
|
||||
fai_live_vmlinuz: "{{ fai_live_vmlinuz.files[0].path |regex_replace('.*/', '') }}"
|
||||
fai_live_initrd: "{{ fai_live_initrd.files[0].path |regex_replace('.*/', '') }}"
|
||||
|
||||
- name: copy linux kernel and initrd to tftp root
|
||||
copy:
|
||||
- name: "Copy linux kernel and initrd to tftp root"
|
||||
ansible.builtin.copy:
|
||||
src: "/srv/fai/nfsroot/boot/{{ item }}"
|
||||
dest: "{{ ipxe_download_dir }}/{{ item }}"
|
||||
dest: "{{ ipxe_download_dir + '/' + item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
mode: '0544'
|
||||
remote_src: true
|
||||
with_items:
|
||||
- "{{ fai_live_vmlinuz }}"
|
||||
- "{{ fai_live_initrd }}"
|
||||
|
||||
- name: check for generated squashfs image
|
||||
stat:
|
||||
- name: "Check for generated squashfs image"
|
||||
ansible.builtin.stat:
|
||||
path: "{{ fai_squashfs_path }}"
|
||||
register: squash_img
|
||||
|
||||
- name: generate a downloadable squashfs of root filesystem
|
||||
- name: "Generate a downloadable squashfs of root filesystem"
|
||||
shell: "fai-cd -f -M -S {{ fai_squashfs_path }} -d {{ http_mirror_fai_profiles_url }}"
|
||||
when:
|
||||
- not squash_img.stat.exists
|
||||
|
||||
- name: copy additional files
|
||||
synchronize:
|
||||
src: "{{ item.value.files }}/"
|
||||
dest: "{{ ipxe_download_dir }}/{{ item.key }}"
|
||||
- name: "Copy additional files"
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item.value.files + '/' }}"
|
||||
dest: "{{ ipxe_download_dir + '/' + item.key }}"
|
||||
mode: push
|
||||
delete: yes
|
||||
force: yes
|
||||
recursive: yes
|
||||
with_dict: "{{ ipxe_additional_entries }}"
|
||||
loop: "{{ ipxe_additional_entries
|
||||
|dict2items }}"
|
||||
tags:
|
||||
- copy_additional_files
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
- copy:
|
||||
dest: /etc/fai/nfsroot.conf
|
||||
- name: "Create configuration for nfsroot"
|
||||
ansible.builtin.copy:
|
||||
dest: "/etc/fai/nfsroot.conf"
|
||||
content: |
|
||||
# For a detailed description see nfsroot.conf(5)
|
||||
|
||||
|
@ -16,14 +17,14 @@
|
|||
FAI_CONFIGDIR=/srv/fai/config
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
mode: '0644'
|
||||
|
||||
- name: test nfsroot exists
|
||||
stat:
|
||||
path: /srv/fai/nfsroot
|
||||
- name: "Test nfsroot exists"
|
||||
ansible.builtin.stat:
|
||||
path: "/srv/fai/nfsroot"
|
||||
register: nfsroot_res
|
||||
|
||||
- name: generate root filesystem, kernel and initrd
|
||||
shell: fai-make-nfsroot
|
||||
- name: "Generate root filesystem, kernel and initrd"
|
||||
ansible.builtin.shell: fai-make-nfsroot
|
||||
when:
|
||||
- not nfsroot_res.stat.exists
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
- name: install dhcpd
|
||||
package:
|
||||
- name: "Install dhcpd"
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- isc-dhcp-server
|
||||
state: present
|
||||
|
||||
- name: configure dhcp server
|
||||
copy:
|
||||
- name: "Configure dhcp server"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
option dhcp-max-message-size 2048;
|
||||
use-host-decl-names on;
|
||||
|
@ -46,26 +46,26 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
dest: /etc/dhcp/dhcpd.conf
|
||||
mode: u=rw,g=r,o=o
|
||||
dest: "/etc/dhcp/dhcpd.conf"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
# validate: dhcpd -t -cf %s
|
||||
notify: restart dhcpd
|
||||
|
||||
- name: set dhcp server interface
|
||||
copy:
|
||||
- name: "Set dhcp server interface"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
INTERFACESv4="{{dhcp_interface}}"
|
||||
INTERFACESv6=""
|
||||
dest: /etc/default/isc-dhcp-server
|
||||
mode: u=rw,g=r,o=o
|
||||
dest: "/etc/default/isc-dhcp-server"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart dhcpd
|
||||
|
||||
- name: start dhcp server
|
||||
service:
|
||||
- name: "Start dhcp server"
|
||||
ansible.builtin.service:
|
||||
name: isc-dhcp-server
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
@ -1,29 +1,31 @@
|
|||
---
|
||||
# tasks file for fai
|
||||
- fail:
|
||||
msg: Please specify FAI serving NIC in variable lan_interface (e.g. eth1)
|
||||
msg: |
|
||||
Please specify the NIC serving FAI
|
||||
in variable 'dhcp_interface' (e.g. eth1)
|
||||
when:
|
||||
- not dhcp_interface is defined
|
||||
|
||||
- name: setup apt proxy cache
|
||||
- name: "Setup apt proxy cache"
|
||||
include: apt-cacher-ng.yml
|
||||
|
||||
- name: configure a time server
|
||||
- name: "Configure a time server"
|
||||
include: time-server.yml
|
||||
|
||||
- name: configure a web server
|
||||
- name: "Configure a web server"
|
||||
include: nginx.yml
|
||||
|
||||
- name: configure tftp
|
||||
- name: "Configure tftp"
|
||||
include: tftpd-hpa.yml
|
||||
|
||||
- name: configure dns server
|
||||
- name: "Configure dns server"
|
||||
include: unbound.yml
|
||||
|
||||
- name: configure nic
|
||||
- name: "Configure nic"
|
||||
include: network.yml
|
||||
|
||||
- name: setup dhcp
|
||||
- name: "Setup dhcp"
|
||||
include: isc-dhcp-server.yml
|
||||
|
||||
- include: fai-prepare.yml
|
||||
|
|
|
@ -1,19 +1,20 @@
|
|||
- name: install packages
|
||||
package:
|
||||
---
|
||||
- name: "Install networking packages"
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- iptables
|
||||
- iptables-persistent
|
||||
- ifupdown
|
||||
state: present
|
||||
|
||||
- name: ensure resolved is stopped and disabled
|
||||
- name: "Ensure systemd-resolved is stopped and disabled"
|
||||
service:
|
||||
name: systemd-resolved
|
||||
enabled: false
|
||||
state: stopped
|
||||
|
||||
- name: write config for lan interface
|
||||
copy:
|
||||
- name: "Write config for lan interface"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
auto {{ dhcp_interface }}
|
||||
allow-hotplug {{ dhcp_interface }}
|
||||
|
@ -26,15 +27,15 @@
|
|||
mode: 0644
|
||||
register: dhcp_iface_config
|
||||
|
||||
- name: restart lan interface
|
||||
shell: |
|
||||
- name: "Restart lan interface"
|
||||
ansible.builtin.shell: |
|
||||
ifdown --force {{ dhcp_interface }} || true
|
||||
ifup {{ dhcp_interface }}
|
||||
when:
|
||||
- dhcp_iface_config.changed
|
||||
|
||||
- name: enable permantent masquerading for ipv4
|
||||
copy:
|
||||
- name: "Enable permantent masquerading for ipv4"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
|
@ -43,11 +44,11 @@
|
|||
:OUTPUT ACCEPT [0:0]
|
||||
-A POSTROUTING -o {{wan_interface}} -j MASQUERADE
|
||||
COMMIT
|
||||
dest: /etc/iptables/rules.v4
|
||||
dest: "/etc/iptables/rules.v4"
|
||||
notify: apply iptables
|
||||
|
||||
- name: enable ip forwarding
|
||||
sysctl:
|
||||
- name: "Enable ip forwarding"
|
||||
ansible.builtin.sysctl:
|
||||
name: net.ipv4.ip_forward
|
||||
value: '1'
|
||||
sysctl_set: yes
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
- name: install nginx
|
||||
package:
|
||||
- name: "Install nginx"
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- nginx-light
|
||||
state: present
|
||||
|
||||
- name: configure http server
|
||||
copy:
|
||||
- name: "Configure http server"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
server {
|
||||
listen 80 default_server;
|
||||
|
@ -22,14 +22,14 @@
|
|||
autoindex on;
|
||||
}
|
||||
}
|
||||
dest: /etc/nginx/sites-enabled/default
|
||||
mode: 0644
|
||||
dest: "/etc/nginx/sites-enabled/default"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart nginx
|
||||
|
||||
- name: place info site
|
||||
copy:
|
||||
- name: "Place info site"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
<html>
|
||||
<head>
|
||||
|
@ -41,13 +41,13 @@
|
|||
</body>
|
||||
</html>
|
||||
|
||||
dest: /var/www/html/index.html
|
||||
mode: 0644
|
||||
dest: "/var/www/html/index.html"
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: ensure http server is running
|
||||
service:
|
||||
- name: "Ensure http server is running"
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
- name: install tftp server
|
||||
package:
|
||||
- name: "Install tftp server"
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- tftpd-hpa
|
||||
state: present
|
||||
|
||||
- name: create tftp fai directory
|
||||
file:
|
||||
- name: "Create tftp fai directory"
|
||||
ansible.builtin.file:
|
||||
name: "{{ tftp_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
mode: '0755'
|
||||
recurse: true
|
||||
|
||||
- name: configure tftp server
|
||||
copy:
|
||||
dest: /etc/default/tftpd-hpa
|
||||
- name: "Configure tftp server"
|
||||
ansible.builtin.copy:
|
||||
dest: "/etc/default/tftpd-hpa"
|
||||
content: |
|
||||
TFTP_USERNAME="tftp"
|
||||
TFTP_DIRECTORY="{{ tftp_dir }}"
|
||||
|
@ -23,10 +23,11 @@
|
|||
TFTP_OPTIONS="--secure"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: '0644'
|
||||
notify: restart tftpd
|
||||
|
||||
- service:
|
||||
- name: "Start tftp daemon"
|
||||
ansible.builtin.service:
|
||||
name: tftpd-hpa
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
@ -1,29 +1,29 @@
|
|||
- name: install inetd and ntp
|
||||
package:
|
||||
- name: "Install inetd and ntp"
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- inetutils-tools
|
||||
- inetutils-inetd
|
||||
- ntp
|
||||
state: present
|
||||
|
||||
- name: configure rdate for inetd
|
||||
copy:
|
||||
- name: "Configure rdate for inetd"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
time stream tcp nowait root internal
|
||||
dest: /etc/inetd.conf
|
||||
dest: "/etc/inetd.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
mode: '0644'
|
||||
notify: restart inetd
|
||||
|
||||
- name: start inetd
|
||||
service:
|
||||
- name: "Start inetd"
|
||||
ansible.builtin.service:
|
||||
name: inetutils-inetd
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: configure ntp server
|
||||
copy:
|
||||
- name: "Configure ntp server"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
driftfile /var/lib/ntp/ntp.drift
|
||||
|
||||
|
@ -48,14 +48,14 @@
|
|||
restrict ::1
|
||||
|
||||
restrict source notrap nomodify noquery
|
||||
dest: /etc/ntp.conf
|
||||
mode: 0644
|
||||
dest: "/etc/ntp.conf"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart ntp
|
||||
|
||||
- name: ntp is running and enabled
|
||||
service:
|
||||
- name: "Start and enable ntp daemon"
|
||||
ansible.builtin.service:
|
||||
name: ntp
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
- name: install unbound server
|
||||
package:
|
||||
- name: "Install unbound server"
|
||||
ansible.builtin.package:
|
||||
name: unbound
|
||||
state: present
|
||||
|
||||
- name: configure dns
|
||||
copy:
|
||||
- name: "Configure DNS"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
server:
|
||||
access-control: {{ server_net }}.0/{{ server_netbits }} allow
|
||||
|
@ -15,20 +15,14 @@
|
|||
|
||||
local-zone: "{{ domain_name }}." static
|
||||
local-data: "{{ server_name }}.{{ domain_name }}. IN A {{ server_ip }}"
|
||||
dest: /etc/unbound/unbound.conf.d/fai.conf
|
||||
mode: u=rw,g=r,o=r
|
||||
dest: "/etc/unbound/unbound.conf.d/fai.conf"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
register: unbound_conf
|
||||
notify: reload unbound
|
||||
|
||||
- name: ensure unbound is enabled and running
|
||||
service:
|
||||
- name: "Ensure unbound is enabled and running"
|
||||
ansible.builtin.service:
|
||||
name: unbound
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: apply dns config
|
||||
systemd:
|
||||
name: unbound
|
||||
state: restarted
|
||||
when: unbound_conf.changed
|
||||
|
|
Loading…
Reference in New Issue