Compare commits
9 Commits
131c872d32
...
507eec6565
| Author | SHA1 | Date |
|---|---|---|
 Dustin
|
507eec6565 | |
|
Dustin
|
b4bcb12750 | |
|
Dustin
|
69a7e869b4 | |
|
Dustin
|
155cb091f4 | |
|
Dustin
|
4aded1e75c | |
|
Dustin
|
84a5d66b7a | |
|
Dustin
|
f078522d97 | |
|
Dustin
|
da79e8482c | |
|
Dustin
|
a95937d111 |
|
|
@ -38,6 +38,7 @@ pipeline {
|
|||
steps {
|
||||
ansiblePlaybook \
|
||||
playbook: 'dhcpcd.yml',
|
||||
limit: 'dch-gw',
|
||||
become: true,
|
||||
credentialsId: 'jenkins-ssh',
|
||||
vaultCredentialsId: 'ansible-vault',
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
- hosts: file-servers
|
||||
roles:
|
||||
- samba
|
||||
- fileserver
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
krb5_realm: PYROCUFFLINK.BLUE
|
||||
samba_security: ads
|
||||
samba_use_winbind: true
|
||||
pam_winbind: true
|
||||
nss_winbind: true
|
||||
|
|
|
|||
|
|
@ -0,0 +1,13 @@
|
|||
samba_shares:
|
||||
- name: homes
|
||||
browseable: false
|
||||
writable: true
|
||||
- name: Downloads
|
||||
path: /srv/cifs/Downloads
|
||||
guest_ok: true
|
||||
- name: Music
|
||||
path: /srv/cifs/Music
|
||||
guest_ok: true
|
||||
- name: Videos
|
||||
path: /srv/cifs/Videos
|
||||
guest_ok: true
|
||||
4
hosts
4
hosts
|
|
@ -21,6 +21,9 @@ vm-hosts
|
|||
[dhcpd:children]
|
||||
dch-gw
|
||||
|
||||
[file-servers]
|
||||
file0.pyrocufflink.blue
|
||||
|
||||
[gitea]
|
||||
git0.pyrocufflink.blue
|
||||
|
||||
|
|
@ -44,6 +47,7 @@ cm0.pyrocufflink.blue
|
|||
dc0.pyrocufflink.blue
|
||||
dc1.pyrocufflink.blue
|
||||
dns0.pyrocufflink.blue
|
||||
file0.pyrocufflink.blue
|
||||
git0.pyrocufflink.blue
|
||||
jenkins0.pyrocufflink.blue
|
||||
rprx0.pyrocufflink.blue
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
[Unit]
|
||||
Description=Wait for global address on %I
|
||||
Requires=sys-subsystem-net-devices-%i.device
|
||||
After=sys-subsystem-net-devices-%i.device
|
||||
After=network-pre.target
|
||||
Before=network-online.target
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@
|
|||
mode=0644
|
||||
notify: reload systemd
|
||||
|
||||
- meta: flush_handlers
|
||||
- name: ensure wait-global-address service starts at boot
|
||||
service:
|
||||
name=wait-global-address@{{ storage_iface }}.service
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
file_shares: []
|
||||
samba_use_smbd: true
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
- name: save firewalld configuration
|
||||
command: firewall-cmd --runtime-to-permanent
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
- name: ensure samba is installed
|
||||
package:
|
||||
name=samba
|
||||
state=present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: ensure shared paths exist
|
||||
file:
|
||||
path={{ item.path }}
|
||||
mode={{ item.dir_mode|d('0755') }}
|
||||
state=directory
|
||||
with_items: '{{ samba_shares|selectattr("path", "defined")|list }}'
|
||||
|
||||
- name: ensure samba shares are configured
|
||||
template:
|
||||
src=shares.conf.j2
|
||||
dest=/etc/samba/shares.conf
|
||||
mode=0644
|
||||
notify: restart smbd
|
||||
|
||||
- name: ensure smb service starts at boot
|
||||
service:
|
||||
name={{ smbd_svc }}
|
||||
enabled=yes
|
||||
- meta: flush_handlers
|
||||
- name: ensure smb service is running
|
||||
service:
|
||||
name={{ smbd_svc }}
|
||||
state=started
|
||||
|
||||
- name: ensure samba is allowed in the firewall
|
||||
firewalld:
|
||||
service=samba
|
||||
permanent=no
|
||||
immediate=yes
|
||||
state=enabled
|
||||
notify: save firewalld configuration
|
||||
tags:
|
||||
- firewalld
|
||||
|
||||
- name: ensure selinux allows samba to share home directories
|
||||
seboolean:
|
||||
name=samba_enable_home_dirs
|
||||
persistent=yes
|
||||
state=yes
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
{% macro yesno(value) %}{{ 'Yes' if value|bool else 'No' }}{% endmacro %}
|
||||
{% for share in samba_shares %}
|
||||
|
||||
[{{ share.name }}]
|
||||
{% if share.path is defined %}
|
||||
path = {{ share.path }}
|
||||
{% endif %}
|
||||
{% if share.browseable is defined %}
|
||||
browseable = {{ yesno(share.browseable) }}
|
||||
{% endif %}
|
||||
{% if share.writable is defined %}
|
||||
writable = {{ yesno(share.writable) }}
|
||||
{% endif %}
|
||||
{% if share.guest_ok is defined %}
|
||||
guest ok = {{ yesno(share.guest_ok) }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
@ -28,9 +28,8 @@ make_bond() {
|
|||
|
||||
# VM Network
|
||||
make_bond bond0
|
||||
#add_slave bond0 enp10s0f0
|
||||
#add_slave bond0 enp10s0f1
|
||||
add_slave bond0 enp10s0
|
||||
add_slave bond0 enp10s0f0
|
||||
add_slave bond0 enp10s0f1
|
||||
|
||||
ip link add link bond0 name vlan30 type vlan id 30
|
||||
ip link add link bond0 name vlan101 type vlan id 101
|
||||
|
|
|
|||
|
|
@ -34,3 +34,12 @@ rprx0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsMMAJWFflG/mrcD5b7
|
|||
jenkins0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDibSJk2uGXl+XtvmORdSwnrHuIXo6i8B9+i/yyYEhWayIlBqFVLVpsEqIYzx4ym7iYbVoIl5DI85U7phBaZGDGLWjDHzTNGGNprUL75ZaHJpYFCDPq5yn+EhtW9WUssaP0XJxrYI/rkWta2yuxcszI13Zmw0OSL/+l1vBddtQ0St+4ZlUlAwfWdyrwzWn7e0UnGTz8Cz7Srlo69Rf2heFpqzaoanvCgNZqVjebcIgAh/enbIrTq6aNbZJSos2wGPs8hXF2x0w4KVeqFcbOP8FeZ6dkXcem83U7bxAlDtDYp/knYGMPQ8+rPwcYk49QBxWnyYNlJNJ/texjdiw8vTgT
|
||||
jenkins0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO2NLc/LQzz1GcpIo23pwFz2EETqL0qTDlwAGgCdSD6PMe03OlOof0Z/97MDE7+KfB+84L8IXYZaYKikNPXjTxc=
|
||||
jenkins0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOeWUF9YFqCjc0zla/9TmzoOwxspOKsr8gk8f6YsGRx
|
||||
file0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH+S6aTqXJ15DV3NczbPXVQKXxbvMVtaHToShsrhxps1GGWcJU/pbZtpAQcN4OGth7DQ1Q/1RvrFS+Fd/5U4wv4=
|
||||
file0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzOkLdjAJDPyja2o4+Km52VNM4t7jeYTyMVYl4gtudq
|
||||
file0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbgN04bblL95EStM+wpGF1asvEOL6vmH/oNTIBRd0HbTz8jRa3CMOGWWG7/xGIRjrXglAGURGZ/EOqkyGIsciVtC53lwLuyZT18sqHrmp8S5uq/rNaY3rSVfc7kW/fXsNksjtwnQ/sNtawSZ6UFv+p/X47qOGv0XPAwAzoXDwDpQ27wOz1YnbBa+5itThLh6QvxgM1DKnb78uZ1TBpaCCdtL2iH1IVo3FLmah9bNWvUU1QECKyOUDw3IiwIS6owtHIrpdCiZTlPSJhBLPvv7P/L9V0bTfREP+MMDBT1hhj2NUgmDxC4sDd8k1Qy/qxeyU/FA+7dn7K8YVIEe9rNbs/
|
||||
vmhost0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDP0DV57vTSkM1izH8KRvoyCM7ttVxnGmu293grIztsKhgIe+xOAoPVHruIeI3yfPvvubmRQOVwz/KP+pnGmhSKRjcy4njPFijE5Moy2r+8nuCQnMCakOeMWzHh/CmAdbKi8wutk1SKwriffwLZrOn3bFTI/5dgxFGttwguIRqdgSQonsg2kEpjjGOr/qMJ5iByIbXe02/uE8p3QoVSCA/6jRvCO2+FxK9o54RGriUIaU3FmtTK8deETjc2rlkDjerR3rC6gHnBTXNaRMYuv1tdp/uBByrqPlLBwFzt9af4sGwKyJxZBfrhzX4sXza0U7UkG4u7LtFvgxKIgK9IpFy5
|
||||
vmhost0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJo0IAQVd8tsL81gcGIECJVNFXNHMswU5ngPqBhXnAWb0HwUwm8D946h4eZo2Xvb6vW3o4Y4elrujGa1eI8hxE8=
|
||||
vmhost0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGAy1ezhqDeiNP9HthknqcILLI2VwXeweZ5hHIkbS2
|
||||
vmhost1.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwRCjZp2XbT33lSBwW+oRT4XV1yCgMNBmRqzWkuiptg
|
||||
vmhost1.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChb+kjJ0G61kTNgp5/lEbbgHZuj6qtX93JOiYg3eOXl0Bnen/wS9+/Yy2AJJ1sXIGAefnUJB2nzc5EB2EHbyy07qDRXi3/A3Naa16pVTAF66N/suU3Y87A/IjXGDsRRhH377D3H1Ycm8NvTJoxhkrOy5Y8gKWHmBZtZbC51LGcjJ8E2hIz73M+ltW4d9CEvV9hYJafec2BRZq8Urr9+RdQIZQMOajFu0ZYuZCTUU/W4A7FbgY9MQ1SLjjPIZGFnCffdtu96zRPKrF/t3IOD1guB41aFdchxe9Ppx01mnUZx7hW8fggugnotj0D6Ayoycn7or0SgfbJXgo5mJy1HwQF
|
||||
vmhost1.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEY+GIsCQpg16kny5KtskqbDL5MCrf/eYyj9CxKcrr9+NYT7gExyGMDm6Qsi//AhE8PEO3I5TatqMONyFqk4e/w=
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
- name: save firewalld configuration
|
||||
command: firewall-cmd --runtime-to-permanent
|
||||
|
|
@ -61,3 +61,11 @@
|
|||
name: '{{ item.name }}'
|
||||
autostart: true
|
||||
with_items: '{{ libvirt_networks }}'
|
||||
|
||||
- name: ensure libvirtd migration port is allowed in the firewall
|
||||
firewalld:
|
||||
port=49152/tcp
|
||||
permanent=no
|
||||
immediate=yes
|
||||
state=enabled
|
||||
notify: save firewalld configuration
|
||||
|
|
|
|||
Loading…
Reference in New Issue