jaydee/ansible
1
0
Fork 0
mirror of https://gitlab.sectorq.eu/jaydee/ansible.git synced 2025-07-01 15:38:33 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

aaa

Browse Source
This commit is contained in:
jaydee
2025-03-18 17:24:20 +01:00
parent 5792932507
commit 3f601f92a0
13 changed files with 414 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
playbooks/00_sync_rpi5.yml
View File

@ -2,7 +2,7 @@
name: Sync rpi5
become: true
tasks:
- name: Apt exclude linux-dtb-current-meson64
- name: Get running packages
ansible.builtin.shell: "docker ps|awk '{print $NF}'"
register: containers
- debug:
@ -13,4 +13,4 @@
when: item != "NAMES" and item != "watchtower-watchtower-1"
with_items: "{{ containers.stdout_lines }}"
- name: Sync data
ansible.builtin.shell: "/myapps/venv/bin/python3 /myapps/omv_backup.py -r all"
ansible.builtin.shell: "/myapps/venv/bin/python3 /myapps/omv_backup.py -r all"

235
playbooks/switch_destination.yaml
View File

@ -1,90 +1,173 @@
- hosts: containers
name: Switch mailu to second
- hosts: docker_servers
name: Switch server
ignore_unreachable: false
vars:
arch_name: docker_mailu2_data
containers:
- nginx-app-1
- heimdall
- mailu2-admin-1
- mailu2-antispam-1
- mailu2-antivirus-1
- mailu2-fetchmail-1
- mailu2-front-1
- mailu2-imap-1
- mailu2-oletools-1
- mailu2-redis-1
- mailu2-resolver-1
- mailu2-smtp-1
- mailu2-webdav-1
- mailu2-webmail-1
- HomeAssistant
- mosquitto-mosquitto-1
- gitlab
- watchtower-watchtower-1
- kestra-kestra-1
- kestra-postgres-1
- authentik-worker-1
- authentik-server-1
- authentik-redis-1
- authentik-postgresql-1
tasks:
- name: Start mailu containers
command: "docker start {{ containers | join(' ') }}"
become: true
- name: Reconfigure swap size
ansible.builtin.lineinfile:
path: /etc/sysctl.conf
regexp: "^net.ipv4.igmp_max_memberships =.*"
line: "net.ipv4.igmp_max_memberships = 1024"
create: true
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
when: inventory_hostname != "router.home.lan"
- name: Start containers
shell: docker start `docker ps -a |awk '{ print $NF }'|grep -v NAME |xargs`
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
ignore_errors: true
when: inventory_hostname in groups['raspberrypi5']
- name: Get ruleset
command: nvram get vts_rulelist
when: inventory_hostname in groups['router']
register: ruleset
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ ruleset.stdout }}"
when: inventory_hostname in groups['router']
when: inventory_hostname == destination and inventory_hostname != "nas.home.lan"
- name: Start containers
shell: docker exec -it gitlab update-permissions
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
ignore_errors: true
when: inventory_hostname == destination and inventory_hostname != "nas.home.lan and inventory_hostname != "rpi5.home.lan"
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ destination }}"
when: inventory_hostname in groups['router']
- name: Start containers
shell: /share/ZFS530_DATA/.qpkg/container-station/bin/docker exec -it gitlab update-permissions
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
ignore_errors: true
when: inventory_hostname == destination and inventory_hostname == "nas.home.lan"
- name: initialize variables
set_fact:
regexp: "\\g<1>{{ destination }}\\3"
when: inventory_hostname in groups['router']
- name: Start containers
shell: /share/ZFS530_DATA/.qpkg/container-station/bin/docker start `/share/ZFS530_DATA/.qpkg/container-station/bin/docker ps -a |awk '{ print $NF }'|grep -v NAME |xargs`
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
ignore_errors: true
when: inventory_hostname == destination and inventory_hostname == "nas.home.lan"
- set_fact:
app_path: "{{ ruleset.stdout | regex_replace('(\\<MAIL_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) | regex_replace('(\\<WEB_SERVER\\>[0-9,]{1,}\\>)([0-9.]{1,})(\\>[0-9a-zA-Z\\s-]{0,}\\>TCP\\>)', regexp) }}"
when: inventory_hostname in groups['router']
- name: Get Authentification token
ansible.builtin.uri:
url: http://localhost:9380/api/auth
method: POST
body_format: json
body: {"password":"l4c1j4yd33Du5lo"}
register: login
when: inventory_hostname != "router.home.lan"
# - debug:
# msg: "{{ login.json.session }}"
- name: Get Config
ansible.builtin.uri:
url: http://localhost:9380/api/config
method: GET
headers:
X-FTL-SID: "{{ login.json.session.sid }}"
register: old_config
when: inventory_hostname != "router.home.lan"
# - debug:
# msg: "{{ old_config.json.config.dns.cnameRecords }}"
- name: Parse config
ansible.builtin.set_fact:
jsondata: "{{ old_config }}"
- name: New records for nas
ansible.builtin.set_fact:
new_data: ["mqtt.home.lan,nas.home.lan","media.home.lan,nas.home.lan","ldap.home.lan,nas.home.lan","webhub.home.lan,nas.home.lan","semaphore.home.lan,nas.home.lan","active.home.lan,nas.home.lan"]
when: destination == 'nas.home.lan'
- name: New records for m-server
ansible.builtin.set_fact:
new_data: ["mqtt.home.lan,m-server.home.lan","media.home.lan,m-server.home.lan","ldap.home.lan,m-server.home.lan","webhub.home.lan,m-server.home.lan","semaphore.home.lan,m-server.home.lan","active.home.lan,m-server.home.lan"]
when: destination == 'm-server.home.lan'
- name: New records for rpi5
ansible.builtin.set_fact:
new_data: ["mqtt.home.lan,rpi5.home.lan","media.home.lan,rpi5.home.lan","ldap.home.lan,rpi5.home.lan","webhub.home.lan,rpi5.home.lan","semaphore.home.lan,rpi5.home.lan","active.home.lan,rpi5.home.lan"]
when: destination == 'rpi5.home.lan'
- name: Print the gateway for each host when defined
ansible.builtin.debug:
msg: "var is {{ app_path }}"
when: inventory_hostname in groups['router']
# - debug:
# msg: "{{ new_data }}"
- name: Set new values
ansible.utils.update_fact:
updates:
- path: jsondata.json.config.dns.cnameRecords
value: "{{ new_data }}"
register: new_config
when: inventory_hostname != "router.home.lan"
- name: Pause for 60 seconds
ansible.builtin.pause:
seconds: 60
- name: Set new ruleset
command: nvram set vts_rulelist="{{ app_path }}"
when: inventory_hostname in groups['router']
- name: Nvram commit
command: nvram commit
when: inventory_hostname in groups['router']
- name: Restart firewall
command: service restart_firewall
when: inventory_hostname in groups['router']
- name: Patch config
ansible.builtin.uri:
url: http://localhost:9380/api/config
method: PATCH
body: "{{ new_config.jsondata.json |to_json}}"
headers:
X-FTL-SID: "{{ login.json.session.sid }}"
Content-Type: application/json
register: _result
until: _result.status == 200
retries: 3 # 720 * 5 seconds = 1hour (60*60/5)
delay: 5 # Every 5 seconds
register: _result
until: _result.status == 200
retries: 3 # 720 * 5 seconds = 1hour (60*60/5)
delay: 5 # Every 5 seconds
when: inventory_hostname != "router.home.lan"
- name: Sleep for 30 seconds and continue with play
ansible.builtin.wait_for:
timeout: 10
- name: Logout
ansible.builtin.uri:
url: http://localhost:9380/api/auth
method: DELETE
status_code: 204
headers:
X-FTL-SID: "{{ login.json.session.sid }}"
when: inventory_hostname != "router.home.lan"
ignore_errors: true
- name: Setting up resolv.conf
ansible.builtin.copy:
dest: "/etc/resolv.conf"
content: |
nameserver 192.168.77.101
nameserver 192.168.77.106
nameserver 192.168.77.238
options rotate
options timeout:1
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
# until: _result.status == 204
# retries: 3 # 720 * 5 seconds = 1hour (60*60/5)
# delay: 5 # Every 5 seconds
- name: Sleep for 60 seconds and continue with play
ansible.builtin.wait_for:
timeout: 60
- name: Reconfigurte router containers
shell: python3 /root/unifi-api/unifi.py -s -d "{{ destination.split('.')[0] }}"
when: inventory_hostname == "router.home.lan"
- name: Stop containers
shell: docker stop `docker ps -a |awk '{ print $NF }'|egrep -v "NAME|^pihole$|watchtower|portainer" |xargs`
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
ignore_errors: true
when: inventory_hostname != destination and inventory_hostname != "nas.home.lan" and inventory_hostname != "router.home.lan"
- name: Restart containers
shell: docker restart nginx-app-1
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
when: inventory_hostname == destination
- name: Stop containers
shell: /share/ZFS530_DATA/.qpkg/container-station/bin/docker stop `/share/ZFS530_DATA/.qpkg/container-station/bin/docker ps -a |awk '{ print $NF }'|egrep -v "NAME|pihole|watchtower" |xargs`
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
ignore_errors: true
when: inventory_hostname != destination and inventory_hostname == "nas.home.lan" and inventory_hostname != "router.home.lan"
- name: Sleep for 120 seconds and continue with play
ansible.builtin.wait_for:
timeout: 120
# - name: Restart containers
# shell: docker restart nginx-app-1
# become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
# when: inventory_hostname == destination

15
playbooks/switch_destination_test.yaml Executable file
View File

@ -0,0 +1,15 @@
- hosts: datacenter
name: Switch server
ignore_unreachable: false
tasks:
- name: Unifi Modifi
ansible.builtin.uri:
url: http://192.168.77.101:8123/api/webhook/-WcEse1k5QxIBlQu5B0u-5Esb?server=nas
method: POST
when: inventory_hostname == destination and destination == "nas.home.lan"
- name: Unifi Modifi
ansible.builtin.uri:
url: http://192.168.77.101:8123/api/webhook/-WcEse1k5QxIBlQu5B0u-5Esb?server=m-server
method: POST
when: inventory_hostname == destination and destination == "m-server.home.lan"