From 7385b59c72a1c208daa49de3e4892223219aa25c Mon Sep 17 00:00:00 2001 From: jaydee Date: Wed, 14 Dec 2022 02:23:34 +0100 Subject: [PATCH] init --- ansible.cfg | 490 ++++++++++++++++++ hosts | 74 +++ hosts.yml | 53 ++ hosts_init.yml | 7 + playbooks/00_apt_upgrade.yml | 43 ++ playbooks/00_distribute_ssh_keys.yml | 8 + playbooks/00_getmac.yml | 11 + playbooks/00_initial_adjustments.yml | 42 ++ playbooks/00_install_ldap_client.yml | 103 ++++ playbooks/00_install_omv.yml | 26 + playbooks/00_poweroff.yml | 7 + playbooks/00_test.yml | 54 ++ playbooks/00_tst.yml | 47 ++ playbooks/00_win.yml | 8 + playbooks/05_install_docker.yml | 33 ++ playbooks/05_install_rhasspy.yml | 155 ++++++ playbooks/05_pullimage.yml | 29 ++ playbooks/06_remove_docker.yml | 7 + playbooks/10_install_apparmor.yml | 10 + playbooks/11_reboot.yml | 11 + playbooks/70_create_cluster.yml | 30 ++ playbooks/70_get_k3s_token.yml | 14 + playbooks/70_install_k3s.yml | 71 +++ playbooks/71_uninstall_k3s.yml | 6 + playbooks/71_uninstall_k3s_agent.yml | 5 + playbooks/72_install_k3s_worker.yml | 23 + playbooks/72_register_k3s_worker.yml | 20 + playbooks/80_change_logo.yml | 10 + playbooks/96_test_register.yml | 3 + playbooks/97_test.yml | 10 + playbooks/97_test_uninstall.yml | 5 + playbooks/98_complete_install.yml | 16 + playbooks/99_complete_install.yml | 23 + playbooks/99_complete_install_rhasspy.yml | 9 + playbooks/files/conf/rhasspy/profile.json | 49 ++ playbooks/files/scripts/initial_changes.sh | 31 ++ playbooks/files/scripts/lcd_control.py | 54 ++ .../files/scripts/lcd_control_restart.py | 43 ++ playbooks/files/scripts/lcd_control_start.py | 35 ++ playbooks/files/services/lcd_control.service | 13 + .../services/lcd_control_restart.service | 14 + .../files/services/lcd_control_start.service | 11 + playbooks/files/services/rhasspy.service | 16 + 43 files changed, 1729 insertions(+) create mode 100644 ansible.cfg create mode 100644 hosts create mode 100644 hosts.yml create mode 100644 hosts_init.yml create mode 100644 playbooks/00_apt_upgrade.yml create mode 100644 playbooks/00_distribute_ssh_keys.yml create mode 100644 playbooks/00_getmac.yml create mode 100644 playbooks/00_initial_adjustments.yml create mode 100644 playbooks/00_install_ldap_client.yml create mode 100644 playbooks/00_install_omv.yml create mode 100644 playbooks/00_poweroff.yml create mode 100644 playbooks/00_test.yml create mode 100644 playbooks/00_tst.yml create mode 100644 playbooks/00_win.yml create mode 100644 playbooks/05_install_docker.yml create mode 100644 playbooks/05_install_rhasspy.yml create mode 100644 playbooks/05_pullimage.yml create mode 100644 playbooks/06_remove_docker.yml create mode 100644 playbooks/10_install_apparmor.yml create mode 100644 playbooks/11_reboot.yml create mode 100644 playbooks/70_create_cluster.yml create mode 100644 playbooks/70_get_k3s_token.yml create mode 100644 playbooks/70_install_k3s.yml create mode 100644 playbooks/71_uninstall_k3s.yml create mode 100644 playbooks/71_uninstall_k3s_agent.yml create mode 100644 playbooks/72_install_k3s_worker.yml create mode 100644 playbooks/72_register_k3s_worker.yml create mode 100644 playbooks/80_change_logo.yml create mode 100644 playbooks/96_test_register.yml create mode 100644 playbooks/97_test.yml create mode 100644 playbooks/97_test_uninstall.yml create mode 100644 playbooks/98_complete_install.yml create mode 100644 playbooks/99_complete_install.yml create mode 100644 playbooks/99_complete_install_rhasspy.yml create mode 100644 playbooks/files/conf/rhasspy/profile.json create mode 100644 playbooks/files/scripts/initial_changes.sh create mode 100644 playbooks/files/scripts/lcd_control.py create mode 100644 playbooks/files/scripts/lcd_control_restart.py create mode 100644 playbooks/files/scripts/lcd_control_start.py create mode 100644 playbooks/files/services/lcd_control.service create mode 100644 playbooks/files/services/lcd_control_restart.service create mode 100644 playbooks/files/services/lcd_control_start.service create mode 100644 playbooks/files/services/rhasspy.service diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..52b363c --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,490 @@ +# config file for ansible -- https://ansible.com/ +# =============================================== + +# nearly all parameters can be overridden in ansible-playbook +# or with command line flags. ansible will read ANSIBLE_CONFIG, +# ansible.cfg in the current working directory, .ansible.cfg in +# the home directory or /etc/ansible/ansible.cfg, whichever it +# finds first + +[defaults] + +# some basic default values... + +inventory = /etc/ansible/hosts.yml +#library = /usr/share/my_modules/ +#module_utils = /usr/share/my_module_utils/ +#remote_tmp = ~/.ansible/tmp +#local_tmp = ~/.ansible/tmp +#plugin_filters_cfg = /etc/ansible/plugin_filters.yml +forks = 10 +#poll_interval = 15 +#sudo_user = root +#ask_sudo_pass = True +#ask_pass = True +#transport = smart +#remote_port = 22 +#module_lang = C +#module_set_locale = False + +# plays will gather facts by default, which contain information about +# the remote system. +# +# smart - gather by default, but don't regather if already gathered +# implicit - gather by default, turn off with gather_facts: False +# explicit - do not gather by default, must say gather_facts: True +#gathering = implicit + +# This only affects the gathering done by a play's gather_facts directive, +# by default gathering retrieves all facts subsets +# all - gather all subsets +# network - gather min and network facts +# hardware - gather hardware facts (longest facts to retrieve) +# virtual - gather min and virtual facts +# facter - import facts from facter +# ohai - import facts from ohai +# You can combine them using comma (ex: network,virtual) +# You can negate them using ! (ex: !hardware,!facter,!ohai) +# A minimal set of facts is always gathered. +#gather_subset = all + +# some hardware related facts are collected +# with a maximum timeout of 10 seconds. This +# option lets you increase or decrease that +# timeout to something more suitable for the +# environment. +# gather_timeout = 10 + +# Ansible facts are available inside the ansible_facts.* dictionary +# namespace. This setting maintains the behaviour which was the default prior +# to 2.5, duplicating these variables into the main namespace, each with a +# prefix of 'ansible_'. +# This variable is set to True by default for backwards compatibility. It +# will be changed to a default of 'False' in a future release. +# ansible_facts. +# inject_facts_as_vars = True + +# additional paths to search for roles in, colon separated +#roles_path = /etc/ansible/roles + +# uncomment this to disable SSH key host checking +host_key_checking = False + +# change the default callback, you can only have one 'stdout' type enabled at a time. +#stdout_callback = skippy + + +## Ansible ships with some plugins that require whitelisting, +## this is done to avoid running all of a type by default. +## These setting lists those that you want enabled for your system. +## Custom plugins should not need this unless plugin author specifies it. + +# enable callback plugins, they can output to stdout but cannot be 'stdout' type. +#callback_whitelist = timer, mail + +# Determine whether includes in tasks and handlers are "static" by +# default. As of 2.0, includes are dynamic by default. Setting these +# values to True will make includes behave more like they did in the +# 1.x versions. +#task_includes_static = False +#handler_includes_static = False + +# Controls if a missing handler for a notification event is an error or a warning +#error_on_missing_handler = True + +# change this for alternative sudo implementations +#sudo_exe = sudo + +# What flags to pass to sudo +# WARNING: leaving out the defaults might create unexpected behaviours +#sudo_flags = -H -S -n + +# SSH timeout +#timeout = 10 + +# default user to use for playbooks if user is not specified +# (/usr/bin/ansible will use current user as default) +#remote_user = root + +# logging is off by default unless this path is defined +# if so defined, consider logrotate +#log_path = /var/log/ansible.log + +# default module name for /usr/bin/ansible +#module_name = command + +# use this shell for commands executed under sudo +# you may need to change this to bin/bash in rare instances +# if sudo is constrained +#executable = /bin/sh + +# if inventory variables overlap, does the higher precedence one win +# or are hash values merged together? The default is 'replace' but +# this can also be set to 'merge'. +#hash_behaviour = replace + +# by default, variables from roles will be visible in the global variable +# scope. To prevent this, the following option can be enabled, and only +# tasks and handlers within the role will see the variables there +#private_role_vars = yes + +# list any Jinja2 extensions to enable here: +#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n + +# if set, always use this private key file for authentication, same as +# if passing --private-key to ansible or ansible-playbook +#private_key_file = /path/to/file + +# If set, configures the path to the Vault password file as an alternative to +# specifying --vault-password-file on the command line. +#vault_password_file = /path/to/vault_password_file + +# format of string {{ ansible_managed }} available within Jinja2 +# templates indicates to users editing templates files will be replaced. +# replacing {file}, {host} and {uid} and strftime codes with proper values. +#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} +# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence +# in some situations so the default is a static string: +#ansible_managed = Ansible managed + +# by default, ansible-playbook will display "Skipping [host]" if it determines a task +# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" +# messages. NOTE: the task header will still be shown regardless of whether or not the +# task is skipped. +#display_skipped_hosts = True + +# by default, if a task in a playbook does not include a name: field then +# ansible-playbook will construct a header that includes the task's action but +# not the task's args. This is a security feature because ansible cannot know +# if the *module* considers an argument to be no_log at the time that the +# header is printed. If your environment doesn't have a problem securing +# stdout from ansible-playbook (or you have manually specified no_log in your +# playbook on all of the tasks where you have secret information) then you can +# safely set this to True to get more informative messages. +#display_args_to_stdout = False + +# by default (as of 1.3), Ansible will raise errors when attempting to dereference +# Jinja2 variables that are not set in templates or action lines. Uncomment this line +# to revert the behavior to pre-1.3. +#error_on_undefined_vars = False + +# by default (as of 1.6), Ansible may display warnings based on the configuration of the +# system running ansible itself. This may include warnings about 3rd party packages or +# other conditions that should be resolved if possible. +# to disable these warnings, set the following value to False: +#system_warnings = True + +# by default (as of 1.4), Ansible may display deprecation warnings for language +# features that should no longer be used and will be removed in future versions. +# to disable these warnings, set the following value to False: +deprecation_warnings = False + +# (as of 1.8), Ansible can optionally warn when usage of the shell and +# command module appear to be simplified by using a default Ansible module +# instead. These warnings can be silenced by adjusting the following +# setting or adding warn=yes or warn=no to the end of the command line +# parameter string. This will for example suggest using the git module +# instead of shelling out to the git command. +# command_warnings = False + + +# set plugin path directories here, separate with colons +#action_plugins = /usr/share/ansible/plugins/action +#become_plugins = /usr/share/ansible/plugins/become +#cache_plugins = /usr/share/ansible/plugins/cache +#callback_plugins = /usr/share/ansible/plugins/callback +#connection_plugins = /usr/share/ansible/plugins/connection +#lookup_plugins = /usr/share/ansible/plugins/lookup +#inventory_plugins = /usr/share/ansible/plugins/inventory +#vars_plugins = /usr/share/ansible/plugins/vars +#filter_plugins = /usr/share/ansible/plugins/filter +#test_plugins = /usr/share/ansible/plugins/test +#terminal_plugins = /usr/share/ansible/plugins/terminal +#strategy_plugins = /usr/share/ansible/plugins/strategy + + +# by default, ansible will use the 'linear' strategy but you may want to try +# another one +#strategy = free + +# by default callbacks are not loaded for /bin/ansible, enable this if you +# want, for example, a notification or logging callback to also apply to +# /bin/ansible runs +#bin_ansible_callbacks = False + + +# don't like cows? that's unfortunate. +# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 +#nocows = 1 + +# set which cowsay stencil you'd like to use by default. When set to 'random', +# a random stencil will be selected for each task. The selection will be filtered +# against the `cow_whitelist` option below. +#cow_selection = default +#cow_selection = random + +# when using the 'random' option for cowsay, stencils will be restricted to this list. +# it should be formatted as a comma-separated list with no spaces between names. +# NOTE: line continuations here are for formatting purposes only, as the INI parser +# in python does not support them. +#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ +# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ +# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www + +# don't like colors either? +# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 +#nocolor = 1 + +# if set to a persistent type (not 'memory', for example 'redis') fact values +# from previous runs in Ansible will be stored. This may be useful when +# wanting to use, for example, IP information from one group of servers +# without having to talk to them in the same playbook run to get their +# current IP information. +#fact_caching = memory + +#This option tells Ansible where to cache facts. The value is plugin dependent. +#For the jsonfile plugin, it should be a path to a local directory. +#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0 + +#fact_caching_connection=/tmp + + + +# retry files +# When a playbook fails a .retry file can be created that will be placed in ~/ +# You can enable this feature by setting retry_files_enabled to True +# and you can change the location of the files by setting retry_files_save_path + +#retry_files_enabled = False +#retry_files_save_path = ~/.ansible-retry + +# squash actions +# Ansible can optimise actions that call modules with list parameters +# when looping. Instead of calling the module once per with_ item, the +# module is called once with all items at once. Currently this only works +# under limited circumstances, and only with parameters named 'name'. +#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper + +# prevents logging of task data, off by default +#no_log = False + +# prevents logging of tasks, but only on the targets, data is still logged on the master/controller +#no_target_syslog = False + +# controls whether Ansible will raise an error or warning if a task has no +# choice but to create world readable temporary files to execute a module on +# the remote machine. This option is False by default for security. Users may +# turn this on to have behaviour more like Ansible prior to 2.1.x. See +# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user +# for more secure ways to fix this than enabling this option. +#allow_world_readable_tmpfiles = False + +# controls the compression level of variables sent to +# worker processes. At the default of 0, no compression +# is used. This value must be an integer from 0 to 9. +#var_compression_level = 9 + +# controls what compression method is used for new-style ansible modules when +# they are sent to the remote system. The compression types depend on having +# support compiled into both the controller's python and the client's python. +# The names should match with the python Zipfile compression types: +# * ZIP_STORED (no compression. available everywhere) +# * ZIP_DEFLATED (uses zlib, the default) +# These values may be set per host via the ansible_module_compression inventory +# variable +#module_compression = 'ZIP_DEFLATED' + +# This controls the cutoff point (in bytes) on --diff for files +# set to 0 for unlimited (RAM may suffer!). +#max_diff_size = 1048576 + +# This controls how ansible handles multiple --tags and --skip-tags arguments +# on the CLI. If this is True then multiple arguments are merged together. If +# it is False, then the last specified argument is used and the others are ignored. +# This option will be removed in 2.8. +#merge_multiple_cli_flags = True + +# Controls showing custom stats at the end, off by default +#show_custom_stats = True + +# Controls which files to ignore when using a directory as inventory with +# possibly multiple sources (both static and dynamic) +#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo + +# This family of modules use an alternative execution path optimized for network appliances +# only update this setting if you know how this works, otherwise it can break module execution +#network_group_modules=eos, nxos, ios, iosxr, junos, vyos + +# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as +# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain +# jinja2 templating language which will be run through the templating engine. +# ENABLING THIS COULD BE A SECURITY RISK +#allow_unsafe_lookups = False + +# set default errors for all plays +#any_errors_fatal = False + +[inventory] +# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml' +#enable_plugins = host_list, virtualbox, yaml, constructed + +# ignore these extensions when parsing a directory as inventory source +#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry + +# ignore files matching these patterns when parsing a directory as inventory source +#ignore_patterns= + +# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise. +#unparsed_is_failed=False + +[privilege_escalation] +#become=True +#become_method=sudo +#become_user=root +#become_ask_pass=False + +[paramiko_connection] + +# uncomment this line to cause the paramiko connection plugin to not record new host +# keys encountered. Increases performance on new host additions. Setting works independently of the +# host key checking setting above. +#record_host_keys=False + +# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this +# line to disable this behaviour. +#pty=False + +# paramiko will default to looking for SSH keys initially when trying to +# authenticate to remote devices. This is a problem for some network devices +# that close the connection after a key failure. Uncomment this line to +# disable the Paramiko look for keys function +#look_for_keys = False + +# When using persistent connections with Paramiko, the connection runs in a +# background process. If the host doesn't already have a valid SSH key, by +# default Ansible will prompt to add the host key. This will cause connections +# running in background processes to fail. Uncomment this line to have +# Paramiko automatically add host keys. +#host_key_auto_add = True + +[ssh_connection] + +# ssh arguments to use +# Leaving off ControlPersist will result in poor performance, so use +# paramiko on older platforms rather than removing it, -C controls compression use +ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s + +# The base directory for the ControlPath sockets. +# This is the "%(directory)s" in the control_path option +# +# Example: +# control_path_dir = /tmp/.ansible/cp +#control_path_dir = ~/.ansible/cp + +# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, +# port and username (empty string in the config). The hash mitigates a common problem users +# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. +# In those cases, a "too long for Unix domain socket" ssh error would occur. +# +# Example: +# control_path = %(directory)s/%%h-%%r +#control_path = + +# Enabling pipelining reduces the number of SSH operations required to +# execute a module on the remote server. This can result in a significant +# performance improvement when enabled, however when using "sudo:" you must +# first disable 'requiretty' in /etc/sudoers +# +# By default, this option is disabled to preserve compatibility with +# sudoers configurations that have requiretty (the default on many distros). +# +pipelining = True + +# Control the mechanism for transferring files (old) +# * smart = try sftp and then try scp [default] +# * True = use scp only +# * False = use sftp only +#scp_if_ssh = smart + +# Control the mechanism for transferring files (new) +# If set, this will override the scp_if_ssh option +# * sftp = use sftp to transfer files +# * scp = use scp to transfer files +# * piped = use 'dd' over SSH to transfer files +# * smart = try sftp, scp, and piped, in that order [default] +#transfer_method = smart + +# if False, sftp will not use batch mode to transfer files. This may cause some +# types of file transfer failures impossible to catch however, and should +# only be disabled if your sftp version has problems with batch mode +#sftp_batch_mode = False + +# The -tt argument is passed to ssh when pipelining is not enabled because sudo +# requires a tty by default. +#usetty = True + +# Number of times to retry an SSH connection to a host, in case of UNREACHABLE. +# For each retry attempt, there is an exponential backoff, +# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max). +#retries = 3 + +[persistent_connection] + +# Configures the persistent connection timeout value in seconds. This value is +# how long the persistent connection will remain idle before it is destroyed. +# If the connection doesn't receive a request before the timeout value +# expires, the connection is shutdown. The default value is 30 seconds. +#connect_timeout = 30 + +# The command timeout value defines the amount of time to wait for a command +# or RPC call before timing out. The value for the command timeout must +# be less than the value of the persistent connection idle timeout (connect_timeout) +# The default value is 30 second. +#command_timeout = 30 + +[accelerate] +#accelerate_port = 5099 +#accelerate_timeout = 30 +#accelerate_connect_timeout = 5.0 + +# The daemon timeout is measured in minutes. This time is measured +# from the last activity to the accelerate daemon. +#accelerate_daemon_timeout = 30 + +# If set to yes, accelerate_multi_key will allow multiple +# private keys to be uploaded to it, though each user must +# have access to the system via SSH to add a new key. The default +# is "no". +#accelerate_multi_key = yes + +[selinux] +# file systems that require special treatment when dealing with security context +# the default behaviour that copies the existing context or uses the user default +# needs to be changed to use the file system dependent context. +#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p,vfat + +# Set this to yes to allow libvirt_lxc connections to work without SELinux. +#libvirt_lxc_noseclabel = yes + +[colors] +#highlight = white +#verbose = blue +#warn = bright purple +#error = red +#debug = dark gray +#deprecate = purple +#skip = cyan +#unreachable = red +#ok = green +#changed = yellow +#diff_add = green +#diff_remove = red +#diff_lines = cyan + + +[diff] +# Always print diff when running ( same as always running with -D/--diff ) +# always = no + +# Set how many context lines to show in diff +# context = 3 diff --git a/hosts b/hosts new file mode 100644 index 0000000..bac3893 --- /dev/null +++ b/hosts @@ -0,0 +1,74 @@ +# This is the default ansible 'hosts' file. +# +# It should live in /etc/ansible/hosts +# +# - Comments begin with the '#' character +# - Blank lines are ignored +# - Groups of hosts are delimited by [header] elements +# - You can enter hostnames or ip addresses +# - A hostname/ip can be a member of multiple groups + +# Ex 1: Ungrouped hosts, specify before any group headers. + +#green.example.com +#blue.example.com +#192.168.100.1 +#192.168.100.10 + +# Ex 2: A collection of hosts belonging to the 'webservers' group + +#[webservers] +#alpha.example.org +#beta.example.org +#192.168.1.100 +#192.168.1.110 + +# If you have multiple hosts following a pattern you can specify +# them like this: + +#www[001:006].example.com + +# Ex 3: A collection of database servers in the 'dbservers' group + +#[dbservers] +# +#db01.intranet.mydomain.net +#db02.intranet.mydomain.net +#10.25.1.56 +#10.25.1.57 + +# Here's another example of host ranges, this time there are no +# leading 0s: + +#db-[99:101]-node.example.com + +[linux1] +192.168.77.106 + +[linux2] +192.168.77.161 + +[linux1:vars] +ansible_user=admin +ansible_password=l4c1j4yd33Du5lo +ansible_python_interpreter=/share/ZFS530_DATA/.qpkg/QPython39/bin/python3 + +[linux2:vars] +ansible_user=jd +ansible_password=lacijaydee + +[odroid] +192.168.77.161 +[odroid2] +192.168.77.162 +192.168.77.163 +192.168.77.164 +192.168.77.165 + +[od:children] +odroid +odroid2 + +[odroid:vars] +ansible_user=root +ansible_password=lacijaydee diff --git a/hosts.yml b/hosts.yml new file mode 100644 index 0000000..ea8d64d --- /dev/null +++ b/hosts.yml @@ -0,0 +1,53 @@ +--- +datacenter: + children: + odroid_cluster: + children: + odroid_master: + hosts: + 192.168.77.161: + vars: + testVar: 999 + odroid_worker: + hosts: + 192.168.77.16[2:5]: + + vars: + ansible_ssh_user: jd + ansible_ssh_pass: lacijaydee + ansible_become_password: lacijaydee + ssh_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + + + nas: + hosts: + 192.168.77.106: + vars: + ansible_user: admin + ansible_ssh_pass: l4c1j4yd33Du5lo + ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython39/bin/python3 + omv: + hosts: + 192.168.77.189: + vars: + ansible_user: jd + ansible_ssh_pass: lacijaydee + ansible_become_password: lacijaydee + rhasspy: + hosts: + 192.168.77.248: + vars: + ansible_user: jd + ansible_ssh_pass: lacijaydee + ansible_become_password: lacijaydee + windows: + hosts: + 192.168.77.211 + vars: + ansible_user: jd + ansible_password: "q" + ansible_connection: winrm + ansible_port: 5985 + ansible_winrm_server_cert_validation: ignore + ansible_winrm_kerberos_delegation: true + diff --git a/hosts_init.yml b/hosts_init.yml new file mode 100644 index 0000000..e141576 --- /dev/null +++ b/hosts_init.yml @@ -0,0 +1,7 @@ +--- +odroid_cluster: + hosts: + 192.168.77.16[1:5]: + vars: + ansible_ssh_user: root + ansible_ssh_pass: 1234 \ No newline at end of file diff --git a/playbooks/00_apt_upgrade.yml b/playbooks/00_apt_upgrade.yml new file mode 100644 index 0000000..df90e95 --- /dev/null +++ b/playbooks/00_apt_upgrade.yml @@ -0,0 +1,43 @@ +- hosts: datacenter + name: Apt udate + become: true + tasks: + - name: Apt exclude linux-dtb-current-meson64 + ansible.builtin.shell: 'apt-mark hold linux-dtb-current-meson64' + changed_when: false + # - name: Install K3S + # ansible.builtin.shell: 'apt-mark hold linux-image-current-meson64' + # changed_when: false + # - name: Install K3S + # ansible.builtin.shell: 'apt-mark hold linux-libc-dev' + # changed_when: false + + # - name: Install K3S + # ansible.builtin.shell: 'apt-mark hold linux-u-boot-odroidc4-current' + # changed_when: false + # - name: Install K3S + # ansible.builtin.shell: 'apt-mark hold armbian-bsp-cli-odroidc4' + # changed_when: false + # - name: Install K3S + # ansible.builtin.shell: 'apt-mark hold armbian-config' + # changed_when: false + # - name: Install K3S + # ansible.builtin.shell: 'apt-mark hold armbian-firmware' + # changed_when: false + # - name: Install K3S + # ansible.builtin.shell: 'apt-mark hold armbian-zsh' + # changed_when: false + - name: Apt update + ansible.builtin.shell: 'apt update' + changed_when: false + - name: Apt upgrade + ansible.builtin.shell: 'apt -o Dpkg::Options::="--force-confnew" upgrade -y' + changed_when: false + # - name: Apt + # ansible.builtin.apt: + # update_cache: true + # upgrade: true + # dpkg_options: 'force-confold,force-confdef' + # - name: Get memory + # ansible.builtin.command: /usr/bin/free + # changed_when: false diff --git a/playbooks/00_distribute_ssh_keys.yml b/playbooks/00_distribute_ssh_keys.yml new file mode 100644 index 0000000..948617b --- /dev/null +++ b/playbooks/00_distribute_ssh_keys.yml @@ -0,0 +1,8 @@ +- hosts: odroid_cluster + tasks: + - name: Set authorized key taken from file + ansible.posix.authorized_key: + user: jd + state: present + key: "{{ lookup('file', '/home/jd/.ssh/id_rsa.pub') }}" + \ No newline at end of file diff --git a/playbooks/00_getmac.yml b/playbooks/00_getmac.yml new file mode 100644 index 0000000..13d01fe --- /dev/null +++ b/playbooks/00_getmac.yml @@ -0,0 +1,11 @@ +- hosts: datacenter + name: Apt udate + become: true + tasks: + - name: Debug + ansible.builtin.debug: + msg: "{{ ansible_eth0.macaddress }}" + - name: Debug + ansible.builtin.debug: + msg: "olalalaaaa" + when: ansible_eth0.macaddress == "b8:27:eb:29:cb:d41" diff --git a/playbooks/00_initial_adjustments.yml b/playbooks/00_initial_adjustments.yml new file mode 100644 index 0000000..d9f6bd8 --- /dev/null +++ b/playbooks/00_initial_adjustments.yml @@ -0,0 +1,42 @@ +- hosts: odroid_cluster + name: Run script + become: true + gather_facts: true + tasks: + - name: Reconfigure /root/.bashrc + ansible.builtin.lineinfile: + path: /root/.bashrc + line: "export HISTCONTROL=ignoreboth" + - name: Reconfigure /home/jd/.bashrc + ansible.builtin.lineinfile: + path: /home/jd/.bashrc + line: "export HISTCONTROL=ignoreboth" + - name: Set a hostname + ansible.builtin.hostname: + name: odroidc4-1 + when: ansible_eth0.macaddress == "00:1e:06:48:b3:0c" + - name: Set a hostname + ansible.builtin.hostname: + name: odroidc4-2 + when: ansible_eth0.macaddress == "00:1e:06:48:cd:86" + - name: Set a hostname + ansible.builtin.hostname: + name: odroidc4-3 + when: ansible_eth0.macaddress == "00:1e:06:48:d0:01" + - name: Set a hostname + ansible.builtin.hostname: + name: odroidc4-4 + when: ansible_eth0.macaddress == "00:1e:06:48:d0:00" + - name: Set a hostname + ansible.builtin.hostname: + name: odroidc4-5 + when: ansible_eth0.macaddress == "00:1e:06:48:cd:8e" + - name: Iptables 1 + ansible.builtin.command: + iptables -F + - name: Iptables 2 + ansible.builtin.command: + update-alternatives --set iptables /usr/sbin/iptables-legacy + - name: Iptables 3 + ansible.builtin.command: + update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \ No newline at end of file diff --git a/playbooks/00_install_ldap_client.yml b/playbooks/00_install_ldap_client.yml new file mode 100644 index 0000000..4aeae84 --- /dev/null +++ b/playbooks/00_install_ldap_client.yml @@ -0,0 +1,103 @@ +- hosts: datacenter + name: Install omv + become: true + become_user: root + tasks: + - name: Install ldap packages + ansible.builtin.apt: + name: + - libpam-ldapd + - ldap-utils + - libnss-ldapd + # - name: Reconfigure ldap base + # ansible.builtin.lineinfile: + # path: /etc/ldap.conf + # regexp: "^base " + # line: "base dc=sectorq,dc=eu" + + # - name: Reconfigure ldap uri + # ansible.builtin.lineinfile: + # path: /etc/ldap.conf + # regexp: "^uri ldap.*" + # line: "uri ldaps://ldap-server.loc/" + # - name: Reconfigure ldap version + # ansible.builtin.lineinfile: + # path: /etc/ldap.conf + # regexp: "^ldap_version.*" + # line: "ldap_version 3" + + # - name: Reconfigure ldap rootbinddn + # ansible.builtin.lineinfile: + # path: /etc/ldap.conf + # regexp: "^rootbinddn.*" + # line: "rootbinddn cn=admin,dc=sectorq,dc=eu" + - name: Reconfigure common-session + ansible.builtin.lineinfile: + path: /etc/pam.d/common-session + regexp: "^session optional pam_mkhomedir.so.*" + line: "session optional pam_mkhomedir.so skel=/etc/skel umask=077" + - name: Reconfigure common-session + ansible.builtin.lineinfile: + path: /etc/pam.d/common-session + regexp: "^session.*pam_ldap.so.*" + line: "session [success=ok default=ignore] pam_ldap.so minimum_uid=1000" + - name: Reconfigure common-password + ansible.builtin.lineinfile: + path: /etc/pam.d/common-password + regexp: "^password.*success=1 user_unknown=ignore default=die.*" + line: "password [success=1 default=ignore] pam_ldap.so minimum_uid=1000 try_first_pass" + - name: Reconfigure nsswitch passwd + ansible.builtin.lineinfile: + path: /etc/nsswitch.conf + regexp: "^passwd:.*" + line: "passwd: compat systemd ldap" + - name: Reconfigure nsswitch group + ansible.builtin.lineinfile: + path: /etc/nsswitch.conf + regexp: "^group:.*" + line: "group: compat systemd ldap" + - name: Reconfigure nsswitch shadow + ansible.builtin.lineinfile: + path: /etc/nsswitch.conf + regexp: "^shadow:.*" + line: "shadow: compat ldap" + + - name: Reconfigure nslcd uri + ansible.builtin.lineinfile: + path: /etc/nslcd.conf + regexp: "^uri ldap.*" + line: "uri ldaps://ldap-server.loc/" + + + - name: Reconfigure ldap base + ansible.builtin.lineinfile: + path: /etc/nslcd.conf + regexp: "^base " + line: "base dc=sectorq,dc=eu" + + + - name: Reconfigure nslcd binddn + ansible.builtin.lineinfile: + path: /etc/nslcd.conf + regexp: "^#binddn" + line: "binddn cn=admin,dc=sectorq,dc=eu" + - name: Reconfigure nslcd bindpw + ansible.builtin.lineinfile: + path: /etc/nslcd.conf + regexp: "^#bindpw" + line: "bindpw l4c1j4yd33Du5lo" + # - name: Reconfigure ldap base + # ansible.builtin.lineinfile: + # path: /etc/nslcd.conf + # regexp: "^#ssl" + # line: "ssl start_tls" + - name: Reconfigure nslcd tls_reqcert + ansible.builtin.lineinfile: + path: /etc/nslcd.conf + regexp: "^#tls_reqcert" + line: "tls_reqcert allow" + - name: Restart nslcd service + ansible.builtin.service: + name: nslcd.service + state: restarted + \ No newline at end of file diff --git a/playbooks/00_install_omv.yml b/playbooks/00_install_omv.yml new file mode 100644 index 0000000..c620224 --- /dev/null +++ b/playbooks/00_install_omv.yml @@ -0,0 +1,26 @@ +- hosts: omv + name: Install omv + become: true + become_user: root + tasks: + - name: Apt + ansible.builtin.apt: + update_cache: true + upgrade: true + - name: Install python + pip + ansible.builtin.apt: + name: + - python3 + - python3-pip + - apt-transport-https + - mosquitto + state: present + - name: Install pip modules + ansible.builtin.pip: + name: + - wheel + - paho-mqtt + - ping3 + - requests + - autorandr + - getmac \ No newline at end of file diff --git a/playbooks/00_poweroff.yml b/playbooks/00_poweroff.yml new file mode 100644 index 0000000..f37d03e --- /dev/null +++ b/playbooks/00_poweroff.yml @@ -0,0 +1,7 @@ +- hosts: odroid_cluster + name: Power off + become: true + gather_facts: false + tasks: + - name: Shut down + community.general.shutdown: diff --git a/playbooks/00_test.yml b/playbooks/00_test.yml new file mode 100644 index 0000000..87b00f9 --- /dev/null +++ b/playbooks/00_test.yml @@ -0,0 +1,54 @@ +- hosts: odroid_master + name: Install k3s + become: true + tasks: + - name: Install deps... + ansible.builtin.apt: + name: + - python3-pip + - python3-dev + - name: Install bottle python package + ansible.builtin.pip: + name: + - RPLCD + - psutil + - smbus2 + - uptime + - name: Upload led control scripts + ansible.builtin.copy: + src: scripts/lcd_control.py + dest: /usr/bin/lcd_control.py + - name: Upload led control service + ansible.builtin.copy: + src: services/lcd_control.service + dest: /etc/systemd/system/ + - name: Upload led control scripts + ansible.builtin.copy: + src: scripts/lcd_control_restart.py + dest: /usr/bin/lcd_control_restart.py + - name: Upload led control service + ansible.builtin.copy: + src: services/lcd_control_restart.service + dest: /etc/systemd/system/ + - name: Upload led control scripts + ansible.builtin.copy: + src: scripts/lcd_control_start.py + dest: /usr/bin/lcd_control_start.py + - name: Upload led control service + ansible.builtin.copy: + src: services/lcd_control_start.service + dest: /etc/systemd/system/ + - name: reload systemctl + ansible.builtin.command: systemctl daemon-reload + - name: Enable service startup lcd_control + ansible.builtin.command: systemctl enable lcd_control.service + - name: Starting service lcd_control + ansible.builtin.command: systemctl start lcd_control.service + - name: Enable service startup lcd_control_restart.service + ansible.builtin.command: systemctl enable lcd_control_restart.service + - name: Enable service startup lcd_control_start.service + ansible.builtin.command: systemctl enable lcd_control_start.service + # - name: Start service lcd_control_restart.service + # ansible.builtin.command: systemctl start lcd_control_restart.service + # - name: start lcd script + # shell: cd /root; nohup python3 lcd_control.py >/dev/null 2>&1 & \ No newline at end of file diff --git a/playbooks/00_tst.yml b/playbooks/00_tst.yml new file mode 100644 index 0000000..a04bee8 --- /dev/null +++ b/playbooks/00_tst.yml @@ -0,0 +1,47 @@ +- hosts: odroid_cluster + name: User creation + vars: + ansible_ssh_user: root + ansible_ssh_pass: 1234 + myuser: "root" + mypassword: "lacijaydee" + mypassword2: "lacijaydee" + + tasks: + - name: Change password + ansible.builtin.user: + name: "{{ myuser }}" + state: present + shell: /bin/bash + expires: -1 + password: "{{ mypassword | password_hash('sha512') }}" + - name: Set locale + community.general.locale_gen: + name: en_US.UTF-8 + state: present + - name: Create password + ansible.builtin.user: + name: "jd" + state: present + expires: -1 + password: "{{ mypassword2 | password_hash('sha512') }}" + shell: /bin/bash + - name: Allow the jd user to run any commands + community.general.sudoers: + name: jd as sudo + state: present + user: jd + nopassword: true + commands: ALL + - name: Set timezone to Europe/Bratislava + community.general.timezone: + name: Europe/Bratislava + - name: Remove first login file + ansible.builtin.file: + state: absent + path: /root/.not_logged_in_yet + - name: Reconfigure logo + ansible.builtin.lineinfile: + path: /boot/armbianEnv.txt + line: "disp_mode=800x480" + diff --git a/playbooks/00_win.yml b/playbooks/00_win.yml new file mode 100644 index 0000000..68b2a2a --- /dev/null +++ b/playbooks/00_win.yml @@ -0,0 +1,8 @@ +- hosts: windows + name: Test + gather_facts: true + tasks: + - name: Run basic PowerShell script + win_file: + path: c:\lala + state: directory diff --git a/playbooks/05_install_docker.yml b/playbooks/05_install_docker.yml new file mode 100644 index 0000000..7d9136e --- /dev/null +++ b/playbooks/05_install_docker.yml @@ -0,0 +1,33 @@ +- hosts: odroid_cluster + name: Install docker + become: true + become_user: root + tasks: + - name: Install docker + ansible.builtin.apt: + name: docker.io + state: present + - name: Install telnet + ansible.builtin.apt: + name: telnet + state: present + - name: Install net-tools + ansible.builtin.apt: + name: net-tools + state: present + - name: Install curl! + ansible.builtin.apt: + name: curl + state: present + - name: Install deps... + ansible.builtin.apt: + name: + - python3-pip + - python3-dev + - name: Install bottle python package + ansible.builtin.pip: + name: + - RPLCD + - psutil + - smbus2 + - uptime diff --git a/playbooks/05_install_rhasspy.yml b/playbooks/05_install_rhasspy.yml new file mode 100644 index 0000000..6dc8884 --- /dev/null +++ b/playbooks/05_install_rhasspy.yml @@ -0,0 +1,155 @@ +- hosts: rhasspy + name: Install rhasspy + become: true + become_user: root + tasks: + - name: Set a hostname + ansible.builtin.hostname: + name: rasp3-2 + when: ansible_eth0.macaddress == "b8:27:eb:29:cb:d4" + + - name: Set a hostname + ansible.builtin.hostname: + name: rasp3-1 + when: ansible_eth0.macaddress == "b8:27:eb:53:79:11" or ansible_wlan0.macaddress == "B8:27:EB:06:2C:44" + +# - name: Download package +# ansible.builtin.get_url: +# url: https://sectorq.eu/install/rhasspy_amd64.deb +# dest: /tmp/rhasspy_amd64.deb +# mode: '0777' + - name: Get keys for raspotify + ansible.builtin.shell: + curl -sSL https://dtcooper.github.io/raspotify/key.asc | sudo tee /usr/share/keyrings/raspotify_key.asc > /dev/null + changed_when: false + - name: Get keys for raspotify + ansible.builtin.file: + path: /usr/share/keyrings/raspotify_key.asc + mode: "0644" + + - name: Get repo + ansible.builtin.shell: >- + echo 'deb [signed-by=/usr/share/keyrings/raspotify_key.asc] https://dtcooper.github.io/raspotify raspotify main' | + sudo tee /etc/apt/sources.list.d/raspotify.list + changed_when: false + + - name: Update apt cache + ansible.builtin.apt: + update_cache: true + upgrade: true + ignore_errors: true + - name: Install curl,mosquitto ... + ansible.builtin.apt: + name: + - curl + # - libffi7 + - apt-transport-https + - raspotify + - mosquitto + - python3-pip + state: present + - name: Reconfigure /etc/raspotify/conf + ansible.builtin.lineinfile: + path: /etc/raspotify/conf + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + loop: + - { regexp: '(^|^#)LIBRESPOT_NAME=', line: 'LIBRESPOT_NAME="rasp3-2"' } + - { regexp: '(^|^#)LIBRESPOT_BITRATE=', line: 'LIBRESPOT_BITRATE="160"' } + - { regexp: '(^|^#)LIBRESPOT_DEVICE=', line: 'LIBRESPOT_DEVICE="hw:CARD=Device,DEV=0"' } + - { regexp: '(^|^#)LIBRESPOT_PASSWORD=', line: 'LIBRESPOT_PASSWORD="l4c1j4yd33Du5lo"' } + - { regexp: '(^|^#)LIBRESPOT_USERNAME=', line: 'LIBRESPOT_USERNAME="jaydee67@sectorq.eu"' } + when: ansible_eth0.macaddress == "b8:27:eb:29:cb:d4" + - name: Reconfigure /etc/raspotify/conf + ansible.builtin.lineinfile: + path: /etc/raspotify/conf + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + loop: + - { regexp: '(^|^#)LIBRESPOT_NAME=', line: 'LIBRESPOT_NAME="rasp3-1"' } + - { regexp: '(^|^#)LIBRESPOT_BITRATE=', line: 'LIBRESPOT_BITRATE="160"' } + - { regexp: '(^|^#)LIBRESPOT_DEVICE=', line: 'LIBRESPOT_DEVICE="hw:CARD=Device,DEV=0"' } + - { regexp: '(^|^#)LIBRESPOT_PASSWORD=', line: 'LIBRESPOT_PASSWORD="l4c1j4yd33Du5lo"' } + - { regexp: '(^|^#)LIBRESPOT_USERNAME=', line: 'LIBRESPOT_USERNAME="jaydee67@sectorq.eu"' } + when: ansible_eth0.macaddress == "b8:27:eb:53:79:11" + +# - name: Creating a symlink for libs +# ansible.builtin.file: +# src: "/usr/lib/aarch64-linux-gnu/libffi.so.7" +# dest: "/usr/lib/aarch64-linux-gnu/libffi.so.6" +# state: link +# - name: Install a rhasspy_amd64.deb +# ansible.builtin.apt: +# deb: /tmp/rhasspy_amd64.deb + +# - name: Upload config +# ansible.builtin.copy: +# src: /etc/ansible/playbooks/files/services/rhasspy.service +# dest: /etc/systemd/system/rhasspy.service +# owner: root +# group: root +# mode: u=rwx,g=rx,o=rx +# - name: Just force systemd to reread configs (2.4 and above) +# ansible.builtin.systemd: +# daemon_reload: true +# - name: Restart service rhasspy, in all cases +# ansible.builtin.service: +# name: rhasspy +# state: restarted +# - name: Ensure rhasspy is in a running state +# ansible.builtin.service: +# name: rhasspy +# state: started +# register: myservice_details +# until: myservice_details.status.ActiveState == "active" +# retries: 15 +# delay: 20 + - name: Make sure destination dir exists + ansible.builtin.file: + path: "/home/jd/.config/rhasspy/profiles/en/" + state: directory + owner: jd + group: jd + mode: '0755' + - name: Upload config + ansible.builtin.copy: + src: /etc/ansible/playbooks/files/conf/rhasspy/profile.json + dest: /home/jd/.config/rhasspy/profiles/en/profile.json + owner: jd + group: jd + mode: u=rw,g=r,o=r + - name: Restart service raspotify, in all cases + ansible.builtin.service: + name: raspotify + state: restarted + - name: Install docker + ansible.builtin.shell: + curl -sSL https://get.docker.com | sh + ignore_errors: true + changed_when: false + - name: Add user to docker group + ansible.builtin.user: + name: jd + append: true + groups: docker + - name: Install pip modules + ansible.builtin.pip: + name: docker + + - name: Pull image + community.docker.docker_image: + name: rhasspy/rhasspy + source: pull + - name: Create container + community.docker.docker_container: + name: rhasspy + image: rhasspy/rhasspy + command: --user-profiles /profiles --profile en + devices: + - "/dev/snd:/dev/snd" + restart_policy: unless-stopped + volumes: + - "/etc/localtime:/etc/localtime:ro" + - "/home/jd/.config/rhasspy/profiles:/profiles" + ports: + - "12101:12101" diff --git a/playbooks/05_pullimage.yml b/playbooks/05_pullimage.yml new file mode 100644 index 0000000..9d58202 --- /dev/null +++ b/playbooks/05_pullimage.yml @@ -0,0 +1,29 @@ +- hosts: rhasspy + name: Install rhasspy + become: true + become_user: root + tasks: + - name: Install curl,mosquitto ... + ansible.builtin.apt: + name: + - python3-pip + - name: Install pip modules + ansible.builtin.pip: + name: docker + - name: Pull image + community.docker.docker_image: + name: rhasspy/rhasspy + source: pull + - name: Create container + community.docker.docker_container: + name: rhasspy + image: rhasspy/rhasspy + command: --user-profiles /profiles --profile en + devices: + - "/dev/snd:/dev/snd" + restart_policy: unless-stopped + volumes: + - "/etc/localtime:/etc/localtime:ro" + - "/home/jd/.config/rhasspy/profiles:/profiles" + ports: + - "12101:12101" diff --git a/playbooks/06_remove_docker.yml b/playbooks/06_remove_docker.yml new file mode 100644 index 0000000..af81d66 --- /dev/null +++ b/playbooks/06_remove_docker.yml @@ -0,0 +1,7 @@ +- hosts: odroid_cluster + become: true + tasks: + - name: Remove docker + apt: + name: docker.io + state: absent diff --git a/playbooks/10_install_apparmor.yml b/playbooks/10_install_apparmor.yml new file mode 100644 index 0000000..e48be74 --- /dev/null +++ b/playbooks/10_install_apparmor.yml @@ -0,0 +1,10 @@ +- hosts: odroid_cluster + name: Install apparmor + become: true + tasks: + - name: Install apparmor + ansible.builtin.apt: + name: + - apparmor + - apparmor-utils + state: present diff --git a/playbooks/11_reboot.yml b/playbooks/11_reboot.yml new file mode 100644 index 0000000..d9a1fe5 --- /dev/null +++ b/playbooks/11_reboot.yml @@ -0,0 +1,11 @@ +- hosts: odroid_cluster + name: Install k3s + become: true + tasks: + - name: Reboot the server + tags: reboot + become: yes + become_user: root + shell: "sleep 5 && reboot" + async: 1 + poll: 0 \ No newline at end of file diff --git a/playbooks/70_create_cluster.yml b/playbooks/70_create_cluster.yml new file mode 100644 index 0000000..3ed57b7 --- /dev/null +++ b/playbooks/70_create_cluster.yml @@ -0,0 +1,30 @@ +- hosts: odroid_master + name: Create rancher cluster + become: true + tasks: + - name: Create new cluster in rancher + ansible.builtin.shell: "curl -u 'token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9' -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{\"name\":\"odroid\"}' 'https://192.168.77.106:8543/v3/clusters' --insecure| jq .id" + changed_when: false + ignore_errors: true + register: cluster_id + + - name: Just the Names + ansible.builtin.debug: + msg: "{{ cluster_id.stdout }}" + - name: Create new cluster in rancher + ansible.builtin.shell: "curl -u 'token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9' -X GET -H 'Accept: application/json' -H 'Content-Type: application/json' https://192.168.77.106:8543/v3/clusters/{{ cluster_id.stdout }}/clusterRegistrationTokens --insecure| jq .data[0].manifestUrl" + changed_when: false + ignore_errors: true + register: register_id + - name: Register Token + ansible.builtin.debug: + msg: "{{ register_id.stdout }}" + - name: "Register in Rancher" + ansible.builtin.shell: "curl --insecure -sfL {{ register_id.stdout }} |sed 's/rancher-agent:v2.6.7/rancher-agent:v2.6.7-linux-arm64/g'| sed 's%beta.kubernetes.io/os%kubernetes.io/os%g'| kubectl apply -f -" + changed_when: false + ignore_errors: true +#create cluster: +#curl -u "token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9" -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"name":"test-cluster"}' 'https://192.168.77.106:8543/v3/clusters' --insecure +#get registration token +# curl -u "token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9" -X GET -H 'Accept: application/json' -H 'Content-Type: application/json' https://192.168.77.106:8543/v3/clusters/c-xq5pv/clusterRegistrationTokens --insecure|jq + diff --git a/playbooks/70_get_k3s_token.yml b/playbooks/70_get_k3s_token.yml new file mode 100644 index 0000000..92b634c --- /dev/null +++ b/playbooks/70_get_k3s_token.yml @@ -0,0 +1,14 @@ +- hosts: odroid_master + become: true + tasks: + - name: Get token + shell: 'cat /var/lib/rancher/k3s/server/node-token' + register: K3S_TOKEN + - debug: var=K3S_TOKEN.stdout + - name: "Add K8S Token and Hash to dummy host" + add_host: + name: "K3S_TOKEN_HOLDER" + token: "{{ K3S_TOKEN.stdout }}" + - name: "print token" + debug: + msg: "[Master] K3S_TOKEN_HOLDER K8S token is {{ hostvars['K3S_TOKEN_HOLDER']['token'] }}" \ No newline at end of file diff --git a/playbooks/70_install_k3s.yml b/playbooks/70_install_k3s.yml new file mode 100644 index 0000000..d120a8a --- /dev/null +++ b/playbooks/70_install_k3s.yml @@ -0,0 +1,71 @@ +- hosts: odroid_master + name: Install k3s + become: true + tasks: + - name: Install K3S + ansible.builtin.shell: 'curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_VERSION="v1.24.1+k3s1" sh -s -' + changed_when: false + - name: Get token + ansible.builtin.command: 'cat /var/lib/rancher/k3s/server/node-token' + register: k3s_token + changed_when: false + - name: Print token + ansible.builtin.debug: var=k3s_token.stdout + - name: "Add K8S Token and Hash to dummy host" + ansible.builtin.add_host: + name: "K3S_TOKEN_HOLDER" + token: "{{ k3s_token.stdout }}" + - name: Print token + ansible.builtin.debug: + msg: "[Master] K3S_TOKEN_HOLDER K8S token is {{ hostvars['K3S_TOKEN_HOLDER']['token'] }}" + - name: Grant cluster role + ansible.builtin.command: kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user root + changed_when: false + ignore_errors: yes + + - name: Reboot the server + tags: reboot + become: yes + become_user: root + shell: "sleep 5 && reboot" + async: 1 + poll: 0 + + - name: (reboot) Wait for server to restart + wait_for_connection: + delay: 75 + - name: Wait for service 'myservice' to be running + service_facts: + register: result + until: result.ansible_facts.services['k3s.service'].state == 'running' + retries: 10 + delay: 5 +#create cluster: +#curl -u "token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9" -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"name":"test-cluster"}' 'https://192.168.77.106:8543/v3/clusters' --insecure +#get registration token +# curl -u "token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9" -X GET -H 'Accept: application/json' -H 'Content-Type: application/json' https://192.168.77.106:8543/v3/clusters/c-xq5pv/clusterRegistrationTokens --insecure|jq + - name: Create new cluster in rancher + ansible.builtin.shell: "curl -u 'token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9' -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{\"name\":\"odroid\"}' 'https://192.168.77.106:8543/v3/clusters' --insecure| jq .id" + changed_when: false + ignore_errors: true + register: cluster_id + + - name: Just the Names + ansible.builtin.debug: + msg: "{{ cluster_id.stdout }}" + - name: Create new cluster in rancher + ansible.builtin.shell: "curl -u 'token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9' -X GET -H 'Accept: application/json' -H 'Content-Type: application/json' https://192.168.77.106:8543/v3/clusters/{{ cluster_id.stdout }}/clusterRegistrationTokens --insecure| jq .data[0].manifestUrl" + changed_when: false + ignore_errors: true + register: register_id + - name: Register Token + ansible.builtin.debug: + msg: "{{ register_id.stdout }}" + - name: "Register in Rancher" + ansible.builtin.shell: "curl --insecure -sfL {{ register_id.stdout }} |sed 's/rancher-agent:v2.6.7/rancher-agent:v2.6.7-linux-arm64/g'| sed 's%beta.kubernetes.io/os%kubernetes.io/os%g'| kubectl apply -f -" + changed_when: false + ignore_errors: true + # - name: "Register in Rancher" + # ansible.builtin.shell: curl --insecure -sfL https://192.168.77.106:8543/v3/import/f5679ncdtx68489nqj2rntk8bwv6lcsq4j5qdtnxswkbfbtttn5s5q_c-lq4j4.yaml |sed 's/rancher-agent:v2.6.7/rancher-agent:v2.6.7-linux-arm64/g'| sed 's%beta.kubernetes.io/os%kubernetes.io/os%g'| kubectl apply -f - + # changed_when: false + # ignore_errors: true diff --git a/playbooks/71_uninstall_k3s.yml b/playbooks/71_uninstall_k3s.yml new file mode 100644 index 0000000..e26363a --- /dev/null +++ b/playbooks/71_uninstall_k3s.yml @@ -0,0 +1,6 @@ +- hosts: odroid_master + become: true + tasks: + - name: Uninstall K3S + shell: '/usr/local/bin/k3s-uninstall.sh' + diff --git a/playbooks/71_uninstall_k3s_agent.yml b/playbooks/71_uninstall_k3s_agent.yml new file mode 100644 index 0000000..781ce5f --- /dev/null +++ b/playbooks/71_uninstall_k3s_agent.yml @@ -0,0 +1,5 @@ +- hosts: odroid_worker + become: true + tasks: + - name: Uninstall K3S Agent + shell: /usr/local/bin/k3s-agent-uninstall.sh diff --git a/playbooks/72_install_k3s_worker.yml b/playbooks/72_install_k3s_worker.yml new file mode 100644 index 0000000..764381a --- /dev/null +++ b/playbooks/72_install_k3s_worker.yml @@ -0,0 +1,23 @@ +- hosts: odroid_worker + name: Setup k3s + become: true + tasks: + - name: Print token + ansible.builtin.debug: + msg: "[Master] K3S_TOKEN_HOLDER K8S token is {{ hostvars['K3S_TOKEN_HOLDER']['token'] }}" + - name: Print msg + ansible.builtin.debug: + msg: "{{ hostvars['K3S_TOKEN_HOLDER']['token'] }}" + - name: Get hostname + ansible.builtin.command: uname -n + register: result + changed_when: false + - name: Print hostname + ansible.builtin.debug: + msg: "{{ result.stdout }}" + - name: Install K3S Worker + ansible.builtin.shell: >- + curl -sfL https://get.k3s.io + | K3S_TOKEN={{ hostvars['K3S_TOKEN_HOLDER']['token'] }} + K3S_URL="https://192.168.77.161:6443" K3S_NODE_NAME="{{ result.stdout }}" INSTALL_K3S_VERSION="v1.24.1+k3s1" sh - + changed_when: false diff --git a/playbooks/72_register_k3s_worker.yml b/playbooks/72_register_k3s_worker.yml new file mode 100644 index 0000000..1f11395 --- /dev/null +++ b/playbooks/72_register_k3s_worker.yml @@ -0,0 +1,20 @@ +- hosts: odroid_worker + name: Another task + become: true + tasks: + - name: Print token + ansible.builtin.debug: + msg: "[Master] K3S_TOKEN_HOLDER K3S token is {{ hostvars['K3S_TOKEN_HOLDER']['token'] }}" + - name: Print token + ansible.builtin.debug: + msg: "{{ hostvars['K3S_TOKEN_HOLDER']['token'] }}" + - name: Reconfigure K3S Worker + ansible.builtin.lineinfile: + path: /etc/systemd/system/k3s-agent.service.env + regexp: '^K3S_TOKEN=' + line: K3S_TOKEN=\'{{ hostvars['K3S_TOKEN_HOLDER']['token'] }}\' + changed_when: false + - name: Restart K3S Worker + ansible.builtin.service: + name: k3s-agent + state: restarted diff --git a/playbooks/80_change_logo.yml b/playbooks/80_change_logo.yml new file mode 100644 index 0000000..9e77d22 --- /dev/null +++ b/playbooks/80_change_logo.yml @@ -0,0 +1,10 @@ +- hosts: odroid_cluster + name: Run script + become: true + gather_facts: true + tasks: + - name: Reconfigure logo + ansible.builtin.lineinfile: + path: /etc/update-motd.d/10-armbian-header + regexp: "(^#|^)TERM=" + line: "TERM=linux toilet -f standard -F metal $(hostname)" \ No newline at end of file diff --git a/playbooks/96_test_register.yml b/playbooks/96_test_register.yml new file mode 100644 index 0000000..c7d978c --- /dev/null +++ b/playbooks/96_test_register.yml @@ -0,0 +1,3 @@ +--- +- import_playbook: 70_get_k3s_token.yml +- import_playbook: 72_register_k3s_worker.yml \ No newline at end of file diff --git a/playbooks/97_test.yml b/playbooks/97_test.yml new file mode 100644 index 0000000..898c08d --- /dev/null +++ b/playbooks/97_test.yml @@ -0,0 +1,10 @@ +--- +- hosts: "{{ working_host | default('nas') }}" + become: false + gather_facts: False + tasks: + - debug: + msg: play1 + + - name: Test + command: free \ No newline at end of file diff --git a/playbooks/97_test_uninstall.yml b/playbooks/97_test_uninstall.yml new file mode 100644 index 0000000..3d81664 --- /dev/null +++ b/playbooks/97_test_uninstall.yml @@ -0,0 +1,5 @@ +--- +- import_playbook: 71_uninstall_k3s_agent.yml + name: Uninstall k3s agent +- import_playbook: 71_uninstall_k3s.yml + name: Uninstall k3a diff --git a/playbooks/98_complete_install.yml b/playbooks/98_complete_install.yml new file mode 100644 index 0000000..cb2f48a --- /dev/null +++ b/playbooks/98_complete_install.yml @@ -0,0 +1,16 @@ +--- +- hosts: datacenter + become: true + tasks: + - debug: + msg: play1 + +- name: Upgrade system + import_playbook: 00_apt_upgrade.yml + +- name: Install docker + import_playbook: 05_install_docker.yml + +- name: Install apparmor + import_playbook: 10_install_apparmor.yml + \ No newline at end of file diff --git a/playbooks/99_complete_install.yml b/playbooks/99_complete_install.yml new file mode 100644 index 0000000..865844c --- /dev/null +++ b/playbooks/99_complete_install.yml @@ -0,0 +1,23 @@ +--- +- name: Change creds + import_playbook: 00_tst.yml +- name: Initial + import_playbook: 00_initial_adjustments.yml +- name: Apt update + import_playbook: 00_apt_upgrade.yml +- name: Activate display + import_playbook: 00_test.yml +- name: Install LDAP + import_playbook: 00_install_ldap_client.yml +- name: Install Docker + import_playbook: 05_install_docker.yml +- name: Install apparmor + import_playbook: 10_install_apparmor.yml +- name: Change logo + import_playbook: 80_change_logo.yml +- name: Install k3s + import_playbook: 70_install_k3s.yml +- name: Install worker + import_playbook: 72_install_k3s_worker.yml +- name: Reboot All + import_playbook: 11_reboot.yml diff --git a/playbooks/99_complete_install_rhasspy.yml b/playbooks/99_complete_install_rhasspy.yml new file mode 100644 index 0000000..a2ec41a --- /dev/null +++ b/playbooks/99_complete_install_rhasspy.yml @@ -0,0 +1,9 @@ +--- +- name: Change creds + import_playbook: 00_tst.yml +- name: Apt update + import_playbook: 00_apt_upgrade.yml +- name: Install Docker + import_playbook: 05_install_docker.yml +- name: Deploy Rhasspy + import_playbook: 05_pullimage.yml \ No newline at end of file diff --git a/playbooks/files/conf/rhasspy/profile.json b/playbooks/files/conf/rhasspy/profile.json new file mode 100644 index 0000000..cbd70b9 --- /dev/null +++ b/playbooks/files/conf/rhasspy/profile.json @@ -0,0 +1,49 @@ +{ + "dialogue": { + "system": "rhasspy" + }, + "handle": { + "system": "hass" + }, + "home_assistant": { + "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiIwZjAyMjE5ZWVlZTI0MzYyODYzNTM0YTY4NTg4NDBhMiIsImlhdCI6MTY2MzA2MzAwNywiZXhwIjoxOTc4NDIzMDA3fQ.N8Y4EzCppgKbc4tCj6S8UXu1hIUJ8W0QGOXvJTuVwwc", + "handle_type": "event", + "url": "https://ha.sectorq.eu" + }, + "intent": { + "system": "fsticuffs" + }, + "microphone": { + "arecord": { + "device": "default:CARD=Device" + }, + "system": "arecord" + }, + "mqtt": { + "enabled": "true", + "host": "192.168.77.106", + "password": "jaydee1", + "username": "jaydee" + }, + "sounds": { + "aplay": { + "device": "default:CARD=Device" + }, + "system": "aplay" + }, + "speech_to_text": { + "system": "pocketsphinx" + }, + "text_to_speech": { + "nanotts": { + "language": "en-GB" + }, + "system": "nanotts" + }, + "wake": { + "porcupine": { + "keyword_path": "alexa_raspberry-pi.ppn" + }, + "system": "porcupine" + } +} \ No newline at end of file diff --git a/playbooks/files/scripts/initial_changes.sh b/playbooks/files/scripts/initial_changes.sh new file mode 100644 index 0000000..c4a2cc9 --- /dev/null +++ b/playbooks/files/scripts/initial_changes.sh @@ -0,0 +1,31 @@ +MODE="worker" +mac=`ifconfig eth0 |grep ether|awk '{ print $2 }'` +echo $mac +syst=9 +case $mac in +"00:1E:06:48:CE:E7") +syst=1 +MODE="master" +;; +"00:1e:06:48:cd:86") +syst=2 +;; +"00:1e:06:48:d0:01") +syst=3 +;; +"00:1e:06:48:d0:00") +syst=4 +;; +"00:1e:06:48:cd:8e") +syst=5 +;; +esac +echo "lala" > /tmp/check.log +hostnamectl hostname odroidc4-${syst} +sed -i 's/^TERM=/#TERM=/g' /etc/update-motd.d/10-armbian-header +sed -i '32 i TERM=linux toilet -f standard -F metal $(hostname)' /etc/update-motd.d/10-armbian-header +TERM=linux toilet -f standard -F metal $(hostname) +nmcli con mod "Wired connection 1" ipv4.addresses "192.168.77.16${syst}/24" ipv4.gateway "192.168.77.1" ipv4.dns "192.168.77.1" ipv4.method "manual" +iptables -F +update-alternatives --set iptables /usr/sbin/iptables-legacy +update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \ No newline at end of file diff --git a/playbooks/files/scripts/lcd_control.py b/playbooks/files/scripts/lcd_control.py new file mode 100644 index 0000000..ad5acbf --- /dev/null +++ b/playbooks/files/scripts/lcd_control.py @@ -0,0 +1,54 @@ +# Import LCD library +from RPLCD import i2c +import psutil +import datetime +import os +from uptime import uptime +# Import sleep library +from time import sleep + +# constants to initialise the LCD +lcdmode = 'i2c' +cols = 20 +rows = 4 +charmap = 'A00' +i2c_expander = 'PCF8574' + +# Generally 27 is the address;Find yours using: i2cdetect -y 1 +address = 0x27 +port = 0 # 0 on an older Raspberry Pi + +# Initialise the LCD +lcd = i2c.CharLCD(i2c_expander, address, port=port, charmap=charmap, + cols=cols, rows=rows) + + +while True: + myCmd = "" + # Write a string on first line and move to next line + mem_data = psutil.virtual_memory() + net_sum = psutil.net_if_addrs()["eth0"] + eth0_ip = (net_sum[0][1]) + cpu_load = round(psutil.getloadavg()[0],2) + uptime_s = int(uptime()) + uptime_f = str(datetime.timedelta(seconds=uptime_s)) + line1 = f'{"Mem: " + str(mem_data.percent): <20}' + line2 = f'{"IP : " + str(eth0_ip): <20}' + line4 = f'{"CPU: " + str(cpu_load): <20}' + print(cpu_load) + lcd.backlight_enabled = True + lcd.cursor_pos = (0, 0) + lcd.write_string(line1) + lcd.crlf() + lcd.write_string(line2) + lcd.crlf() + lcd.write_string('Up : ' + str(uptime_f)) + lcd.crlf() + lcd.write_string(line4) + sleep(5) + #lcd.clear() + # Switch off backlight + #lcd.backlight_enabled = False + #sleep(3) + # Clear the LCD screen + #lcd.close(clear=True) \ No newline at end of file diff --git a/playbooks/files/scripts/lcd_control_restart.py b/playbooks/files/scripts/lcd_control_restart.py new file mode 100644 index 0000000..e497fc2 --- /dev/null +++ b/playbooks/files/scripts/lcd_control_restart.py @@ -0,0 +1,43 @@ +# Import LCD library +from RPLCD import i2c + +import subprocess +import sys +import os +pid = os.getpid() + + +cmnd = "ps -ef|grep lcd_control|grep -v grep |grep -v {}|wc -l".format(pid) +status, output = subprocess.getstatusoutput(cmnd) + +print(output) +if int(output) > 0: + print("Running already!") + #sys.exit() +# constants to initialise the LCD +lcdmode = 'i2c' +cols = 20 +rows = 4 +charmap = 'A00' +i2c_expander = 'PCF8574' + +# Generally 27 is the address;Find yours using: i2cdetect -y 1 +address = 0x27 +port = 0 # 0 on an older Raspberry Pi + +# Initialise the LCD +lcd = i2c.CharLCD(i2c_expander, address, port=port, charmap=charmap, + cols=cols, rows=rows) +line1 = f'{"####": <20}' +line2 = f'{"Restarting.....": <20}' +line3 = f'{"####": <20}' +line4 = f'{"####": <20}' +lcd.backlight_enabled = True +lcd.cursor_pos = (0, 0) +lcd.write_string(line1) +lcd.crlf() +lcd.write_string(line2) +lcd.crlf() +lcd.write_string(line3) +lcd.crlf() +lcd.write_string(line4) \ No newline at end of file diff --git a/playbooks/files/scripts/lcd_control_start.py b/playbooks/files/scripts/lcd_control_start.py new file mode 100644 index 0000000..00fe8cb --- /dev/null +++ b/playbooks/files/scripts/lcd_control_start.py @@ -0,0 +1,35 @@ +# Import LCD library +from RPLCD import i2c + + +# constants to initialise the LCD +lcdmode = 'i2c' +cols = 20 +rows = 4 +charmap = 'A00' +i2c_expander = 'PCF8574' + +# Generally 27 is the address;Find yours using: i2cdetect -y 1 +address = 0x27 +port = 0 # 0 on an older Raspberry Pi + +# Initialise the LCD +lcd = i2c.CharLCD(i2c_expander, address, port=port, charmap=charmap, + cols=cols, rows=rows) +lcd.clear() +line1 = f'{"####": <20}' +line2 = f'{"Starting....": <20}' +line3 = f'{"####": <20}' +line4 = f'{"####": <20}' +lcd.backlight_enabled = True +lcd.cursor_pos = (0, 0) +lcd.write_string(line1) +lcd.crlf() +lcd.write_string(line2) +lcd.crlf() +lcd.write_string(line3) +lcd.crlf() +lcd.write_string(line4) +lcd.crlf() +lcd.clear() +lcd.close(clear=True) \ No newline at end of file diff --git a/playbooks/files/services/lcd_control.service b/playbooks/files/services/lcd_control.service new file mode 100644 index 0000000..d9e25cc --- /dev/null +++ b/playbooks/files/services/lcd_control.service @@ -0,0 +1,13 @@ +[Unit] +Description=Led Control service +Wants=network-online.target +After=network.target network-online.target + +[Service] +Type=simple +User=root +#ExecStartPre=/bin/sleep 30 +ExecStart=/usr/bin/python3 /usr/bin/lcd_control.py + +[Install] +WantedBy=multi-user.target suspend.target hibernate.target hybrid-sleep.target suspend-then-hibernate.target diff --git a/playbooks/files/services/lcd_control_restart.service b/playbooks/files/services/lcd_control_restart.service new file mode 100644 index 0000000..b72e6ee --- /dev/null +++ b/playbooks/files/services/lcd_control_restart.service @@ -0,0 +1,14 @@ +[Unit] +Description=Run my custom task at shutdown only +DefaultDependencies=no +Before=poweroff.target halt.target shutdown.target reboot.target +Requires=poweroff.target + +[Service] +Type=oneshot +ExecStartPre=systemctl stop lcd_control.service +ExecStart=/usr/bin/python3 /usr/bin/lcd_control_restart.py +RemainAfterExit=yes + +[Install] +WantedBy=shutdown.target \ No newline at end of file diff --git a/playbooks/files/services/lcd_control_start.service b/playbooks/files/services/lcd_control_start.service new file mode 100644 index 0000000..7b6f4bf --- /dev/null +++ b/playbooks/files/services/lcd_control_start.service @@ -0,0 +1,11 @@ +[Unit] +Description=Run my custom task at shutdown only +After=syslog.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/python3 /usr/bin/lcd_control_start.py +RemainAfterExit=yes + +[Install] +WantedBy=basic.target \ No newline at end of file diff --git a/playbooks/files/services/rhasspy.service b/playbooks/files/services/rhasspy.service new file mode 100644 index 0000000..25240fc --- /dev/null +++ b/playbooks/files/services/rhasspy.service @@ -0,0 +1,16 @@ +[Unit] +Description=Rhasspy Autostart +After=network-online.target + +[Service] +Type=simple +User=jd +WorkingDirectory=/home/jd +ExecStart=/bin/bash -lc '/usr/bin/rhasspy --profile en 2>&1 | cat' +StandardOutput=inherit +StandardError=inherit +Restart=always +RestartSec=20 + +[Install] +WantedBy=multi-user.target \ No newline at end of file