jaydee/ansible
1
0
Fork 0
mirror of https://gitlab.sectorq.eu/jaydee/ansible.git synced 2025-11-04 03:20:01 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
jaydee
2022-12-14 02:23:34 +01:00
parent fdcd79983a
commit 7385b59c72
43 changed files with 1729 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

490
ansible.cfg Normal file
View File

@@ -0,0 +1,490 @@
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
inventory = /etc/ansible/hosts.yml
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
forks = 10
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit
# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets
# all - gather all subsets
# network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts
# facter - import facts from facter
# ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered.
#gather_subset = all
# some hardware related facts are collected
# with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that
# timeout to something more suitable for the
# environment.
# gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary
# namespace. This setting maintains the behaviour which was the default prior
# to 2.5, duplicating these variables into the main namespace, each with a
# prefix of 'ansible_'.
# This variable is set to True by default for backwards compatibility. It
# will be changed to a default of 'False' in a future release.
# ansible_facts.
# inject_facts_as_vars = True
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles
# uncomment this to disable SSH key host checking
host_key_checking = False
# change the default callback, you can only have one 'stdout' type enabled at a time.
#stdout_callback = skippy
## Ansible ships with some plugins that require whitelisting,
## this is done to avoid running all of a type by default.
## These setting lists those that you want enabled for your system.
## Custom plugins should not need this unless plugin author specifies it.
# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these
# values to True will make includes behave more like they did in the
# 1.x versions.
#task_includes_static = False
#handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning
#error_on_missing_handler = True
# change this for alternative sudo implementations
#sudo_exe = sudo
# What flags to pass to sudo
# WARNING: leaving out the defaults might create unexpected behaviours
#sudo_flags = -H -S -n
# SSH timeout
#timeout = 10
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log
# default module name for /usr/bin/ansible
#module_name = command
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there
#private_role_vars = yes
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
#vault_password_file = /path/to/vault_password_file
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#ansible_managed = Ansible managed
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default, if a task in a playbook does not include a name: field then
# ansible-playbook will construct a header that includes the task's action but
# not the task's args. This is a security feature because ansible cannot know
# if the *module* considers an argument to be no_log at the time that the
# header is printed. If your environment doesn't have a problem securing
# stdout from ansible-playbook (or you have manually specified no_log in your
# playbook on all of the tasks where you have secret information) then you can
# safely set this to True to get more informative messages.
#display_args_to_stdout = False
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
deprecation_warnings = False
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False
# set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action
#become_plugins = /usr/share/ansible/plugins/become
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
# by default, ansible will use the 'linear' strategy but you may want to try
# another one
#strategy = free
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below.
#cow_selection = default
#cow_selection = random
# when using the 'random' option for cowsay, stencils will be restricted to this list.
# it should be formatted as a comma-separated list with no spaces between names.
# NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them.
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory
#This option tells Ansible where to cache facts. The value is plugin dependent.
#For the jsonfile plugin, it should be a path to a local directory.
#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#fact_caching_connection=/tmp
# retry files
# When a playbook fails a .retry file can be created that will be placed in ~/
# You can enable this feature by setting retry_files_enabled to True
# and you can change the location of the files by setting retry_files_save_path
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
# squash actions
# Ansible can optimise actions that call modules with list parameters
# when looping. Instead of calling the module once per with_ item, the
# module is called once with all items at once. Currently this only works
# under limited circumstances, and only with parameters named 'name'.
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
# prevents logging of task data, off by default
#no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False
# controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine. This option is False by default for security. Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False
# controls the compression level of variables sent to
# worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9.
#var_compression_level = 9
# controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory
# variable
#module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576
# This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI. If this is True then multiple arguments are merged together. If
# it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8.
#merge_multiple_cli_flags = True
# Controls showing custom stats at the end, off by default
#show_custom_stats = True
# Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic)
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK
#allow_unsafe_lookups = False
# set default errors for all plays
#any_errors_fatal = False
[inventory]
# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
#enable_plugins = host_list, virtualbox, yaml, constructed
# ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns=
# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
#unparsed_is_failed=False
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices. This is a problem for some network devices
# that close the connection after a key failure. Uncomment this line to
# disable the Paramiko look for keys function
#look_for_keys = False
# When using persistent connections with Paramiko, the connection runs in a
# background process. If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key. This will cause connections
# running in background processes to fail. Uncomment this line to have
# Paramiko automatically add host keys.
#host_key_auto_add = True
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path =
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
pipelining = True
# Control the mechanism for transferring files (old)
# * smart = try sftp and then try scp [default]
# * True = use scp only
# * False = use sftp only
#scp_if_ssh = smart
# Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option
# * sftp = use sftp to transfer files
# * scp = use scp to transfer files
# * piped = use 'dd' over SSH to transfer files
# * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart
# if False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False
# The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default.
#usetty = True
# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
# For each retry attempt, there is an exponential backoff,
# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
#retries = 3
[persistent_connection]
# Configures the persistent connection timeout value in seconds. This value is
# how long the persistent connection will remain idle before it is destroyed.
# If the connection doesn't receive a request before the timeout value
# expires, the connection is shutdown. The default value is 30 seconds.
#connect_timeout = 30
# The command timeout value defines the amount of time to wait for a command
# or RPC call before timing out. The value for the command timeout must
# be less than the value of the persistent connection idle timeout (connect_timeout)
# The default value is 30 second.
#command_timeout = 30
[accelerate]
#accelerate_port = 5099
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p,vfat
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan
[diff]
# Always print diff when running ( same as always running with -D/--diff )
# always = no
# Set how many context lines to show in diff
# context = 3

74
hosts Normal file
View File

@@ -0,0 +1,74 @@
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
#green.example.com
#blue.example.com
#192.168.100.1
#192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
#[webservers]
#alpha.example.org
#beta.example.org
#192.168.1.100
#192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
#www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
#[dbservers]
#
#db01.intranet.mydomain.net
#db02.intranet.mydomain.net
#10.25.1.56
#10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
#db-[99:101]-node.example.com
[linux1]
192.168.77.106
[linux2]
192.168.77.161
[linux1:vars]
ansible_user=admin
ansible_password=l4c1j4yd33Du5lo
ansible_python_interpreter=/share/ZFS530_DATA/.qpkg/QPython39/bin/python3
[linux2:vars]
ansible_user=jd
ansible_password=lacijaydee
[odroid]
192.168.77.161
[odroid2]
192.168.77.162
192.168.77.163
192.168.77.164
192.168.77.165
[od:children]
odroid
odroid2
[odroid:vars]
ansible_user=root
ansible_password=lacijaydee

53
hosts.yml Normal file
View File

@@ -0,0 +1,53 @@
---
datacenter:
children:
odroid_cluster:
children:
odroid_master:
hosts:
192.168.77.161:
vars:
testVar: 999
odroid_worker:
hosts:
192.168.77.16[2:5]:
vars:
ansible_ssh_user: jd
ansible_ssh_pass: lacijaydee
ansible_become_password: lacijaydee
ssh_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
nas:
hosts:
192.168.77.106:
vars:
ansible_user: admin
ansible_ssh_pass: l4c1j4yd33Du5lo
ansible_python_interpreter: /share/ZFS530_DATA/.qpkg/QPython39/bin/python3
omv:
hosts:
192.168.77.189:
vars:
ansible_user: jd
ansible_ssh_pass: lacijaydee
ansible_become_password: lacijaydee
rhasspy:
hosts:
192.168.77.248:
vars:
ansible_user: jd
ansible_ssh_pass: lacijaydee
ansible_become_password: lacijaydee
windows:
hosts:
192.168.77.211
vars:
ansible_user: jd
ansible_password: "q"
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_server_cert_validation: ignore
ansible_winrm_kerberos_delegation: true

7
hosts_init.yml Normal file
View File

@@ -0,0 +1,7 @@
---
odroid_cluster:
hosts:
192.168.77.16[1:5]:
vars:
ansible_ssh_user: root
ansible_ssh_pass: 1234

43
playbooks/00_apt_upgrade.yml Normal file
View File

@@ -0,0 +1,43 @@
- hosts: datacenter
name: Apt udate
become: true
tasks:
- name: Apt exclude linux-dtb-current-meson64
ansible.builtin.shell: 'apt-mark hold linux-dtb-current-meson64'
changed_when: false
# - name: Install K3S
# ansible.builtin.shell: 'apt-mark hold linux-image-current-meson64'
# changed_when: false
# - name: Install K3S
# ansible.builtin.shell: 'apt-mark hold linux-libc-dev'
# changed_when: false
# - name: Install K3S
# ansible.builtin.shell: 'apt-mark hold linux-u-boot-odroidc4-current'
# changed_when: false
# - name: Install K3S
# ansible.builtin.shell: 'apt-mark hold armbian-bsp-cli-odroidc4'
# changed_when: false
# - name: Install K3S
# ansible.builtin.shell: 'apt-mark hold armbian-config'
# changed_when: false
# - name: Install K3S
# ansible.builtin.shell: 'apt-mark hold armbian-firmware'
# changed_when: false
# - name: Install K3S
# ansible.builtin.shell: 'apt-mark hold armbian-zsh'
# changed_when: false
- name: Apt update
ansible.builtin.shell: 'apt update'
changed_when: false
- name: Apt upgrade
ansible.builtin.shell: 'apt -o Dpkg::Options::="--force-confnew" upgrade -y'
changed_when: false
# - name: Apt
# ansible.builtin.apt:
# update_cache: true
# upgrade: true
# dpkg_options: 'force-confold,force-confdef'
# - name: Get memory
# ansible.builtin.command: /usr/bin/free
# changed_when: false

8
playbooks/00_distribute_ssh_keys.yml Normal file
View File

@@ -0,0 +1,8 @@
- hosts: odroid_cluster
tasks:
- name: Set authorized key taken from file
ansible.posix.authorized_key:
user: jd
state: present
key: "{{ lookup('file', '/home/jd/.ssh/id_rsa.pub') }}"

11
playbooks/00_getmac.yml Normal file
View File

@@ -0,0 +1,11 @@
- hosts: datacenter
name: Apt udate
become: true
tasks:
- name: Debug
ansible.builtin.debug:
msg: "{{ ansible_eth0.macaddress }}"
- name: Debug
ansible.builtin.debug:
msg: "olalalaaaa"
when: ansible_eth0.macaddress == "b8:27:eb:29:cb:d41"

42
playbooks/00_initial_adjustments.yml Normal file
View File

@@ -0,0 +1,42 @@
- hosts: odroid_cluster
name: Run script
become: true
gather_facts: true
tasks:
- name: Reconfigure /root/.bashrc
ansible.builtin.lineinfile:
path: /root/.bashrc
line: "export HISTCONTROL=ignoreboth"
- name: Reconfigure /home/jd/.bashrc
ansible.builtin.lineinfile:
path: /home/jd/.bashrc
line: "export HISTCONTROL=ignoreboth"
- name: Set a hostname
ansible.builtin.hostname:
name: odroidc4-1
when: ansible_eth0.macaddress == "00:1e:06:48:b3:0c"
- name: Set a hostname
ansible.builtin.hostname:
name: odroidc4-2
when: ansible_eth0.macaddress == "00:1e:06:48:cd:86"
- name: Set a hostname
ansible.builtin.hostname:
name: odroidc4-3
when: ansible_eth0.macaddress == "00:1e:06:48:d0:01"
- name: Set a hostname
ansible.builtin.hostname:
name: odroidc4-4
when: ansible_eth0.macaddress == "00:1e:06:48:d0:00"
- name: Set a hostname
ansible.builtin.hostname:
name: odroidc4-5
when: ansible_eth0.macaddress == "00:1e:06:48:cd:8e"
- name: Iptables 1
ansible.builtin.command:
iptables -F
- name: Iptables 2
ansible.builtin.command:
update-alternatives --set iptables /usr/sbin/iptables-legacy
- name: Iptables 3
ansible.builtin.command:
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

103
playbooks/00_install_ldap_client.yml Normal file
View File

@@ -0,0 +1,103 @@
- hosts: datacenter
name: Install omv
become: true
become_user: root
tasks:
- name: Install ldap packages
ansible.builtin.apt:
name:
- libpam-ldapd
- ldap-utils
- libnss-ldapd
# - name: Reconfigure ldap base
# ansible.builtin.lineinfile:
# path: /etc/ldap.conf
# regexp: "^base "
# line: "base dc=sectorq,dc=eu"
# - name: Reconfigure ldap uri
# ansible.builtin.lineinfile:
# path: /etc/ldap.conf
# regexp: "^uri ldap.*"
# line: "uri ldaps://ldap-server.loc/"
# - name: Reconfigure ldap version
# ansible.builtin.lineinfile:
# path: /etc/ldap.conf
# regexp: "^ldap_version.*"
# line: "ldap_version 3"
# - name: Reconfigure ldap rootbinddn
# ansible.builtin.lineinfile:
# path: /etc/ldap.conf
# regexp: "^rootbinddn.*"
# line: "rootbinddn cn=admin,dc=sectorq,dc=eu"
- name: Reconfigure common-session
ansible.builtin.lineinfile:
path: /etc/pam.d/common-session
regexp: "^session optional pam_mkhomedir.so.*"
line: "session optional pam_mkhomedir.so skel=/etc/skel umask=077"
- name: Reconfigure common-session
ansible.builtin.lineinfile:
path: /etc/pam.d/common-session
regexp: "^session.*pam_ldap.so.*"
line: "session [success=ok default=ignore] pam_ldap.so minimum_uid=1000"
- name: Reconfigure common-password
ansible.builtin.lineinfile:
path: /etc/pam.d/common-password
regexp: "^password.*success=1 user_unknown=ignore default=die.*"
line: "password [success=1 default=ignore] pam_ldap.so minimum_uid=1000 try_first_pass"
- name: Reconfigure nsswitch passwd
ansible.builtin.lineinfile:
path: /etc/nsswitch.conf
regexp: "^passwd:.*"
line: "passwd: compat systemd ldap"
- name: Reconfigure nsswitch group
ansible.builtin.lineinfile:
path: /etc/nsswitch.conf
regexp: "^group:.*"
line: "group: compat systemd ldap"
- name: Reconfigure nsswitch shadow
ansible.builtin.lineinfile:
path: /etc/nsswitch.conf
regexp: "^shadow:.*"
line: "shadow: compat ldap"
- name: Reconfigure nslcd uri
ansible.builtin.lineinfile:
path: /etc/nslcd.conf
regexp: "^uri ldap.*"
line: "uri ldaps://ldap-server.loc/"
- name: Reconfigure ldap base
ansible.builtin.lineinfile:
path: /etc/nslcd.conf
regexp: "^base "
line: "base dc=sectorq,dc=eu"
- name: Reconfigure nslcd binddn
ansible.builtin.lineinfile:
path: /etc/nslcd.conf
regexp: "^#binddn"
line: "binddn cn=admin,dc=sectorq,dc=eu"
- name: Reconfigure nslcd bindpw
ansible.builtin.lineinfile:
path: /etc/nslcd.conf
regexp: "^#bindpw"
line: "bindpw l4c1j4yd33Du5lo"
# - name: Reconfigure ldap base
# ansible.builtin.lineinfile:
# path: /etc/nslcd.conf
# regexp: "^#ssl"
# line: "ssl start_tls"
- name: Reconfigure nslcd tls_reqcert
ansible.builtin.lineinfile:
path: /etc/nslcd.conf
regexp: "^#tls_reqcert"
line: "tls_reqcert allow"
- name: Restart nslcd service
ansible.builtin.service:
name: nslcd.service
state: restarted

26
playbooks/00_install_omv.yml Normal file
View File

@@ -0,0 +1,26 @@
- hosts: omv
name: Install omv
become: true
become_user: root
tasks:
- name: Apt
ansible.builtin.apt:
update_cache: true
upgrade: true
- name: Install python + pip
ansible.builtin.apt:
name:
- python3
- python3-pip
- apt-transport-https
- mosquitto
state: present
- name: Install pip modules
ansible.builtin.pip:
name:
- wheel
- paho-mqtt
- ping3
- requests
- autorandr
- getmac

7
playbooks/00_poweroff.yml Normal file
View File

@@ -0,0 +1,7 @@
- hosts: odroid_cluster
name: Power off
become: true
gather_facts: false
tasks:
- name: Shut down
community.general.shutdown:

54
playbooks/00_test.yml Normal file
View File

@@ -0,0 +1,54 @@
- hosts: odroid_master
name: Install k3s
become: true
tasks:
- name: Install deps...
ansible.builtin.apt:
name:
- python3-pip
- python3-dev
- name: Install bottle python package
ansible.builtin.pip:
name:
- RPLCD
- psutil
- smbus2
- uptime
- name: Upload led control scripts
ansible.builtin.copy:
src: scripts/lcd_control.py
dest: /usr/bin/lcd_control.py
- name: Upload led control service
ansible.builtin.copy:
src: services/lcd_control.service
dest: /etc/systemd/system/
- name: Upload led control scripts
ansible.builtin.copy:
src: scripts/lcd_control_restart.py
dest: /usr/bin/lcd_control_restart.py
- name: Upload led control service
ansible.builtin.copy:
src: services/lcd_control_restart.service
dest: /etc/systemd/system/
- name: Upload led control scripts
ansible.builtin.copy:
src: scripts/lcd_control_start.py
dest: /usr/bin/lcd_control_start.py
- name: Upload led control service
ansible.builtin.copy:
src: services/lcd_control_start.service
dest: /etc/systemd/system/
- name: reload systemctl
ansible.builtin.command: systemctl daemon-reload
- name: Enable service startup lcd_control
ansible.builtin.command: systemctl enable lcd_control.service
- name: Starting service lcd_control
ansible.builtin.command: systemctl start lcd_control.service
- name: Enable service startup lcd_control_restart.service
ansible.builtin.command: systemctl enable lcd_control_restart.service
- name: Enable service startup lcd_control_start.service
ansible.builtin.command: systemctl enable lcd_control_start.service
# - name: Start service lcd_control_restart.service
# ansible.builtin.command: systemctl start lcd_control_restart.service
# - name: start lcd script
# shell: cd /root; nohup python3 lcd_control.py >/dev/null 2>&1 &

47
playbooks/00_tst.yml Normal file
View File

@@ -0,0 +1,47 @@
- hosts: odroid_cluster
name: User creation
vars:
ansible_ssh_user: root
ansible_ssh_pass: 1234
myuser: "root"
mypassword: "lacijaydee"
mypassword2: "lacijaydee"
tasks:
- name: Change password
ansible.builtin.user:
name: "{{ myuser }}"
state: present
shell: /bin/bash
expires: -1
password: "{{ mypassword | password_hash('sha512') }}"
- name: Set locale
community.general.locale_gen:
name: en_US.UTF-8
state: present
- name: Create password
ansible.builtin.user:
name: "jd"
state: present
expires: -1
password: "{{ mypassword2 | password_hash('sha512') }}"
shell: /bin/bash
- name: Allow the jd user to run any commands
community.general.sudoers:
name: jd as sudo
state: present
user: jd
nopassword: true
commands: ALL
- name: Set timezone to Europe/Bratislava
community.general.timezone:
name: Europe/Bratislava
- name: Remove first login file
ansible.builtin.file:
state: absent
path: /root/.not_logged_in_yet
- name: Reconfigure logo
ansible.builtin.lineinfile:
path: /boot/armbianEnv.txt
line: "disp_mode=800x480"

8
playbooks/00_win.yml Normal file
View File

@@ -0,0 +1,8 @@
- hosts: windows
name: Test
gather_facts: true
tasks:
- name: Run basic PowerShell script
win_file:
path: c:\lala
state: directory

33
playbooks/05_install_docker.yml Normal file
View File

@@ -0,0 +1,33 @@
- hosts: odroid_cluster
name: Install docker
become: true
become_user: root
tasks:
- name: Install docker
ansible.builtin.apt:
name: docker.io
state: present
- name: Install telnet
ansible.builtin.apt:
name: telnet
state: present
- name: Install net-tools
ansible.builtin.apt:
name: net-tools
state: present
- name: Install curl!
ansible.builtin.apt:
name: curl
state: present
- name: Install deps...
ansible.builtin.apt:
name:
- python3-pip
- python3-dev
- name: Install bottle python package
ansible.builtin.pip:
name:
- RPLCD
- psutil
- smbus2
- uptime

155
playbooks/05_install_rhasspy.yml Normal file
View File

@@ -0,0 +1,155 @@
- hosts: rhasspy
name: Install rhasspy
become: true
become_user: root
tasks:
- name: Set a hostname
ansible.builtin.hostname:
name: rasp3-2
when: ansible_eth0.macaddress == "b8:27:eb:29:cb:d4"
- name: Set a hostname
ansible.builtin.hostname:
name: rasp3-1
when: ansible_eth0.macaddress == "b8:27:eb:53:79:11" or ansible_wlan0.macaddress == "B8:27:EB:06:2C:44"
# - name: Download package
# ansible.builtin.get_url:
# url: https://sectorq.eu/install/rhasspy_amd64.deb
# dest: /tmp/rhasspy_amd64.deb
# mode: '0777'
- name: Get keys for raspotify
ansible.builtin.shell:
curl -sSL https://dtcooper.github.io/raspotify/key.asc | sudo tee /usr/share/keyrings/raspotify_key.asc > /dev/null
changed_when: false
- name: Get keys for raspotify
ansible.builtin.file:
path: /usr/share/keyrings/raspotify_key.asc
mode: "0644"
- name: Get repo
ansible.builtin.shell: >-
echo 'deb [signed-by=/usr/share/keyrings/raspotify_key.asc] https://dtcooper.github.io/raspotify raspotify main' |
sudo tee /etc/apt/sources.list.d/raspotify.list
changed_when: false
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
upgrade: true
ignore_errors: true
- name: Install curl,mosquitto ...
ansible.builtin.apt:
name:
- curl
# - libffi7
- apt-transport-https
- raspotify
- mosquitto
- python3-pip
state: present
- name: Reconfigure /etc/raspotify/conf
ansible.builtin.lineinfile:
path: /etc/raspotify/conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- { regexp: '(^|^#)LIBRESPOT_NAME=', line: 'LIBRESPOT_NAME="rasp3-2"' }
- { regexp: '(^|^#)LIBRESPOT_BITRATE=', line: 'LIBRESPOT_BITRATE="160"' }
- { regexp: '(^|^#)LIBRESPOT_DEVICE=', line: 'LIBRESPOT_DEVICE="hw:CARD=Device,DEV=0"' }
- { regexp: '(^|^#)LIBRESPOT_PASSWORD=', line: 'LIBRESPOT_PASSWORD="l4c1j4yd33Du5lo"' }
- { regexp: '(^|^#)LIBRESPOT_USERNAME=', line: 'LIBRESPOT_USERNAME="jaydee67@sectorq.eu"' }
when: ansible_eth0.macaddress == "b8:27:eb:29:cb:d4"
- name: Reconfigure /etc/raspotify/conf
ansible.builtin.lineinfile:
path: /etc/raspotify/conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- { regexp: '(^|^#)LIBRESPOT_NAME=', line: 'LIBRESPOT_NAME="rasp3-1"' }
- { regexp: '(^|^#)LIBRESPOT_BITRATE=', line: 'LIBRESPOT_BITRATE="160"' }
- { regexp: '(^|^#)LIBRESPOT_DEVICE=', line: 'LIBRESPOT_DEVICE="hw:CARD=Device,DEV=0"' }
- { regexp: '(^|^#)LIBRESPOT_PASSWORD=', line: 'LIBRESPOT_PASSWORD="l4c1j4yd33Du5lo"' }
- { regexp: '(^|^#)LIBRESPOT_USERNAME=', line: 'LIBRESPOT_USERNAME="jaydee67@sectorq.eu"' }
when: ansible_eth0.macaddress == "b8:27:eb:53:79:11"
# - name: Creating a symlink for libs
# ansible.builtin.file:
# src: "/usr/lib/aarch64-linux-gnu/libffi.so.7"
# dest: "/usr/lib/aarch64-linux-gnu/libffi.so.6"
# state: link
# - name: Install a rhasspy_amd64.deb
# ansible.builtin.apt:
# deb: /tmp/rhasspy_amd64.deb
# - name: Upload config
# ansible.builtin.copy:
# src: /etc/ansible/playbooks/files/services/rhasspy.service
# dest: /etc/systemd/system/rhasspy.service
# owner: root
# group: root
# mode: u=rwx,g=rx,o=rx
# - name: Just force systemd to reread configs (2.4 and above)
# ansible.builtin.systemd:
# daemon_reload: true
# - name: Restart service rhasspy, in all cases
# ansible.builtin.service:
# name: rhasspy
# state: restarted
# - name: Ensure rhasspy is in a running state
# ansible.builtin.service:
# name: rhasspy
# state: started
# register: myservice_details
# until: myservice_details.status.ActiveState == "active"
# retries: 15
# delay: 20
- name: Make sure destination dir exists
ansible.builtin.file:
path: "/home/jd/.config/rhasspy/profiles/en/"
state: directory
owner: jd
group: jd
mode: '0755'
- name: Upload config
ansible.builtin.copy:
src: /etc/ansible/playbooks/files/conf/rhasspy/profile.json
dest: /home/jd/.config/rhasspy/profiles/en/profile.json
owner: jd
group: jd
mode: u=rw,g=r,o=r
- name: Restart service raspotify, in all cases
ansible.builtin.service:
name: raspotify
state: restarted
- name: Install docker
ansible.builtin.shell:
curl -sSL https://get.docker.com | sh
ignore_errors: true
changed_when: false
- name: Add user to docker group
ansible.builtin.user:
name: jd
append: true
groups: docker
- name: Install pip modules
ansible.builtin.pip:
name: docker
- name: Pull image
community.docker.docker_image:
name: rhasspy/rhasspy
source: pull
- name: Create container
community.docker.docker_container:
name: rhasspy
image: rhasspy/rhasspy
command: --user-profiles /profiles --profile en
devices:
- "/dev/snd:/dev/snd"
restart_policy: unless-stopped
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/home/jd/.config/rhasspy/profiles:/profiles"
ports:
- "12101:12101"

29
playbooks/05_pullimage.yml Normal file
View File

@@ -0,0 +1,29 @@
- hosts: rhasspy
name: Install rhasspy
become: true
become_user: root
tasks:
- name: Install curl,mosquitto ...
ansible.builtin.apt:
name:
- python3-pip
- name: Install pip modules
ansible.builtin.pip:
name: docker
- name: Pull image
community.docker.docker_image:
name: rhasspy/rhasspy
source: pull
- name: Create container
community.docker.docker_container:
name: rhasspy
image: rhasspy/rhasspy
command: --user-profiles /profiles --profile en
devices:
- "/dev/snd:/dev/snd"
restart_policy: unless-stopped
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/home/jd/.config/rhasspy/profiles:/profiles"
ports:
- "12101:12101"

7
playbooks/06_remove_docker.yml Normal file
View File

@@ -0,0 +1,7 @@
- hosts: odroid_cluster
become: true
tasks:
- name: Remove docker
apt:
name: docker.io
state: absent

10
playbooks/10_install_apparmor.yml Normal file
View File

@@ -0,0 +1,10 @@
- hosts: odroid_cluster
name: Install apparmor
become: true
tasks:
- name: Install apparmor
ansible.builtin.apt:
name:
- apparmor
- apparmor-utils
state: present

11
playbooks/11_reboot.yml Normal file
View File

@@ -0,0 +1,11 @@
- hosts: odroid_cluster
name: Install k3s
become: true
tasks:
- name: Reboot the server
tags: reboot
become: yes
become_user: root
shell: "sleep 5 && reboot"
async: 1
poll: 0

30
playbooks/70_create_cluster.yml Normal file
View File

@@ -0,0 +1,30 @@
- hosts: odroid_master
name: Create rancher cluster
become: true
tasks:
- name: Create new cluster in rancher
ansible.builtin.shell: "curl -u 'token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9' -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{\"name\":\"odroid\"}' 'https://192.168.77.106:8543/v3/clusters' --insecure| jq .id"
changed_when: false
ignore_errors: true
register: cluster_id
- name: Just the Names
ansible.builtin.debug:
msg: "{{ cluster_id.stdout }}"
- name: Create new cluster in rancher
ansible.builtin.shell: "curl -u 'token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9' -X GET -H 'Accept: application/json' -H 'Content-Type: application/json' https://192.168.77.106:8543/v3/clusters/{{ cluster_id.stdout }}/clusterRegistrationTokens --insecure| jq .data[0].manifestUrl"
changed_when: false
ignore_errors: true
register: register_id
- name: Register Token
ansible.builtin.debug:
msg: "{{ register_id.stdout }}"
- name: "Register in Rancher"
ansible.builtin.shell: "curl --insecure -sfL {{ register_id.stdout }} |sed 's/rancher-agent:v2.6.7/rancher-agent:v2.6.7-linux-arm64/g'| sed 's%beta.kubernetes.io/os%kubernetes.io/os%g'| kubectl apply -f -"
changed_when: false
ignore_errors: true
#create cluster:
#curl -u "token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9" -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"name":"test-cluster"}' 'https://192.168.77.106:8543/v3/clusters' --insecure
#get registration token
# curl -u "token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9" -X GET -H 'Accept: application/json' -H 'Content-Type: application/json' https://192.168.77.106:8543/v3/clusters/c-xq5pv/clusterRegistrationTokens --insecure|jq

14
playbooks/70_get_k3s_token.yml Normal file
View File

@@ -0,0 +1,14 @@
- hosts: odroid_master
become: true
tasks:
- name: Get token
shell: 'cat /var/lib/rancher/k3s/server/node-token'
register: K3S_TOKEN
- debug: var=K3S_TOKEN.stdout
- name: "Add K8S Token and Hash to dummy host"
add_host:
name: "K3S_TOKEN_HOLDER"
token: "{{ K3S_TOKEN.stdout }}"
- name: "print token"
debug:
msg: "[Master] K3S_TOKEN_HOLDER K8S token is {{ hostvars['K3S_TOKEN_HOLDER']['token'] }}"

71
playbooks/70_install_k3s.yml Normal file
View File

@@ -0,0 +1,71 @@
- hosts: odroid_master
name: Install k3s
become: true
tasks:
- name: Install K3S
ansible.builtin.shell: 'curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_VERSION="v1.24.1+k3s1" sh -s -'
changed_when: false
- name: Get token
ansible.builtin.command: 'cat /var/lib/rancher/k3s/server/node-token'
register: k3s_token
changed_when: false
- name: Print token
ansible.builtin.debug: var=k3s_token.stdout
- name: "Add K8S Token and Hash to dummy host"
ansible.builtin.add_host:
name: "K3S_TOKEN_HOLDER"
token: "{{ k3s_token.stdout }}"
- name: Print token
ansible.builtin.debug:
msg: "[Master] K3S_TOKEN_HOLDER K8S token is {{ hostvars['K3S_TOKEN_HOLDER']['token'] }}"
- name: Grant cluster role
ansible.builtin.command: kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user root
changed_when: false
ignore_errors: yes
- name: Reboot the server
tags: reboot
become: yes
become_user: root
shell: "sleep 5 && reboot"
async: 1
poll: 0
- name: (reboot) Wait for server to restart
wait_for_connection:
delay: 75
- name: Wait for service 'myservice' to be running
service_facts:
register: result
until: result.ansible_facts.services['k3s.service'].state == 'running'
retries: 10
delay: 5
#create cluster:
#curl -u "token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9" -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"name":"test-cluster"}' 'https://192.168.77.106:8543/v3/clusters' --insecure
#get registration token
# curl -u "token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9" -X GET -H 'Accept: application/json' -H 'Content-Type: application/json' https://192.168.77.106:8543/v3/clusters/c-xq5pv/clusterRegistrationTokens --insecure|jq
- name: Create new cluster in rancher
ansible.builtin.shell: "curl -u 'token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9' -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{\"name\":\"odroid\"}' 'https://192.168.77.106:8543/v3/clusters' --insecure| jq .id"
changed_when: false
ignore_errors: true
register: cluster_id
- name: Just the Names
ansible.builtin.debug:
msg: "{{ cluster_id.stdout }}"
- name: Create new cluster in rancher
ansible.builtin.shell: "curl -u 'token-wg66j:p26nwqs9ckqbth4h8gtfd2g7858g8smbtpgmxq9qr52w4795l5jvv9' -X GET -H 'Accept: application/json' -H 'Content-Type: application/json' https://192.168.77.106:8543/v3/clusters/{{ cluster_id.stdout }}/clusterRegistrationTokens --insecure| jq .data[0].manifestUrl"
changed_when: false
ignore_errors: true
register: register_id
- name: Register Token
ansible.builtin.debug:
msg: "{{ register_id.stdout }}"
- name: "Register in Rancher"
ansible.builtin.shell: "curl --insecure -sfL {{ register_id.stdout }} |sed 's/rancher-agent:v2.6.7/rancher-agent:v2.6.7-linux-arm64/g'| sed 's%beta.kubernetes.io/os%kubernetes.io/os%g'| kubectl apply -f -"
changed_when: false
ignore_errors: true
# - name: "Register in Rancher"
# ansible.builtin.shell: curl --insecure -sfL https://192.168.77.106:8543/v3/import/f5679ncdtx68489nqj2rntk8bwv6lcsq4j5qdtnxswkbfbtttn5s5q_c-lq4j4.yaml |sed 's/rancher-agent:v2.6.7/rancher-agent:v2.6.7-linux-arm64/g'| sed 's%beta.kubernetes.io/os%kubernetes.io/os%g'| kubectl apply -f -
# changed_when: false
# ignore_errors: true

6
playbooks/71_uninstall_k3s.yml Normal file
View File

@@ -0,0 +1,6 @@
- hosts: odroid_master
become: true
tasks:
- name: Uninstall K3S
shell: '/usr/local/bin/k3s-uninstall.sh'

5
playbooks/71_uninstall_k3s_agent.yml Normal file
View File

@@ -0,0 +1,5 @@
- hosts: odroid_worker
become: true
tasks:
- name: Uninstall K3S Agent
shell: /usr/local/bin/k3s-agent-uninstall.sh

23
playbooks/72_install_k3s_worker.yml Normal file
View File

@@ -0,0 +1,23 @@
- hosts: odroid_worker
name: Setup k3s
become: true
tasks:
- name: Print token
ansible.builtin.debug:
msg: "[Master] K3S_TOKEN_HOLDER K8S token is {{ hostvars['K3S_TOKEN_HOLDER']['token'] }}"
- name: Print msg
ansible.builtin.debug:
msg: "{{ hostvars['K3S_TOKEN_HOLDER']['token'] }}"
- name: Get hostname
ansible.builtin.command: uname -n
register: result
changed_when: false
- name: Print hostname
ansible.builtin.debug:
msg: "{{ result.stdout }}"
- name: Install K3S Worker
ansible.builtin.shell: >-
curl -sfL https://get.k3s.io
| K3S_TOKEN={{ hostvars['K3S_TOKEN_HOLDER']['token'] }}
K3S_URL="https://192.168.77.161:6443" K3S_NODE_NAME="{{ result.stdout }}" INSTALL_K3S_VERSION="v1.24.1+k3s1" sh -
changed_when: false

20
playbooks/72_register_k3s_worker.yml Normal file
View File

@@ -0,0 +1,20 @@
- hosts: odroid_worker
name: Another task
become: true
tasks:
- name: Print token
ansible.builtin.debug:
msg: "[Master] K3S_TOKEN_HOLDER K3S token is {{ hostvars['K3S_TOKEN_HOLDER']['token'] }}"
- name: Print token
ansible.builtin.debug:
msg: "{{ hostvars['K3S_TOKEN_HOLDER']['token'] }}"
- name: Reconfigure K3S Worker
ansible.builtin.lineinfile:
path: /etc/systemd/system/k3s-agent.service.env
regexp: '^K3S_TOKEN='
line: K3S_TOKEN=\'{{ hostvars['K3S_TOKEN_HOLDER']['token'] }}\'
changed_when: false
- name: Restart K3S Worker
ansible.builtin.service:
name: k3s-agent
state: restarted

10
playbooks/80_change_logo.yml Normal file
View File

@@ -0,0 +1,10 @@
- hosts: odroid_cluster
name: Run script
become: true
gather_facts: true
tasks:
- name: Reconfigure logo
ansible.builtin.lineinfile:
path: /etc/update-motd.d/10-armbian-header
regexp: "(^#|^)TERM="
line: "TERM=linux toilet -f standard -F metal $(hostname)"

3
playbooks/96_test_register.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- import_playbook: 70_get_k3s_token.yml
- import_playbook: 72_register_k3s_worker.yml

10
playbooks/97_test.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- hosts: "{{ working_host | default('nas') }}"
become: false
gather_facts: False
tasks:
- debug:
msg: play1
- name: Test
command: free

5
playbooks/97_test_uninstall.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- import_playbook: 71_uninstall_k3s_agent.yml
name: Uninstall k3s agent
- import_playbook: 71_uninstall_k3s.yml
name: Uninstall k3a

16
playbooks/98_complete_install.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- hosts: datacenter
become: true
tasks:
- debug:
msg: play1
- name: Upgrade system
import_playbook: 00_apt_upgrade.yml
- name: Install docker
import_playbook: 05_install_docker.yml
- name: Install apparmor
import_playbook: 10_install_apparmor.yml

23
playbooks/99_complete_install.yml Normal file
View File

@@ -0,0 +1,23 @@
---
- name: Change creds
import_playbook: 00_tst.yml
- name: Initial
import_playbook: 00_initial_adjustments.yml
- name: Apt update
import_playbook: 00_apt_upgrade.yml
- name: Activate display
import_playbook: 00_test.yml
- name: Install LDAP
import_playbook: 00_install_ldap_client.yml
- name: Install Docker
import_playbook: 05_install_docker.yml
- name: Install apparmor
import_playbook: 10_install_apparmor.yml
- name: Change logo
import_playbook: 80_change_logo.yml
- name: Install k3s
import_playbook: 70_install_k3s.yml
- name: Install worker
import_playbook: 72_install_k3s_worker.yml
- name: Reboot All
import_playbook: 11_reboot.yml

9
playbooks/99_complete_install_rhasspy.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Change creds
import_playbook: 00_tst.yml
- name: Apt update
import_playbook: 00_apt_upgrade.yml
- name: Install Docker
import_playbook: 05_install_docker.yml
- name: Deploy Rhasspy
import_playbook: 05_pullimage.yml

49
playbooks/files/conf/rhasspy/profile.json Normal file
View File

@@ -0,0 +1,49 @@
{
"dialogue": {
"system": "rhasspy"
},
"handle": {
"system": "hass"
},
"home_assistant": {
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiIwZjAyMjE5ZWVlZTI0MzYyODYzNTM0YTY4NTg4NDBhMiIsImlhdCI6MTY2MzA2MzAwNywiZXhwIjoxOTc4NDIzMDA3fQ.N8Y4EzCppgKbc4tCj6S8UXu1hIUJ8W0QGOXvJTuVwwc",
"handle_type": "event",
"url": "https://ha.sectorq.eu"
},
"intent": {
"system": "fsticuffs"
},
"microphone": {
"arecord": {
"device": "default:CARD=Device"
},
"system": "arecord"
},
"mqtt": {
"enabled": "true",
"host": "192.168.77.106",
"password": "jaydee1",
"username": "jaydee"
},
"sounds": {
"aplay": {
"device": "default:CARD=Device"
},
"system": "aplay"
},
"speech_to_text": {
"system": "pocketsphinx"
},
"text_to_speech": {
"nanotts": {
"language": "en-GB"
},
"system": "nanotts"
},
"wake": {
"porcupine": {
"keyword_path": "alexa_raspberry-pi.ppn"
},
"system": "porcupine"
}
}

31
playbooks/files/scripts/initial_changes.sh Normal file
View File

@@ -0,0 +1,31 @@
MODE="worker"
mac=`ifconfig eth0 |grep ether|awk '{ print $2 }'`
echo $mac
syst=9
case $mac in
"00:1E:06:48:CE:E7")
syst=1
MODE="master"
;;
"00:1e:06:48:cd:86")
syst=2
;;
"00:1e:06:48:d0:01")
syst=3
;;
"00:1e:06:48:d0:00")
syst=4
;;
"00:1e:06:48:cd:8e")
syst=5
;;
esac
echo "lala" > /tmp/check.log
hostnamectl hostname odroidc4-${syst}
sed -i 's/^TERM=/#TERM=/g' /etc/update-motd.d/10-armbian-header
sed -i '32 i TERM=linux toilet -f standard -F metal $(hostname)' /etc/update-motd.d/10-armbian-header
TERM=linux toilet -f standard -F metal $(hostname)
nmcli con mod "Wired connection 1" ipv4.addresses "192.168.77.16${syst}/24" ipv4.gateway "192.168.77.1" ipv4.dns "192.168.77.1" ipv4.method "manual"
iptables -F
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

54
playbooks/files/scripts/lcd_control.py Normal file
View File

@@ -0,0 +1,54 @@
# Import LCD library
from RPLCD import i2c
import psutil
import datetime
import os
from uptime import uptime
# Import sleep library
from time import sleep
# constants to initialise the LCD
lcdmode = 'i2c'
cols = 20
rows = 4
charmap = 'A00'
i2c_expander = 'PCF8574'
# Generally 27 is the address;Find yours using: i2cdetect -y 1
address = 0x27
port = 0 # 0 on an older Raspberry Pi
# Initialise the LCD
lcd = i2c.CharLCD(i2c_expander, address, port=port, charmap=charmap,
cols=cols, rows=rows)
while True:
myCmd = ""
# Write a string on first line and move to next line
mem_data = psutil.virtual_memory()
net_sum = psutil.net_if_addrs()["eth0"]
eth0_ip = (net_sum[0][1])
cpu_load = round(psutil.getloadavg()[0],2)
uptime_s = int(uptime())
uptime_f = str(datetime.timedelta(seconds=uptime_s))
line1 = f'{"Mem: " + str(mem_data.percent): <20}'
line2 = f'{"IP : " + str(eth0_ip): <20}'
line4 = f'{"CPU: " + str(cpu_load): <20}'
print(cpu_load)
lcd.backlight_enabled = True
lcd.cursor_pos = (0, 0)
lcd.write_string(line1)
lcd.crlf()
lcd.write_string(line2)
lcd.crlf()
lcd.write_string('Up : ' + str(uptime_f))
lcd.crlf()
lcd.write_string(line4)
sleep(5)
#lcd.clear()
# Switch off backlight
#lcd.backlight_enabled = False
#sleep(3)
# Clear the LCD screen
#lcd.close(clear=True)

43
playbooks/files/scripts/lcd_control_restart.py Normal file
View File

@@ -0,0 +1,43 @@
# Import LCD library
from RPLCD import i2c
import subprocess
import sys
import os
pid = os.getpid()
cmnd = "ps -ef|grep lcd_control|grep -v grep |grep -v {}|wc -l".format(pid)
status, output = subprocess.getstatusoutput(cmnd)
print(output)
if int(output) > 0:
print("Running already!")
#sys.exit()
# constants to initialise the LCD
lcdmode = 'i2c'
cols = 20
rows = 4
charmap = 'A00'
i2c_expander = 'PCF8574'
# Generally 27 is the address;Find yours using: i2cdetect -y 1
address = 0x27
port = 0 # 0 on an older Raspberry Pi
# Initialise the LCD
lcd = i2c.CharLCD(i2c_expander, address, port=port, charmap=charmap,
cols=cols, rows=rows)
line1 = f'{"####": <20}'
line2 = f'{"Restarting.....": <20}'
line3 = f'{"####": <20}'
line4 = f'{"####": <20}'
lcd.backlight_enabled = True
lcd.cursor_pos = (0, 0)
lcd.write_string(line1)
lcd.crlf()
lcd.write_string(line2)
lcd.crlf()
lcd.write_string(line3)
lcd.crlf()
lcd.write_string(line4)

35
playbooks/files/scripts/lcd_control_start.py Normal file
View File

@@ -0,0 +1,35 @@
# Import LCD library
from RPLCD import i2c
# constants to initialise the LCD
lcdmode = 'i2c'
cols = 20
rows = 4
charmap = 'A00'
i2c_expander = 'PCF8574'
# Generally 27 is the address;Find yours using: i2cdetect -y 1
address = 0x27
port = 0 # 0 on an older Raspberry Pi
# Initialise the LCD
lcd = i2c.CharLCD(i2c_expander, address, port=port, charmap=charmap,
cols=cols, rows=rows)
lcd.clear()
line1 = f'{"####": <20}'
line2 = f'{"Starting....": <20}'
line3 = f'{"####": <20}'
line4 = f'{"####": <20}'
lcd.backlight_enabled = True
lcd.cursor_pos = (0, 0)
lcd.write_string(line1)
lcd.crlf()
lcd.write_string(line2)
lcd.crlf()
lcd.write_string(line3)
lcd.crlf()
lcd.write_string(line4)
lcd.crlf()
lcd.clear()
lcd.close(clear=True)

13
playbooks/files/services/lcd_control.service Normal file
View File

@@ -0,0 +1,13 @@
[Unit]
Description=Led Control service
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=simple
User=root
#ExecStartPre=/bin/sleep 30
ExecStart=/usr/bin/python3 /usr/bin/lcd_control.py
[Install]
WantedBy=multi-user.target suspend.target hibernate.target hybrid-sleep.target suspend-then-hibernate.target

14
playbooks/files/services/lcd_control_restart.service Normal file
View File

@@ -0,0 +1,14 @@
[Unit]
Description=Run my custom task at shutdown only
DefaultDependencies=no
Before=poweroff.target halt.target shutdown.target reboot.target
Requires=poweroff.target
[Service]
Type=oneshot
ExecStartPre=systemctl stop lcd_control.service
ExecStart=/usr/bin/python3 /usr/bin/lcd_control_restart.py
RemainAfterExit=yes
[Install]
WantedBy=shutdown.target

11
playbooks/files/services/lcd_control_start.service Normal file
View File

@@ -0,0 +1,11 @@
[Unit]
Description=Run my custom task at shutdown only
After=syslog.target
[Service]
Type=oneshot
ExecStart=/usr/bin/python3 /usr/bin/lcd_control_start.py
RemainAfterExit=yes
[Install]
WantedBy=basic.target

16
playbooks/files/services/rhasspy.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Rhasspy Autostart
After=network-online.target
[Service]
Type=simple
User=jd
WorkingDirectory=/home/jd
ExecStart=/bin/bash -lc '/usr/bin/rhasspy --profile en 2>&1 | cat'
StandardOutput=inherit
StandardError=inherit
Restart=always
RestartSec=20
[Install]
WantedBy=multi-user.target