From 5e8619a83e8be56ab96a037597baf2ae0cdadf9f Mon Sep 17 00:00:00 2001 From: ionutboangiu Date: Fri, 25 Nov 2022 18:13:44 +0200 Subject: [PATCH] Update rpm ansible script --- data/ansible/rpm_packages/main.yaml | 58 ++++++++++++++++++++++++++-- data/ansible/rpm_packages/nginx.yaml | 1 + 2 files changed, 55 insertions(+), 4 deletions(-) diff --git a/data/ansible/rpm_packages/main.yaml b/data/ansible/rpm_packages/main.yaml index 1dff5290c..86b55de90 100644 --- a/data/ansible/rpm_packages/main.yaml +++ b/data/ansible/rpm_packages/main.yaml @@ -1,4 +1,53 @@ --- +# Before running this script you need the following: +# - 2 RockyLinux 9 minimal install servers with static ips defined +# in order to configure a static ip: +# 1. type nmtui in console +# 2. Edit a connection +# 3. Choose the interface (enp0s8 in my case) and select Edit... +# 4. Go to IPv4 CONFIGURATION and set from Automatic to Manual then select Show +# 5. Type the desired address alongside Addresses field then click OK then click Back +# 6. Go to Activate a connection +# 7. Deactivate the enp0s8 connection and activate it again to apply the changes +# - after the user creation below, to set up a passwordless ssh connection from the yum host created user to the pkg host created user(otherwise a yes/no prompt will be encountered +# and disrupt the script) + +- hosts: pkg, yum + vars: + ansible_user: root + tasks: + - name: Make sure we have a 'admin' group + group: + name: admin + state: present + + - name: Allow 'admin' group to have passwordless sudo + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%admin' + line: '%admin ALL=(ALL) NOPASSWD: ALL' + validate: 'visudo -cf %s' + + - name: Add sudoers users to admin group + user: + name={{ user }} + groups=admin + append=yes + state=present + createhome=yes + + - name: get the username running the deploy + become: false + local_action: command whoami + register: host_username + + - name: Set up authorized keys for the {{ user }} user + authorized_key: user={{ user }} key="{{ item }}" + with_file: + - '/home/{{ host_username.stdout }}/.ssh/id_rsa.pub' + + - hosts: yum vars: ansible_python_interpreter: auto # to disable deprication warning related to the use of python2 @@ -6,7 +55,7 @@ ##################### Golang Vars ############################# ############################################################### # Go language SDK version number - golang_version: '1.17.5' + golang_version: '1.19.2' go_version_target: "go version go{{ golang_version }} linux/amd64" # Mirror to download the Go language SDK redistributable package from golang_mirror: 'https://storage.googleapis.com/golang' @@ -40,8 +89,8 @@ customPath: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin:{{ ansible_env.PATH }}" - remote_user: '{{ user }}' - tasks: + ansible_user: '{{ user }}' + tasks: - name: set cgrates cgrates_distribution set_fact: cgrates_distribution: "{{ cgrates_distribution }}" @@ -109,6 +158,7 @@ when: nginxConfig.stdout_lines|length < 1 - name: Enable and start nginx + become: true systemd: name: nginx state: started @@ -322,7 +372,7 @@ - hosts: pkg vars: ansible_python_interpreter: auto # to disable deprication warning related to the use of python2 - remote_user: '{{ user }}' + ansible_user: '{{ user }}' tasks: - name: set cgrates cgrates_distribution set_fact: diff --git a/data/ansible/rpm_packages/nginx.yaml b/data/ansible/rpm_packages/nginx.yaml index fe9a828bf..e0a3e1a06 100644 --- a/data/ansible/rpm_packages/nginx.yaml +++ b/data/ansible/rpm_packages/nginx.yaml @@ -20,6 +20,7 @@ shell: "sudo firewall-cmd --reload" - name: Restart the nginx so the change take effects + become: true systemd: state: restarted name: nginx