amirmoghi3
/
ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ops/playbooks/server/build.yml

186 lines
4.9 KiB
YAML
Raw Blame History

---
- name: server initial command
hosts: 'all'
become: yes
become_method: sudo
become_user: root
vars_files:
- var/registry.yml
tasks:
- name: set hosts file
copy:
src: hosts
dest: /etc/hosts
mode: '0644'
- name: disable ufw
shell: ufw disable
- name: disable swap
shell: swapoff -a
### sudo ufw allow 2376/tcp && sudo ufw allow 7946/udp && sudo ufw allow 7946/tcp && sudo ufw allow 80/tcp && sudo ufw allow 2377/tcp && sudo ufw allow 4789/udp
- name: flush iptables
shell: |
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
- name: iptables for masters
when: inventory_hostname in groups['masters']
shell: |
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -p tcp --dport 2376 -j ACCEPT
iptables -I INPUT -p tcp --dport 7946 -j ACCEPT
iptables -I INPUT -p udp --dport 7946 -j ACCEPT
iptables -I INPUT -p tcp --dport 2377 -j ACCEPT
iptables -I INPUT -p udp --dport 4789 -j ACCEPT
iptables -I INPUT -p tcp --dport 25196 -j ACCEPT
iptables-save >> /etc/iptables.rules.v4
- name: iptables for workers
when: inventory_hostname in groups['workers']
shell: |
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 25196 -j ACCEPT
iptables-save >> /etc/iptables.rules.v4
- name: sid swap off in fstab
shell: sed -i '/swap/d' /etc/fstab
- name: set timezone
shell: timedatectl set-timezone Asia/Tehran
- name: apt-get update
apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
- name: installing docker dependencies
apt:
name: "{{item}}"
state: present
update_cache: yes
with_items:
- ca-certificates
- curl
- gnupg
- lsb-release
- name: add docker key and add docker repo
shell: |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
- name: installing docker-ce and docker-ce-cli and
apt:
name: "{{item}}"
state: present
update_cache: yes
with_items:
- docker-ce
- docker-ce-cli
- containerd.io
- name: start and enable docker and containerd
service:
name: "{{item}}"
state: started
enabled: yes
with_items:
- docker
- containerd
- name: create the docker user account
user: name=dockerman append=yes state=present createhome=yes shell=/bin/bash
- name: allow 'dockerman' to use sudo without needing a password
lineinfile:
dest: /etc/sudoers
line: 'dockerman ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
- name: add user to docker group
user:
name: dockerman
groups: docker
state: present
- name: reset and enable docker
shell: |
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
- name: Get active primary interface name
shell: ip route | awk '/default/ { print $5 }'
register: interface
- name: Get active primary interface IP
shell: ip -o -4 addr show dev {{ interface.stdout_lines[0] }} | awk '{print $4}' | cut -d/ -f1
register: ip_address
# add docker home to enviroment variable
- name: add docker home to enviroment variable
shell: echo "export HOST_IP={{ ip_address.stdout_lines[0] }}" >> /home/dockerman/.bashrc
- name: add docker home to enviroment variable
shell: echo "export INT_NAME={{ interface.stdout_lines[0] }}" >> /home/dockerman/.bashrc
- name: nfs common
when: inventory_hostname in groups['workers']
apt:
name: nfs-common
state: present
update_cache: yes
- name: login docker
become: dockerman
shell: docker login -u {{ registry_user }} -p {{ registry_password }} {{ registry_url }}
- name: reboot
shell: reboot
ignore_errors: yes
- name: add enviroments to all servers
shell: |
echo "export ADMIN_USER=nerdguy" >> /etc/environment
echo "export ADMIN_PASSWORD=RbBmIu1LCgIqKcMmopc1Ie21+1OKsX1ktNCAeiViNIb6HAKkzjJ+GhZlLysItwgm" >> /etc/environment
Reference in New Issue View Git Blame Copy Permalink