-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsite.yml
91 lines (82 loc) · 2.27 KB
/
site.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
---
- name: base build
hosts: [service_hosts]
become: true
roles:
- role: security
tags: [ security ]
- role: nut-client
tags: [ nut-client ]
- role: docker
tags: [ docker ]
- name: ssh keys
hosts: [ssh_hosts]
roles:
- role: ssh-key-gen
tags: [ ssh-key-gen ]
- name: ssh config for backups
hosts: [service_hosts, nut-proxy]
tags: [ssh-config-for-backups]
vars:
ssh_key_filename: "id_rsa"
tasks:
- name: Add a host in the configuration just nas entry for dmcgough user
community.general.ssh_config:
host: "nas"
hostname: "10.0.0.2"
identity_file: "~/.ssh/{{ ssh_key_filename }}"
port: '22'
identities_only: true
remote_user: "dmcgough"
ssh_config_file: ~/.ssh/config
- name: ssh config for build server
hosts: [biggie]
tags: [ssh-config-for-build-server]
vars:
ssh_key_filename: "id_rsa"
tasks:
- name: Add a host in the configuration for each client host the build server needs to access
community.general.ssh_config:
host: "{{ hostvars[item].ansible_host }}"
hostname: "{{ item }}"
identity_file: "~/.ssh/{{ ssh_key_filename }}"
port: '22'
identities_only: true
remote_user: "{{ hostvars[item].ansible_user }}"
ssh_config_file: ~/.ssh/config
with_items:
- "{{ groups['build_client_hosts'] }}"
- name: keepalived-master service
hosts: [gomey]
become: true
roles:
- role: keepalived-master
tags: [ keepalived-master ]
- name: build nut proxy service
hosts: [nut-proxy]
become: true
roles:
- role: security
tags: [ security ]
- role: nginx-nut-proxy
tags: [ nginx-nut-proxy ]
- role: nut-client
tags: [ nut-client-proxy ]
- role: keepalived-backup
tags: [ keepalived-backup ]
- role: docker
tags: [ docker ]
tasks:
- name: Copy nut client configuration files in place.
template:
src: "roles/nginx-nut-proxy/templates/{{ item }}.j2"
dest: "/etc/nut/{{ item }}"
owner: root
group: nut
mode: 0600
with_items:
- upssched-cmd
- name: restart nut-cient
service:
name: nut-client
state: restarted