From ed4a605c9522b4a81f9d08695e8af7db842d697a Mon Sep 17 00:00:00 2001 From: Ivan Ponomarev Date: Tue, 26 Jun 2018 16:22:05 +0300 Subject: [PATCH] Add YAMLlint phase to Travis build (#390) @inponomarev Thank you - your next set of proposed changes would also be welcome. * added yamllint check * YAML linting --- .travis.yml | 25 +- ansible/inventory.yml | 202 +-- .../ubuntu-api.yml | 203 +-- .../ubuntu-jckservices.yml | 299 ++-- .../AdoptOpenJDK_Unix_Playbook/main.yml | 1 + .../roles/Ant-Contrib/tasks/main.yml | 10 +- .../roles/Clean_Up/tasks/main.yml | 2 +- .../roles/Common/tasks/RedHat.yml | 2 +- .../roles/Common/tasks/Ubuntu.yml | 18 +- .../roles/Common/tasks/main.yml | 2 +- .../roles/Docker/tasks/main.yml | 2 +- .../roles/GIT_Source/tasks/main.yml | 4 +- .../roles/Jenkins_User/tasks/main.yml | 2 +- .../roles/NVidia_Cuda_Toolkit/tasks/main.yml | 6 +- .../roles/Nagios_Plugins/tasks/main.yml | 2 +- .../Nagios_Plugins/tasks/nagios_CentOS.yml | 70 +- .../Nagios_Plugins/tasks/nagios_FreeBSD.yml | 83 +- .../Nagios_Plugins/tasks/nagios_RedHat.yml | 137 +- .../Nagios_Plugins/tasks/nagios_SLES.yml | 127 +- .../Nagios_Plugins/tasks/nagios_Ubuntu.yml | 45 +- .../roles/Nagios_Tunnel/tasks/main.yml | 1 - .../roles/Security/tasks/main.yml | 4 +- .../roles/freemarker/tasks/main.yml | 38 +- .../roles/gcc_48/tasks/main.yml | 2 +- .../AdoptOpenJDK_Windows_Playbook/main.yml | 1 + .../roles/ANT/tasks/main.yml | 10 +- .../roles/Common/tasks/main.yml | 2 +- .../roles/GIT/tasks/main.yml | 4 +- .../roles/Java7/tasks/main.yml | 6 +- .../roles/Java8/tasks/main.yml | 6 +- .../roles/Java9/tasks/main.yml | 6 +- .../roles/NVidia_Cuda_Toolkit/tasks/main.yml | 2 +- .../roles/Strawberry_Perl/tasks/main.yml | 6 +- ansible/playbooks/aix.yml | 1343 +++++++++-------- ansible/playbooks/nagios/nagios_aix.yml | 85 +- ansible/playbooks/ubuntu-jck.yml | 93 +- ansible/yamllint.yml | 6 + yamllint.yml | 6 + 38 files changed, 1444 insertions(+), 1419 deletions(-) create mode 100644 ansible/yamllint.yml create mode 100644 yamllint.yml diff --git a/.travis.yml b/.travis.yml index e80d076856..a9107a589e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,23 +9,26 @@ dist: trusty addons: apt: packages: - - python-pip + - python-pip install: # Install ansible - pip install ansible + - pip install yamllint # Check ansible version - ansible --version script: -- cd ansible - # Check that the inventory is valid -- ansible-inventory --host=build-cloudcone-ubuntu1604-x64-1 - # Check Playbook syntax. -- ansible-playbook playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --syntax-check -- ansible-playbook playbooks/AdoptOpenJDK_Windows_Playbook/main.yml --syntax-check -- ansible-playbook playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-api.yml --syntax-check -- ansible-playbook playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml --syntax-check -- ansible-playbook playbooks/aix.yml --syntax-check -- ansible-playbook playbooks/ubuntu-jck.yml --syntax-check + - cd ansible + # Check that the inventory is valid + - ansible-inventory --host=build-cloudcone-ubuntu1604-x64-1 + # Check YAML validity + - yamllint -c yamllint.yml . + # Check Playbook syntax. + - ansible-playbook playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --syntax-check + - ansible-playbook playbooks/AdoptOpenJDK_Windows_Playbook/main.yml --syntax-check + - ansible-playbook playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-api.yml --syntax-check + - ansible-playbook playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml --syntax-check + - ansible-playbook playbooks/aix.yml --syntax-check + - ansible-playbook playbooks/ubuntu-jck.yml --syntax-check diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 4196319236..94ffaf908e 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -10,116 +10,116 @@ hosts: - infrastructure: - - digitalocean: - ubuntu1604-x64-1: {ip: 138.68.167.199, description: api.adoptopenjdk.net} + - digitalocean: + ubuntu1604-x64-1: {ip: 138.68.167.199, description: api.adoptopenjdk.net} - - softlayer: - ubuntu1604-x64-3: {ip: 158.176.72.83, description: jckservices.adoptopenjdk.net} + - softlayer: + ubuntu1604-x64-3: {ip: 158.176.72.83, description: jckservices.adoptopenjdk.net} - build: - - azure: - win2008r2-x64-1: {ip: 40.117.211.183, user: adoptopenjdk} - - - cloudcone: - ubuntu1604-x64-1: {ip: 173.82.219.221} - - - digitalocean: - centos69-x64-1: {ip: 159.65.95.239} - - - linaro: - centos74-armv8-1: {ip: 64.28.99.122} - centos74-armv8-2: {ip: 64.28.99.122, port: 2222} - - - macstadium: - macos1010-x64-1: {ip: 207.254.50.138, user: Administrator} - macos1010-x64-2: {ip: 208.83.1.242, user: Administrator} - - - marist: - sles12-s390x-1: {ip: 148.100.110.56} - rhel74-s390x-1: {ip: 148.100.110.129} - ubuntu1604-s390x-2: {ip: 148.100.33.178} - ubuntu1604-s390x-3: {ip: 148.100.33.179} - zos21-s390x-1: {ip: 148.100.36.136, user: OPEN1} - zos21-s390x-2: {ip: 148.100.36.137, user: OPEN1} - - - osuosl: - centos74-ppc64le-1: {ip: 140.211.168.138} - centos74-ppc64le-2: {ip: 140.211.168.117} - ubuntu1604-ppc64le-1: {ip: 140.211.168.243} - aix71-ppc64-1: {ip: 140.211.9.10} - aix71-ppc64-2: {ip: 140.211.9.12} - - - packet: - centos74-armv8-1: {ip: 147.75.196.30} - ubuntu1604-armv8-2: {ip: 147.75.77.146} - freebsd11-x64-1: {ip: 147.75.101.29} - - - joyent: - centos69-x64-1: {ip: 165.225.149.157} - - - scaleway: - ubuntu1604-x64-2: {ip: 51.15.46.107} - ubuntu1604-armv7-1: {ip: 212.47.233.28} - ubuntu1604-armv7-2: {ip: 212.47.246.7} - - - softlayer: - win2012r2-x64-1: {ip: 37.58.103.195, user: Administrator} - win2012r2-x64-2: {ip: 37.58.103.196, user: Administrator} - - - test: - - - azure: - win2012r2-x64-1: {ip: 13.68.134.204, user: adoptopenjdk} - - - osuosl: - ubuntu1604-ppc64le-1: {ip: 140.211.168.227, user: ubuntu} - ubuntu1604-ppc64le-2: {ip: 140.211.168.190, user: ubuntu} - - - packet: - ubuntu1604-armv8-1: {ip: 147.75.74.50} - ubuntu1604-x64-1: {ip: 147.75.204.239} - ubuntu1604-x64-2: {ip: 147.75.100.127} - ubuntu1604-x64-3: {ip: 147.75.83.133} - win2012r2-x64-1: {ip: 147.75.32.146, user: Admin} - - - macincloud: - macos1010-x64-1: {ip: 74.80.250.151, user: admin} - macos1010-x64-2: {ip: 74.80.250.173, user: admin} - - - marist: - ubuntu1604-s390x-1: {ip: 148.100.33.147} - - - scaleway: - ubuntu1604-x64-1: {ip: 51.15.76.107} - - - softlayer: - ubuntu1604-x64-1: {ip: 169.55.150.155} - rhel74-x64-1: {ip: 169.55.170.70} - rhel69-x64-1: {ip: 169.55.150.147} - win2012r2-x64-1: {ip: 169.55.170.72, user: admin} + - azure: + win2008r2-x64-1: {ip: 40.117.211.183, user: adoptopenjdk} + + - cloudcone: + ubuntu1604-x64-1: {ip: 173.82.219.221} + + - digitalocean: + centos69-x64-1: {ip: 159.65.95.239} + + - linaro: + centos74-armv8-1: {ip: 64.28.99.122} + centos74-armv8-2: {ip: 64.28.99.122, port: 2222} + + - macstadium: + macos1010-x64-1: {ip: 207.254.50.138, user: Administrator} + macos1010-x64-2: {ip: 208.83.1.242, user: Administrator} + + - marist: + sles12-s390x-1: {ip: 148.100.110.56} + rhel74-s390x-1: {ip: 148.100.110.129} + ubuntu1604-s390x-2: {ip: 148.100.33.178} + ubuntu1604-s390x-3: {ip: 148.100.33.179} + zos21-s390x-1: {ip: 148.100.36.136, user: OPEN1} + zos21-s390x-2: {ip: 148.100.36.137, user: OPEN1} + + - osuosl: + centos74-ppc64le-1: {ip: 140.211.168.138} + centos74-ppc64le-2: {ip: 140.211.168.117} + ubuntu1604-ppc64le-1: {ip: 140.211.168.243} + aix71-ppc64-1: {ip: 140.211.9.10} + aix71-ppc64-2: {ip: 140.211.9.12} + + - packet: + centos74-armv8-1: {ip: 147.75.196.30} + ubuntu1604-armv8-2: {ip: 147.75.77.146} + freebsd11-x64-1: {ip: 147.75.101.29} + + - joyent: + centos69-x64-1: {ip: 165.225.149.157} + + - scaleway: + ubuntu1604-x64-2: {ip: 51.15.46.107} + ubuntu1604-armv7-1: {ip: 212.47.233.28} + ubuntu1604-armv7-2: {ip: 212.47.246.7} + + - softlayer: + win2012r2-x64-1: {ip: 37.58.103.195, user: Administrator} + win2012r2-x64-2: {ip: 37.58.103.196, user: Administrator} + + - test: + + - azure: + win2012r2-x64-1: {ip: 13.68.134.204, user: adoptopenjdk} + + - osuosl: + ubuntu1604-ppc64le-1: {ip: 140.211.168.227, user: ubuntu} + ubuntu1604-ppc64le-2: {ip: 140.211.168.190, user: ubuntu} + + - packet: + ubuntu1604-armv8-1: {ip: 147.75.74.50} + ubuntu1604-x64-1: {ip: 147.75.204.239} + ubuntu1604-x64-2: {ip: 147.75.100.127} + ubuntu1604-x64-3: {ip: 147.75.83.133} + win2012r2-x64-1: {ip: 147.75.32.146, user: Admin} + + - macincloud: + macos1010-x64-1: {ip: 74.80.250.151, user: admin} + macos1010-x64-2: {ip: 74.80.250.173, user: admin} + + - marist: + ubuntu1604-s390x-1: {ip: 148.100.33.147} + + - scaleway: + ubuntu1604-x64-1: {ip: 51.15.76.107} + + - softlayer: + ubuntu1604-x64-1: {ip: 169.55.150.155} + rhel74-x64-1: {ip: 169.55.170.70} + rhel69-x64-1: {ip: 169.55.150.147} + win2012r2-x64-1: {ip: 169.55.170.72, user: admin} - jck: - - macstadium: - macos1010-x64-1: {ip: 207.254.71.30, user: Administrator} - macos1010-x64-2: {ip: 207.254.71.31, user: Administrator} + - macstadium: + macos1010-x64-1: {ip: 207.254.71.30, user: Administrator} + macos1010-x64-2: {ip: 207.254.71.31, user: Administrator} - - marist: - ubuntu1604-s390x-1: {ip: 148.100.33.183, user: linux1} - ubuntu1604-s390x-2: {ip: 148.100.33.184, user: linux1} + - marist: + ubuntu1604-s390x-1: {ip: 148.100.33.183, user: linux1} + ubuntu1604-s390x-2: {ip: 148.100.33.184, user: linux1} - - osuosl: - ubuntu1604-ppc64le-1: {ip: 140.211.168.225, user: ubuntu} - ubuntu1604-ppc64le-2: {ip: 140.211.168.217, user: ubuntu} + - osuosl: + ubuntu1604-ppc64le-1: {ip: 140.211.168.225, user: ubuntu} + ubuntu1604-ppc64le-2: {ip: 140.211.168.217, user: ubuntu} - - packet: - ubuntu1604-armv8-1: {ip: 147.75.193.234} + - packet: + ubuntu1604-armv8-1: {ip: 147.75.193.234} - - joyent: - win2012r2-x64-1: {ip: 165.225.150.83, user: Administrator} + - joyent: + win2012r2-x64-1: {ip: 165.225.150.83, user: Administrator} - - softlayer: - ubuntu1604-x64-1: {ip: 159.122.210.205} - ubuntu1604-x64-2: {ip: 159.122.210.194} - win2012r2-x64-1: {ip: 169.55.170.68, user: Administrator} + - softlayer: + ubuntu1604-x64-1: {ip: 159.122.210.205} + ubuntu1604-x64-2: {ip: 159.122.210.194} + win2012r2-x64-1: {ip: 169.55.170.68, user: Administrator} diff --git a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-api.yml b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-api.yml index 7dbe320771..18b7f4c614 100644 --- a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-api.yml +++ b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-api.yml @@ -1,3 +1,4 @@ +--- ########################################## # AdoptOpenJDK Ansible API Playbook for: # # ------ Ubuntu 16 (tested on x64) ----- # @@ -8,104 +9,104 @@ become: yes tasks: - - block: - - name: Load AdoptOpenJDKs variable file - include_vars: variables/adoptopenjdk_variables.yml - - - name: Set hostname to api.adoptopenjdk.net - hostname: - name: api.adoptopenjdk.net - tags: hostname - - - name: OS update -- apt-get upgrade - apt: upgrade=safe update_cache=yes - tags: patch_update - - - name: Add Node.js v6.x - raw: "curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -" - tags: dependencies - - - name: Install API prerequisistes - apt: pkg={{ item }} state=latest - with_items: - - iptables-persistent - - nodejs - tags: dependencies - - - name: Create Jenkins user - action: user name={{ Jenkins_Username }} state=present shell=/bin/bash - ignore_errors: yes - tags: jenkins_user - - - name: Set ssh key for jenkins user - authorized_key: - user: "{{ Jenkins_Username }}" - state: present - key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" - tags: jenkins_user - - - name: Install "forever" node.js package globally - npm: - name: forever - global: yes - state: present - tags: forever - - - name: Allow port 443 - command: iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT - tags: iptables - - - name: Forward 1234 to 443 - command: iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 1234 - tags: iptables - - - name: iptables_permanent - shell: iptables-save > /etc/iptables/rules.v4 - tags: iptables - - - name: Copy server.key - copy: - src: "{{ api_server_key }}" - dest: "/home/{{ Jenkins_Username }}/sslcert/server.key" - owner: jenkins - group: jenkins - mode: 0644 - tags: sslcert - - - name: Copy server.crt - copy: - src: "{{ api_server_crt }}" - dest: "/home/{{ Jenkins_Username }}/sslcert/server.crt" - owner: jenkins - group: jenkins - mode: 0644 - tags: sslcert - - - name: Git Clone openjdk-api.git - become_user: "{{ Jenkins_Username }}" - git: - repo: 'https://github.com/AdoptOpenJDK/openjdk-api.git' - dest: "/home/{{ Jenkins_Username }}/openjdk-api" - update: yes - - - name: NPM install api package.json - become_user: "{{ Jenkins_Username }}" - npm: - path: "/home/{{ Jenkins_Username }}/openjdk-api" - - - name: Kill any existing processes - command: "pkill -f /home/{{ Jenkins_Username }}/openjdk-api/server.js" - ignore_errors: true - - - name: Start api app - become_user: "{{ Jenkins_Username }}" - raw: "export PRODUCTION=true && /usr/local/bin/forever start /home/{{ Jenkins_Username }}/openjdk-api/server.js" - - - name: Add cron job to check for updates - cron: name="Check for Updates every Sunday at 5am" - weekday="6" - minute="0" - hour="5" - user=root - job="/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade" - state=present + - block: + - name: Load AdoptOpenJDKs variable file + include_vars: variables/adoptopenjdk_variables.yml + + - name: Set hostname to api.adoptopenjdk.net + hostname: + name: api.adoptopenjdk.net + tags: hostname + + - name: OS update -- apt-get upgrade + apt: upgrade=safe update_cache=yes + tags: patch_update + + - name: Add Node.js v6.x + raw: "curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -" + tags: dependencies + + - name: Install API prerequisistes + apt: pkg={{ item }} state=latest + with_items: + - iptables-persistent + - nodejs + tags: dependencies + + - name: Create Jenkins user + action: user name={{ Jenkins_Username }} state=present shell=/bin/bash + ignore_errors: yes + tags: jenkins_user + + - name: Set ssh key for jenkins user + authorized_key: + user: "{{ Jenkins_Username }}" + state: present + key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" + tags: jenkins_user + + - name: Install "forever" node.js package globally + npm: + name: forever + global: yes + state: present + tags: forever + + - name: Allow port 443 + command: iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT + tags: iptables + + - name: Forward 1234 to 443 + command: iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 1234 + tags: iptables + + - name: iptables_permanent + shell: iptables-save > /etc/iptables/rules.v4 + tags: iptables + + - name: Copy server.key + copy: + src: "{{ api_server_key }}" + dest: "/home/{{ Jenkins_Username }}/sslcert/server.key" + owner: jenkins + group: jenkins + mode: 0644 + tags: sslcert + + - name: Copy server.crt + copy: + src: "{{ api_server_crt }}" + dest: "/home/{{ Jenkins_Username }}/sslcert/server.crt" + owner: jenkins + group: jenkins + mode: 0644 + tags: sslcert + + - name: Git Clone openjdk-api.git + become_user: "{{ Jenkins_Username }}" + git: + repo: 'https://github.com/AdoptOpenJDK/openjdk-api.git' + dest: "/home/{{ Jenkins_Username }}/openjdk-api" + update: yes + + - name: NPM install api package.json + become_user: "{{ Jenkins_Username }}" + npm: + path: "/home/{{ Jenkins_Username }}/openjdk-api" + + - name: Kill any existing processes + command: "pkill -f /home/{{ Jenkins_Username }}/openjdk-api/server.js" + ignore_errors: true + + - name: Start api app + become_user: "{{ Jenkins_Username }}" + raw: "export PRODUCTION=true && /usr/local/bin/forever start /home/{{ Jenkins_Username }}/openjdk-api/server.js" + + - name: Add cron job to check for updates + cron: name="Check for Updates every Sunday at 5am" + weekday="6" + minute="0" + hour="5" + user=root + job="/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade" + state=present diff --git a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml index e6b4c7f3f4..dc89d885e1 100644 --- a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml +++ b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml @@ -1,3 +1,4 @@ +--- ############################################### # AdoptOpenJDK Ansible JCK svcs Playbook for: # # -------- Ubuntu 16 (tested on x64) -------- # @@ -7,152 +8,152 @@ user: root become: yes tasks: - - block: - - name: Load AdoptOpenJDKs variable file - include_vars: variables/adoptopenjdk_variables.yml - - name: OS update -- apt-get upgrade - apt: upgrade=safe update_cache=yes - tags: patch_update - - name: Install JCK prerequisistes - apt: pkg={{ item }} state=latest - with_items: - - iptables-persistent - - ant - - ftpd - - gcc - - krb5-kdc - - krb5-admin-server - - pwgen - - tomcat8 - - unzip - - name: Create Jenkins user - action: user name="{{ Jenkins_Username }}" state=present - ignore_errors: yes - tags: jenkins_user - - name: Set ssh key for jenkins user - authorized_key: - user: "{{ Jenkins_Username }}" - state: present - key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" - - name: Create FTP user with password - action: user name="{{ jckftp_Username }}" shell=/bin/false password={{ lookup('file', jckftp_Passwd) }} state=present - ignore_errors: yes - tags: ftp_user - - name: Create file for FTP access - copy: - content: "" - dest: "/home/{{ jckftp_Username }}/filename.txt" - force: no - owner: "{{ jckftp_Username }}" - mode: 0755 - - name: Copy krb5.conf - copy: - src: conf/krb5.conf - dest: /etc/krb5.conf - owner: root - group: root - mode: 0644 - backup: yes - - name: Configure kerberos server - shell: kdb5_util create -r ADOPTOPENJDK_NET -W -s -P `pwgen -1` - args: - creates: /etc/krb5kdc/principal.kadm5 - - shell: "{{ item }}" - with_items: - - kadmin.local -q "addprinc -pw `pwgen -1` admin/admin@ADOPTOPENJDK_NET" - - kadmin.local -q "addprinc -pw user1 user1/jckservices.adoptopenjdk.net@ADOPTOPENJDK_NET" - - kadmin.local -q "addprinc -pw user2 user2/jckservices.adoptopenjdk.net@ADOPTOPENJDK_NET" - - kadmin.local -q getprincs | egrep '^admin/admin@|^user1/|^user2/' > krb5.jckusers.txt; if test $(wc -l < krb5.jckusers.txt) -ne 3; then echo Wrong number of users - expected 3:; cat krb5.jckusers.txt; rm krb5.jckusers.txt; exit 1; fi - args: - creates: krb5.jckusers.txt - - service: - name: krb5-kdc - state: started - - service: - name: krb5-admin-server - state: started - - service: - name: tomcat8 - state: started - - iptables: - chain: INPUT - ctstate: ESTABLISHED,RELATED - jump: ACCEPT - - iptables: - chain: INPUT - protocol: icmp - jump: ACCEPT - - iptables: - chain: INPUT - protocol: tcp - destination_port: 22 - jump: ACCEPT - - iptables: - chain: INPUT - protocol: tcp - destination_port: 80 - jump: ACCEPT - - iptables: - chain: INPUT - source: 159.122.210.194 - jump: ACCEPT - - iptables: - chain: INPUT - source: 159.122.210.205 - jump: ACCEPT - - iptables: - chain: INPUT - source: 207.254.71.30 - jump: ACCEPT - - iptables: - chain: INPUT - source: 207.254.71.31 - jump: ACCEPT - - iptables: - chain: INPUT - source: 147.75.193.234 - jump: ACCEPT - - iptables: - chain: INPUT - source: 140.211.168.225 - jump: ACCEPT - - iptables: - chain: INPUT - source: 140.211.168.217 - jump: ACCEPT - - iptables: - chain: INPUT - source: 148.100.33.183 - jump: ACCEPT - - iptables: - chain: INPUT - source: 148.100.33.184 - jump: ACCEPT - - iptables: - chain: INPUT - source: 165.225.150.83 - jump: ACCEPT - - iptables: - chain: INPUT - jump: REJECT - - name: iptables_permanent - shell: iptables-save > /etc/iptables/rules.v4 - - name: Add cron job to check for updates - cron: name="Check for Updates every Sunday at 5am" - weekday="6" - minute="0" - hour="5" - user=root - job="/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade" - state=present -# If your users are set to lock out after some retries you'll need this: -# - pamd: -# name: common-auth -# type: auth -# control: required -# module_path: pam_tally2.so -# new_type: auth -# new_control: "[success=1 default=ignore]" -# new_module_path: pam_succeed_if.so -# module_arguments: "user in jckftp" -# state: before + - block: + - name: Load AdoptOpenJDKs variable file + include_vars: variables/adoptopenjdk_variables.yml + - name: OS update -- apt-get upgrade + apt: upgrade=safe update_cache=yes + tags: patch_update + - name: Install JCK prerequisistes + apt: pkg={{ item }} state=latest + with_items: + - iptables-persistent + - ant + - ftpd + - gcc + - krb5-kdc + - krb5-admin-server + - pwgen + - tomcat8 + - unzip + - name: Create Jenkins user + action: user name="{{ Jenkins_Username }}" state=present + ignore_errors: yes + tags: jenkins_user + - name: Set ssh key for jenkins user + authorized_key: + user: "{{ Jenkins_Username }}" + state: present + key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" + - name: Create FTP user with password + action: user name="{{ jckftp_Username }}" shell=/bin/false password={{ lookup('file', jckftp_Passwd) }} state=present + ignore_errors: yes + tags: ftp_user + - name: Create file for FTP access + copy: + content: "" + dest: "/home/{{ jckftp_Username }}/filename.txt" + force: no + owner: "{{ jckftp_Username }}" + mode: 0755 + - name: Copy krb5.conf + copy: + src: conf/krb5.conf + dest: /etc/krb5.conf + owner: root + group: root + mode: 0644 + backup: yes + - name: Configure kerberos server + shell: kdb5_util create -r ADOPTOPENJDK_NET -W -s -P `pwgen -1` + args: + creates: /etc/krb5kdc/principal.kadm5 + - shell: "{{ item }}" + with_items: + - kadmin.local -q "addprinc -pw `pwgen -1` admin/admin@ADOPTOPENJDK_NET" + - kadmin.local -q "addprinc -pw user1 user1/jckservices.adoptopenjdk.net@ADOPTOPENJDK_NET" + - kadmin.local -q "addprinc -pw user2 user2/jckservices.adoptopenjdk.net@ADOPTOPENJDK_NET" + - kadmin.local -q getprincs | egrep '^admin/admin@|^user1/|^user2/' > krb5.jckusers.txt; if test $(wc -l < krb5.jckusers.txt) -ne 3; then echo Wrong number of users - expected 3:; cat krb5.jckusers.txt; rm krb5.jckusers.txt; exit 1; fi + args: + creates: krb5.jckusers.txt + - service: + name: krb5-kdc + state: started + - service: + name: krb5-admin-server + state: started + - service: + name: tomcat8 + state: started + - iptables: + chain: INPUT + ctstate: ESTABLISHED,RELATED + jump: ACCEPT + - iptables: + chain: INPUT + protocol: icmp + jump: ACCEPT + - iptables: + chain: INPUT + protocol: tcp + destination_port: 22 + jump: ACCEPT + - iptables: + chain: INPUT + protocol: tcp + destination_port: 80 + jump: ACCEPT + - iptables: + chain: INPUT + source: 159.122.210.194 + jump: ACCEPT + - iptables: + chain: INPUT + source: 159.122.210.205 + jump: ACCEPT + - iptables: + chain: INPUT + source: 207.254.71.30 + jump: ACCEPT + - iptables: + chain: INPUT + source: 207.254.71.31 + jump: ACCEPT + - iptables: + chain: INPUT + source: 147.75.193.234 + jump: ACCEPT + - iptables: + chain: INPUT + source: 140.211.168.225 + jump: ACCEPT + - iptables: + chain: INPUT + source: 140.211.168.217 + jump: ACCEPT + - iptables: + chain: INPUT + source: 148.100.33.183 + jump: ACCEPT + - iptables: + chain: INPUT + source: 148.100.33.184 + jump: ACCEPT + - iptables: + chain: INPUT + source: 165.225.150.83 + jump: ACCEPT + - iptables: + chain: INPUT + jump: REJECT + - name: iptables_permanent + shell: iptables-save > /etc/iptables/rules.v4 + - name: Add cron job to check for updates + cron: name="Check for Updates every Sunday at 5am" + weekday="6" + minute="0" + hour="5" + user=root + job="/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade" + state=present + # If your users are set to lock out after some retries you'll need this: + # - pamd: + # name: common-auth + # type: auth + # control: required + # module_path: pam_tally2.so + # new_type: auth + # new_control: "[success=1 default=ignore]" + # new_module_path: pam_succeed_if.so + # module_arguments: "user in jckftp" + # state: before diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml index 339b66d346..627194aec6 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml @@ -1,3 +1,4 @@ +--- ################################### # AdoptOpenJDK - Ansible Playbook # ################################### diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml index ad54b2a63a..a9add46d74 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml @@ -36,7 +36,7 @@ command: mv /tmp/ant-contrib/lib/ant-contrib.jar /usr/share/ant/lib/ when: antcontrib_status.stat.exists == False tags: ant-contrib - + - name: Download junit - SLES get_url: url: https://ftp5.gwdg.de/pub/opensuse/discontinued/distribution/11.4/repo/oss/suse/noarch/junit-3.8.2-8.1.noarch.rpm @@ -44,7 +44,7 @@ mode: 0440 timeout: 25 validate_certs: no - when: + when: - ansible_distribution == "SLES" tags: ant-contrib @@ -52,7 +52,7 @@ yum: name: /tmp/junit-3.8.2-8.1.noarch.rpm state: present - when: + when: - ansible_distribution == "SLES" tags: ant-contrib @@ -63,7 +63,7 @@ mode: 0440 timeout: 25 validate_certs: no - when: + when: - ansible_distribution == "SLES" tags: ant-contrib @@ -71,6 +71,6 @@ yum: name: /tmp/ant-contrib-1.0b3-3.4.1.noarch.rpm state: present - when: + when: - ansible_distribution == "SLES" tags: ant-contrib diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml index 0b4ceed32a..51d70e0a2b 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml @@ -21,7 +21,7 @@ - name: Remove yum dependencies that are no longer required - RedHat and CentOS command: yum -y autoremove args: - warn: no + warn: no when: - (ansible_distribution == "RedHat" and ansible_distribution_major_version == "7") or (ansible_distribution == "centos") tags: clean_up diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml index 0f5a0cdcd7..b15d5f8d6c 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml @@ -47,7 +47,7 @@ - name: Install numactl-devel excluding RHEL 7 on s390x package: "name=numactl-devel state=latest" - when: + when: - (ansible_distribution_major_version != "7" and ansible_architecture != "s390x") tags: build_tools diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/Ubuntu.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/Ubuntu.yml index 377736f446..4f0e0a459d 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/Ubuntu.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/Ubuntu.yml @@ -67,7 +67,7 @@ when: - ansible_architecture == "x86_64" tags: build_tools - + - name: Install additional build tools for PPC64LE package: "name={{ item }} state=latest" with_items: "{{ Additional_Build_Tools_ppc64le }}" @@ -89,9 +89,9 @@ package: "name={{ item }} state=latest" with_items: "{{ Test_Tool_Packages_x86_64 }}" when: - - ansible_architecture == "x86_64" + - ansible_architecture == "x86_64" tags: test_tools - + - name: Install xserver-xorg-legacy on Ubuntu 16 apt: name=xserver-xorg-legacy state=installed when: @@ -101,7 +101,7 @@ - name: Install libfreetype6-dev on Ubuntu 16 s390x apt: name=libfreetype6-dev state=installed when: - - ansible_architecture == "s390x" + - ansible_architecture == "s390x" tags: test_tools #################### @@ -110,19 +110,19 @@ - name: Set default java version for x86_64 shell: update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java when: - - (ansible_distribution_major_version == "14" and ansible_architecture == "x86_64") or - (ansible_distribution_major_version == "16" and ansible_architecture == "x86_64") + - (ansible_distribution_major_version == "14" and ansible_architecture == "x86_64") or + (ansible_distribution_major_version == "16" and ansible_architecture == "x86_64") tags: default_java - name: Set default java version for armv7l shell: update-alternatives --set java /usr/lib/jvm/java-8-openjdk-armhf/jre/bin/java when: - - ansible_architecture == "armv7l" + - ansible_architecture == "armv7l" tags: default_java - name: Set default java version for ppc64le shell: update-alternatives --set java /usr/lib/jvm/java-8-openjdk-ppc64el/jre/bin/java when: - - ansible_distribution_major_version == "14" - - ansible_architecture == "ppc64le" + - ansible_distribution_major_version == "14" + - ansible_architecture == "ppc64le" tags: default_java diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/main.yml index 10420b27fe..6c00ae47a6 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/main.yml @@ -49,7 +49,7 @@ state: present when: Domain == "adoptopenjdk.net" tags: hosts_file - + - name: Update /etc/hosts file - IP FQDN hostname (Domain != "adoptopenjdk.net") lineinfile: dest: /etc/hosts diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Docker/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Docker/tasks/main.yml index a8ac4765ad..51be5c2d8c 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Docker/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Docker/tasks/main.yml @@ -154,7 +154,7 @@ when: - ansible_distribution == "Ubuntu" tags: docker - + - name: Install Docker for ALL package: "name=docker-ce state=latest" when: diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/GIT_Source/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/GIT_Source/tasks/main.yml index 47b6f80ddb..7efbfa696a 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/GIT_Source/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/GIT_Source/tasks/main.yml @@ -39,12 +39,12 @@ - (git_installed.rc != 0 ) or (git_installed.rc == 0 and git_version.stdout | version_compare('2.15', operator='lt') ) - ansible_distribution != "FreeBSD" tags: git_source - + - name: Ensure curl-devel is installed on RHEL 6 before compiling git package: "name=curl-devel state=latest" when: - (ansible_distribution == "RedHat" and ansible_distribution_major_version == "6") - + - name: Compile and install git from source shell: cd /tmp/git-2.15.0 && ./configure --prefix=/usr --without-tcltk && make clean && make -j {{ ansible_processor_vcpus }} && sudo make install become: yes diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/tasks/main.yml index e29d18302a..a8f094c8e7 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/tasks/main.yml @@ -15,7 +15,7 @@ group: "{{ Jenkins_Username }}" mode: 0700 when: - - ansible_architecture == "s390x" + - ansible_architecture == "s390x" tags: jenkins_user - name: Set authorized key for Jenkins user diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NVidia_Cuda_Toolkit/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NVidia_Cuda_Toolkit/tasks/main.yml index ddabca97b5..7df4dd5b1f 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NVidia_Cuda_Toolkit/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NVidia_Cuda_Toolkit/tasks/main.yml @@ -4,15 +4,15 @@ ####################### - name: Check if NVidia CUDA toolkit is aready installed stat: - path: /usr/local/cuda-9.0 + path: /usr/local/cuda-9.0 register: cuda_installed tags: nvidia_cuda_toolkit # RedHat 7 and Ubuntu 16 on x86_64 - name: Download NVidia CUDA toolkit get_url: - url="https://developer.nvidia.com/compute/cuda/9.0/Prod/local_installers/cuda_9.0.176_384.81_linux-run" - dest="/tmp/cuda9_linux-run" + url: "https://developer.nvidia.com/compute/cuda/9.0/Prod/local_installers/cuda_9.0.176_384.81_linux-run" + dest: "/tmp/cuda9_linux-run" when: - cuda_installed.stat.isdir is not defined - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "16") or (ansible_distribution == "RedHat" and ansible_distribution_major_version == "7") and (ansible_distribution == "centos" and ansible_distribution_major_version == "7" ) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/main.yml index 730e47c2c4..0db8cda515 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/main.yml @@ -10,7 +10,7 @@ when: - ansible_distribution == "Debian" - ansible_architecture == "armv7l" - + ############### # Nagios user # ############### diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_CentOS.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_CentOS.yml index 3c17ee6252..1d2c1c2fd6 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_CentOS.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_CentOS.yml @@ -8,42 +8,42 @@ # For more information please see: https://www.nagios.com/legal/licenses/ # ########################################################################### - ############### - # Nagios user # - ############### - - name: Allow Nagios to use yum while restricting it to check-update only - shell: | - echo "nagios ALL = NOPASSWD: /usr/bin/yum --security check-update" >> /etc/sudoers - when: - - ansible_architecture == "x86_64" - tags: nagios_plugins +############### +# Nagios user # +############### +- name: Allow Nagios to use yum while restricting it to check-update only + shell: | + echo "nagios ALL = NOPASSWD: /usr/bin/yum --security check-update" >> /etc/sudoers + when: + - ansible_architecture == "x86_64" + tags: nagios_plugins - ################### - # Install plugins # - ################### - - name: Install nagios-plugins-all - yum: - name: nagios-plugins-all - state: latest - tags: nagios_plugins +################### +# Install plugins # +################### +- name: Install nagios-plugins-all + yum: + name: nagios-plugins-all + state: latest + tags: nagios_plugins - ########## - # Layout # - ########## - - name: Creates Nagios folder - file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios - tags: nagios_plugins +########## +# Layout # +########## +- name: Creates Nagios folder + file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios + tags: nagios_plugins - - name: Create symlink to plugins - file: src=/usr/lib64/nagios/plugins dest=/usr/local/nagios/libexec state=link - tags: nagios_plugins +- name: Create symlink to plugins + file: src=/usr/lib64/nagios/plugins dest=/usr/local/nagios/libexec state=link + tags: nagios_plugins - ############################## - # Install additional plugins # - ############################## - - name: Download add-on check_yum plugin - get_url: - url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_yum - dest: /usr/local/nagios/libexec/check_yum - mode: 0755 - tags: nagios_plugins +############################## +# Install additional plugins # +############################## +- name: Download add-on check_yum plugin + get_url: + url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_yum + dest: /usr/local/nagios/libexec/check_yum + mode: 0755 + tags: nagios_plugins diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_FreeBSD.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_FreeBSD.yml index f5e40af89d..35a2b54a46 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_FreeBSD.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_FreeBSD.yml @@ -1,3 +1,4 @@ +--- ######################################################################################### # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on CentOS 7 on x86 hardware # ######################################################################################### @@ -8,48 +9,48 @@ # For more information please see: https://www.nagios.com/legal/licenses/ # ########################################################################### - ############### - # Nagios user # - ############### - - name: Allow Nagios to use pkg while restricting it to audit only - shell: | - echo "nagios ALL = NOPASSWD: /usr/sbin/pkg audit -F" >> /etc/sudoers - tags: nagios_plugins +############### +# Nagios user # +############### +- name: Allow Nagios to use pkg while restricting it to audit only + shell: | + echo "nagios ALL = NOPASSWD: /usr/sbin/pkg audit -F" >> /etc/sudoers + tags: nagios_plugins - - name: Allow Nagios to use pkg while restricting it to upgrade --dry-run only - shell: | - echo "nagios ALL = NOPASSWD: /usr/sbin/pkg upgrade --dry-run" >> /etc/sudoers - tags: nagios_plugins +- name: Allow Nagios to use pkg while restricting it to upgrade --dry-run only + shell: | + echo "nagios ALL = NOPASSWD: /usr/sbin/pkg upgrade --dry-run" >> /etc/sudoers + tags: nagios_plugins - ################### - # Install plugins # - ################### - - name: Download nagios-plugins - get_url: - url: https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz - dest: /tmp/ - mode: 0440 - timeout: 25 - tags: nagios_plugins +################### +# Install plugins # +################### +- name: Download nagios-plugins + get_url: + url: https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz + dest: /tmp/ + mode: 0440 + timeout: 25 + tags: nagios_plugins - - name: Extract nagios-plugins - unarchive: - src: /tmp/nagios-plugins-2.2.1.tar.gz - dest: /tmp/ - copy: False - tags: nagios_plugins +- name: Extract nagios-plugins + unarchive: + src: /tmp/nagios-plugins-2.2.1.tar.gz + dest: /tmp/ + copy: False + tags: nagios_plugins - - name: Configure, make and make install nagios-plugins - shell: cd /tmp/nagios-plugins-2.2.1/ && ./configure --prefix=/usr/local/nagios && make -j {{ ansible_processor_vcpus }} && make install - become: yes - tags: nagios_plugins - - ############################## - # Install additional plugins # - ############################## - - name: Download add-on check_pkg plugin - get_url: - url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_pkg - dest: /usr/local/nagios/libexec/check_pkg - mode: 0755 - tags: nagios_plugins +- name: Configure, make and make install nagios-plugins + shell: cd /tmp/nagios-plugins-2.2.1/ && ./configure --prefix=/usr/local/nagios && make -j {{ ansible_processor_vcpus }} && make install + become: yes + tags: nagios_plugins + +############################## +# Install additional plugins # +############################## +- name: Download add-on check_pkg plugin + get_url: + url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_pkg + dest: /usr/local/nagios/libexec/check_pkg + mode: 0755 + tags: nagios_plugins diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_RedHat.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_RedHat.yml index 13a1fbd728..30fd55a90f 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_RedHat.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_RedHat.yml @@ -1,3 +1,4 @@ +--- ####################################################################################### # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on RHEL 7 on x86 hardware # ####################################################################################### @@ -8,82 +9,82 @@ # For more information please see: https://www.nagios.com/legal/licenses/ # ########################################################################### - ############### - # Nagios user # - ############### - - name: Allow Nagios to use yum while restricting it to check-update only - shell: | - echo "nagios ALL = NOPASSWD: /usr/bin/yum --security check-update" >> /etc/sudoers - tags: nagios_plugins +############### +# Nagios user # +############### +- name: Allow Nagios to use yum while restricting it to check-update only + shell: | + echo "nagios ALL = NOPASSWD: /usr/bin/yum --security check-update" >> /etc/sudoers + tags: nagios_plugins # Can't find nagios-plugins-all on RHEL74/s390x so removing this -# ################### -# # Install plugins # -# ################### -# - name: Install nagios-plugins-all -# yum: -# name: nagios-plugins-all -# state: latest -# when: -# - ansible_distribution_major_version != "6" -# tags: nagios_plugins +# ################### +# # Install plugins # +# ################### +# - name: Install nagios-plugins-all +# yum: +# name: nagios-plugins-all +# state: latest +# when: +# - ansible_distribution_major_version != "6" +# tags: nagios_plugins # -# ########## -# # Layout # -# ########## -# - name: Creates Nagios folder -# file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios -# tags: nagios_plugins +# ########## +# # Layout # +# ########## +# - name: Creates Nagios folder +# file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios +# tags: nagios_plugins # -# - name: Create symlink to plugins -# file: src=/usr/lib64/nagios/plugins dest=/usr/local/nagios/libexec state=link -# when: -# - ansible_distribution_major_version != "6" -# tags: nagios_plugins +# - name: Create symlink to plugins +# file: src=/usr/lib64/nagios/plugins dest=/usr/local/nagios/libexec state=link +# when: +# - ansible_distribution_major_version != "6" +# tags: nagios_plugins - ############################# - # Install plugins On RHEL 6 # - ############################# - - name: Test if nagios-plugins are already installed - stat: - path: /usr/local/nagios - register: folder_nagios - - - name: Download nagios-plugins - get_url: - url: https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz - dest: /tmp/ - mode: 0440 - timeout: 25 - when: +############################# +# Install plugins On RHEL 6 # +############################# +- name: Test if nagios-plugins are already installed + stat: + path: /usr/local/nagios + register: folder_nagios + +- name: Download nagios-plugins + get_url: + url: https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz + dest: /tmp/ + mode: 0440 + timeout: 25 + when: # - ansible_distribution_major_version == "6" - - not folder_nagios.stat.exists - tags: nagios_plugins + - not folder_nagios.stat.exists + tags: nagios_plugins - - name: Extract nagios-plugins - unarchive: - src: /tmp/nagios-plugins-2.2.1.tar.gz - dest: /tmp/ - copy: False - when: +- name: Extract nagios-plugins + unarchive: + src: /tmp/nagios-plugins-2.2.1.tar.gz + dest: /tmp/ + copy: False + when: # - ansible_distribution_major_version == "6" - - not folder_nagios.stat.exists - tags: nagios_plugins + - not folder_nagios.stat.exists + tags: nagios_plugins - - name: Configure, make and make install nagios-plugins - shell: cd /tmp/nagios-plugins-2.2.1/ && ./configure --prefix=/usr/local/nagios && make -j {{ ansible_processor_vcpus }} && make install - become: yes - when: +- name: Configure, make and make install nagios-plugins + shell: cd /tmp/nagios-plugins-2.2.1/ && ./configure --prefix=/usr/local/nagios && make -j {{ ansible_processor_vcpus }} && make install + become: yes + when: # - ansible_distribution_major_version == "6" - - not folder_nagios.stat.exists - tags: nagios_plugins + - not folder_nagios.stat.exists + tags: nagios_plugins - ############################## - # Install additional plugins # - ############################## - - name: Download add-on check_yum plugin - get_url: - url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_yum - dest: /usr/local/nagios/libexec/check_yum - mode: 0755 - tags: nagios_plugins +############################## +# Install additional plugins # +############################## +- name: Download add-on check_yum plugin + get_url: + url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_yum + dest: /usr/local/nagios/libexec/check_yum + mode: 0755 + tags: nagios_plugins diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_SLES.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_SLES.yml index d0c69f3ee3..70b16f9c8e 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_SLES.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_SLES.yml @@ -1,63 +1,64 @@ -##################################################################################### -# AdoptOpenJDK - Ansible Playbook to install Nagios plugins on SLES on x86 hardware # -##################################################################################### - -########################################################################### -# License Information: # -# Nagios core and its plugins are lincesed under GPL # -# For more information please see: https://www.nagios.com/legal/licenses/ # -########################################################################### - - ######################################## - # Install Nagios dependencies packages # - ######################################## - - name: Install additional packages used by Nagios - package: "name={{ item }} state=latest" - with_items: - - fping - - gcc - - make - - xinetd - tags: nagios_plugins - - ############### - # Nagios user # - ############### - - name: Allow Nagios to use zypper while restricting it to check-update only - shell: | - echo "nagios ALL = NOPASSWD: /usr/bin/zypper ref" >> /etc/sudoers - echo "nagios ALL = NOPASSWD: /usr/bin/zypper list-patches" >> /etc/sudoers - tags: nagios_plugins - - ################### - # Install plugins # - ################### - - name: Download nagios-plugins - get_url: - url: https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz - dest: /tmp/ - mode: 0440 - timeout: 25 - tags: nagios_plugins - - - name: Extract nagios-plugins - unarchive: - src: /tmp/nagios-plugins-2.2.1.tar.gz - dest: /tmp/ - copy: False - tags: nagios_plugins - - - name: Configure, make and make install nagios-plugins - shell: cd /tmp/nagios-plugins-2.2.1/ && ./configure --prefix=/usr/local/nagios && make -j {{ ansible_processor_vcpus }} && make install - become: yes - tags: nagios_plugins - - ############################## - # Install additional plugins # - ############################## - - name: Download add-on check_zypper plugin - get_url: - url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_zypper - dest: /usr/local/nagios/libexec/check_zypper - mode: 0755 - tags: nagios_plugins +--- +##################################################################################### +# AdoptOpenJDK - Ansible Playbook to install Nagios plugins on SLES on x86 hardware # +##################################################################################### + +########################################################################### +# License Information: # +# Nagios core and its plugins are lincesed under GPL # +# For more information please see: https://www.nagios.com/legal/licenses/ # +########################################################################### + +######################################## +# Install Nagios dependencies packages # +######################################## +- name: Install additional packages used by Nagios + package: "name={{ item }} state=latest" + with_items: + - fping + - gcc + - make + - xinetd + tags: nagios_plugins + +############### +# Nagios user # +############### +- name: Allow Nagios to use zypper while restricting it to check-update only + shell: | + echo "nagios ALL = NOPASSWD: /usr/bin/zypper ref" >> /etc/sudoers + echo "nagios ALL = NOPASSWD: /usr/bin/zypper list-patches" >> /etc/sudoers + tags: nagios_plugins + +################### +# Install plugins # +################### +- name: Download nagios-plugins + get_url: + url: https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz + dest: /tmp/ + mode: 0440 + timeout: 25 + tags: nagios_plugins + +- name: Extract nagios-plugins + unarchive: + src: /tmp/nagios-plugins-2.2.1.tar.gz + dest: /tmp/ + copy: False + tags: nagios_plugins + +- name: Configure, make and make install nagios-plugins + shell: cd /tmp/nagios-plugins-2.2.1/ && ./configure --prefix=/usr/local/nagios && make -j {{ ansible_processor_vcpus }} && make install + become: yes + tags: nagios_plugins + +############################## +# Install additional plugins # +############################## +- name: Download add-on check_zypper plugin + get_url: + url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_zypper + dest: /usr/local/nagios/libexec/check_zypper + mode: 0755 + tags: nagios_plugins diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_Ubuntu.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_Ubuntu.yml index 5e04b1df39..f4281c6a62 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_Ubuntu.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_Ubuntu.yml @@ -1,3 +1,4 @@ +--- ################################################################################################# # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on Ubuntu 14 and 16 on x86 hardware # ################################################################################################# @@ -8,27 +9,27 @@ # For more information please see: https://www.nagios.com/legal/licenses/ # ########################################################################### - ######################################## - # Install Nagios dependencies packages # - ######################################## - - name: Install Nagios plugins - apt: pkg={{ item }} state=latest update_cache=yes - with_items: - - fping - - gcc - - nagios-plugins - - nagios-plugins-common - - perl - - qstat - tags: nagios_plugins +######################################## +# Install Nagios dependencies packages # +######################################## +- name: Install Nagios plugins + apt: pkg={{ item }} state=latest update_cache=yes + with_items: + - fping + - gcc + - nagios-plugins + - nagios-plugins-common + - perl + - qstat + tags: nagios_plugins - ########## - # Layout # - ########## - - name: Creates Nagios folder - file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios - tags: nagios_plugins +########## +# Layout # +########## +- name: Creates Nagios folder + file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios + tags: nagios_plugins - - name: Create symlink to plugins - file: src=/usr/lib/nagios/plugins dest=/usr/local/nagios/libexec state=link - tags: nagios_plugins +- name: Create symlink to plugins + file: src=/usr/lib/nagios/plugins dest=/usr/local/nagios/libexec state=link + tags: nagios_plugins diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Tunnel/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Tunnel/tasks/main.yml index cb2f603450..bc6db8ead5 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Tunnel/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Tunnel/tasks/main.yml @@ -73,4 +73,3 @@ - Nagios_Master_IP is defined - tunnel_script_result.stat.exists == False tags: nagios_tunnel - diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Security/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Security/tasks/main.yml index cfb6c65d5c..c1d78d96f5 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Security/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Security/tasks/main.yml @@ -14,7 +14,7 @@ when: - Security == "Enabled" tags: security - + - name: Ensure keybox's ssh key is applied to root's authorized_key file authorized_key: user: root @@ -63,7 +63,7 @@ when: - Security == "Enabled" tags: security - + - name: Restart sshd service service: name: sshd diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/freemarker/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/freemarker/tasks/main.yml index a55cd65c8a..fcf8a8a890 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/freemarker/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/freemarker/tasks/main.yml @@ -2,24 +2,24 @@ ################################### # freemarker to Jenkins User home # ################################### - - name: Check that the freemarker.jar exists - stat: - path: /home/{{ Jenkins_Username }}/freemarker.jar - register: freemarker - tags: freemarker +- name: Check that the freemarker.jar exists + stat: + path: /home/{{ Jenkins_Username }}/freemarker.jar + register: freemarker + tags: freemarker - # Originally downloaded from - # https://sourceforge.net/projects/freemarker/files/freemarker/2.3.8/freemarker-2.3.8.tar.gz - - name: Download and extract freemarker.jar - unarchive: - src: https://ci.adoptopenjdk.net/userContent/freemarker-2.3.8.tar.gz - dest: /tmp/ - remote_src: yes - mode: 0755 - when: freemarker.stat.exists == False - tags: freemarker +# Originally downloaded from +# https://sourceforge.net/projects/freemarker/files/freemarker/2.3.8/freemarker-2.3.8.tar.gz +- name: Download and extract freemarker.jar + unarchive: + src: https://ci.adoptopenjdk.net/userContent/freemarker-2.3.8.tar.gz + dest: /tmp/ + remote_src: yes + mode: 0755 + when: freemarker.stat.exists == False + tags: freemarker - - name: Move freemarker.jar to /home/{{ Jenkins_Username }} folder - command: mv /tmp/freemarker-2.3.8/lib/freemarker.jar /home/{{ Jenkins_Username }} - when: freemarker.stat.exists == False - tags: freemarker +- name: Move freemarker.jar to /home/{{ Jenkins_Username }} folder + command: mv /tmp/freemarker-2.3.8/lib/freemarker.jar /home/{{ Jenkins_Username }} + when: freemarker.stat.exists == False + tags: freemarker diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/gcc_48/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/gcc_48/tasks/main.yml index 2b22ca601d..fdd5ef9ba5 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/gcc_48/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/gcc_48/tasks/main.yml @@ -88,7 +88,7 @@ - name: Create symlink for libstdc++.so.6.0.19 file: - src: /opt/gcc-4.8.5/lib64/libstdc++.so.6.0.19 + src: /opt/gcc-4.8.5/lib64/libstdc++.so.6.0.19 dest: /usr/lib64/libstdc++.so.6.0.19 owner: root group: root diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml index a04dfa5a4f..eff500feeb 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml @@ -1,3 +1,4 @@ +--- ######################################## # AdoptOpenJDK - Ansible Playbook for: # # -------- Windows 7, 8, 10 --------- # diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml index e19246b840..6fcb624801 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml @@ -5,13 +5,13 @@ - name: Test if Ant is already installed win_stat: - path: 'C:\apache-ant\apache-ant-1.10.3' + path: 'C:\apache-ant\apache-ant-1.10.3' register: ant_installed tags: ANT - name: Test if Ant is already downloaded win_stat: - path: 'c:\temp\ant.zip' + path: 'c:\temp\ant.zip' register: ant_download tags: ANT @@ -39,15 +39,15 @@ - name: Add %ANT_HOME%\bin to %PATH% win_path: - elements: + elements: - '%ANT_HOME%\bin' - state: present + state: present when: (ant_installed.stat.exists == false) tags: ANT - name: Test if ant-contrib is already installed win_stat: - path: 'C:\apache-ant\apache-ant-1.10.3\lib\ant-contrib.jar' + path: 'C:\apache-ant\apache-ant-1.10.3\lib\ant-contrib.jar' register: ant_contrib_installed tags: ANT diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Common/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Common/tasks/main.yml index 63562daf04..7fd33fb1ef 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Common/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Common/tasks/main.yml @@ -13,7 +13,7 @@ path: C:\openjdk state: directory tags: basic_config - + - name: Create cmd.exe shortcut win_shortcut: src: C:\Windows\System32\cmd.exe diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/GIT/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/GIT/tasks/main.yml index 0dda8b2e70..e1424b5fc8 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/GIT/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/GIT/tasks/main.yml @@ -5,13 +5,13 @@ - name: Test if GIT is already installed win_stat: - path: 'C:\Program Files\Git' + path: 'C:\Program Files\Git' register: git_installed tags: git - name: Check if GIT installer is already downloaded win_stat: - path: 'C:\temp\git.exe' + path: 'C:\temp\git.exe' register: git_download tags: git diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java7/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java7/tasks/main.yml index a8db3e0476..b9cc1c6f2e 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java7/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java7/tasks/main.yml @@ -5,13 +5,13 @@ - name: Test if Java 7 is already installed win_stat: - path: 'C:\Program Files\Java\java-se-7u75-ri' + path: 'C:\Program Files\Java\java-se-7u75-ri' register: java7_installed tags: Java7 - name: Check if Java 7 is already downloaded win_stat: - path: 'C:\temp\jdk7u75-b13.zip' + path: 'C:\temp\jdk7u75-b13.zip' register: java7_download tags: Java7 @@ -32,7 +32,7 @@ - name: Test if Java 7 symlink is already created win_stat: - path: 'C:\openjdk\jdk7' + path: 'C:\openjdk\jdk7' register: java7_symlink tags: Java7 diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java8/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java8/tasks/main.yml index 9c615763ce..34eceeba8c 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java8/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java8/tasks/main.yml @@ -4,13 +4,13 @@ ########## - name: Test if Java 8 is already installed win_stat: - path: 'C:\Program Files\Java\jdk8u172-b11' + path: 'C:\Program Files\Java\jdk8u172-b11' register: java8_installed tags: Java8 - name: Check if Java 8 is already downloaded win_stat: - path: 'C:\temp\jdk8u172-b11.zip' + path: 'C:\temp\jdk8u172-b11.zip' register: java8_download tags: Java8 @@ -30,7 +30,7 @@ - name: Test if Java 8 symlink is already created win_stat: - path: 'C:\openjdk\jdk8' + path: 'C:\openjdk\jdk8' register: java8_symlink tags: Java8 diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java9/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java9/tasks/main.yml index e728ae65cb..87740c4914 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java9/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java9/tasks/main.yml @@ -4,13 +4,13 @@ ########## - name: Test if Java 9 is already installed win_stat: - path: 'C:\Program Files\Java\jdk-9+181' + path: 'C:\Program Files\Java\jdk-9+181' register: java9_installed tags: Java9 - name: Check if Java 9 is already downloaded win_stat: - path: 'C:\temp\jdk-9+181.zip' + path: 'C:\temp\jdk-9+181.zip' register: java9_download tags: Java9 @@ -30,7 +30,7 @@ - name: Test if Java 9 symlink is already created win_stat: - path: 'C:\openjdk\jdk9' + path: 'C:\openjdk\jdk9' register: java9_symlink tags: Java9 diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/NVidia_Cuda_Toolkit/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/NVidia_Cuda_Toolkit/tasks/main.yml index 069b4a8c4e..c81a37c8c7 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/NVidia_Cuda_Toolkit/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/NVidia_Cuda_Toolkit/tasks/main.yml @@ -4,7 +4,7 @@ ####################### - name: Check if NVidia CUDA toolkit is aready installed win_stat: - path: 'C:\Program Files\NVIDIA GPU Computing Toolkit\CUDA\v9.0' + path: 'C:\Program Files\NVIDIA GPU Computing Toolkit\CUDA\v9.0' register: cuda_installed tags: NVidia_Cuda_Toolkit diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Strawberry_Perl/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Strawberry_Perl/tasks/main.yml index 06aa320928..e713bc08ec 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Strawberry_Perl/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Strawberry_Perl/tasks/main.yml @@ -5,13 +5,13 @@ - name: Test if Strawberry Perl is already installed win_stat: - path: 'C:\Strawberry\perl' + path: 'C:\Strawberry\perl' register: strawberry_perl_installed tags: Strawberry_Perl - name: Check if Strawberry Perl is already downloaded win_stat: - path: 'C:\temp\strawberry-perl.zip' + path: 'C:\temp\strawberry-perl.zip' register: strawberry_perl_download tags: Strawberry_Perl @@ -32,7 +32,7 @@ - name: Add Strawberry Perl to %PATH% win_path: elements: - - 'C:\Strawberry\bin' + - 'C:\Strawberry\bin' state: present when: (strawberry_perl_installed.stat.exists == false) tags: Strawberry_Perl diff --git a/ansible/playbooks/aix.yml b/ansible/playbooks/aix.yml index 75259aa519..c098948e44 100644 --- a/ansible/playbooks/aix.yml +++ b/ansible/playbooks/aix.yml @@ -1,3 +1,4 @@ +--- ######################################## # AdoptOpenJDK - Ansible Playbook for: # # --------------- AIX --------------- # @@ -12,677 +13,677 @@ swap_size: 4096 tasks: - - block: - ################################ - # AIX filesystem configuration # - ################################ - - name: Download AIX filesystem configuration script - get_url: - url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/scripts/AIX_filesystem_config.sh - dest: /tmp/AIX_filesystem_config.sh - mode: 0775 - validate_certs: no - tags: filesystem - - - name: Execute AIX filesystem configuration script - command: /tmp/AIX_filesystem_config.sh - tags: filesystem - - - file: - state: absent - path: /tmp/AIX_filesystem_config.sh - tags: filesystem - - ########################################################################## - # Install openssl from IBM installp # - # openssl installp download requiring an IBMid # - # https://www-01.ibm.com/support/docviepw.wss?uid=isg1fileset-1190419011 # - ########################################################################## - - name: Transfer Openssl to remote host - copy: - src: /Vendor_Files/aix/openssl-1.0.2.1300.tar.gz - dest: /tmp/openssl-1.0.2.1300.tar.gz - tags: openssl - - - name: Extract Openssl - shell: gzip -cd /tmp/openssl-1.0.2.1300.tar.gz | tar xf - -C /tmp/ - tags: openssl - - - name: Install IBM Openssl - installp - shell: installp -aXYgd /tmp/openssl-1.0.2.1300 openssl.base - register: result.openssl - ignore_errors: yes - tags: openssl - - - name: Clean openssl tmp files - file: - path: "{{ item }}" - state: absent - with_items: - - /tmp/openssl-1.0.2.1300 - - /tmp/openssl-1.0.2.1300.tar.gz - tags: openssl - - #################################################### - # Uninstall conflicting packages from base image # - # if they were installed via rpm unless yum exists # - #################################################### - - name: Confirm yum is installed - /usr/bin/yum - stat: - path: /usr/bin/yum - register: yum - - - name: Uninstall conflicting packages - shell: rpm -e --nodeps $(rpm -qa | grep -E "cloud-init|perl|openssl") 2>/dev/null - ignore_errors: True - when: yum.stat.islnk is not defined - tags: rpm_remove - - #################################### - # Install yum and update to latest # - #################################### - - name: Download yum.sh - get_url: - url: ftp://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/yum.sh - validate_certs: False - dest: /tmp/ - mode: 0775 - timeout: 25 - when: yum.stat.islnk is not defined - tags: yum - - - name: Install yum and dependencies - shell: /tmp/yum.sh - register: result.yum - ignore_errors: yes - when: yum.stat.islnk is not defined - tags: yum - - - name: Yum update - yum: - update_cache: yes - name: '*' - state: latest - tags: yum - - - name: Install yum package support - yum: name={{ item }} state=present update_cache=yes - with_items: - - autoconf - - bison - - cups-devel - - cups-libs - - flex - - freetype2-devel - - fontconfig-devel - - gawk - - git - - grep - - make - - m4 - - pkg-config - - sed - - tar - - unzip - - xz-libs - - zip - tags: yum - - ########################################### - # Additional Tools not available thru yum # - ########################################### - - name: Install yum package support - yum: name={{ item }} state=present update_cache=yes - with_items: - - http://www.oss4aix.org/download/RPMS/mktemp/mktemp-1.7-1.aix5.1.ppc.rpm - - http://www.bullfreeware.com/download/bin/2328/libiconv-1.14-22.aix6.1.ppc.rpm - - http://www.bullfreeware.com/download/bin/2591/libunistring-0.9.6-2.aix6.1.ppc.rpm - - http://www.bullfreeware.com/download/bin/3944/perl-5.24.0-3.aix6.1.ppc.rpm - - http://www.oss4aix.org/download/RPMS/cmake/cmake-3.7.2-1.aix6.1.ppc.rpm - tags: rpm_install - - - name: Ensure perl from /opt/freeware/bin is the default in /usr/bin - shell: mv /usr/bin/perl /usr/bin/perl.old && ln -s /opt/freeware/bin/perl /usr/bin/ - ignore_errors: True - - ############## - # IBM Java 8 # - ############## - - stat: - path: /usr/java8_64 - register: java8 - tags: java8 - - - debug: - msg: "Java8 found, skipping download and installation" - when: java8.stat.isdir is defined - tags: java8 - - - name: Transfer and Extract Java8 - unarchive: - src: /Vendor_Files/aix/OpenJDK8_ppc64_AIX_jdk8u144-b01.tar.gz - dest: /tmp - remote_src: no - when: java8.stat.isdir is not defined - tags: java8 - - - name: Move extracted Java8 to /usr/java8_64 - shell: mv /tmp/jdk8u144-b01/ /usr/java8_64 - when: java8.stat.isdir is not defined - tags: java8 - - - name: Create symlink for Java - file: src=/usr/java8_64/bin/java dest=/usr/bin/java state=link - when: java8.stat.isdir is not defined - tags: java8 - - - name: Create symlink for Javac - file: src=/usr/java8_64/bin/javac dest=/usr/bin/javac state=link - when: java8.stat.isdir is not defined - tags: java8 - - - name: Test Java - command: /usr/bin/java -version - register: java8_version - tags: java8 - - - name: Display Java version information - debug: - msg: "{{ java8_version.stderr }}" - tags: java8 - - - replace: - path: /etc/environment - regexp: 'java5' - replace: 'java8_64' - tags: java8 - - ############## - # IBM Java 7 # - ############## - - stat: - path: /usr/java7 - register: java7 - tags: java7 - - - debug: - msg: "Java7 found, skipping download and installation" - when: java7.stat.isdir is defined - tags: java7 - - - name: Transfer and Extract Java7 - unarchive: - src: /Vendor_Files/aix/openjdk-7u-aix.tar - dest: /tmp - remote_src: no - when: java7.stat.isdir is not defined - tags: java7 - - - name: Move extracted Java7 to /usr/java7 - shell: mv /tmp/j2sdk-image /usr/java7 - when: java7.stat.isdir is not defined - tags: java7 - - - name: Test Java7 - command: /usr/java7/bin/java -version - register: java7_version - tags: java7 - - - name: Display Java7 version information - debug: - msg: "{{ java7_version.stderr }}" - tags: java7 - - ######################################################################## - # Install X11 extensions # - # x11.adt.ext installp download requiring an IBMid # - # http://www-01.ibm.com/support/docview.wss?uid=isg1fileset-1198156818 # - ######################################################################## - - name: Transfer X11 installp to remote host - copy: - src: /Vendor_Files/aix/X11.adt - dest: /tmp/X11.adt - tags: x11 - - - name: Install IBM X11 Extensions - installp - shell: installp -aXYgd /tmp/X11.adt X11.adt.ext - register: result.x11 - ignore_errors: yes - tags: x11 - - - file: - state: absent - path: /tmp/X11.adt - - ############ - # IBM XL C # - ############ - - stat: - path: /usr/bin/xlc - register: xlc - tags: xlc - - - debug: - msg: "xlc installed, skipping download and installation" - when: xlc.stat.islnk is defined - tags: xlc - - - name: Transfer and Extract XLC - unarchive: - src: /Vendor_Files/aix/IBM_XL_C_C___FOR_AIX_V13.1.3_EMG.tar.gz - dest: /tmp - remote_src: no - when: xlc.stat.islnk is not defined - tags: xlc - - - name: Install IBM XL C - installp - shell: installp -aXYgd /tmp/usr/sys/inst.images all - register: result.xlc - ignore_errors: yes - when: xlc.stat.islnk is not defined - tags: xlc - - - debug: msg='Erorrs from the previous installp command normal' - when: xlc.stat.islnk is not defined - tags: xlc - - - name: TestIBM XL C - command: /opt/IBM/xlC/13.1.3/bin/xlc -qversion - register: xlc_qversion - tags: xlc - - - name: Display XL C qversion information - debug: - msg: "{{ xlc_qversion.stdout }}" - tags: xlc - - - name: Symlink - /usr/bin/xlc - file: src=/opt/IBM/xlC/13.1.3/bin/xlc dest=/usr/bin/xlc state=link - when: xlc.stat.islnk is not defined - tags: xlc - - - name: Symlink - /usr/bin/xlc++ - file: src=/opt/IBM/xlC/13.1.3/bin/xlc++ dest=/usr/bin/xlc++ state=link - when: xlc.stat.islnk is not defined - tags: xlc - - - name: Symlink - /usr/bin/xlC - file: src=/opt/IBM/xlC/13.1.3/bin/xlC dest=/usr/bin/xlC state=link - when: xlc.stat.islnk is not defined - tags: xlc - - - name: Symlink - /usr/bin/xlc_r - file: src=/opt/IBM/xlC/13.1.3/bin/xlc_r dest=/usr/bin/xlc_r state=link - when: xlc.stat.islnk is not defined - tags: xlc - - - name: Symlink - /usr/bin/xlC_r - file: src=/opt/IBM/xlC/13.1.3/bin/xlc_r dest=/usr/bin/xlC_r state=link - when: xlc.stat.islnk is not defined - tags: xlc - - - name: Symlink - /usr/bin/gxlC - file: src=/opt/IBM/xlC/13.1.3/bin/gxlC dest=/usr/bin/gxlC state=link - when: xlc.stat.islnk is not defined - tags: xlc - - ############### - # ant # - ############### - - stat: - path: /usr/bin/ant - register: ant - tags: ant - - - debug: - msg: "Ant installed, skipping download and installation" - when: ant.stat.islnk is defined - tags: ant - - - name: Download and extract ant - unarchive: - src: https://archive.apache.org/dist/ant/binaries/apache-ant-1.9.9-bin.zip - dest: /opt - remote_src: yes - when: ant.stat.islnk is not defined - tags: ant - - - name: Create symlink for ant - file: src=/opt/apache-ant-1.9.9/bin/ant dest=/usr/bin/ant state=link - when: ant.stat.islnk is not defined - tags: ant - - ############### - # ant-contrib # - ############### - - stat: - path: /opt/apache-ant-1.9.9/lib/ant-contrib.jar - register: antcontrib - tags: ant-contrib - - - debug: - msg: ant-contrib.jar installed, skipping download" - when: antcontrib.stat.exists == True - tags: ant-contrib - - - name: Download and extract ant-contrib - unarchive: - src: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.tar.gz - dest: /tmp/ - remote_src: yes - when: antcontrib.stat.exists == False - tags: ant-contrib - - - name: Move ant-contrib.jar to lib folder - command: mv /tmp/ant-contrib/lib/ant-contrib.jar /opt/apache-ant-1.9.9/lib/ - when: antcontrib.stat.exists == False - tags: ant-contrib - - - name: Clean ant-contrib tmp files - file: - path: "{{ item }}" - state: absent - with_items: - - /tmp/ant-contrib - - /tmp/ant-contrib-1.0b2-bin.tar.gz - tags: ant-contrib - - ######## - # cpan # - ######## - - name: Ensure memory limits for root are unlimited - shell: ulimit -m unlimited && ulimit -d unlimited - tags: cpan - - - name: Install Text::CSV - shell: | - CC=xlc_r cpan -i Text::CSV - tags: cpan - - ######################### - # Configure system logs # - ######################### - - name: Ensure /etc/syslog.conf entries are present - blockinfile: - backup: yes - dest: /etc/syslog.conf - block: | - *.debug;*.emerg;*.alert;*.crit;*.warning /var/log/messages rotate size 1000k files 4 - syslog.debug /var/log/syslog rotate size 1000k files 4 - *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages rotate size 1000k files 4 - tags: syslog - - - name: Ensure log files exist - file: - path: "{{ item }}" - state: touch - mode: 0644 - with_items: - - /var/log/syslog - - /var/adm/messages - - /var/log/messages - changed_when: False - tags: syslog - - - name: Reload syslogd - service: name=syslogd state=reloaded - changed_when: False - tags: syslog - - - name: Ensure full core files are enabled - command: chdev -l sys0 -a fullcore=true - changed_when: False - tags: syslog - - ###################################### - # Add bash to available login shells # - ###################################### - - replace: - path: /etc/security/login.cfg - regexp: 'shells = ' - replace: 'shells = /bin/bash,' - tags: login_shell - - - blockinfile: - dest: /etc/shells - block: | - /bin/bash - tags: login_shell - - - blockinfile: - dest: /etc/environment - block: | - AIXTHREAD_HRT=true - PKG_CONFIG_PATH=/opt/freeware/lib64/pkgconfig:/opt/freeware/lib/pkgconfig - tags: login_shell - - - replace: - path: /etc/environment - regexp: 'PATH=/usr/bin' - replace: 'PATH=/opt/freeware/bin:/opt/IBM/xlC/13.1.3/bin:/usr/bin' - tags: login_shell - - ################ - # Jenkins user # - ################ - - stat: - path: /home/{{ Jenkins_Username }} - register: jenkins - tags: jenkins_user - - - debug: - msg: "i{{ Jenkins_Username }} home directory found, skipping user creation tasks" - when: jenkins.stat.isdir is defined - tags: jenkins_user - - - name: Create jenkins user - shell: mkuser home="/home/{{ Jenkins_Username }}" shell="/bin/bash" {{ Jenkins_Username }} - ignore_errors: yes - when: jenkins.stat.isdir is not defined - tags: jenkins_user - - - name: Create SSH Key folder for {{ Jenkins_Username }} - file: - path: /home/{{ Jenkins_Username }}/.ssh - owner: "{{ Jenkins_Username }}" - group: staff - mode: 0700 - state: directory - when: jenkins.stat.isdir is not defined - tags: jenkins_user - - - name: Set authorized key for jenkins user - authorized_key: - user: "{{ Jenkins_Username }}" - state: present - key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" - when: jenkins.stat.isdir is not defined - tags: jenkins_user - - # Use the system defaults as defined in /etc/environment - - file: - state: absent - path: /home/{{ Jenkins_Username }}/.profile - - - name: Set user capabilites - shell: chuser capabilities=CAP_NUMA_ATTACH,CAP_BYPASS_RAC_VMM,CAP_PROPAGATE {{ Jenkins_Username }} - tags: jenkins_user - - - - name: Set group capabilites - shell: chgroup adms=root staff - tags: jenkins_user - - - name: ensure adequate limits are set in /etc/security/limits - command: chsec -f /etc/security/limits -s {{ Jenkins_Username }} -a {{ item }} - with_items: - - "fsize=-1" - - "core=-1" - - "cpu=-1" - - "data=262144" - - "rss=65536" - - "stack=65536" - - "core_hard=-1" - - "nofiles=-1" - - "nofiles_hard=-1" - changed_when: False - tags: jenkins_user - - ############## - # freemarker # - ############## - - stat: - path: /home/{{ Jenkins_Username }}/freemarker.jar - register: freemarker - tags: freemarker - - - debug: - msg: freemarker.jar found, skipping download" - when: freemarker.stat.exists == True - tags: freemarker - - - name: Download and extract freemarker.jar - unarchive: - src: https://sourceforge.net/projects/freemarker/files/freemarker/2.3.8/freemarker-2.3.8.tar.gz - dest: /tmp/ - remote_src: yes - owner: "{{ Jenkins_Username }}" - group: staff - mode: 0755 - when: freemarker.stat.exists == False - tags: freemarker - - - name: Move freemarker.jar to /home/{{ Jenkins_Username }} folder - command: mv /tmp/freemarker-2.3.8/lib/freemarker.jar /home/{{ Jenkins_Username }} - when: freemarker.stat.exists == False - tags: freemarker - - - name: Clean freemarker tmp files - file: - path: "{{ item }}" - state: absent - with_items: - - /tmp/freemarker-2.3.8 - - /tmp/freemarker-2.3.8.tar.gz - tags: freemarker - - ################## - # Nagios plugins # - ################## - - name: Include Nagios Playbook - include_tasks: nagios/nagios_aix.yml - when: Nagios_Plugins == "Enabled" - - ##################### - # superuser account # - ##################### - - name: Setup zeus user - shell: mkuser home="/home/zeus" shell="/usr/bin/ksh" zeus - ignore_errors: yes - when: Superuser_Account == "Enabled" - tags: superuser - - - name: Create SSH Key folder for zeus - file: - path: /home/zeus/.ssh - owner: zeus - group: staff - mode: 0700 - state: directory - when: Superuser_Account == "Enabled" - tags: superuser - - - name: Add key - authorized_key: - user: zeus - state: present - key: "{{ lookup('file', '/home/ubuntu/keys/zeus.key') }}" - when: Superuser_Account == "Enabled" - tags: superuser - - - name: Grant zeus sudo powers - lineinfile: - dest: /etc/sudoers - state: present - regexp: '^zeus' - line: 'zeus ALL=(ALL) NOPASSWD: ALL' - when: Superuser_Account == "Enabled" - tags: superuser - - ################### - # NTP Time Server # - ################### - - name: ensure NTP daemon is enabled - replace: - dest: /etc/rc.tcpip - regexp: '^ *# *(start /usr/sbin/xntpd (.+)\n)' - replace: '\1' - tags: ntp - - - name: ensure NTP daemon is configured - copy: - content: | - server 1.pool.ntp.org - server 2.pool.ntp.org - server 3.pool.ntp.org - driftfile /etc/ntp.drift - tracefile /etc/ntp.trace - dest: /etc/ntp.conf - owner: root - group: system - mode: 0664 - tags: ntp - - - name: Stop NTP daemon - service: name=xntpd state=stopped - changed_when: False - tags: ntp - - - name: Start NTP daemon - service: name=xntpd state=started - changed_when: False - tags: ntp - - #################### - # Disable sendmail # - #################### - - name: ensure sendmail is stopped - service: name=sendmail state=stopped - tags: sendmail - - - name: ensure sendmail is disabled - replace: - dest: /etc/rc.tcpip - regexp: '^ *(start /usr/lib/sendmail (.+)\n)' - replace: '#\1' - tags: sendmail - - ############################ - # Enable full core support # - ############################ - - name: ensure full AIX core files are enabled - command: chdev -l sys0 -a fullcore=true - changed_when: False - tags: fullcore - - ##################### - # Enable swap space # - ##################### - - name: ensure swap space is of adequate size - shell: | - swap_line=$(lsps -a | tail -n 1) - curr_swap_size=$(echo $swap_line | awk '{print $4}' | awk -FM '{print $1}') - swap_lv=$(echo $swap_line | awk '{print $1}') - if [[ $curr_swap_size -lt {{swap_size}} ]] - then - echo "Extending swap LV..." - extendlv $swap_lv $(expr {{swap_size}} - $curr_swap_size)MB - fi - register: extendlv_result - changed_when: "'Extending' in extendlv_result.stdout" - notify: - - restart machine - tags: swap + - block: + ################################ + # AIX filesystem configuration # + ################################ + - name: Download AIX filesystem configuration script + get_url: + url: https://raw.githubusercontent.com/AdoptOpenJDK/openjdk-infrastructure/master/ansible/playbooks/scripts/AIX_filesystem_config.sh + dest: /tmp/AIX_filesystem_config.sh + mode: 0775 + validate_certs: no + tags: filesystem + + - name: Execute AIX filesystem configuration script + command: /tmp/AIX_filesystem_config.sh + tags: filesystem + + - file: + state: absent + path: /tmp/AIX_filesystem_config.sh + tags: filesystem + + ########################################################################## + # Install openssl from IBM installp # + # openssl installp download requiring an IBMid # + # https://www-01.ibm.com/support/docviepw.wss?uid=isg1fileset-1190419011 # + ########################################################################## + - name: Transfer Openssl to remote host + copy: + src: /Vendor_Files/aix/openssl-1.0.2.1300.tar.gz + dest: /tmp/openssl-1.0.2.1300.tar.gz + tags: openssl + + - name: Extract Openssl + shell: gzip -cd /tmp/openssl-1.0.2.1300.tar.gz | tar xf - -C /tmp/ + tags: openssl + + - name: Install IBM Openssl - installp + shell: installp -aXYgd /tmp/openssl-1.0.2.1300 openssl.base + register: result.openssl + ignore_errors: yes + tags: openssl + + - name: Clean openssl tmp files + file: + path: "{{ item }}" + state: absent + with_items: + - /tmp/openssl-1.0.2.1300 + - /tmp/openssl-1.0.2.1300.tar.gz + tags: openssl + + #################################################### + # Uninstall conflicting packages from base image # + # if they were installed via rpm unless yum exists # + #################################################### + - name: Confirm yum is installed - /usr/bin/yum + stat: + path: /usr/bin/yum + register: yum + + - name: Uninstall conflicting packages + shell: rpm -e --nodeps $(rpm -qa | grep -E "cloud-init|perl|openssl") 2>/dev/null + ignore_errors: True + when: yum.stat.islnk is not defined + tags: rpm_remove + + #################################### + # Install yum and update to latest # + #################################### + - name: Download yum.sh + get_url: + url: ftp://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/yum.sh + validate_certs: False + dest: /tmp/ + mode: 0775 + timeout: 25 + when: yum.stat.islnk is not defined + tags: yum + + - name: Install yum and dependencies + shell: /tmp/yum.sh + register: result.yum + ignore_errors: yes + when: yum.stat.islnk is not defined + tags: yum + + - name: Yum update + yum: + update_cache: yes + name: '*' + state: latest + tags: yum + + - name: Install yum package support + yum: name={{ item }} state=present update_cache=yes + with_items: + - autoconf + - bison + - cups-devel + - cups-libs + - flex + - freetype2-devel + - fontconfig-devel + - gawk + - git + - grep + - make + - m4 + - pkg-config + - sed + - tar + - unzip + - xz-libs + - zip + tags: yum + + ########################################### + # Additional Tools not available thru yum # + ########################################### + - name: Install yum package support + yum: name={{ item }} state=present update_cache=yes + with_items: + - http://www.oss4aix.org/download/RPMS/mktemp/mktemp-1.7-1.aix5.1.ppc.rpm + - http://www.bullfreeware.com/download/bin/2328/libiconv-1.14-22.aix6.1.ppc.rpm + - http://www.bullfreeware.com/download/bin/2591/libunistring-0.9.6-2.aix6.1.ppc.rpm + - http://www.bullfreeware.com/download/bin/3944/perl-5.24.0-3.aix6.1.ppc.rpm + - http://www.oss4aix.org/download/RPMS/cmake/cmake-3.7.2-1.aix6.1.ppc.rpm + tags: rpm_install + + - name: Ensure perl from /opt/freeware/bin is the default in /usr/bin + shell: mv /usr/bin/perl /usr/bin/perl.old && ln -s /opt/freeware/bin/perl /usr/bin/ + ignore_errors: True + + ############## + # IBM Java 8 # + ############## + - stat: + path: /usr/java8_64 + register: java8 + tags: java8 + + - debug: + msg: "Java8 found, skipping download and installation" + when: java8.stat.isdir is defined + tags: java8 + + - name: Transfer and Extract Java8 + unarchive: + src: /Vendor_Files/aix/OpenJDK8_ppc64_AIX_jdk8u144-b01.tar.gz + dest: /tmp + remote_src: no + when: java8.stat.isdir is not defined + tags: java8 + + - name: Move extracted Java8 to /usr/java8_64 + shell: mv /tmp/jdk8u144-b01/ /usr/java8_64 + when: java8.stat.isdir is not defined + tags: java8 + + - name: Create symlink for Java + file: src=/usr/java8_64/bin/java dest=/usr/bin/java state=link + when: java8.stat.isdir is not defined + tags: java8 + + - name: Create symlink for Javac + file: src=/usr/java8_64/bin/javac dest=/usr/bin/javac state=link + when: java8.stat.isdir is not defined + tags: java8 + + - name: Test Java + command: /usr/bin/java -version + register: java8_version + tags: java8 + + - name: Display Java version information + debug: + msg: "{{ java8_version.stderr }}" + tags: java8 + + - replace: + path: /etc/environment + regexp: 'java5' + replace: 'java8_64' + tags: java8 + + ############## + # IBM Java 7 # + ############## + - stat: + path: /usr/java7 + register: java7 + tags: java7 + + - debug: + msg: "Java7 found, skipping download and installation" + when: java7.stat.isdir is defined + tags: java7 + + - name: Transfer and Extract Java7 + unarchive: + src: /Vendor_Files/aix/openjdk-7u-aix.tar + dest: /tmp + remote_src: no + when: java7.stat.isdir is not defined + tags: java7 + + - name: Move extracted Java7 to /usr/java7 + shell: mv /tmp/j2sdk-image /usr/java7 + when: java7.stat.isdir is not defined + tags: java7 + + - name: Test Java7 + command: /usr/java7/bin/java -version + register: java7_version + tags: java7 + + - name: Display Java7 version information + debug: + msg: "{{ java7_version.stderr }}" + tags: java7 + + ######################################################################## + # Install X11 extensions # + # x11.adt.ext installp download requiring an IBMid # + # http://www-01.ibm.com/support/docview.wss?uid=isg1fileset-1198156818 # + ######################################################################## + - name: Transfer X11 installp to remote host + copy: + src: /Vendor_Files/aix/X11.adt + dest: /tmp/X11.adt + tags: x11 + + - name: Install IBM X11 Extensions - installp + shell: installp -aXYgd /tmp/X11.adt X11.adt.ext + register: result.x11 + ignore_errors: yes + tags: x11 + + - file: + state: absent + path: /tmp/X11.adt + + ############ + # IBM XL C # + ############ + - stat: + path: /usr/bin/xlc + register: xlc + tags: xlc + + - debug: + msg: "xlc installed, skipping download and installation" + when: xlc.stat.islnk is defined + tags: xlc + + - name: Transfer and Extract XLC + unarchive: + src: /Vendor_Files/aix/IBM_XL_C_C___FOR_AIX_V13.1.3_EMG.tar.gz + dest: /tmp + remote_src: no + when: xlc.stat.islnk is not defined + tags: xlc + + - name: Install IBM XL C - installp + shell: installp -aXYgd /tmp/usr/sys/inst.images all + register: result.xlc + ignore_errors: yes + when: xlc.stat.islnk is not defined + tags: xlc + + - debug: msg='Erorrs from the previous installp command normal' + when: xlc.stat.islnk is not defined + tags: xlc + + - name: TestIBM XL C + command: /opt/IBM/xlC/13.1.3/bin/xlc -qversion + register: xlc_qversion + tags: xlc + + - name: Display XL C qversion information + debug: + msg: "{{ xlc_qversion.stdout }}" + tags: xlc + + - name: Symlink - /usr/bin/xlc + file: src=/opt/IBM/xlC/13.1.3/bin/xlc dest=/usr/bin/xlc state=link + when: xlc.stat.islnk is not defined + tags: xlc + + - name: Symlink - /usr/bin/xlc++ + file: src=/opt/IBM/xlC/13.1.3/bin/xlc++ dest=/usr/bin/xlc++ state=link + when: xlc.stat.islnk is not defined + tags: xlc + + - name: Symlink - /usr/bin/xlC + file: src=/opt/IBM/xlC/13.1.3/bin/xlC dest=/usr/bin/xlC state=link + when: xlc.stat.islnk is not defined + tags: xlc + + - name: Symlink - /usr/bin/xlc_r + file: src=/opt/IBM/xlC/13.1.3/bin/xlc_r dest=/usr/bin/xlc_r state=link + when: xlc.stat.islnk is not defined + tags: xlc + + - name: Symlink - /usr/bin/xlC_r + file: src=/opt/IBM/xlC/13.1.3/bin/xlc_r dest=/usr/bin/xlC_r state=link + when: xlc.stat.islnk is not defined + tags: xlc + + - name: Symlink - /usr/bin/gxlC + file: src=/opt/IBM/xlC/13.1.3/bin/gxlC dest=/usr/bin/gxlC state=link + when: xlc.stat.islnk is not defined + tags: xlc + + ############### + # ant # + ############### + - stat: + path: /usr/bin/ant + register: ant + tags: ant + + - debug: + msg: "Ant installed, skipping download and installation" + when: ant.stat.islnk is defined + tags: ant + + - name: Download and extract ant + unarchive: + src: https://archive.apache.org/dist/ant/binaries/apache-ant-1.9.9-bin.zip + dest: /opt + remote_src: yes + when: ant.stat.islnk is not defined + tags: ant + + - name: Create symlink for ant + file: src=/opt/apache-ant-1.9.9/bin/ant dest=/usr/bin/ant state=link + when: ant.stat.islnk is not defined + tags: ant + + ############### + # ant-contrib # + ############### + - stat: + path: /opt/apache-ant-1.9.9/lib/ant-contrib.jar + register: antcontrib + tags: ant-contrib + + - debug: + msg: ant-contrib.jar installed, skipping download" + when: antcontrib.stat.exists == True + tags: ant-contrib + + - name: Download and extract ant-contrib + unarchive: + src: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.tar.gz + dest: /tmp/ + remote_src: yes + when: antcontrib.stat.exists == False + tags: ant-contrib + + - name: Move ant-contrib.jar to lib folder + command: mv /tmp/ant-contrib/lib/ant-contrib.jar /opt/apache-ant-1.9.9/lib/ + when: antcontrib.stat.exists == False + tags: ant-contrib + + - name: Clean ant-contrib tmp files + file: + path: "{{ item }}" + state: absent + with_items: + - /tmp/ant-contrib + - /tmp/ant-contrib-1.0b2-bin.tar.gz + tags: ant-contrib + + ######## + # cpan # + ######## + - name: Ensure memory limits for root are unlimited + shell: ulimit -m unlimited && ulimit -d unlimited + tags: cpan + + - name: Install Text::CSV + shell: | + CC=xlc_r cpan -i Text::CSV + tags: cpan + + ######################### + # Configure system logs # + ######################### + - name: Ensure /etc/syslog.conf entries are present + blockinfile: + backup: yes + dest: /etc/syslog.conf + block: | + *.debug;*.emerg;*.alert;*.crit;*.warning /var/log/messages rotate size 1000k files 4 + syslog.debug /var/log/syslog rotate size 1000k files 4 + *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages rotate size 1000k files 4 + tags: syslog + + - name: Ensure log files exist + file: + path: "{{ item }}" + state: touch + mode: 0644 + with_items: + - /var/log/syslog + - /var/adm/messages + - /var/log/messages + changed_when: False + tags: syslog + + - name: Reload syslogd + service: name=syslogd state=reloaded + changed_when: False + tags: syslog + + - name: Ensure full core files are enabled + command: chdev -l sys0 -a fullcore=true + changed_when: False + tags: syslog + + ###################################### + # Add bash to available login shells # + ###################################### + - replace: + path: /etc/security/login.cfg + regexp: 'shells = ' + replace: 'shells = /bin/bash,' + tags: login_shell + + - blockinfile: + dest: /etc/shells + block: | + /bin/bash + tags: login_shell + + - blockinfile: + dest: /etc/environment + block: | + AIXTHREAD_HRT=true + PKG_CONFIG_PATH=/opt/freeware/lib64/pkgconfig:/opt/freeware/lib/pkgconfig + tags: login_shell + + - replace: + path: /etc/environment + regexp: 'PATH=/usr/bin' + replace: 'PATH=/opt/freeware/bin:/opt/IBM/xlC/13.1.3/bin:/usr/bin' + tags: login_shell + + ################ + # Jenkins user # + ################ + - stat: + path: /home/{{ Jenkins_Username }} + register: jenkins + tags: jenkins_user + + - debug: + msg: "i{{ Jenkins_Username }} home directory found, skipping user creation tasks" + when: jenkins.stat.isdir is defined + tags: jenkins_user + + - name: Create jenkins user + shell: mkuser home="/home/{{ Jenkins_Username }}" shell="/bin/bash" {{ Jenkins_Username }} + ignore_errors: yes + when: jenkins.stat.isdir is not defined + tags: jenkins_user + + - name: Create SSH Key folder for {{ Jenkins_Username }} + file: + path: /home/{{ Jenkins_Username }}/.ssh + owner: "{{ Jenkins_Username }}" + group: staff + mode: 0700 + state: directory + when: jenkins.stat.isdir is not defined + tags: jenkins_user + + - name: Set authorized key for jenkins user + authorized_key: + user: "{{ Jenkins_Username }}" + state: present + key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" + when: jenkins.stat.isdir is not defined + tags: jenkins_user + + # Use the system defaults as defined in /etc/environment + - file: + state: absent + path: /home/{{ Jenkins_Username }}/.profile + + - name: Set user capabilites + shell: chuser capabilities=CAP_NUMA_ATTACH,CAP_BYPASS_RAC_VMM,CAP_PROPAGATE {{ Jenkins_Username }} + tags: jenkins_user + + + - name: Set group capabilites + shell: chgroup adms=root staff + tags: jenkins_user + + - name: ensure adequate limits are set in /etc/security/limits + command: chsec -f /etc/security/limits -s {{ Jenkins_Username }} -a {{ item }} + with_items: + - "fsize=-1" + - "core=-1" + - "cpu=-1" + - "data=262144" + - "rss=65536" + - "stack=65536" + - "core_hard=-1" + - "nofiles=-1" + - "nofiles_hard=-1" + changed_when: False + tags: jenkins_user + + ############## + # freemarker # + ############## + - stat: + path: /home/{{ Jenkins_Username }}/freemarker.jar + register: freemarker + tags: freemarker + + - debug: + msg: freemarker.jar found, skipping download" + when: freemarker.stat.exists == True + tags: freemarker + + - name: Download and extract freemarker.jar + unarchive: + src: https://sourceforge.net/projects/freemarker/files/freemarker/2.3.8/freemarker-2.3.8.tar.gz + dest: /tmp/ + remote_src: yes + owner: "{{ Jenkins_Username }}" + group: staff + mode: 0755 + when: freemarker.stat.exists == False + tags: freemarker + + - name: Move freemarker.jar to /home/{{ Jenkins_Username }} folder + command: mv /tmp/freemarker-2.3.8/lib/freemarker.jar /home/{{ Jenkins_Username }} + when: freemarker.stat.exists == False + tags: freemarker + + - name: Clean freemarker tmp files + file: + path: "{{ item }}" + state: absent + with_items: + - /tmp/freemarker-2.3.8 + - /tmp/freemarker-2.3.8.tar.gz + tags: freemarker + + ################## + # Nagios plugins # + ################## + - name: Include Nagios Playbook + include_tasks: nagios/nagios_aix.yml + when: Nagios_Plugins == "Enabled" + + ##################### + # superuser account # + ##################### + - name: Setup zeus user + shell: mkuser home="/home/zeus" shell="/usr/bin/ksh" zeus + ignore_errors: yes + when: Superuser_Account == "Enabled" + tags: superuser + + - name: Create SSH Key folder for zeus + file: + path: /home/zeus/.ssh + owner: zeus + group: staff + mode: 0700 + state: directory + when: Superuser_Account == "Enabled" + tags: superuser + + - name: Add key + authorized_key: + user: zeus + state: present + key: "{{ lookup('file', '/home/ubuntu/keys/zeus.key') }}" + when: Superuser_Account == "Enabled" + tags: superuser + + - name: Grant zeus sudo powers + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^zeus' + line: 'zeus ALL=(ALL) NOPASSWD: ALL' + when: Superuser_Account == "Enabled" + tags: superuser + + ################### + # NTP Time Server # + ################### + - name: ensure NTP daemon is enabled + replace: + dest: /etc/rc.tcpip + regexp: '^ *# *(start /usr/sbin/xntpd (.+)\n)' + replace: '\1' + tags: ntp + + - name: ensure NTP daemon is configured + copy: + content: | + server 1.pool.ntp.org + server 2.pool.ntp.org + server 3.pool.ntp.org + driftfile /etc/ntp.drift + tracefile /etc/ntp.trace + dest: /etc/ntp.conf + owner: root + group: system + mode: 0664 + tags: ntp + + - name: Stop NTP daemon + service: name=xntpd state=stopped + changed_when: False + tags: ntp + + - name: Start NTP daemon + service: name=xntpd state=started + changed_when: False + tags: ntp + + #################### + # Disable sendmail # + #################### + - name: ensure sendmail is stopped + service: name=sendmail state=stopped + tags: sendmail + + - name: ensure sendmail is disabled + replace: + dest: /etc/rc.tcpip + regexp: '^ *(start /usr/lib/sendmail (.+)\n)' + replace: '#\1' + tags: sendmail + + ############################ + # Enable full core support # + ############################ + - name: ensure full AIX core files are enabled + command: chdev -l sys0 -a fullcore=true + changed_when: False + tags: fullcore + + ##################### + # Enable swap space # + ##################### + - name: ensure swap space is of adequate size + shell: | + swap_line=$(lsps -a | tail -n 1) + curr_swap_size=$(echo $swap_line | awk '{print $4}' | awk -FM '{print $1}') + swap_lv=$(echo $swap_line | awk '{print $1}') + if [[ $curr_swap_size -lt {{swap_size}} ]] + then + echo "Extending swap LV..." + extendlv $swap_lv $(expr {{swap_size}} - $curr_swap_size)MB + fi + register: extendlv_result + changed_when: "'Extending' in extendlv_result.stdout" + notify: + - restart machine + tags: swap handlers: - name: restart machine diff --git a/ansible/playbooks/nagios/nagios_aix.yml b/ansible/playbooks/nagios/nagios_aix.yml index 245b7365c0..c84e5bee82 100644 --- a/ansible/playbooks/nagios/nagios_aix.yml +++ b/ansible/playbooks/nagios/nagios_aix.yml @@ -1,3 +1,4 @@ +--- #################################################################### # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on AIX # #################################################################### @@ -8,50 +9,50 @@ # For more information please see: https://www.nagios.com/legal/licenses/ # ########################################################################### - - debug: msg='Installing Nagios plugins' - ########## - # Layout # - ########## - - name: Creates Nagios folder - file: path=/usr/local/nagios/ state=directory mode=0755 - - file: path=/usr/local/nagios/libexec/ state=directory mode=0755 +- debug: msg='Installing Nagios plugins' +########## +# Layout # +########## +- name: Creates Nagios folder + file: path=/usr/local/nagios/ state=directory mode=0755 +- file: path=/usr/local/nagios/libexec/ state=directory mode=0755 - ################## - # Install Nagios # - ################## - - name: Transfer over Nagios Plugins - copy: - src: "{{ item }}" - dest: /usr/local/nagios/libexec/ - mode: 0755 - with_fileglob: - - /home/ubuntu/aix/nagios/* +################## +# Install Nagios # +################## +- name: Transfer over Nagios Plugins + copy: + src: "{{ item }}" + dest: /usr/local/nagios/libexec/ + mode: 0755 + with_fileglob: + - /home/ubuntu/aix/nagios/* - ############### - # Nagios user # - ############### - - name: Setup Nagios user - shell: mkuser home="/home/nagios" shell="/usr/bin/ksh" nagios - ignore_errors: yes +############### +# Nagios user # +############### +- name: Setup Nagios user + shell: mkuser home="/home/nagios" shell="/usr/bin/ksh" nagios + ignore_errors: yes - - name: Create SSH Key folder for Nagios - file: - path: /home/nagios/.ssh - owner: nagios - group: staff - mode: 0700 - state: directory +- name: Create SSH Key folder for Nagios + file: + path: /home/nagios/.ssh + owner: nagios + group: staff + mode: 0700 + state: directory - - name: Setup authorized_keys - file: - path: /home/nagios/.ssh/authorized_keys - owner: nagios - group: staff - mode: 0600 - state: touch +- name: Setup authorized_keys + file: + path: /home/nagios/.ssh/authorized_keys + owner: nagios + group: staff + mode: 0600 + state: touch - - name: Add key - authorized_key: - user: nagios - state: present - key: "{{ lookup('file', '/home/nagios/key/id_rsa.pub') }}" +- name: Add key + authorized_key: + user: nagios + state: present + key: "{{ lookup('file', '/home/nagios/key/id_rsa.pub') }}" diff --git a/ansible/playbooks/ubuntu-jck.yml b/ansible/playbooks/ubuntu-jck.yml index c1183570f7..17c6f8b514 100644 --- a/ansible/playbooks/ubuntu-jck.yml +++ b/ansible/playbooks/ubuntu-jck.yml @@ -1,3 +1,4 @@ +--- ############################################### # AdoptOpenJDK - Ansible JCK Playbook for: # # Ubuntu 16 on x86 (depends on openjdk-8-jre) # @@ -7,49 +8,49 @@ remote_user: root become: yes tasks: - - block: - - name: Load AdoptOpenJDKs variable file - include_vars: adoptopenjdk_variables.yml - - name: OS update -- apt-get upgrade - apt: upgrade=safe update_cache=yes - tags: patch_update - - name: Install JCK prerequisistes - apt: pkg={{ item }} state=latest - with_items: - - ant - - acl - - gcc - - gedit - - gnome-terminal - - git - - gv - - make - - unzip - - openjdk-8-jre - - printer-driver-cups-pdf - - vnc4server - - xvfb - - xterm - - name: Create Jenkins user - action: user name="{{ Jenkins_Username }}" state=present - ignore_errors: yes - tags: jenkins_user - - name: Set ssh key for jenkins user - authorized_key: - user: "{{ Jenkins_Username }}" - state: present - key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" - - name: Start virtual X display on :1 - shell: Xvfb :1 -screen 0 1280x1024x24 & - args: - creates: /tmp/.X1-lock - become: yes - become_user: jenkins - - name: Add cron job to check for updates - cron: name="Check for Updates every Sunday at 5am" - weekday="6" - minute="0" - hour="5" - user=root - job="/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade" - state=present + - block: + - name: Load AdoptOpenJDKs variable file + include_vars: adoptopenjdk_variables.yml + - name: OS update -- apt-get upgrade + apt: upgrade=safe update_cache=yes + tags: patch_update + - name: Install JCK prerequisistes + apt: pkg={{ item }} state=latest + with_items: + - ant + - acl + - gcc + - gedit + - gnome-terminal + - git + - gv + - make + - unzip + - openjdk-8-jre + - printer-driver-cups-pdf + - vnc4server + - xvfb + - xterm + - name: Create Jenkins user + action: user name="{{ Jenkins_Username }}" state=present + ignore_errors: yes + tags: jenkins_user + - name: Set ssh key for jenkins user + authorized_key: + user: "{{ Jenkins_Username }}" + state: present + key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" + - name: Start virtual X display on :1 + shell: Xvfb :1 -screen 0 1280x1024x24 & + args: + creates: /tmp/.X1-lock + become: yes + become_user: jenkins + - name: Add cron job to check for updates + cron: name="Check for Updates every Sunday at 5am" + weekday="6" + minute="0" + hour="5" + user=root + job="/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade" + state=present diff --git a/ansible/yamllint.yml b/ansible/yamllint.yml new file mode 100644 index 0000000000..a1dea16138 --- /dev/null +++ b/ansible/yamllint.yml @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 80 + level: warning diff --git a/yamllint.yml b/yamllint.yml new file mode 100644 index 0000000000..a1dea16138 --- /dev/null +++ b/yamllint.yml @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 80 + level: warning