lulzette/devops-shit
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Перенес+поправил ansible-base

Browse Source
This commit is contained in:
Lulzette
2021-08-19 22:27:27 +03:00
parent 2634b0cf81
commit 00dc20fe3c
17 changed files with 54 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/ansible-base/playbook.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- hosts: all
become: true
roles:
- packages
- configs

26
ansible/ansible-base/roles/configs/files/htoprc Normal file
View File

@@ -0,0 +1,26 @@
# Beware! This file is rewritten by htop when settings are changed in the interface.
# The parser is also very primitive, and not human-friendly.
fields=0 48 17 18 38 39 40 2 46 47 49 1
sort_key=46
sort_direction=1
hide_threads=1
hide_kernel_threads=1
hide_userland_threads=1
shadow_other_users=0
show_thread_names=0
show_program_path=1
highlight_base_name=0
highlight_megabytes=1
highlight_threads=1
tree_view=1
header_margin=1
detailed_cpu_time=0
cpu_count_from_zero=0
update_process_names=0
account_guest_in_cpu_meter=0
color_scheme=0
delay=15
left_meters=AllCPUs Memory Swap
left_meter_modes=1 1 1
right_meters=Tasks LoadAverage Uptime
right_meter_modes=2 2 2

143
ansible/ansible-base/roles/configs/files/mcrc Normal file
View File

@@ -0,0 +1,143 @@
[Midnight-Commander]
verbose=true
shell_patterns=true
auto_save_setup=true
preallocate_space=false
auto_menu=false
use_internal_view=true
use_internal_edit=false
clear_before_exec=true
confirm_delete=true
confirm_overwrite=true
confirm_execute=false
confirm_history_cleanup=true
confirm_exit=false
confirm_directory_hotlist_delete=false
confirm_view_dir=false
safe_delete=false
safe_overwrite=false
use_8th_bit_as_meta=false
mouse_move_pages_viewer=true
mouse_close_dialog=false
fast_refresh=false
drop_menus=false
wrap_mode=true
old_esc_mode=true
cd_symlinks=true
show_all_if_ambiguous=false
use_file_to_guess_type=true
alternate_plus_minus=false
only_leading_plus_minus=true
show_output_starts_shell=false
xtree_mode=false
file_op_compute_totals=true
classic_progressbar=true
use_netrc=true
ftpfs_always_use_proxy=false
ftpfs_use_passive_connections=true
ftpfs_use_passive_connections_over_proxy=false
ftpfs_use_unix_list_options=true
ftpfs_first_cd_then_ls=true
ignore_ftp_chattr_errors=true
editor_fill_tabs_with_spaces=false
editor_return_does_auto_indent=false
editor_backspace_through_tabs=false
editor_fake_half_tabs=true
editor_option_save_position=true
editor_option_auto_para_formatting=false
editor_option_typewriter_wrap=false
editor_edit_confirm_save=true
editor_syntax_highlighting=true
editor_persistent_selections=true
editor_drop_selection_on_copy=true
editor_cursor_beyond_eol=false
editor_cursor_after_inserted_block=false
editor_visible_tabs=true
editor_visible_spaces=true
editor_line_state=false
editor_simple_statusbar=false
editor_check_new_line=false
editor_show_right_margin=false
editor_group_undo=true
editor_state_full_filename=true
editor_ask_filename_before_edit=false
nice_rotating_dash=true
mcview_remember_file_position=false
auto_fill_mkdir_name=true
copymove_persistent_attr=true
pause_after_run=1
mouse_repeat_rate=100
double_click_speed=250
old_esc_mode_timeout=1000000
max_dirt_limit=10
num_history_items_recorded=60
vfs_timeout=60
ftpfs_directory_timeout=900
ftpfs_retry_seconds=30
fish_directory_timeout=900
editor_tab_spacing=8
editor_word_wrap_line_length=72
editor_option_save_mode=0
editor_backup_extension=~
editor_filesize_threshold=64M
editor_stop_format_chars=-+*\\,.;:&>
mcview_eof=
skin=modarcon16root-defbg-thin
[Layout]
output_lines=0
left_panel_size=118
top_panel_size=0
message_visible=true
keybar_visible=true
xterm_title=true
command_prompt=true
menubar_visible=true
free_space=true
horizontal_split=false
vertical_equal=true
horizontal_equal=true
[Misc]
timeformat_recent=%b %e %H:%M
timeformat_old=%b %e %Y
ftp_proxy_host=gate
ftpfs_password=anonymous@
display_codepage=UTF-8
source_codepage=Other_8_bit
autodetect_codeset=
spell_language=en
clipboard_store=
clipboard_paste=
[Colors]
base_color=
xterm-256color=
color_terminals=
[Panels]
show_mini_info=true
kilobyte_si=false
mix_all_files=false
show_backups=true
show_dot_files=true
fast_reload=false
fast_reload_msg_shown=false
mark_moves_down=true
reverse_files_only=true
auto_save_setup_panels=false
navigate_with_arrows=false
panel_scroll_pages=true
panel_scroll_center=false
mouse_move_pages=true
filetype_mode=true
permission_mode=false
torben_fj_mode=false
quick_search_mode=2
select_flags=6
[Panelize]
Find *.orig after patching=find . -name \\*.orig -print
Find SUID and SGID programs=find . \\( \\( -perm -04000 -a -perm /011 \\) -o \\( -perm -02000 -a -perm /01 \\) \\) -print
Find rejects after patching=find . -name \\*.rej -print
Modified git files=git ls-files --modified

11
ansible/ansible-base/roles/configs/files/screenrc Normal file
View File

@@ -0,0 +1,11 @@
startup_message off
# Disable visual bell
vbell off
# Set scrollback buffer to 10000
defscrollback 10000
hardstatus alwayslastline
hardstatus string '%{= kG}[ %{G}%H %{g} - %S ][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %d.%m %{W}%c %{g}]'

3
ansible/ansible-base/roles/configs/files/vimrc Normal file
View File

@@ -0,0 +1,3 @@
set mouse=
syntax on
colorscheme desert

32
ansible/ansible-base/roles/configs/tasks/main.yml Normal file
View File

@@ -0,0 +1,32 @@
---
- name: Put htop config
template:
src: files/htoprc
dest: /etc/htoprc
- name: Put mc config
template:
src: files/mcrc
dest: /etc/mc/mc.ini
- name: Put vim config
template:
src: files/vimrc
dest: /etc/vimrc
- name: Put screen config
template:
src: files/screenrc
dest: /etc/screenrc
- name: Check for OMB
stat:
path: "{{ ansible_user_dir }}/.oh-my-bash"
register: omb_flag
- debug:
msg: "OMB is not installed"
when: not omb_flag.stat.exists
# FIXME: logout from shell
- name: Install OMB
shell: bash -c "$(curl -fsSL https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh)"
when: not omb_flag.stat.exists

11
ansible/ansible-base/roles/packages/tasks/main.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: Install packages
apt:
name: "{{ item }}"
state: present
with_items:
- mc
- htop
- vim
- screen
when: ansible_facts['os_family'] == "Debian"

104
ansible/ansible-iptables-passthru/main.yml Normal file
View File

@@ -0,0 +1,104 @@
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/iptables_module.html
#
- hosts: myself
tasks:
- name: Pass http+https to 10.0.3.194 (PRE)
iptables:
chain: PREROUTING
table: nat
protocol: tcp
destination_port: '{{ item }}'
jump: DNAT
in_interface: ens3
to_destination: 10.0.3.194:{{ item }}
with_items: ['80', '443']
- name: Pass http+https to 10.0.3.194 (POST)
iptables:
chain: POSTROUTING
table: nat
protocol: tcp
destination_port: '{{ item }}'
destination: 10.0.3.194
jump: SNAT
out_interface: lxcbr0
to_source: 10.0.3.1
with_items: ['80', '443']
- name: Pass mail (25,143,465,993,587) to 10.0.3.141 (PRE)
iptables:
chain: PREROUTING
table: nat
protocol: tcp
destination_port: '{{ item }}'
jump: DNAT
in_interface: ens3
to_destination: 10.0.3.141:{{ item }}
with_items: [ '25', '143', '465', '993', '587' ]
- name: Pass mail (25,143,465,993,587) to 10.0.3.141 (POST)
iptables:
chain: POSTROUTING
table: nat
protocol: tcp
destination_port: '{{ item }}'
destination: 10.0.3.141
jump: SNAT
out_interface: lxcbr0
to_source: 10.0.3.1
with_items: [ '25', '143', '465', '993', '587' ]
- name: Pass dns+ovpn (53,1194) to 10.0.3.59 (PRE)
iptables:
chain: PREROUTING
table: nat
protocol: udp
destination_port: '{{ item }}'
jump: DNAT
in_interface: ens3
to_destination: 10.0.3.59:{{ item }}
with_items: [ '53', '1194' ]
- name: Pass dns+ovpn (53,1194) to 10.0.3.59 (POST)
iptables:
chain: POSTROUTING
table: nat
protocol: udp
destination_port: '{{ item }}'
destination: 10.0.3.59
jump: SNAT
out_interface: lxcbr0
to_source: 10.0.3.1
with_items: [ '53', '1194' ]
# - name: mount certs on mail container
# mount:
# path: /mnt/lxc/mail/etc/letsencrypt/
# src: /mnt/lxc/web/etc/letsencrypt/
# opts: ro, bind
# state: mounted
# fstype: none
# - name: mount BKPDisk on web container
# mount:
# path: /media/bkp/
# src: /mnt/lxc/web/BKPDisk/
# opts: ro, bind
# state: mounted
# fstype: none
# - name: mount certs on mail container
# shell: mount --bind -o ro /mnt/lxc/web/etc/letsencrypt/ /mnt/lxc/mail/etc/letsencrypt/
# - name: mount BKPDisk on web container
# shell: mount --bind /media/bkp/ /mnt/lxc/web/BKPDisk/
# iptables -t nat -A PREROUTING -i $EXT_IF -p tcp --dport $2 -j DNAT --to-destination $1:$2
# iptables -t nat -A POSTROUTING -o $BR_IF -p tcp --dport $2 -d $1 -j SNAT --to-source $BR_IP

78
ansible/drbd-ansible/global_common.conf Normal file
View File

@@ -0,0 +1,78 @@
# DRBD is the result of over a decade of development by LINBIT.
# In case you need professional services for DRBD or have
# feature requests visit http://www.linbit.com
global {
usage-count no;
# Decide what kind of udev symlinks you want for "implicit" volumes
# (those without explicit volume <vnr> {} block, implied vnr=0):
# /dev/drbd/by-resource/<resource>/<vnr> (explicit volumes)
# /dev/drbd/by-resource/<resource> (default for implict)
udev-always-use-vnr; # treat implicit the same as explicit volumes
# minor-count dialog-refresh disable-ip-verification
# cmd-timeout-short 5; cmd-timeout-medium 121; cmd-timeout-long 600;
}
common {
handlers {
# These are EXAMPLE handlers only.
# They may have severe implications,
# like hard resetting the node under certain circumstances.
# Be careful when choosing your poison.
# pri-on-incon-degr "/usr/lib/drbd/notify-pri-on-incon-degr.sh; /usr/lib/drbd/notify-emergency-reboot.sh; echo b > /proc/sysrq-trigger ; reboot -f";
# pri-lost-after-sb "/usr/lib/drbd/notify-pri-lost-after-sb.sh; /usr/lib/drbd/notify-emergency-reboot.sh; echo b > /proc/sysrq-trigger ; reboot -f";
# local-io-error "/usr/lib/drbd/notify-io-error.sh; /usr/lib/drbd/notify-emergency-shutdown.sh; echo o > /proc/sysrq-trigger ; halt -f";
# fence-peer "/usr/lib/drbd/crm-fence-peer.sh";
# split-brain "/usr/lib/drbd/notify-split-brain.sh root";
# out-of-sync "/usr/lib/drbd/notify-out-of-sync.sh root";
# before-resync-target "/usr/lib/drbd/snapshot-resync-target-lvm.sh -p 15 -- -c 16k";
# after-resync-target /usr/lib/drbd/unsnapshot-resync-target-lvm.sh;
# quorum-lost "/usr/lib/drbd/notify-quorum-lost.sh root";
}
startup {
# wfc-timeout degr-wfc-timeout outdated-wfc-timeout wait-after-sb
}
options {
# cpu-mask on-no-data-accessible
# RECOMMENDED for three or more storage nodes with DRBD 9:
# quorum majority;
# on-no-quorum suspend-io | io-error;
}
disk {
# size on-io-error fencing disk-barrier disk-flushes
# disk-drain md-flushes resync-rate resync-after al-extents
# c-plan-ahead c-delay-target c-fill-target c-max-rate
# c-min-rate disk-timeout
}
net {
# protocol timeout max-epoch-size max-buffers
# connect-int ping-int sndbuf-size rcvbuf-size ko-count
# allow-two-primaries cram-hmac-alg shared-secret after-sb-0pri
# after-sb-1pri after-sb-2pri always-asbp rr-conflict
# ping-timeout data-integrity-alg tcp-cork on-congestion
# congestion-fill congestion-extents csums-alg verify-alg
# use-rle
}
}
resource test {
on shit1 {
device /dev/drbd0;
disk /dev/vdb;
meta-disk internal;
address 192.168.100.121:7789;
}
on shit2 {
device /dev/drbd0;
disk /dev/vdb;
meta-disk internal;
address 192.168.100.122:7789;
}
}

17
ansible/drbd-ansible/playme.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- hosts: pg1
become: true
become_user: root
tasks:
- name: Install drbd-utils
apt:
name: drbd-utils
state: present
update_cache: yes
- name: Copy sudoers
template:
src: global_common.conf
dest: /etc/drbd.d/global_common.conf

119
ansible/gluster-ansible/bashrc Normal file
View File

@@ -0,0 +1,119 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# colored GCC warnings and errors
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
alias gluster='sudo gluster'

42
ansible/gluster-ansible/destroy.yml Normal file
View File

@@ -0,0 +1,42 @@
---
- hosts: playgrounds
become: true
become_user: root
tasks:
- name: Copy hosts
template:
src: hosts
dest: /etc/hosts
- name: Copy sudoers
template:
src: sudoers
dest: /etc/sudoers
# - name: stop gluster volume
# gluster.gluster.gluster_volume:
# state: absent
# name: gv0
- name: remove gluster volume
gluster.gluster.gluster_volume:
state: absent
name: gv0
bricks: /gl
force: yes
- name: stop glusterd
ansible.builtin.systemd:
name: glusterd.service
state: stopped
enabled: no
- name: remove glusterfs
apt:
name: glusterfs-server
state: absent
update_cache: yes

16
ansible/gluster-ansible/hosts Normal file
View File

@@ -0,0 +1,16 @@
127.0.0.1 localhost
127.0.1.1 shit
192.168.100.120 host
192.168.100.121 shit1
192.168.100.122 shit2
192.168.100.123 shit3
192.168.100.124 shit4
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

56
ansible/gluster-ansible/playme.yml Normal file
View File

@@ -0,0 +1,56 @@
---
- hosts: playgrounds
become: true
become_user: root
tasks:
- name: Copy hosts
template:
src: hosts
dest: /etc/hosts
- name: Copy sudoers
template:
src: sudoers
dest: /etc/sudoers
- name: Copy bashrc
template:
src: bashrc
dest: /home/losted/.bashrc
- name: Install glusterfs
apt:
name: glusterfs-server
state: present
update_cache: yes
- name: Start glusterd
ansible.builtin.systemd:
name: glusterd.service
state: started
enabled: yes
- name: create gluster volume
gluster.gluster.gluster_volume:
state: present
name: gv0
bricks: /gl
#replicas: 2
force: yes
cluster:
- shit1
- shit2
- shit3
- shit4
options:
performance.cache-size: 256MB
#run_once: true
# - name: Tune gluster
# gluster.gluster.gluster_volume:
# state: present
# name: gv0
- name: Start gluster volume
gluster.gluster.gluster_volume:
state: started
name: gv0

31
ansible/gluster-ansible/sudoers Normal file
View File

@@ -0,0 +1,31 @@
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
#%sudo ALL=(ALL:ALL) ALL
%sudo ALL=(ALL) NOPASSWD: ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d