ansible init

2020-09-27 20:24:51 +02:00
parent 991a221b20
commit 9df47229c7
7 changed files with 93 additions and 45 deletions
--- a/.ansible/inventory
+++ b/.ansible/inventory
@@ -0,0 +1,10 @@
+[all:vars]
+ansible_user='debian'
+ansible_become=yes
+ansible_become_method=sudo
+ansible_python_interpreter='/usr/bin/env python3'
+project='CyfroweAukcje'
+main_packages="vim, vim-common, curl, wget"
+
+[servers]
+# example1 ansible_host=ip ansible_port=65522
--- a/.ansible/playbook.yml
+++ b/.ansible/playbook.yml
@@ -0,0 +1,39 @@
+---
+- name: System preconfiguration
+  hosts: all
+  tasks:
+    - name: Prepare motd
+      template:
+        src: templates/motd.jinja
+        dest: /etc/motd
+    - name: Trusted ca
+      template:
+        src: templates/trusted-user-ca-keys.pem
+        dest: /etc/ssh/trusted-user-ca-keys.pem
+    - name: Configure sshd
+      template:
+        src: templates/sshd_config
+        dest: /etc/ssh/sshd_config
+    - name: Restart sshd service
+      systemd: 
+        name: sshd
+        state: reloaded
+
+- name: Upgrade system
+  hosts: all
+  tasks:
+    - name: Update apt-get repo and cache
+      apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+    - name: Upgrade all apt packages
+      apt: upgrade=dist force_apt_get=yes
+    - name: Remove dependencies that are no longer required
+      apt:
+        autoremove: yes
+
+- name: Install my packages
+  hosts: all
+  tasks:
+    - name: Install main packages
+      apt:
+        name: "{{ main_packages }}"
+        state: present
--- a/.ansible/templates/motd.jinja
+++ b/.ansible/templates/motd.jinja
@@ -0,0 +1,14 @@
+               _____
+              /     \
+              vvvvvvv  /|__/|
+                 I   /O,O   |
+                 I /_____   |      /|/|
+                J|/^ ^ ^ \  |    /00  |    _//|
+                 |^ ^ ^ ^ |W|   |/^^\ |   /oo |
+                  \m___m__|_|    \m_m_|   \mm_|
+
+======================================:  cynarski.dev
+
+Development by ansible for {{project}}
+
+====================================================:
--- a/.ansible/templates/sshd_config
+++ b/.ansible/templates/sshd_config
@@ -0,0 +1,9 @@
+Port 65522
+PasswordAuthentication no
+ChallengeResponseAuthentication yes
+UsePAM yes
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
--- a/.ansible/templates/trusted-user-ca-keys.pem
+++ b/.ansible/templates/trusted-user-ca-keys.pem
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCazcKMgWAnC5ignX4kt1gjVmZ/L0Sl+SYVn7UIIIydwFdmnlpEjzC4leZegSHTgb8VmhPGFzsM6wLw7zNr2cW2J32q4RtScaez1lU6+fApX3SNWu5kUPsuraNWoQTbWjEQKRyHae8B/F2L8lsirRflgIe9qtUMVFAZBJppsKIjPMACGCTo++Dp+VJT7pseXyx7BEHee582xZi1SJVvlDFsPaWJja/aEhJZSlryBRGF/1tkRsOG98XID0jaNKcBDPN199ZKsrZDG18Sw33GG7qaVMQubMJrJ7uTD1wzgFRBqcU4/XC4HLpD+2klrel67lAphuCqQVWpmTuZwEVlieexywsMrYliV7X+aMBVE5lC0z7oi/f1slV1XAAc4VpCF1yQS5VuCJmaXNYFMSp9GNPLU1pIW5hmBanfVRDk1m6UIyK7rlA15jtb8A/cRexAvcmmPG7tyzWFh3hTrsNpYxUEvcqbg2MFnbDRmpyfQ+Qd/nybIuyGhoviTzxRUeH+NNm4Zss8eZoR0SS//QL1wQjKhpQ5v75gHALrPoISsA/mWVI3wkMbCCdZekwLuqzmuKp9UmlNYTWuHK/+GJLrK7mOMHf/EzMEQ0rNzp4l/7/quoxFwjvPecUg1tr6L9KaFWLUUPeA2yLQccn9hoiKczLElXlt+gVksye5JPUbUFfkKQ==
--- a/.drone.yml
+++ b/.drone.yml
@@ -2,34 +2,28 @@ kind: pipeline
 name: default

 steps:
- name: terratest
-  image: plugins/docker
+- name: check ansible syntax
+  image: paramah/drone-ansible
  settings:
-    username:
-      from_secret: hub_username
-    password:
-      from_secret: hub_password
-    repo:
-      from_secret: hub_repo
-    tags: latest
+    playbook: .ansible/playbook.yml
+    inventory: .ansible/inventory
+    syntax_check: true
  when:
-    branch:
-      - master
+    event:
+    - pull_request
+    - push

- name: notify
-  image: appleboy/drone-telegram
+- name: apply ansible playbook
+  image: paramah/drone-ansible
+  environment:
+    ANSIBLE_STRATEGY_PLUGINS: /usr/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy
+    ANSIBLE_STRATEGY: mitogen_linear
  settings:
-    token:
-      from_secret: telegram_bot_token
-    to:
-      from_secret: telegram_group_id
-    message: >
-      {{#success build.status}}
-        build {{build.link}} triggerd by {{commit.link}} from {{commit.author}} succeeded
-      {{else}}
-        build {{build.link}} triggerd by {{commit.link}} from {{commit.author}} failed
-      {{/success}}
+    playbook: .ansible/playbook.yml
+    inventory: .ansible/inventory
+    private_key:
+      from_secret: ansible_private_key
+    verbose: 1
  when:
-    status:
-      - success
-      - failure
+    event:
+    - tag
--- a/TERRATEST_DEPLOY.md
+++ b/TERRATEST_DEPLOY.md
@@ -1,19 +0,0 @@
-# Drone docker deploy
-
-## Użycie
-
-```
-cat ${args[0]} |awk -F\= '{system("drone secret add --repository='${args[1]}' --name="$1 "  --data="$2)}'
-```
-
-Wymagane zmienne:
-
-```
-hub_username=
-hub_password=
-hub_repo=
-telegram_bot_token=
-telegram_group_id=
-```
-
-
				`@@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCazcKMgWAnC5ignX4kt1gjVmZ/L0Sl+SYVn7UIIIydwFdmnlpEjzC4leZegSHTgb8VmhPGFzsM6wLw7zNr2cW2J32q4RtScaez1lU6+fApX3SNWu5kUPsuraNWoQTbWjEQKRyHae8B/F2L8lsirRflgIe9qtUMVFAZBJppsKIjPMACGCTo++Dp+VJT7pseXyx7BEHee582xZi1SJVvlDFsPaWJja/aEhJZSlryBRGF/1tkRsOG98XID0jaNKcBDPN199ZKsrZDG18Sw33GG7qaVMQubMJrJ7uTD1wzgFRBqcU4/XC4HLpD+2klrel67lAphuCqQVWpmTuZwEVlieexywsMrYliV7X+aMBVE5lC0z7oi/f1slV1XAAc4VpCF1yQS5VuCJmaXNYFMSp9GNPLU1pIW5hmBanfVRDk1m6UIyK7rlA15jtb8A/cRexAvcmmPG7tyzWFh3hTrsNpYxUEvcqbg2MFnbDRmpyfQ+Qd/nybIuyGhoviTzxRUeH+NNm4Zss8eZoR0SS//QL1wQjKhpQ5v75gHALrPoISsA/mWVI3wkMbCCdZekwLuqzmuKp9UmlNYTWuHK/+GJLrK7mOMHf/EzMEQ0rNzp4l/7/quoxFwjvPecUg1tr6L9KaFWLUUPeA2yLQccn9hoiKczLElXlt+gVksye5JPUbUFfkKQ==