diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 22ee4f7..e794c58 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,5 +1,3 @@ - - --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks @@ -33,3 +31,5 @@ repos: files: \.(yaml|yml)$ types: [file, yaml] entry: yamllint + +exclude: '^ansible/playbooks/files/lxc_install_dnf.yml$' diff --git a/ansible/playbooks/files/lxc_install_dnf.yml b/ansible/playbooks/files/lxc_install_dnf.yml new file mode 100644 index 0000000..b3bfb6d --- /dev/null +++ b/ansible/playbooks/files/lxc_install_dnf.yml @@ -0,0 +1,105 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure createrepo package is installed + yum: + name: createrepo + state: present + +- name: Deploy upstream COPR yum repo for lxc 3 + yum_repository: + name: thm-lxc3.0 + description: "Copr repo for lxc3.0 owned by thm" + baseurl: "{{ lxc_centos_package_baseurl }}" + enabled: yes + gpgcheck: yes + gpgkey: "{{ lxc_centos_package_key }}" + repo_gpgcheck: no + state: present + +- name: Enable PowerTools repo + # NB: doesn't run command `dnf config-manager --set-enabled PowerTools` as can't make that idempotent + lineinfile: + path: /etc/yum.repos.d/Rocky-PowerTools.repo + create: false # so raise error if not already installed + regexp: enabled= + line: enabled=1 + when: ansible_distribution_major_version == "8" + +- name: Add GPG key for COPR LXC repo + rpm_key: + key: "{{ lxc_centos_package_key }}" + state: present + register: add_keys + until: add_keys is success + retries: 5 + delay: 2 + + +- name: Download EPEL gpg keys + get_url: + url: "{{ lxc_centos_epel_key }}" + dest: /etc/pki/rpm-gpg + register: _get_yum_keys + until: _get_yum_keys is success + retries: 5 + delay: 2 + +- name: Install EPEL gpg keys + rpm_key: + key: "/etc/pki/rpm-gpg/{{ lxc_centos_epel_key.split('/')[-1] }}" + state: present + +- name: Install the EPEL repository - Centos-8 + yum_repository: + name: epel-lxc_hosts + baseurl: "{{ lxc_centos_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ '/Everything/' ~ ansible_facts['architecture'] }}" + description: "Extra Packages for Enterprise Linux {{ ansible_facts['distribution_major_version'] }} - $basearch" + gpgcheck: yes + gpgkey: "file:///etc/pki/rpm-gpg/{{ lxc_centos_epel_key.split('/')[-1] }}" + enabled: yes + state: present + includepkgs: "aria2 systemd-networkd" + register: install_epel_repo + until: install_epel_repo is success + retries: 5 + delay: 2 + +- name: Install distro packages + package: + pkg: "{{ lxc_hosts_distro_packages }}" + state: "{{ lxc_hosts_package_state }}" + register: install_packages + until: install_packages is success + retries: 5 + delay: 2 + tags: + - lxc-packages + +- name: Remove sub system lock if found + file: + path: "/var/lock/subsys/lxc" + state: "absent" + owner: "root" + group: "root" + tags: + - lxc-directories + +- name: Enable lxc service + service: + name: lxc + enabled: "yes" + tags: + - lxc_hosts-config diff --git a/ansible/playbooks/role-infra-host.yml b/ansible/playbooks/role-infra-host.yml index 9f67c89..ffe8d4e 100644 --- a/ansible/playbooks/role-infra-host.yml +++ b/ansible/playbooks/role-infra-host.yml @@ -106,6 +106,15 @@ - user_galera tags: config + - name: fuck my entire life + ansible.builtin.copy: + src: "files/{{ item }}.yml" + dest: /etc/ansible/roles/lxc_hosts/tasks/ + mode: '0644' + with_items: + - lxc_install_dnf + tags: config + - name: Disable SSH Agent Forwarding lineinfile: dest: /etc/ssh/sshd_config