Skip to content
Snippets Groups Projects
Commit 46a46294 authored by Chris Hines's avatar Chris Hines
Browse files

move all changes to repository settings into a single role

parent ebe9a651
No related branches found
No related tags found
1 merge request!24Sshknownhosts
......@@ -3,8 +3,3 @@
apt: update_cache=True
sudo: true
when: ansible_os_family=="Debian"
- name: apt-get upgrade
apt: upgrade=safe
sudo: true
when: ansible_os_family=="Debian"
---
# this repository was broken on some CentOS images. Remove it.
- name: Removing the RDO repository
file: path=/etc/yum.repos.d/rdo-release.repo state=absent
sudo: true
- name: add gluster repo
copy: src=glusterfs-epel.repo dest=/etc/yum.repos.d/glusterfs-epel.repo
sudo: true
when: ansible_os_family == 'RedHat'
- name: add epel on CentOS 7
shell: rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
sudo: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
ignore_errors: true
- name: Install epel-release
yum: name=epel-release-7-5.noarch state=present
sudo: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
#- name: Enable epel
# command: yum-config-manager --enable epel
# sudo: true
# when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
# Use mate DE on systems that have moved to gnome3, since there is no gpu acceleration by default on NeCTAR openstack
# Trusty (Ubuntu 14.04 LTS) needs repos added. Wheezy (Debian Stable) gets mate from backports, Utopic (Ubuntu 14.10) Jessie (Debian testing) and Sid (Debian unstable) get it by default
- name: add repos apt
shell: "add-apt-repository -y ppa:ubuntu-mate-dev/ppa"
sudo: true
when: ansible_distribution_release == 'trusty'
- name: add repos apt
shell: "add-apt-repository -y ppa:ubuntu-mate-dev/trusty-mate"
sudo: true
when: ansible_distribution_release == 'trusty'
- name: add repos apt
shell: "add-apt-repository -y ppa:gluster/glusterfs-3.7"
sudo: true
when: ansible_distribution == 'Ubuntu'
- name: apt-get update
apt: update_cache=True
sudo: true
when: ansible_os_family=="Debian"
---
- name: add repo
copy: src=glusterfs-epel.repo dest=/etc/yum.repos.d/glusterfs-epel.repo
sudo: true
when: ansible_os_family == 'RedHat'
- name: install gluster
yum: name={{ item }} state='latest'
when: ansible_os_family == 'RedHat'
......
---
- include_vars: "{{ ansible_os_family }}.yml"
- name: add epel on CentOS 7
shell: rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
sudo: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
ignore_errors: true
#- name: add epel on CentOS 7
# shell: yum -y update
# sudo: true
# when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
- name: Install epel-release
yum: name=epel-release-7-5.noarch state=present
sudo: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
- name: Enable epel
command: yum-config-manager --enable epel
sudo: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
- name: install lua
yum: name={{ item }} state=installed
with_items:
......
- name: "Templating /etc/ssh/known_hosts"
template: src=known_hosts.j2 dest=/etc/ssh/ssh_known_hosts owner=root group=root mode=644
sudo: true
register: sshknownhost
- name: encrypt the hosts file
shell: ssh-keygen -H -f /etc/ssh/ssh_known_hosts
sudo: true
when: sshknownhost.changed
- name: set read permissions
file: path=/etc/ssh/ssh_known_hosts owner=root group=root mode=644 state=file
sudo: true
- name: delete ssh_known_hosts.old
file: path=/etc/ssh/ssh_known_hosts.old state=absent
sudo: true
{% set nodelist = [] %}
{% for node in groups['all'] %}
{% for interface in hostvars[node]['ansible_interfaces'] %}
{% if interface != "lo" %}
{% if hostvars[node]['ansible_ssh_host_key_rsa_public'] %}
{% set host = {'name': node, 'ip': hostvars[node]['ansible_'+interface]['ipv4']['address'], 'keytype':'ssh-rsa', 'key': hostvars[node]['ansible_ssh_host_key_rsa_public']} %}
{% if nodelist.append(host) %}
{% endif %}
{% endif %}
{% if 'ansible_ssh_host_key_ecdsa_public' in hostvars[node] and hostvars[node]['ansible_ssh_host_key_ecdsa_public'] %}
{% set host = {'name': node, 'ip': hostvars[node]['ansible_'+interface]['ipv4']['address'], 'keytype':'ecdsa-sha2-nistp256', 'key': hostvars[node]['ansible_ssh_host_key_ecdsa_public']} %}
{% if nodelist.append(host) %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% for host in nodelist %}
{{ host.ip }} {{ host.keytype }} {{ host.key }}
{{ host.name }} {{ host.keytype }} {{ host.key }}
{% endfor %}
---
- name: apt-get upgrade
apt: upgrade=safe
sudo: true
when: ansible_os_family=="Debian"
- name: yum upgrade
yum: name=* state=latest
become: true
become_user: root
when: ansible_os_family=="RedHat"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment