after-lidl cleanup

f8854a06 · Christian Blechert · e4747bda · f8854a06 · f8854a06 · f8854a06
Commit f8854a06 authored Apr 29, 2019 by Christian Blechert
6 changed files
--- a/hosts.yml
+++ b/hosts.yml
@@ -10,5 +10,7 @@ all:
                    common_user_selection: [ 'kai' ]
                172.23.17.231:
                    hostname: docker
+                172.23.17.233:
+                    hostname: gameserver

 # EOF
--- a/play-defaults.yml
+++ b/play-defaults.yml
@@ -4,16 +4,13 @@
    name: Apply default settings to lidl systems
    hosts: all
    
-    vars: {}
-
-    tasks:
-
-# lidl
- 
-    name: Apply default settings to lidl systems
-    hosts: all
-    
-    vars: {}
+    vars:
+        cmk_path_agentdebfile: "../../pkg-debian/check-mk-agent_1.5.0p7-1_all.deb"
+        cmk_path_inventoryplugin: "../../pkg-debian/mk_inventory"
+        cmk_path_aptplugin: "../../pkg-debian/mk_apt"
+        cmk_path_checkrebootscript: "../../pkg-debian/check_reboot.sh"
+        cmk_servicehost: "moni.management.daskn.de"
+        cmk_defaultacl: "172.23.8.0/24 172.23.19.0/24 127.0.0.1"

    tasks:

@@ -138,3 +135,9 @@
                - /home/ekbadmin/.vimrc
            tags:
                - config
+
+        -
+            import_role:
+                name: checkmk
+            tags:
+                - checkmk
--- a/play-docker.yml
+++ b/play-docker.yml
@@ -7,6 +7,7 @@
    vars:
        datadir: "/media/containerdata"
        containernetname: "julievents"
+        containerinternalnetwork: "julieventsinternal"
        containerregistry: "registry.git.nerdbridge.de"

    tasks:
@@ -165,6 +166,14 @@
                - containers
                - dockernetwork

+        -
+            name: Add JuLi event internal network
+            docker_network:
+                name: "{{containerinternalnetwork}}"
+            tags:
+                - containers
+                - dockernetwork
+
        - 
            name: Log into private registry
            docker_login:
@@ -257,6 +266,42 @@
                - containers
                - mumble

+        -
+            name: Create MariaDB container
+            block:
+                - 
+                    name: Create container data directory
+                    file:
+                        path: "{{containerdir}}"
+                        state: directory
+                -
+                    name: Create MariaDB container
+                    docker_container:
+                        name: "{{containername}}"
+                        hostname: "{{containername}}"
+                        image: "{{containerimage}}"
+                        restart: no
+                        detach: yes
+                        recreate: no
+                        pull: no
+                        restart_policy: "unless-stopped"
+                        state: started
+                        purge_networks: yes
+                        env:
+                            MYSQL_ROOT_PASSWORD: "{{common_users.mariadb.petze.password}}"
+                        networks:
+                            -
+                                name: "{{containerinternalnetwork}}"
+                        volumes:
+                            - "{{containerdir}}:/var/lib/mysql"
+            vars:
+                containername: lidl-mariadb-petze
+                containerdir: "{{datadir}}/{{containername}}"
+                containerimage: "mariadb:latest"
+            tags:
+                - containers
+                - mariadb
+

        #
        # -> Cleanup after container creation

--- a/play-fileserver.yml
+++ b/play-fileserver.yml
@@ -42,6 +42,8 @@
            group:
                name: "{{item.name}}"
            loop: "{{sharegroups}}"
+            tags:
+                - fs

        -
            name: Map access group members
@@ -52,6 +54,8 @@
            with_subelements:
                - "{{sharegroups}}"
                - members
+            tags:
+                - fs

        -
            name: Create share folders
@@ -62,6 +66,8 @@
                mode: "{{item.mode}}"
                state: directory
            loop: "{{shares}}"
+            tags:
+                - fs

        -
            name: Create readme files
@@ -72,12 +78,16 @@
                group: root
                mode: "u=rw,go=r"
            loop: "{{shares}}"
+            tags:
+                - fs

        -
            name: Install samba
            package:
                name: samba
                state: present
+            tags:
+                - smb

        -
            name: Configure samba
@@ -89,12 +99,13 @@
                    [global]
                    server string = LidL fileserver
                    workgroup = WORKGROUP
-                    wins support = no
+                    wins support = yes
                    dns proxy = no
                    log file = /var/log/samba/log.%m
                    max log size = 1000
                    syslog = 0
                    panic action = /usr/share/samba/panic-action %d
+                    netbios name = lanfiles

                    ####### Authentication #######
                    server role = standalone server
@@ -105,24 +116,12 @@
                    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
                    pam password change = yes

+                    restrict anonymous = 0
                    security = user
-                    map to guest = bad user
+                    map to guest = Bad User
+                    guest ok = yes
                    guest account = nobody
-
                    browse list = yes
-                    invalid users = root ekbadmin
-
-                    ####### Share defaults #######
-
-                    [template]
-                    available = yes
-                    browseable = yes
-                    read only = yes
-                    writable = no
-                    guest ok = yes
-                    case sensitive = no
-                    hide dot files = yes
-

                    ####### Shares #######
                    [media]
@@ -137,7 +136,6 @@
                    hide dot files = yes

                    [tausch]
-                    copy = template
                    path = /media/data/shares/tausch
                    comment = Tauschverzeichnis
                    read only = no
@@ -152,6 +150,8 @@
                    force user = nobody
                    force group = share_tausch
            register: smb_conf
+            tags:
+                - smb
        
        -
            name: Restart samba
@@ -159,6 +159,8 @@
                name: smbd
                state: restarted
            when: smb_conf.changed
+            tags:
+                - smb

        -
            name: Install nginx
@@ -168,6 +170,8 @@
            loop:
                - nginx-full
                - libnginx-mod-http-fancyindex
+            tags:
+                - web

        -
            name: Install fancy index template
@@ -303,7 +307,8 @@
                            </html>
                            <!--# endblock -->
                            <!--# include virtual="$request_uri/.directory_footer.html" stub="default_footer" -->
-            tags: indextpl
+            tags:
+                - web

        -
            name: Configure nginx
@@ -353,6 +358,8 @@
                        }
                    }
            register: nginxconf
+            tags:
+                - web

        -
            name: Restart nginx
@@ -360,5 +367,7 @@
                name: nginx
                state: restarted
            when: nginxconf.changed
+            tags:
+                - web

 # EOF
\ No newline at end of file
--- a/play-lancache.yml
+++ b/play-lancache.yml
--- a/play-old-lancache.yml
+++ b/play-old-lancache.yml
+---
+
+###
+# 
+# Ansible Playbook to bootstrap a steamcache environment
+# by Christian Blechert <christian@anysrc.net> (2018-11-07)
+#
+# - prepare directories
+# - install cache docker container
+# - install dns docker container
+# - install sni proxy docker container
+#
+# https://github.com/uklans/cache-domains
+# https://github.com/steamcache/steamcache-dns
+# https://github.com/steamcache/generic
+#
+##
+
+- 
+    name: Setup docker containers
+    hosts: 172.23.17.240
+    become: yes
+    become_method: sudo
+    become_user: root
+    remote_user: ekbadmin
+
+    vars:
+        # basefolder for the cache data
+        basedir: "/mnt/lanfiles"
+
+        # prefix for all containernames
+        containerprefix: cache-
+
+        # name of the cache container image
+        cacheimage: steamcache/generic:latest
+
+        # environment variables for the cache containers
+        cachedefaultmemsize: 500m
+        cachedefaultdisksize: 500000m
+        cachedefaultmaxage: 3650d
+
+        # name of the sni proxy container
+        snicontainername: sniproxy
+
+        # name of the sni proxy container image
+        sniproxyimage: steamcache/sniproxy:latest
+
+        # name of the dns container
+        dnscontainername: dns
+
+        # name of the dns container image
+        dnsimage: steamcache/steamcache-dns:latest
+
+        # bind ip address for the dns service
+        dnsbindip: 172.23.17.240
+
+        # upstream dns server
+        dnsupstreamip: 172.23.17.254
+
+        # cache container definitions
+        caches:
+            -
+                # container and directory name
+                name: arenanet
+                # container ip address
+                bindip: 172.23.17.241
+                # environment variable name for dns server config
+                envname: ARENANET
+                disksize: 200000m
+            -
+                name: blizzard
+                bindip: 172.23.17.242
+                envname: BLIZZARD
+                disksize: 200000m
+            -
+                name: minecraft
+                bindip: 172.23.17.243
+                envname: MINECRAFT
+                disksize: 200000m
+            -
+                name: origin
+                bindip: 172.23.17.244
+                envname: ORIGIN
+                disksize: 500000m
+            -
+                name: riot
+                bindip: 172.23.17.245
+                envname: RIOT
+                disksize: 200000m
+            -
+                name: rockstar
+                bindip: 172.23.17.246
+                envname: ROCKSTAR
+                disksize: 200000m
+            -
+                name: sony
+                bindip: 172.23.17.247
+                envname: SONY
+                disksize: 200000m
+            -
+                name: steam
+                bindip: 172.23.17.248
+                envname: STEAM
+                disksize: 500000m
+            -
+                name: uplay
+                bindip: 172.23.17.249
+                envname: UPLAY
+                disksize: 500000m
+            -
+                name: wargaming
+                bindip: 172.23.17.250
+                envname: WARGAMING
+                disksize: 200000m
+            -
+                name: wsus
+                bindip: 172.23.17.251
+                envname: WSUS
+                disksize: 200000m
+
+    tasks:
+
+        #-> Dependencies
+        - 
+            name: install pip
+            package:
+                name: python-pip
+                state: present
+
+        -
+            name: install docker python lib
+            pip:
+                name: docker
+                state: latest
+
+        #-> Directories
+
+        -
+            name: Create data and log directories
+            file:
+                path: "{{basedir}}/{{item[0].name}}/{{item[1]}}"
+                mode: "ug=rwx,o=rwx"
+                state: directory
+            with_nested: 
+                - "{{caches}}"
+                - [ 'data', 'logs' ]
+            tags:
+                - fs
+
+        #-> Cache Services
+
+        -
+            name: Delete cache containers
+            docker_container:
+                name: "{{containerprefix}}{{item.name}}"
+                state: absent
+            loop: "{{caches}}"
+            tags:
+                - caches
+                - killall
+                - killcaches
+
+        -
+            name: Create cache containers
+            docker_container:
+                name: "{{containerprefix}}{{item.name}}"
+                image: "{{cacheimage}}"
+                state: started
+                restart_policy: always
+                volumes:
+                    - "{{basedir}}/{{item.name}}/data:/data/cache"
+                    - "{{basedir}}/{{item.name}}/logs:/data/logs"
+                ports:
+                    - "{{item.bindip}}:80:80"
+                env:
+                    CACHE_MEM_SIZE: "{{item.memsize|default(cachedefaultmemsize)}}"
+                    CACHE_DISK_SIZE: "{{item.disksize|default(cachedefaultdisksize)}}"
+                    CACHE_MAX_AGE: "{{item.maxage|default(cachedefaultmaxage)}}"
+
+            loop: "{{caches}}"
+            tags:
+                - caches
+                - createcaches
+
+        #-> SNI Proxy
+
+        -
+            name: Create environment variables for sni proxy binding
+            set_fact:
+                sniproxyports: "{{ (sniproxyports|default([])) + [ item.bindip+':443:443' ] }}"
+            loop: "{{caches}}"
+            tags:
+                - sni
+                - info
+
+        - 
+            name: "Show bindings for SNI Proxy container"
+            debug:
+                var: sniproxyports
+            tags:
+                - sni
+                - info
+
+        -
+            name: Delete the SNI proxy for TLS connections
+            docker_container:
+                name: "{{containerprefix}}{{snicontainername}}"
+                state: absent
+            tags:
+                - sni
+                - killall
+                - killsni
+
+        -
+            name: Create the SNI proxy for TLS connections
+            docker_container:
+                name: "{{containerprefix}}{{snicontainername}}"
+                image: "{{sniproxyimage}}"
+                state: started
+                restart_policy: always
+                ports: "{{sniproxyports}}"
+            tags:
+                - sni
+
+        #-> DNS
+
+        -
+            name: Create environment variables for dns container
+            set_fact:
+                dnsenv: "{{ (dnsenv|default({})) | combine({ item.envname+'CACHE_IP': item.bindip }) }}"
+            loop: "{{caches}}"
+            tags:
+                - dns
+                - info
+
+        -
+            name: Append upstream ip
+            set_fact:
+                dnsenv: "{{ dnsenv | combine({ 'UPSTREAM_DNS': dnsupstreamip }) }}"
+            tags:
+                - dns
+                - info
+
+        - 
+            name: "Show envitonment settings for dns container"
+            debug:
+                var: dnsenv
+            tags:
+                - dns
+                - info
+
+        -
+            name: Delete dns container
+            docker_container:
+                name: "{{containerprefix}}{{dnscontainername}}"
+                state: absent
+            tags:
+                - dns
+                - killall
+                - killdns
+
+        -
+            name: Create dns container
+            docker_container:
+                name: "{{containerprefix}}{{dnscontainername}}"
+                image: "{{dnsimage}}"
+                state: started
+                restart_policy: always
+                ports:
+                    - "{{dnsbindip}}:53:53/udp"
+                env: "{{dnsenv}}"
+            tags:
+                - dns
+
+        #-> Show running docker containers
+
+        - 
+            name: Fetch docker status
+            raw: docker ps -a
+            register: script
+            tags:
+                - info
+
+        - 
+            name: Echo docker status
+            debug: msg="{{ script.stdout.split('\n') }}"
+            when: script is defined and script is succeeded
+            tags:
+                - info
+