updates

djdanielsson · Mar 31, 2024 · 477309f · 477309f
1 parent 5cf1ead
commit 477309f
Show file tree

Hide file tree

Showing 12 changed files with 38 additions and 10 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -130,4 +130,4 @@ task_name_prefix: "{stem} | "
 
 # Limit the depth of the nested blocks:
 # max_block_depth: 20
-...
+...
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.vscode
diff --git a/README.md b/README.md
@@ -1,5 +1,9 @@
 # Lab build
 
+```console
+ansible-playbook -i inventory/inventory playbooks/revert_aap.yml --ask-vault-pass -k -u root
+```
+
 stuff to install silverblue
 
 ```console

diff --git a/collections/requirements.yml b/collections/requirements.yml
@@ -8,5 +8,9 @@ collections:
   - name: community.esxi
     type: git
     source: https://github.com/djdanielsson/ansible-esxi.git
+  - name: k3s.orchestration
+    type: git
+    source: https://github.com/k3s-io/k3s-ansible.git
   - name: redhat.satellite_operations
+  # - name: community.zabbix
 ...
diff --git a/inventory/esxi.yml b/inventory/esxi.yml
@@ -1,3 +1,4 @@
+---
 plugin: community.esxi.esxi_inventory
 hostname: '192.168.1.229'
 username: 'root'
@@ -6,3 +7,4 @@ group_by:
   - guestid
   - geststate
   - notes
+...
diff --git a/playbooks/revert_aap.yml b/playbooks/revert_aap.yml
@@ -5,7 +5,7 @@
   tasks:
     - name: Run vmware role
       ansible.builtin.include_role:
-        name: snapshot_rollback
+        name: esxi_snapshot_rollback
       loop: "{{ vm_list }}"
       vars:
         revert_2_snapshot: true

diff --git a/roles/docker_ubuntu/tasks/main.yml b/roles/docker_ubuntu/tasks/main.yml
@@ -32,7 +32,7 @@
 
     # It seems to need whatever the gpg --dearmor -o does so cannot use get_url suppressing warning
     - name: Download gpg key
-      ansible.builtin.shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+      ansible.builtin.shell: set -o pipefail && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
       changed_when: true
       when: not r_download_key['stat']['exists'] # noqa: command-instead-of-module
 

diff --git a/roles/download_qcow2/tasks/main.yml b/roles/download_qcow2/tasks/main.yml
@@ -30,6 +30,7 @@
     dest: "{{ setup_down_dest_dir }}/{{ item.filename }}"
     headers:
       Authorization: "Bearer {{ __r_login.json.access_token }}"
+    mode: "0644"
   when: image_name is match(item.filename)
   loop: "{{ __cf_images }}"
 ...
diff --git a/roles/esxi_snapshot_rollback/tasks/main.yml b/roles/esxi_snapshot_rollback/tasks/main.yml
@@ -6,7 +6,7 @@
   when: item.vm_name is defined
 
 - name: Get vm ids
-  ansible.builtin.shell: vim-cmd vmsvc/getallvms | grep -v Vmid |awk '{ print $2 ":" $1 }'
+  ansible.builtin.shell: set -o pipefail && vim-cmd vmsvc/getallvms | grep -v Vmid |awk '{ print $2 ":" $1 }'
   changed_when: false
   register: r_vm_ids
 
@@ -28,25 +28,25 @@
     # verbosity: 2
 
 - name: Get vm ids
-  ansible.builtin.shell: "vim-cmd vmsvc/snapshot.get {{ vm_ids[vm_name] }} | grep -i 'Snapshot Name|Snapshot Id' | awk '{ print $3 }'"
+  ansible.builtin.shell: set -o pipefail && vim-cmd vmsvc/snapshot.get {{ vm_ids[vm_name] }} | grep -i 'Snapshot Name|Snapshot Id' | awk '{ print $3 }'
   changed_when: false
   register: r_vm_snapshots_all
   when: get_all_snapshots | default(false)
 
 - name: Get snapshot by name
-  ansible.builtin.shell: "vim-cmd vmsvc/snapshot.get {{ vm_ids[vm_name] }} | grep -i -A 1 '{{ snapshot_name }}' | cut -d ':' -f 2 | grep -v '\\-\\-' | awk '{ print $1 }' | tail -1"
+  ansible.builtin.shell: set -o pipefail && vim-cmd vmsvc/snapshot.get {{ vm_ids[vm_name] }} | grep -i -A 1 '{{ snapshot_name }}' | cut -d ':' -f 2 | grep -v '\\-\\-' | awk '{ print $1 }' | tail -1
   changed_when: false
   register: r_vm_snapshots_name
   when: get_snapshot_by_name | default(false)
 
 - name: Get last snapshot
-  ansible.builtin.shell: "vim-cmd vmsvc/snapshot.get {{ vm_ids[vm_name] }} | grep -i -A 1 'Snapshot Name' | cut -d ':' -f 2 | grep -v '\\-\\-' | awk '{ print $1 }' | tail -1"
+  ansible.builtin.shell: set -o pipefail && vim-cmd vmsvc/snapshot.get {{ vm_ids[vm_name] }} | grep -i -A 1 'Snapshot Name' | cut -d ':' -f 2 | grep -v '\\-\\-' | awk '{ print $1 }' | tail -1
   changed_when: false
   register: r_vm_snapshots_last
   when: get_last_snapshot | default(false)
 
 - name: Get first snapshot
-  ansible.builtin.shell: "vim-cmd vmsvc/snapshot.get {{ vm_ids[vm_name] }} | grep -i -A 1 'Snapshot Name' | cut -d ':' -f 2 | grep -v '\\-\\-' | awk '{ print $1 }' | head -2 | tail -1"
+  ansible.builtin.shell: set -o pipefail && vim-cmd vmsvc/snapshot.get {{ vm_ids[vm_name] }} | grep -i -A 1 'Snapshot Name' | cut -d ':' -f 2 | grep -v '\\-\\-' | awk '{ print $1 }' | head -2 | tail -1
   changed_when: false
   register: r_vm_snapshots_first
   when: get_first_snapshot | default(false)
@@ -59,7 +59,7 @@
     vm_snapshot: "{% if get_all_snapshots %}{{ r_vm_snapshots_all }}{% elif get_snapshot_by_name %}{{ r_vm_snapshots_name }}{% elif get_last_snapshot %}{{ r_vm_snapshots_last }}{% elif r_vm_snapshots_first %}{{ r_vm_snapshots_first }}{% else %}'error'{% endif %}"
 
 - name: Revert to snapshot {{ r_vm_snapshots }}
-  ansible.builtin.shell: "vim-cmd vmsvc/snapshot.revert {{ vm_ids[vm_name] }} {{ vm_snapshot.stdout }} suppressPowerOn"
+  ansible.builtin.shell: set -o pipefail && vim-cmd vmsvc/snapshot.revert {{ vm_ids[vm_name] }} {{ vm_snapshot.stdout }} suppressPowerOn
   changed_when: true
   register: r_revert_output
   when: revert_2_snapshot | default(false)
@@ -72,7 +72,7 @@
     # verbosity: 2
 
 - name: Power vm back on
-  ansible.builtin.shell: vim-cmd vmsvc/power.on {{ vm_ids[vm_name] }}
+  ansible.builtin.command: vim-cmd vmsvc/power.on {{ vm_ids[vm_name] }}
   changed_when: true
   when: power_back_on
 ...
diff --git a/roles/terraform/defaults/main.yml b/roles/terraform/defaults/main.yml
@@ -39,6 +39,16 @@ fedora_vms:
     cpu: 2
 
 ubuntu_vms:
+  - name: portainer
+    fqdn: lab.danielsson.us.com
+    mem: 8
+    cpu: 8
+    disk_size: 100
+  - name: portainer2
+    fqdn: lab.danielsson.us.com
+    mem: 8
+    cpu: 8
+    disk_size: 100
   - name: k3s
     fqdn: lab.danielsson.us.com
     mem: 8

diff --git a/roles/terraform/tasks/main.yml b/roles/terraform/tasks/main.yml
@@ -4,26 +4,30 @@
   ansible.builtin.file:
     path: /tmp/terraform
     state: directory
+    mode: "0755"
   notify:
     - Terraform init
 
 - name: Copy file versions.tf to /tmp/terraform
   ansible.builtin.copy:
     src: "{{ virt_manager }}-versions.tf"
     dest: /tmp/terraform/versions.tf
+    mode: "0644"
   notify:
     - Terraform init
 
 - name: Generate cloud templates from list
   ansible.builtin.template:
     src: "{{ item.name }}.j2"
     dest: "/tmp/terraform/{{ item.name }}"
+    mode: "0644"
   loop: "{{ cloud_files }}"
 
 - name: Generate templates from list
   ansible.builtin.template:
     src: "{{ virt_manager }}-{{ item.src }}"
     dest: "/tmp/terraform/{{ virt_manager }}-{{ item.dest }}"
+    mode: "0644"
   loop: "{{ terraform_templates }}"
 
 - name: Flush handlers

diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml
@@ -20,11 +20,13 @@
   ansible.builtin.template:
     src: templates/vault.hcl.j2
     dest: /etc/vault.d/config.hcl
+    mode: "0644"
 
 - name: Copy service
   ansible.builtin.copy:
     src: files/vault.service
     dest: /etc/systemd/system/vault.service
+    mode: "0755"
   notify:
     - Start vault service