aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible
diff options
context:
space:
mode:
authorPeter Mikus <pmikus@cisco.com>2022-07-07 10:31:16 +0000
committerPeter Mikus <peter.mikus@protonmail.ch>2022-07-07 13:11:37 +0000
commit2720dc186a1e488833533bfa8e14bfaa578aabca (patch)
tree18f2f75ab8409c20ac500c657fad64168cff5914 /fdio.infra.ansible
parent9f603617b10a447c59cd17110a89f67a1bf42d6e (diff)
feat(ansible): Migrate Ubuntu Jammy II
Signed-off-by: Peter Mikus <pmikus@cisco.com> Change-Id: I43c86ab3232a382e7cc9010fb04a0ca269b24e77
Diffstat (limited to 'fdio.infra.ansible')
-rw-r--r--fdio.infra.ansible/nomad.yaml12
-rw-r--r--fdio.infra.ansible/roles/baremetal/handlers/main.yaml4
-rw-r--r--fdio.infra.ansible/roles/consul/defaults/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/consul/handlers/main.yaml4
-rw-r--r--fdio.infra.ansible/roles/consul/meta/main.yaml6
-rw-r--r--fdio.infra.ansible/roles/consul/tasks/main.yaml19
-rw-r--r--fdio.infra.ansible/roles/docker/defaults/main.yaml7
-rw-r--r--fdio.infra.ansible/roles/docker/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/docker/meta/main.yaml17
-rw-r--r--fdio.infra.ansible/roles/docker/tasks/focal.yaml (renamed from fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml)6
-rw-r--r--fdio.infra.ansible/roles/docker/tasks/jammy.yaml (renamed from fdio.infra.ansible/roles/docker/tasks/ubuntu_jammy.yaml)6
-rw-r--r--fdio.infra.ansible/roles/docker/tasks/main.yaml39
-rw-r--r--fdio.infra.ansible/roles/nomad/defaults/main.yaml8
-rw-r--r--fdio.infra.ansible/roles/nomad/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/nomad/meta/main.yaml6
-rw-r--r--fdio.infra.ansible/roles/nomad/tasks/main.yaml70
-rw-r--r--fdio.infra.ansible/roles/user_add/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/user_add/tasks/main.yaml6
18 files changed, 129 insertions, 89 deletions
diff --git a/fdio.infra.ansible/nomad.yaml b/fdio.infra.ansible/nomad.yaml
index 5a8c4ca4bc..8dbdac54fe 100644
--- a/fdio.infra.ansible/nomad.yaml
+++ b/fdio.infra.ansible/nomad.yaml
@@ -22,9 +22,9 @@
tags: nomad
- role: consul
tags: consul
- - role: prometheus_exporter
- tags: prometheus_exporter
- - role: jenkins_job_health_exporter
- tags: jenkins_job_health_exporter
- - role: cleanup
- tags: cleanup
+# - role: prometheus_exporter
+# tags: prometheus_exporter
+# - role: jenkins_job_health_exporter
+# tags: jenkins_job_health_exporter
+# - role: cleanup
+# tags: cleanup
diff --git a/fdio.infra.ansible/roles/baremetal/handlers/main.yaml b/fdio.infra.ansible/roles/baremetal/handlers/main.yaml
index d8dabeb222..6e8734eaa9 100644
--- a/fdio.infra.ansible/roles/baremetal/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/baremetal/handlers/main.yaml
@@ -14,13 +14,13 @@
- cimc-handlers
- name: Reboot server
- reboot:
+ ansible.builtin.reboot:
reboot_timeout: 3600
tags:
- reboot-server
- name: Wait for server to restart
- wait_for:
+ ansible.builtin.wait_for:
host: "{{ inventory_hostname }}"
search_regex: OpenSSH
port: 22
diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml
index 13bba8b144..503857de92 100644
--- a/fdio.infra.ansible/roles/consul/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml
@@ -24,7 +24,7 @@ consul_architecture_map:
32-bit: "386"
64-bit: "amd64"
consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
-consul_version: "1.9.5"
+consul_version: "1.12.2"
consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
consul_force_update: false
diff --git a/fdio.infra.ansible/roles/consul/handlers/main.yaml b/fdio.infra.ansible/roles/consul/handlers/main.yaml
index d0e0c598a9..a88ae45d27 100644
--- a/fdio.infra.ansible/roles/consul/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/consul/handlers/main.yaml
@@ -2,14 +2,14 @@
# file roles/consul/handlers/main.yaml
- name: Restart Nomad
- systemd:
+ ansible.builtin.systemd:
daemon_reload: true
enabled: true
name: "nomad"
state: "{{ nomad_restart_handler_state }}"
- name: Restart Consul
- systemd:
+ ansible.builtin.systemd:
daemon_reload: true
enabled: true
name: "consul"
diff --git a/fdio.infra.ansible/roles/consul/meta/main.yaml b/fdio.infra.ansible/roles/consul/meta/main.yaml
index c848f67c7b..bc6d6a1c57 100644
--- a/fdio.infra.ansible/roles/consul/meta/main.yaml
+++ b/fdio.infra.ansible/roles/consul/meta/main.yaml
@@ -1,11 +1,6 @@
---
# file: roles/consul/meta/main.yaml
-# desc: Install consul from stable branch and configure service.
-# inst: Consul
-# conf: ?
-# info: 1.0 - added role
-
dependencies: []
galaxy_info:
role_name: consul
@@ -18,5 +13,6 @@ galaxy_info:
- name: Ubuntu
versions:
- focal
+ - jammy
galaxy_tags:
- consul
diff --git a/fdio.infra.ansible/roles/consul/tasks/main.yaml b/fdio.infra.ansible/roles/consul/tasks/main.yaml
index 4e229714b7..1d6bcc0b0b 100644
--- a/fdio.infra.ansible/roles/consul/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/consul/tasks/main.yaml
@@ -1,14 +1,22 @@
---
# file: roles/consul/tasks/main.yaml
-- name: Install Dependencies
+- name: Inst - Update Repositories Cache
+ apt:
+ update_cache: true
+ when:
+ - ansible_os_family == 'Debian'
+ tags:
+ - consul-inst-package
+
+- name: Inst - Dependencies
apt:
name: "{{ packages | flatten(levels=1) }}"
state: "present"
cache_valid_time: 3600
install_recommends: false
when:
- - ansible_distribution|lower == 'ubuntu'
+ - ansible_os_family == 'Debian'
tags:
- consul-inst-dependencies
@@ -155,7 +163,7 @@
name: "systemd-resolved"
state: "{{ systemd_resolved_state }}"
when:
- - nomad_service_mgr == "systemd"
+ - consul_service_mgr == "systemd"
tags:
- consul-conf
@@ -170,8 +178,9 @@
- "Restart Consul"
- "Restart Nomad"
when:
- - nomad_service_mgr == "systemd"
+ - consul_service_mgr == "systemd"
tags:
- consul-conf
-- meta: flush_handlers
+- name: Meta - Flush handlers
+ meta: flush_handlers
diff --git a/fdio.infra.ansible/roles/docker/defaults/main.yaml b/fdio.infra.ansible/roles/docker/defaults/main.yaml
index a8f4e6289d..e493d1c9b5 100644
--- a/fdio.infra.ansible/roles/docker/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/docker/defaults/main.yaml
@@ -10,10 +10,11 @@ docker_package_state: latest
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted
+docker_service_mgr: ""
# Used only for Debian/Ubuntu.
docker_apt_release_channel: "stable"
-docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
docker_apt_repository_state: present
docker_apt_ignore_key_error: true
docker_apt_gpg_key: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
@@ -25,10 +26,6 @@ docker_yum_repo_enable_edge: "0"
docker_yum_repo_enable_test: "0"
docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
-# A list of users who will be added to the docker group.
-docker_users:
- - "{{ ansible_user }}"
-
# Proxy settings.
docker_daemon_environment_http:
- "HTTP_PROXY={{ proxy_env.http_proxy }}"
diff --git a/fdio.infra.ansible/roles/docker/handlers/main.yaml b/fdio.infra.ansible/roles/docker/handlers/main.yaml
index 572b789d48..53eb8528f6 100644
--- a/fdio.infra.ansible/roles/docker/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/docker/handlers/main.yaml
@@ -2,7 +2,7 @@
# file roles/docker/handlers/main.yaml
- name: Restart Docker
- service:
+ ansible.builtin.service:
name: "docker"
state: "{{ docker_restart_handler_state }}"
tags:
diff --git a/fdio.infra.ansible/roles/docker/meta/main.yaml b/fdio.infra.ansible/roles/docker/meta/main.yaml
index e191fd43b6..ac6c0a9980 100644
--- a/fdio.infra.ansible/roles/docker/meta/main.yaml
+++ b/fdio.infra.ansible/roles/docker/meta/main.yaml
@@ -1,4 +1,19 @@
---
-# file: roles/docker/meta/main.yaml
+# file: meta/main.yaml
dependencies: []
+
+galaxy_info:
+ role_name: docker
+ author: fd.io
+ description: Docker-CE for Linux.
+ company: none
+ license: "license (Apache)"
+ min_ansible_version: 2.9
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+ - jammy
+ galaxy_tags:
+ - docker
diff --git a/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml b/fdio.infra.ansible/roles/docker/tasks/focal.yaml
index 236cec6322..27fee6285c 100644
--- a/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml
+++ b/fdio.infra.ansible/roles/docker/tasks/focal.yaml
@@ -2,7 +2,7 @@
# file: roles/docker/tasks/ubuntu_focal.yaml
- name: Inst - Dependencies
- apt:
+ ansible.builtin.apt:
name:
- "apt-transport-https"
- "ca-certificates"
@@ -15,14 +15,14 @@
- docker-inst-dependencies
- name: Conf - Add APT Key
- apt_key:
+ ansible.builtin.apt_key:
url: "{{ docker_apt_gpg_key }}"
state: "{{ docker_apt_gpg_key_state }}"
tags:
- docker-conf-apt
- name: Conf - Install APT Repository
- apt_repository:
+ ansible.builtin.apt_repository:
repo: "{{ docker_apt_repository }}"
state: "{{ docker_apt_repository_state }}"
update_cache: true
diff --git a/fdio.infra.ansible/roles/docker/tasks/ubuntu_jammy.yaml b/fdio.infra.ansible/roles/docker/tasks/jammy.yaml
index 51f60ee348..8ec7a01ee1 100644
--- a/fdio.infra.ansible/roles/docker/tasks/ubuntu_jammy.yaml
+++ b/fdio.infra.ansible/roles/docker/tasks/jammy.yaml
@@ -2,7 +2,7 @@
# file: roles/docker/tasks/ubuntu_jammy.yaml
- name: Inst - Dependencies
- apt:
+ ansible.builtin.apt:
name:
- "apt-transport-https"
- "ca-certificates"
@@ -15,14 +15,14 @@
- docker-inst-dependencies
- name: Conf - Add APT Key
- apt_key:
+ ansible.builtin.apt_key:
url: "{{ docker_apt_gpg_key }}"
state: "{{ docker_apt_gpg_key_state }}"
tags:
- docker-conf-apt
- name: Conf - Install APT Repository
- apt_repository:
+ ansible.builtin.apt_repository:
repo: "{{ docker_apt_repository }}"
state: "{{ docker_apt_repository_state }}"
update_cache: true
diff --git a/fdio.infra.ansible/roles/docker/tasks/main.yaml b/fdio.infra.ansible/roles/docker/tasks/main.yaml
index 27b9d250da..e07b29e363 100644
--- a/fdio.infra.ansible/roles/docker/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/docker/tasks/main.yaml
@@ -1,12 +1,12 @@
---
# file: roles/docker/tasks/main.yaml
-- include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml"
+- include_tasks: "{{ ansible_distribution_release }}.yaml"
tags:
- docker-inst-dependencies
- name: Inst - Docker
- package:
+ ansible.builtin.package:
name:
- "{{ docker_package }}"
- "{{ docker_package }}-cli"
@@ -15,22 +15,27 @@
- docker-inst-package
- name: Conf - Docker Service
- service:
+ ansible.builtin.service:
name: docker
state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}"
+ when:
+ - docker_service_mgr == "systemd"
tags:
- docker-conf-service
- name: Conf - Docker Service Directory
- file:
+ ansible.builtin.file:
path: "/etc/systemd/system/docker.service.d"
state: "directory"
+ mode: "0755"
+ when:
+ - docker_service_mgr == "systemd"
tags:
- docker-conf-service
- name: Conf - Docker Daemon
- template:
+ ansible.builtin.template:
src: "templates/daemon.json.j2"
dest: "/etc/docker/daemon.json"
owner: "root"
@@ -39,12 +44,13 @@
notify:
- "Restart Docker"
when: >
- docker_daemon is defined
+ docker_daemon is defined and
+ docker_service_mgr == "systemd"
tags:
- docker-conf-daemon
- name: Conf - Docker HTTP Proxy
- template:
+ ansible.builtin.template:
src: "templates/docker.service.proxy.http"
dest: "/etc/systemd/system/docker.service.d/http-proxy.conf"
owner: "root"
@@ -54,12 +60,13 @@
- "Restart Docker"
when: >
proxy_env is defined and
- proxy_env.http_proxy is defined
+ proxy_env.http_proxy is defined and
+ docker_service_mgr == "systemd"
tags:
- docker-conf-service
- name: Conf - Docker HTTPS Proxy
- template:
+ ansible.builtin.template:
src: "templates/docker.service.proxy.https"
dest: "/etc/systemd/system/docker.service.d/https-proxy.conf"
owner: "root"
@@ -69,16 +76,10 @@
- "Restart Docker"
when: >
proxy_env is defined and
- proxy_env.https_proxy is defined
+ proxy_env.https_proxy is defined and
+ docker_service_mgr == "systemd"
tags:
- docker-conf-service
-- name: Conf - Users to Docker Group
- user:
- name: "{{ ansible_user }}"
- groups: "docker"
- append: true
- tags:
- - docker-conf-user
-
-- meta: flush_handlers
+- name: Meta - Flush handlers
+ ansible.builtin.meta: flush_handlers
diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
index f58ac0961d..b4741f8d43 100644
--- a/fdio.infra.ansible/roles/nomad/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
@@ -16,7 +16,7 @@ packages_by_arch:
- []
# Package
-nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.0.4', true) }}"
+nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.3.1', true) }}"
nomad_architecture_map:
amd64: "amd64"
x86_64: "amd64"
@@ -63,7 +63,7 @@ nomad_log_level: "INFO"
nomad_syslog_enable: true
nomad_iface: "{{ lookup('env','NOMAD_IFACE') | default(ansible_default_ipv4.interface, true) }}"
nomad_node_name: "{{ inventory_hostname }}"
-nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('client', true) }}"
+nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('server', true) }}"
nomad_leave_on_terminate: true
nomad_leave_on_interrupt: false
nomad_disable_update_check: true
@@ -172,9 +172,11 @@ nomad_docker_dmsetup: true
# TLS
nomad_tls_enable: true
-nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem"
+nomad_ca_file: "{{ nomad_ssl_dir }}/nomad-ca.pem"
nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem"
nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem"
+nomad_cli_cert_file: "{{ nomad_ssl_dir }}/nomad-cli.pem"
+nomad_cli_key_file: "{{ nomad_ssl_dir }}/nomad-cli-key.pem"
nomad_http: false
nomad_rpc: false
nomad_rpc_upgrade_mode: false
diff --git a/fdio.infra.ansible/roles/nomad/handlers/main.yaml b/fdio.infra.ansible/roles/nomad/handlers/main.yaml
index 8ef4d80353..6263f3dda1 100644
--- a/fdio.infra.ansible/roles/nomad/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/handlers/main.yaml
@@ -2,7 +2,7 @@
# file roles/nomad/handlers/main.yaml
- name: Restart Nomad
- systemd:
+ ansible.builtin.systemd:
daemon_reload: true
enabled: true
name: "nomad"
diff --git a/fdio.infra.ansible/roles/nomad/meta/main.yaml b/fdio.infra.ansible/roles/nomad/meta/main.yaml
index 4f467ceee3..f7b25fe8eb 100644
--- a/fdio.infra.ansible/roles/nomad/meta/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/meta/main.yaml
@@ -1,11 +1,6 @@
---
# file: roles/nomad/meta/main.yaml
-# desc: Install nomad from repo and configure service.
-# inst: Nomad
-# conf: ?
-# info: 1.0 - added role
-
dependencies: [docker]
galaxy_info:
@@ -19,5 +14,6 @@ galaxy_info:
- name: Ubuntu
versions:
- focal
+ - jammy
galaxy_tags:
- nomad
diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
index 8d58c8bb0e..480c4da0be 100644
--- a/fdio.infra.ansible/roles/nomad/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
@@ -1,26 +1,34 @@
---
-# file: roles/nomad/tasks/main.yaml
+# file: tasks/main.yaml
-- name: Install Dependencies
- apt:
+- name: Inst - Update Repositories Cache
+ ansible.builtin.apt:
+ update_cache: true
+ when:
+ - ansible_os_family == 'Debian'
+ tags:
+ - nomad-inst-package
+
+- name: Inst - Dependencies
+ ansible.builtin.apt:
name: "{{ packages | flatten(levels=1) }}"
state: "present"
cache_valid_time: 3600
install_recommends: false
when:
- - ansible_distribution|lower == 'ubuntu'
+ - ansible_os_family == 'Debian'
tags:
- nomad-inst-dependencies
- name: Conf - Add Nomad Group
- group:
+ ansible.builtin.group:
name: "{{ nomad_group }}"
state: "{{ nomad_user_state }}"
tags:
- nomad-conf-user
- name: Conf - Add Nomad user
- user:
+ ansible.builtin.user:
name: "{{ nomad_user }}"
group: "{{ nomad_group }}"
state: "{{ nomad_group_state }}"
@@ -29,14 +37,14 @@
- nomad-conf-user
- name: Inst - Download Nomad
- get_url:
+ ansible.builtin.get_url:
url: "{{ nomad_zip_url }}"
dest: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
tags:
- nomad-inst-package
- name: Inst - Clean Nomad
- file:
+ ansible.builtin.file:
path: "{{ nomad_inst_dir }}/nomad"
state: "absent"
when:
@@ -45,7 +53,7 @@
- nomad-inst-package
- name: Inst - Unarchive Nomad
- unarchive:
+ ansible.builtin.unarchive:
src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
dest: "{{ nomad_inst_dir }}/"
remote_src: true
@@ -53,7 +61,7 @@
- nomad-inst-package
- name: Inst - Nomad
- copy:
+ ansible.builtin.copy:
src: "{{ nomad_inst_dir }}/nomad"
dest: "{{ nomad_bin_dir }}"
owner: "{{ nomad_user }}"
@@ -65,25 +73,27 @@
- nomad-inst-package
- name: Conf - Create Directories "{{ nomad_data_dir }}"
- file:
+ ansible.builtin.file:
dest: "{{ nomad_data_dir }}"
state: directory
owner: "{{ nomad_user }}"
group: "{{ nomad_group }}"
+ mode: 0755
tags:
- nomad-conf
- name: Conf - Create Directories "{{ nomad_ssl_dir }}"
- file:
+ ansible.builtin.file:
dest: "{{ nomad_ssl_dir }}"
state: directory
owner: "{{ nomad_user }}"
group: "{{ nomad_group }}"
+ mode: 0755
tags:
- nomad-conf
- name: Conf - Create Config Directory
- file:
+ ansible.builtin.file:
dest: "{{ nomad_config_dir }}"
state: directory
owner: "{{ nomad_user }}"
@@ -93,7 +103,7 @@
- nomad-conf
- name: Conf - Base Configuration
- template:
+ ansible.builtin.template:
src: base.hcl.j2
dest: "{{ nomad_config_dir }}/base.hcl"
owner: "{{ nomad_user }}"
@@ -103,7 +113,7 @@
- nomad-conf
- name: Conf - Server Configuration
- template:
+ ansible.builtin.template:
src: server.hcl.j2
dest: "{{ nomad_config_dir }}/server.hcl"
owner: "{{ nomad_user }}"
@@ -115,7 +125,7 @@
- nomad-conf
- name: Conf - Client Configuration
- template:
+ ansible.builtin.template:
src: client.hcl.j2
dest: "{{ nomad_config_dir }}/client.hcl"
owner: "{{ nomad_user }}"
@@ -127,7 +137,7 @@
- nomad-conf
- name: Conf - TLS Configuration
- template:
+ ansible.builtin.template:
src: tls.hcl.j2
dest: "{{ nomad_config_dir }}/tls.hcl"
owner: "{{ nomad_user }}"
@@ -137,7 +147,7 @@
- nomad-conf
- name: Conf - Telemetry Configuration
- template:
+ ansible.builtin.template:
src: telemetry.hcl.j2
dest: "{{ nomad_config_dir }}/telemetry.hcl"
owner: "{{ nomad_user }}"
@@ -147,7 +157,7 @@
- nomad-conf
- name: Conf - Consul Configuration
- template:
+ ansible.builtin.template:
src: consul.hcl.j2
dest: "{{ nomad_config_dir }}/consul.hcl"
owner: "{{ nomad_user }}"
@@ -157,7 +167,7 @@
- nomad-conf
- name: Conf - Copy Certificates And Keys
- copy:
+ ansible.builtin.copy:
content: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ nomad_user }}"
@@ -166,12 +176,25 @@
no_log: true
loop: "{{ nomad_certificates | flatten(levels=1) }}"
when:
- - nomad_certificates
+ - nomad_certificates is defined
+ tags:
+ - nomad-conf
+
+- name: Conf - Nomad CLI Environment Variables
+ ansible.builtin.lineinfile:
+ path: "/etc/profile.d/nomad.sh"
+ line: "{{ item }}"
+ create: true
+ loop:
+ - "export NOMAD_ADDR=https://nomad.service.consul:4646"
+ - "export NOMAD_CACERT={{ nomad_ca_file }}"
+ - "export NOMAD_CLIENT_CERT={{ nomad_cli_cert_file }}"
+ - "export NOMAD_CLIENT_KEY={{ nomad_cli_key_file }}"
tags:
- nomad-conf
- name: Conf - System.d Script
- template:
+ ansible.builtin.template:
src: "nomad_systemd.service.j2"
dest: "/lib/systemd/system/nomad.service"
owner: "root"
@@ -184,4 +207,5 @@
tags:
- nomad-conf
-- meta: flush_handlers
+- name: Meta - Flush handlers
+ ansible.builtin.meta: flush_handlers
diff --git a/fdio.infra.ansible/roles/user_add/handlers/main.yaml b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
index 960f573b48..5f1f71a332 100644
--- a/fdio.infra.ansible/roles/user_add/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
@@ -2,6 +2,6 @@
# file: roles/user_add/handlers/main.yaml
- name: Restart SSHd
- service:
+ ansible.builtin.service:
name: sshd
state: restarted
diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
index 24be30dc6e..329c6abd07 100644
--- a/fdio.infra.ansible/roles/user_add/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
@@ -2,7 +2,7 @@
# file: roles/user_add/tasks/main.yaml
- name: Conf - Add User
- user:
+ ansible.builtin.user:
append: "{{ item.append | default(omit) }}"
createhome: "{{ 'yes' if users_create_homedirs else 'no' }}"
generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}"
@@ -16,7 +16,7 @@
- user-add-conf
- name: Conf - SSH keys
- authorized_key:
+ ansible.builtin.authorized_key:
user: "{{ item.0.username }}"
key: "{{ item.1 }}"
with_subelements:
@@ -27,7 +27,7 @@
- user-add-conf
- name: Conf - Disable Password Login
- lineinfile:
+ ansible.builtin.lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^PasswordAuthentication yes"
line: "PasswordAuthentication no"