165 lines
4.5 KiB
YAML
165 lines
4.5 KiB
YAML
---
|
|
|
|
- name: Check for cosmos user
|
|
shell: "getent passwd | grep cosmos"
|
|
register: cosmos_info
|
|
ignore_errors: true
|
|
|
|
- name: Check CPU Arch
|
|
shell: "dpkg --print-architecture"
|
|
register: cpu_architecture_output
|
|
|
|
- name: Check if running in HyperV
|
|
when: "'Hyper-V' in ansible_facts.chassis_version "
|
|
set_fact:
|
|
is_hyperv: true
|
|
|
|
- name: Set cpu_architecture variable
|
|
set_fact:
|
|
cpu_architecture: "{{ cpu_architecture_output.stdout_lines[0] }}"
|
|
|
|
- name: Set bool armcpu_check
|
|
when: '"arm" in cpu_architecture'
|
|
set_fact:
|
|
armcpu_check: true
|
|
|
|
- name: Check for cosmos init-complete
|
|
shell: "ls /opt/cosmos/init-complete || true"
|
|
register: check_init_complete
|
|
|
|
- name: Skip most of cosmos_init
|
|
when: '"init-complete" in check_init_complete.stdout'
|
|
set_fact:
|
|
gather_only: true
|
|
init_light: true
|
|
|
|
- name: Set cosmos_exists
|
|
set_fact:
|
|
cosmos_exists: "{{ not cosmos_info.failed | bool }}"
|
|
|
|
- name: Add the SSH public key to authorized_keys
|
|
authorized_key:
|
|
user: "root"
|
|
key: "{{ matt_public_key }}"
|
|
state: present
|
|
path: "/root/.ssh/authorized_keys"
|
|
|
|
###############################################
|
|
# Update sources.list file
|
|
# Do this first for the Pi's
|
|
###############################################
|
|
|
|
# check debian version
|
|
- name: Check debian version
|
|
shell: cat /etc/os-release | grep VERSION_CODENAME | cut -d '=' -f 2
|
|
register: debian_version_codename
|
|
|
|
# set deb_version fact
|
|
- name: set deb_version variable
|
|
set_fact:
|
|
deb_version: "{{ debian_version_codename.stdout_lines[0] }}"
|
|
|
|
# show deb_version
|
|
- name: show deb_version
|
|
debug:
|
|
msg: "Debian version codename: {{ deb_version }}"
|
|
|
|
# This should only ever be true immediately after imaging
|
|
- name: Check for contrib non-free in current sources.list
|
|
command: grep -q 'contrib non-free' /etc/apt/sources.list
|
|
register: contrib_non_free_present
|
|
ignore_errors: true
|
|
|
|
# Copy new file if needed
|
|
- name: Copy new sources.list if contrib non-free is not present or is ARM chip
|
|
when: contrib_non_free_present.failed or armcpu_check | bool
|
|
template:
|
|
src: sources.list.j2
|
|
dest: /etc/apt/sources.list
|
|
|
|
- name: Update APT
|
|
apt:
|
|
update_cache: yes
|
|
|
|
- name: Upgrade packages
|
|
when: not init_light | bool
|
|
apt:
|
|
upgrade: dist
|
|
|
|
###############################################
|
|
# If the cosmos user doesn't exist, time to
|
|
# load up the prereqs
|
|
###############################################
|
|
|
|
- name: initialize preboot when not cosmos_exists
|
|
when: not cosmos_exists | bool or not init_complete | bool
|
|
block:
|
|
- name: Install Preboot Packages
|
|
when: not init_light | bool or armcpu_check | bool
|
|
apt:
|
|
name:
|
|
- "{{ preboot_packages_item }}"
|
|
state: present
|
|
loop: "{{ preboot_packages }}"
|
|
loop_control:
|
|
loop_var: preboot_packages_item
|
|
|
|
- name: Preboot fix - create /opt/cosmos
|
|
file:
|
|
path: /opt/cosmos
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Preboot fix - set root password
|
|
user:
|
|
name: "root"
|
|
password: "{{ cosmos_root_password | password_hash('sha512') }}"
|
|
|
|
- name: Preboot fix - Copy Files
|
|
block:
|
|
|
|
- name: update_issue.service
|
|
when: not init_light | bool and not armcpu_check | bool
|
|
copy:
|
|
src: /var/jenkins_home/ansible/roles/pxe_server/files/init/update_issue.service
|
|
dest: /etc/systemd/system/update_issue.service
|
|
mode: 0644
|
|
|
|
- name: .bashrc
|
|
copy:
|
|
src: /var/jenkins_home/ansible/roles/pxe_server/files/init/.bashrc
|
|
dest: /root/.bashrc
|
|
mode: 0644
|
|
|
|
- name: create /root/.config/htop
|
|
file:
|
|
path: /root/.config/htop
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: htoprc
|
|
copy:
|
|
src: /var/jenkins_home/ansible/roles/pxe_server/files/init/htoprc
|
|
dest: /root/.config/htop/htoprc
|
|
mode: 0644
|
|
|
|
- name: 00-root-allow.conf
|
|
copy:
|
|
src: /var/jenkins_home/ansible/roles/pxe_server/files/init/00-root-allow.conf
|
|
dest: /etc/ssh/sshd_config.d/00-root-allow-ssh.conf
|
|
mode: 0644
|
|
|
|
- name: enable update_issue.service
|
|
when: not init_light | bool and not armcpu_check | bool
|
|
shell: |
|
|
systemctl daemon-reload
|
|
systemctl enable update_issue.service
|
|
systemctl start update_issue.service
|
|
|
|
- name: Preboot fix - create cosmos user
|
|
user:
|
|
name: "cosmos"
|
|
password: "{{ cosmos_password | password_hash('sha512') }}"
|
|
shell: /bin/bash
|
|
|
|
... |