- add "new_host" role for system setup

- no longer use "all" to mention all hosts in playbooks - update of hosts file to now use localhost as "test"
author: boom2 <blizzack@blizzack.com> 2023-12-14 17:24:25 -0500
committer: boom2 <blizzack@blizzack.com> 2023-12-14 17:24:25 -0500
commit: f30709d7dbe88d82c4df66c476db36cb5c0ce903 (patch)
tree: ca861d7aa3e30c73a4fefeb9186f221cf15a8ff5 /home/.ansible/roles/new_host/tasks
parent: d8a7729358a2fd3b911022e45d0197fda3e5da94 (diff)
6 files changed, 173 insertions, 0 deletions
diff --git a/home/.ansible/roles/new_host/tasks/backup_system_files.yml b/home/.ansible/roles/new_host/tasks/backup_system_files.yml
new file mode 100644
index 0000000..d04a45a
--- /dev/null
+++ b/home/.ansible/roles/new_host/tasks/backup_system_files.yml
@@ -0,0 +1,60 @@
+# - a bit of a contrived example of backing up files on a managed host
+#
+# https://stackoverflow.com/questions/24162996/how-to-move-rename-a-file-using-an-ansible-task-on-a-remote-system
+
+---
+- name: check backup directory status
+  ansible.builtin.stat:
+    path: "{{ backup_etc_dir }}"
+  register: backup_dir
+  tags: ['backup_dir_status']
+
+- name: create backup directory if it does not exist
+  ansible.builtin.file:
+    path: "{{ backup_etc_dir }}"
+    state: directory
+  become: true
+  become_user: root
+  when: backup_dir.stat.isdir is not defined
+  tags: ['create_backup_dir']
+
+- name: backup of system files
+  ansible.builtin.copy:
+    src: /etc/{{ item  }}
+    remote_src: true
+    dest: "{{ backup_etc_dir }}/"
+    mode: preserve
+  with_items:
+    - hosts.allow~
+    - hosts.deny~
+    - inetd.conf
+    - sudoers.dist
+    - hosts
+    - fstab
+    - inittab
+  become: true
+  become_user: root
+  tags: ['backup_system_files']
+
+- name: backup slackpkg files
+  ansible.builtin.copy:
+    src: /etc/slackpkg/{{ item  }}
+    remote_src: true
+    dest: "{{ backup_etc_dir }}/"
+    mode: preserve
+  with_items:
+    - blacklist~
+    - mirrors~
+  become: true
+  become_user: root
+  tags: ['backup_slackpkg_files']
+
+- name: rename our test files
+  ansible.builtin.shell: |
+    sudo mv {{ backup_etc_dir }}/hosts.allow~ {{ backup_etc_dir }}/hosts.allow
+    sudo mv {{ backup_etc_dir }}/hosts.deny~ {{ backup_etc_dir }}/hosts.deny
+    sudo mv {{ backup_etc_dir }}/sudoers.dist {{ backup_etc_dir }}/sudoers
+    sudo mv {{ backup_etc_dir }}/blacklist~ {{ backup_etc_dir }}/blacklist
+    sudo mv {{ backup_etc_dir }}/mirrors~ {{ backup_etc_dir }}/mirrors
+    exit 0
+  tags: ['rename_files']
diff --git a/home/.ansible/roles/new_host/tasks/backup_system_files.yml~ b/home/.ansible/roles/new_host/tasks/backup_system_files.yml~
new file mode 100644
index 0000000..3c899e5
--- /dev/null
+++ b/home/.ansible/roles/new_host/tasks/backup_system_files.yml~
@@ -0,0 +1,34 @@
+---
+- name: check backup directory status
+  ansible.builtin.stat:
+    path: "{{ backup_etc_dir }}"
+  register: backup_dir
+  tags: ['backup_dir_status']
+
+- name: create backup directory if it does not exist
+  ansible.builtin.file:
+    path: "{{ backup_etc_dir }}"
+    state: directory
+  become: true
+  become_user: root
+  when: backup_dir.stat.isdir is not defined
+  tags: ['create_backup_dir']
+
+- name: backup of system files
+  ansible.builtin.copy:
+    src: /etc/{{ item  }}
+    remote_src: true
+    dest: "{{ backup_etc_dir }}/"
+    mode: preserve
+  with_items:
+    - hosts.allow
+    - hosts.deny
+    - inetd.conf
+    - sudoers
+    - hosts
+    - fstab
+    - inittab
+  become: true
+  become_user: root
+  when: backup_dir.stat.isdir is defined
+  tags: ['backup_files']
diff --git a/home/.ansible/roles/new_host/tasks/main.yml b/home/.ansible/roles/new_host/tasks/main.yml
new file mode 100644
index 0000000..fdbb644
--- /dev/null
+++ b/home/.ansible/roles/new_host/tasks/main.yml
@@ -0,0 +1,8 @@
+#  https://docs.ansible.com/ansible/2.9/user_guide/playbooks_reuse_includes.html#including-and-importing-task-files
+#  https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_playbook_module.html
+---
+- name: backup system files
+  ansible.builtin.import_tasks: backup_system_files.yml
+
+- name: update system files
+  ansible.builtin.import_tasks: update_system_files.yml
diff --git a/home/.ansible/roles/new_host/tasks/main.yml~ b/home/.ansible/roles/new_host/tasks/main.yml~
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/home/.ansible/roles/new_host/tasks/main.yml~
diff --git a/home/.ansible/roles/new_host/tasks/update_system_files.yml b/home/.ansible/roles/new_host/tasks/update_system_files.yml
new file mode 100644
index 0000000..90e0851
--- /dev/null
+++ b/home/.ansible/roles/new_host/tasks/update_system_files.yml
@@ -0,0 +1,64 @@
+# - a sample / example of copying files from the controller to the managed nodes
+#   - and/or updating files in place
+#
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html
+# https://docs.python.org/3/library/re.html
+# https://pythex.org/
+
+# 
+
+---
+- name: copy 'hosts.allow' to node(s)
+  ansible.builtin.copy:
+    src: hosts.allow
+    dest: "{{ backup_etc_dir }}/hosts.allow"
+    owner: root
+    group: root
+    mode: '0644'
+  tags: ['hosts.allow']
+
+- name: copy 'hosts.deny' to node(s)
+  ansible.builtin.copy:
+    src: hosts.deny
+    dest: "{{ backup_etc_dir }}/hosts.deny"
+    owner: root
+    group: root
+    mode: '0644'
+  tags: ['hosts.deny']
+
+- name: Validate the sudoers file before saving
+  ansible.builtin.lineinfile:
+    path: "{{ backup_etc_dir }}/sudoers"
+    state: present
+    regexp: '^# %wheel ALL=\(ALL:ALL\) ALL'
+    line: '%wheel ALL=(ALL:ALL) ALL'
+    validate: /usr/sbin/visudo -cf %s
+  tags: ['sudoers']
+
+- name: copy 'rc.firewall' to node(s)
+  ansible.builtin.copy:
+    src: rc.firewall
+    dest: "{{ backup_etc_dir }}/rc.firewall"
+    owner: root
+    group: root
+    mode: '0755'
+  tags: ['rc.firewall']
+
+- name: update slackpg mirror
+  ansible.builtin.lineinfile:
+    path: "{{ backup_etc_dir }}/mirrors"
+    state: present
+#    # slackware-current
+#    regexp: '^# https://mirror.slackbuilds.org/slackware/slackware64-current/'
+#    line: 'https://mirror.slackbuilds.org/slackware/slackware64-current/'
+    # slackware-15.0
+    regexp: '^# https://mirror.slackbuilds.org/slackware/slackware64-15.0/'
+    line: 'https://mirror.slackbuilds.org/slackware/slackware64-15.0/'
+  tags: ['slackpkg_mirrors']
+
+
+#- name: update slackpg blacklist
+#  ansible.builtin.replace:
+#    path: "{{ backup_etc_dir }}/blacklist"
+
diff --git a/home/.ansible/roles/new_host/tasks/update_system_files.yml~ b/home/.ansible/roles/new_host/tasks/update_system_files.yml~
new file mode 100644
index 0000000..f5e331b
--- /dev/null
+++ b/home/.ansible/roles/new_host/tasks/update_system_files.yml~
@@ -0,0 +1,7 @@
+---
+- name: copy '.bash_aliases' 
+  ansible.builtin.copy:
+    src: .bash_aliases
+    dest: "{{ backup_etc_dir }}/.bash_aliases"
+    mode: '0644'
+  tags: ['bash_aliases']
author	boom2 <blizzack@blizzack.com>	2023-12-14 17:24:25 -0500
committer	boom2 <blizzack@blizzack.com>	2023-12-14 17:24:25 -0500
commit	f30709d7dbe88d82c4df66c476db36cb5c0ce903 (patch)
tree	ca861d7aa3e30c73a4fefeb9186f221cf15a8ff5 /home/.ansible/roles/new_host/tasks
parent	d8a7729358a2fd3b911022e45d0197fda3e5da94 (diff)