update

wenerme · Jul 10, 2023 · 2d074e2 · 2d074e2
1 parent 1e1df23
commit 2d074e2
Show file tree

Hide file tree

Showing 16 changed files with 127 additions and 35 deletions.
diff --git a/Makefile b/Makefile
@@ -5,6 +5,10 @@ publish: build
  ansible-galaxy collection publish wenerme-alpine-$(shell yq r galaxy.yml version).tar.gz --api-key $$API_KEY
 
 lint:
- docker run --rm -h toolset -v $(PWD):/host -w /host quay.io/ansible/toolset ansible-lint
+ docker run --rm -h toolset -v $(PWD):/host -w /host quay.io/ansible/creator-ee ansible-lint
+
+dev:
+ @#docker run --rm -h toolset --entrypoint bash -it -v $(PWD):/host -w /host registry.cn-hongkong.aliyuncs.com/cmi/ansible_creator-ee
+ docker run --rm -h toolset --entrypoint bash -it -v $(PWD):/host -w /host quay.io/ansible/toolset
 
 ci: lint
diff --git a/playbooks/inv-keygen.yaml b/playbooks/inv-keygen.yaml
@@ -5,8 +5,9 @@
  file:
  path: "{{inv_name}}/credentials"
  state: directory
+ mode: 0600
  # ssh-keygen -t rsa -b 2048 -f ${inv_name}/credentials/admin_rsa -C "$inv_name-admin" -q -N ""
- - openssh_keypair:
+ - community.crypto.openssh_keypair:
  path: "{{inv_name}}/credentials/admin_rsa"
  size: 2048
  comment: Administrator

diff --git a/playbooks/inv-ssh-copy-id.yaml b/playbooks/inv-ssh-copy-id.yaml
@@ -6,7 +6,7 @@
  when: remote_user is undefined
  - name: Set authorized key taken from file
  become: "{{remote_user != ansible_user}}"
- authorized_key:
+ community.crypto.authorized_key:
  user: "{{remote_user}}"
  state: present
  key: "{{ lookup('file', inv_name+'/credentials/admin_rsa.pub') }}"
diff --git a/playbooks/ssh-copy-id.yaml b/playbooks/ssh-copy-id.yaml
@@ -13,7 +13,7 @@
  tasks:
  - name: Set authorized key taken from file
  become: "{{ remote_user != ansible_user }}"
- authorized_key:
+ community.crypto.authorized_key:
  user: "{{ remote_user }}"
  state: present
  key: "{{ lookup('file', ssh_pub_key_file) }}"
diff --git a/roles/alpine/defaults/main.yaml b/roles/alpine/defaults/main.yaml
@@ -1,7 +1,9 @@
 # alpine mirror
-# https://mirrors.ustc.edu.cn/alpine - slower
-# alpine_mirror: https://mirrors.aliyun.com/alpine
-alpine_mirror: https://mirrors.sjtug.sjtu.edu.cn/alpine
+# https://mirrors.ustc.edu.cn/alpine - 上海访问慢
+# https://mirrors.aliyun.com/alpine - 可能慢几天
+# https://mirrors.sjtug.sjtu.edu.cn/alpine - 没那么稳定
+# https://mirrors.tuna.tsinghua.edu.cn/alpine
+alpine_mirror: https://mirrors.tuna.tsinghua.edu.cn/alpine
 
 # docker mirror
 docker_mirror: https://docker.mirrors.ustc.edu.cn

diff --git a/roles/alpine/tasks/hostname.yaml b/roles/alpine/tasks/hostname.yaml
@@ -4,9 +4,9 @@
 # - "{{hostname|default('n/a')}}"
 # - "{{inventory_hostname}}"
 
-- name: set hostname
+- name: set hostname to "{{ hostname|default(inventory_hostname) }}"
  become: true
- hostname:
+ ansible.builtin.hostname:
  name: "{{ hostname|default(inventory_hostname) }}"
  use: alpine
 
@@ -18,4 +18,4 @@
  state: present
  loop:
  - "127.0.0.1"
- - "::"
+ - "::1"
diff --git a/roles/alpine/tasks/k0s-logrotate-conf.yaml b/roles/alpine/tasks/k0s-logrotate-conf.yaml
@@ -0,0 +1,14 @@
+- name: k0s logrotate
+ become: true
+ copy:
+ dest: /etc/logrotate.d/k0s
+ mode: 0644
+ content: |
+ /var/log/k0s.log {
+ missingok
+ notifempty
+ copytruncate
+ daily
+ rotate 7
+ maxage 365
+ }
diff --git a/roles/alpine/tasks/k3s-install.yaml b/roles/alpine/tasks/k3s-install.yaml
@@ -1,25 +1,28 @@
+# crond
+# apk add coreutils findutils iptables iproute2 nfs-utils
 - name: k3s | install deps
  become: true
  package:
  name: "{{ item }}"
  state: present
  loop:
- - conntrack-tools
- - containerd
  - coreutils
- - dbus
  - findutils
- - ipset
  - iptables
  - musl
- - socat
  - iproute2
  - nfs-utils
- - cni-plugins
- - k3s
- - k3s-openrc
-
+ # - conntrack-tools
+ # - containerd
+ # - dbus
+ # - ipset
+ # - socat
+ # - cni-plugins
+ # - k3s
+ # - k3s-openrc
+# apk add coreutils findutils iptables musl iproute2 nfs-utils socat
 # apk add conntrack-tools coreutils dbus findutils ipvsadm ipset iptables socat iproute2 nfs-utils
+# sudo apk del k3s cni-plugins conntrack-tools containerd dbus ipset socat
 
 # < v3.13
 # - name: k3s | install cni-plugins

diff --git a/roles/alpine/tasks/local-service.yaml b/roles/alpine/tasks/local-service.yaml
@@ -1,4 +1,4 @@
-- name: enable local server
+- name: local service | enable
  become: true
  service:
  name: local

diff --git a/roles/alpine/tasks/logrotate-service.yaml b/roles/alpine/tasks/logrotate-service.yaml
@@ -0,0 +1,6 @@
+- name: logrotate | install
+ become: true
+ apk:
+ name: logrotate
+
+- import_tasks: crond-service.yaml
diff --git a/roles/alpine/tasks/ntp-service.yaml b/roles/alpine/tasks/ntp-service.yaml
@@ -5,6 +5,7 @@
  when: ntp_service is undefined
 
 - name: ntp-service | install chrony
+ become: true
  apk:
  name: chrony
  when: ntp_service == 'chronyd'

diff --git a/roles/alpine/tasks/setup-ops.yaml b/roles/alpine/tasks/setup-ops.yaml
@@ -11,6 +11,9 @@
  - tree
  - rsync
  - htop
+ - btop
+ - procps
+ - lsof
  # 网络
  - iftop
  - tcpdump

diff --git a/roles/alpine/tasks/setup-phy.yaml b/roles/alpine/tasks/setup-phy.yaml
@@ -16,6 +16,8 @@
  - bind-tools
  - tcpdump
  - dmidecode
- # - lm-sernsor
- # - lm-sensors-sensord
- # - lm-sensors-detect
+ # server hw
+ - lm-sensors
+ - lm-sensors-sensord
+ - lm-sensors-detect
+ - smartmontools
diff --git a/roles/alpine/tasks/tinc-install.yaml b/roles/alpine/tasks/tinc-install.yaml
@@ -1,8 +1,3 @@
-- name: tinc | install tinc-pre
- become: true
- apk:
- name: tinc-pre
-
 - name: tinc | load modules
  become: true
  modprobe:
@@ -17,5 +12,12 @@
  path: /etc/modules-load.d/tinc.conf
  line: "{{ item }}"
  create: true
- mode: 0644
  loop: *modules
+
+- name: tinc | install
+ become: true
+ package:
+ name: "{{ item }}"
+ state: present
+ loop:
+ - tinc-pre
diff --git a/roles/alpine/tasks/tinc-supervise-install.yaml b/roles/alpine/tasks/tinc-supervise-install.yaml
@@ -1,7 +1,7 @@
-- name: tinc | install tincd.netanme service
+- name: tinc | install tinc.netanme service
  become: true
  copy:
- dest: /etc/init.d/tincd.netname
+ dest: /etc/init.d/tinc.netname
  mode: +x
  content: |
  #!/sbin/openrc-run
@@ -34,7 +34,7 @@
 
  checkconfig() {
  # warn this if not found
- if [ ! -f "/etc/tinc/$NETNAME/tinc.conf" ] ; then
+ if [ ! -f "/etc/tinc/$NETNAME/tinc.conf" ]; then
  eerror "No VPN network configured"
  return 1
  fi
@@ -47,10 +47,10 @@
  eend $?
  }
 
-- name: tinc | install tincd.{{ tinc_netname }}
+- name: tinc | install tinc.{{ tinc_netname }}
  become: true
  file:
- dest: /etc/init.d/tincd.{{ tinc_netname }}
- src: /etc/init.d/tincd.netname
+ dest: /etc/init.d/tinc.{{ tinc_netname }}
+ src: /etc/init.d/tinc.netname
  state: link
  when: tinc_netname is defined
diff --git a/roles/alpine/tasks/zfs-install.yaml b/roles/alpine/tasks/zfs-install.yaml
@@ -0,0 +1,54 @@
+- name: zfs-service | ensure udev
+ include_tasks: ensure-service.yaml
+ vars:
+ - service_name: udev
+
+- setup:
+ when: ansible_kernel is undefined
+ name: zfs-service | gather
+
+- name: zfs-service | install zfs with kernal {{ ansible_kernel }}
+ become: true
+ apk:
+ name: "{{ item }}"
+ loop:
+ - zfs
+ - zfs-udev
+ - "zfs-{{ ansible_kernel | regex_search('-([a-z]*?)$','\\1') | first | default('lts') }}"
+
+- name: zfs-service | load zfs module
+ become: true
+ modprobe:
+ name: zfs
+ state: present
+
+- name: zfs-service | persist zfs mpdule
+ become: true
+ lineinfile:
+ path: /etc/modules-load.d/zfs.conf
+ line: zfs
+ create: true
+ mode: 0644
+
+- name: zfs-service | start zfs
+ become: true
+ service:
+ name: "{{ item }}"
+ state: started
+ loop:
+ - zfs-import
+ - zfs-mount
+ tags:
+ - service-start
+
+- name: zfs-service | enable zfs on boot
+ become: true
+ service:
+ name: "{{ item }}"
+ enabled: true
+ runlevel: sysinit
+ loop:
+ - zfs-import
+ - zfs-mount
+ tags:
+ - service-enable