227 lines
6.7 KiB
YAML
Executable File
227 lines
6.7 KiB
YAML
Executable File
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
|
|
|
---
|
|
|
|
- name: "base main.yml"
|
|
debug:
|
|
verbosity: 1
|
|
msg: "DEBUG: Including base main.yml ansible_connection={{ ansible_connection|default('') }}"
|
|
|
|
- name: "Fix Gentoo"
|
|
set_fact:
|
|
ansible_distribution_major_version: 2
|
|
when: ansible_distribution == 'Gentoo'
|
|
|
|
- name: "Fix Windows"
|
|
set_fact:
|
|
# ansible_distribution_major_version: 9
|
|
ansible_distribution: Msys
|
|
ansible_bios_version: "mbr" # i.e. not Virtualbox
|
|
when: ansible_distribution == 'MSYS_NT-6.3-9600'
|
|
|
|
- name: "Fix Linux"
|
|
set_fact:
|
|
null_env:
|
|
TERM: linux
|
|
|
|
- name: check entropy state
|
|
shell: |
|
|
[ -e /proc/sys/kernel/random/entropy_avail ] || exit 0
|
|
cat /proc/sys/kernel/random/entropy_avail
|
|
changed_when: false
|
|
register: entropy2
|
|
# FixMe why dows this sometimes fail
|
|
ignore_errors: true
|
|
|
|
- name: entropy state
|
|
debug: var=entropy2
|
|
ignore_errors: true
|
|
|
|
- name: "include base by-platform vars"
|
|
include_vars: "{{item}}.yml"
|
|
with_items:
|
|
- "Linux"
|
|
- "{{ ansible_distribution }}{{ ansible_distribution_major_version }}"
|
|
tags: always
|
|
|
|
- name: "include_tasks base bootstrap"
|
|
include_tasks:
|
|
file: "{{ LOOP_FILE }}.yml"
|
|
apply:
|
|
environment: "{{ null_env }}"
|
|
when:
|
|
- LOOP_FILE != '' and LOOP_FILE != []
|
|
with_items:
|
|
- "{{ 'bootstrap' if ansible_distribution != 'Msys' and '{{nbd_disk}}' == '' else '' }}"
|
|
# - "{{ 'bootstrap_nbd' if ansible_distribution != 'Msys' and '{{nbd_disk}}' != '' else '' }}"
|
|
loop_control:
|
|
loop_var: LOOP_FILE
|
|
|
|
- name: "make /var/tmp/.ansible"
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 01777
|
|
with_items:
|
|
- /var/tmp/.ansible
|
|
- "{{BASE_LOG_DIR}}/pip"
|
|
- "{{BASE_LOG_DIR}}/pip/pip2"
|
|
- "{{BASE_LOG_DIR}}/pip/pip3"
|
|
|
|
- name: "rsync base root_overlay"
|
|
synchronize:
|
|
src: "roles/base/overlay/{{item}}/"
|
|
dest: /
|
|
compress: no
|
|
copy_links: yes
|
|
archive: false
|
|
recursive: yes
|
|
links: true
|
|
owner: no
|
|
perms: true
|
|
times: true
|
|
rsync_opts: "{{ base_rsync_opts }} + ['--log-file=/tmp/rsync-base_{{BOX_HOST_NAME}}.log']"
|
|
with_items:
|
|
- Linux
|
|
- "{{ ansible_distribution }}"
|
|
notify:
|
|
- "chmod /usr/local"
|
|
- update-ca-certificates
|
|
when:
|
|
- not ansible_check_mode
|
|
# FixAns: This remote host is being accessed via chroot instead so it cannot work
|
|
# synchronize uses rsync to function. rsync needs to connect to the remote host via ssh, docker client or a direct filesystem copy. This remote host is being accessed via community.libvirt.libvirt_qemu instead so it cannot work.
|
|
- ansible_connection|default('') not in PLAY_NORSYNC_CONNECTIONS
|
|
tags:
|
|
- always
|
|
ignore_errors: "{{ansible_distribution == 'Msys'}}"
|
|
|
|
- name: "rsync root_overlay - the tar gets made by a make before running"
|
|
unarchive:
|
|
dest: /
|
|
src: "{{item}}.tar"
|
|
keep_newer: true
|
|
owner: "{{BASE_ROOT_USER}}"
|
|
group: "{{BOX_ROOT_GROUP}}"
|
|
# extra_opts: "{{ BASE_UNTAR_ARGS }}"
|
|
with_items:
|
|
- Linux
|
|
- "{{ ansible_distribution }}"
|
|
notify:
|
|
- update-ca-certificates
|
|
ignore_errors: true
|
|
when:
|
|
- not ansible_check_mode
|
|
# msg: synchronize uses rsync to function. rsync needs to connect to the remote host via ssh, docker client or a direct filesystem copy. This remote host is being accessed via community.libvirt.libvirt_qemu instead so it cannot work.
|
|
- ansible_connection|default('') in PLAY_NORSYNC_CONNECTIONS
|
|
|
|
- name: "include_tasks base before"
|
|
include_tasks:
|
|
file: "{{ LOOP_FILE }}.yml"
|
|
apply:
|
|
environment: "{{ null_env }}"
|
|
when:
|
|
- LOOP_FILE != '' and LOOP_FILE != []
|
|
with_items:
|
|
- base
|
|
- "{{ 'ansible' if ansible_distribution != 'Msys' else '' }}"
|
|
loop_control:
|
|
loop_var: LOOP_FILE
|
|
|
|
- name: "ansible-{{BOX_ANSIBLE_VERSION}}"
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
cd /usr/local/src
|
|
[ ! -d "ansible-{{BOX_ANSIBLE_VERSION}}" ] && \
|
|
[ ! -f "ansible-{{BOX_ANSIBLE_VERSION}}/setup.py" ] && \
|
|
[ -f /usr/local/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz ] && \
|
|
tar xvfz /usr/local/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz && \
|
|
chown -R {{BOX_USER_GROUP}}.{{BOX_USER_GROUP}} ansible-{{BOX_ANSIBLE_VERSION}}
|
|
exit 0
|
|
|
|
- name: "patch /usr/local/"
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
cd /usr/local/patches/base || exit 1
|
|
# this vacuumns all diff files below the root
|
|
{{ BASE_SCRIPT_DIR }}/base_patch_from_diff.bash {{item}}
|
|
when:
|
|
- item != ''
|
|
- not ansible_check_mode
|
|
with_items:
|
|
- usr/local/src/ansible-{{BOX_ANSIBLE_VERSION}}
|
|
|
|
|
|
- name: chown vagrant ~vagrant
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
[ -d ~{{LOOP_USER}} ] || mkdir ~{{LOOP_USER}}
|
|
chown -R {{LOOP_USER}} ~{{LOOP_USER}}
|
|
#? [ -n "{{BOX_ALSO_GROUP}}" ] && chmod -R g+rw,o-w ~{{LOOP_USER}}
|
|
exit 0
|
|
loop_control:
|
|
loop_var: LOOP_USER
|
|
when: LOOP_USER != '' and LOOP_USER != []
|
|
with_items:
|
|
# not root
|
|
- "{{ base_system_users }}"
|
|
check_mode: false
|
|
|
|
- name: openssl.cnf cacert.pem
|
|
# FixMe: PLAY_CA_CERT or /etc/ssl/certs/ca-certificates.crt
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
PIP_CERT="{{ PLAY_CA_CERT }}"
|
|
ignore_errors: true
|
|
|
|
- block:
|
|
|
|
# host or guest
|
|
- name: /boot/grub/grub.cfg
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
grep -q quiet /boot/grub/grub.cfg || exit 0
|
|
sed -e 's/ quiet//' -i /boot/grub/grub.cfg
|
|
exit 0
|
|
|
|
- name: "include_tasks base users.yml"
|
|
include_tasks:
|
|
file: "users.yml"
|
|
apply:
|
|
environment: "{{ null_env }}"
|
|
become: yes
|
|
become_user: "{{ LOOP_USER }}"
|
|
check_mode: false
|
|
tags: always
|
|
loop_control:
|
|
loop_var: LOOP_USER
|
|
when:
|
|
- LOOP_USER != '' and LOOP_USER != []
|
|
- false # FixMe : filters
|
|
with_items:
|
|
- "base_system_users"
|
|
- "'root' if ansible_distribution != 'Msys' else ''"
|
|
#? when: CHROOT_GENTOO_STAGE3|default('') == ''
|
|
tags: always
|
|
|
|
- name: "include_tasks base after"
|
|
include_tasks:
|
|
file: "{{ LOOP_FILE }}.yml"
|
|
when:
|
|
- "LOOP_FILE != ''"
|
|
with_items:
|
|
# FixMe: WTF?
|
|
- "base_proxy"
|
|
# or
|
|
# before Gentoo.yml
|
|
- "{{ 'lati' if ansible_virtualization_role|replace('NA', 'host') == 'host' and HOSTNAME_HARDWARE|default('') == 'lati' else '' }}"
|
|
- "{{ ansible_distribution }}"
|
|
# - "{{ ansible_distribution }}/{{ BOX_SERVICE_MGR }}"
|
|
- "{{ 'guest_virtualbox' if ansible_bios_version|default('') == 'VirtualBox' else '' }}"
|
|
# - "{{ 'guest_whonix' if ansible_virtualization_type == 'kvm' and BOX_OS_FLAVOR|default('') in ['WhonixGateway','WhonixWorkstation'] }}"
|
|
- "{{ 'guest_whonix' if ansible_connection in ['chroot', 'libvirt_qemu'] and BOX_OS_FLAVOR|default('') in ['WhonixGateway','WhonixWorkstation'] else ''}}"
|
|
loop_control:
|
|
loop_var: LOOP_FILE
|
|
|
|
# "ansible_service_mgr": "systemd",
|