304 lines
9.1 KiB
YAML
Executable File
304 lines
9.1 KiB
YAML
Executable File
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
|
|
|
---
|
|
|
|
- name: "base main.yml"
|
|
debug:
|
|
verbosity: 1
|
|
msg: "DEBUG: Including base main.yml ansible_connection={{ ansible_connection|default('') }}"
|
|
|
|
- name: "Fix Gentoo"
|
|
set_fact:
|
|
ansible_distribution_major_version: 2
|
|
when: ansible_distribution == 'Gentoo'
|
|
|
|
- name: "Fix Windows"
|
|
set_fact:
|
|
# ansible_distribution_major_version: 9
|
|
ansible_distribution: Msys
|
|
ansible_bios_version: "mbr" # i.e. not Virtualbox
|
|
when: ansible_distribution == 'MSYS_NT-6.3-9600'
|
|
|
|
- name: "Fix Linux"
|
|
set_fact:
|
|
null_env:
|
|
TERM: linux
|
|
|
|
- name: check entropy state
|
|
shell: |
|
|
[ -e /proc/sys/kernel/random/entropy_avail ] || exit 0
|
|
cat /proc/sys/kernel/random/entropy_avail
|
|
changed_when: false
|
|
register: entropy2
|
|
# FixMe why dows this sometimes fail
|
|
ignore_errors: true
|
|
|
|
- name: entropy state
|
|
debug: var=entropy2
|
|
ignore_errors: true
|
|
|
|
- name: "include base by-platform vars"
|
|
include_vars: "{{item}}.yml"
|
|
with_items:
|
|
- "Linux"
|
|
- "{{ ansible_distribution }}{{ ansible_distribution_major_version }}"
|
|
tags: always
|
|
|
|
- name: "include_tasks base bootstrap"
|
|
include_tasks:
|
|
file: "{{ LOOP_FILE }}.yml"
|
|
apply:
|
|
environment: "{{ null_env }}"
|
|
when:
|
|
- LOOP_FILE != '' and LOOP_FILE != []
|
|
with_items:
|
|
- "{{ 'bootstrap' if ansible_distribution != 'Msys' and '{{nbd_disk}}' == '' else '' }}"
|
|
# - "{{ 'bootstrap_nbd' if ansible_distribution != 'Msys' and '{{nbd_disk}}' != '' else '' }}"
|
|
loop_control:
|
|
loop_var: LOOP_FILE
|
|
|
|
- name: "make /var/tmp/.ansible"
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 01777
|
|
with_items:
|
|
- /run/tmp
|
|
- /var/tmp/.ansible
|
|
- "{{BASE_LOG_DIR}}/pip"
|
|
- "{{BASE_LOG_DIR}}/pip/pip2"
|
|
- "{{BASE_LOG_DIR}}/pip/pip3"
|
|
- /usr/local/share/genkernel/overlay/bin
|
|
|
|
- name: "/usr/local/etc/testforge/testforge.ini BOF"
|
|
lineinfile:
|
|
dest: "/usr/local/etc/testforge/testforge.ini"
|
|
insertbefore: BOF
|
|
mode: 0755
|
|
owner: "{{BOX_ROOT_USER}}"
|
|
group: "{{BOX_ROOT_GROUP}}"
|
|
create: yes
|
|
regexp: "# -.- mode: sh; tab-width: 0; coding: utf-8-unix -.-"
|
|
line: "# -*- mode: sh; tab-width: 0; coding: utf-8-unix -*-"
|
|
|
|
- name: /usr/local/etc/testforge/testforge.ini proxy
|
|
blockinfile:
|
|
dest: /usr/local/etc/testforge/testforge.ini
|
|
create: yes
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK ini [base]"
|
|
block: |
|
|
[base]
|
|
BASE_USER_NAME: "{{ BOX_USER_NAME }}"
|
|
BASE_USER_HOME: "{{ BOX_USER_HOME }}"
|
|
BASE_ALSO_GROUP: "{{ BOX_ALSO_GROUP }}"
|
|
BASE_ALSO_USERS: "{{BOX_ALSO_USERS}}"
|
|
BASE_USER_CONFIG_DIR: ".config/testforge"
|
|
BASE_PYTHON2_MINOR: "{{BASE_PYTHON2_MINOR}}"
|
|
BASE_PYTHON3_MINOR: "{{BASE_PYTHON3_MINOR}}"
|
|
|
|
- name: "rsync base root_overlay"
|
|
synchronize:
|
|
src: "roles/base/overlay/{{item}}/"
|
|
dest: /
|
|
compress: no
|
|
copy_links: yes
|
|
archive: false
|
|
recursive: yes
|
|
links: true
|
|
owner: no
|
|
perms: true
|
|
times: true
|
|
rsync_opts: "{{ base_rsync_opts }} + ['--log-file=/tmp/rsync-base_{{BOX_HOST_NAME}}.log']"
|
|
with_items:
|
|
- Linux
|
|
- "{{ ansible_distribution }}"
|
|
notify:
|
|
- "chmod /usr/local"
|
|
- update-ca-certificates
|
|
when:
|
|
- not ansible_check_mode
|
|
# FixAns: This remote host is being accessed via chroot instead so it cannot work
|
|
# synchronize uses rsync to function. rsync needs to connect to the remote host via ssh, docker client or a direct filesystem copy. This remote host is being accessed via community.libvirt.libvirt_qemu instead so it cannot work.
|
|
- ansible_connection|default('') not in PLAY_NORSYNC_CONNECTIONS
|
|
tags:
|
|
- always
|
|
ignore_errors: "{{ansible_distribution == 'Msys'}}"
|
|
|
|
- name: "rsync root_overlay - the tar gets made by a make before running"
|
|
unarchive:
|
|
dest: /
|
|
src: "{{item}}.tar"
|
|
keep_newer: true
|
|
owner: "{{BASE_ROOT_USER}}"
|
|
group: "{{BOX_ROOT_GROUP}}"
|
|
# extra_opts: "{{ BASE_UNTAR_ARGS }}"
|
|
with_items:
|
|
- Linux
|
|
- "{{ ansible_distribution }}"
|
|
notify:
|
|
- update-ca-certificates
|
|
ignore_errors: true
|
|
when:
|
|
- not ansible_check_mode
|
|
# msg: synchronize uses rsync to function. rsync needs to connect to the remote host via ssh, docker client or a direct filesystem copy. This remote host is being accessed via community.libvirt.libvirt_qemu instead so it cannot work.
|
|
- ansible_connection|default('') in PLAY_NORSYNC_CONNECTIONS
|
|
|
|
- name: "include_tasks base before"
|
|
include_tasks:
|
|
file: "{{ LOOP_FILE }}.yml"
|
|
apply:
|
|
environment: "{{ null_env }}"
|
|
when:
|
|
- LOOP_FILE != '' and LOOP_FILE != []
|
|
with_items:
|
|
- base
|
|
- "{{ 'ansible' if ansible_distribution != 'Msys' else '' }}"
|
|
loop_control:
|
|
loop_var: LOOP_FILE
|
|
|
|
- name: "ansible-{{BOX_ANSIBLE_VERSION}}"
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
cd /usr/local/src
|
|
[ ! -d "ansible-{{BOX_ANSIBLE_VERSION}}" ] && \
|
|
[ ! -f "ansible-{{BOX_ANSIBLE_VERSION}}/setup.py" ] && \
|
|
[ -f {{USR_LOCAL}}/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz ] && \
|
|
tar xvfz {{USR_LOCAL}}/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz && \
|
|
chown -R {{BOX_USER_GROUP}}.{{BOX_USER_GROUP}} ansible-{{BOX_ANSIBLE_VERSION}}
|
|
exit 0
|
|
|
|
- name: "patch /usr/local/"
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
cd {{USR_LOCAL}}/patches/base || exit 1
|
|
# this vacuumns all diff files below the root
|
|
{{ BASE_SCRIPT_DIR }}/base_patch_from_diff.bash {{item}}
|
|
when:
|
|
- item != ''
|
|
- not ansible_check_mode
|
|
- false # FixMe not up to date
|
|
with_items:
|
|
- usr/local/src/ansible-{{BOX_ANSIBLE_VERSION}}
|
|
|
|
- name: chown vagrant ~vagrant
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
[ -d ~{{LOOP_USER}} ] || mkdir ~{{LOOP_USER}}
|
|
chown -R {{LOOP_USER}} ~{{LOOP_USER}}
|
|
#? [ -n "{{BOX_ALSO_GROUP}}" ] && chmod -R g+rw,o-w ~{{LOOP_USER}}
|
|
exit 0
|
|
loop_control:
|
|
loop_var: LOOP_USER
|
|
when: LOOP_USER != '' and LOOP_USER != []
|
|
with_items:
|
|
# not root
|
|
- "{{ base_system_users }}"
|
|
check_mode: false
|
|
|
|
- block:
|
|
|
|
- name: "make vagrant RO directories base"
|
|
file:
|
|
path: "{{ item|expanduser }}"
|
|
state: directory
|
|
owner: "{{ BOX_USER_NAME }}"
|
|
mode: 0700
|
|
with_items:
|
|
- "{{ BOX_USER_HOME }}/.cache"
|
|
- "{{ BOX_USER_HOME }}/.config"
|
|
- "{{ BOX_USER_HOME }}/.gpg"
|
|
- "{{ BOX_USER_HOME }}/.local/lib"
|
|
- "{{ BOX_USER_HOME }}/.ssh"
|
|
|
|
- name: "I think this is right make .local symlinks lib dirs"
|
|
file:
|
|
src: "{{ item.src | expanduser }}"
|
|
dest: "{{ item.dest | expanduser }}"
|
|
state: link
|
|
with_items:
|
|
- dest: "{{ BOX_USER_HOME }}/.local/lib64"
|
|
src: "{{ BOX_USER_HOME }}/.local/lib"
|
|
mode: "0755"
|
|
- dest: "{{ BOX_USER_HOME }}/.local/lib/python{{BASE_PYTHON3_MINOR}}"
|
|
src: "{{ USR_LOCAL }}/lib/python{{BASE_PYTHON3_MINOR}}"
|
|
mode: "0755"
|
|
- dest: "{{ BOX_USER_HOME }}/.local/lib/python{{BASE_PYTHON2_MINOR}}"
|
|
src: "{{ USR_LOCAL }}/lib/python{{BASE_PYTHON2_MINOR}}"
|
|
mode: "0755"
|
|
ignore_errors: true
|
|
|
|
- name: "make vagrant RO files base"
|
|
copy:
|
|
dest: "{{ BOX_USER_HOME }}/{{ item }}"
|
|
src: "{{ lookup('env','HOME') }}/{{ item }}"
|
|
force: no
|
|
mode: 0600
|
|
with_items:
|
|
- ".bashrc"
|
|
- ".bash_profile"
|
|
ignore_errors: true
|
|
# template or skel this
|
|
|
|
when:
|
|
- not ansible_check_mode
|
|
|
|
# libvirt become is not working?
|
|
|
|
- name: openssl.cnf cacert.pem
|
|
# FixMe: PLAY_CA_CERT or /etc/ssl/certs/ca-certificates.crt
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
PIP_CERT="{{ PLAY_CA_CERT }}"
|
|
ignore_errors: true
|
|
|
|
- block:
|
|
|
|
# host or guest
|
|
- name: /boot/grub/grub.cfg
|
|
environment: "{{ shell_env }}"
|
|
shell: |
|
|
grep -q quiet /boot/grub/grub.cfg || exit 0
|
|
sed -e 's/ quiet//' -i /boot/grub/grub.cfg
|
|
exit 0
|
|
|
|
- name: "include_tasks base users.yml"
|
|
include_tasks:
|
|
file: "users.yml"
|
|
apply:
|
|
environment: "{{ null_env }}"
|
|
become: yes
|
|
become_user: "{{ LOOP_USER }}"
|
|
check_mode: false
|
|
tags: always
|
|
loop_control:
|
|
loop_var: LOOP_USER
|
|
when:
|
|
- LOOP_USER != '' and LOOP_USER != []
|
|
- false # FixMe : filters
|
|
with_items:
|
|
- "base_system_users"
|
|
- "'root' if ansible_distribution != 'Msys' else ''"
|
|
#? when: CHROOT_GENTOO_STAGE3|default('') == ''
|
|
tags: always
|
|
|
|
- name: "include_tasks base after"
|
|
include_tasks:
|
|
file: "{{ LOOP_FILE }}.yml"
|
|
when:
|
|
- "LOOP_FILE != ''"
|
|
with_items:
|
|
# FixMe: WTF?
|
|
- "base_proxy"
|
|
# or
|
|
# before Gentoo.yml
|
|
- "{{ 'lati' if ansible_virtualization_role|replace('NA', 'host') == 'host' and HOSTNAME_HARDWARE|default('') == 'lati' else '' }}"
|
|
- "{{ ansible_distribution }}"
|
|
# - "{{ ansible_distribution }}/{{ BOX_SERVICE_MGR }}"
|
|
- "{{ 'guest_virtualbox' if ansible_bios_version|default('') == 'VirtualBox' else '' }}"
|
|
# - "{{ 'guest_whonix' if ansible_virtualization_type == 'kvm' and BOX_OS_FLAVOR|default('') in ['WhonixGateway','WhonixWorkstation'] }}"
|
|
- "{{ 'guest_whonix' if ansible_connection in ['chroot', 'libvirt_qemu'] and BOX_OS_FLAVOR|default('') in ['WhonixGateway','WhonixWorkstation'] else ''}}"
|
|
loop_control:
|
|
loop_var: LOOP_FILE
|
|
|
|
# "ansible_service_mgr": "systemd",
|