356 lines
10 KiB
YAML
356 lines
10 KiB
YAML
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
|
|
|
---
|
|
|
|
- name: "toxcore main.yml"
|
|
debug:
|
|
verbosity: 1
|
|
msg: "toxcore main.yml BOX_OS_FAMILY={{BOX_OS_FAMILY}} {{BOX_GENTOO_FROM_MP}} {{ansible_virtualization_role|replace('NA', 'host')}}"
|
|
|
|
- name: toxcore include_vars
|
|
include_vars: "{{item}}.yml"
|
|
with_items:
|
|
- Linux
|
|
- "{{ ansible_distribution }}{{ ansible_distribution_major_version }}"
|
|
tags: always
|
|
|
|
- name: "rsync toxcore root_overlay"
|
|
synchronize:
|
|
src: "roles/toxcore/overlay/{{item}}/"
|
|
dest: /
|
|
compress: no
|
|
copy_links: yes
|
|
archive: no
|
|
recursive: yes
|
|
links: no
|
|
owner: no
|
|
perms: no
|
|
times: yes
|
|
rsync_opts: "{{base_rsync_opts}}"
|
|
with_items:
|
|
- Linux
|
|
- "{{ ansible_distribution }}"
|
|
notify:
|
|
- chmod /var/local
|
|
when:
|
|
- not ansible_check_mode
|
|
# FixAns: This remote host is being accessed via chroot instead so it cannot work
|
|
- ansible_connection|default('') not in PLAY_NORSYNC_CONNECTIONS
|
|
tags:
|
|
- always
|
|
|
|
- name: rsync root_overlay - tar before running
|
|
unarchive:
|
|
dest: /
|
|
src: "{{item}}.tar"
|
|
keep_newer: true
|
|
owner: "{{BOX_ROOT_USER}}"
|
|
# extra_opts: "{{ BASE_UNTAR_ARGS }}"
|
|
with_items:
|
|
- Linux
|
|
- "{{ ansible_distribution }}"
|
|
notify:
|
|
- chmod /usr/local
|
|
ignore_errors: true
|
|
when:
|
|
- not ansible_check_mode
|
|
# FixAns: This remote host is being accessed via chroot instead so it cannot work
|
|
- ansible_connection|default('') in PLAY_NORSYNC_CONNECTIONS
|
|
|
|
- name: "make /var/local/var/log/testforge toxcore"
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0775
|
|
with_items:
|
|
- "{{ TOXCORE_LOG_DIR }}"
|
|
- "{{ TOXCORE_DAILY_LOG }}"
|
|
# - "{{ TOXCORE_WEEKLY_LOG }}"
|
|
# - "{{ TOXCORE_MONTHLY_LOG }}"
|
|
tags:
|
|
- hourly
|
|
- daily
|
|
- weekly
|
|
- monthly
|
|
|
|
- name: "/var/local/bin/toxcore_sign_modules.bash modules needed toxcore_kmods_in_host"
|
|
shell: |
|
|
KVER=`cat /proc/cmdline |sed -e 's/ .*//' -e 's/BOOT_IMAGE=//' -e 's/kernel-[a-z]*-x86_64-//'`
|
|
KDIR=/lib/modules/$KVER
|
|
DIR=$KDIR/misc
|
|
[ -d $DIR ] || { echo WARN: no directory $DIR ; exit 0 ; }
|
|
/var/local/bin/toxcore_sign_modules.bash {{ toxcore_kmods_in_host|flatten|join(' ') }}
|
|
|
|
when: false
|
|
# this changes with kernel 4 -> 5
|
|
|
|
- name: modprobe VM modules toxcore_kmods_in_host
|
|
modprobe:
|
|
name: "{{ item }}"
|
|
state: "{{ 'absent' if ansible_virtualization_role|replace('NA', 'host') != 'host' else 'present'}}"
|
|
when:
|
|
- item != ''
|
|
with_items: "{{ toxcore_kmods_in_host }}"
|
|
ignore_errors: true
|
|
|
|
- name: modprobe VM modules toxcore_kmods_not_in_host
|
|
modprobe:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
with_items: "{{ toxcore_kmods_not_in_host }}"
|
|
when: false
|
|
# I'm not sure kvm should be missing anymore 5+
|
|
ignore_errors: true
|
|
|
|
- name: include by-platform tasks
|
|
include_tasks: "{{ ansible_distribution }}.yml"
|
|
|
|
- name: grub.cfg from roles/ansible-gentoo_install/tasks/
|
|
shell: |
|
|
LINE="rd.skipfsck=1 ipv6.disable=1 console=tty1 lang=en keymap=us"
|
|
# LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
|
|
LINE="$LINE intel_iommu=on vga=0x315 text"
|
|
grep /boot /etc/fstab || exit 1
|
|
df | grep /boot || mount /boot || exit 2
|
|
[ -d /boot/grub ] || exit 3
|
|
[ -f /boot/grub/grub.cfg ] || exit 4
|
|
[ -f /boot/grub/grub.cfg.dst ] || cp -p /boot/grub/grub.cfg /boot/grub/grub.cfg.dst
|
|
sed -e 's@ ro *$@ '"$LINE"' ro@' -i /boot/grub/grub.cfg
|
|
ignore_errors: true
|
|
|
|
- name: add standard_users to groups
|
|
user:
|
|
name: "{{ item.0 }}"
|
|
append: true
|
|
groups: "{{ item.1 }}"
|
|
when:
|
|
- item != ''
|
|
# some groups may not be there
|
|
ignore_errors: true
|
|
with_nested:
|
|
- "{{ base_system_users }}"
|
|
- "{{ toxcore_standard_users_groups }}"
|
|
|
|
- name: "make a directory for /data/Vms"
|
|
file:
|
|
path: "{{item }}"
|
|
state: directory
|
|
mode: 0775
|
|
with_items:
|
|
- "{{TOXCORE_VMS_DIR}}"
|
|
- "{{TOXCORE_VMS_DIR}}/Instances"
|
|
- "{{TOXCORE_VMS_DIR}}/Qemu"
|
|
- "{{TOXCORE_VMS_DIR}}/Boxes"
|
|
#? - "{{TOXCORE_VMS_DIR}}/vagrant.d/tmp"
|
|
check_mode: false
|
|
|
|
- name: "toxcore gpg keys system"
|
|
# Option --keyserver must be used to
|
|
environment: "{{ shell_proxy_env }}"
|
|
shell: |
|
|
/usr/bin/gpg --list-keys | grep "{{ item.primary }}" || \
|
|
/usr/bin/gpg --recv-keys "{{ item.uid }}" # --keyserver "{{ TOXCORE_GPG_SERVER }}"
|
|
with_items: "{{ toxcore_gpg_keys_system }}"
|
|
when:
|
|
- toxcore_gpg_keys_system|length > 0
|
|
- BASE_ARE_CONNECTED|default('') != ''
|
|
ignore_errors: true
|
|
|
|
- name: "toxcore gpg keys gentoo"
|
|
environment: "{{ shell_proxy_env }}"
|
|
shell: |
|
|
[ -f /usr/share/openpgp-keys/gentoo-release.asc ] && exit 0
|
|
gpg --import /usr/local/share/openpgp-keys/gentoo-release.asc
|
|
|
|
# this should not run as root
|
|
# delegate_to: localhost? - no - per test
|
|
- name: "usr_local_toxcore.bash"
|
|
environment: "{{ shell_proxy_env }}"
|
|
shell: |
|
|
umask 0002
|
|
bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \
|
|
{{ 'check' if ansible_check_mode }}
|
|
exit 0
|
|
args:
|
|
chdir: "{{TOXCORE_USR_LOCAL}}/src"
|
|
become: yes
|
|
become_user: "{{ BOX_USER_NAME }}"
|
|
ignore_errors: true
|
|
check_mode: false
|
|
|
|
- name: "include_tasks toxcore vms as root"
|
|
include_tasks:
|
|
file: "{{LOOP_ITEM}}.yml"
|
|
apply:
|
|
environment: "{{ proxy_env }}"
|
|
when:
|
|
- LOOP_ITEM != '' and LOOP_ITEM != []
|
|
with_items:
|
|
- "vms"
|
|
- "{{ 'libvirt_whonix' if (BOX_WHONIX_PROXY_HOST != '' or 'libvirt' in BOX_HOSTVMS_FEATURES or 'whonix' in BOX_TOXCORE_FEATURES) else [] }}"
|
|
loop_control:
|
|
loop_var: LOOP_ITEM
|
|
|
|
- name: "include_tasks toxcore users on the command host"
|
|
include_tasks:
|
|
file: "{{ LOOP_USER_F[1] }}"
|
|
apply:
|
|
environment: "{{ proxy_env }}"
|
|
become_user: "{{ LOOP_USER_F[0] }}"
|
|
when:
|
|
- "LOOP_USER_F[1] != ''"
|
|
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
|
|
with_nested:
|
|
-
|
|
- "{{ toxcore_system_users }}"
|
|
-
|
|
- users.yml
|
|
loop_control:
|
|
loop_var: LOOP_USER_F
|
|
|
|
- name: "include_tasks toxcore users as user"
|
|
include_tasks:
|
|
file: "{{ LOOP_USER_F[1] }}.yml"
|
|
apply:
|
|
environment: "{{ proxy_env }}"
|
|
become_user: "{{ LOOP_USER_F[0] }}"
|
|
when:
|
|
- "LOOP_USER_F[1] != ''"
|
|
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
|
|
- false
|
|
with_nested:
|
|
- "{{ toxcore_system_users }}"
|
|
-
|
|
#no - users
|
|
- "{{ 'libvirt_users' if 'libvirt' in TOXCORE_FEATURES else '' }}"
|
|
# - "{{ 'qemu_users' if 'qemu' in TOXCORE_FEATURES else '' }}"
|
|
# - "{{ 'docker_users' if 'docker' in TOXCORE_FEATURES else '' }}"
|
|
loop_control:
|
|
loop_var: LOOP_USER_F
|
|
|
|
- name: enable and start toxcore services
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: yes
|
|
state: started
|
|
when:
|
|
- "item != ''"
|
|
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
|
|
- "toxcore_services_enabled|length > 0"
|
|
with_items: "{{ toxcore_services_enabled }}"
|
|
ignore_errors: true
|
|
|
|
- name: start toxcore services
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: no
|
|
state: started
|
|
when:
|
|
- "item != ''"
|
|
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
|
|
- false
|
|
with_items: "{{ toxcore_services_started }}"
|
|
ignore_errors: true
|
|
|
|
- name: stop toxcore services
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: no
|
|
state: stopped
|
|
failed_when: false
|
|
when:
|
|
- "item != ''"
|
|
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
|
|
- false
|
|
with_items: "{{ toxcore_services_stopped }}"
|
|
|
|
- name: run ansible-gentoo_install
|
|
include_role:
|
|
name: ansible-gentoo_install
|
|
when:
|
|
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
|
|
# - BOX_OS_FAMILY == 'Gentoo' or BOX_GENTOO_FROM_MP not in ['/', '']
|
|
|
|
# Set BOX_NBD_OVERLAY_DIR environment variable to override storage location for VMs
|
|
# -b Bridge interface to use (defaults to virbr0)
|
|
# -m MAC address to use (default is to use a randomly-generated MAC)
|
|
# -p ansible users plaintext password
|
|
# -k Full path and name of the ansible user's public key file (required)
|
|
|
|
- name: run toxcore_create-vm.bash
|
|
delegate_to: localhost
|
|
shell: |
|
|
export BOX_NBD_OVERLAY_DIR=${BOX_NBD_OVERLAY_DIR:-"${HOME}/vms/virsh"}
|
|
[ '{{BOX_NBD_OVERLAY_NAME}}' != '' ] || exit 1
|
|
[ '{{BOX_NBD_OVERLAY_DIR}}' != '' ] || exit 2
|
|
[ '{{BOX_NBD_BASE_PUBKEY}}' != '' ] || exit 3
|
|
[ '{{BOX_NBD_BASE_QCOW}}' != '' ] || exit 4
|
|
[ '{{BOX_NBD_OVERLAY_RAM}}' != '' ] || exit 5
|
|
[ '{{BOX_NBD_OVERLAY_BR}}' != '' ] || exit 6
|
|
[ '{{BOX_NBD_OVERLAY_GB}}' != '' ] || exit 7
|
|
[ '{{BOX_NBD_OVERLAY_CPUS}}' != '' ] || exit 8
|
|
[ '{{BOX_NBD_OVERLAY_PASS}}' != '' ] || exit 9
|
|
if [ ! -f '{{BOX_NBD_BASE_QCOW}}' ] ; then
|
|
echo WARN: '{{BOX_NBD_BASE_QCOW}}' not built yet - skipping
|
|
exit 0
|
|
fi
|
|
if [ -z '{{BOX_NBD_BASE_PASS}}' ] ; then
|
|
echo WARN: 'BOX_NBD_BASE_PASS' empty
|
|
exit 10
|
|
fi
|
|
toxcore_create-vm.bash \
|
|
-n {{BOX_NBD_OVERLAY_NAME}} \
|
|
-k {{BOX_NBD_BASE_PUBKEY}} \
|
|
-i {{BOX_NBD_BASE_QCOW}} \
|
|
-s {{BOX_NBD_OVERLAY_GB}} \
|
|
-c {{BOX_NBD_OVERLAY_CPUS}} \
|
|
-r {{BOX_NBD_OVERLAY_RAM}} \
|
|
-d {{BOX_NBD_OVERLAY_DIR}} \
|
|
-b {{BOX_NBD_OVERLAY_BR}} \
|
|
-p {{BOX_NBD_OVERLAY_PASS}} \
|
|
-o gentoo
|
|
ignore_errors: true
|
|
when:
|
|
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
|
|
|
|
# run this last
|
|
|
|
# works with apply tags hourly
|
|
- name: toxcore hourly include_tasks
|
|
include_tasks:
|
|
file: "hourly.yml"
|
|
apply:
|
|
tags:
|
|
- always
|
|
with_items:
|
|
- "{{ toxcore_system_users }}"
|
|
loop_control:
|
|
loop_var: LOOP_USER
|
|
tags:
|
|
- always
|
|
|
|
- name: toxcore daily include_tasks
|
|
include_tasks:
|
|
file: "daily.yml"
|
|
apply:
|
|
environment: "{{ proxy_env }}"
|
|
tags:
|
|
- daily
|
|
tags:
|
|
- daily
|
|
|
|
- name: toxcore weekly include_tasks
|
|
include_tasks:
|
|
file: "weekly.yml"
|
|
apply:
|
|
environment: "{{ proxy_env }}"
|
|
tags:
|
|
- weekly
|
|
tags:
|
|
- weekly
|
|
when: false
|
|
|
|
|
|
# replace this ^A with a control-A to provoke an error in the error handler of yamlint
|
|
# yaml.reader.ReaderError: unacceptable character #x0001: special characters are not allowed
|