Browse Source

server bootstrap fixes

master
theYinYeti@yalis.fr 8 months ago
committed by Y
parent
commit
817bbe9f81
7 changed files with 24 additions and 19 deletions
  1. +3
    -3
      bootstrap.adoc
  2. +2
    -2
      roles/_maintenance_start/tasks/main.yml
  3. +3
    -3
      roles/_maintenance_stop/tasks/main.yml
  4. +1
    -0
      roles/front/meta.OK/main.yml
  5. +12
    -8
      roles/front/tasks/main.yml
  6. +2
    -2
      roles/init/tasks/main.yml
  7. +1
    -1
      site.yml

+ 3
- 3
bootstrap.adoc View File

@@ -231,7 +231,7 @@ root@archiso ~ # mkdir -p $DMZ/var
root@archiso ~ # mount $LVM/{data-vg}-ContVar $DMZ/var
root@archiso ~ # mkdir -p $DMZ/srv/{acme,webapps}
root@archiso ~ # mkdir -p $DMZ/var/cache/{ddclient,movim}
root@archiso ~ # mkdir -p $DMZ/var/lib/{prosody,transmission}
root@archiso ~ # mkdir -p $DMZ/var/lib/{movim,prosody,transmission}
root@archiso ~ # mkdir -p $DMZ/var/log/nginx

root@archiso ~ # mount \
@@ -282,7 +282,7 @@ Archlinux installation::
* When this is done, be sure to check that `/mnt/etc/fstab` perfectly matches the wanted result (the above mount points).
+
```bash
root@archiso ~ # pacstrap /mnt base arch-install-scripts intel-ucode \
root@archiso ~ # pacstrap /mnt base arch-install-scripts intel-ucode linux \
> openssh python2 etckeeper git lvm2 btrfs-progs rsync
root@archiso ~ # genfstab -L /mnt >>/mnt/etc/fstab
@@ -365,7 +365,7 @@ This line is only interesting if the main data drive is connected with USB.
In theory, at this stage, the machine is ready to be controlled by Ansible.
However, Ansible fails at first, because for some reason, `pacstrap` in the “front” Ansible role fails to initialize the DMZ if the location already contains mount points, so:

. I had to temporarily unmount everything under `/var/lib/machines/{front-name}`, and delete the `/var/lib/machines/{front-name}/usr` sub-diretory.
. I had to temporarily unmount everything under `/var/lib/machines/{front-name}`, and delete `/var/lib/machines/{front-name}/*`.
. I also temporarily commented out the whole front-half of `site.xml`, as well as the “front-run” role of the back part.
. Then I ran Ansible again.
. When the DMZ was correctly initialized, I renamed `/var/lib/machines/{front-name}/var` to `/var/lib/machines/{front-name}/var.new`.


+ 2
- 2
roles/_maintenance_start/tasks/main.yml View File

@@ -11,7 +11,7 @@
minidlna.service \
nfs-server.service
do
systemctl stop $u
systemctl stop $u || true
done
when:
- (inventory_hostname in groups['back'])
@@ -19,7 +19,7 @@
- name: stop some services
shell: |
for u in spamassassin.service spamassassin-update.{timer,service}; do
systemctl stop $u
systemctl stop $u || true
done
when:
- (inventory_hostname in groups['front'])

+ 3
- 3
roles/_maintenance_stop/tasks/main.yml View File

@@ -14,14 +14,14 @@
minidlna.service \
nfs-server.service
do
systemctl start $u
systemctl start $u || true
done
when:
- (inventory_hostname in groups['back'])

- name: restart some services
shell: |
systemctl start spamassassin.service
systemctl start spamassassin-update.timer
systemctl start spamassassin.service || true
systemctl start spamassassin-update.timer || true
when:
- (inventory_hostname in groups['front'])

+ 1
- 0
roles/front/meta.OK/main.yml View File

@@ -6,3 +6,4 @@
dependencies:
- role: init
- role: cleanupdate
- role: sockets

+ 12
- 8
roles/front/tasks/main.yml View File

@@ -49,8 +49,6 @@
args:
creates: "{{front_dir}}/usr"
register: arch
notify:
- restart DMZ

- name: enable BusyBox…
command: |
@@ -64,13 +62,22 @@
state: absent
when: (arch.changed)
with_items:
# base-devel needs patch
# base-devel needs patch, gawk (owns awk), which
- patch
- gawk
- awk
- which
# exim owns sendmail
- sendmail
# spamassassin needs gcc needs binutils owns ar + strings
- ar
- strings
# make needs guile needs texinfo needs gzip + less, own: less, gunzip, gzip, uncompress, zcat
- less
- gunzip
- gzip
- uncompress
- zcat
# util-linux owns setpriv, rfkill
- setpriv
- rfkill
@@ -84,6 +91,8 @@
- slattach
# vim owns xxd
- xxd
# php-imagick needs imagemagick needs libtool needs tar
- tar

- name: copy some files from host to container
copy:
@@ -124,8 +133,6 @@
src: files/nspawn_override.conf
dest: /etc/systemd/system/systemd-nspawn@.service.d/override.conf
mode: 0644
notify:
- restart DMZ

- name: enable machines.target
systemd:
@@ -145,8 +152,6 @@
src: files/DMZ.nspawn
dest: "/etc/systemd/nspawn/{{DMZ}}.nspawn"
mode: 0644
notify:
- restart DMZ

- name: enable systemd-nspawn@{{DMZ}}.service
systemd:
@@ -160,4 +165,3 @@
vars:
msg: 'DMZ init+SSH'
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers

+ 2
- 2
roles/init/tasks/main.yml View File

@@ -43,8 +43,8 @@
- name: enable the wanted locales
replace:
path: "{{chroot}}/etc/locale.gen"
regexp: "^#\\s*({{locales_enabled | regex_escape() | replace('\\ ', '|')}})\\s*$"
replace: '\1'
regexp: "^#\\s*({{locales_enabled | regex_escape() | replace('\\ ', '|')}})(\\s.*)?$"
replace: '\1\2'
register: locales

- name: set default locale


+ 1
- 1
site.yml View File

@@ -12,8 +12,8 @@
- ntp
- cleanupdate
- printscan
- front
- sockets
- front
- postinstall
- msmtp
- nfs


Loading…
Cancel
Save