From 817bbe9f8153344b18141e32a09c7f845ad9d493 Mon Sep 17 00:00:00 2001 From: "theYinYeti@yalis.fr" Date: Fri, 3 Jan 2020 12:38:36 +0100 Subject: [PATCH] server bootstrap fixes --- bootstrap.adoc | 6 +++--- roles/_maintenance_start/tasks/main.yml | 4 ++-- roles/_maintenance_stop/tasks/main.yml | 6 +++--- roles/front/meta.OK/main.yml | 1 + roles/front/tasks/main.yml | 20 ++++++++++++-------- roles/init/tasks/main.yml | 4 ++-- site.yml | 2 +- 7 files changed, 24 insertions(+), 19 deletions(-) diff --git a/bootstrap.adoc b/bootstrap.adoc index 70555d6..98ea7d5 100644 --- a/bootstrap.adoc +++ b/bootstrap.adoc @@ -231,7 +231,7 @@ root@archiso ~ # mkdir -p $DMZ/var root@archiso ~ # mount $LVM/{data-vg}-ContVar $DMZ/var root@archiso ~ # mkdir -p $DMZ/srv/{acme,webapps} root@archiso ~ # mkdir -p $DMZ/var/cache/{ddclient,movim} -root@archiso ~ # mkdir -p $DMZ/var/lib/{prosody,transmission} +root@archiso ~ # mkdir -p $DMZ/var/lib/{movim,prosody,transmission} root@archiso ~ # mkdir -p $DMZ/var/log/nginx root@archiso ~ # mount \ @@ -282,7 +282,7 @@ Archlinux installation:: * When this is done, be sure to check that `/mnt/etc/fstab` perfectly matches the wanted result (the above mount points). + ```bash -root@archiso ~ # pacstrap /mnt base arch-install-scripts intel-ucode \ +root@archiso ~ # pacstrap /mnt base arch-install-scripts intel-ucode linux \ > openssh python2 etckeeper git lvm2 btrfs-progs rsync … root@archiso ~ # genfstab -L /mnt >>/mnt/etc/fstab @@ -365,7 +365,7 @@ This line is only interesting if the main data drive is connected with USB. In theory, at this stage, the machine is ready to be controlled by Ansible. However, Ansible fails at first, because for some reason, `pacstrap` in the “front” Ansible role fails to initialize the DMZ if the location already contains mount points, so: -. I had to temporarily unmount everything under `/var/lib/machines/{front-name}`, and delete the `/var/lib/machines/{front-name}/usr` sub-diretory. +. I had to temporarily unmount everything under `/var/lib/machines/{front-name}`, and delete `/var/lib/machines/{front-name}/*`. . I also temporarily commented out the whole front-half of `site.xml`, as well as the “front-run” role of the back part. . Then I ran Ansible again. . When the DMZ was correctly initialized, I renamed `/var/lib/machines/{front-name}/var` to `/var/lib/machines/{front-name}/var.new`. diff --git a/roles/_maintenance_start/tasks/main.yml b/roles/_maintenance_start/tasks/main.yml index 6923c62..864fd8d 100644 --- a/roles/_maintenance_start/tasks/main.yml +++ b/roles/_maintenance_start/tasks/main.yml @@ -11,7 +11,7 @@ minidlna.service \ nfs-server.service do - systemctl stop $u + systemctl stop $u || true done when: - (inventory_hostname in groups['back']) @@ -19,7 +19,7 @@ - name: stop some services shell: | for u in spamassassin.service spamassassin-update.{timer,service}; do - systemctl stop $u + systemctl stop $u || true done when: - (inventory_hostname in groups['front']) diff --git a/roles/_maintenance_stop/tasks/main.yml b/roles/_maintenance_stop/tasks/main.yml index d7d855e..da1cbd5 100644 --- a/roles/_maintenance_stop/tasks/main.yml +++ b/roles/_maintenance_stop/tasks/main.yml @@ -14,14 +14,14 @@ minidlna.service \ nfs-server.service do - systemctl start $u + systemctl start $u || true done when: - (inventory_hostname in groups['back']) - name: restart some services shell: | - systemctl start spamassassin.service - systemctl start spamassassin-update.timer + systemctl start spamassassin.service || true + systemctl start spamassassin-update.timer || true when: - (inventory_hostname in groups['front']) diff --git a/roles/front/meta.OK/main.yml b/roles/front/meta.OK/main.yml index 2487b03..51a597b 100644 --- a/roles/front/meta.OK/main.yml +++ b/roles/front/meta.OK/main.yml @@ -6,3 +6,4 @@ dependencies: - role: init - role: cleanupdate + - role: sockets diff --git a/roles/front/tasks/main.yml b/roles/front/tasks/main.yml index 9070bd2..7901736 100644 --- a/roles/front/tasks/main.yml +++ b/roles/front/tasks/main.yml @@ -49,8 +49,6 @@ args: creates: "{{front_dir}}/usr" register: arch - notify: - - restart DMZ - name: enable BusyBox… command: | @@ -64,13 +62,22 @@ state: absent when: (arch.changed) with_items: - # base-devel needs patch + # base-devel needs patch, gawk (owns awk), which - patch + - gawk + - awk + - which # exim owns sendmail - sendmail # spamassassin needs gcc needs binutils owns ar + strings - ar - strings + # make needs guile needs texinfo needs gzip + less, own: less, gunzip, gzip, uncompress, zcat + - less + - gunzip + - gzip + - uncompress + - zcat # util-linux owns setpriv, rfkill - setpriv - rfkill @@ -84,6 +91,8 @@ - slattach # vim owns xxd - xxd + # php-imagick needs imagemagick needs libtool needs tar + - tar - name: copy some files from host to container copy: @@ -124,8 +133,6 @@ src: files/nspawn_override.conf dest: /etc/systemd/system/systemd-nspawn@.service.d/override.conf mode: 0644 - notify: - - restart DMZ - name: enable machines.target systemd: @@ -145,8 +152,6 @@ src: files/DMZ.nspawn dest: "/etc/systemd/nspawn/{{DMZ}}.nspawn" mode: 0644 - notify: - - restart DMZ - name: enable systemd-nspawn@{{DMZ}}.service systemd: @@ -160,4 +165,3 @@ vars: msg: 'DMZ init+SSH' ### ⇐ LOCAL COMMIT ### -- meta: flush_handlers diff --git a/roles/init/tasks/main.yml b/roles/init/tasks/main.yml index c0e01af..e7d121d 100644 --- a/roles/init/tasks/main.yml +++ b/roles/init/tasks/main.yml @@ -43,8 +43,8 @@ - name: enable the wanted locales replace: path: "{{chroot}}/etc/locale.gen" - regexp: "^#\\s*({{locales_enabled | regex_escape() | replace('\\ ', '|')}})\\s*$" - replace: '\1' + regexp: "^#\\s*({{locales_enabled | regex_escape() | replace('\\ ', '|')}})(\\s.*)?$" + replace: '\1\2' register: locales - name: set default locale diff --git a/site.yml b/site.yml index be229f9..4ac9bbd 100644 --- a/site.yml +++ b/site.yml @@ -12,8 +12,8 @@ - ntp - cleanupdate - printscan - - front - sockets + - front - postinstall - msmtp - nfs