server bootstrap fixes
parent
d31350f130
commit
817bbe9f81
|
@ -231,7 +231,7 @@ root@archiso ~ # mkdir -p $DMZ/var
|
||||||
root@archiso ~ # mount $LVM/{data-vg}-ContVar $DMZ/var
|
root@archiso ~ # mount $LVM/{data-vg}-ContVar $DMZ/var
|
||||||
root@archiso ~ # mkdir -p $DMZ/srv/{acme,webapps}
|
root@archiso ~ # mkdir -p $DMZ/srv/{acme,webapps}
|
||||||
root@archiso ~ # mkdir -p $DMZ/var/cache/{ddclient,movim}
|
root@archiso ~ # mkdir -p $DMZ/var/cache/{ddclient,movim}
|
||||||
root@archiso ~ # mkdir -p $DMZ/var/lib/{prosody,transmission}
|
root@archiso ~ # mkdir -p $DMZ/var/lib/{movim,prosody,transmission}
|
||||||
root@archiso ~ # mkdir -p $DMZ/var/log/nginx
|
root@archiso ~ # mkdir -p $DMZ/var/log/nginx
|
||||||
|
|
||||||
root@archiso ~ # mount \
|
root@archiso ~ # mount \
|
||||||
|
@ -282,7 +282,7 @@ Archlinux installation::
|
||||||
* When this is done, be sure to check that `/mnt/etc/fstab` perfectly matches the wanted result (the above mount points).
|
* When this is done, be sure to check that `/mnt/etc/fstab` perfectly matches the wanted result (the above mount points).
|
||||||
+
|
+
|
||||||
```bash
|
```bash
|
||||||
root@archiso ~ # pacstrap /mnt base arch-install-scripts intel-ucode \
|
root@archiso ~ # pacstrap /mnt base arch-install-scripts intel-ucode linux \
|
||||||
> openssh python2 etckeeper git lvm2 btrfs-progs rsync
|
> openssh python2 etckeeper git lvm2 btrfs-progs rsync
|
||||||
…
|
…
|
||||||
root@archiso ~ # genfstab -L /mnt >>/mnt/etc/fstab
|
root@archiso ~ # genfstab -L /mnt >>/mnt/etc/fstab
|
||||||
|
@ -365,7 +365,7 @@ This line is only interesting if the main data drive is connected with USB.
|
||||||
In theory, at this stage, the machine is ready to be controlled by Ansible.
|
In theory, at this stage, the machine is ready to be controlled by Ansible.
|
||||||
However, Ansible fails at first, because for some reason, `pacstrap` in the “front” Ansible role fails to initialize the DMZ if the location already contains mount points, so:
|
However, Ansible fails at first, because for some reason, `pacstrap` in the “front” Ansible role fails to initialize the DMZ if the location already contains mount points, so:
|
||||||
|
|
||||||
. I had to temporarily unmount everything under `/var/lib/machines/{front-name}`, and delete the `/var/lib/machines/{front-name}/usr` sub-diretory.
|
. I had to temporarily unmount everything under `/var/lib/machines/{front-name}`, and delete `/var/lib/machines/{front-name}/*`.
|
||||||
. I also temporarily commented out the whole front-half of `site.xml`, as well as the “front-run” role of the back part.
|
. I also temporarily commented out the whole front-half of `site.xml`, as well as the “front-run” role of the back part.
|
||||||
. Then I ran Ansible again.
|
. Then I ran Ansible again.
|
||||||
. When the DMZ was correctly initialized, I renamed `/var/lib/machines/{front-name}/var` to `/var/lib/machines/{front-name}/var.new`.
|
. When the DMZ was correctly initialized, I renamed `/var/lib/machines/{front-name}/var` to `/var/lib/machines/{front-name}/var.new`.
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
minidlna.service \
|
minidlna.service \
|
||||||
nfs-server.service
|
nfs-server.service
|
||||||
do
|
do
|
||||||
systemctl stop $u
|
systemctl stop $u || true
|
||||||
done
|
done
|
||||||
when:
|
when:
|
||||||
- (inventory_hostname in groups['back'])
|
- (inventory_hostname in groups['back'])
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
- name: stop some services
|
- name: stop some services
|
||||||
shell: |
|
shell: |
|
||||||
for u in spamassassin.service spamassassin-update.{timer,service}; do
|
for u in spamassassin.service spamassassin-update.{timer,service}; do
|
||||||
systemctl stop $u
|
systemctl stop $u || true
|
||||||
done
|
done
|
||||||
when:
|
when:
|
||||||
- (inventory_hostname in groups['front'])
|
- (inventory_hostname in groups['front'])
|
||||||
|
|
|
@ -14,14 +14,14 @@
|
||||||
minidlna.service \
|
minidlna.service \
|
||||||
nfs-server.service
|
nfs-server.service
|
||||||
do
|
do
|
||||||
systemctl start $u
|
systemctl start $u || true
|
||||||
done
|
done
|
||||||
when:
|
when:
|
||||||
- (inventory_hostname in groups['back'])
|
- (inventory_hostname in groups['back'])
|
||||||
|
|
||||||
- name: restart some services
|
- name: restart some services
|
||||||
shell: |
|
shell: |
|
||||||
systemctl start spamassassin.service
|
systemctl start spamassassin.service || true
|
||||||
systemctl start spamassassin-update.timer
|
systemctl start spamassassin-update.timer || true
|
||||||
when:
|
when:
|
||||||
- (inventory_hostname in groups['front'])
|
- (inventory_hostname in groups['front'])
|
||||||
|
|
|
@ -6,3 +6,4 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: init
|
- role: init
|
||||||
- role: cleanupdate
|
- role: cleanupdate
|
||||||
|
- role: sockets
|
||||||
|
|
|
@ -49,8 +49,6 @@
|
||||||
args:
|
args:
|
||||||
creates: "{{front_dir}}/usr"
|
creates: "{{front_dir}}/usr"
|
||||||
register: arch
|
register: arch
|
||||||
notify:
|
|
||||||
- restart DMZ
|
|
||||||
|
|
||||||
- name: enable BusyBox…
|
- name: enable BusyBox…
|
||||||
command: |
|
command: |
|
||||||
|
@ -64,13 +62,22 @@
|
||||||
state: absent
|
state: absent
|
||||||
when: (arch.changed)
|
when: (arch.changed)
|
||||||
with_items:
|
with_items:
|
||||||
# base-devel needs patch
|
# base-devel needs patch, gawk (owns awk), which
|
||||||
- patch
|
- patch
|
||||||
|
- gawk
|
||||||
|
- awk
|
||||||
|
- which
|
||||||
# exim owns sendmail
|
# exim owns sendmail
|
||||||
- sendmail
|
- sendmail
|
||||||
# spamassassin needs gcc needs binutils owns ar + strings
|
# spamassassin needs gcc needs binutils owns ar + strings
|
||||||
- ar
|
- ar
|
||||||
- strings
|
- strings
|
||||||
|
# make needs guile needs texinfo needs gzip + less, own: less, gunzip, gzip, uncompress, zcat
|
||||||
|
- less
|
||||||
|
- gunzip
|
||||||
|
- gzip
|
||||||
|
- uncompress
|
||||||
|
- zcat
|
||||||
# util-linux owns setpriv, rfkill
|
# util-linux owns setpriv, rfkill
|
||||||
- setpriv
|
- setpriv
|
||||||
- rfkill
|
- rfkill
|
||||||
|
@ -84,6 +91,8 @@
|
||||||
- slattach
|
- slattach
|
||||||
# vim owns xxd
|
# vim owns xxd
|
||||||
- xxd
|
- xxd
|
||||||
|
# php-imagick needs imagemagick needs libtool needs tar
|
||||||
|
- tar
|
||||||
|
|
||||||
- name: copy some files from host to container
|
- name: copy some files from host to container
|
||||||
copy:
|
copy:
|
||||||
|
@ -124,8 +133,6 @@
|
||||||
src: files/nspawn_override.conf
|
src: files/nspawn_override.conf
|
||||||
dest: /etc/systemd/system/systemd-nspawn@.service.d/override.conf
|
dest: /etc/systemd/system/systemd-nspawn@.service.d/override.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify:
|
|
||||||
- restart DMZ
|
|
||||||
|
|
||||||
- name: enable machines.target
|
- name: enable machines.target
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -145,8 +152,6 @@
|
||||||
src: files/DMZ.nspawn
|
src: files/DMZ.nspawn
|
||||||
dest: "/etc/systemd/nspawn/{{DMZ}}.nspawn"
|
dest: "/etc/systemd/nspawn/{{DMZ}}.nspawn"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify:
|
|
||||||
- restart DMZ
|
|
||||||
|
|
||||||
- name: enable systemd-nspawn@{{DMZ}}.service
|
- name: enable systemd-nspawn@{{DMZ}}.service
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -160,4 +165,3 @@
|
||||||
vars:
|
vars:
|
||||||
msg: 'DMZ init+SSH'
|
msg: 'DMZ init+SSH'
|
||||||
### ⇐ LOCAL COMMIT ###
|
### ⇐ LOCAL COMMIT ###
|
||||||
- meta: flush_handlers
|
|
||||||
|
|
|
@ -43,8 +43,8 @@
|
||||||
- name: enable the wanted locales
|
- name: enable the wanted locales
|
||||||
replace:
|
replace:
|
||||||
path: "{{chroot}}/etc/locale.gen"
|
path: "{{chroot}}/etc/locale.gen"
|
||||||
regexp: "^#\\s*({{locales_enabled | regex_escape() | replace('\\ ', '|')}})\\s*$"
|
regexp: "^#\\s*({{locales_enabled | regex_escape() | replace('\\ ', '|')}})(\\s.*)?$"
|
||||||
replace: '\1'
|
replace: '\1\2'
|
||||||
register: locales
|
register: locales
|
||||||
|
|
||||||
- name: set default locale
|
- name: set default locale
|
||||||
|
|
Loading…
Reference in New Issue