-
Notifications
You must be signed in to change notification settings - Fork 4
/
site.yml
147 lines (135 loc) · 4.95 KB
/
site.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
- name: basic host prep
hosts: all
become: true
gather_facts: False
tasks:
- name: /etc/hosts cleanup
replace: path="/etc/hosts" regexp='^[^#](.*{{ inventory_hostname | regex_escape() }}.*)$' replace='#\1'
- name: set timezone
timezone: name=America/Los_Angeles
- name: disable kdump
service: name=kdump enabled=no state=stopped
- name: yum fixups
hosts: all
become: true
gather_facts: False
tasks:
- lineinfile: path=/etc/yum/pluginconf.d/fastestmirror.conf regexp='^enabled=.*$' line='enabled=0'
notify: "clear yum cache"
- replace: path=/etc/yum.repos.d/CentOS-Base.repo regexp='^mirrorlist=(.*)$' replace='#mirrorlist=\1'
notify: "clear yum cache"
- replace: path=/etc/yum.repos.d/CentOS-Base.repo regexp='#baseurl=(.*)$' replace='baseurl=\1'
notify: "clear yum cache"
- replace: path=/etc/yum.repos.d/CentOS-Base.repo regexp='^baseurl\s*=(?!http://mirrors.ocf.berkeley.edu/centos/\$releasever/os/\$basearch/$).*$' replace='baseurl=http://mirrors.ocf.berkeley.edu/centos/$releasever/os/$basearch/'
notify: "clear yum cache"
- yum: name=deltarpm
handlers:
- name: clear yum cache
command: yum clean all
args:
warn: no
- name: firewall setup
hosts: all
become: true
gather_facts: False
tasks:
- name: Install firewalld
yum: name=firewalld state=latest
- name: start firewalld
service: name=firewalld state=started enabled=yes
- name: add public interface to public zone
firewalld: zone=public interface={{ pub_interface }} permanent=yes immediate=yes state=enabled
- name: add public interface to public zone (config files; see https://github.com/ansible/ansible/issues/41738)
lineinfile: path=/etc/sysconfig/network-scripts/ifcfg-{{ pub_interface }} regexp='^ZONE=.*$' line='ZONE=public'
- name: add private interface to trusted zone (firewalld)
firewalld: zone=trusted interface={{ priv_interface }} permanent=yes immediate=yes state=enabled
- name: add private interface to trusted zone (config files; see https://github.com/ansible/ansible/issues/41738)
lineinfile: path=/etc/sysconfig/network-scripts/ifcfg-{{ priv_interface }} regexp='^ZONE=.*$' line='ZONE=trusted'
- name: EPEL repository setup
hosts: all
become: true
tasks:
- name: Add EPEL repository
yum_repository:
name: epel
description: EPEL YUM repo
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
- name: Import EPEL RPM key
rpm_key:
key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}
fingerprint: 91E9 7D7C 4A5E 96F1 7F3E 888F 6A2F AEA2 352C 64E5
- name: install useful utilities
hosts: all
become: true
gather_facts: False
tasks:
- yum: name="joe,lsof,iftop,screen,bind-utils,telnet,git,jq,pv"
- name: setup patch Tuesday cronjob
hosts: all
become: true
gather_facts: False
tasks:
- name: cron job
copy:
dest: /etc/cron.d/yum-cron-tuesday
content: |
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
0 8 * * tue root yum -y update >/dev/null
# ansible-galaxy install andrewrothstein.miniconda
- name: install Miniconda
hosts: all
vars:
miniconda_pkg_update: False
roles:
- andrewrothstein.miniconda
# requires conda.py from https://github.com/UDST/ansible-conda/blob/master/conda.py
# in ~/.ansible/plugins/modules/conda.py (or equivalent)
- name: Install kafka utilities
hosts: all
become: true
gather_facts: False
tasks:
- name: kt
get_url: url="http://research.majuric.org/other/kt" dest="/usr/local/bin/kt" mode="+x"
- name: kafkacat
get_url: url="http://research.majuric.org/other/kafkacat" dest="/usr/local/bin/kafkacat" mode="+x"
- name: kcp
get_url: url="https://raw.githubusercontent.com/mjuric/kcp/master/kcp" dest="/usr/local/bin/kcp" mode="+x"
- name: install Python kafka dependencies
conda:
name: "{{ item }}"
channels: defaults conda-forge
executable: /usr/local/anaconda/bin/conda
loop:
- python-confluent-kafka
- fastavro
# Install kafka tools
- name: Confluent Playbook
import_playbook: cp-ansible/all.yml
# Install alerts and ingestion script on broker #1
- name: Demo ZTF alerts and injector
tags: alerts
hosts: all[0]
become: true
gather_facts: False
tasks:
- name: download alert tarball
get_url: url="https://ztf.uw.edu/alerts/public/ztf_public_20180912.tar.gz" dest="/root/ztf_public_20180912.tar.gz"
- name: unpack alerts
shell: |
set -e
rm -rf alerts
mkdir -p alerts
cd alerts
tar xzf ../ztf_public_20180912.tar.gz
touch .unpacked
args:
chdir: /root
creates: /root/alerts/.unpacked
- name: install inject.sh
copy:
src: demo-scripts/inject.sh
dest: /root/inject.sh
mode: +x