WIP: improving Ansible config while I install my HammerHead

os/config/production.yml

@@ -12,6 +12,7 @@ cluster_nodes:
       dns_1: 212.27.40.240
       dns_2: 212.27.40.241
       ansible_python_interpreter: python3
+      ssh_port: 22
 
     digitale:
       ansible_host: atuin.site.deuxfleurs.fr
@@ -25,6 +26,7 @@ cluster_nodes:
       dns_1: 212.27.40.240
       dns_2: 212.27.40.241
       ansible_python_interpreter: python3
+      ssh_port: 22
 
     drosera:
       ansible_host: atuin.site.deuxfleurs.fr
@@ -38,6 +40,7 @@ cluster_nodes:
       dns_1: 212.27.40.240
       dns_2: 212.27.40.241
       ansible_python_interpreter: python3
+      ssh_port: 22
 
     io:
       ansible_host: jupiter.site.deuxfleurs.fr
@@ -51,3 +54,4 @@ cluster_nodes:
       dns_1: 109.0.66.20
       dns_2: 109.0.66.10
       ansible_python_interpreter: python3
+      ssh_port: 22

os/config/roles/common/tasks/main.yml

@@ -46,11 +46,40 @@
       #- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved
     state: present
 
+# Install Docker if need be
+
+- name: Check if Docker is installed 
+  command: 'which docker'
+  args:
+    warn: no
+  register: docker_exists
+  changed_when: docker_exists.rc != 0
+  ignore_errors: true
+
+- name: "Install Docker"
+  include_tasks: docker.yml
+  when: docker_exists.rc != 0
+
+# Install Nomad & Consul if need be
+
+- name: Check if Nomad is installed 
+  command: 'which nomad'
+  args:
+    warn: no
+  register: nomad_exists
+  changed_when: nomad_exists.rc != 0
+  ignore_errors: true
+
+- name: "Install Nomad & Consul"
+  include_tasks: hashicorp.yml
+  when: nomad_exists.rc != 0
+
+
+
 - name: "Passwordless sudo"
   lineinfile:
     path: /etc/sudoers
     state: present
     regexp: '^%sudo'
     line: '%sudo ALL=(ALL) NOPASSWD: ALL'
-    validate: 'visudo -cf %s'
+    validate: 'visudo -cf %s'
-

os/config/roles/consul/tasks/main.yml

@@ -1,14 +1,14 @@
-- name: "Set consul version"
+# - name: "Set consul version"
-  set_fact:
+#   set_fact:
-    consul_version: 1.9.1
+#     consul_version: 1.9.1
 
-- name: "Download and install Consul for x86_64"
+# - name: "Download and install Consul for x86_64"
-  unarchive:
+#   unarchive:
-    src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip"
+#     src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip"
-    dest: /usr/local/bin
+#     dest: /usr/local/bin
-    remote_src: yes
+#     remote_src: yes
-  when:
+#   when:
-    - "ansible_architecture == 'x86_64'"
+#     - "ansible_architecture == 'x86_64'"
 
 - name: "Create consul configuration directory"
   file: path=/etc/consul/ state=directory

os/config/roles/network/templates/rules.v4

@@ -7,10 +7,10 @@
 -A INPUT -p icmp -j ACCEPT
 
 # Administration
--A INPUT -p tcp  --dport 22 -j ACCEPT
+-A INPUT -p tcp  --dport {{ hostvars[selected_host]['ssh_port'] }} -j ACCEPT
 
 # Diplonat needs everything open to communicate with IGD with the router
--A INPUT -s 192.168.1.254 -j ACCEPT
+-A INPUT -s {{ hostvars[selected_host]['gatewayv4'] }} -j ACCEPT
 
 # Cluster
 {% for selected_host in groups['cluster_nodes'] %}

os/config/roles/network/templates/rules.v6

@@ -13,7 +13,7 @@
 -A INPUT -p ipv6-icmp -j ACCEPT
 
 # Administration
--A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport {{ hostvars[selected_host]['ssh_port'] }} -j ACCEPT
 
 # Cluster
 {% for selected_host in groups['cluster_nodes'] %}
@@ -36,6 +36,8 @@
 -A DEUXFLEURS-TRUSTED-NET -s 2a02:8428:81d6:6901::0/64 -j DEUXFLEURS-TRUSTED-PORT
 # ADRN@Gandi
 -A DEUXFLEURS-TRUSTED-NET -s 2001:4b98:dc0:41:216:3eff:fe9b:1afb/128 -j DEUXFLEURS-TRUSTED-PORT
+# ADRN@Kimsufi
+-A DEUXFLEURS-TRUSTED-NET -s 2001:41d0:8:ba0b::1/64 -j DEUXFLEURS-TRUSTED-PORT
 # Quentin@Rennes
 -A DEUXFLEURS-TRUSTED-NET -s 2a01:e35:2fdc:dbe0::0/64 -j DEUXFLEURS-TRUSTED-PORT
 # Source address is not trusted

os/config/roles/nomad/tasks/main.yml

@@ -1,14 +1,14 @@
-- name: "Set nomad version"
+# - name: "Set nomad version"
-  set_fact:
+#   set_fact:
-    nomad_version: 1.0.2
+#     nomad_version: 1.0.2
 
-- name: "Download and install Nomad for x86_64"
+# - name: "Download and install Nomad for x86_64"
-  unarchive:
+#   unarchive:
-    src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip"
+#     src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip"
-    dest: /usr/local/bin
+#     dest: /usr/local/bin
-    remote_src: yes
+#     remote_src: yes
-  when:
+#   when:
-    - "ansible_architecture == 'x86_64'"
+#     - "ansible_architecture == 'x86_64'"
 
 - name: "Create Nomad configuration directory"
   file: path=/etc/nomad/ state=directory

os/config/roles/users/vars/main.yml

@@ -10,7 +10,6 @@ active_users:
     is_admin: true
     ssh_keys: 
       - 'alex-key1.pub'
-      #- 'alex-key2.pub'
       - 'alex-key3.pub'
 
   - username: 'maximilien'