Skip to content
Snippets Groups Projects
Commit a0f85aad authored by Jörg Sachse's avatar Jörg Sachse
Browse files

feat: ND-2111 'deep_fixity auf Sanity-Server vom ZIH aus ausführen'

parent 41f7444d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
tasks/configure_iptables_external.yml 0 → 100644
+ 11
0
View file @ a0f85aad
---
- name: configure iptables filter rules for external access
ansible.builtin.iptables:
action: "insert"
chain: "{{ item.chain | default('INPUT') }}"
comment: "{{ item.comment | default(omit) }}"
destination_port: "{{ item.destination_port }}"
jump: "{{ item.jump | default('DROP') }}"
protocol: "{{ item.protocol | default('tcp') }}"
source: "{{ item.source }}"
loop: "{{ vault_iptables_external }}"
tasks/configure_nfs_mounts.yml
+ 47
46
View file @ a0f85aad
--- ---
- name: Mountpoint für Logging anlegen - name: Mountpoint für Logging anlegen
file: file:
path: "{{ vault_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}" path: "{{ vault_log_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
state: directory state: directory
- name: NFS-Shares für Logging mounten (/var/log/rossanity/) - name: NFS-Shares für Logging mounten (/var/log/rossanity/)
mount: mount:
name: "{{ vault_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}/" name: "{{ vault_log_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}/"
src: "{{ vault_nfs_mounts.log.share }}{{ ansible_hostname }}/" src: "{{ vault_log_nfs_mounts.log.share }}{{ ansible_hostname }}/"
state: mounted state: mounted
fstype: "nfs" fstype: "nfs"
opts: "defaults,nodev,nosuid,rsize=8192,wsize=8192,vers=3" opts: "defaults,nodev,nosuid,rsize=8192,wsize=8192,vers=3"
...@@ -16,55 +16,56 @@ ...@@ -16,55 +16,56 @@
### MOUNTPOINTS PERMANENT ERSTELLEN ### ### MOUNTPOINTS PERMANENT ERSTELLEN ###
- name: Mountpoints für Permanent Storage anlegen - name: Mountpoints für Permanent Storage anlegen
file: file:
path: "{{ item }}" path: "{{ item.mountpoint }}"
state: directory state: directory
loop: loop: "{{ vault_permanent_nfs_mounts }}"
- "{{ vault_nfs_mounts.permanent_dev.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_dev.mountpoint }}"
- "{{ vault_nfs_mounts.permanent_test.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_test.mountpoint }}"
- "{{ vault_nfs_mounts.permanent_prod_slub_2015.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_prod_slub_2015.mountpoint }}"
- "{{ vault_nfs_mounts.permanent_prod_slub_2016.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_prod_slub_2016.mountpoint }}"
- "{{ vault_nfs_mounts.permanent_prod_slub_2017.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_prod_slub_2017.mountpoint }}"
- "{{ vault_nfs_mounts.permanent_prod_slub_2018.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_prod_slub_2018.mountpoint }}"
- "{{ vault_nfs_mounts.permanent_prod_slub_2019.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_prod_slub_2019.mountpoint }}"
- "{{ vault_nfs_mounts.permanent_prod_slub_2020.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_prod_slub_2020.mountpoint }}"
- "{{ vault_nfs_mounts.permanent_prod_slub_2021.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_prod_slub_2021.mountpoint }}"
- "{{ vault_nfs_mounts.permanent_prod_lfulg.mountpoint }}" # - "{{ vault_nfs_mounts.permanent_prod_lfulg.mountpoint }}"
### PERMANENT STORAGE MOUNTEN ### ### PERMANENT STORAGE MOUNTEN ###
- name: NFS-Shares für Permanent Storage mounten - name: NFS-Shares für Permanent Storage mounten
mount: mount:
name: "{{ item.name }}" name: "{{ item.mountpoint }}"
src: "{{ item.src }}" src: "{{ item.share }}"
state: mounted state: mounted
fstype: "nfs" fstype: "nfs"
opts: "ro,{{ item.opts | default('ro,defaults,nodev,nosuid,rsize=8192,wsize=8192,vers=3') }}" opts: "ro,{{ item.opts | default('ro,defaults,nodev,nosuid,rsize=8192,wsize=8192,vers=3') }}"
with_items: loop: "{{ vault_permanent_nfs_mounts }}"
- name: "{{ vault_nfs_mounts.permanent_dev.mountpoint }}" # with_items:
src: "{{ vault_nfs_mounts.permanent_dev.share }}" # - name: "{{ vault_nfs_mounts.permanent_dev.mountpoint }}"
- name: "{{ vault_nfs_mounts.permanent_test.mountpoint }}" # src: "{{ vault_nfs_mounts.permanent_dev.share }}"
src: "{{ vault_nfs_mounts.permanent_test.share }}" # - name: "{{ vault_nfs_mounts.permanent_test.mountpoint }}"
- name: "{{ vault_nfs_mounts.permanent_prod_slub_2015.mountpoint }}" # src: "{{ vault_nfs_mounts.permanent_test.share }}"
src: "{{ vault_nfs_mounts.permanent_prod_slub_2015.share }}" # - name: "{{ vault_nfs_mounts.permanent_prod_slub_2015.mountpoint }}"
opts: "auto,nfsvers=4" # src: "{{ vault_nfs_mounts.permanent_prod_slub_2015.share }}"
- name: "{{ vault_nfs_mounts.permanent_prod_slub_2016.mountpoint }}" # opts: "auto,nfsvers=4"
src: "{{ vault_nfs_mounts.permanent_prod_slub_2016.share }}" # - name: "{{ vault_nfs_mounts.permanent_prod_slub_2016.mountpoint }}"
opts: "auto,nfsvers=4" # src: "{{ vault_nfs_mounts.permanent_prod_slub_2016.share }}"
- name: "{{ vault_nfs_mounts.permanent_prod_slub_2017.mountpoint }}" # opts: "auto,nfsvers=4"
src: "{{ vault_nfs_mounts.permanent_prod_slub_2017.share }}" # - name: "{{ vault_nfs_mounts.permanent_prod_slub_2017.mountpoint }}"
opts: "auto,nfsvers=4" # src: "{{ vault_nfs_mounts.permanent_prod_slub_2017.share }}"
- name: "{{ vault_nfs_mounts.permanent_prod_slub_2018.mountpoint }}" # opts: "auto,nfsvers=4"
src: "{{ vault_nfs_mounts.permanent_prod_slub_2018.share }}" # - name: "{{ vault_nfs_mounts.permanent_prod_slub_2018.mountpoint }}"
opts: "auto,nfsvers=4" # src: "{{ vault_nfs_mounts.permanent_prod_slub_2018.share }}"
- name: "{{ vault_nfs_mounts.permanent_prod_slub_2019.mountpoint }}" # opts: "auto,nfsvers=4"
src: "{{ vault_nfs_mounts.permanent_prod_slub_2019.share }}" # - name: "{{ vault_nfs_mounts.permanent_prod_slub_2019.mountpoint }}"
opts: "auto,nfsvers=4" # src: "{{ vault_nfs_mounts.permanent_prod_slub_2019.share }}"
- name: "{{ vault_nfs_mounts.permanent_prod_slub_2020.mountpoint }}" # opts: "auto,nfsvers=4"
src: "{{ vault_nfs_mounts.permanent_prod_slub_2020.share }}" # - name: "{{ vault_nfs_mounts.permanent_prod_slub_2020.mountpoint }}"
opts: "auto,nfsvers=4" # src: "{{ vault_nfs_mounts.permanent_prod_slub_2020.share }}"
- name: "{{ vault_nfs_mounts.permanent_prod_slub_2021.mountpoint }}" # opts: "auto,nfsvers=4"
src: "{{ vault_nfs_mounts.permanent_prod_slub_2021.share }}" # - name: "{{ vault_nfs_mounts.permanent_prod_slub_2021.mountpoint }}"
opts: "auto,nfsvers=4" # src: "{{ vault_nfs_mounts.permanent_prod_slub_2021.share }}"
- name: "{{ vault_nfs_mounts.permanent_prod_lfulg.mountpoint }}" # opts: "auto,nfsvers=4"
src: "{{ vault_nfs_mounts.permanent_prod_lfulg.share }}" # - name: "{{ vault_nfs_mounts.permanent_prod_lfulg.mountpoint }}"
opts: "auto,nfsvers=4" # src: "{{ vault_nfs_mounts.permanent_prod_lfulg.share }}"
# opts: "auto,nfsvers=4"
tags: [notest] tags: [notest]
tasks/configure_ssh_keys.yml
+ 4
3
View file @ a0f85aad
--- ---
- name: deploy SSH key for management user - name: deploy SSH key for management user
authorized_key: authorized_key:
user: "{{ vault_ssh_access.user }}" user: "{{ item.user }}"
state: present state: present
key: "{{ vault_ssh_access.ssh_key }}" key: "{{ item.ssh_key }}"
comment: "{{ vault_ssh_access.ssh_comment }}" comment: "{{ item.ssh_comment }}"
loop: "{{ vault_ssh_access }}"
- name: copy SSH key files to managed servers - name: copy SSH key files to managed servers
copy: copy:
......
tasks/create_users_groups.yml
+ 8
7
View file @ a0f85aad
--- ---
- name: Gruppen anlegen - name: Gruppen anlegen
group: ansible.builtin.group:
name: "{{ item.name }}" name: "{{ item.name }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
gid: "{{ item.gid | default(omit) }}" gid: "{{ item.gid | default(omit) }}"
loop: "{{ vault_groups }}" loop: "{{ vault_groups }}"
- name: User in Gruppen einfügen & SSH-Key erzeugen - name: User in Gruppen einfügen & SSH-Key erzeugen
user: ansible.builtin.user:
name: "{{ vault_user.name }}" name: "{{ item.name }}"
groups: "{{ vault_user.groups }}" groups: "{{ item.groups | default('') }}"
generate_ssh_key: "yes" generate_ssh_key: "{{ item.generate_ssh_key | default(false) }}"
ssh_key_bits: 4096 ssh_key_bits: "{{ item.ssh_key_bits | default(omit) }}"
ssh_key_comment: "lza-user" ssh_key_comment: "{{ item.ssh_key_comment | default(omit) }}"
loop: "{{ vault_users }}"
tasks/install_test_scripts.yml
+ 3
1
View file @ a0f85aad
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
- "test_exit_strategy.sh" - "test_exit_strategy.sh"
- name: deploy test scripts from Git - name: deploy test scripts from Git
git: ansible.builtin.git:
dest: "/usr/local/bin/{{ item.dest }}" dest: "/usr/local/bin/{{ item.dest }}"
repo: "{{ item.repo }}" repo: "{{ item.repo }}"
version: "{{ item.version | default(omit) }}" version: "{{ item.version | default(omit) }}"
...@@ -38,6 +38,8 @@ ...@@ -38,6 +38,8 @@
# runs the Exit Strategy script to build an emergency database # runs the Exit Strategy script to build an emergency database
- dest: "rosettaExitStrategy/" - dest: "rosettaExitStrategy/"
repo: "git@{{ vault_slub_git_repo_fqdn }}:slub-digitalpreservation/rosettaExitStrategy.git" repo: "git@{{ vault_slub_git_repo_fqdn }}:slub-digitalpreservation/rosettaExitStrategy.git"
- dest: "rosettaDeepFixity/"
repo: "git@{{ vault_slub_git_repo_fqdn }}:digital-preservation/rosettadeepfixity.git"
- name: test if prerequisites for exit strategy script are installed - name: test if prerequisites for exit strategy script are installed
command: "perl -c /usr/local/bin/rosettaExitStrategy/perl/exit_strategy.pl" command: "perl -c /usr/local/bin/rosettaExitStrategy/perl/exit_strategy.pl"
......
tasks/main.yml
+ 4
0
View file @ a0f85aad
...@@ -24,3 +24,7 @@ ...@@ -24,3 +24,7 @@
- name: install test scripts - name: install test scripts
import_tasks: "install_test_scripts.yml" import_tasks: "install_test_scripts.yml"
tags: [testscripts] tags: [testscripts]
- name: configure iptables
import_tasks: "configure_iptables_external.yml"
tags: [firewall, iptables]
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

DE: Impressum · Datenschutzerklärung | EN: Legal Notice · Privacy Policy