alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
967 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

294 Commits

Author SHA1 Message Date
Alan Orth 96fe209843 roles/common: Fix mode on Debian 8 sshd_config 
Accidentally added it with 777.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:02:39 +03:00
Alan Orth 7519995153 roles/common: Add Debian 8 sshd_config 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:02:39 +03:00
Alan Orth dc24285ec6 roles/common: Use apt_mirror variable in Debian sources 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:02:39 +03:00
Alan Orth 28f61d589e roles/common: Add Debian support to sources.list template 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:02:39 +03:00
Alan Orth e15d1be867 roles/common: Add playbook for Debian packages 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:02:39 +03:00
Alan Orth 1fc2453703 roles/common: Add firewalld support 
Needed in Ubuntu 15.04 where iptables-persistent is going away. I
have added translations of the current IPv4 and IPv6 iptables rules.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:02:39 +03:00
Alan Orth 9aaad366f5 roles/common: Only add extras repo on Ubuntu 14.04 
The Extras repo was discontinued after 14.10 (but the latest we
deploy is 14.04).

See: https://lists.ubuntu.com/archives/technical-board/2015-January/002063.html

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:02:38 +03:00
Alan Orth e84f777a6b roles/common: Bring Ubuntu 15.04 sshd_config up to date with standards 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:02:38 +03:00
Alan Orth b2dbd138f7 roles/common: Add Ubuntu 15.04 sshd_config 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:02:38 +03:00
Alan Orth 68493beba3
roles/common: Reload sshd instead of restarting 
No need to restart for a config change.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:01:17 +03:00
Alan Orth 8e0a292b1d
roles/common: Move sshd tasks to their own playbook 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-23 00:00:43 +03:00
Alan Orth 7f929d5b80
roles/common: Remove unused cron-apt files 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-22 23:42:03 +03:00
Alan Orth fc586a2297
roles/common: Adjust cron-apt stuff 
- Don't run the static files as templates
- Use a separate playbook for related tasks
- Use a template for security.sources.list

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-22 23:39:22 +03:00
Alan Orth ae10677b65
roles/common: Specify default apt_mirror for fallback in sources.list template 
New hosts often fail due to not having an apt_mirror, because there
isn't one defined for their group and their host_vars haven't over-
ridden it.

We want new hosts to deploy successfully, so let's just use a default
apt_mirror if there isn't one defined. Rather have a slow mirror than
a failed deployment. And in any case, Linode can download from KENET's
mirror at 10MB/sec. ;)

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-06-04 21:57:11 +03:00
Alan Orth a8f4500567 Add IPv6 support to firewall tasks / template 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-05-25 18:17:23 +03:00
Alan Orth aa5a9f5dd8
roles/common: Add vim modeline 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-05-24 23:55:04 +03:00
Alan Orth 3a5b50f941
roles/common: Set I/O scheduler via udev 
All servers with non-rotating disks (SSDs) should be running noop,
and the rest should be running deadline.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:52:05 +03:00
Alan Orth 9fda345a24
roles/common: Fix one logic mistake in rc.local task 
I think it was originally supposed to be `ansible_os_family` but
we don't have anything other than Ubuntu, so let's just use that.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:43:21 +03:00
Alan Orth 2367b843d9
roles/common: Remove I/O scheduler logic from rc.local 
It's better to set this using udev rules anyways

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:40:54 +03:00
Alan Orth 4a1158e163
roles/common: Remove CentOS rclocal task 
No CentOS hosts here!

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:40:07 +03:00
Alan Orth 891bd35171 roles/common: Move tags from subtask to main one 
Child tasks inherit the tag of the parent.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:34:13 +03:00
Alan Orth 4efb6edb7e
roles/common: Indent some yaml stuff in main.yml 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:31:29 +03:00
Alan Orth b70ae58f48
roles/common: Simplify `when` logic in main template 
Less syntax is more readable syntax.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:29:41 +03:00
Alan Orth 58222706ba
roles/common: Remove logic for TCP congestion avoidance on early kernels in sysctl 
We don't have anything near 2.6.32 anymore.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:25:33 +03:00
Alan Orth 60ba4dacbd
roles/common: Add TCP/IP tweaks to sysctl template 
Disable TCP slow start and increase the number of ports available
for client connections.

See: http://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux.html
See: http://www.chromium.org/spdy/spdy-best-practices

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-03-15 17:23:10 +03:00
Alan Orth 19f5b60cb7
Remove references to provisioning.yml 
We aren't managing the provisioning user anymore, it is just assumed
to be there.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-02-26 16:53:48 +03:00
Alan Orth 55fddf03b3
Remove provisioning user management 
It's just too tricky to manage this. Ubuntu / RedHat preseeds and
kickstarts can create the user and add it to groups, but only when
we control the initial boot environment (ie not on Linode, Digital
Ocean, etc), so let's just say we assume this user exists and can
get root with sudo by the some we are running ansible on it.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-02-20 15:06:45 +03:00
Alan Orth 171798c76d roles/common: Add DSA/ECDSA cleanup to ssh tasks 
We don't want to support these signature algorithms!

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-20 16:31:37 +03:00
Alan Orth 0d2763fb59
roles/common: Remove ECDSA SSH public key for aorth@noma 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-12 18:19:49 +03:00
Alan Orth d7dd81bc84
roles/common: Add ED25519 SSH public key for aorth@noma 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-12 18:19:21 +03:00
Alan Orth 13b592dfcd roles/common: Tune sshd_config to be more strict 
Disable ECDSA as a signature algorithm and drop some older message
authentication algorithms.

See: https://stribika.github.io/2015/01/04/secure-secure-shell.html

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-07 01:47:06 +03:00
Alan Orth a80cb49957 roles/common: Update sshd_config template to explicitly allow the provisioning user 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-06 17:45:06 +03:00
Alan Orth 3b6c9745ab
roles/common: Add provisioning user to sudoers 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-05 08:24:13 +03:00
Alan Orth 0f5b088c08 roles/common: Add createhome:yes to provisioning user task 
Need to make sure the user gets created on a fresh install, like on
Amazon EC2 or OpenStack images where the first user is `ubuntu' and
you can't assume `provisioning' is already created.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-04 02:24:53 +03:00
Alan Orth c3f5e27642
roles/common: Add ECDSA public key for noma 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-12 13:25:48 +03:00
Alan Orth a265e48a9f
roles/common: Remove RSA public key 
Both client and server support ed25519, so there's no need to even
have the RSA key here.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-12 13:23:01 +03:00
Alan Orth 5e0da37542
roles/common: Remove task which removes irqbalance 
Prevailing wisdom is actually that this *can* help virtual hosts,
especially when the VM guest has multiple CPUs.

See: http://wiki.xen.org/wiki/Network_Throughput_and_Performance_Guide

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-11 13:31:23 +03:00
Alan Orth 1ee7b385bf
roles/common: Rename SSH keys 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-11 13:19:32 +03:00
Alan Orth 1e2193efc9
roles/common: Add functionality to copy user keys to provisioning user 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-11 12:13:45 +03:00
Alan Orth c53dd18181
roles/common: Add role to manage provisioning user 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-11 12:11:44 +03:00
Alan Orth e741a77c00
roles/common: Add unzip to Ubuntu base packages 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-05 15:21:47 +03:00
Alan Orth be0e0ea21a
roles/common: Remove irqbalance 
We're a VM, we don't have IRQs.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-09-07 23:51:52 +03:00
Alan Orth df65172952
roles/common: Add lrzip to base packages 
Provides good mix of compression/decompression speed with size,
see: http://ck.kolivas.org/apps/lrzip/README.benchmarks

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-09-07 16:32:06 +03:00
Alan Orth 60b8ecdd4c
Initial commit 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-08-17 00:35:57 +03:00