Merge pull request #498 from deNBI/feat/generic_playbook

Feat/generic playbook
deNBI · Nov 13, 2024 · 4fef092 · 4fef092
2 parents 84fde46 + 85f85ff
commit 4fef092
Show file tree

Hide file tree

Showing 10 changed files with 146 additions and 144 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,5 +1,7 @@
 ---
-- repo: https://github.com/ansible/ansible-lint.git
-  rev: v6.17.2
-  hooks:
-    - id: ansible-lint
+repos:
+
+  - repo: https://github.com/ansible/ansible-lint.git
+    rev: v6.17.2
+    hooks:
+      - id: ansible-lint
diff --git a/conda/conda.yml b/conda/conda.yml
@@ -15,29 +15,29 @@
 
 - name: Download Miniconda
   get_url:
-    url: https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
-    dest: /tmp/miniconda.sh
+        url: https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
+        dest: /tmp/miniconda.sh
 
 - name: Install Miniconda
   command: bash /tmp/miniconda.sh -b -p {{conda_vars.CONDA_DIR}}
   args:
-    creates: "{{conda_vars.CONDA_DIR}}/bin/conda"
+        creates: "{{conda_vars.CONDA_DIR}}/bin/conda"
 
 - name: Add Miniconda to PATH
   lineinfile:
-    path: /etc/profile
-    line: 'export PATH={{conda_vars.CONDA_DIR}}/bin:$PATH'
+        path: /etc/profile
+        line: 'export PATH={{conda_vars.CONDA_DIR}}/bin:$PATH'
   become: true
   become_user: root
 
 - name: Install conda-env role
   include_role:
-    name: andrewrothstein.conda-env
+        name: andrewrothstein.conda-env
   vars:
-    conda_env_conda_dir: "{{conda_vars.CONDA_DIR}}"
-    conda_env_name: "{{ conda_vars.ENV_NAME| quote }}"
-    conda_env_environment: conda_env.yml
-    conda_env_activate_for_login_shell: true
+        conda_env_conda_dir: "{{conda_vars.CONDA_DIR}}"
+        conda_env_name: "{{ conda_vars.ENV_NAME| quote }}"
+        conda_env_environment: conda_env.yml
+        conda_env_activate_for_login_shell: true
 
 - name: Adjust miniconda folder rights
   become: true
@@ -47,38 +47,38 @@
   become_user: "{{conda_vars.default_user}}"
   shell: 'timeout 1m bash -c ''source {{conda_vars.CONDA_DIR}}/bin/activate && conda config --add channels bioconda'''
   args:
-    executable: /bin/bash
+        executable: /bin/bash
 
 - name: Add conda-forge channel
   become_user: "{{conda_vars.default_user}}"
   shell: 'timeout 1m bash -c ''source {{conda_vars.CONDA_DIR}}/bin/activate && conda config --add channels conda-forge'''
   args:
-    executable: /bin/bash
+        executable: /bin/bash
 
 - name: Add anaconda channel
   become_user: "{{conda_vars.default_user}}"
   shell: 'timeout 1m bash -c ''source {{conda_vars.CONDA_DIR}}/bin/activate && conda config --add channels anaconda'''
   args:
-    executable: /bin/bash
+        executable: /bin/bash
 
 - name: Init .bashrc for conda
   become_user: "{{conda_vars.default_user}}"
   shell: 'timeout 1m bash -c ''source {{ conda_vars.CONDA_DIR}}/bin/activate && conda init'''
   args:
-    executable: /bin/bash
+        executable: /bin/bash
 
 - name: Create alias for environment
   become_user: "{{conda_vars.default_user}}"
   lineinfile:
-    path: "/home/{{conda_vars.default_user}}/.bashrc"
-    line: "alias {{conda_vars.ENV_NAME|quote}}='conda activate {{conda_vars.ENV_NAME|quote}}'"
+        path: "/home/{{conda_vars.default_user}}/.bashrc"
+        line: "alias {{conda_vars.ENV_NAME|quote}}='conda activate {{conda_vars.ENV_NAME|quote}}'"
 
 - name: Check for installed packages
   become_user: "{{conda_vars.default_user}}"
   shell: 'source {{conda_vars.CONDA_DIR}}/bin/activate && conda activate {{conda_vars.ENV_NAME|quote}} && conda list'
   register: added_packages
   args:
-    executable: /bin/bash
+        executable: /bin/bash
 
 - name: Install chosen packages
   become_user: "{{conda_vars.default_user}}"
@@ -87,6 +87,6 @@
     conda activate {{conda_vars.ENV_NAME|quote}} &&
     conda install --yes {{item.key}}={{item.value.version}}
   args:
-    executable: /bin/bash
+        executable: /bin/bash
   loop: "{{ q('dict', conda_vars.packages) }}"
   when: added_packages.stdout.find(item.key) == -1
diff --git a/generic/generic_post_tasks.yml b/generic/generic_post_tasks.yml
@@ -0,0 +1,15 @@
+---
+- name: POST_TASK  enable unattended upgrades
+  ansible.builtin.lineinfile:
+        path: /etc/apt/apt.conf.d/10periodic
+        regexp: ^APT::Periodic::Unattended-Upgrade
+        line: APT::Periodic::Unattended-Upgrade "1";
+        create: true
+- name: POST_TASK Start apt-daily.* systemd services
+  ansible.builtin.service:
+        name: "{{ item }}"
+        state: started
+  with_items:
+        - unattended-upgrades
+        - apt-daily
+        - apt-daily.timer
diff --git a/generic/generic_pre_tasks.yml b/generic/generic_pre_tasks.yml
@@ -0,0 +1,47 @@
+---
+- name: Populate service facts
+  ansible.builtin.service_facts:
+- name: Wait till Apt_Mirror de.NBI Bielefeld Service is done
+  ansible.builtin.service_facts:
+  until: services['de.NBI_Bielefeld_environment.service'].state == 'stopped'
+  retries: 35
+  delay: 10
+  when: services['de.NBI_Bielefeld_environment.service'] is defined
+
+- name: PRE_TASK Disable unattended upgrades
+  ansible.builtin.lineinfile:
+    path: /etc/apt/apt.conf.d/10periodic
+    regexp: ^APT::Periodic::Unattended-Upgrade
+    line: APT::Periodic::Unattended-Upgrade "0";
+    create: true
+- name: PRE_TASK Stop apt-daily.* systemd services
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: stopped
+  with_items:
+    - unattended-upgrades
+    - apt-daily
+    - apt-daily.timer
+    - apt-daily-upgrade
+    - apt-daily-upgrade.timer
+
+- name: PRE_TASK   Wait for automatic system updates 1
+  ansible.builtin.shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done;
+  changed_when: false
+
+- name: PRE_TASK  Wait for automatic system updates 2
+  ansible.builtin.shell: while sudo fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 1; done;
+  changed_when: false
+
+- name: PRE_TASK   Update apt cache
+  become: true
+  ansible.builtin.apt:
+    upgrade: true
+    update_cache: true
+    autoremove: true
+    autoclean: true
+
+- name: Pip
+  ansible.builtin.apt:
+    name: python3-pip
+    state: latest
diff --git a/guacamole/guacamole.yml b/guacamole/guacamole.yml
@@ -15,7 +15,7 @@
 
 - name: Install guacamole role
   ansible.builtin.include_role:
-    name: guacamole
+        name: guacamole
   when: not guacamole_vars.create_only_backend
 
 - name: Flush guacamole handlers
@@ -25,29 +25,29 @@
 - name: Setup password  for default ubuntu user - standard
   become: true
   ansible.builtin.user:
-    name: "{{ guacamole_vars.default_user }}"
-    password: "{{ guacamole_vars.default_password | password_hash('sha512') }}"
-    update_password: always
-    password_lock: false
+        name: "{{ guacamole_vars.default_user }}"
+        password: "{{ guacamole_vars.default_password | password_hash('sha512') }}"
+        update_password: always
+        password_lock: false
 
 - name: Restart xrdp
   ansible.builtin.systemd:
-    name: xrdp
-    enabled: true
-    state: restarted
+        name: xrdp
+        enabled: true
+        state: restarted
 
 - name: Restart guacd
   ansible.builtin.systemd:
-    name: guacd
-    enabled: true
-    state: restarted
+        name: guacd
+        enabled: true
+        state: restarted
 
 - name: Restart Tomcat
   ansible.builtin.systemd:
-    name: tomcat9
-    enabled: true
-    state: restarted
+        name: tomcat9
+        enabled: true
+        state: restarted
 
 - name: Reload systemd
   ansible.builtin.systemd:
-    daemon_reload: true
+        daemon_reload: true
diff --git a/guacamole/roles/guacamole/tasks/010-guacamole.yml b/guacamole/roles/guacamole/tasks/010-guacamole.yml
@@ -1,6 +1,6 @@
 ---
 - name: Add Jammy repository for ubuntu 24
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb http://archive.ubuntu.com/ubuntu/ jammy main universe"
     state: present
 - name: Install needed libraries and tools

diff --git a/packer/packer_resenvs.yml b/packer/packer_resenvs.yml
@@ -8,58 +8,8 @@
     bielefeld_mirror_service_exist: false
     resenv: guacamole
   pre_tasks:
-    - name: PRE_TASK Wait for cloud-init / user-data to finish
-      ansible.builtin.command: cloud-init status --wait
-      changed_when: false
-
-    - name: Populate service facts
-      ansible.builtin.service_facts:
-    - name: Wait till Apt_Mirror de.NBI Bielefeld Service is done
-      ansible.builtin.service_facts:
-      until: services['de.NBI_Bielefeld_environment.service'].state == 'stopped'
-      retries: 35
-      delay: 10
-      when: services['de.NBI_Bielefeld_environment.service'] is defined
-
-    - name: PRE_TASK Disable unattended upgrades
-      ansible.builtin.lineinfile:
-        path: /etc/apt/apt.conf.d/10periodic
-        regexp: ^APT::Periodic::Unattended-Upgrade
-        line: APT::Periodic::Unattended-Upgrade "0";
-        create: true
-    - name: PRE_TASK Stop apt-daily.* systemd services
-      ansible.builtin.service:
-        name: "{{ item }}"
-        state: stopped
-      with_items:
-        - unattended-upgrades
-        - apt-daily
-        - apt-daily.timer
-        - apt-daily-upgrade
-        - apt-daily-upgrade.timer
-
-    - name: PRE_TASK   Wait for automatic system updates 1
-      ansible.builtin.shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done;
-      changed_when: false
-
-    - name: PRE_TASK  Wait for automatic system updates 2
-      ansible.builtin.shell: while sudo fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 1; done;
-      changed_when: false
-
-    - name: PRE_TASK   Update apt cache
-      become: true
-      ansible.builtin.apt:
-        upgrade: true
-        update_cache: true
-        autoremove: true
-        autoclean: true
-
-
-    - name: Pip
-      ansible.builtin.apt:
-        name: python3-pip
-        state: latest
-
+    - name: Generic PRE Tasks
+      ansible.builtin.import_tasks: ../generic/generic_pre_tasks.yml
 
   tasks:
     - name: Include {{ resenv }} variables
@@ -70,17 +20,5 @@
       ansible.builtin.import_tasks: ../{{ resenv }}/{{ resenv }}.yml
 
   post_tasks:
-    - name: POST_TASK  enable unattended upgrades
-      ansible.builtin.lineinfile:
-        path: /etc/apt/apt.conf.d/10periodic
-        regexp: ^APT::Periodic::Unattended-Upgrade
-        line: APT::Periodic::Unattended-Upgrade "1";
-        create: true
-    - name: POST_TASK Start apt-daily.* systemd services
-      ansible.builtin.service:
-        name: "{{ item }}"
-        state: started
-      with_items:
-        - unattended-upgrades
-        - apt-daily
-        - apt-daily.timer
+    - name: Generic POST Tasks
+      ansible.builtin.import_tasks: ../generic/generic_post_tasks.yml
diff --git a/rstudio/rstudio.yml b/rstudio/rstudio.yml
@@ -16,53 +16,53 @@
 - name: Setup password for default user
   become: true
   ansible.builtin.user:
-    name: "{{ rstudio_vars.default_user }}"
-    password: "{{ rstudio_vars.default_password | password_hash('sha512') }}"
-    update_password: always
-    password_lock: false
+        name: "{{ rstudio_vars.default_user }}"
+        password: "{{ rstudio_vars.default_password | password_hash('sha512') }}"
+        update_password: always
+        password_lock: false
 
 
 - name: Install R role
   include_role:
-    name: oefenweb.latest_r
+        name: oefenweb.latest_r
   when: not rstudio_vars.create_only_backend
 
 - name: Install rstudio-server role
   include_role:
-    name: oefenweb.rstudio_server
+        name: oefenweb.rstudio_server
   vars:
-    rstudio_install: [ r-base ]
-    rstudio_server_version: "{{ rstudio_vars.RSTUDIO_VERSION | replace('v', '') | replace('+', '-') }}"
+        rstudio_install: [r-base]
+        rstudio_server_version: "{{ rstudio_vars.RSTUDIO_VERSION | replace('v', '') | replace('+', '-') }}"
   when: not rstudio_vars.create_only_backend
 - name: Install essential system packages
   ansible.builtin.apt:
-    name:
-      - build-essential
-      - libcurl4-openssl-dev
-      - libssl-dev
-      - zlib1g-dev
-      - libpng-dev
-      - libjpeg-dev
-      - libtiff-dev
-      - libfreetype6-dev
-      - libfontconfig1-dev
-      - libmysqlclient-dev
-      - libsqlite3-dev
-      - libpq-dev
-      - libfribidi-dev
-      - libharfbuzz-dev
-      - libxml2-dev
-      - cmake
-    state: present
-  become: yes
+        name:
+              - build-essential
+              - libcurl4-openssl-dev
+              - libssl-dev
+              - zlib1g-dev
+              - libpng-dev
+              - libjpeg-dev
+              - libtiff-dev
+              - libfreetype6-dev
+              - libfontconfig1-dev
+              - libmysqlclient-dev
+              - libsqlite3-dev
+              - libpq-dev
+              - libfribidi-dev
+              - libharfbuzz-dev
+              - libxml2-dev
+              - cmake
+        state: present
+  become: true
 
 - name: Copy session file if also installing rstudio
   ansible.builtin.copy:
-    content: session-timeout-minutes=180
-    dest: "{{ rstudio_vars.RSESSION_FILE_PATH }}"
-    mode: "0644"
-    owner: root
-    group: root
+        content: session-timeout-minutes=180
+        dest: "{{ rstudio_vars.RSESSION_FILE_PATH }}"
+        mode: "0644"
+        owner: root
+        group: root
   when: not rstudio_vars.create_only_backend
 
 - name: Flush rstudio handlers