unify local and remote mode of operation

2025-04-20 01:11:38 +02:00 · 2020-07-27 20:43:34 -07:00 · 2020-07-27 20:43:34 -07:00 · 36a0a9996d
commit 36a0a9996d
parent 621dd3feb4
8 changed files with 143 additions and 106 deletions
--- a/README.md
+++ b/README.md
@ -34,10 +34,24 @@ which pollutes your login Python environment, but is better than nothing.

 ## Configuration

-The `macaddrs` structure in _roles/common/vars/main.yml_ maps the MAC address of
-a Raspberry Pi to its intended configuration state.  Add your Raspberry Pi's MAC
-address (specifically for `eth0` if your RPi has multiple NICs) to that
-structure and set its configuration accordingly.
+This playbook can be run on localhost or against one or more remote hosts.  The
+former is good for a bare Raspberry Pi that was freshly provisioned using NOOBS
+or the like, as you don't need a second host to act as the provisioning host.
+The latter is the conventional way in which ansible is typically run and makes
+more sense if you want to configure a bunch of Raspberry Pis.
+
+### Local Mode
+
+Edit `local.yml` and add the mac address of `eth0` for the Raspberry Pi to
+configure to the `macaddrs` variable.  Its key should be a mac address (all
+lower case) and the value should be the short hostname of that system.  Each
+such entry's short hostname must match a file in the `host_vars/` directory.
+
+### All modes
+
+The contents of each file in `host_vars/` is the intended configuration state
+for each Raspberry Pi.  Look at one of the examples included to get a feel for
+the configurations available.

 To add local users, create and edit `roles/common/vars/users.yml`.  Follow the
 structure in `roles/common/vars/users.yml.example`.  You can/should
@ -45,13 +59,23 @@ structure in `roles/common/vars/users.yml.example`.  You can/should

 ## Running the playbook

+### Local Mode
+
 Then run the playbook:

-    (ansible_env) $ ansible-playbook --ask-vault-pass --become --become-user root --ask-become-pass ./local.yml
+    (ansible_env) $ ansible-playbook --ask-vault-pass --become --become-user root --ask-become-pass --inventory hosts ./local.yml

 The playbook will self-discover its settings, then idempotently configure the
 Raspberry Pi.

+### Remote Mode
+
+This is similar to local mode:
+
+    (ansible_env) $ ansible-playbook --ask-vault-pass --inventory hosts.remote ./remote.yml
+
+The playbook follows the same code path.
+
 ## After running the playbook

 This playbook purposely requires a few manual steps _after_ running the playbook
@ -90,17 +114,6 @@ The format expected in `roles/common/vars/main.yml` is something like
              - etc/ssh/ssh_host_ecdsa_key.cloverdale
              - etc/ssh/ssh_host_ed25519_key.cloverdale

-### Remote mode
-
-The playbooks can also be run in a traditional remote mode:
-
-    $ ansible-playbook --ask-become-pass --ask-vault-pass --inventory hosts.remote ./remote.yml
-
-At present this does _not_ make use of hostvars; this is because the playbook
-started out designed to be run against localhost and the playbook
-self-identifies the system and fetches configuration variables from
-`roles/common/vars/main.yml` based on that.
-
 ## Acknowledgment

 I stole a lot of knowledge from https://github.com/giuaig/ansible-raspi-config/.
--- a/host_vars/cloverdale
+++ b/host_vars/cloverdale
@ -0,0 +1,25 @@
+---
+macaddr: "dc:a6:32:8c:8a:53"
+hostname: "cloverdale"
+domain: "local"
+locale: "en_US.UTF-8"
+timezone: "America/Los_Angeles"
+xkblayout: "us"
+wifi_country: "US"
+enable_gui: True
+enable_autologin: False
+enable_bootwait: False
+enable_bootsplash: False
+enable_camera: False
+enable_vnc: False
+enable_spi: False
+enable_i2c: False
+enable_serial: True
+enable_serial_hw: True
+enable_onewire: False
+enable_rgpio: False
+ssh_host_key_files:
+  - etc/ssh/ssh_host_rsa_key.cloverdale
+  - etc/ssh/ssh_host_dsa_key.cloverdale
+  - etc/ssh/ssh_host_ecdsa_key.cloverdale
+  - etc/ssh/ssh_host_ed25519_key.cloverdale
--- a/host_vars/cloverleaf
+++ b/host_vars/cloverleaf
@ -0,0 +1,28 @@
+---
+macaddr: "b8:27:eb:ff:35:c7"
+hostname: "cloverleaf"
+domain: "local"
+locale: "en_US.UTF-8"
+timezone: "America/Los_Angeles"
+xkblayout: "us"
+enable_gui: False
+enable_autologin: False
+enable_bootwait: True
+enable_bootsplash: False
+enable_camera: False
+enable_vnc: False
+enable_spi: False
+enable_i2c: False
+enable_serial: True
+enable_serial_hw: True
+enable_onewire: False
+enable_rgpio: False
+ssh_host_key_files:
+  - etc/ssh/ssh_host_rsa_key.cloverleaf
+  - etc/ssh/ssh_host_dsa_key.cloverleaf
+  - etc/ssh/ssh_host_ecdsa_key.cloverleaf
+  - etc/ssh/ssh_host_ed25519_key.cloverleaf
+extra_software:
+  - "w3m"
+  - "irssi"
+  - "screen"
--- a/host_vars/clovermine
+++ b/host_vars/clovermine
@ -0,0 +1,25 @@
+---
+macaddr: "b8:27:eb:6c:82:02"
+hostname: "clovermine"
+domain: "local"
+locale: "en_US.UTF-8"
+timezone: "America/Los_Angeles"
+xkblayout: "us"
+wifi_country: "US"
+enable_gui: True
+enable_autologin: False
+enable_bootwait: False
+enable_bootsplash: False
+enable_camera: False
+enable_vnc: False
+enable_spi: False
+enable_i2c: False
+enable_serial: True
+enable_serial_hw: True
+enable_onewire: False
+enable_rgpio: False
+darshan_dev: True
+extra_software:
+  - "libglib2.0-dev"
+  - "libncurses-dev"
+  - "libperl-dev"
--- a/hosts.remote
+++ b/hosts.remote
@ -1,4 +1,4 @@
 [raspberrypi]
-cloverdale.local
-cloverleaf.local
-clovermine.local
+cloverdale ansible_host=cloverdale.local
+cloverleaf ansible_host=cloverleaf.local
+clovermine ansible_host=clovermine.local
--- a/local.yml
+++ b/local.yml
@ -3,5 +3,11 @@
  hosts: localhost
  user: root
  connection: local
+  vars:
+    macaddrs:
+        # mac address of eth0 -> hostname; used to identify self when run against localhost
+        dc:a6:32:8c:8a:53: "cloverdale"
+        b8:27:eb:6c:82:02: "clovermine"
+        b8:27:eb:ff:35:c7: "cloverleaf"
  roles:
    - common
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -1,22 +1,31 @@
 ---

-# Gather facts specific to the Raspberry Pi platform
- include: raspi-facts.yml
- include: linux-facts.yml
-
-# Basic hostname setup
- name: Get MAC address
-  debug: 
-    msg: "{{ hostvars[inventory_hostname].ansible_eth0.macaddress }}"
+# Self identify and load config - this allows the playbook to run on either
+# localhost or a remote host
+- name: store MAC address for eth0
+  set_fact:
+    my_macaddr: "{{ hostvars[inventory_hostname].ansible_eth0.macaddress }}"
+  when: inventory_hostname == 'localhost'
  tags:
    - raspi
    - sw
    - sshd
    - motd

- name: store MAC address
+- name: self-identify based on mac address (local mode)
  set_fact:
-    my_macaddr: "{{ hostvars[inventory_hostname].ansible_eth0.macaddress }}"
+    myhostname: "{{ macaddrs[my_macaddr] }}"
+  when: inventory_hostname_short == 'localhost'
+  tags:
+    - raspi
+    - sw
+    - sshd
+    - motd
+
+- name: self-identify based on mac address (remote mode)
+  set_fact:
+    myhostname: "{{ inventory_hostname_short }}"
+  when: "inventory_hostname_short != 'localhost'"
  tags:
    - raspi
    - sw
@ -25,13 +34,20 @@

 - name: store system configuration
  set_fact:
-    myconfig: "{{ macaddrs[my_macaddr] }}"
+    myconfig: "{{ hostvars[myhostname] }}"
  tags:
    - raspi
    - sw
    - sshd
    - motd

+- debug:
+    var: myconfig
+
+# Gather facts specific to the Raspberry Pi platform
+- include: raspi-facts.yml
+- include: linux-facts.yml
+
 - name: set hostname
  shell: "raspi-config nonint do_hostname {{ myconfig.hostname }}"
  when: raspi_hostname != myconfig.hostname
--- a/roles/common/vars/main.yml
+++ b/roles/common/vars/main.yml
@ -1,77 +1 @@
 ---
-macaddrs:
-    dc:a6:32:8c:8a:53:
-        hostname: "cloverdale"
-        domain: "local"
-        locale: "en_US.UTF-8"
-        timezone: "America/Los_Angeles"
-        xkblayout: "us"
-        wifi_country: "US"
-        enable_gui: True
-        enable_autologin: False
-        enable_bootwait: False
-        enable_bootsplash: False
-        enable_camera: False
-        enable_vnc: False
-        enable_spi: False
-        enable_i2c: False
-        enable_serial: True
-        enable_serial_hw: True
-        enable_onewire: False
-        enable_rgpio: False
-        ssh_host_key_files:
-          - etc/ssh/ssh_host_rsa_key.cloverdale
-          - etc/ssh/ssh_host_dsa_key.cloverdale
-          - etc/ssh/ssh_host_ecdsa_key.cloverdale
-          - etc/ssh/ssh_host_ed25519_key.cloverdale
-    b8:27:eb:6c:82:02:
-        hostname: "clovermine"
-        domain: "local"
-        locale: "en_US.UTF-8"
-        timezone: "America/Los_Angeles"
-        xkblayout: "us"
-        wifi_country: "US"
-        enable_gui: True
-        enable_autologin: False
-        enable_bootwait: False
-        enable_bootsplash: False
-        enable_camera: False
-        enable_vnc: False
-        enable_spi: False
-        enable_i2c: False
-        enable_serial: True
-        enable_serial_hw: True
-        enable_onewire: False
-        enable_rgpio: False
-        darshan_dev: True
-        extra_software:
-          - "libglib2.0-dev"
-          - "libncurses-dev"
-          - "libperl-dev"
-    b8:27:eb:ff:35:c7:
-        hostname: "cloverleaf"
-        domain: "local"
-        locale: "en_US.UTF-8"
-        timezone: "America/Los_Angeles"
-        xkblayout: "us"
-        enable_gui: False
-        enable_autologin: False
-        enable_bootwait: True
-        enable_bootsplash: False
-        enable_camera: False
-        enable_vnc: False
-        enable_spi: False
-        enable_i2c: False
-        enable_serial: True
-        enable_serial_hw: True
-        enable_onewire: False
-        enable_rgpio: False
-        ssh_host_key_files:
-          - etc/ssh/ssh_host_rsa_key.cloverleaf
-          - etc/ssh/ssh_host_dsa_key.cloverleaf
-          - etc/ssh/ssh_host_ecdsa_key.cloverleaf
-          - etc/ssh/ssh_host_ed25519_key.cloverleaf
-        extra_software:
-          - "w3m"
-          - "irssi"
-          - "screen"