break out logic into separate files; improve data structure that maps localhost to system-specific settings

6 years ago · c2c4b4cb1e
parent 3cb92532c1
commit c2c4b4cb1e
4 changed files with 94 additions and 86 deletions
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -1,27 +1,25 @@
 ---
 ### Switch to non-default user as soon as possible if possible
 #- name: does primary login user exist?
 #  local_action: "command ssh -q -o ConnectTimeout=3 -l {{ create_users[0].name }} {{ inventory_hostname }} /bin/true"
 #  register: user_exists
 #  ignore_errors: true
 #  changed_when: false
 #
 #- name: switch remote_user if possible
 #  remote_user: "{{ user_exists | success | ternary(omit, create_users[0].name) }}"
 #  command: "/bin/true"
 #  changed_when: false
-### Set hostname
+# Basic hostname setup
 - name: Get MAC address
  debug: msg="{{ hostvars[inventory_hostname].ansible_default_ipv4.macaddress }}"
 - name: store MAC address
  set_fact:
    my_macaddr: "{{ hostvars[inventory_hostname].ansible_default_ipv4.macaddress }}"
 - name: set hostname
-  hostname: name={{ inventory_hostname }}
+  hostname: name={{ macaddrs[my_macaddr].hostname }}
-  when: inventory_hostname is defined and ansible_nodename is defined
+  when: my_macaddr in macaddrs
 - name: update /etc/hosts with new hostname
  lineinfile:
    dest=/etc/hosts
    regexp="^{{ ansible_default_ipv4.address }}"
-    line="{{ ansible_default_ipv4.address }}{{'\t'}}{{ inventory_hostname }}.local{{'\t'}}{{ inventory_hostname }}"
+    line="{{ ansible_default_ipv4.address }}{{'\t'}}{{ macaddrs[my_macaddr].hostname }}.local{{'\t'}}{{ macaddrs[my_macaddr].hostname }}"
    state=present
  when: my_macaddr in macaddrs
 - name: get rid of default 127.0.1.1 binding
  lineinfile:
@ -29,16 +27,8 @@
    regexp="^127.0.1.1"
    state=absent
-### Configure /etc/hosts
+# Set timezone
- name: ensure that all local hosts are in /etc/hosts
+- name: set /etc/timezone
  lineinfile:
    dest=/etc/hosts
    line="{{ item.ip }}{{'\t'}}{{ item.name }}.local{{'\t'}}{{ item.name }}"
    state=present
  with_items: "{{etc_hosts_contents}}"
 ### Set timezone
 - name: set /etc/timezone to America/Los_Angeles
  copy: src=etc/timezone
        dest=/etc/timezone
        owner=root
@ -48,59 +38,6 @@
  notify:
      - changed timezone
-### Uninstall Raspbian bloat
+# Other tasks
- name: remove raspbian bloat
+- include: software.yml
-  apt:
+- include: users.yml
    name="{{ item }}"
    state=absent
  with_items:
    - wolfram-engine
    - libreoffice*
    - scratch
    - minecraft-pi
    - python-minecraftpi 
    - python3-minecraftpi
    - sonic-pi
    - dillo
    - gpiciew
    - penguinspuzzle
 ### Install required software
 - name: install basic software environment
  apt:
    name="{{ item }}"
    state=present
    update_cache=yes
  with_items:
    - vim
    - git
    - python-pip
 ### Create user accounts
 - name: create users
  user: name="{{ item.name }}"
        comment="{{ item.comment }}"
        group="{{ item.group }}"
        groups="{{ item.groups }}"
        uid="{{ item.uid }}"
        state=present
        shell=/bin/bash
  with_items: "{{ create_users }}"
  tags: [ 'users' ]
 - name: install ssh pubkeys for new users
  authorized_key: user="{{ item.name }}"
                  key="{{ item.pubkey }}"
                  state=present
  with_items: "{{ create_users }}"
  tags: [ 'users' ]
 ### disable the 'pi' user's ability to login in with password
 ### if you enable this, you may lock yourself out--you must make sure another
 ### user has been added with both sudo privileges and a password by which
 ### sudo can be authenticated
 #- name: disable 'pi' user
 #  user: name="pi"
 #        password="*"
 #        state=present
 #  tags: [ 'users' ]
--- a/roles/common/tasks/software.yml
+++ b/roles/common/tasks/software.yml
@ -0,0 +1,31 @@
 ---
 ### Uninstall Raspbian bloat
 - name: remove raspbian bloat
  apt:
    name="{{ packages }}"
    state=absent
  vars:
    packages:
      - wolfram-engine
      - libreoffice*
      - scratch
      - minecraft-pi
      - python-minecraftpi 
      - python3-minecraftpi
      - sonic-pi
      - dillo
      - gpiciew
      - penguinspuzzle
 ### Install required software
 - name: install basic software environment
  apt:
    name="{{ packages }}"
    state=present
    update_cache=yes
  vars:
    packages:
      - vim
      - git
      - python-pip
--- a/roles/common/tasks/users.yml
+++ b/roles/common/tasks/users.yml
@ -0,0 +1,41 @@
 ---
 ### Switch to non-default user as soon as possible if possible
 #- name: does primary login user exist?
 #  local_action: "command ssh -q -o ConnectTimeout=3 -l {{ create_users[0].name }} {{ inventory_hostname }} /bin/true"
 #  register: user_exists
 #  ignore_errors: true
 #  changed_when: false
 #
 #- name: switch remote_user if possible
 #  remote_user: "{{ user_exists | success | ternary(omit, create_users[0].name) }}"
 #  command: "/bin/true"
 #  changed_when: false
 ### Create user accounts
 - name: create users
  user: name="{{ item.name }}"
        comment="{{ item.comment }}"
        group="{{ item.group }}"
        groups="{{ item.groups }}"
        uid="{{ item.uid }}"
        state=present
        shell=/bin/bash
  with_items: "{{ create_users }}"
  tags: [ 'users' ]
 - name: install ssh pubkeys for new users
  authorized_key: user="{{ item.name }}"
                  key="{{ item.pubkey }}"
                  state=present
  with_items: "{{ create_users }}"
  tags: [ 'users' ]
 ### disable the 'pi' user's ability to login in with password
 ### if you enable this, you may lock yourself out--you must make sure another
 ### user has been added with both sudo privileges and a password by which
 ### sudo can be authenticated
 #- name: disable 'pi' user
 #  user: name="pi"
 #        password="*"
 #        state=present
 #  tags: [ 'users' ]
--- a/roles/common/vars/main.yml
+++ b/roles/common/vars/main.yml
@ -1,9 +1,8 @@
 ---
-### Hosts that must be present in /etc/hosts
+macaddrs:
-etc_hosts_contents:
+    b8:27:eb:39:d7:57:
-  - { name: 'clovermill',  ip: '192.168.1.149' }
+        hostname: "clovermine"
-  - { name: 'cloverfield', ip: '192.168.1.153' }
+        ip: "192.168.1.154"
  - { name: 'clovermine',  ip: '192.168.1.154' }
 ### Users that must be present on the system
 create_users: