--- - name: Test connection ping: tags: - maintenance - name: Ensure /etc/profile.d/ exists file: path: "/etc/profile.d/" owner: root state: directory become: yes tags: - maintenance - name: Set terminal color vars: terminal_env_playbook: "{{terminal_env | default('not provided', true) }}" template: src: terminalcolor dest: "/etc/profile.d/termcolor.sh" mode: a+x become: true tags: - maintenance - name: Set MOTD template: src: motd dest: /etc/motd become: true tags: - maintenance - name: Set hostname command: hostname {{hostname}} become: true tags: - maintenance - name: Set hostname in /etc/hosts lineinfile: dest: "/etc/hosts" line: "127.0.0.1 {{hostname}}" state: present insertafter: "127.0.0.1 localhost" become: true tags: - maintenance - name: update /etc/hostname copy: content: "{{hostname}}" dest: /etc/hostname become: true tags: - maintenance - name: Set hostname for systemd hostname: name: "{{hostname}}" use: systemd become: true tags: - maintenance - name: install aptitude apt: pkg: aptitude state: present become: true tags: - maintenance - name: apt-get update apt: update_cache=yes cache_valid_time=86400 become: true tags: - upgrade - maintenance - name: Add ppa:ondrej/nginx apt repository for TLS 1.3 apt_repository: repo: ppa:ondrej/nginx - name: /usr/lib/update-notifier/apt-check --human-readable command: /usr/lib/update-notifier/apt-check --human-readable tags: - upgrade - maintenance register: out - name: Creates /opt/subspace file: path: /opt/subspace state: directory become: true tags: - maintenance - upgrade - name: Save updates to /opt/subspace/updates.log lineinfile: path: /opt/subspace/updates.log line: "[{{ out.end }}]\n{{ out.stdout }}" insertafter: EOF create: yes become: true tags: - maintenance - upgrade - name: apt-get upgrade apt: upgrade=full become: true tags: - maintenance - upgrade - name: apt-get autoremove apt: autoremove: true become: true tags: - maintenance - upgrade - name: Get os_upgrades stats shell: cmd: | sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month grep 'packages' | # Only lines matching 'packages' grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines awk '{s+=$1} END {print s}' # Sum all the lines args: chdir: /opt/subspace register: stats_os_upgrades when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: Send os_upgrades stats to URL uri: url: "{{stats_url}}" method: POST headers: X-API-Version: 1 X-Client-Api-key: "{{stats_api_key}}" body_format: json body: client_stat: key: os_upgrades value: "{{stats_os_upgrades.stdout}}" hostname: "{{hostname}}" when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: Get os_security_upgrades stats shell: cmd: | sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month grep 'security' | # Only lines matching 'security' grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines awk '{s+=$1} END {print s}' # Sum all the lines args: chdir: /opt/subspace register: stats_os_security_upgrades when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: Send os_security_upgrades stats to URL uri: url: "{{stats_url}}" method: POST headers: X-API-Version: 1 X-Client-Api-key: "{{stats_api_key}}" body_format: json body: client_stat: key: os_security_upgrades value: "{{stats_os_security_upgrades.stdout}}" hostname: "{{hostname}}" when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: Clear updates.log file: path: /opt/subspace/updates.log state: absent when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: set timezone to America/Chicago timezone: name: America/Chicago tags: - maintenance - name: Add deploy user user: name: "{{deploy_user}}" state: present generate_ssh_key: yes shell: /bin/bash become: true tags: - maintenance - name: Add deploy user to adm group so it can view logs in /var/log user: name: "{{deploy_user}}" append: yes groups: "adm" become: true tags: - maintenance - name: Add sudoers.d file so that deploy can restart services without entering password. copy: src: sudoers-service dest: /etc/sudoers.d/service become: true tags: - maintenance - name: Update authorized_keys for deploy user copy: src: authorized_keys dest: "/home/{{deploy_user}}/.ssh/authorized_keys" owner: "{{deploy_user}}" become: true tags: - authorized_keys - maintenance - name: Create directory to which to deploy file: path: /u/apps/{{project_name}} owner: "{{deploy_user}}" state: directory become: true tags: - maintenance - name: Grab OS version shell: uname --kernel-release register: stats_os_version when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: Send OS stats to URL uri: url: "{{stats_url}}" method: POST headers: X-API-Version: 1 X-Client-Api-key: "{{stats_api_key}}" body_format: json body: client_stat: key: os_version value: "{{stats_os_version.stdout}}" hostname: "{{hostname}}" when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - import_tasks: swap.yml