--- - name: Test connection ping: tags: - maintenance - name: Ensure /etc/profile.d/ exists file: path: "/etc/profile.d/" owner: root state: directory become: yes tags: - maintenance - name: Set terminal color vars: terminal_env_playbook: "{{terminal_env | default('not provided', true) }}" template: src: terminalcolor dest: "/etc/profile.d/termcolor.sh" mode: a+x become: true tags: - maintenance - name: Set MOTD template: src: motd dest: /etc/motd become: true tags: - maintenance - name: Set hostname command: hostname {{hostname}} become: true tags: - maintenance - name: Set hostname in /etc/hosts lineinfile: dest: "/etc/hosts" line: "127.0.0.1 {{hostname}}" state: present insertafter: "127.0.0.1 localhost" become: true tags: - maintenance - name: update /etc/hostname copy: content: "{{hostname}}" dest: /etc/hostname become: true tags: - maintenance - name: Set hostname for systemd hostname: name: "{{hostname}}" use: systemd become: true tags: - maintenance - name: apt-get update apt: update_cache=yes cache_valid_time=86400 become: true tags: - upgrade - maintenance ignore_errors: yes - name: install aptitude apt: pkg: aptitude state: present become: true tags: - maintenance - name: "Ensure systemd is installed" apt: name: systemd state: latest update_cache: yes - name: Add ppa:ondrej/nginx apt repository for TLS 1.3 apt_repository: repo: ppa:ondrej/nginx - name: /usr/lib/update-notifier/apt-check --human-readable command: /usr/lib/update-notifier/apt-check --human-readable tags: - upgrade - maintenance register: out - name: Creates /opt/subspace file: path: /opt/subspace state: directory become: true tags: - maintenance - upgrade - name: Save updates to /opt/subspace/updates.log lineinfile: path: /opt/subspace/updates.log line: "[{{ out.end }}]\n{{ out.stdout }}" insertafter: EOF create: yes become: true tags: - maintenance - upgrade - name: apt-get upgrade apt: upgrade=full become: true tags: - maintenance - upgrade - name: apt-get autoremove apt: autoremove: true become: true tags: - maintenance - upgrade - name: Install acl so ansible can become a non-privileged user apt: pkg: acl state: present become: true - name: Get os_upgrades stats shell: cmd: | sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month grep 'packages\|immediately' | # Only lines matching 'packages' or 'immediately' grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines awk '{s+=$1} END {print s}' # Sum all the lines args: chdir: /opt/subspace register: stats_os_upgrades when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: Send os_upgrades stats to URL uri: url: "{{stats_url}}" method: POST headers: X-API-Version: 1 X-Client-Api-key: "{{stats_api_key}}" body_format: json body: client_stat: key: os_upgrades value: "{{stats_os_upgrades.stdout}}" hostname: "{{hostname}}" when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_upgrades.stdout | length > 0) tags: - maintenance - stats - name: Get unattended security updates shell: cmd: cat /var/log/unattended-upgrades/unattended-upgrades.log | grep "Packages that will be upgraded:" | grep $(date '+%Y-%m') | cut -d " " -f 9- | wc -w register: out tags: - maintenance - stats - name: get current date as month shell: cmd: date '+%Y-%m' register: current_month tags: - maintenance - stats - name: Save unattended updates to /opt/subspace/updates.log lineinfile: path: /opt/subspace/updates.log line: "[{{current_month.stdout}}]\n{{ out.stdout }} unattended security updates" insertafter: EOF create: yes become: true tags: - maintenance - stats when: out.stdout != "0" - name: Update unattended-upgrades.log shell: cmd: perl -i -pe 's/Packages that will be upgraded:/Packages already upgraded and logged in Subspace:/smg' /var/log/unattended-upgrades/unattended-upgrades.log become: true tags: - maintenance - stats - name: Get os_security_upgrades stats shell: cmd: | grep -A 1 $(date +%Y-%m) updates.log | # Groups of lines from the current month grep 'security' | # Only lines matching 'security' awk '{s+=$1} END {print s}' # Sum all the lines args: chdir: /opt/subspace register: stats_os_security_upgrades when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: Send os_security_upgrades stats to URL uri: url: "{{stats_url}}" method: POST headers: X-API-Version: 1 X-Client-Api-key: "{{stats_api_key}}" body_format: json body: client_stat: key: os_security_upgrades value: "{{stats_os_security_upgrades.stdout}}" hostname: "{{hostname}}" when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_security_upgrades.stdout | length > 0) tags: - maintenance - stats - name: Clear updates.log file: path: /opt/subspace/updates.log state: absent when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: set timezone timezone: name: "{{timezone}}" tags: - maintenance - name: Add deploy user user: name: "{{deploy_user}}" state: present generate_ssh_key: yes shell: /bin/bash become: true tags: - maintenance - name: Add deploy user to adm group so it can view logs in /var/log user: name: "{{deploy_user}}" append: yes groups: "adm" become: true tags: - maintenance - name: Add sudoers.d file so that deploy can restart services without entering password. copy: src: sudoers-service dest: /etc/sudoers.d/service become: true tags: - maintenance - name: Update authorized_keys for deploy user copy: src: templates/authorized_keys dest: "/home/{{deploy_user}}/.ssh/authorized_keys" owner: "{{deploy_user}}" become: true tags: - authorized_keys - maintenance - name: Create directory to which to deploy file: path: /u/apps/{{project_name}} owner: "{{deploy_user}}" state: directory become: true tags: - maintenance - name: Grab OS version shell: uname -rv register: stats_os_version when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - name: Send OS stats to URL uri: url: "{{stats_url}}" method: POST headers: X-API-Version: 1 X-Client-Api-key: "{{stats_api_key}}" body_format: json body: client_stat: key: os_version value: "{{stats_os_version.stdout}}" hostname: "{{hostname}}" when: send_stats == true and stats_url is defined and stats_api_key is defined tags: - maintenance - stats - import_tasks: swap.yml when: swap_space is defined - import_tasks: no_swap.yml when: swap_space is not defined