---
- name: Test connection
ping:
tags:
- maintenance
- name: Ensure /etc/profile.d/ exists
file:
path: "/etc/profile.d/"
owner: root
state: directory
become: yes
tags:
- maintenance
- name: Set terminal color
vars:
terminal_env_playbook: "{{terminal_env | default('not provided', true) }}"
template:
src: terminalcolor
dest: "/etc/profile.d/termcolor.sh"
mode: a+x
become: true
tags:
- maintenance
- name: Set MOTD
template:
src: motd
dest: /etc/motd
become: true
tags:
- maintenance
- name: Set hostname
command: hostname {{hostname}}
become: true
tags:
- maintenance
- name: Set hostname in /etc/hosts
lineinfile:
dest: "/etc/hosts"
line: "127.0.0.1 {{hostname}}"
state: present
insertafter: "127.0.0.1 localhost"
become: true
tags:
- maintenance
- name: update /etc/hostname
copy:
content: "{{hostname}}"
dest: /etc/hostname
become: true
tags:
- maintenance
- name: Set hostname for systemd
hostname:
name: "{{hostname}}"
use: systemd
become: true
tags:
- maintenance
- name: install aptitude
apt:
pkg: aptitude
state: present
become: true
tags:
- maintenance
- name: Add ppa:ondrej/nginx apt repository for TLS 1.3
apt_repository:
repo: ppa:ondrej/nginx
- name: apt-get update
apt: update_cache=yes cache_valid_time=86400
become: true
tags:
- upgrade
- maintenance
- name: /usr/lib/update-notifier/apt-check --human-readable
command: /usr/lib/update-notifier/apt-check --human-readable
tags:
- upgrade
- maintenance
register: out
- name: Creates /opt/subspace
file:
path: /opt/subspace
state: directory
become: true
tags:
- maintenance
- upgrade
- name: Save updates to /opt/subspace/updates.log
lineinfile:
path: /opt/subspace/updates.log
line: "[{{ out.end }}]\n{{ out.stdout }}"
insertafter: EOF
create: yes
become: true
tags:
- maintenance
- upgrade
- name: apt-get upgrade
apt: upgrade=full
become: true
tags:
- maintenance
- upgrade
- name: apt-get autoremove
apt:
autoremove: true
become: true
tags:
- maintenance
- upgrade
- name: Get os_upgrades stats
shell:
cmd: |
sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
grep 'packages' | # Only lines matching 'packages'
grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
awk '{s+=$1} END {print s}' # Sum all the lines
args:
chdir: /opt/subspace
register: stats_os_upgrades
when: send_stats == true and stats_url is defined and stats_api_key is defined
tags:
- maintenance
- stats
- name: Send os_upgrades stats to URL
uri:
url: "{{stats_url}}"
method: POST
headers:
X-API-Version: 1
X-Client-Api-key: "{{stats_api_key}}"
body_format: json
body:
client_stat:
key: os_upgrades
value: "{{stats_os_upgrades.stdout}}"
hostname: "{{hostname}}"
when: send_stats == true and stats_url is defined and stats_api_key is defined
tags:
- maintenance
- stats
- name: Get os_security_upgrades stats
shell:
cmd: |
sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
grep 'security' | # Only lines matching 'security'
grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
awk '{s+=$1} END {print s}' # Sum all the lines
args:
chdir: /opt/subspace
register: stats_os_security_upgrades
when: send_stats == true and stats_url is defined and stats_api_key is defined
tags:
- maintenance
- stats
- name: Send os_security_upgrades stats to URL
uri:
url: "{{stats_url}}"
method: POST
headers:
X-API-Version: 1
X-Client-Api-key: "{{stats_api_key}}"
body_format: json
body:
client_stat:
key: os_security_upgrades
value: "{{stats_os_security_upgrades.stdout}}"
hostname: "{{hostname}}"
when: send_stats == true and stats_url is defined and stats_api_key is defined
tags:
- maintenance
- stats
- name: Clear updates.log
file:
path: /opt/subspace/updates.log
state: absent
when: send_stats == true and stats_url is defined and stats_api_key is defined
tags:
- maintenance
- stats
- name: set timezone to America/Chicago
timezone:
name: America/Chicago
tags:
- maintenance
- name: Add deploy user
user:
name: "{{deploy_user}}"
state: present
generate_ssh_key: yes
shell: /bin/bash
become: true
tags:
- maintenance
- name: Add deploy user to adm group so it can view logs in /var/log
user:
name: "{{deploy_user}}"
append: yes
groups: "adm"
become: true
tags:
- maintenance
- name: Add sudoers.d file so that deploy can restart services without entering password.
copy:
src: sudoers-service
dest: /etc/sudoers.d/service
become: true
tags:
- maintenance
- name: Update authorized_keys for deploy user
copy:
src: authorized_keys
dest: "/home/{{deploy_user}}/.ssh/authorized_keys"
owner: "{{deploy_user}}"
become: true
tags:
- authorized_keys
- maintenance
- name: Create directory to which to deploy
file:
path: /u/apps/{{project_name}}
owner: "{{deploy_user}}"
state: directory
become: true
tags:
- maintenance
- import_tasks: swap.yml