-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathos_install.yml
162 lines (150 loc) · 4.32 KB
/
os_install.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
- name: Prepare the OS for installing the ST nodes
hosts: ST_NODES
become: true
vars_files:
- files/external_vars.yml
- files/services_vars.yml
pre_tasks:
- name: Install dependencies
become: true
ansible.builtin.dnf:
name:
- glibc
- glibc-langpack-en
- libxml2
- libxslt
- zlib
- libaio
- nfs-utils
- telnet
- nfs4-acl-tools
- python3-lxml
- python3-psycopg2
state: present
update_cache: true
# this is not needed atm, but I will eventually create playbooks to work for all OS-es so this is just a prep - HS
when:
ansible_os_family == 'RedHat'
tags:
- rhel_prep
- name: Remove AV
become: true
ansible.builtin.dnf:
name:
- xarg
state: absent
update_cache: true
# this is not needed atm, but I will eventually create playbooks to work for all OS-es so this is just a prep - HS
when:
ansible_os_family == 'RedHat'
tags:
- rhel_prep
- name: Create Axway group for non-root install
become: true
ansible.builtin.group:
name: "{{ ST_GROUP }}"
state: present
gid: "{{ ST_GROUP_GID }}"
tags:
- rhel_prep
- name: Create Axway user for non-root install
become: true
ansible.builtin.user:
name: "{{ ST_USER }}"
group: "{{ ST_GROUP }}"
state: present
comment: Account for SecureTransport
uid: "{{ ST_USER_UID }}"
createhome: true
tags:
- rhel_prep
- name: Create New Folders
become: true
ansible.builtin.file:
path: "{{ item }}"
owner: "{{ ST_USER }}"
group: "{{ ST_GROUP }}"
mode: '0750'
state: directory
loop:
- "{{ INSTALLER_DIR }}"
- "{{ INSTALLER_DIR }}/JRE"
- "{{ INSTALLER_DIR }}/ServiceUnitFiles"
when:
- ansible_os_family == 'RedHat'
tags:
- rhel_prep
- name: Create folder for mountpoint on core
ansible.builtin.file:
path: "{{ ST_MOUNTPOINT }}"
owner: "{{ ST_USER }}"
group: "{{ ST_GROUP }}"
mode: '0777'
state: directory
when:
- inventory_hostname in groups["cores"]
- ansible_os_family == 'RedHat'
tags:
- rhel_prep
- name: Stop service firewalld, if started
# Note: for production environments, you want to add nfs:tcp as an exception instead
ansible.builtin.service:
name: firewalld
state: stopped
enabled: False
- name: Mount an NFS volume for shared folders
ansible.posix.mount:
src: "{{ storage_hostname }}:{{ share }}"
path: "{{ ST_MOUNTPOINT }}"
opts: rw,vers=3,sync,actimeo=1,rsize=1048576,wsize=1048576
# Make sure no_wdelay, no_root_squash are options in /etc/exports
state: mounted
fstype: nfs
backup: true
when:
- inventory_hostname in groups["cores"]
tags:
- rhel_prep
- debug
- name: Configure sysctl.conf
become: true
ansible.builtin.blockinfile:
path: /etc/sysctl.conf
block: |
net.core.rmem_max=2096304
net.core.wmem_max=2096304
net.ipv4.tcp_moderate_rcvbuf=1
fs.file-max = 65536
notify:
- Apply_sysctl
tags:
- rhel_prep
# - name: Set SELinux permissions on binaries
# community.general.sefcontext:
# target: "{{ AXWAY_HOME }}"
# setype: bin_t
# tags:
# - selinux
# - name: Reload SELinux policy to ensure that ts3server is executable
# ansible.builtin.command: restorecon -irv {{ AXWAY_HOME }}
# tags:
# - selinux
handlers:
- name: Apply_sysctl
become: true
become_user: root
ansible.builtin.command: "sysctl -p"
changed_when: true
- name: reload systemd # noqa: name[casing]
become: true
become_user: root
ansible.builtin.systemd:
daemon_reload: true
- name: Reboot host and wait for it to restart
ansible.builtin.reboot:
msg: "Reboot initiated by Ansible"
connect_timeout: 5
reboot_timeout: 600
pre_reboot_delay: 0
post_reboot_delay: 30
test_command: whoami