From f58e595383b6c36aab01be153e958c4c1ddc2f72 Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 25 Jun 2022 18:20:35 -0400 Subject: [PATCH] Begin deprecating fatman :( --- ansible/inventory.txt | 9 +- ansible/roles/common/tasks/FreeBSD.yml | 16 --- ansible/roles/common/tasks/FreeBSD_pki.yml | 111 ----------------- ansible/roles/consul_server/tasks/FreeBSD.yml | 114 ------------------ 4 files changed, 4 insertions(+), 246 deletions(-) delete mode 100644 ansible/roles/common/tasks/FreeBSD.yml delete mode 100644 ansible/roles/common/tasks/FreeBSD_pki.yml delete mode 100644 ansible/roles/consul_server/tasks/FreeBSD.yml diff --git a/ansible/inventory.txt b/ansible/inventory.txt index 0caafba..baf91fd 100644 --- a/ansible/inventory.txt +++ b/ansible/inventory.txt @@ -1,5 +1,4 @@ [all] -fatman.minhas.io hardtack[1:7].minhas.io ivyking.minhas.io ranger.minhas.io @@ -7,9 +6,9 @@ redwingcherokee.minhas.io sedan.minhas.io [consul_server] -fatman.minhas.io -ivyking.minhas.io sedan.minhas.io +ranger.minhas.io +hardtack1.minhas.io [haproxy] ivyking.minhas.io @@ -25,16 +24,16 @@ redwingcherokee.minhas.io [docker-repo] ivyking.minhas.io +sedan.minhas.io [nomad_client] -ivyking.minhas.io sedan.minhas.io [nomad_server] ranger.minhas.io [vault_server] -ivyking.minhas.io +ranger.minhas.io sedan.minhas.io [wekan] diff --git a/ansible/roles/common/tasks/FreeBSD.yml b/ansible/roles/common/tasks/FreeBSD.yml deleted file mode 100644 index 0168291..0000000 --- a/ansible/roles/common/tasks/FreeBSD.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Install default packages - pkgng: - name: "{{ packages }}" - vars: - packages: - - htop - - git - - gtar - - ncdu - - ntp - - screen - - tmux - - tree - - vim -... diff --git a/ansible/roles/common/tasks/FreeBSD_pki.yml b/ansible/roles/common/tasks/FreeBSD_pki.yml deleted file mode 100644 index 57ae6ba..0000000 --- a/ansible/roles/common/tasks/FreeBSD_pki.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -- name: ensure root cert exists - copy: - content: "{{ vault_ca_cert_payload }}" - dest: "/etc/ssl/certs/{{ vault_ca_cert_name }}" - mode: 0644 - owner: root - group: staff - register: root_ca - -- name: hash cert - shell: "openssl x509 -noout -hash -in /etc/ssl/certs/{{ vault_ca_cert_name }}" - when: root_ca.changed - register: root_ca_hash - failed_when: False - args: - executable: /usr/local/bin/bash - -- name: create hash symlink for cert - file: - state: link - src: "/etc/ssl/certs/{{ vault_ca_cert_name }}" - dest: "/etc/ssl/certs/{{ root_ca_hash.stdout }}" - when: root_ca_hash.changed - -- name: check vault version - shell: - cmd: "vault --version | head -1 | cut -d'v' -f2" - args: - executable: /usr/local/bin/bash - changed_when: False - failed_when: False - register: installed_vault_version - check_mode: False - -- name: get vault - unarchive: - src: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_freebsd_amd64.zip" - dest: /usr/local/bin/ - mode: 0755 - owner: root - group: staff - remote_src: True - when: (installed_vault_version.stdout is not defined) or (installed_vault_version.stdout != vault_version) - -- name: ensure pki cert directory - file: - path: /etc/pki/certs - state: directory - owner: root - group: staff - mode: 0755 - -- name: ensure main pki directory - file: - path: /etc/pki/keys - state: directory - owner: root - group: staff - mode: 0700 - -- name: ensure root cert exists for general use - copy: - content: "{{ vault_ca_cert_payload }}" - dest: "/etc/pki/certs/{{ vault_ca_cert_name }}" - mode: 0644 - owner: root - group: staff - register: root_ca - -- name: check if server cert is expiring in the next 5 days - shell: "openssl x509 -checkend 432000 -noout -in /etc/pki/certs/{{ inventory_hostname_short }}.crt" - args: - executable: /usr/local/bin/bash - failed_when: False - check_mode: False - changed_when: False - register: exp - -- name: get cert - shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name={{ inventory_hostname_short }}.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m" - args: - executable: /usr/local/bin/bash - environment: - VAULT_ADDR: https://vault.service.masked.name:8200 - VAULT_CACERT: /etc/ssl/certs/MaskedName_Root_CA.crt - VAULT_FORMAT: json - VAULT_TOKEN: "{{ lookup('file', lookup('env', 'HOME') + '/.vault-token') }}" - register: cert_data - when: exp.rc != 0 - -- name: write cert data to server - copy: - content: "{{ item.content }}" - dest: "/etc/pki/{{ item.path }}" - mode: '{{ item.mode }}' - owner: root - group: staff - when: cert_data.changed - loop: - - { - content: "{{ (cert_data.stdout | from_json).data.certificate }}", - path: "certs/{{ inventory_hostname_short }}.crt", - mode: "0755" - } - - { - content: "{{ (cert_data.stdout | from_json).data.private_key }}", - path: "keys/{{ inventory_hostname_short }}.key", - mode: "0600" - } -... diff --git a/ansible/roles/consul_server/tasks/FreeBSD.yml b/ansible/roles/consul_server/tasks/FreeBSD.yml deleted file mode 100644 index 5aca79d..0000000 --- a/ansible/roles/consul_server/tasks/FreeBSD.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -- name: ensure consul group - group: - name: consul - state: present - system: True - -- name: ensure consul user - user: - name: consul - state: present - group: consul - system: True - -- name: ensure consul config dir - file: - path: /usr/local/etc/consul.d/ - state: directory - owner: consul - group: consul - mode: 0755 - -- name: ensure consul config dir - file: - path: /usr/local/etc/consul.d/certs - state: directory - owner: consul - group: consul - mode: 0755 - -- name: check if server cert is expiring in the next 5 days - shell: "openssl x509 -checkend 432000 -noout -in /usr/local/etc/consul.d/certs/consul-server.pem" - args: - executable: /usr/local/bin/bash - failed_when: False - check_mode: False - changed_when: False - register: exp - -- name: get cert - shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m" - args: - executable: /usr/local/bin/bash - environment: - VAULT_ADDR: https://vault.service.masked.name:8200 - VAULT_CACERT: /etc/ssl/certs/MaskedName_Root_CA.crt - VAULT_FORMAT: json - VAULT_TOKEN: "{{ lookup('file', lookup('env', 'HOME') + '/.vault-token') }}" - register: cert_data - when: exp.rc != 0 - -- name: write cert data to server - copy: - content: "{{ item.content }}" - dest: "/usr/local/etc/consul.d/certs/{{ item.path }}" - mode: '{{ item.mode }}' - owner: consul - group: consul - when: cert_data.changed - loop: - - { - content: "{{ (cert_data.stdout | from_json).data.certificate }}", - path: "consul-server.pem", - mode: "0755" - } - - { - content: "{{ (cert_data.stdout | from_json).data.private_key }}", - path: "consul-server.key", - mode: "0600" - } - -- name: ensure consul data dir - file: - path: /opt/consul - state: directory - owner: consul - group: consul - mode: 0755 - -- name: check consul version - shell: - cmd: "consul --version | head -1 | cut -d'v' -f2" - args: - executable: /usr/local/bin/bash - changed_when: False - failed_when: False - register: installed_consul_version - check_mode: False - -- name: get consul - unarchive: - src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_freebsd_amd64.zip" - dest: /usr/local/bin/ - mode: 0755 - owner: root - group: consul - remote_src: True - when: installed_consul_version.stdout != consul_version - -- name: template consul config - template: - src: templates/consul.hcl.j2 - dest: /usr/local/etc/consul.d/consul.hcl - owner: root - group: consul - mode: 0750 - notify: restart_consul_fbsd - -- name: enable and start consul - service: - name: consul - state: started - enabled: True -...