updated image of vaultwarden from 1.30.1 to 1.32.7

basics.yaml

@@ -3,34 +3,36 @@
         name: "{{ inventory_hostname }}"
         use: systemd
 
-    - name: set up DNS
+    - name: set root password
-      lineinfile:
+      ansible.builtin.user:
-        path: /etc/resolv.conf
+        name: root
-        search_string: 'nameserver 10.50.4.8'
+        password: "{{ root_pass | password_hash('sha512')}}"
-        line: "nameserver {{ DNS_address }}"
 
-    - name: download asc and cephadm for ceph
+    - name: set date and time manually to be able to interact with repo=
-      get_url:
+      command: "{{ item }}"
-        url: "{{ item.url }}"
+      loop:
+        - date -s "{{ now(utc=true,fmt='%Y-%m-%d %H:%M:%S') }}"
+        - hwclock --systohc
+
+    - import_role:
+        name: ansible-netplan
+
+    - name: update repos sources|sshd_config|repo_key
+      ansible.builtin.copy:
+        src: "{{ item.name }}"
         dest: "{{ item.dest }}"
       loop:
-        - { url: "https://nexus.test.repo.int.nt-com.ru/repository/keys/ceph/release.asc", dest: "/tmp" }
+        - {name: ceph.list,dest: /etc/apt/sources.list.d/ceph.list}
+        - {name: sshd_config,dest: /etc/ssh/sshd_config}
+        - {name: ceph.gpg,dest: /usr/share/keyrings/ceph.gpg}
 
-    - name: Delete previously install ceph.gpg
+    - name: Templating sources lists
-      file:
+      ansible.builtin.template:
-        path: /usr/share/keyrings/ceph.gpg
+        src: "{{ item.name }}"
-        state: absent
+        dest: "{{ item.dest }}"
-
+      loop:
-    - name: import downloaded asc
+        - { name: sources.list.j2,dest: /etc/apt/sources.list }
-      shell:
+        - { name: ceph.list.j2,dest: /etc/apt/sources.list.d/ceph.list }
-        chdir: /tmp
-        cmd: echo y | gpg -o /usr/share/keyrings/ceph.gpg --dearmor release.asc;
-
-    - name: Add ceph repo
-      apt_repository:
-        filename: ceph
-        repo: "deb [signed-by=/usr/share/keyrings/ceph.gpg] {{ ceph_repo }} {{ ansible_distribution_release }} main"
-        state: present
 
     - name: install packages
       apt:
@@ -43,14 +45,18 @@
           - mc
           - linux-tools-common
           - linux-tools-`uname -r`
+          - ipmitool
         state: present
+        update_cache: yes
 
     - name: Setup ntp client
       template:
         src: chrony.yaml.j2
         dest: /etc/chrony/chrony.conf
-      notify:
+
-        - ceph-rollout:restart_chrony
+    - name: setup ipmi
+      import_role:
+        name: ansible-ipmitool
 
     - name: Templating cluster settings files
       template:
@@ -64,30 +70,10 @@
       run_once: true
       delegate_to: "{{ ansible_play_hosts[0] }}"
 
-    - name: Templating sshd config to enable password and root
+    - name: restart_services
-      template:
+      ansible.builtin.systemd:
-        src:  "{{ item.name }}"
+        state: restarted
-        dest: "{{ item.dest }}"
+        name: "{{ item }}"
-        trim_blocks: true
-        lstrip_blocks: true
       loop:
-        - { name: "sshd_config.j2", dest: "/etc/ssh/sshd_config"}
+        - sshd
-      notify:
+        - chronyd
-        - ceph-rollout:restart_sshd
-
-    - name: set root password
-      user:
-        name: root
-        password: "{{ '12345' | password_hash('sha512') }}"
-
-
-    # UNCOMMENT ONLY IN CASE OF NO ACCESS TO REPOS AND CANNOT DOWNLOAD CEPHADM
-    #    - name: copy onto target host
-    #      copy:
-    #        src: "cephadm"
-    #        dest: "/root/cephadm"
-    #        mode: '0777'
-    #      delegate_to: "{{ ansible_play_hosts[0] }}"
-
-    - name: Flush restart handlers
-      meta: flush_handlers

pre-deploy.yml

@@ -4,22 +4,25 @@
   become: true
   gather_facts: true
   diff: true
+  vars_files:
+    - pass.yaml #encrypted pass for root
   vars:
-    ceph_repo: "http://nexus.test.repo.int.nt-com.ru/repository/ceph-squid/"
+    ceph_repo: "http://repo.infra.mts/debian-squid"
-    image_registry: "harbor.test.registry.int.nt-com.ru/proxy-quay"
+    ubuntu_repo: "http://repo.infra.mts/ubuntu/"
-    prometheus_tag: "v3.0.0"
+    image_registry: "harbor.infra.mts/ceph"
-    node_exporter_tag: "v1.8.2"
+    prometheus_tag: "v3.1.0"
+    node_exporter_tag: "v1.5.0"
     grafana_tag: "9.4.12"
     alertmanager_tag: "v0.27.0"
-    ntp_server: "ntp.int.nt-com.ru"
+#    ntp_server: "ntp.int.nt-com.ru"
-    first_mon_ip: "10.50.8.97"
+    first_mon_ip: "10.190.32.78"
 #    cluster_network: "10.63.0.0/24"
     public_network: "10.50.8.0/24"
     CEPH_RELEASE: '19.2.0'
     initial_dashboard_user: 'admin'
     initial_dashboard_password: 'qweqwe'
     allow_fqdn_hostname: 'true'
-    DNS_address: "10.50.8.51"
+#    DNS_address: "10.50.8.51"
   tasks:
     - name: basic setups
       import_tasks:
@@ -41,17 +44,3 @@
           --apply-spec /root/cluster_spec.yml --config /root/initial-ceph.conf --allow-fqdn-hostname"
       when:
         - cluster_network is defined
-
-
-  handlers:
-    - name: ceph-rollout:restart_chrony
-      ansible.builtin.systemd_service:
-        state: restarted
-        name: chronyd
-#      listen: "restart chronyd service"
-    - name: ceph-rollout:restart_sshd
-      ansible.builtin.systemd_service:
-        state: restarted
-        name: sshd
-#      listen: "restart sshd service"
-

templates/ceph.list.j2

@@ -0,0 +1 @@
+deb [signed-by=/usr/share/keyrings/ceph.gpg] "{{ ceph_repo }}" jammy main

templates/chrony.yaml.j2

@@ -17,11 +17,8 @@ confdir /etc/chrony/conf.d
 # About using servers from the NTP Pool Project in general see (LP: #104525).
 # Approved by Ubuntu Technical Board on 2011-02-08.
 # See http://www.pool.ntp.org/join.html for more information.
-server {{ ntp_server }} iburst prefer
+server {{ ntp_server }} iburst
-#pool ntp.ubuntu.com        iburst maxsources 4
+
-#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
-#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
-#pool 2.ubuntu.pool.ntp.org iburst maxsources 2
 
 # Use time sources from DHCP.
 sourcedir /run/chrony-dhcp

templates/sources.list.j2

@@ -0,0 +1,42 @@
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution.
+deb "{{ ubuntu_repo }}" jammy main restricted
+# deb-src "{{ ubuntu_repo }}" jammy main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb "{{ ubuntu_repo }}" jammy-updates main restricted
+# deb-src "{{ ubuntu_repo }}" jammy-updates main restricted
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team. Also, please note that software in universe WILL NOT receive any
+## review or updates from the Ubuntu security team.
+deb "{{ ubuntu_repo }}" jammy universe
+# deb-src "{{ ubuntu_repo }}" jammy universe
+deb "{{ ubuntu_repo }}" jammy-updates universe
+# deb-src "{{ ubuntu_repo }}" jammy-updates universe
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team, and may not be under a free licence. Please satisfy yourself as to
+## your rights to use the software. Also, please note that software in
+## multiverse WILL NOT receive any review or updates from the Ubuntu
+## security team.
+deb "{{ ubuntu_repo }}" jammy multiverse
+# deb-src "{{ ubuntu_repo }}" jammy multiverse
+deb "{{ ubuntu_repo }}" jammy-updates multiverse
+# deb-src "{{ ubuntu_repo }}" jammy-updates multiverse
+
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team.
+deb "{{ ubuntu_repo }}" jammy-backports main restricted universe multiverse
+# deb-src "{{ ubuntu_repo }}" jammy-backports main restricted universe multiverse
+
+#deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted
+# deb-src http://security.ubuntu.com/ubuntu/ jammy-security main restricted
+#deb http://security.ubuntu.com/ubuntu/ jammy-security universe
+# deb-src http://security.ubuntu.com/ubuntu/ jammy-security universe
+#deb http://security.ubuntu.com/ubuntu/ jammy-security multiverse
+# deb-src http://security.ubuntu.com/ubuntu/ jammy-security multiverse