Update VM bootstrap configuration

playbook/group_vars/all

 ---
 
 base_open_build_url: http://download.opensuse.org/repositories/home:/VIFIBnexedi/
+
+is_ubuntu: "'{{ ansible_distribution }}' == 'Ubuntu'"
+is_debian: "'{{ ansible_distribution }}' == 'Debian'"
+is_debian_or_ubuntu: "'{{ ansible_distribution }}' in ['Ubuntu', 'Debian']"
+is_centos: "'{{ ansible_distribution }}' == 'CentOS'"
+is_ubuntu_precise: "{{ is_ubuntu }} and '{{ ansible_distribution_release }}' == 'precise'"
+is_ubuntu_raring: "{{ is_ubuntu }} and '{{ ansible_distribution_release }}' == 'raring'"
+is_ubuntu_trusty: "{{ is_ubuntu }} and '{{ ansible_distribution_release }}' == 'trusty'"
+is_redhat: "{{ ansible_os_family }} == 'RedHat'"
+

playbook/imt-vm-bootstrap.yml

@@ -4,7 +4,25 @@
 
   roles:
     - vm-bootstrap
+    - ntp
     - { role: vm-disks, vd_disk: b, data_n: 1 } 
     - { role: vm-disks, vd_disk: c, data_n: 2 } 
     - { role: vm-disks, vd_disk: d, data_n: 3 } 
+    - { role: vm-disks, vd_disk: e, data_n: 4 } 
+    - { role: vm-disks, vd_disk: f, data_n: 5 } 
+    - { role: vm-disks, vd_disk: g, data_n: 6 } 
+    - { role: vm-disks, vd_disk: h, data_n: 7 } 
+    - { role: vm-disks, vd_disk: i, data_n: 8 } 
+    - { role: vm-disks, vd_disk: j, data_n: 9 } 
+    - { role: vm-disks, vd_disk: k, data_n: 10 } 
+    - { role: vm-disks, vd_disk: l, data_n: 11 } 
+    - { role: vm-disks, vd_disk: m, data_n: 12 } 
+    - { role: vm-disks, vd_disk: n, data_n: 12 } 
+    - { role: vm-disks, vd_disk: o, data_n: 12 } 
+    - { role: vm-disks, vd_disk: p, data_n: 12 } 
+    - { role: vm-disks, vd_disk: q, data_n: 12 } 
+    - { role: vm-disks, vd_disk: r, data_n: 12 } 
+    - { role: vm-disks, vd_disk: s, data_n: 12 } 
+    - { role: vm-disks, vd_disk: t, data_n: 12 } 
+    - { role: vm-disks, vd_disk: u, data_n: 12 } 
 

playbook/roles/ntp/handlers/main.yml

+---
+
+ - name: restart ntpd
+   service: name=ntpd state=restarted

playbook/roles/ntp/tasks/main.yml

@@ -9,4 +9,4 @@
     when: ansible_os_family == "RedHat"
 
   - name: ensure ntp is runing
-    service: name=ntp state=started enabled=yes
+    service: name=ntp state=running enabled=yes

playbook/roles/vm-bootstrap/tasks/hostname.yml

+---
+
+  - name: Download hostname
+    get_url: url=http://10.0.2.100/hostname dest=/etc/opt/hostname mode=666
+    ignore_errors: True
+
+  - name: Download ipv4
+    get_url: url=http://10.0.2.100/ipv4 dest=/etc/opt/ipv4 mode=666
+    ignore_errors: True
+
+  - name: stat /etc/opt/hostname
+    stat: path=/etc/opt/hostname
+    register: hostname_file
+
+  - name: stat /etc/opt/ipv4
+    stat: path=/etc/opt/ipv4
+    register: ipv4_file
+
+  - name: replace /etc/hostname
+    copy: src=/etc/opt/hostname dest=/etc/hostname mode=666
+    when: hostname_file.stat.exists == True
+
+  - name: update hostname
+    command: hostname -F /etc/hostname
+    when: hostname_file.stat.exists == True
+
+  - name: managing hosts file 
+    lineinfile: dest=/etc/hosts regexp="^127.0.1.1" line=""
+    when: hostname_file.stat.exists == True
+
+  - name: setting hosts special line
+    lineinfile: dest=/etc/hosts line="{{ lookup('file', '/etc/opt/ipv4') }}  {{ lookup('file', '/etc/opt/hostname') }}.tl.teralab-datascience.fr {{ lookup('file', '/etc/opt/hostname') }}" 
+    when: hostname_file.stat.exists == True
+
+  - name: managing resolv.conf file
+    lineinfile: dest=/etc/resolv.conf line="search tl.teralab-datascience.fr"
+

playbook/roles/vm-bootstrap/tasks/main.yml

@@ -4,6 +4,7 @@
 
   - name: Download configuration
     get_url: url=http://10.0.2.100/netconfig.sh dest=/etc/opt/netconfig.sh mode=755
+    ignore_errors: True
 
   - name: stat /etc/opt/netconfig.sh
     stat: path=/etc/opt/netconfig.sh
@@ -18,18 +19,7 @@
     when: netconfig_file.stat.exists == True
     ignore_errors: True
 
-  - name: Create ~/.ssh
-    file: path=/root/.ssh state=directory mode=700
-
-  - name: Download ssh authorized keys
-    get_url: url=http://10.0.2.100/authorized_keys dest=/root/.ssh/authorized_keys.download mode=755
-    ignore_errors: True
-
-  - name: stat /root/.ssh/authorized_keys.download
-    stat: path=/root/.ssh/authorized_keys.download
-    register: authorized_keys
-
-  - name: replace /root/.ssh/authorized_keys
-    copy: src=/root/.ssh/authorized_keys.download dest=/root/.ssh/authorized_keys mode=755
-    when: authorized_keys.stat.exists == True  
-
+  - include: hostname.yml
+  - include: user.yml
+  - include: sudo.yml
+  - include: ssh.yml

playbook/roles/vm-bootstrap/tasks/ssh.yml

+---
+  - name: Create ~/.ssh
+    file: path=/root/.ssh state=directory mode=700
+
+  - name: Create /home/netadmin/.ssh
+    file: path=/home/netadmin/.ssh state=directory mode=700
+
+  - name: Download ssh authorized keys
+    get_url: url=http://10.0.2.100/authorized_keys dest=/root/.ssh/authorized_keys.download mode=755
+    ignore_errors: True
+
+  - name: stat /root/.ssh/authorized_keys.download
+    stat: path=/root/.ssh/authorized_keys.download
+    register: authorized_keys
+
+  - name: replace /root/.ssh/authorized_keys
+    copy: src=/root/.ssh/authorized_keys.download dest=/root/.ssh/authorized_keys mode=755
+    when: authorized_keys.stat.exists == True
+
+  - name: replace /home/netadmin/.ssh/authorized_keys
+    copy: src=/root/.ssh/authorized_keys.download dest=/home/netadmin/.ssh/authorized_keys mode=755
+    when: authorized_keys.stat.exists == True
+
+  - name: update /etc/ssh/sshd_config
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (?!no)" line="PermitRootLogin no"
+
+  - name: update /etc/ssh/sshd_config
+    lineinfile: dest=/etc/ssh/sshd_config line="PermitRootLogin no"

playbook/roles/vm-bootstrap/tasks/sudo.yml

+---
+  - name: Ensure /etc/sudoers.d directory is present
+    file: path=/etc/sudoers.d state=directory
+
+  - name: Ensure /etc/sudoers.d is scanned by sudo
+    action: lineinfile dest=/etc/sudoers regexp="#includedir\s+/etc/sudoers.d" line="includedir /etc/sudoers.d"
+
+  - name: Add hadoop user to the sudoers
+    lineinfile: dest=/etc/sudoers.d/netadmin state=present create=yes regexp="netadmin .*" line="netadmin ALL=(root)  NOPASSWD:ALL"
+
+  - name: Ensure /etc/sudoers.d/netadmin file has correct permissions
+    action: file path=/etc/sudoers.d/netadmin mode=0440 state=file owner=root group=root

playbook/roles/vm-bootstrap/tasks/user.yml

+---
+
+  - name: create netadmin
+    user: name=netadmin shell=/bin/bash groups=root
+
+  - name: remove other unwanted users
+    user: name={{ item }} state=absent
+    with_items:
+      - slapos
+      - nexedi
+