--- # This playbook contains plays that will run on all nodes - name: Add docker key apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present - name: Add docker repo apt_repository: repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable state: present - name: Update apt apt: update_cache=yes #- name: Upgrade APT to the lastest packages # apt: upgrade=dist - name: Install standard programs apt: name={{ item }} state=present force=yes with_items: - htop - curl - openssh-server - git - rsync - zip - unzip - fail2ban - ntp - mysql-client - wget - nfs-common - docker-ce={{docker_ce_version_to_install}} - sshpass - ack-grep - dnsutils - nmon - build-essential - tmux - name: Add standard_user to docker group user: name: "{{ standard_user }}" groups: docker append: yes - name: Set authorized key took from url become: yes become_user: "{{ standard_user }}" authorized_key: user: "{{ standard_user }}" state: present key: "{{ home_pub_key }}" - git_config: name: user.name value: 'Jacob {{ standard_user }} Wimer' become: yes become_user: "{{ standard_user }}" - git_config: name: user.email value: 'jacob.wimer@gmail.com' become: yes become_user: "{{ standard_user }}" - name: Docker compose version get_url: url: https://github.com/docker/compose/releases/download/{{docker_compose_version_to_install}}/docker-compose-`uname -s`-`uname -m` dest: /usr/local/bin/docker-compose mode: 755 - name: Set timezone to NewYork timezone: name: America/New_York - name: Replace sudoers file template: src=../roles/common/templates/sudoers.j2 dest=/etc/sudoers - name: Replace docker daemon file template: src=../roles/common/templates/docker-daemon.json.j2 dest=/etc/docker/daemon.json register: dockerdaemon - name: Restart docker if daemon changes service: name: docker state: restarted when: dockerdaemon.changed - name: Creates directory file: path=/data state=directory - name: USB lab data in fstab lineinfile: dest=/etc/fstab regexp="^{{ nfs_location }}:/volumeUSB1" state=present line="{{ nfs_location }}:/volumeUSB1/usbshare/raw-files/fileserver/shares/lab-data /data nfs defaults 0 0" - name: Mount USB lab data directory mount: path: /data src: 10.0.0.150:/volumeUSB1/usbshare/raw-files/fileserver/shares/lab-data state: present fstype: nfs - name: test for swap partition shell: swapon -s | grep -E "^/" register: swapfile ignore_errors: yes - name: create swapfile when: swapfile|failed shell: fallocate -l 4G /swapfile - name: set swapfile permissions when: swapfile|failed file: path=/swapfile owner=root group=root mode=0600 - name: prepare swapfile when: swapfile|failed shell: mkswap /swapfile - name: enable swap when: swapfile|failed shell: swapon /swapfile - name: add swapfile when: swapfile|failed lineinfile: dest=/etc/fstab regexp="^/swapfile" state=present line="/swapfile none swap sw 0 0" - name: set swappiness (temporarily) when: swapfile|failed shell: echo 10 | tee /proc/sys/vm/swappiness - name: set swappiness (permanent) when: swapfile|failed lineinfile: dest=/etc/sysctl.conf regexp="^vm.swappiness" state=present line="vm.swappiness = 10" - name: set cache pressure (temporarily) when: swapfile|failed shell: echo 50 | tee /proc/sys/vm/vfs_cache_pressure - name: set cache pressure (permanent) when: swapfile|failed lineinfile: dest=/etc/sysctl.conf regexp="^vm.vfs_cache_pressure" state=present line="vm.vfs_cache_pressure = 50"