- name: "Update apt package cache"
ansible.builtin.apt:
update_cache: yes
when: ansible_facts["os_family"]=="Debian"
- name: "Upgrade all packages to the latest version"
ansible.builtin.apt:
upgrade: dist
when: ansible_facts["os_family"]=="Debian"
- name: "Install common packages"
package:
name: "{{ list_of_packages }}"
state: latest
- name: "Remove packages"
package:
name: "{{ list_of_packages_to_remove }}"
state: absent
- name: "Install Redhat Packages"
yum:
name: "{{ list_of_redhat_packages }}"
state: latest
when: ansible_facts["os_family"]=="RedHat"
- name: "Install Debian Packages"
apt:
name: "{{ list_of_debian_packages }}"
force_apt_get: yes
state: latest
when: ansible_facts["os_family"]=="Debian"
- name: "Link python3 to python since Ubuntu 22.04 doesn't create python."
file:
src: /usr/bin/python3
dest: /usr/bin/python
state: link
ignore_errors: true
- name: "Setup the dummy interface"
block:
- name: "Add the dummy module file for reboots"
copy:
content: "dummy"
dest: "/etc/modules-load.d/dummy.conf"
owner: "root"
group: "root"
mode: '0644'
when: ansible_facts["os_family"]=="RedHat"
- name: "Add the dummy module"
modprobe:
name: "dummy"
state: "present"
when: ansible_facts["os_family"]=="RedHat"
- name: "Setup dummy interface for perforce license (RedHat)"
copy:
src: "./ifcfg-dummy0"
dest: "/etc/sysconfig/network-scripts/ifcfg-dummy0"
owner: "root"
group: "root"
mode: '0644'
when: ansible_facts["os_family"]=="RedHat"
- name: "Start the dummy interface"
command: "ifup dummy0"
when: ansible_facts["os_family"]=="RedHat"
- name: "Setup dummy netdev for perforce license (Debian)"
copy:
src: "./10-dummy0.netdev"
dest: "/etc/systemd/network/10-dummy0.netdev"
owner: "root"
group: "root"
mode: '0644'
when: ansible_facts["os_family"]=="Debian"
- name: "Setup dummy network for perforce license (Debian)"
copy:
src: "./20-dummy0.network"
dest: "/etc/systemd/network/20-dummy0.network"
owner: "root"
group: "root"
mode: '0644'
when: ansible_facts["os_family"]=="Debian"
- name: "Restart systemd-networkd"
ansible.builtin.systemd:
name: "{{ item }}"
state: restarted
loop:
- systemd-networkd
- systemd-resolved
when: ansible_facts["os_family"]=="Debian"
when: dummy_interface
- name: "Pause to give DNS a chance to recover."
pause:
seconds: 15
when: dummy_interface
- name: "Exclude p4d_1 and p4broker_1 from being auto restarted"
copy:
src: "./policy-rc.d"
dest: "/usr/sbin/policy-rc.d"
owner: "root"
group: "root"
- name: "Add recommended settings for Ubuntu to sysctl.conf"
blockinfile:
path: "/etc/sysctl.conf"
insertafter: "EOF"
block: |
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_window_scaling = 1
# allow testing with buffers up to 128MB
net.core.rmem_max = 62500000
net.core.wmem_max = 62500000
# increase Linux autotuning TCP buffer limit to 64MB
net.ipv4.tcp_rmem = 4096 87380 62500000
net.ipv4.tcp_wmem = 4096 16384 62500000
# recommended for hosts with jumbo frames enabled
net.ipv4.tcp_mtu_probing = 1
# recommended to enable 'fair queueing'
net.core.default_qdisc = fq
notify: "restart_sysctl"
when: ansible_facts["os_family"]=="Debian"
# "Set up tuned to disable transparent pages"
- name: "Install tuned"
yum:
name: "tuned"
state: "latest"
when: ansible_facts["os_family"]=="RedHat"
- name: "Create tuned nothp_profile directory"
file:
path: '/etc/tuned/nothp_profile'
state: "directory"
mode: "0755"
owner: 'root'
group: 'root'
when: ansible_facts["os_family"]=="RedHat"
- name: "Setup nothp_profile tuned.conf file"
copy:
src: "./nothp_profile_tuned.conf"
dest: "/etc/tuned/nothp_profile/tuned.conf"
owner: "root"
group: "root"
mode: '0755'
when: ansible_facts["os_family"]=="RedHat"
- name: "Disable transparent huge pages"
copy:
src: "./disable-thp.service"
dest: "/etc/systemd/system/disable-thp.service"
owner: "root"
group: "root"
mode: '0755'
notify: "start_thp"
when: ansible_facts["os_family"]=="Debian"
# Set up perforce user/group
- name: "Create Perforce group"
group:
name: "{{ perforce_group }}"
gid: "{{ perforce_gid }}"
- name: "Create Perforce user"
user:
name: "{{ perforce_user }}"
uid: "{{ perforce_uid }}"
comment: "Perforce user"
group: "{{ perforce_group }}"
system: true
generate_ssh_key: no
home: "/p4"
shell: "/bin/bash"
password: "{{ perforce_user_password }}"
- name: "Create .ssh folder"
file:
state: directory
path: "/p4/.ssh"
owner: "{{ perforce_user }}"
group: "{{ perforce_group }}"
mode: "0700"
- name: "Create or modify known_hosts file"
file:
state: "touch"
path: "/p4/.ssh/known_hosts"
owner: "{{ perforce_user }}"
group: "{{ perforce_group }}"
mode: "0600"
- name: Copy ssh configuration file.
copy:
src: ./ssh_config
dest: /p4/.ssh/config
owner: "{{ perforce_user }}"
group: "{{ perforce_group }}"
mode: '0600'
- name: "Add .vimrc settings"
blockinfile:
create: yes
path: "/p4/.vimrc"
insertafter: "EOF"
owner: "{{ perforce_user }}"
group: "{{ perforce_group }}"
marker: '" {mark} ANSIBLE MANAGED BLOCK'
block: |
colorscheme industry
set nocompatible
set backspace=2
# Set up ansibleuser user/group
- name: "Create ansibleuser group"
group:
name: ansibleuser
- name: "Create ansibleuser user"
user:
name: ansibleuser
comment: "Ansible User for management"
group: ansibleuser
system: false
generate_ssh_key: yes
home: /home/ansibleuser
shell: /bin/bash
password: ""
force: yes
update_password: on_create
- name: "add ansibleuser to appropriate sudo group"
user:
name: ansibleuser
groups: "{{ 'sudo' if ansible_facts['os_family'] == 'Debian' else 'wheel' }}"
append: yes
- name: "Setup ansibleuser sudo file"
copy:
content: "ansibleuser ALL=(ALL:ALL) NOPASSWD:ALL\n"
dest: "/etc/sudoers.d/ansibleuser"
mode: "0440"
owner: "root"
group: "root"
- name: "Setup additional admin sudo files"
copy:
content: "{{ item }} ALL=(ALL:ALL) NOPASSWD:ALL\n"
dest: "/etc/sudoers.d/{{ item }}"
mode: "0440"
owner: "root"
group: "root"
loop: "{{ admin_users | default([]) }}"
- name: "Install pyenv"
become: yes
become_user: perforce
shell: "curl -fsSL https://pyenv.run | bash"
args:
executable: "/bin/bash"
creates: "/p4/.pyenv/bin/pyenv"
register: "curl_pyenv_output"
- name: "Add Pyenv to perforce user bashrc"
become: yes
become_user: perforce
blockinfile:
path: "/p4/.bashrc"
owner: "{{ perforce_user }}"
group: "{{ perforce_group }}"
prepend_newline: true
insertafter: EOF
create: true
block: |
export PATH="${HOME}/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
- name: "Add Pyenv to perforce user profile"
become: yes
become_user: perforce
blockinfile:
path: "/p4/.profile"
owner: "{{ perforce_user }}"
group: "{{ perforce_group }}"
prepend_newline: true
insertafter: EOF
create: true
block: |
export PATH="${HOME}/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
- name: "Get latest Python version available in pyenv"
become: yes
become_user: perforce
shell: "/p4/.pyenv/bin/pyenv install --list | grep -E '^\\s+3\\.[0-9]+\\.[0-9]+$' | tail -1 | tr -d ' '"
args:
executable: "bash"
register: "latest_python_version"
changed_when: false
- name: "Install latest Python ({{ latest_python_version.stdout | default('N/A') }}) and set environment using pyenv"
become: yes
become_user: perforce
shell: "echo N|/p4/.pyenv/bin/pyenv install {{ latest_python_version.stdout }};/p4/.pyenv/bin/pyenv global {{ latest_python_version.stdout }}"
args:
executable: "bash"
register: "pyenv_python_output"
- name: "Install p4python"
become: yes
become_user: perforce
shell: "source /p4/.profile;source /p4/.bashrc;pip3 install --upgrade pip;pip3 install p4python"
args:
executable: "bash"
register: "pyenv_p4python_output"
- name: "Create the p4python/bin directory"
ansible.builtin.file:
path: /p4/p4python/bin
state: directory
mode: '0755'
owner: "{{ perforce_user }}"
group: "{{ perforce_group }}"
- name: "Link python3 to old venv python3 location to avoid trigger breaks."
file:
src: /p4/.pyenv/shims/python3
dest: /p4/p4python/bin/python3
state: link
force: true
owner: "{{ perforce_user }}"
group: "{{ perforce_group }}"
ignore_errors: true
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #5 | 32510 | Russell C. Jackson (Rusty) |
Fix template error when latest_python_version.stdout is undefined Add default('N/A') filter to handle case where the 'Get latest Python version' task is skipped due to update_dependencies being false, which leaves latest_python_version without a stdout attribute. |
||
| #4 | 32496 | Russell C. Jackson (Rusty) |
Update pyenv to install latest Python version dynamically and rewrite README with comprehensive documentation - Changed dependencies.yml to query pyenv for the latest stable Python 3.x instead of hardcoding 3.13.2 - Rewrote README.md with full documentation covering: what gets installed, files that must be replaced (SSL certs, license, SSH key), passwords and secrets that need changing, inventory configuration, helper scripts, server types, monitoring, and cron schedules |
||
| #3 | 32493 | Russell C. Jackson (Rusty) | Created some dummy files to allow the install to run. | ||
| #2 | 32492 | Russell C. Jackson (Rusty) |
Fix bugs, remove orphaned files, and apply best practices to ansible-sdp - Fix broken Jinja2 filter syntax (|bool|) in main-playbook.yml - Fix target_server logic comparing string literals instead of variables - Fix package install failing on RedHat due to missing OS family guard - Split packages into OS-agnostic and Debian-specific lists, remove duplicates - Switch all binary downloads from HTTP to HTTPS - Remove 7 orphaned files (unused templates, scripts, configs) - Replace hardcoded emails in cron with template variables - Fix inconsistent journal rotations (06:00/08:00) to use rotate_journal.sh - Parameterize admin sudoers and perforce user password - Fix ansible.cfg malformed vars block - Fix ansibleuser sudo group for RedHat (wheel) vs Debian (sudo) - Remove redundant triple broker start/restart in install.yml - Replace shell sed with ansible.builtin.replace in monitoring role - Fix duplicate handler and undefined variable in monitoring handlers - Use notify handlers instead of inline commands for sysctl/THP - Add idempotency (creates:) to pyenv install |
||
| #1 | 32488 | Russell C. Jackson (Rusty) | Ansible scaffolding for the sdp - Needs work. |