Imported ansible common tasks.

12 files changed, 238 insertions, 0 deletions

diff --git a/ansible/common/README b/ansible/common/README
new file mode 100644
index 0000000..07a0b26
--- /dev/null
+++ b/ansible/common/README
@@ -0,0 +1,42 @@
+Linaro Ansible Common
+=====================
+
+A container for a common Ansible role. This is meant to be used as a subtree
+when starting to work on a new ansible playbook.
+
+The prefix where this should be stored is under roles/common/ in a role-based
+playbook. From the playbook, then just use the "common" role.
+
+To include it:
+
+    git remote add ansible_common $PATH_TO_THIS_REPO
+    git fetch ansible_common
+    git read-tree --prefix=common/ -u ansible_common
+
+Then commit normally.
+
+Alternatively, you can use it as an external source for a role. In this case
+you need to tell Ansible where to look for roles. Please refer to Ansible
+documentation.
+
+What's Included
+===============
+
+Apache Handlers
+---------------
+
+Common Apache2 handlers are include:
+ * start-apache
+ * stop-apache
+ * started-apache
+ * reload-apache
+ * restart-apache
+
+Other handlers might be include, look at the handlers/ folder.
+
+Tasks
+-----
+
+Some default tasks that should be run on all system.
+Look at the tasks/ folder for more information, and at each tasks to see which
+are the possible needed default variable names.
diff --git a/ansible/common/files/sysctl.conf b/ansible/common/files/sysctl.conf
new file mode 100644
index 0000000..c9ee851
--- /dev/null
+++ b/ansible/common/files/sysctl.conf
@@ -0,0 +1,28 @@
+# Managed via ansible, do not edit!
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables
+# See sysctl.conf (5) for information.
+#
+
+net.core.wmem_max=12582912
+net.core.rmem_max=12582912
+net.core.netdev_max_backlog = 5000
+
+net.ipv4.tcp_timestamps = 1
+net.ipv4.tcp_sack = 1
+net.ipv4.tcp_no_metrics_save = 1
+net.ipv4.tcp_slow_start_after_idle = 0
+net.ipv4.tcp_rmem= 10240 87380 12582912
+net.ipv4.tcp_wmem= 10240 87380 12582912
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+net.ipv4.conf.default.rp_filter = 1
+net.ipv4.conf.all.rp_filter = 1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+net.ipv4.tcp_syncookies = 1
diff --git a/ansible/common/handlers/main.yml b/ansible/common/handlers/main.yml
new file mode 100644
index 0000000..9862b0a
--- /dev/null
+++ b/ansible/common/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- include: reload-apache.yml
+- include: stop-apache.yml
+- include: started-apache.yml
+- include: restart-apache.yml
diff --git a/ansible/common/handlers/reload-apache.yml b/ansible/common/handlers/reload-apache.yml
new file mode 100644
index 0000000..630dcb2
--- /dev/null
+++ b/ansible/common/handlers/reload-apache.yml
@@ -0,0 +1,3 @@
+---
+- name: reload-apache
+  service: name=apache2 state=reloaded
diff --git a/ansible/common/handlers/restart-apache.yml b/ansible/common/handlers/restart-apache.yml
new file mode 100644
index 0000000..34acdc4
--- /dev/null
+++ b/ansible/common/handlers/restart-apache.yml
@@ -0,0 +1,3 @@
+---
+- name: restart-apache
+  service: name=apache2 state=restarted
diff --git a/ansible/common/handlers/started-apache.yml b/ansible/common/handlers/started-apache.yml
new file mode 100644
index 0000000..f45ee21
--- /dev/null
+++ b/ansible/common/handlers/started-apache.yml
@@ -0,0 +1,3 @@
+---
+- name: started-apache
+  service: name=apache2 state=started
diff --git a/ansible/common/handlers/stop-apache.yml b/ansible/common/handlers/stop-apache.yml
new file mode 100644
index 0000000..6bf18e8
--- /dev/null
+++ b/ansible/common/handlers/stop-apache.yml
@@ -0,0 +1,3 @@
+---
+- name: stop-apache
+  service: name=apache2 state=stopped
diff --git a/ansible/common/tasks/host-nickname.yml b/ansible/common/tasks/host-nickname.yml
new file mode 100644
index 0000000..b9f676c
--- /dev/null
+++ b/ansible/common/tasks/host-nickname.yml
@@ -0,0 +1,26 @@
+---
+# Set a sane visible nickname for the host. Since with Amazon it is not always
+# possible to change the hostname if we do not have a registered DNS name
+# associated with it, the other way to set it, as reported also by Amazon docs,
+# is to set a NICKNAME variable, and tweak the PS1 variable to show that
+# instead.
+# This will only work for new users, already existing users will have to tweak
+# their bashrc file accordingly.
+#
+# This role requires the variable 'nickname' to be set.
+#
+
+- name: host-nickname-var-file
+  template: src=host-nickname.sh
+            dest=/etc/profile.d/host-nickname.sh
+            owner=root
+            group=root
+            mode=0444
+
+# Install a default bashrc for new users.
+- name: host-nickname-bashrc-addition
+  template: src=base-bashrc
+            dest=/etc/skel/.bashrc
+            owner=root
+            group=root
+            mode=0644
diff --git a/ansible/common/tasks/main.yml b/ansible/common/tasks/main.yml
new file mode 100644
index 0000000..9049e2a
--- /dev/null
+++ b/ansible/common/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- include: host-nickname.yml
+- include: net-sysctl.yml
diff --git a/ansible/common/tasks/net-sysctl.yml b/ansible/common/tasks/net-sysctl.yml
new file mode 100644
index 0000000..eb84890
--- /dev/null
+++ b/ansible/common/tasks/net-sysctl.yml
@@ -0,0 +1,8 @@
+---
+# Make sure some default and optimized values are used.
+- name: net-sysctl-conf
+  copy: src=sysctl.conf
+        dest=/etc/sysctl.conf
+        owner=root
+        group=root
+        mode=0644
diff --git a/ansible/common/templates/base-bashrc b/ansible/common/templates/base-bashrc
new file mode 100644
index 0000000..de88aa8
--- /dev/null
+++ b/ansible/common/templates/base-bashrc
@@ -0,0 +1,112 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+    # We have color support; assume it's compliant with Ecma-48
+    # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+    # a case would tend to support setf rather than setaf.)
+    color_prompt=yes
+    else
+    color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    alias grep='grep --color=auto'
+    alias fgrep='fgrep --color=auto'
+    alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -CF'
+
+# Add an "alert" alias for long running commands.  Use like so:
+#   sleep 10; alert
+alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+# NICKNAME
+if [ "$NICKNAME" ]; then
+    PS1=$(echo "$PS1" | sed 's.\\h.$NICKNAME.g')
+fi
diff --git a/ansible/common/templates/host-nickname.sh b/ansible/common/templates/host-nickname.sh
new file mode 100644
index 0000000..bf6177e
--- /dev/null
+++ b/ansible/common/templates/host-nickname.sh
@@ -0,0 +1,2 @@
+# Managed via ansible.
+export NICKNAME={{ nickname }}