Ansible: add fleet_update play, managed_nodes group, refactor to roles (prepare, nfs_client, lxc_common)

2026-06-05 20:58:05 -04:00
parent 0e42f6189e
commit 87fb0ebe02
4 changed files with 111 additions and 53 deletions
--- a/procedures/ansible-playbook/main.yml
+++ b/procedures/ansible-playbook/main.yml
@@ -1,59 +1,27 @@
- name: Install nfs-common
-  ansible.builtin.apt:
-    name: nfs-common
-    state: present
+- name: Prepare Systems
+  hosts: physical_agents:core_services
  become: true
-  when: ansible_os_family == "Debian"
+  roles:
+    - prepare

- name: Ensure NFS mount directories exists
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: '0755'
-    owner: jarvis
-    group: jarvis
-  become: true
-  loop: "{{ nfs_shares }}"
-  loop_control:
-    label: "Directory: {{ item.path }}"
-  when: ansible_os_family == "Debian"
+- name: Install NFS client
+  hosts: fleet_nodes:!pve_hosts:!igor
+  become: false
+  roles:
+    - nfs_client

- name: Create local repogroup matching TrueNAS GID 568
-  ansible.builtin.group:
-    name: repogroup
-    gid: 568
-    state: present
+- name: Fleet update (apt update + upgrade)
+  hosts: managed_nodes
  become: true
+  tags:
+    - fleet_update
+  roles:
+    - prepare

- name: Add jarvis to repogroup
-  ansible.builtin.user:
-    name: jarvis
-    groups:
-      - repogroup
-    append: true
+- name: LXC common provisioning (git + ansible)
+  hosts: lxcs
  become: true
-
- name: Mount an NFS volume (root, because kernel mount)
-  ansible.posix.mount:
-    src: "{{ item.src }}"
-    path: "{{ item.path }}"
-    opts: "vers=4.2,proto=tcp,_netdev"
-    state: mounted
-    fstype: nfs
-  become: true
-  loop: "{{ nfs_shares }}"
-  loop_control:
-    label: "Mounted: {{ item.src }}"
-  when: ansible_os_family == "Debian"
-
- name: Set mount permissions so jarvis (repogroup member) can write
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    mode: '0770'
-    owner: root
-    group: repogroup
-  become: true
-  loop: "{{ nfs_shares }}"
-  loop_control:
-    label: "Permission fix: {{ item.path }}"
-  when: ansible_os_family == "Debian"
+  tags:
+    - lxc_common
+  roles:
+    - lxc_common