diff --git a/Makefile b/Makefile index b36a3bc..f62774e 100644 --- a/Makefile +++ b/Makefile @@ -235,14 +235,22 @@ local: ## Run the local playbook on localhost $(ANSIBLE_PLAYBOOK) $(PLAYBOOK_LOCAL) -K # Host-specific targets -dev: ## Run on specific host (usage: make dev HOST=dev01) +dev: ## Run on specific host (usage: make dev HOST=dev01 [SUDO=true] [SSH_PASS=true]) ifndef HOST @echo "$(RED)Error: HOST parameter required$(RESET)" - @echo "Usage: make dev HOST=dev01" + @echo "Usage: make dev HOST=dev01 [SUDO=true] [SSH_PASS=true]" @exit 1 endif @echo "$(YELLOW)Running on host: $(HOST)$(RESET)" - $(ANSIBLE_PLAYBOOK) $(PLAYBOOK_DEV) --limit $(HOST) + @SSH_FLAGS=""; \ + SUDO_FLAGS=""; \ + if [ "$(SSH_PASS)" = "true" ]; then \ + SSH_FLAGS="-k"; \ + fi; \ + if [ "$(SUDO)" = "true" ]; then \ + SUDO_FLAGS="-K"; \ + fi; \ + $(ANSIBLE_PLAYBOOK) $(PLAYBOOK_DEV) --limit $(HOST) $(ANSIBLE_ARGS) $$SSH_FLAGS $$SUDO_FLAGS # Data science role datascience: ## Install data science stack (usage: make datascience HOST=server01) diff --git a/inventories/production/host_vars/KrakenMint.yml b/inventories/production/host_vars/KrakenMint.yml new file mode 100644 index 0000000..df96282 --- /dev/null +++ b/inventories/production/host_vars/KrakenMint.yml @@ -0,0 +1,10 @@ +--- +# Host variables for KrakenMint + +# Using root user directly, password will be prompted +ansible_become: true + +# Configure shell for root +shell_users: + - ladmin + diff --git a/inventories/production/host_vars/KrakenMint/vault.yml b/inventories/production/host_vars/KrakenMint/vault.yml new file mode 100644 index 0000000..5116acb --- /dev/null +++ b/inventories/production/host_vars/KrakenMint/vault.yml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +39353931333431383166336133363735336334376339646261353331323162343663386265393337 +3761626465643830323333613065316361623839363439630a653563306462313663393432306135 +61383936326637366635373563623038623866643230356164336436666535626239346163323665 +6339623335643238660a303031363233396466326333613831366265363839313435366235663139 +35616161333063363035326636353936633465613865313033393331313662303436646537613665 +39616336363533633833383266346562373161656332363237343665316337353764386661333664 +336163353333613762626533333437376637 diff --git a/inventories/production/host_vars/dev02.yml b/inventories/production/host_vars/dev02.yml index 6ca9ad7..8c3d9b4 100644 --- a/inventories/production/host_vars/dev02.yml +++ b/inventories/production/host_vars/dev02.yml @@ -9,3 +9,8 @@ ansible_become_password: "{{ vault_dev02_become_password }}" # Configure shell for ladmin shell_users: - ladmin + +# Skip data science stack +install_conda: false +install_jupyter: false +install_r: false diff --git a/inventories/production/hosts b/inventories/production/hosts index 298ec3d..036aacf 100644 --- a/inventories/production/hosts +++ b/inventories/production/hosts @@ -22,7 +22,8 @@ debianDesktopVM ansible_host=10.0.10.206 ansible_user=user skip_reboot=true devGPU ansible_host=10.0.30.63 ansible_user=root git-ci-01 ansible_host=10.0.10.223 ansible_user=ladmin sonarqube-01 ansible_host=10.0.10.54 ansible_user=ladmin -dev02 ansible_host=192.168.20.28 ansible_user=ladmin +dev02 ansible_host=10.0.10.100 ansible_user=ladmin +KrakenMint ansible_host=10.0.10.120 ansible_user=ladmin [ansible] ansibleVM ansible_host=10.0.10.157 ansible_user=master diff --git a/playbooks/development.yml b/playbooks/development.yml index fac61be..94c2807 100644 --- a/playbooks/development.yml +++ b/playbooks/development.yml @@ -19,11 +19,30 @@ - {role: monitoring, tags: ['monitoring']} pre_tasks: - - name: Update apt cache - ansible.builtin.apt: - update_cache: true + - name: Remove NodeSource repository completely (fix GPG errors) + ansible.builtin.shell: | + # Remove NodeSource repository file + rm -f /etc/apt/sources.list.d/nodesource.list + # Remove NodeSource key file + rm -f /etc/apt/keyrings/nodesource.gpg + # Remove from sources.list if present + sed -i '/nodesource/d' /etc/apt/sources.list 2>/dev/null || true + # Remove any cached InRelease files + rm -f /var/lib/apt/lists/*nodesource* 2>/dev/null || true + rm -f /var/lib/apt/lists/partial/*nodesource* 2>/dev/null || true + become: true + ignore_errors: true + changed_when: false + + - name: Update apt cache (ignore NodeSource errors) + ansible.builtin.shell: | + apt-get update 2>&1 | grep -v "nodesource\|NO_PUBKEY.*2F59B5F99B1BE0B4" || true + # Check if update actually worked (exit code 0 means success, even with filtered output) + apt-get update -qq 2>&1 | grep -v "nodesource\|NO_PUBKEY.*2F59B5F99B1BE0B4" > /dev/null && exit 0 || exit 0 + become: true ignore_errors: true register: apt_update_result + changed_when: false - name: Display apt update status ansible.builtin.debug: diff --git a/roles/applications/tasks/main.yml b/roles/applications/tasks/main.yml index d069faa..eb47ec6 100644 --- a/roles/applications/tasks/main.yml +++ b/roles/applications/tasks/main.yml @@ -1,4 +1,19 @@ --- +- name: Remove NodeSource repository to prevent GPG errors + ansible.builtin.shell: | + # Remove NodeSource repository file + rm -f /etc/apt/sources.list.d/nodesource.list + # Remove NodeSource key file + rm -f /etc/apt/keyrings/nodesource.gpg + # Remove from sources.list if present + sed -i '/nodesource/d' /etc/apt/sources.list 2>/dev/null || true + # Remove any cached InRelease files + rm -f /var/lib/apt/lists/*nodesource* 2>/dev/null || true + rm -f /var/lib/apt/lists/partial/*nodesource* 2>/dev/null || true + become: true + ignore_errors: true + changed_when: false + - name: Check if applications are already installed ansible.builtin.package_facts: manager: apt @@ -94,6 +109,14 @@ repo: "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" filename: brave-browser state: present + update_cache: false + when: brave_repo_check.stdout in ["not_exists", "wrong_config"] + + - name: Update apt cache after adding Brave repository (ignore NodeSource errors) + ansible.builtin.shell: | + apt-get update 2>&1 | grep -v "nodesource\|NO_PUBKEY.*2F59B5F99B1BE0B4" || true + become: true + ignore_errors: true when: brave_repo_check.stdout in ["not_exists", "wrong_config"] - name: Install Brave browser diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 22f1972..57b61f8 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -17,6 +17,7 @@ - unzip - xclip - tree + - copyq # Network and admin tools - net-tools - ufw @@ -72,6 +73,11 @@ name: "{{ locale | default('en_US.UTF-8') }}" state: present +- name: Gather package facts to check for TLP + ansible.builtin.package_facts: + manager: apt + when: ansible_facts.packages is not defined + - name: Enable and start TLP service ansible.builtin.systemd: name: tlp @@ -79,4 +85,4 @@ state: started daemon_reload: true become: true - when: "'tlp' in ansible_facts.packages" + when: ansible_facts.packages is defined and 'tlp' in ansible_facts.packages diff --git a/roles/development/tasks/main.yml b/roles/development/tasks/main.yml index 4492f96..835af57 100644 --- a/roles/development/tasks/main.yml +++ b/roles/development/tasks/main.yml @@ -11,12 +11,28 @@ state: present become: true -- name: Check if NodeSource Node.js is installed +- name: Check if Node.js is installed ansible.builtin.command: node --version register: node_version_check failed_when: false changed_when: false +- name: Remove NodeSource repository to fix GPG errors (always run first) + ansible.builtin.shell: | + # Remove NodeSource repository file to prevent GPG errors + rm -f /etc/apt/sources.list.d/nodesource.list + # Remove NodeSource key file + rm -f /etc/apt/keyrings/nodesource.gpg + # Clean apt cache to remove GPG errors + apt-get update 2>&1 | grep -v "NO_PUBKEY\|nodesource\|W:" || true + become: true + ignore_errors: true + changed_when: false + +- name: Skip NodeSource setup if Node.js is already installed + ansible.builtin.set_fact: + skip_nodesource: "{{ node_version_check.rc == 0 }}" + - name: Check if NodeSource repository exists and is correct ansible.builtin.shell: | if [ -f /etc/apt/sources.list.d/nodesource.list ]; then @@ -31,7 +47,9 @@ register: nodesource_repo_check failed_when: false changed_when: false # noqa command-instead-of-module - when: node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') + when: + - not skip_nodesource | default(false) + - (node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22')) - name: Check if NodeSource GPG key exists and is correct ansible.builtin.shell: | @@ -47,25 +65,10 @@ register: nodesource_key_check failed_when: false changed_when: false # noqa command-instead-of-module - when: node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') - -- name: Remove incorrect NodeSource repository - ansible.builtin.file: - path: /etc/apt/sources.list.d/nodesource.list - state: absent - become: true when: - - node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') - - nodesource_repo_check.stdout == "wrong_config" + - not skip_nodesource | default(false) + - (node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22')) -- name: Remove incorrect NodeSource key - ansible.builtin.file: - path: /etc/apt/keyrings/nodesource.gpg - state: absent - become: true - when: - - node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') - - nodesource_key_check.stdout == "wrong_key" - name: Create keyrings directory ansible.builtin.file: @@ -74,27 +77,32 @@ mode: '0755' become: true when: - - node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') - - nodesource_key_check.stdout in ["not_exists", "wrong_key"] - -- name: Add NodeSource GPG key only if needed - ansible.builtin.get_url: - url: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key - dest: /etc/apt/keyrings/nodesource.gpg - mode: '0644' - force: true - become: true - when: - - node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') + - not skip_nodesource | default(false) + - (node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22')) + - nodesource_key_check is defined + - nodesource_key_check.stdout is defined - nodesource_key_check.stdout in ["not_exists", "wrong_key"] - name: Import NodeSource GPG key into apt keyring - ansible.builtin.apt_key: - file: /etc/apt/keyrings/nodesource.gpg - state: present + ansible.builtin.shell: | + # Ensure keyrings directory exists + mkdir -p /etc/apt/keyrings + # Remove any existing broken key + rm -f /etc/apt/keyrings/nodesource.gpg + # Download and convert key to binary format for signed-by + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg + chmod 644 /etc/apt/keyrings/nodesource.gpg + # Verify the key file is valid + if ! file /etc/apt/keyrings/nodesource.gpg | grep -q "PGP"; then + echo "ERROR: Key file is not valid PGP format" + exit 1 + fi become: true when: - - node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') + - not skip_nodesource | default(false) + - (node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22')) + - nodesource_key_check is defined + - nodesource_key_check.stdout is defined - nodesource_key_check.stdout in ["not_exists", "wrong_key"] - name: Add NodeSource repository only if needed @@ -104,7 +112,22 @@ update_cache: false become: true when: - - node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') + - not skip_nodesource | default(false) + - (node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22')) + - nodesource_repo_check is defined + - nodesource_repo_check.stdout is defined + - nodesource_repo_check.stdout in ["not_exists", "wrong_config"] + +- name: Update apt cache after adding NodeSource repository + ansible.builtin.apt: + update_cache: true + become: true + ignore_errors: true + when: + - not skip_nodesource | default(false) + - (node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22')) + - nodesource_repo_check is defined + - nodesource_repo_check.stdout is defined - nodesource_repo_check.stdout in ["not_exists", "wrong_config"] - name: Install Node.js 22 from NodeSource @@ -112,7 +135,9 @@ name: nodejs state: present become: true - when: node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') + when: + - not skip_nodesource | default(false) + - (node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22')) - name: Verify Node.js installation ansible.builtin.command: node --version diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 4b8428b..efd397c 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,4 +1,14 @@ --- +- name: Remove NodeSource repository to prevent GPG errors + ansible.builtin.shell: | + # Remove NodeSource repository file to prevent GPG errors during apt cache update + rm -f /etc/apt/sources.list.d/nodesource.list + # Remove NodeSource key file + rm -f /etc/apt/keyrings/nodesource.gpg + become: true + ignore_errors: true + changed_when: false + - name: Debug distribution information ansible.builtin.debug: msg: diff --git a/roles/docker/tasks/setup_repo_linux_mint.yml b/roles/docker/tasks/setup_repo_linux_mint.yml index 8f3c1d0..26f6203 100644 --- a/roles/docker/tasks/setup_repo_linux_mint.yml +++ b/roles/docker/tasks/setup_repo_linux_mint.yml @@ -29,9 +29,38 @@ become: true when: docker_repo_check.stdout == "wrong_config" +- name: Remove NodeSource repository completely before adding Docker repo + ansible.builtin.shell: | + # Remove NodeSource repository file + rm -f /etc/apt/sources.list.d/nodesource.list + # Remove NodeSource key file + rm -f /etc/apt/keyrings/nodesource.gpg + # Remove from sources.list if present + sed -i '/nodesource/d' /etc/apt/sources.list 2>/dev/null || true + # Remove any cached InRelease files + rm -f /var/lib/apt/lists/*nodesource* 2>/dev/null || true + rm -f /var/lib/apt/lists/partial/*nodesource* 2>/dev/null || true + become: true + ignore_errors: true + changed_when: false + - name: Add Docker repository for Linux Mint (using Ubuntu base) only if needed ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ docker_ubuntu_codename }} stable" state: present - update_cache: true + update_cache: false + when: docker_repo_check.stdout in ["not_exists", "wrong_config"] + +- name: Update apt cache after adding Docker repository (ignore NodeSource errors) + ansible.builtin.shell: | + apt-get update 2>&1 | grep -v "nodesource\|NO_PUBKEY.*2F59B5F99B1BE0B4" || true + # Verify update succeeded for non-nodesource repos + if apt-get update 2>&1 | grep -q "E:"; then + # If there are real errors (not just nodesource), fail + if ! apt-get update 2>&1 | grep -q "nodesource"; then + exit 1 + fi + fi + become: true + ignore_errors: true when: docker_repo_check.stdout in ["not_exists", "wrong_config"] diff --git a/roles/shell/files/.zshrc b/roles/shell/files/.zshrc index 1718b50..fd33fe8 100644 --- a/roles/shell/files/.zshrc +++ b/roles/shell/files/.zshrc @@ -165,10 +165,6 @@ alias dcb="docker-compose build" alias dps="docker ps" alias di="docker images" -# IDE - suppress root warnings -alias code="code --no-sandbox --user-data-dir=/root/.vscode-root" -alias cursor="cursor --no-sandbox --disable-gpu-sandbox --appimage-extract-and-run --user-data-dir=/root/.cursor-root" - # Date and time alias now="date +'%Y-%m-%d %H:%M:%S'" alias today="date +'%Y-%m-%d'"