From: David Galloway Date: Fri, 27 Jun 2025 14:54:46 +0000 (-0400) Subject: testnode: Rocky 10 support X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=2e79559953132e015be4e0f999f11cfc031347c7;p=ceph-cm-ansible.git testnode: Rocky 10 support - No NRPE packages and we're not using Nagios at the moment anyway - Many supported SSHD key algorithm changes Signed-off-by: David Galloway --- diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index c8a17f5..8818745 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -48,8 +48,9 @@ - monitoring-scripts - nagios -# configure nagios (Except CentOS 9 Stream) +# configure nagios (Except Rocky) - import_tasks: nagios.yml + when: ansible_distribution != "Rocky" tags: - nagios @@ -61,9 +62,12 @@ - nagios # configure selinux for nagios +# We don't use nagios anymore and none of the nrpe packages are available anyway so skip it on Rocky - import_tasks: nrpe-selinux.yml - when: ansible_os_family == "RedHat" and - (selinux_status is defined and selinux_status.stdout != "Disabled") + when: + - ansible_os_family == "RedHat" + - ansible_distribution != "Rocky" + - (selinux_status is defined and selinux_status.stdout != "Disabled") tags: - nagios diff --git a/roles/common/tasks/yum_systems.yml b/roles/common/tasks/yum_systems.yml index 26addd1..b072c4c 100644 --- a/roles/common/tasks/yum_systems.yml +++ b/roles/common/tasks/yum_systems.yml @@ -71,7 +71,7 @@ # create and manage epel.repo - import_tasks: epel.yml - when: ansible_distribution == "CentOS" or ansible_distribution == 'RedHat' + when: ansible_distribution in ["CentOS", "RedHat", "Rocky"] tags: - epel - repos diff --git a/roles/testnode/tasks/main.yml b/roles/testnode/tasks/main.yml index b68c0f8..755f5d7 100644 --- a/roles/testnode/tasks/main.yml +++ b/roles/testnode/tasks/main.yml @@ -45,6 +45,10 @@ import_tasks: setup-centos.yml when: ansible_distribution == "CentOS" +- name: configure rocky specific things + import_tasks: setup-rocky.yml + when: ansible_distribution == "Rocky" + - name: configure red hat specific things import_tasks: setup-redhat.yml when: ansible_distribution == 'RedHat' diff --git a/roles/testnode/tasks/setup-rocky.yml b/roles/testnode/tasks/setup-rocky.yml new file mode 100644 index 0000000..6cbe6d6 --- /dev/null +++ b/roles/testnode/tasks/setup-rocky.yml @@ -0,0 +1,2 @@ +--- +- import_tasks: imitate_ubuntu.yml diff --git a/roles/testnode/templates/ssh/sshd_config_rocky_10 b/roles/testnode/templates/ssh/sshd_config_rocky_10 new file mode 100644 index 0000000..087d4c7 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_rocky_10 @@ -0,0 +1,38 @@ +# {{ ansible_managed }} +# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key + +SyslogFacility AUTHPRIV + +AuthorizedKeysFile .ssh/authorized_keys + +PasswordAuthentication yes + +ChallengeResponseAuthentication no + +# GSSAPI options +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes + +UsePAM yes + +X11Forwarding yes +UsePrivilegeSeparation sandbox # Default for new installations. + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +MaxSessions 1000 diff --git a/roles/testnode/vars/rocky_10.yml b/roles/testnode/vars/rocky_10.yml new file mode 100644 index 0000000..4f77bf5 --- /dev/null +++ b/roles/testnode/vars/rocky_10.yml @@ -0,0 +1,58 @@ +--- +# vars specific to any rocky 10.x version + +common_yum_repos: + lab-extras: + name: "lab-extras" + baseurl: "http://{{ mirror_host }}/lab-extras/10/" + enabled: 1 + gpgcheck: 0 + +# When mirrors become available, these will be filenames in roles/testnodes/templates/mirrorlists/10/ +yum_mirrorlists: [] + +packages_to_upgrade: + - libgcrypt # explicitly tied to qemu build + +packages: + - libgcrypt + - sysstat + - libedit + - boost-thread + - xfsprogs + - parted + - fuse-libs + - openssl + - libuuid + - podman + - attr + - lsof + - gettext + - bc + - xfsdump + - blktrace + - usbredir + - valgrind + - nfs-utils + - ncurses-devel + - gcc + - git + - qemu-img + - qemu-kvm-core + - qemu-kvm-block-rbd + - libacl-devel + - autoconf + - gdb + - podman-docker + - lvm2 + - python3-setuptools + +epel_packages: + - dbench + - gdisk + +nfs_service: nfs-server + +ntp_service_name: chronyd + +xfs_opts: "-m crc=1,finobt=0"