Merge pull request #1104 from proditis/playbook-fixes

Playbook fixes
echoCTF · Feb 19, 2024 · 67ada0c · 67ada0c
2 parents 8865b29 + 1b37d89
commit 67ada0c
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 13 deletions.
diff --git a/ansible/runonce/db.yml b/ansible/runonce/db.yml
@@ -86,6 +86,7 @@
     packages:
       - curl
       - git
+      - rsync--
       - mariadb-server
       - memcached--
       - libmemcached

diff --git a/ansible/runonce/docker-registry.yml b/ansible/runonce/docker-registry.yml
@@ -3,6 +3,7 @@
 - name: "Setup docker registry on an OpenBSD server (standalone)"
   hosts: all
   become_method: doas
+  gather_facts: no
   vars_prompt:
     - name: "registry_user"
       prompt: "1/5. User to run the registry as?"
@@ -37,14 +38,17 @@
     rcctl:
       - { name: 'supervisord', state: "enable" }
     packages:
+    - ansible
     - go
     - supervisor
     - py3-setuptools
+    - git
+    - rsync--
 
   tasks:
   - name: Install packages
-    openbsd_pkg:
-      name: "{{packages}}"
+    raw: pkg_add {{item}}
+    with_items: "{{packages}}"
 
   - name: Add users
     user:
@@ -95,7 +99,7 @@
 
   - name: Configure supervisor registry service
     community.general.ini_file:
-      path: /etc/conf
+      path: /etc/supervisord.d/registry.ini
       section: "program:registry"
       option: "{{item.key}}"
       value:  "{{item.value}}"

diff --git a/ansible/runonce/docker-servers.yml b/ansible/runonce/docker-servers.yml
@@ -37,8 +37,9 @@
 
   - name: Configure resolv.conf
     copy:
-      content: "nameserver 10.0.0.254\n"
+      content: "{{resolvconf}}\n"
       dest: /etc/resolv.conf
+    when: resolvconf is defined
 
   - name: Allow release-info to change for APT repositories
     when: ansible_facts['distribution'] == 'Debian'
@@ -120,11 +121,11 @@
       pkg: "{{post_apt}}"
     when: post_apt is defined and post_apt|length > 0
 
-  - name: Install pip packages
-    no_log: "{{DEBUG|default(true)}}"
-    pip: name="{{item.name}}" version="{{item.version|default(omit)}}" state="{{item.state}}"
-    with_items: "{{pip}}"
-    when: pip is defined
+#  - name: Install pip packages
+#    no_log: "{{DEBUG|default(true)}}"
+#    pip: name="{{item.name}}" version="{{item.version|default(omit)}}" state="{{item.state}}"
+#    with_items: "{{pip}}"
+#    when: pip is defined
 
   - name: Check if we're working with cloud-init
     ansible.builtin.stat:

diff --git a/ansible/runonce/mui.yml b/ansible/runonce/mui.yml
@@ -87,6 +87,7 @@
     packages:
       - curl
       - git
+      - rsync--
       - memcached--
       - libmemcached
       - py3-mysqlclient
@@ -298,7 +299,7 @@
 
   - name: "Create moderatorUI config/db.php"
     copy:
-      content: "<?php return [ 'class' => 'yii\\db\\Connection', 'dsn' => 'mysql:host={{db_ip}};dbname=echoCTF', 'username' => 'moderatorUI', 'password' => 'moderatorUI', 'charset' => 'utf8'];\n"
+      content: "<?php return [ 'class' => 'yii\\db\\Connection', 'dsn' => 'mysql:host={{db_ip}};dbname=echoCTF', 'username' => 'moderatorUI', 'password' => 'moderatorUI', 'charset' => 'utf8mb4'];\n"
       dest: "/home/moderatorUI/{{domain_name}}/backend/config/db.php"
       mode: '0444'
     tags:

diff --git a/ansible/runonce/pui.yml b/ansible/runonce/pui.yml
@@ -96,6 +96,7 @@
       - automake%1.16
       - curl
       - git
+      - rsync--
       - libmemcached
       - libtool
       - memcached--
@@ -418,6 +419,11 @@
       - { section: Session, option: "session.save_path", value: "{{db_ip}}:11211"}
       - { section: Session, option: "session.gc_maxlifetime", value: "43200" }
       - { section: Session, option: "session.use_strict_mode", value: "1" }
+      - { section: opcache, option: "opcache.enable", value: "1" }
+      - { section: opcache, option: "opcache.memory_consumption", value: "128" }
+      - { section: opcache, option: "opcache.validate_timestamps", value: "0" }
+      - { section: opcache, option: "opcache.revalidate_freq", value: "2" }
+      - { section: opcache, option: "opcache.revalidate_path", value: "0" }
 
   - name: copy nginx rc.d into participant
     command: cp /etc/rc.d/nginx "/etc/rc.d/{{item}}"

diff --git a/ansible/runonce/vpngw.yml b/ansible/runonce/vpngw.yml
@@ -48,6 +48,7 @@
       - automake%1.16
       - curl
       - git
+      - rsync--
       - libmemcached
       - memcached--
       - libtool
@@ -67,6 +68,7 @@
       - go
       - p5-Net-Pcap
       - p5-NetPacket
+      - gnuwatch
   vars_prompt:
     - name: "myname"
       prompt: "1/16. System hostname?"

diff --git a/ansible/templates/docker-server-advanced.yml b/ansible/templates/docker-server-advanced.yml
@@ -44,12 +44,14 @@ pre_apt:
  - gnupg2
  - software-properties-common
  - rdate
+ - python3-requests
+ - python3-docker
 
 post_apt:
  - docker-ce
 
-pip:
- - { name: "docker", version: "*", state: "present" }
+#pip:
+# - { name: "docker", version: "*", state: "present" }
 
 #sync:
 #  - { src: "../files/docker/build", dst: "/opt" }
diff --git a/ansible/templates/unbound.conf.j2 b/ansible/templates/unbound.conf.j2
@@ -8,7 +8,7 @@ interface: {{bind.ip}}
 access-control: 0.0.0.0/0 allow
 
 do-ip6: no
-pidfile: "/var/unbound/var/run/unbound.pid"
+pidfile: "/var/run/unbound.pid"
 hide-identity: yes
 hide-version: yes