{"id":7708,"sha1":"9422e7083333a210cd9dcaca1a68e5267e341206","playbook":{"id":5550,"items":{"plays":1,"tasks":24,"results":24,"hosts":1,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":["swap"],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/kuly/kvm_node_install/kvm-install-inv.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup_new_node.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"},{"id":294,"name":"skip_tags:swap"}],"started":"2026-04-22T14:24:30.579310+01:00","ended":"2026-04-22T14:25:51.440207+01:00","duration":"00:01:20.860897","name":null,"ansible_version":"2.16.13","client_version":"1.7.5","python_version":"3.10.10","server_version":"1.7.5","status":"completed","path":"/home/ssh-gateway/ansible/kuly/kvm_node_install/setup_new_node.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"content":"---\n- name: New KVM server provisioning scripts\n hosts: all\n gather_facts: true\n vars:\n agent360_api_key: \"6225dd3b2c8afd50166ae988\"\n firewall_mode: \"HARDWARE_NODE\"\n timezone: \"UTC\"\n swap_file_path: \"/var/lib/libvirt/swapfile\"\n swap_file_size: \"64G\"\n main_server_ip: \"{{ ansible_default_ipv4.address }}\"\n monitoring_script_url: \"https://monitoring.platform360.io/agent360.sh\"\n kernelcare_installer_url: \"https://kernelcare.com/installer\"\n firewall360_install_url: \"https://tgz.thecode.casa/firewall360/install.sh\"\n firewall360_reset_url: \"https://deploy.thecode.casa/firewall360/reset_firewall.sh\"\n agent360_plugins_tgz_url: \"https://tgz.thecode.casa/agent360_plugins/install.sh\"\n agent360_plugins_deploy_url: \"https://deploy.thecode.casa/agent360_plugins/install.sh\"\n virtnbdbackup_install_url: \"https://tgz.thecode.casa/virtnbdbackup/install.sh\"\n backup_manager_install_url: \"https://backup-manager.vm.plesk-server.com/agents/install\"\n ls_tests_install_url: \"https://deploy.thecode.casa/ls-tests/installer.sh\"\n requisites:\n - wget\n - curl\n - vim\n - nano\n - net-tools\n - lsof\n - mc\n\n tasks:\n # ========================================================================\n # install prerequisite packages\n # ========================================================================\n - name: Install prerequisite packages\n ansible.builtin.dnf:\n name: \"{{ requisites }}\"\n state: present\n update_cache: true\n tags: [packages, prep, system]\n\n # ========================================================================\n # 1. SWAP FILE SETUP\n # ========================================================================\n - name: Create swap file directory if missing\n ansible.builtin.file:\n path: \"{{ swap_file_path | dirname }}\"\n state: directory\n mode: '0755'\n tags: [swap, prep]\n\n - name: Create swap file\n ansible.builtin.command: \"fallocate -l {{ swap_file_size }} {{ swap_file_path }}\"\n args:\n creates: \"{{ swap_file_path }}\"\n tags: [swap, prep]\n\n - name: Set secure permissions (600) on swap file\n ansible.builtin.file:\n path: \"{{ swap_file_path }}\"\n mode: '0600'\n tags: [swap, prep]\n\n - name: Initialize swap area\n ansible.builtin.command: \"mkswap {{ swap_file_path }}\"\n args:\n creates: \"{{ swap_file_path }}.initialized\"\n notify: Mark swap as initialized\n tags: [swap, prep]\n\n - name: Enable swap file immediately\n ansible.builtin.command: \"swapon {{ swap_file_path }}\"\n register: swapon_result\n changed_when: \"'already active' not in swapon_result.stderr\"\n failed_when: swapon_result.rc != 0 and 'already active' not in swapon_result.stderr\n tags: [swap, prep]\n\n - name: Enable all swaps from /etc/fstab (swapon -av)\n ansible.builtin.command: \"swapon -av\"\n register: swapon_av\n changed_when: false\n tags: [swap, prep]\n\n - name: Ensure swap entry exists in /etc/fstab\n ansible.builtin.lineinfile:\n path: /etc/fstab\n line: \"{{ swap_file_path }} none swap sw 0 0\"\n regexp: \"^{{ swap_file_path }}\\\\s+none\\\\s+swap\"\n state: present\n validate: 'findmnt -T %s'\n tags: [swap, prep, fstab]\n\n # ========================================================================\n # 2. TIMEZONE CONFIGURATION\n # ========================================================================\n - name: Set system timezone to {{ timezone }}\n community.general.timezone:\n name: \"{{ timezone }}\"\n tags: [config, timezone]\n\n # ========================================================================\n # 3. KERNELCARE INSTALLATION\n # ========================================================================\n - name: Install KernelCare\n ansible.builtin.shell: |\n set -o pipefail\n curl -s -L {{ kernelcare_installer_url }} | bash\n args:\n executable: /bin/bash\n creates: /usr/bin/kcare\n register: kernelcare_install\n changed_when: kernelcare_install.rc == 0\n tags: [kernelcare, security]\n\n - name: Enable and start KernelCare service\n ansible.builtin.systemd:\n name: kcare\n enabled: true\n state: started\n daemon_reload: true\n tags: [kernelcare, security]\n\n - name: Display KernelCare licensing reminder\n ansible.builtin.debug:\n msg: |\n \u26a0\ufe0f KERNELCARE LICENSE REMINDER \u26a0\ufe0f\n Please license this IP in your KernelCare portal:\n \u2192 {{ main_server_ip }}\n Visit: https://kernelcare.com/client-area\n tags: [kernelcare, reminder]\n\n # ========================================================================\n # 4. AGENT360 MONITORING INSTALLATION\n # ========================================================================\n - name: Download Agent360 installation script\n ansible.builtin.get_url:\n url: \"{{ monitoring_script_url }}\"\n dest: /tmp/agent360.sh\n mode: '0755'\n timeout: 30\n tags: [monitoring, agent360]\n\n - name: Install Agent360 monitoring agent\n ansible.builtin.shell: |\n set -o pipefail\n bash /tmp/agent360.sh {{ agent360_api_key }}\n args:\n chdir: /tmp\n register: agent360_install\n changed_when: agent360_install.rc == 0\n tags: [monitoring, agent360]\n\n # ========================================================================\n # 5. FIREWALL360 INSTALLATION\n # ========================================================================\n - name: Install Firewall360\n ansible.builtin.shell: \"bash <(curl -sL {{ firewall360_install_url }}) <<< '{{ firewall_mode }}'\"\n args:\n executable: /bin/bash\n register: firewall_install\n changed_when: firewall_install.rc == 0\n tags: [firewall, security]\n\n # ========================================================================\n # 6. FIREWALL360 RESET\n # ========================================================================\n - name: Reset Firewall360 configuration\n ansible.builtin.shell: \"bash <(curl -sL {{ firewall360_reset_url }})\"\n args:\n executable: /bin/bash\n register: firewall_reset\n changed_when: firewall_reset.rc == 0\n\n # ========================================================================\n # 7. AGENT360 CUSTOM PLUGINS\n # ========================================================================\n - name: Install plugin internal_server_metrics\n ansible.builtin.shell: |\n set -o pipefail\n curl -Ls {{ agent360_plugins_tgz_url }} | bash -s internal_server_metrics\n args:\n executable: /bin/bash\n register: plugin_internal\n changed_when: plugin_internal.rc == 0\n tags: [monitoring, plugins]\n\n - name: Install plugin vrrp_mon_cr\n ansible.builtin.shell: |\n set -o pipefail\n curl -Ls {{ agent360_plugins_deploy_url }} | bash -s vrrp_mon_cr\n args:\n executable: /bin/bash\n register: plugin_vrrp\n changed_when: plugin_vrrp.rc == 0\n tags: [monitoring, plugins]\n\n - name: Ensure pip3 is available\n ansible.builtin.package:\n name: python3-pip\n state: present\n tags: [monitoring, plugins]\n\n - name: Install mdjson Python package\n ansible.builtin.pip:\n name: mdjson\n executable: pip3\n state: present\n tags: [monitoring, plugins]\n\n - name: Install plugin mdstat_ls\n ansible.builtin.shell: |\n set -o pipefail\n curl -Ls {{ agent360_plugins_deploy_url }} | bash -s mdstat_ls\n args:\n executable: /bin/bash\n register: plugin_mdstat\n changed_when: plugin_mdstat.rc == 0\n tags: [monitoring, plugins]\n\n # ========================================================================\n # 8. NBD MODULE + VIRTNBDBACKUP\n # ========================================================================\n - name: Ensure NBD module loads at boot\n ansible.builtin.copy:\n content: \"nbd\\n\"\n dest: /etc/modules-load.d/nbd.conf\n mode: '0644'\n tags: [backup, nbd, prep]\n\n - name: Load NBD kernel module immediately\n community.general.modprobe:\n name: nbd\n state: present\n tags: [backup, nbd, prep]\n\n - name: Install virtnbdbackup\n ansible.builtin.shell: |\n set -o pipefail\n curl -s {{ virtnbdbackup_install_url }} | bash\n args:\n executable: /bin/bash\n register: virtnbd_install\n changed_when: virtnbd_install.rc == 0\n tags: [backup, virtnbd]\n\n # ========================================================================\n # 9. BACKUP-MANAGER INSTALLATION\n # ========================================================================\n - name: Download backup-manager installer\n ansible.builtin.get_url:\n url: \"{{ backup_manager_install_url }}\"\n dest: /tmp/installer.sh\n mode: '0755'\n timeout: 30\n tags: [backup, backup-manager]\n\n - name: Run backup-manager installer (pass 1)\n ansible.builtin.shell: |\n set -o pipefail\n /tmp/installer.sh\n args:\n chdir: /tmp\n register: backup_install_1\n changed_when: backup_install_1.rc == 0\n tags: [backup, backup-manager]\n\n - name: Run backup-manager installer (pass 2)\n ansible.builtin.shell: |\n set -o pipefail\n /tmp/installer.sh\n args:\n chdir: /tmp\n register: backup_install_2\n changed_when: backup_install_2.rc == 0\n tags: [backup, backup-manager]\n\n - name: Run backup-manager mount script\n ansible.builtin.shell: |\n set -o pipefail\n /tmp/mount.sh\n args:\n chdir: /tmp\n register: backup_mount\n changed_when: backup_mount.rc == 0\n tags: [backup, backup-manager]\n\n # ========================================================================\n # 10. goss ls tests\n # ========================================================================\n - name: Install ls-tests suite\n ansible.builtin.shell: |\n set -o pipefail\n curl -s {{ ls_tests_install_url }} | bash\n args:\n executable: /bin/bash\n creates: /opt/ls_tools/ls-tests/run_tests.sh\n register: ls_tests_install\n changed_when: ls_tests_install.rc == 0\n tags: [tests, ls-tests]\n\n - name: Run goss tests\n ansible.builtin.shell: |\n set -o pipefail\n /opt/ls_tools/ls-tests/run_tests.sh\n args:\n executable: /bin/bash\n register: ls_tests_run\n changed_when: ls_tests_run.rc == 0\n tags: [tests, ls-tests]\n\n # ========================================================================\n # 11. POST-INSTALL SUMMARY\n # ========================================================================\n - name: Display provisioning completion summary\n ansible.builtin.debug:\n msg: |\n \u2705 SERVER PROVISIONING COMPLETE \u2705\n Configuration applied:\n \u2022 Swap: {{ swap_file_path }} ({{ swap_file_size }}) \u2192 active\n \u2022 Timezone: {{ timezone }}\n \u2022 KernelCare: installed (license IP: {{ main_server_ip }})\n \u2022 Firewall360: {{ firewall_mode }} mode + reset\n \u2022 Agent360: monitoring + 3 plugins installed\n \u2022 NBD/virtnbdbackup: ready\n \u2022 backup-manager: installed + mounted\n Quick verification commands:\n swapon --show\n timedatectl\n systemctl status kcare\n firewall360 status\n agent360 status\n lsmod | grep nbd\n tags: [verify, always]\n handlers:\n - name: Mark swap as initialized\n ansible.builtin.file:\n path: \"{{ swap_file_path }}.initialized\"\n state: touch\n mode: '0644'\n","created":"2026-04-22T14:24:30.597228+01:00","updated":"2026-04-22T14:24:30.597251+01:00","path":"/home/ssh-gateway/ansible/kuly/kvm_node_install/setup_new_node.yaml"}