From a0dd5ef4b71588774eaf45fc6ed161dcf2baadd0 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 22:56:00 +0100 Subject: [PATCH 01/18] Move playbooks in subfolder --- ansible.cfg | 3 +++ deploy_all.sh | 3 +++ backups.yml => playbooks/backups.yml | 0 base.yml => playbooks/base.yml | 0 bdd.yml => playbooks/bdd.yml | 0 .../deploy_postfix_non_mailhost.yml | 0 grafana.yml => playbooks/grafana.yml | 0 ldap_replica.yml => playbooks/ldap_replica.yml | 6 +++--- log.yml => playbooks/log.yml | 0 matrix.yml => playbooks/matrix.yml | 0 monitoring.yml => playbooks/monitoring.yml | 0 network.yml => playbooks/network.yml | 0 services_web.yml => playbooks/services_web.yml | 0 13 files changed, 9 insertions(+), 3 deletions(-) create mode 100755 deploy_all.sh rename backups.yml => playbooks/backups.yml (100%) rename base.yml => playbooks/base.yml (100%) rename bdd.yml => playbooks/bdd.yml (100%) rename deploy_postfix_non_mailhost.yml => playbooks/deploy_postfix_non_mailhost.yml (100%) rename grafana.yml => playbooks/grafana.yml (100%) rename ldap_replica.yml => playbooks/ldap_replica.yml (69%) rename log.yml => playbooks/log.yml (100%) rename matrix.yml => playbooks/matrix.yml (100%) rename monitoring.yml => playbooks/monitoring.yml (100%) rename network.yml => playbooks/network.yml (100%) rename services_web.yml => playbooks/services_web.yml (100%) diff --git a/ansible.cfg b/ansible.cfg index e2d6a32..33120be 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,6 +2,9 @@ [defaults] +# Explicitely redefined some defaults to make subfolder execution work +roles_path = ./roles + # Do not create .retry files retry_files_enabled = False diff --git a/deploy_all.sh b/deploy_all.sh new file mode 100755 index 0000000..f450a8f --- /dev/null +++ b/deploy_all.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +# Deploy all playbooks +ansible-playbook playbooks/*.yml $@ diff --git a/backups.yml b/playbooks/backups.yml similarity index 100% rename from backups.yml rename to playbooks/backups.yml diff --git a/base.yml b/playbooks/base.yml similarity index 100% rename from base.yml rename to playbooks/base.yml diff --git a/bdd.yml b/playbooks/bdd.yml similarity index 100% rename from bdd.yml rename to playbooks/bdd.yml diff --git a/deploy_postfix_non_mailhost.yml b/playbooks/deploy_postfix_non_mailhost.yml similarity index 100% rename from deploy_postfix_non_mailhost.yml rename to playbooks/deploy_postfix_non_mailhost.yml diff --git a/grafana.yml b/playbooks/grafana.yml similarity index 100% rename from grafana.yml rename to playbooks/grafana.yml diff --git a/ldap_replica.yml b/playbooks/ldap_replica.yml similarity index 69% rename from ldap_replica.yml rename to playbooks/ldap_replica.yml index b921957..1dfdbca 100755 --- a/ldap_replica.yml +++ b/playbooks/ldap_replica.yml @@ -2,6 +2,6 @@ --- # Clone LDAP on local geographic location # DON'T DO THIS AS IT RECREATES THE REPLICA -- hosts: ldap_replica - roles: - - ldap_replica +#- hosts: ldap_replica +# roles: +# - ldap_replica diff --git a/log.yml b/playbooks/log.yml similarity index 100% rename from log.yml rename to playbooks/log.yml diff --git a/matrix.yml b/playbooks/matrix.yml similarity index 100% rename from matrix.yml rename to playbooks/matrix.yml diff --git a/monitoring.yml b/playbooks/monitoring.yml similarity index 100% rename from monitoring.yml rename to playbooks/monitoring.yml diff --git a/network.yml b/playbooks/network.yml similarity index 100% rename from network.yml rename to playbooks/network.yml diff --git a/services_web.yml b/playbooks/services_web.yml similarity index 100% rename from services_web.yml rename to playbooks/services_web.yml From daac91f3afca87fa2ee9908a958f66ef70f8e78a Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 08:46:53 +0100 Subject: [PATCH 02/18] Rename backups.yml to borgbackup.yml --- playbooks/{backups.yml => borgbackup.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename playbooks/{backups.yml => borgbackup.yml} (90%) diff --git a/playbooks/backups.yml b/playbooks/borgbackup.yml similarity index 90% rename from playbooks/backups.yml rename to playbooks/borgbackup.yml index 60200b9..df8c37e 100755 --- a/playbooks/backups.yml +++ b/playbooks/borgbackup.yml @@ -10,7 +10,7 @@ - borgbackup_server - update_motd -- hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re +- hosts: all,!unifi,!unifi-* vars: update_motd: borgbackup_client: >- From 9481af3201a64dc60fe7025821df6d6c75223ad5 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 08:48:20 +0100 Subject: [PATCH 03/18] Rename bdd.yml to postgres.yml --- playbooks/{bdd.yml => postgresql.yml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename playbooks/{bdd.yml => postgresql.yml} (56%) diff --git a/playbooks/bdd.yml b/playbooks/postgresql.yml similarity index 56% rename from playbooks/bdd.yml rename to playbooks/postgresql.yml index da4248d..1b587f1 100755 --- a/playbooks/bdd.yml +++ b/playbooks/postgresql.yml @@ -1,7 +1,7 @@ #!/usr/bin/env ansible-playbook --- -# Install and configure bdd servers at Saclay and at OVH -- hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re +# Install and configure database servers at Saclay and at OVH +- hosts: bdd.adm.auro.re,bdd-ovh.adm.auro.re vars: update_motd: postgresql: PostgreSQL est déployé. From 278928550cd2642335e1006a349443f7b6cae674 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 08:49:43 +0100 Subject: [PATCH 04/18] Rename monitoring.yml to prometheus.yml --- playbooks/{monitoring.yml => prometheus.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename playbooks/{monitoring.yml => prometheus.yml} (100%) diff --git a/playbooks/monitoring.yml b/playbooks/prometheus.yml similarity index 100% rename from playbooks/monitoring.yml rename to playbooks/prometheus.yml From 7bdf66f73a99aa5d5a37a4c87d38badb23c5729b Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 08:51:15 +0100 Subject: [PATCH 05/18] Rename log.yml to rsyslog.yml --- playbooks/{log.yml => rsyslog.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename playbooks/{log.yml => rsyslog.yml} (100%) diff --git a/playbooks/log.yml b/playbooks/rsyslog.yml similarity index 100% rename from playbooks/log.yml rename to playbooks/rsyslog.yml From 446c02da5e9d306d3fd7e79fe319f3167a2ffb6e Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 08:52:58 +0100 Subject: [PATCH 06/18] Split services_web.yml into nginx.yml and docker.yml --- playbooks/docker.yml | 10 ++++++++++ playbooks/{services_web.yml => nginx.yml} | 14 -------------- 2 files changed, 10 insertions(+), 14 deletions(-) create mode 100755 playbooks/docker.yml rename playbooks/{services_web.yml => nginx.yml} (72%) diff --git a/playbooks/docker.yml b/playbooks/docker.yml new file mode 100755 index 0000000..61047cc --- /dev/null +++ b/playbooks/docker.yml @@ -0,0 +1,10 @@ +#!/usr/bin/env ansible-playbook +--- +# Deploy Docker hosts +- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re + vars: + update_motd: + docker: Docker est déployé. + roles: + - docker + - update_motd diff --git a/playbooks/services_web.yml b/playbooks/nginx.yml similarity index 72% rename from playbooks/services_web.yml rename to playbooks/nginx.yml index d79a735..656f83b 100755 --- a/playbooks/services_web.yml +++ b/playbooks/nginx.yml @@ -1,19 +1,5 @@ #!/usr/bin/env ansible-playbook --- -# Deploy Docker hosts -- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re - vars: - update_motd: - docker: Docker est déployé. - roles: - - docker - - update_motd - -# Deploy Passbolt -- hosts: passbolt.adm.auro.re - roles: - - passbolt - - hosts: reverseproxy vars: certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' From 1133f614e49b2c2a8c9555e0996b4988ae3e3274 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 08:57:27 +0100 Subject: [PATCH 07/18] Split network.yml into each subject --- playbooks/isc-dhcp-server.yml | 9 ++++ playbooks/knot.yml | 14 ++++++ playbooks/network.yml | 82 ----------------------------------- playbooks/radius.yml | 10 +++++ playbooks/router.yml | 23 ++++++++++ playbooks/switchs-manager.yml | 14 ++++++ playbooks/unbound.yml | 10 +++++ playbooks/unifi.yml | 6 +++ 8 files changed, 86 insertions(+), 82 deletions(-) create mode 100755 playbooks/isc-dhcp-server.yml create mode 100755 playbooks/knot.yml delete mode 100755 playbooks/network.yml create mode 100755 playbooks/radius.yml create mode 100755 playbooks/router.yml create mode 100755 playbooks/switchs-manager.yml create mode 100755 playbooks/unbound.yml create mode 100755 playbooks/unifi.yml diff --git a/playbooks/isc-dhcp-server.yml b/playbooks/isc-dhcp-server.yml new file mode 100755 index 0000000..c46b691 --- /dev/null +++ b/playbooks/isc-dhcp-server.yml @@ -0,0 +1,9 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: dhcp-*.adm.auro.re + vars: + update_motd: + unbound: isc-dhcp-server est déployé. + roles: + - isc_dhcp_server + - update_motd diff --git a/playbooks/knot.yml b/playbooks/knot.yml new file mode 100755 index 0000000..2948c16 --- /dev/null +++ b/playbooks/knot.yml @@ -0,0 +1,14 @@ +#!/usr/bin/env ansible-playbook +--- +# WIP: Deploy authoritative DNS servers +# - hosts: authoritative_dns +# vars: +# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git +# service_name: dns +# service_version: crans +# service_config: +# hostname: re2o-server.adm.auro.re +# username: service-user +# password: "{{ vault_serviceuser_passwd }}" +# roles: +# - re2o_service diff --git a/playbooks/network.yml b/playbooks/network.yml deleted file mode 100755 index dee41b3..0000000 --- a/playbooks/network.yml +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# Set up DHCP servers. -- hosts: dhcp-*.adm.auro.re - vars: - update_motd: - unbound: isc-dhcp-server est déployé. - roles: - - isc_dhcp_server - - update_motd - -# Deploy unbound DNS server (recursive). -- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re - vars: - update_motd: - unbound: Unbound est déployé. - roles: - - unbound - - update_motd - -# Déploiement du service re2o aurore-firewall et keepalived -# radvd: IPv6 SLAAC (/64 subnets, private IPs). -# Must NOT be on routeur-aurore-*, or will with DHCPv6! -- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re - vars: - update_motd: - unbound: Le routage (avec radvd) est déployé. - roles: - - router - - radvd - - update_motd - -# No radvd here -- hosts: ~routeur-aurore.*\.adm\.auro\.re - vars: - update_motd: - unbound: Le routage (avec DHCPv6) est déployé. - roles: - - router - - ipv6_edge_router - - update_motd - -# Radius (backup only for now) -- hosts: radius-*.adm.auro.re - vars: - update_motd: - unbound: FreeRADIUS est déployé. - roles: - - radius - - update_motd - -# WIP: Deploy authoritative DNS servers -# - hosts: authoritative_dns -# vars: -# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git -# service_name: dns -# service_version: crans -# service_config: -# hostname: re2o-server.adm.auro.re -# username: service-user -# password: "{{ vault_serviceuser_passwd }}" -# roles: -# - re2o_service - - -# Deploy Unifi Controller -# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re -# roles: -# - unifi-controller - -# Deploy Re2o switch service -# - hosts: switchs-manager.adm.auro.re -# vars: -# service_repo: https://gitlab.federez.net/re2o/switchs.git -# service_name: switchs -# service_version: master -# service_config: -# hostname: re2o-server.adm.auro.re -# username: service-user -# password: "{{ vault_serviceuser_passwd }}" -# roles: -# - re2o_service diff --git a/playbooks/radius.yml b/playbooks/radius.yml new file mode 100755 index 0000000..ddd5564 --- /dev/null +++ b/playbooks/radius.yml @@ -0,0 +1,10 @@ +#!/usr/bin/env ansible-playbook +--- +# Radius (backup only for now) +- hosts: radius-*.adm.auro.re + vars: + update_motd: + unbound: FreeRADIUS est déployé. + roles: + - radius + - update_motd diff --git a/playbooks/router.yml b/playbooks/router.yml new file mode 100755 index 0000000..02dccb1 --- /dev/null +++ b/playbooks/router.yml @@ -0,0 +1,23 @@ +#!/usr/bin/env ansible-playbook +--- +# Déploiement du service re2o aurore-firewall et keepalived +# radvd: IPv6 SLAAC (/64 subnets, private IPs). +# Must NOT be on routeur-aurore-*, or will with DHCPv6! +- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re + vars: + update_motd: + unbound: Le routage (avec radvd) est déployé. + roles: + - router + - radvd + - update_motd + +# No radvd here +- hosts: ~routeur-aurore.*\.adm\.auro\.re + vars: + update_motd: + unbound: Le routage (avec DHCPv6) est déployé. + roles: + - router + - ipv6_edge_router + - update_motd diff --git a/playbooks/switchs-manager.yml b/playbooks/switchs-manager.yml new file mode 100755 index 0000000..b2930ec --- /dev/null +++ b/playbooks/switchs-manager.yml @@ -0,0 +1,14 @@ +#!/usr/bin/env ansible-playbook +--- +# Deploy Re2o switch service +# - hosts: switchs-manager.adm.auro.re +# vars: +# service_repo: https://gitlab.federez.net/re2o/switchs.git +# service_name: switchs +# service_version: master +# service_config: +# hostname: re2o-server.adm.auro.re +# username: service-user +# password: "{{ vault_serviceuser_passwd }}" +# roles: +# - re2o_service diff --git a/playbooks/unbound.yml b/playbooks/unbound.yml new file mode 100755 index 0000000..d443aec --- /dev/null +++ b/playbooks/unbound.yml @@ -0,0 +1,10 @@ +#!/usr/bin/env ansible-playbook +--- +# Deploy unbound DNS server (recursive). +- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re + vars: + update_motd: + unbound: Unbound est déployé. + roles: + - unbound + - update_motd diff --git a/playbooks/unifi.yml b/playbooks/unifi.yml new file mode 100755 index 0000000..a596824 --- /dev/null +++ b/playbooks/unifi.yml @@ -0,0 +1,6 @@ +#!/usr/bin/env ansible-playbook +--- +# Deploy Unifi Controller +# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re +# roles: +# - unifi-controller From 9bb2d3f32464620f62b4b5c4b562044c6e106a86 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 08:58:43 +0100 Subject: [PATCH 08/18] Simplify base.yml --- playbooks/base.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/playbooks/base.yml b/playbooks/base.yml index ed05dbd..e663efc 100755 --- a/playbooks/base.yml +++ b/playbooks/base.yml @@ -6,13 +6,9 @@ - baseconfig - basesecurity - update_motd - -# Plug LDAP on all servers -- hosts: all,!unifi - roles: - ldap_client -# Install logrotate +# Install logrotate on all servers except PVE - hosts: all,!unifi,!pve roles: - logrotate From 2a9e1f4def9e278fa4503fe7accafa9998553e54 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 08:59:54 +0100 Subject: [PATCH 09/18] Rename matrix.yml to matrix-synapse.yml --- playbooks/{matrix.yml => matrix-synapse.yml} | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) rename playbooks/{matrix.yml => matrix-synapse.yml} (79%) diff --git a/playbooks/matrix.yml b/playbooks/matrix-synapse.yml similarity index 79% rename from playbooks/matrix.yml rename to playbooks/matrix-synapse.yml index 4cec87b..88213aa 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix-synapse.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -# Install Matrix Synapse on corresponding containers +# Install Matrix Synapse - hosts: synapse.adm.auro.re vars: mxisd_releases: https://github.com/kamax-matrix/mxisd/releases @@ -16,8 +16,3 @@ - matrix_appservice_irc - matrix_appservice_webhooks - update_motd - -# Install Matrix services -- hosts: matrix-services.adm.auro.re - roles: - - debian_backports From 747c93139baaeb10eda2384a30d9929700818453 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 09:00:57 +0100 Subject: [PATCH 10/18] Rename deploy_postfix_non_mailhost.yml to postfix.yml --- playbooks/{deploy_postfix_non_mailhost.yml => postfix.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename playbooks/{deploy_postfix_non_mailhost.yml => postfix.yml} (72%) diff --git a/playbooks/deploy_postfix_non_mailhost.yml b/playbooks/postfix.yml similarity index 72% rename from playbooks/deploy_postfix_non_mailhost.yml rename to playbooks/postfix.yml index 741d653..6bc6e2b 100755 --- a/playbooks/deploy_postfix_non_mailhost.yml +++ b/playbooks/postfix.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -# Deploy a correclty configured postfix on non mailhost servers +# Deploy Postfix on non mailhost servers - hosts: all,!unifi vars: local_network: 10.128.0.0/16 From c49dfb24b0062a61fa2e8b73663163e908309aad Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 09:03:49 +0100 Subject: [PATCH 11/18] Move re2o mail service in postfix playbook --- playbooks/postfix.yml | 13 +++++++++++++ utils/re2o_mail_server.yml | 13 ------------- 2 files changed, 13 insertions(+), 13 deletions(-) delete mode 100755 utils/re2o_mail_server.yml diff --git a/playbooks/postfix.yml b/playbooks/postfix.yml index 6bc6e2b..1e46561 100755 --- a/playbooks/postfix.yml +++ b/playbooks/postfix.yml @@ -7,3 +7,16 @@ relay_host: proxy.adm.auro.re roles: - postfix_non_mailhost + +# Deploy Re2o mail service +- hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service diff --git a/utils/re2o_mail_server.yml b/utils/re2o_mail_server.yml deleted file mode 100755 index 79fd7ff..0000000 --- a/utils/re2o_mail_server.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Deploy Re2o mail service -- hosts: mail.auro.re - vars: - service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git - service_name: mail-server - service_version: aurore - service_config: - hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! - username: service-user - password: "{{ vault_serviceuser_passwd }}" - roles: - - re2o-service From 4cf4ed0964d355b3295ff267865a2053a693f2d4 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 09:04:00 +0100 Subject: [PATCH 12/18] Remove sudo upgrade playbook --- utils/sudo_upgrade.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100755 utils/sudo_upgrade.yml diff --git a/utils/sudo_upgrade.yml b/utils/sudo_upgrade.yml deleted file mode 100755 index 45b01ad..0000000 --- a/utils/sudo_upgrade.yml +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# This is a special playbook to upgrade sudo everywhere after the -# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) -# Please always use with --limit myserver.adm.auro.re -# And list updates with --check -- hosts: all - tasks: - - name: Upgrade sudo - apt: - name: sudo - state: latest - update_cache: true - cache_valid_time: 3600 # one hour - register: apt_result - retries: 3 - until: apt_result is succeeded From b827195c32c321e35518f4b58a2672ed77602ce9 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 09:49:31 +0100 Subject: [PATCH 13/18] README: require at least Ansible 2.9 --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 541ca42..5f2da81 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,9 @@ # Recettes Ansible d'Aurore -Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore. -Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7. +Dépendances requises : + + * Ansible 2.9 ou plus récent. ## Ansible 101 From 511091c808bc6224f9fb420cbc9af12f4d020ff7 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 09:50:02 +0100 Subject: [PATCH 14/18] Make empty playbooks run fine --- playbooks/knot.yml | 3 +++ playbooks/ldap_replica.yml | 3 +++ playbooks/postfix.yml | 2 +- playbooks/switchs-manager.yml | 3 +++ playbooks/unifi.yml | 3 +++ 5 files changed, 13 insertions(+), 1 deletion(-) diff --git a/playbooks/knot.yml b/playbooks/knot.yml index 2948c16..43b59c3 100755 --- a/playbooks/knot.yml +++ b/playbooks/knot.yml @@ -1,5 +1,8 @@ #!/usr/bin/env ansible-playbook --- +- hosts: all + roles: [] + # WIP: Deploy authoritative DNS servers # - hosts: authoritative_dns # vars: diff --git a/playbooks/ldap_replica.yml b/playbooks/ldap_replica.yml index 1dfdbca..d9042a2 100755 --- a/playbooks/ldap_replica.yml +++ b/playbooks/ldap_replica.yml @@ -1,5 +1,8 @@ #!/usr/bin/env ansible-playbook --- +- hosts: all + roles: [] + # Clone LDAP on local geographic location # DON'T DO THIS AS IT RECREATES THE REPLICA #- hosts: ldap_replica diff --git a/playbooks/postfix.yml b/playbooks/postfix.yml index 1e46561..0f24dc9 100755 --- a/playbooks/postfix.yml +++ b/playbooks/postfix.yml @@ -19,4 +19,4 @@ username: service-user password: "{{ vault_serviceuser_passwd }}" roles: - - re2o-service + - re2o_service diff --git a/playbooks/switchs-manager.yml b/playbooks/switchs-manager.yml index b2930ec..c8f2a1b 100755 --- a/playbooks/switchs-manager.yml +++ b/playbooks/switchs-manager.yml @@ -1,5 +1,8 @@ #!/usr/bin/env ansible-playbook --- +- hosts: all + roles: [] + # Deploy Re2o switch service # - hosts: switchs-manager.adm.auro.re # vars: diff --git a/playbooks/unifi.yml b/playbooks/unifi.yml index a596824..638580e 100755 --- a/playbooks/unifi.yml +++ b/playbooks/unifi.yml @@ -1,5 +1,8 @@ #!/usr/bin/env ansible-playbook --- +- hosts: all + roles: [] + # Deploy Unifi Controller # - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re # roles: From b6d5f4206a3b68460c40e8cad25740f42a33a47a Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 10:04:43 +0100 Subject: [PATCH 15/18] ansible.cfg: typo --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index 33120be..c5f49b4 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,7 +2,7 @@ [defaults] -# Explicitely redefined some defaults to make subfolder execution work +# Explicitly redefine some defaults to make subfolder execution work roles_path = ./roles # Do not create .retry files From 3ccdacde13b71222b0295435f9aa2669bfb9e50d Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 10:05:00 +0100 Subject: [PATCH 16/18] docker: do not deploy on stream --- playbooks/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/docker.yml b/playbooks/docker.yml index 61047cc..9d64f11 100755 --- a/playbooks/docker.yml +++ b/playbooks/docker.yml @@ -1,7 +1,7 @@ #!/usr/bin/env ansible-playbook --- # Deploy Docker hosts -- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re +- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,wikijs.adm.auro.re vars: update_motd: docker: Docker est déployé. From f0631e341b10d4f4bdacc882e618ecae3f39df74 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 10:08:14 +0100 Subject: [PATCH 17/18] Change some comments --- playbooks/radius.yml | 2 +- playbooks/router.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/radius.yml b/playbooks/radius.yml index ddd5564..b48765e 100755 --- a/playbooks/radius.yml +++ b/playbooks/radius.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -# Radius (backup only for now) +# Deploy Radius - hosts: radius-*.adm.auro.re vars: update_motd: diff --git a/playbooks/router.yml b/playbooks/router.yml index 02dccb1..c273f0d 100755 --- a/playbooks/router.yml +++ b/playbooks/router.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -# Déploiement du service re2o aurore-firewall et keepalived +# Deploy firewall and keepalived # radvd: IPv6 SLAAC (/64 subnets, private IPs). # Must NOT be on routeur-aurore-*, or will with DHCPv6! - hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re From 40a91da78b32a09e7d02d99a255d9b4496862461 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 28 Nov 2021 10:15:38 +0100 Subject: [PATCH 18/18] base: add logrotate on pve --- playbooks/base.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/playbooks/base.yml b/playbooks/base.yml index e663efc..6126147 100755 --- a/playbooks/base.yml +++ b/playbooks/base.yml @@ -5,10 +5,6 @@ roles: - baseconfig - basesecurity - - update_motd - ldap_client - -# Install logrotate on all servers except PVE -- hosts: all,!unifi,!pve - roles: - logrotate + - update_motd