Merge branch 'master' into Global_monitoring
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing

This commit is contained in:
pz2891 2021-02-17 19:41:06 +01:00
commit 74c30b81df
18 changed files with 173 additions and 32 deletions

View file

@ -1,5 +1,10 @@
skip_list:
- '301'
- no-changed-when
- load-failure
- document-start
warn_list:
- experimental # all rules tagged as experimental
exclude_paths:
- group_vars/all/vault.yml

View file

@ -4,16 +4,9 @@ type: docker
name: check
steps:
- name: yamllint
image: python:3.9-alpine
- name: ansible and yaml linting
pull: never
image: aurore-ansible-lint-image
commands:
- pip install yamllint==1.25.0
- yamllint -c .yamllint.yml .
- name: ansible-lint
image: python:3.9-alpine
commands:
- apk add --no-cache gcc libc-dev libffi-dev openssl-dev
- pip install ansible-lint==4.3.7
- ansible-lint
...

View file

@ -1,19 +0,0 @@
---
image: python:3.9-alpine
stages:
- lint
yamllint:
stage: lint
script:
- pip install yamllint==1.25.0
- yamllint -c .yamllint.yml .
ansible-lint:
stage: lint
script:
- apk add gcc libc-dev libffi-dev openssl-dev
- pip install ansible-lint==4.3.7
- ansible-lint *.yml
...

View file

@ -6,6 +6,5 @@ rules:
max: 120
level: warning
document-start:
ignore: |
/groups_var/all/vault.yml
ignore: group_vars/all/vault.yml
...

View file

@ -1,3 +1,5 @@
[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible)
# Recettes Ansible d'Aurore
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.

View file

@ -0,0 +1,8 @@
---
# Deploy a correclty configured postfix on non mailhost servers
- hosts: all,!unifi
vars:
local_network: 10.128.0.0/16
relay_host: proxy.adm.auro.re
roles:
- postfix_non_mailhost

View file

@ -0,0 +1,7 @@
FROM python:3.9-alpine
LABEL description="Aurore's docker image for ansible-lint"
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
RUN pip install "yamllint>=1.26.0,<2.0"
RUN pip install "ansible-lint==5.0.0"
RUN pip install "ansible>=2.10,<2.11"

View file

@ -0,0 +1,18 @@
# Ansible-lint image
In order to build this image when a new version comes out, you need to
1. ssh into the `drone.adm.auro.re` server
2. git pull this repo to the lastest version
3. optionally make the changes if it has not been done yet
4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
5. ???
6. enjoy
You can verify that the image was correclty built by running
```
# list the images present
sudo docker image ls
# run your image with an interactive shell
sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
```

View file

@ -0,0 +1,10 @@
---
- name: restart postfix
service:
name: postfix
state: restarted
- name: reload postfix
service:
name: postfix
state: reloaded

View file

@ -0,0 +1,17 @@
---
- name: Install postfix
apt:
name: postfix
update_cache: true
register: result
retries: 3
until: result is succeeded
- name: Configure postfix
template:
src: main.cf.j2
dest: /etc/postfix/main.cf
mode: 0644
owner: root
group: root
notify: restart postfix

View file

@ -0,0 +1,32 @@
# {{ ansible_managed }}
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Template based on /usr/share/postfix/main.cf.debian
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# Send mail as user@{{ ansible_fqdn }}
myhostname = {{ ansible_fqdn }}
myorigin = $myhostname
mydomain = $myhostname
# Specify the trusted networks
mynetworks = 127.0.0.0/8 {{ local_network }}
# This host does not relay mail from untrusted networks
relay_domains =
# This is needed if no direct Internet access is available
relayhost = {{ relay_host }}

4
utils/README.md Normal file
View file

@ -0,0 +1,4 @@
# Utils
A repository of Ansible Playbooks that are useful, as little script or various
utilities, but not used in production.

13
utils/re2o_mail_server.yml Executable file
View file

@ -0,0 +1,13 @@
---
# Deploy Re2o mail service
- hosts: mail.auro.re
vars:
service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
service_name: mail-server
service_version: aurore
service_config:
hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod!
username: service-user
password: "{{ vault_serviceuser_passwd }}"
roles:
- re2o-service

31
utils/reboot_needed_check.yml Executable file
View file

@ -0,0 +1,31 @@
#!/usr/bin/env ansible-playbook
---
# Check if a reboot is required by the installation of some packages (ie kernel)
- hosts: localhost
tasks:
- name: Make sure local file exist but is empty # weird hack, I know
copy:
dest: /tmp/ansible_dump_reboot_needed.txt
content: ""
force: true
mode: 0644
- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re
tasks:
# Register the output of the file /var/run/reboot-required.pkgs
- name: Register if boot is required
shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi
register: result
- name: DEBUG
debug:
msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
when: result.stdout is defined
# Add info line by line
- name: Dump all info into the local file
delegate_to: localhost
lineinfile:
path: /tmp/ansible_dump_reboot_needed.txt
line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
when: result.stdout is defined

21
utils/version_check.yml Executable file
View file

@ -0,0 +1,21 @@
#!/usr/bin/env ansible-playbook
---
# Check for the distribution
- hosts: localhost
tasks:
- name: Make sure local file exist but is empty # weird hack, I know
copy:
dest: /tmp/ansible_dump_reboot_needed.txt
content: ""
force: true
mode: 0644
- hosts: all,!unifi
tasks:
# Add info line by line
- name: Dump all info into the local file
delegate_to: localhost
lineinfile:
path: /tmp/ansible_dump_dist_version.txt
line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{
ansible_distribution }} {{ ansible_distribution_version }}"