Initial commit
This commit is contained in:
commit
847c90dfba
8 changed files with 147 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*.retry
|
30
README.md
Normal file
30
README.md
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
# Playbook et rôles Ansible d'Aurore
|
||||||
|
|
||||||
|
## Exécution d'un playbook
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ansible-playbook --ask-vault-pass -K -i hosts base.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
## FAQ
|
||||||
|
|
||||||
|
### Automatiquement ajouter fingerprint ECDSA (dangereux !)
|
||||||
|
|
||||||
|
Il faut changer la variable d'environnement suivante :
|
||||||
|
`ANSIBLE_HOST_KEY_CHECKING=0`.
|
||||||
|
|
||||||
|
### Configurer la connexion au bastion
|
||||||
|
|
||||||
|
Dans la configuration SSH :
|
||||||
|
|
||||||
|
```
|
||||||
|
# Keep session alive only for bastion
|
||||||
|
Host proxy.auro.re
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPath ~/.ssh/%r@%h:%p
|
||||||
|
|
||||||
|
Host *.auro.re 10.128.0.*
|
||||||
|
IdentityFile ~/.ssh/id_rsa_aurore
|
||||||
|
ForwardAgent yes
|
||||||
|
```
|
||||||
|
|
6
base.yml
Normal file
6
base.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
# Put a common configuration on all servers
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- baseconfig
|
||||||
|
|
16
group_vars/all/vars.yml
Normal file
16
group_vars/all/vars.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
# LDAP binding
|
||||||
|
ldap_uri: 'ldap://10.128.0.11/'
|
||||||
|
ldap_base: 'dc=auro,dc=re'
|
||||||
|
ldap_bind_dn: "cn=nslcd,ou=service-users,{{ ldap_base }}"
|
||||||
|
ldap_passwd: "{{ vault_ldap_passwd }}"
|
||||||
|
|
||||||
|
# Scripts will tell users to go there to manage their account
|
||||||
|
intranet_url: 'https://re2o.auro.re/'
|
||||||
|
|
||||||
|
# Users in that group will be able to `sudo`
|
||||||
|
sudo_group: 'sudoldap'
|
||||||
|
|
||||||
|
# SSH keys for root account to use when LDAP is broken
|
||||||
|
ssh_pub_keys: "{{ vault_ssh_pub_keys }}"
|
||||||
|
|
49
group_vars/all/vault.yml
Normal file
49
group_vars/all/vault.yml
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
32366661316664386431313536386232363262626438626631386134373733666466643833373938
|
||||||
|
3266333865383432333531393864666564346131333764360a303439343865333935313936373337
|
||||||
|
64353531623837663231316435653337313764613233343636323863356535626534373632383664
|
||||||
|
3965386436666663300a656432316338363333303934313065366264343038373436323432656164
|
||||||
|
39646438633632333730646565646230666437353837383538343035323366616635616638613330
|
||||||
|
39383433393433663066383866383637373531613231353431663765393463366261306561363036
|
||||||
|
35646639336161303631636662613832396539316466373635386361353266393365313636616435
|
||||||
|
36623138343733343931623264376432303366336136396661323236346138366565333733333432
|
||||||
|
36333062383935393733313639333735346638373166666332353065643662313766326466313935
|
||||||
|
63626662353661666130366466316432626533306663356264306564306135323666613538363163
|
||||||
|
62663064373032613638636533343939653435336238393966663265343064633733366563336664
|
||||||
|
62633238373737616134303130663266656435356165623936303261326330656237623566333039
|
||||||
|
38343637303038653133326433393939616363353537373862666138396165386665316530316165
|
||||||
|
31323237333963343831613464663631366665663865666362636335386364313533366436383764
|
||||||
|
36373431363465613130646535303162666564663163323534383032373731353034653435656134
|
||||||
|
32633964643066316164643137356334336339333334363564636664343739356533343066656136
|
||||||
|
38346135313935373533366666346564643234323464626361393861633536333730613837633634
|
||||||
|
30663464353864386238663731336438323663656662376632316330366432366236396265376337
|
||||||
|
30353331366266316430323131393433373762646665633738623532373562303365613763326164
|
||||||
|
32346161613437393462616662616539623234393732633235363135663462613630343661356632
|
||||||
|
35333532373466383762623765376231386662336435363930316338376132356637303834643932
|
||||||
|
63636566666138373461323163303566313631393837356634353163626639346630663130646266
|
||||||
|
38653838383034653065386432623833323564646361333333386436613064376335616661356466
|
||||||
|
32313534376464373839356130373661633538303530643331653162623864353032626436303837
|
||||||
|
65303430396365343138666133646432633037346435356531376161333966303032663235653339
|
||||||
|
63373138383036656662303332656437363735336131613030663962623566356630346534646666
|
||||||
|
30383063383634613832376363366332643035616431316232353865363037336262623261363633
|
||||||
|
32336463656664336237393934396430336661383632336330386534626636623533663239626232
|
||||||
|
62653161363536383734653136376135323536353430346166386134656537643537383538353865
|
||||||
|
36336137613165393438613165303665376532346462313465313531386430336232663733323133
|
||||||
|
36396532313061383261313561363532396161656631383239663139653834333366316362343335
|
||||||
|
61643830363136383532613738613038323830316638333436363139373530613761386430343365
|
||||||
|
33363732613933376238323035353932336433333536353663663231636539326535663536323533
|
||||||
|
66393134303364383764613661313337353134656264313661373262643931656566626164366336
|
||||||
|
35613736323761333035613163643835653338323266623465353330396539636164353864363564
|
||||||
|
33346233323766356532393734363037346330386666653733633665326339383133633462323539
|
||||||
|
66396537346261643664366335653431353138373033306236316534366631353262343465353963
|
||||||
|
38653231386336646534393237343632366137373036356666613866336232636439386663633563
|
||||||
|
61633438336461653366343039396161376638333532303565323736333134303333393239356438
|
||||||
|
30656631303766636432343838343436316136613966346165353962656138653862653662306539
|
||||||
|
66366133376437356638306330336163656463656631386637323032623565353539623663613065
|
||||||
|
34303163316161353037356333393565386462383462366430323136353137666332373034396361
|
||||||
|
38616666613435346461333361383863653138643030366137613533646236613865626437386464
|
||||||
|
63383434343236366433316534323236616664646235336338353832383365386637336234653332
|
||||||
|
34646436356139373463363431303361633137303831656632303133313738393339353835343365
|
||||||
|
34616234623463643139633639616336633630363664396338643633303133633739353161623339
|
||||||
|
33306665306566363533363431383133363162613334316566336264333663393035313161396466
|
||||||
|
62383035616136383939
|
3
group_vars/horus/ssh_through_proxy.yml
Normal file
3
group_vars/horus/ssh_through_proxy.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
ansible_ssh_extra_args: -o ProxyCommand='ssh -W %h:%p -q proxy.auro.re'
|
36
hosts
Normal file
36
hosts
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# Aurore servers inventory
|
||||||
|
|
||||||
|
[horus-pve]
|
||||||
|
#virtu.fede-aurore.net
|
||||||
|
|
||||||
|
[horus-proxy]
|
||||||
|
proxy-web ansible_host=10.128.0.254
|
||||||
|
|
||||||
|
[horus-services-bdd]
|
||||||
|
services-bdd ansible_host=10.128.0.31
|
||||||
|
|
||||||
|
[horus-wiki]
|
||||||
|
wiki ansible_host=10.128.0.51
|
||||||
|
|
||||||
|
[horus-phabricator]
|
||||||
|
phabricator ansible_host=10.128.0.50
|
||||||
|
|
||||||
|
# everything in horus (ovh)
|
||||||
|
[horus:children]
|
||||||
|
horus-pve
|
||||||
|
horus-proxy
|
||||||
|
horus-services-bdd
|
||||||
|
horus-wiki
|
||||||
|
horus-phabricator
|
||||||
|
|
||||||
|
# every LXC container
|
||||||
|
[container:children]
|
||||||
|
horus-proxy
|
||||||
|
horus-services-bdd
|
||||||
|
horus-wiki
|
||||||
|
horus-phabricator
|
||||||
|
|
||||||
|
# every PVE
|
||||||
|
[pve:children]
|
||||||
|
horus-pve
|
||||||
|
|
6
ldap.yml
Normal file
6
ldap.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
# Plug only containers on LDAP
|
||||||
|
- hosts: container
|
||||||
|
roles:
|
||||||
|
- ldap-client
|
||||||
|
|
Loading…
Reference in a new issue