Initial commit

This commit is contained in:
Alexandre Iooss 2018-12-23 12:20:19 +01:00
commit 847c90dfba
8 changed files with 147 additions and 0 deletions

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
*.retry

30
README.md Normal file
View file

@ -0,0 +1,30 @@
# Playbook et rôles Ansible d'Aurore
## Exécution d'un playbook
```bash
ansible-playbook --ask-vault-pass -K -i hosts base.yml
```
## FAQ
### Automatiquement ajouter fingerprint ECDSA (dangereux !)
Il faut changer la variable d'environnement suivante :
`ANSIBLE_HOST_KEY_CHECKING=0`.
### Configurer la connexion au bastion
Dans la configuration SSH :
```
# Keep session alive only for bastion
Host proxy.auro.re
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p
Host *.auro.re 10.128.0.*
IdentityFile ~/.ssh/id_rsa_aurore
ForwardAgent yes
```

6
base.yml Normal file
View file

@ -0,0 +1,6 @@
---
# Put a common configuration on all servers
- hosts: all
roles:
- baseconfig

16
group_vars/all/vars.yml Normal file
View file

@ -0,0 +1,16 @@
---
# LDAP binding
ldap_uri: 'ldap://10.128.0.11/'
ldap_base: 'dc=auro,dc=re'
ldap_bind_dn: "cn=nslcd,ou=service-users,{{ ldap_base }}"
ldap_passwd: "{{ vault_ldap_passwd }}"
# Scripts will tell users to go there to manage their account
intranet_url: 'https://re2o.auro.re/'
# Users in that group will be able to `sudo`
sudo_group: 'sudoldap'
# SSH keys for root account to use when LDAP is broken
ssh_pub_keys: "{{ vault_ssh_pub_keys }}"

49
group_vars/all/vault.yml Normal file
View file

@ -0,0 +1,49 @@
$ANSIBLE_VAULT;1.1;AES256
32366661316664386431313536386232363262626438626631386134373733666466643833373938
3266333865383432333531393864666564346131333764360a303439343865333935313936373337
64353531623837663231316435653337313764613233343636323863356535626534373632383664
3965386436666663300a656432316338363333303934313065366264343038373436323432656164
39646438633632333730646565646230666437353837383538343035323366616635616638613330
39383433393433663066383866383637373531613231353431663765393463366261306561363036
35646639336161303631636662613832396539316466373635386361353266393365313636616435
36623138343733343931623264376432303366336136396661323236346138366565333733333432
36333062383935393733313639333735346638373166666332353065643662313766326466313935
63626662353661666130366466316432626533306663356264306564306135323666613538363163
62663064373032613638636533343939653435336238393966663265343064633733366563336664
62633238373737616134303130663266656435356165623936303261326330656237623566333039
38343637303038653133326433393939616363353537373862666138396165386665316530316165
31323237333963343831613464663631366665663865666362636335386364313533366436383764
36373431363465613130646535303162666564663163323534383032373731353034653435656134
32633964643066316164643137356334336339333334363564636664343739356533343066656136
38346135313935373533366666346564643234323464626361393861633536333730613837633634
30663464353864386238663731336438323663656662376632316330366432366236396265376337
30353331366266316430323131393433373762646665633738623532373562303365613763326164
32346161613437393462616662616539623234393732633235363135663462613630343661356632
35333532373466383762623765376231386662336435363930316338376132356637303834643932
63636566666138373461323163303566313631393837356634353163626639346630663130646266
38653838383034653065386432623833323564646361333333386436613064376335616661356466
32313534376464373839356130373661633538303530643331653162623864353032626436303837
65303430396365343138666133646432633037346435356531376161333966303032663235653339
63373138383036656662303332656437363735336131613030663962623566356630346534646666
30383063383634613832376363366332643035616431316232353865363037336262623261363633
32336463656664336237393934396430336661383632336330386534626636623533663239626232
62653161363536383734653136376135323536353430346166386134656537643537383538353865
36336137613165393438613165303665376532346462313465313531386430336232663733323133
36396532313061383261313561363532396161656631383239663139653834333366316362343335
61643830363136383532613738613038323830316638333436363139373530613761386430343365
33363732613933376238323035353932336433333536353663663231636539326535663536323533
66393134303364383764613661313337353134656264313661373262643931656566626164366336
35613736323761333035613163643835653338323266623465353330396539636164353864363564
33346233323766356532393734363037346330386666653733633665326339383133633462323539
66396537346261643664366335653431353138373033306236316534366631353262343465353963
38653231386336646534393237343632366137373036356666613866336232636439386663633563
61633438336461653366343039396161376638333532303565323736333134303333393239356438
30656631303766636432343838343436316136613966346165353962656138653862653662306539
66366133376437356638306330336163656463656631386637323032623565353539623663613065
34303163316161353037356333393565386462383462366430323136353137666332373034396361
38616666613435346461333361383863653138643030366137613533646236613865626437386464
63383434343236366433316534323236616664646235336338353832383365386637336234653332
34646436356139373463363431303361633137303831656632303133313738393339353835343365
34616234623463643139633639616336633630363664396338643633303133633739353161623339
33306665306566363533363431383133363162613334316566336264333663393035313161396466
62383035616136383939

View file

@ -0,0 +1,3 @@
---
ansible_ssh_extra_args: -o ProxyCommand='ssh -W %h:%p -q proxy.auro.re'

36
hosts Normal file
View file

@ -0,0 +1,36 @@
# Aurore servers inventory
[horus-pve]
#virtu.fede-aurore.net
[horus-proxy]
proxy-web ansible_host=10.128.0.254
[horus-services-bdd]
services-bdd ansible_host=10.128.0.31
[horus-wiki]
wiki ansible_host=10.128.0.51
[horus-phabricator]
phabricator ansible_host=10.128.0.50
# everything in horus (ovh)
[horus:children]
horus-pve
horus-proxy
horus-services-bdd
horus-wiki
horus-phabricator
# every LXC container
[container:children]
horus-proxy
horus-services-bdd
horus-wiki
horus-phabricator
# every PVE
[pve:children]
horus-pve

6
ldap.yml Normal file
View file

@ -0,0 +1,6 @@
---
# Plug only containers on LDAP
- hosts: container
roles:
- ldap-client