From 85d0dc9621412c526f74de326f07057cdc11a839 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 23 Jan 2021 17:19:50 +0100 Subject: [PATCH 01/78] Fix: keep the logs for 90 days --- roles/logrotate/templates/logrotate.d/rsyslog.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/logrotate/templates/logrotate.d/rsyslog.j2 b/roles/logrotate/templates/logrotate.d/rsyslog.j2 index beab470..f47e725 100644 --- a/roles/logrotate/templates/logrotate.d/rsyslog.j2 +++ b/roles/logrotate/templates/logrotate.d/rsyslog.j2 @@ -26,7 +26,7 @@ /var/log/debug /var/log/messages { - rotate 1 + rotate 90 daily missingok notifempty From 3050a956990fc526d1df73e42b5fe856a4674a72 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 27 Jan 2021 14:36:14 +0100 Subject: [PATCH 02/78] Add playbook to deploy sudo update on all machines --- sudo_upgrade.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100755 sudo_upgrade.yml diff --git a/sudo_upgrade.yml b/sudo_upgrade.yml new file mode 100755 index 0000000..45b01ad --- /dev/null +++ b/sudo_upgrade.yml @@ -0,0 +1,17 @@ +#!/usr/bin/env ansible-playbook +--- +# This is a special playbook to upgrade sudo everywhere after the +# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) +# Please always use with --limit myserver.adm.auro.re +# And list updates with --check +- hosts: all + tasks: + - name: Upgrade sudo + apt: + name: sudo + state: latest + update_cache: true + cache_valid_time: 3600 # one hour + register: apt_result + retries: 3 + until: apt_result is succeeded From a35488efdda5962fe798df2550c1bd21f979f4b1 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 18 Feb 2021 00:14:12 +0100 Subject: [PATCH 03/78] [Docker] do not cache pip --- docker-ansible-lint/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-ansible-lint/Dockerfile b/docker-ansible-lint/Dockerfile index 5d60549..1db9744 100644 --- a/docker-ansible-lint/Dockerfile +++ b/docker-ansible-lint/Dockerfile @@ -2,6 +2,6 @@ FROM python:3.9-alpine LABEL description="Aurore's docker image for ansible-lint" RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo -RUN pip install "yamllint>=1.26.0,<2.0" -RUN pip install "ansible-lint==5.0.0" -RUN pip install "ansible>=2.10,<2.11" +RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0" +RUN pip install --no-cache-dir "ansible-lint==5.0.0" +RUN pip install --no-cache-dir "ansible>=2.10,<2.11" From c3d24c1cd0bb24c069243d463a8c3bbfce58df66 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 28 Feb 2021 21:47:42 +0100 Subject: [PATCH 04/78] Add SSH key for Jeltz --- group_vars/all/vault.yml | 375 ++++++++++++++++++++------------------- 1 file changed, 197 insertions(+), 178 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 3666f5b..89937f5 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,179 +1,198 @@ $ANSIBLE_VAULT;1.1;AES256 -32313562646230353138303964366135656361616532343933353732313961323339653964353130 -3938346666633565356134343835633964626261363365370a663664663938383731343733386136 -33356531323762313463326339333963336636353933326537333665313334616563626632336663 -6537363033663935660a613366613962626563643035663330343061353836646561623031323236 -65313633383063373064613930623530656365396335663363643330636239643937373163623932 -61373136303737333739316565323934376433316362353935363637373264616238373831666438 -35343135383233653963333237393232353631636566373766366664656666313436323535393736 -62323731343261373331393062633030356235313834373861323138663930613332643432386436 -38383038616536316465343561643639353434396631643033633537393265646532613161343732 -32363265643963386538326639353233363438643833306637336431303533396562613863633537 -30303334643137313136633039393463346562306236353566333563633238313865313534326137 -33623036376439653532313833633135326631643361333463633162303065623633636331666661 -62303636653233666164383463356530633464306564383236373832616263653165373937303030 -31323865656436366265303537306438303434613135396166313635656566373539303463393830 -65383636363064333730623161316162373734626433346564333835393030616437636665316566 -37353937626465383439633534316336313931663561336335653761396230393031393839336264 -37623037663032646631656637386366333131356562376665333964393264643133626532653564 -32353235633434656334663233303664613865343039613330663833396162646430623735653434 -66633466306338373061326636366330643639383632353564353865623637303832306332653131 -37343566393965326635613135613134316264616336303233616162313839626235386137343435 -33633336636434343531633362633834376135303337363637303039323038313937646236366265 -34303434373566313730623664653263653466366133363562333736393836393363326665353434 -30333263323366326436623238353335323936346637646130623265366535653737343665373165 -63336166633831623464343862353065653162613934646539396364353162633063303332313266 -65656163396463363737663931353765376337643065646131303264363961366336343432653537 -65306437623535393132343962333666366665316362366536663431646435633166333731303232 -63313337353334623330623862386661306333366638306433373437623835636631376231373636 -66666539363561313166396438343730656230663532633031353336636565343964366136663466 -38316364663936303231633633613832313163646262313238346666336661613236343966353130 -62656237663865306632333130653933633332623061633062363964643130383430613864663935 -63663765356434626661346165653163626565336437613539653536306432376332616430393737 -34366139336363383761366338623236383135373634613239616665343061396633383231663230 -63653331336366666234626662356461663263626465663036326162343239373734346661626665 -61666231613565356633343030343935393135653261376239303037373634386138393463363239 -30356365663133646634333863616230646235656135336330393836353462323630376537366334 -31306330363232326661616666623131383837353139643838326430653561346565393762323936 -31623136656361383039653763613162356530653933376539336130376237396661663664393733 -36396433303339613965316230613237303331646331383239356638333366653961303138343663 -33393664303637333863313364356666383836633063643539333262633565623534323866316537 -38623630363139643837396330353463303932383231663831363763656537386531383531303165 -37366338343063346230656461393832383736636662656666636434363731623437303862636366 -33613333393139613637623963373262323637653531336265333033333135613330313166633738 -36353935383931363535656539333130653164613431616438613432313532373063353738656162 -36616563383133623336396633343762376537663432356238653766666636323232623065313537 -39636632326166323130646633626431323831373963313837613465356436326430616433303662 -65343834663937306539663330366538643265626665613631323036616463313266303237613938 -30613565306636306561643238326138623366343365303934306561623234313332636462383363 -30623432326336396364636164366463326533613665333830656564626663383331323661663934 -35353135323930656138373830623932396138626335343265623738383532333861306561323430 -66333532333961636463656535636132323535313730333762633139306235373031363831363266 -33646635316137616663653461393566303432386330623936633330373461333762356532663062 -39666437363931313861356331653932303132353364623664656364316430653933653935616230 -38376631316463646663626562366233626334323235633235653364623936643131356130343261 -36396535393335366532313930623363663032386635396262363430303466373737633739626435 -30636136396562336561393936353763383732653166353266376165663233626266353638363131 -65323462633039323334613566373434343363633532656534663635363763396265663137636331 -38613736353635613437663133616431396666316230393066343431336535626335373437393039 -63666135353937313765316134326338376161353862373161653039333631306264343464353035 -65353639313134346239646362663836643734373465353866373238613162303336306438376237 -35363934333536376136666561333636653136316435316530366461306636333063313739626630 -37633333333766613663636466373364663132613266343136376138663461383832356631303132 -30363434336161393962363636313364663839383734373533356663343733333731613535646433 -64396361643736653931336365313338313633383038306131333863306437386362633263646364 -36656566326333333136636566613066623362363263373435356162396431396334386237383231 -30326465646334613235666435613462633230353434653666336364646466613066346366376262 -66633863333461626631383961663930383663666538613162643730323565653732386330613538 -38666164353130386530376332643637333931313661633634303636643639613561643338373331 -63333932306634313933366533623837613934366334396637396361623439383964333665383435 -62316265356537616137643537366666336634393935613034393737313930333364323031653234 -37366561356332666439623462396266623961653039626562393065393336643962373064343563 -36346665666338623931343739386531343833386135356164303532643463346565316163656633 -32616365623065626139383362613466633332666133313263393062373338653834363830333039 -62626230343362393533633061663432363836616539643065643839623065633363393134643534 -63343935376537393739333063333333386239663763383435633234376434366362616433363162 -34363539633661633333306133363433313761303138363864373266333461303139613362663937 -39626332356139396330393361613364643363366164376234316266316164393035386334366362 -36373065626530333237636139336163623766623561656234333239646263626164323134633434 -63326635393665333533383562633438303036616262366435373739386430353964333265393732 -66643838303566626131323834646564613830333937616264383864316666343333396636303836 -38633335656536653334626530303835623531666665326533303535313164323836373365636265 -65393061363933373931396134623264643065633534313566346336343862346537343437363765 -62663264376266326538616330376633353832353234653661613964373231666562326466663934 -38393931643736626332623461613737383463663935656263656233306437653331343838343865 -64343239636166343134336261656162393938396633376663366466653634373566336165323237 -34386137313961653739393231616532346664366138356631353030623236343535363435636462 -32323564306339396437633763613535393230386631616166656539373861386633363464653439 -34323134626334356631623764356232366337646236313031336138333636633834353463363961 -32316664383038633330383765356563353062303133333133336365346561643234386161383461 -39323964303061313461386333613961396533646161663230666466616231386239386666306233 -39343239323739323738373263313662336237346663663432343861343034633463386163303366 -38333537626232663438383230623032623765336164653438653434396362633063333437366338 -34373431323539306531323536363238333037643337626131336631356537626237656630393964 -38393736633433306632323334613232303162313962616334376130353931336337303462363266 -39643137643034396564303531346361336134353461653535336165323032323238663631653935 -38366339366436376166333335663230306663633634336434323532316664666134313365323834 -31363964346561373262393632366637396633323332393162666166326631383164643265353135 -34303664353434373131653530346634386333663732373966613761616261323032336266646163 -32663966656464633565356337653534623962663939333033613933633965666339653764663134 -38363965393730633638653561393432303835303164396462366435353030643966316665333061 -39643634646137626338323537393031356532616637666634333139396630663930636235333735 -66336465666439356636623037653564393161393432346534656132346631396462356463336566 -30303833386638333866396462633330306439613139636331636331333663386438623461343133 -30643164366434353765633738356536643861303232393362343131353730376364623463326361 -37363061623333653466636438666465616133396233616430393265626362663736613031383764 -63353065306166646461623763643062383738376266353765643134376538393233383663346237 -37643639663063383266373536323533343936633134386263616163343637613636303134343037 -34626232303335393532643134646132323463396333386664333731646331343937363661323539 -65663936366464643162633432666537393439313664643638343237653566613235353165663336 -32373037346239356337633036306138343366666463363538373836616530313565613562383433 -64616263626165343938363230613039356137643665653734366533393033316363663036363738 -66323663663366666162623734363465663939383830396533383665393139633530616263663136 -64333132633031623835373831636366643831626235303831313761653734666365386462393534 -66303332656561653162636636313439663633396638353638363465663138353866376636326634 -63613865613466326230323564323439393061653664393261373531306235333663373434636262 -62353132653333313635653633346461323165373862343839316539653038633664353830643234 -36633763653738323732386263643461333761306532303534663763323735636563366266653464 -66636236393033613736656562663661346162316164616663306465623431613133633130383136 -35313434346164653163396137383064656538353766653237646237663639663039663665666236 -62346139633234343735303762653030326333333764356562656435623330663066353333326239 -39646465393362323537343766366432323765363139643361643037373739643636623437386636 -32353233303337623136343062623633306361383737303431613663633163643832343434656335 -39633434393466646366376534333865633361333861653366316238626637363537303335363662 -61353830303733623665643864333134623062356334616331363565333235666261653732633264 -62663238663461343738303764303636366638393830623264613730303635623635626364646464 -35623239356235316136343532616638663930313565383264663936633733386663326161623830 -62626634313963323866653432343561303233343035353433613731353538356438613033346638 -33613466656633626261326465336437613630376335663933303061393731313065636131393762 -65613037653363636235613838613535316635613066393436356537633662313539323163613361 -36356632323634363335366665376663346565393439313031636331633235333664663830636135 -64653266616262336437623731383161383437613461323837653066656233643230663064616432 -65383337323333633465316533623465303735396430326334643634626436303263396534356335 -34373134653232303866386433643864363536643138353965323130616338353731633434326361 -66303133353264343664323435653133383431626263373237613631616235666465616333343937 -37323333653565363665376236396232393132336137346461613831623063326631636335333365 -65376538396265313732323932383061633464393630393563386163393230623238633938396535 -34333330386131353336646361313634353862663762653234373235366565343232306432653731 -61383863306632626463653831383735636233623966353130626634366638626236383864316531 -37353062336539626531356133313132663330663135393930356565323364353761393439373533 -61366465313462313033306631333432646163653832363564313838643362316263353562373262 -33343664666230303065373836306663643135303439356362336634346637353438633364306365 -30623332363436353865633738663464636132306134386465306164363333386338323433643163 -37626235303062393933393363656339636139323464373439363765316266646536316336666163 -34306262326238343937623432643262646263666266623933623565363535326235623637396237 -64623961663037653033383933333062393932613933303962326538333739303731363137623365 -30363030353433646133666166383938356232396331656165343531343232613934663834633464 -36353331373233393861636131393238363031383135613633373665613364373466356663376431 -66303331383837663261313838363266656164633836623661326331356566653938306266376632 -63613238356135373938663030343634393566653963306237303138626461613931356565663835 -64386433613937643730396130663333646334386336613864333533626661626166346232333964 -66316664346231376639393132613936323261383131633737386331343966363961633237666334 -38353363383761333439373437623937393534626435386262383732363833346166656233666332 -62636130323536663432633434646666303664393130626437636132316264613535306463623964 -30633030613665343631373366363737313130666337326230633631646461356362363963306361 -64393639353339303436346438313833333432356666666339613666623132636235383866343838 -36666263343538633537303665616366656363373736306235333264336466313939356131303561 -33363030653966316232313933323665663330303338366333656536623861623537313266383565 -65633866663665393635646531353539623362646663356664333866623432333465333335333333 -31616262356537646261373166343665633238633235373335343134393366663462393465643135 -35326336613835663132343233386564373462353561333066323631313664373865323233653336 -65333731336565633664636562326365343263373263373162653239633964396138616335616230 -63376562383064663330363562306338346465666563306365306639353632396633323830353337 -65666233376239333436633566623535383065646235353832363030303565623531333539613864 -63393339656238323466343564333134636164383062613138656138373936636531636166393062 -32613431636233316533353937326234663336343231313630393037313663383034383238346562 -36383264626366383835623261643562323037303661383832323939363939623038626664393530 -65353061313266633764353331313532383766613735333131373365366336306139343265306634 -66313435313965633362356563313763653634643362616138633832633136333362343731346166 -34613431653134363732353833643962636431623036393935666237663833373934373438666434 -36633538306632383439323465636665303863646532653165666638316137633738363736386633 -33303234306531356136316463353232303737323661333430333137636633306131316434376665 -64323633383735313536373534626331356631316464643530363866633730353239346633396364 -36323437306165363465613365383666353037313333653230316234626439623964343336343762 -66343831343133343330336536613134303836626434663731343636613835623364633236653962 -63356635363239663533336265306261393337313136313937356662616231636461373230376232 -64313738333966633265626166653266313932666134356235373238376530303437646464333364 -31613631386335356561363938323831313061373566323638663864393266656361366463353736 -63386361373737383837336435633562626566656666373737313464323466313364626466633537 -6661656232313066363235616364646663623039386561636332 +63333334623934376334363635643536623263663238333835323935306266306234633538336333 +3735636661313837393933303266396363626634623437320a633936323238353736336132393834 +62396432396233343735643163636237386632623062363566313839396437393237316430653832 +3635653362346565360a626636323538313632363838626235386133393338613966646462663837 +63333337346431316638633036313533636334313432313266363232333465626331633839393832 +31343537393365373932396463643761343431623934306231323534306132643963393033346264 +38306531353632363336303931623665393833656461663032383663386663616130323430316561 +64373361393237653033313836616237643936666333363464633665313239336662393533343866 +30353537333065393566346538643334363231316539386161363366626234643261616531643336 +31613535383739313831656561623864386334326663346138386534363330353930663630363835 +35653937386136366539316330313564653932613963313630326663386132393437643137333536 +36633339336235366338303665616538656662656534376161646333653733643832343633346361 +39626233666230636136353331613233393962313664303466333738303437643331663434313966 +61613364366533316165656263626232373334303264366531643739383735613462376138653535 +63626363386335393134346562633362343532643961363335656633303364356563333330613438 +32393733336231386433626338336333636230306563663739343436333861363733653462613835 +39633064633665333238643033663866376139303762356530653333393834386439323131653031 +63386137353238623337396135323934383465653435336531316432663464343331666666633165 +35303466626537363363376663383534386462363439363937383530633436343861626466313035 +30633438663636646464666436623362643430633462643063646434306361323964623134663935 +35393533633537626138643564623532306530613661363262363037623037633561363337613866 +32363762353830633137386134393866303330626135326639336364303037653438356135323261 +62303835653331313831363963333930626632623765343630376636396363383361396265653034 +36333364646530636138313133646230336235643630643933663634613133316439363735323361 +64383962383764383362363737356364353965653763663661623335363639336636326337353835 +62623838633065666635333965633032323934316438623136376637646433616533313933303830 +62366264313334666263326339393435343930333530396334313931393563353339653037326639 +64643932386137666530626532623237363266663164333764383964653334346366336462666366 +30333036393065363631306630626161633235323932316665343632633335646135393062313036 +37313838363061626664363863623137303765313836396432336235313238623635653630316466 +65646237636463323563653736636139626630646134303833376663366239303538353033346431 +61306261373739316636393464373030636634343230626366643166356463643265646331343062 +39333031633231373031633230363261366432656263656636383962613961343636643564366235 +39323338393136383864363337356165373530313662306331316562356361396134663039643237 +35306662613037373739626236343135633833323966386433356136656563626138633366313837 +30383064336362626231653661346638323638636438303934643864623837376163656437633762 +30323362313735636336363763346431383566646339306130663664616439316132396535633664 +37663337356466343661353735356263303131303237303637653566653533633534663963663430 +31626632353637373033363835306362396533636632636332616236356337623134626164366139 +35343830613337313865636336376439316437333335333337656337333361633031303636376162 +30663330333332366633343466313665633034643364333736653930633539343733363866633133 +35616332363663383732383364363763356165656433376266343239313237613464616330393739 +66666338393262333936376633353366366539656339373163373137363836616462633763376535 +35663938626531393532376165336235393361633135663966366433343931616163633063636432 +63633834366333376431313966613737623832313130643336323238626164373436656562616235 +66343230376131326366316335353339353164313861643731353331306130646330313066303131 +39363265613131303632353436633461653634636530626164303164386463643861353062646337 +66396263333239396339623537623734336536653638353033393564343139643837363937616130 +65663730646364303336363331623537316433323035393538393132333462643938343936666435 +35666563646631333738623039306466636433316231316137356335623562633166323533653033 +34366165336262386336393034633836346534306166616535343464386631393735393066386233 +66633664376632633163396264623938623834346533616463333637396561623261313536323635 +35643865623434393338666139326431393663383432633465626236363533356161366239313737 +65346536363532356231643463646236383561393965626564313830386531353463363836613437 +30303138383736363361316361363265646232393865623836613465306539346461653965653662 +38623133333037626366666262613861633832326632326235313565653162353438333864656636 +61663131616339623564383063316132633562323366666136393363323335396237313431666436 +30646561326164626266636238386333346136656438663334356335626161383862363832653730 +31626536393464303539326466346230386661316261363138636665386266363734663038663261 +36623861376538393437663962343339646365626431303934316634383464333638636666303232 +36303331333561616535333031616235316335663234636466633366326465333264353062666133 +61636264386366396165343866633036323438393164616333336564613363316666333433633464 +30323262316166323264316639373737326433303334636533656539626261323763336135316166 +34643032653662616465353437343563663961623530313133666531303438643935616237663133 +35613135383736643561366334366230663237656631356235646335313039326231636634343061 +36346436333737343362663266633761376433653764353635646363643666383238623761626338 +34623639643037363634373566346432363830613936653563346265306437623966346466616330 +63373465633564653666373465653436343961633434313863626563316234303132623537636336 +64383532343863636562613835323930623232353236383235386530303565646535356562356561 +38653535336238353566646261613433666437653636663830396634363338643835316263623662 +34323331356539333261626532636135313862663938636438656234653261376633313731643862 +30663666303134396161326363323465303038333139313933616265373238626163343061643533 +34396536643465386439643430393566633662316164356463303066333334303532393233396630 +30323432346464656561616139333161613936643465353136663266313736313437623538613038 +30313136316364653839663538633532333962363365393831376661313562393436613630666331 +33303739613466366164376337396335663133646164616430636633366161643634663930663939 +66373534333039303433653733336131656630333661393139633634336638353965333037383062 +31336663366365326134663862353938386237313731363634653937336133633133643566656466 +35313235623137633861316633326232383437613039373962336137643934313066366138326234 +32306464363334323563376166313437323435306564336634656162393966646134343736323538 +34616564353839343935333838326261353239333361343037366136333662366664386166363764 +34393064326539366364366234303066326635613765636232323737636133626431316632316537 +32666131393331623061396666376236333664303032623434346661356236383962616565366434 +36393838343838623533623466373365663862303337366262363163313336616465363865356233 +35633562646436656636333461353535636430393064656564343339633734353436346533316434 +65643265323363343938303862353730636137633038633861393262626463623537626635666534 +33303637653863333532353930353331643366306432623863646664363862343665343233663461 +35343731386232633639393136633731356462633237666630616561363532653163616265333330 +39326533353466303235623036313334373034646161653761666131663830376333313330336165 +62306365323565356661323961353733336631333430343038393430303738383961616463653864 +63316433323039643132393934373830626130313364626566623834613363663665323063323936 +66643338643463393031366437643063616462663565323936313235373564363833333734633162 +37373030326533653831633866346662626639343631633135373630646231666536376466623462 +66303332333438333563353835653330616530623533313537666236663234316661643531346562 +30393030666232643163613932653231633266326438346635353562633732653032633631646662 +63643465333538376232313166333138386139326533643766393938613964613234616363366534 +64626137386638373934643730373963656337663462643466363563313238386563373539323538 +32393239656630613330376639313561313164313065613366383135333738653239373630326330 +34613862663638336366663764386635653339306230396338656263643362376161646238316661 +37646236343364626132373136653437346266636165313761623938393830613562313531363032 +32623531323131383365373964613630353130616432303530323031303534643639636664386133 +30313433613536343838343735396137313764653539623730333338376662373335613862346136 +33636264636564343761346234393830313965336164393835613331613162613564393565346437 +37633132343931636261343434366331663834303335633536393463633966623337386230383039 +35646434383632313865636637373461386335613731616637636364626332393461303264623732 +32666565633231623133656266306130303432633533366362383537326338636336666362386234 +62623162336134333264336161313834623733353762316238383932303837343866613332333439 +30663261653335373335313661303730326331666232666161643631363266333632326431343165 +37653936326333343364373132346162373461363935333662343432353365666433306364366666 +63653433356432373230346333643335303939613437306433376332616331326339393232613465 +35306235393465396235633761363764663333303864306639373666626535303635646439396333 +35313038663335393237386665313561616466393038336464383433393762333363356161323864 +61613466623936653530373765313731383963393831613964323562303566313239386132346131 +36666463373730633666303737343337656433336363383765363139363166303565323465376363 +37623439376330363936353830653633343366653335333938326364366230373665616264333865 +65323438393933616161653138313434653838303038373566373039383963346439653065663261 +62343161356532323861663962363565623934613733643062383732396264643562386433363163 +35663432656461373337643435363030393933336239623861366161346264613066653839333338 +33633261663236336366303261626134306265656137343765623539626563376337653761633631 +36616639653532376566346330616438306632393736613638613439363164336338336662616632 +38333365636130643434666634383434386331383461633761653236386630353663623836373766 +63626365306636373034386661643537313934656661373237306536376531613766633638616533 +61323538363931643238396531656436383762346130383030323162656630376530656661633134 +32323437633863323937393562383265336265333765373438353562306339663736613039343031 +30616563363137616231336538666638363431643134323866306361386339323437643737666130 +30623835646633333364646639393134383663633031633936356238653663303730353433363536 +39666132633036373635333963343935363235323861383637326637386530373238653131646437 +38623030353232626461616564623630333533613733303932303936653036663339316361303432 +64346331666535336539323463393733396462663762396232336239656638383666623032366436 +65313463366534343265333265626434616135376264353636656565613932653539646336393032 +33386631633839343564653134636538646230626263326633323663356436366232363664353936 +61393231616364383062613133373062353039613938626236656463616232386630353239613131 +31653431333239346230633731636537353662333130656364666134306461336239363938363565 +61333665373438313461663134613162393532623363623761346561313330656130316262386261 +62373333613861356133633964656332313866633165313562306636366465366462313865313735 +61333932633562383134383630393836303866383266376165616462616338366330333135643465 +37356561343861623564343961353235306338333836643565646636323465613430373062356263 +30346364323237343837643336653934653834306537396632326538653132363930646366346530 +64393963656166616239393530373532343739333466643666643835346233643566383536336463 +38343635613536366161633631393366623066613533333337626665303665323363626132613537 +66656332323936353464393933353562373430373065373965316264316335326664353637663236 +64353765643932346639626362306237353864343830636565643636653633303065353131616634 +61373631343932353265636634616665346430373666613337326264313932316433656437303037 +62616130356233643362356162663662653236643861333530363061376239343961316162313235 +36656336343565323263386266663930373639346238343566636563376431386138353030393631 +61636632646236383566333862376363626636613239343935653066653835323639323837663664 +33626333623734346363343533643931656330656533666662666362363431313561636231616237 +34633833336264396633306437313230326130353234303435396132333161343961383033303939 +35373230393061656134343832613463613465623064316135626131393738323832303462386564 +65373366326261363263666362323030643263343633306362633663613033303638623761356537 +61633664386533356463363036363039653465656633373462383337393965633536353762313539 +34633632313430333166313737336633646535616230306466623834653935336537646539616664 +39646663633162643637393964353531333831376363313661353665376134316537353434633831 +33376436663862313663316566383665383537396337626133313132373733336531643464336263 +62643031373239633939323935373961363963613161346637653434356261646662383465666134 +32373866383065613037366334303931393161343435643030636565383335626630643366653965 +31613935343431633833643932356565313937636438633566343533363736353037393064333163 +66373338323765643861383531363665636339353836613364376133356434356661656563306662 +31623637613130616361646463663431376130616266353166303030393134333934373766623936 +39623736666437303464323363333836353733363939346636646566336137303536656263653662 +63393965353062326131653838376531306634663231646365323465386263363330363237303733 +34663864356139363765623030373639376533363037626464383137343534343464623937636336 +35376636303063333636656634316330363065353364636136383637623964616237336330643437 +39356162356634316130316166373133643063323461623731653535336230303439653836653161 +62306336646231626632306161336233366636623535346565333137356561616635376437333033 +37373430613665306365626431353262633931373630383535313464306331633538646665646362 +62616566316130623834376364383665306130306539646133353238373861376562633031666661 +66633034366264326335643632363236666235353030343836666233656563633139376638643763 +63323932363634613230343932376436356434343164646263343464366531366361656666333765 +39363166343233353361373239636332626462613162326162373333643134393664313666323035 +34306139623734393039373661396463343465613462373130396263643830363334333037363637 +35633761633130383730663134613763333630356563306539323234353532353364363938626331 +31376234653930666631303564643065633030613266393064346163376534343963306537306336 +36303033313766346462653131333735633338623064323964333961366164356134346636363365 +33653265643663393362363033323632633862623934613638616161353039303433323830343233 +63343733313765373562666164333538613963363963383431616632643636663763636362663034 +61363762653233343362663732653762333761646265383932373036323566633534386661623936 +63383336653562336466323063373037646566653332366639623835653165386632303065653735 +62636634643764386365306163633661356130653032663333396166363039623033646139346537 +38333561313934323962366262316162343165363364356664663330636631363965383730636637 +61383766353762316230653837643564643161613161633561366563343365316337343633356339 +32323839663731616261353764383364396661323230303539313035656437623964383138376264 +61636534353639373665656131323835353832343666646263303461613764303633636339373366 +37306266306163313065313164393930386338343635393865613562386461613763303937396335 +61353361353738353033326561326465623833316538336538336333633564653761653036323561 +36616637343465323062326564646133353530633064303539313739303134353736396633616332 +38383735376464383934393032633466633036393464346561626631363534396537373962373764 +36343761386365323337613030323330396130396163633835613063313261343066306262656661 +38306333353363633238623737646332646464306238383637666236326635346131653331636364 +34643039633163396137653564643134633039356465346562323262623063316661353638336233 +65366265366438386633333362326435643161346664663736326437623530303135373132313364 +39396561383064666436623265356632366539303863333531333266336464313637303337323663 +61636138626162313465393161346265393465363164353861643830333963303261363231396433 +35366137626638303035626230633565663931656165613165343537346561326531303766616266 +66393061306136623661656139386565356637326338313838653031633736376131306238646132 +62343734663233343935653964633764323432346565343838323462353435653637353565336364 +30343633303862353332373964343732666533653232633863383962626634613064 From 89181c6cd6eaf16107f315876b04e6260f81dc48 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 28 Feb 2021 22:59:36 +0100 Subject: [PATCH 05/78] Add log.adm.auro.re to inventory --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index 7cf9128..fd690e8 100644 --- a/hosts +++ b/hosts @@ -37,6 +37,7 @@ wikijs.adm.auro.re prometheus-aurore.adm.auro.re portail.adm.auro.re jitsi-aurore.adm.auro.re +log.adm.auro.re [aurore_testing_vm] pendragon.adm.auro.re From 6263c317851487ff0b83a3c2a2ab435b3d0b3e19 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 01:27:30 +0100 Subject: [PATCH 06/78] Add rsyslog_common role --- roles/rsyslog_common/defaults/main.yml | 3 + roles/rsyslog_common/handlers/main.yml | 13 +++ roles/rsyslog_common/tasks/main.yml | 57 +++++++++ .../templates/99-common.conf.j2 | 108 ++++++++++++++++++ .../templates/forward-syslog.conf.j2 | 6 + .../rsyslog_common/templates/rsyslog.conf.j2 | 3 + 6 files changed, 190 insertions(+) create mode 100644 roles/rsyslog_common/defaults/main.yml create mode 100644 roles/rsyslog_common/handlers/main.yml create mode 100644 roles/rsyslog_common/tasks/main.yml create mode 100644 roles/rsyslog_common/templates/99-common.conf.j2 create mode 100644 roles/rsyslog_common/templates/forward-syslog.conf.j2 create mode 100644 roles/rsyslog_common/templates/rsyslog.conf.j2 diff --git a/roles/rsyslog_common/defaults/main.yml b/roles/rsyslog_common/defaults/main.yml new file mode 100644 index 0000000..e5e6024 --- /dev/null +++ b/roles/rsyslog_common/defaults/main.yml @@ -0,0 +1,3 @@ +--- +rsyslog_outputs: [] +... diff --git a/roles/rsyslog_common/handlers/main.yml b/roles/rsyslog_common/handlers/main.yml new file mode 100644 index 0000000..2a378d7 --- /dev/null +++ b/roles/rsyslog_common/handlers/main.yml @@ -0,0 +1,13 @@ +--- +- name: Restart rsyslog + become: yes + systemd: + name: rsyslog.service + state: restarted + +- name: Restart systemd-journald + become: yes + systemd: + name: systemd-journald.service + state: restarted +... diff --git a/roles/rsyslog_common/tasks/main.yml b/roles/rsyslog_common/tasks/main.yml new file mode 100644 index 0000000..9e1c7eb --- /dev/null +++ b/roles/rsyslog_common/tasks/main.yml @@ -0,0 +1,57 @@ +--- +- name: Install rsyslog + become: true + apt: + name: rsyslog + state: latest + +- name: Install rsyslog modules if needed + become: true + apt: + name: "{{ item.pkg }}" + state: latest + when: "rsyslog_outputs | selectattr('proto', 'eq', item.proto) | list" + loop: + - proto: relp + pkg: rsyslog-relp + - proto: redis + pkg: rsyslog-hiredis + +- name: Deploy main rsyslog configuration + become: true + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: u=rw,g=r,o=r + loop: + - src: rsyslog.conf.j2 + dest: /etc/rsyslog.conf + - src: 99-common.conf.j2 + dest: /etc/rsyslog.d/99-common.conf + notify: Restart rsyslog + +- name: Create journald.conf.d directory + become: true + file: + path: /etc/systemd/journald.conf.d + state: directory + +- name: Deploy journald configuration + become: true + template: + src: forward-syslog.conf.j2 + dest: /etc/systemd/journald.conf.d/forward-syslog.conf + owner: root + group: root + mode: u=rw,g=r,o=r + notify: Restart systemd-journald + +- name: Enable rsyslog service + become: true + systemd: + name: rsyslog.service + state: started + enabled: true +... diff --git a/roles/rsyslog_common/templates/99-common.conf.j2 b/roles/rsyslog_common/templates/99-common.conf.j2 new file mode 100644 index 0000000..dcb1775 --- /dev/null +++ b/roles/rsyslog_common/templates/99-common.conf.j2 @@ -0,0 +1,108 @@ +{{ ansible_managed | comment }} + +{% + set output_modules = { + "relp": "omrelp", + "udp": "omfwd", + "redis": "omhiredis", + } +%} + +global( + workDirectory="/var/spool/rsyslog" + preserveFQDN="on" +) + +# Collect logs via /dev/log +module(load="imuxsock") + +# Collect kernel logs +module(load="imklog") + +# Collect systemd-journald logs +module(load="imjournal") + +# Parse CEE logs +module(load="mmjsonparse") + +# Load export modules +{% + for module in rsyslog_outputs + | map(attribute="proto") + | map("extract", output_modules) + | list + | unique +%} +module(load="{{ module }}") +{% endfor %} + +# FIXME: Attention, il faut voir si rsyslog arrive bien à créer +# les fichiers de plusieurs jours (le 1er est peut-être crée avant +# de dropper les privilèges, mais les suivants je pense pas). +module( + load="builtin:omfile" + # Format avec dates précises + template="RSYSLOG_FileFormat" + fileOwner="root" + fileGroup="adm" + fileCreateMode="0640" + dirCreateMode="0755" +) + +template(name="templateJson" type="list" option.jsonf="on") { + property(outname="hostname_reported" name="hostname" format="jsonf") + property(outname="src" name="fromhost-ip" format="jsonf") + property(outname="facility" name="syslogfacility-text" format="jsonf") + property(outname="program" name="programname" format="jsonf") + property(outname="pid" name="procid" format="jsonf") + property(outname="time_reported" name="timereported" format="jsonf" + dateformat="rfc3339") + property(outname="time_generated" name="timegenerated" format="jsonf" + dateformat="rfc3339") + property(outname="message" name="msg" format="jsonf") +} + +ruleset(name="sendLogsToDisk") { + auth,authpriv.* action(type="omfile" file="/var/log/auth.log") + mail.* action(type="omfile" file="/var/log/mail.log" sync="off") + kern.* action(type="omfile" file="/var/log/kern.log") + *.*;auth,authpriv.none action(type="omfile" file="/var/log/syslog.log" + sync="off") +} + +# Send logs to remote collector(s) +ruleset(name="sendLogsToRemote") { +{% for output in rsyslog_outputs %} + action( + type="{{ output_modules[output.proto] }}" + +{% if output_modules[output.proto] == "omfwd" %} + protocol="{{ output.proto }}" + target="{{ output.address }}" + port="{{ output.port }}" +{% elif output_modules[output.proto] == "omhiredis" %} + server="{{ output.address }}" + serverport="{{ output.port }}" + mode="publish" + key="{{ output.key }}" + template="templateJson" +{% if output.password is defined %} + serverpassword="{{ output.password }}" +{% endif %} +{% elif output_modules[output.proto] == "omrelp" %} + target="{{ output.address }}" + port="{{ output.port }}" +{% endif %} + +{% if loop.index > 1 and output.fallback %} + action.execOnlyWhenPreviousIsSuspended="on" +{% endif %} + ) +{% endfor %} +} + +# Send local logs to files (useful for debugging or if the collector is down) +call sendLogsToDisk + +# Send local logs to the remote collector +call sendLogsToRemote diff --git a/roles/rsyslog_common/templates/forward-syslog.conf.j2 b/roles/rsyslog_common/templates/forward-syslog.conf.j2 new file mode 100644 index 0000000..7f81095 --- /dev/null +++ b/roles/rsyslog_common/templates/forward-syslog.conf.j2 @@ -0,0 +1,6 @@ +{{ ansible_managed | comment }} + +[Journal] +# journald logs are already retrieved by rsyslog using imjournal +ForwardToSyslog=no +MaxLevelSyslog=debug diff --git a/roles/rsyslog_common/templates/rsyslog.conf.j2 b/roles/rsyslog_common/templates/rsyslog.conf.j2 new file mode 100644 index 0000000..9c4c687 --- /dev/null +++ b/roles/rsyslog_common/templates/rsyslog.conf.j2 @@ -0,0 +1,3 @@ +{{ ansible_managed | comment }} + +include(file="/etc/rsyslog.d/*.conf") From 7fd1b5ff5d86914f7b006af5f23e40792a666ea3 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 01:27:56 +0100 Subject: [PATCH 07/78] Add rsyslog_collector role --- roles/rsyslog_collector/defaults/main.yml | 4 ++ roles/rsyslog_collector/meta/main.yml | 4 ++ roles/rsyslog_collector/tasks/main.yml | 24 +++++++++ .../templates/10-collector.conf.j2 | 53 +++++++++++++++++++ 4 files changed, 85 insertions(+) create mode 100644 roles/rsyslog_collector/defaults/main.yml create mode 100644 roles/rsyslog_collector/meta/main.yml create mode 100644 roles/rsyslog_collector/tasks/main.yml create mode 100644 roles/rsyslog_collector/templates/10-collector.conf.j2 diff --git a/roles/rsyslog_collector/defaults/main.yml b/roles/rsyslog_collector/defaults/main.yml new file mode 100644 index 0000000..d0f9337 --- /dev/null +++ b/roles/rsyslog_collector/defaults/main.yml @@ -0,0 +1,4 @@ +--- +rsyslog_inputs: [] +rsyslog_collector_base_dir: /var/log/remote +... diff --git a/roles/rsyslog_collector/meta/main.yml b/roles/rsyslog_collector/meta/main.yml new file mode 100644 index 0000000..8e7f44c --- /dev/null +++ b/roles/rsyslog_collector/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - role: rsyslog_common +... diff --git a/roles/rsyslog_collector/tasks/main.yml b/roles/rsyslog_collector/tasks/main.yml new file mode 100644 index 0000000..d0487e6 --- /dev/null +++ b/roles/rsyslog_collector/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Install rsyslog-relp if needed + become: true + apt: + name: rsyslog-relp + state: latest + when: "rsyslog_inputs | selectattr('proto', 'eq', 'relp') | list" + +- name: Ensure log storage directory exists + become: true + file: + path: "{{ rsyslog_collector_base_dir }}" + state: directory + +- name: Deploy rsyslog input configuration file + become: true + template: + src: 10-collector.conf.j2 + dest: /etc/rsyslog.d/10-collector.conf + owner: root + group: root + mode: u=rw,g=r,o=r + notify: Restart rsyslog +... diff --git a/roles/rsyslog_collector/templates/10-collector.conf.j2 b/roles/rsyslog_collector/templates/10-collector.conf.j2 new file mode 100644 index 0000000..793e519 --- /dev/null +++ b/roles/rsyslog_collector/templates/10-collector.conf.j2 @@ -0,0 +1,53 @@ +{{ ansible_managed | comment }} + +module(load="mmrm1stspace") + +{% + set input_modules = { + "relp": "imrelp", + "udp": "imudp", + } +%} + +{% + for module in rsyslog_inputs + | map(attribute="proto") + | map("extract", input_modules) + | list + | unique +%} +module(load="{{ module }}") +{% endfor %} + +template(name="incomingFilename" type="list") { + constant(value="{{ rsyslog_collector_base_dir }}/") + property(name="fromhost-ip") + constant(value="/") + property(name="timegenerated" dateFormat="year") + constant(value="-") + property(name="timegenerated" dateFormat="month") + constant(value="-") + property(name="timegenerated" dateFormat="day") + constant(value=".log") +} + +ruleset(name="handleIncomingLogs") { + action(type="mmrm1stspace") + action( + type="omfile" + dynaFile="incomingFilename" + template="RSYSLOG_FileFormat" + ) +} + +# TODO: add protocol-specific options (eg. TLS) +{% for input in rsyslog_inputs %} +input( + type="{{ input_modules[input.proto] }}" +{% if "address" in input %} + address="{{ input.address }}" +{% endif %} + port="{{ input.port }}" + ruleset="handleIncomingLogs" +) +{% endfor %} From 4a43bf8a16aa67bf901d194c4b963f71075eeb61 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 01:28:30 +0100 Subject: [PATCH 08/78] Add logging configuration for log.adm.auro.re --- host_vars/log.adm.auro.re.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 host_vars/log.adm.auro.re.yml diff --git a/host_vars/log.adm.auro.re.yml b/host_vars/log.adm.auro.re.yml new file mode 100644 index 0000000..24ae171 --- /dev/null +++ b/host_vars/log.adm.auro.re.yml @@ -0,0 +1,8 @@ +--- +rsyslog_collector_base_dir: /var/log/remote +rsyslog_inputs: + - proto: relp + port: 20514 + - proto: udp + port: 514 +... From 02a8cb84dfc6c684a3e899208a0e64f3d8dae0f4 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 01:29:16 +0100 Subject: [PATCH 09/78] Add log.yml playbook --- log.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 log.yml diff --git a/log.yml b/log.yml new file mode 100644 index 0000000..8c8fc15 --- /dev/null +++ b/log.yml @@ -0,0 +1,5 @@ +--- +- hosts: log.adm.auro.re + roles: + - rsyslog_collector +... From ba8b4e8c2963548f6f2eb4abe81cee02a546e456 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 02:11:29 +0100 Subject: [PATCH 10/78] Fix the ordering of rsyslog.d files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A call to sendLogsToRemote for logs received through RELP/UDP has been added (to send them to Logstash/Redis/…), so common.conf's prefix must be lower than collector.conf's. Note: future "third-party" config files will also call sendLogsToRemote and thus will also have to use a prefix higher than 10. --- roles/rsyslog_collector/tasks/main.yml | 4 ++-- .../templates/{10-collector.conf.j2 => 20-collector.conf.j2} | 2 ++ roles/rsyslog_common/tasks/main.yml | 4 ++-- .../templates/{99-common.conf.j2 => 10-common.conf.j2} | 0 4 files changed, 6 insertions(+), 4 deletions(-) rename roles/rsyslog_collector/templates/{10-collector.conf.j2 => 20-collector.conf.j2} (97%) rename roles/rsyslog_common/templates/{99-common.conf.j2 => 10-common.conf.j2} (100%) diff --git a/roles/rsyslog_collector/tasks/main.yml b/roles/rsyslog_collector/tasks/main.yml index d0487e6..0ee20a2 100644 --- a/roles/rsyslog_collector/tasks/main.yml +++ b/roles/rsyslog_collector/tasks/main.yml @@ -15,8 +15,8 @@ - name: Deploy rsyslog input configuration file become: true template: - src: 10-collector.conf.j2 - dest: /etc/rsyslog.d/10-collector.conf + src: 20-collector.conf.j2 + dest: /etc/rsyslog.d/20-collector.conf owner: root group: root mode: u=rw,g=r,o=r diff --git a/roles/rsyslog_collector/templates/10-collector.conf.j2 b/roles/rsyslog_collector/templates/20-collector.conf.j2 similarity index 97% rename from roles/rsyslog_collector/templates/10-collector.conf.j2 rename to roles/rsyslog_collector/templates/20-collector.conf.j2 index 793e519..a67956b 100644 --- a/roles/rsyslog_collector/templates/10-collector.conf.j2 +++ b/roles/rsyslog_collector/templates/20-collector.conf.j2 @@ -49,5 +49,7 @@ input( {% endif %} port="{{ input.port }}" ruleset="handleIncomingLogs" + + call sendLogsToRemote ) {% endfor %} diff --git a/roles/rsyslog_common/tasks/main.yml b/roles/rsyslog_common/tasks/main.yml index 9e1c7eb..ce0d35a 100644 --- a/roles/rsyslog_common/tasks/main.yml +++ b/roles/rsyslog_common/tasks/main.yml @@ -28,8 +28,8 @@ loop: - src: rsyslog.conf.j2 dest: /etc/rsyslog.conf - - src: 99-common.conf.j2 - dest: /etc/rsyslog.d/99-common.conf + - src: 10-common.conf.j2 + dest: /etc/rsyslog.d/10-common.conf notify: Restart rsyslog - name: Create journald.conf.d directory diff --git a/roles/rsyslog_common/templates/99-common.conf.j2 b/roles/rsyslog_common/templates/10-common.conf.j2 similarity index 100% rename from roles/rsyslog_common/templates/99-common.conf.j2 rename to roles/rsyslog_common/templates/10-common.conf.j2 From f7183095c14dbc22641fce0f08d2ff04c446016f Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 02:26:22 +0100 Subject: [PATCH 11/78] Add explicit permissions for directories --- roles/rsyslog_collector/tasks/main.yml | 3 +++ roles/rsyslog_common/tasks/main.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/roles/rsyslog_collector/tasks/main.yml b/roles/rsyslog_collector/tasks/main.yml index 0ee20a2..16a3ab9 100644 --- a/roles/rsyslog_collector/tasks/main.yml +++ b/roles/rsyslog_collector/tasks/main.yml @@ -11,6 +11,9 @@ file: path: "{{ rsyslog_collector_base_dir }}" state: directory + owner: root + group: adm + mode: u=rwx,g=rwx,o= - name: Deploy rsyslog input configuration file become: true diff --git a/roles/rsyslog_common/tasks/main.yml b/roles/rsyslog_common/tasks/main.yml index ce0d35a..c3a0cc3 100644 --- a/roles/rsyslog_common/tasks/main.yml +++ b/roles/rsyslog_common/tasks/main.yml @@ -37,6 +37,9 @@ file: path: /etc/systemd/journald.conf.d state: directory + owner: root + group: root + mode: u=rwx,g=rx,o=rx - name: Deploy journald configuration become: true From c65b3f090b85211c08d26588091b60826640623b Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 03:58:58 +0100 Subject: [PATCH 12/78] Compress and delete old remote logs Logrotate is not used because I didn't found an easy way to configure it to handle the compression/deletion of log files already rotated by rsyslog (it is probably possible, but I found the script to be easier). --- roles/rsyslog_collector/defaults/main.yml | 3 + roles/rsyslog_collector/files/rotate | 62 +++++++++++++++++++ roles/rsyslog_collector/handlers/main.yml | 5 ++ roles/rsyslog_collector/tasks/main.yml | 30 +++++++++ .../templates/rotate-remote-logs.service.j2 | 12 ++++ .../templates/rotate-remote-logs.timer.j2 | 10 +++ 6 files changed, 122 insertions(+) create mode 100644 roles/rsyslog_collector/files/rotate create mode 100644 roles/rsyslog_collector/handlers/main.yml create mode 100644 roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 create mode 100644 roles/rsyslog_collector/templates/rotate-remote-logs.timer.j2 diff --git a/roles/rsyslog_collector/defaults/main.yml b/roles/rsyslog_collector/defaults/main.yml index d0f9337..6ded0ef 100644 --- a/roles/rsyslog_collector/defaults/main.yml +++ b/roles/rsyslog_collector/defaults/main.yml @@ -1,4 +1,7 @@ --- rsyslog_inputs: [] rsyslog_collector_base_dir: /var/log/remote +rsyslog_collector_rotate_path: /usr/local/sbin/rotate_remote_logs +rsyslog_collector_keep_days: 0 +rsyslog_collector_compress_days: 1 ... diff --git a/roles/rsyslog_collector/files/rotate b/roles/rsyslog_collector/files/rotate new file mode 100644 index 0000000..8738fef --- /dev/null +++ b/roles/rsyslog_collector/files/rotate @@ -0,0 +1,62 @@ +#!/usr/bin/env python3 +import argparse +import datetime +import logging +import pathlib +import subprocess + + +def compress_file(filename): + subprocess.run(["xz", "-z", str(filename)]) + + +def find_files(base_dir, extension, days): + delta = datetime.timedelta(days=days) + now = datetime.datetime.now() + for path in base_dir.rglob(f"*{extension}"): + stem = path.name.removesuffix(extension) + date = datetime.datetime.fromisoformat(stem) + if date < now - delta: + yield path + + +def compress_logs(base_dir, days): + for path in find_files(base_dir, ".log", days): + logging.info("Compressing log file %s", str(path)) + compress_file(path) + + +def remove_logs(base_dir, days): + for path in find_files(base_dir, ".log.xz", days): + logging.info("Removing log file %s", str(path)) + path.unlink() + + +def main(): + + parser = argparse.ArgumentParser() + parser.add_argument("--compress-days", type=int, default=0) + parser.add_argument("--keep-days", type=int, default=0) + parser.add_argument( + "--base-dir", type=pathlib.Path, default="/var/log/remote" + ) + + args = parser.parse_args() + + logging.basicConfig( + format="[%(asctime)s] %(levelname)s %(message)s", level=logging.INFO + ) + + logging.info("Rotate script started") + + if args.compress_days > 0: + compress_logs(args.base_dir, args.compress_days) + + if args.keep_days > 0: + remove_logs(args.base_dir, args.keep_days) + + logging.info("Rotate script done") + + +if __name__ == "__main__": + main() diff --git a/roles/rsyslog_collector/handlers/main.yml b/roles/rsyslog_collector/handlers/main.yml new file mode 100644 index 0000000..60f493a --- /dev/null +++ b/roles/rsyslog_collector/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Run systemd daemon-reload + systemd: + daemon_reload: true +... diff --git a/roles/rsyslog_collector/tasks/main.yml b/roles/rsyslog_collector/tasks/main.yml index 16a3ab9..0c122e9 100644 --- a/roles/rsyslog_collector/tasks/main.yml +++ b/roles/rsyslog_collector/tasks/main.yml @@ -24,4 +24,34 @@ group: root mode: u=rw,g=r,o=r notify: Restart rsyslog + +- name: Install rotate script + become: true + copy: + src: rotate + dest: "{{ rsyslog_collector_rotate_path }}" + owner: root + group: root + mode: u=rwx,g=rx,o= + +- name: Install timer and service for rotate script + become: true + template: + src: "{{ item }}.j2" + dest: "/etc/systemd/system/{{ item }}" + owner: root + group: root + mode: u=rw,g=r,o= + loop: + - rotate-remote-logs.timer + - rotate-remote-logs.service + notify: + - Run systemd daemon-reload + +- name: Enable timer for log rotation + become: true + systemd: + name: rotate-remote-logs.timer + enabled: true + state: started ... diff --git a/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 b/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 new file mode 100644 index 0000000..3b915e7 --- /dev/null +++ b/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 @@ -0,0 +1,12 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Rotate remote logs + +[Service] +User=root +Type=OneShot +ExecStart={{ rsyslog_collector_rotate_path }} \ + --base-dir {{ rsyslog_collector_keep_days }} \ + --compress-days {{ rsyslog_collector_compress_days }} \ + --keep-days {{ rsyslog_collector_base_dir }} diff --git a/roles/rsyslog_collector/templates/rotate-remote-logs.timer.j2 b/roles/rsyslog_collector/templates/rotate-remote-logs.timer.j2 new file mode 100644 index 0000000..f4b1151 --- /dev/null +++ b/roles/rsyslog_collector/templates/rotate-remote-logs.timer.j2 @@ -0,0 +1,10 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Rotate remote logs daily + +[Timer] +OnCalendar=daily + +[Install] +WantedBy=timers.target From e4b58c0bf47ebce3b0cca515e920874c2aca6d21 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 04:07:17 +0100 Subject: [PATCH 13/78] Fix typo in 20-collector.conf.j2 --- roles/rsyslog_collector/templates/20-collector.conf.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/rsyslog_collector/templates/20-collector.conf.j2 b/roles/rsyslog_collector/templates/20-collector.conf.j2 index a67956b..897945f 100644 --- a/roles/rsyslog_collector/templates/20-collector.conf.j2 +++ b/roles/rsyslog_collector/templates/20-collector.conf.j2 @@ -38,6 +38,7 @@ ruleset(name="handleIncomingLogs") { dynaFile="incomingFilename" template="RSYSLOG_FileFormat" ) + call sendLogsToRemote } # TODO: add protocol-specific options (eg. TLS) @@ -49,7 +50,5 @@ input( {% endif %} port="{{ input.port }}" ruleset="handleIncomingLogs" - - call sendLogsToRemote ) {% endfor %} From 9252249d18993ddd161eef7135d0a66f12b3a1fc Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 04:15:54 +0100 Subject: [PATCH 14/78] Use 'true' instead of 'yes' --- roles/rsyslog_common/handlers/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/rsyslog_common/handlers/main.yml b/roles/rsyslog_common/handlers/main.yml index 2a378d7..563f2fc 100644 --- a/roles/rsyslog_common/handlers/main.yml +++ b/roles/rsyslog_common/handlers/main.yml @@ -1,12 +1,12 @@ --- - name: Restart rsyslog - become: yes + become: true systemd: name: rsyslog.service state: restarted - name: Restart systemd-journald - become: yes + become: true systemd: name: systemd-journald.service state: restarted From 1fe8d1d28bfab531fc714f038283ab4030a085cb Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 13:28:49 +0100 Subject: [PATCH 15/78] Remove "Root Aurore" SSH key + add histausse key --- group_vars/all/vault.yml | 362 ++++++++++++++++++--------------------- 1 file changed, 165 insertions(+), 197 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 89937f5..3db555c 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,198 +1,166 @@ $ANSIBLE_VAULT;1.1;AES256 -63333334623934376334363635643536623263663238333835323935306266306234633538336333 -3735636661313837393933303266396363626634623437320a633936323238353736336132393834 -62396432396233343735643163636237386632623062363566313839396437393237316430653832 -3635653362346565360a626636323538313632363838626235386133393338613966646462663837 -63333337346431316638633036313533636334313432313266363232333465626331633839393832 -31343537393365373932396463643761343431623934306231323534306132643963393033346264 -38306531353632363336303931623665393833656461663032383663386663616130323430316561 -64373361393237653033313836616237643936666333363464633665313239336662393533343866 -30353537333065393566346538643334363231316539386161363366626234643261616531643336 -31613535383739313831656561623864386334326663346138386534363330353930663630363835 -35653937386136366539316330313564653932613963313630326663386132393437643137333536 -36633339336235366338303665616538656662656534376161646333653733643832343633346361 -39626233666230636136353331613233393962313664303466333738303437643331663434313966 -61613364366533316165656263626232373334303264366531643739383735613462376138653535 -63626363386335393134346562633362343532643961363335656633303364356563333330613438 -32393733336231386433626338336333636230306563663739343436333861363733653462613835 -39633064633665333238643033663866376139303762356530653333393834386439323131653031 -63386137353238623337396135323934383465653435336531316432663464343331666666633165 -35303466626537363363376663383534386462363439363937383530633436343861626466313035 -30633438663636646464666436623362643430633462643063646434306361323964623134663935 -35393533633537626138643564623532306530613661363262363037623037633561363337613866 -32363762353830633137386134393866303330626135326639336364303037653438356135323261 -62303835653331313831363963333930626632623765343630376636396363383361396265653034 -36333364646530636138313133646230336235643630643933663634613133316439363735323361 -64383962383764383362363737356364353965653763663661623335363639336636326337353835 -62623838633065666635333965633032323934316438623136376637646433616533313933303830 -62366264313334666263326339393435343930333530396334313931393563353339653037326639 -64643932386137666530626532623237363266663164333764383964653334346366336462666366 -30333036393065363631306630626161633235323932316665343632633335646135393062313036 -37313838363061626664363863623137303765313836396432336235313238623635653630316466 -65646237636463323563653736636139626630646134303833376663366239303538353033346431 -61306261373739316636393464373030636634343230626366643166356463643265646331343062 -39333031633231373031633230363261366432656263656636383962613961343636643564366235 -39323338393136383864363337356165373530313662306331316562356361396134663039643237 -35306662613037373739626236343135633833323966386433356136656563626138633366313837 -30383064336362626231653661346638323638636438303934643864623837376163656437633762 -30323362313735636336363763346431383566646339306130663664616439316132396535633664 -37663337356466343661353735356263303131303237303637653566653533633534663963663430 -31626632353637373033363835306362396533636632636332616236356337623134626164366139 -35343830613337313865636336376439316437333335333337656337333361633031303636376162 -30663330333332366633343466313665633034643364333736653930633539343733363866633133 -35616332363663383732383364363763356165656433376266343239313237613464616330393739 -66666338393262333936376633353366366539656339373163373137363836616462633763376535 -35663938626531393532376165336235393361633135663966366433343931616163633063636432 -63633834366333376431313966613737623832313130643336323238626164373436656562616235 -66343230376131326366316335353339353164313861643731353331306130646330313066303131 -39363265613131303632353436633461653634636530626164303164386463643861353062646337 -66396263333239396339623537623734336536653638353033393564343139643837363937616130 -65663730646364303336363331623537316433323035393538393132333462643938343936666435 -35666563646631333738623039306466636433316231316137356335623562633166323533653033 -34366165336262386336393034633836346534306166616535343464386631393735393066386233 -66633664376632633163396264623938623834346533616463333637396561623261313536323635 -35643865623434393338666139326431393663383432633465626236363533356161366239313737 -65346536363532356231643463646236383561393965626564313830386531353463363836613437 -30303138383736363361316361363265646232393865623836613465306539346461653965653662 -38623133333037626366666262613861633832326632326235313565653162353438333864656636 -61663131616339623564383063316132633562323366666136393363323335396237313431666436 -30646561326164626266636238386333346136656438663334356335626161383862363832653730 -31626536393464303539326466346230386661316261363138636665386266363734663038663261 -36623861376538393437663962343339646365626431303934316634383464333638636666303232 -36303331333561616535333031616235316335663234636466633366326465333264353062666133 -61636264386366396165343866633036323438393164616333336564613363316666333433633464 -30323262316166323264316639373737326433303334636533656539626261323763336135316166 -34643032653662616465353437343563663961623530313133666531303438643935616237663133 -35613135383736643561366334366230663237656631356235646335313039326231636634343061 -36346436333737343362663266633761376433653764353635646363643666383238623761626338 -34623639643037363634373566346432363830613936653563346265306437623966346466616330 -63373465633564653666373465653436343961633434313863626563316234303132623537636336 -64383532343863636562613835323930623232353236383235386530303565646535356562356561 -38653535336238353566646261613433666437653636663830396634363338643835316263623662 -34323331356539333261626532636135313862663938636438656234653261376633313731643862 -30663666303134396161326363323465303038333139313933616265373238626163343061643533 -34396536643465386439643430393566633662316164356463303066333334303532393233396630 -30323432346464656561616139333161613936643465353136663266313736313437623538613038 -30313136316364653839663538633532333962363365393831376661313562393436613630666331 -33303739613466366164376337396335663133646164616430636633366161643634663930663939 -66373534333039303433653733336131656630333661393139633634336638353965333037383062 -31336663366365326134663862353938386237313731363634653937336133633133643566656466 -35313235623137633861316633326232383437613039373962336137643934313066366138326234 -32306464363334323563376166313437323435306564336634656162393966646134343736323538 -34616564353839343935333838326261353239333361343037366136333662366664386166363764 -34393064326539366364366234303066326635613765636232323737636133626431316632316537 -32666131393331623061396666376236333664303032623434346661356236383962616565366434 -36393838343838623533623466373365663862303337366262363163313336616465363865356233 -35633562646436656636333461353535636430393064656564343339633734353436346533316434 -65643265323363343938303862353730636137633038633861393262626463623537626635666534 -33303637653863333532353930353331643366306432623863646664363862343665343233663461 -35343731386232633639393136633731356462633237666630616561363532653163616265333330 -39326533353466303235623036313334373034646161653761666131663830376333313330336165 -62306365323565356661323961353733336631333430343038393430303738383961616463653864 -63316433323039643132393934373830626130313364626566623834613363663665323063323936 -66643338643463393031366437643063616462663565323936313235373564363833333734633162 -37373030326533653831633866346662626639343631633135373630646231666536376466623462 -66303332333438333563353835653330616530623533313537666236663234316661643531346562 -30393030666232643163613932653231633266326438346635353562633732653032633631646662 -63643465333538376232313166333138386139326533643766393938613964613234616363366534 -64626137386638373934643730373963656337663462643466363563313238386563373539323538 -32393239656630613330376639313561313164313065613366383135333738653239373630326330 -34613862663638336366663764386635653339306230396338656263643362376161646238316661 -37646236343364626132373136653437346266636165313761623938393830613562313531363032 -32623531323131383365373964613630353130616432303530323031303534643639636664386133 -30313433613536343838343735396137313764653539623730333338376662373335613862346136 -33636264636564343761346234393830313965336164393835613331613162613564393565346437 -37633132343931636261343434366331663834303335633536393463633966623337386230383039 -35646434383632313865636637373461386335613731616637636364626332393461303264623732 -32666565633231623133656266306130303432633533366362383537326338636336666362386234 -62623162336134333264336161313834623733353762316238383932303837343866613332333439 -30663261653335373335313661303730326331666232666161643631363266333632326431343165 -37653936326333343364373132346162373461363935333662343432353365666433306364366666 -63653433356432373230346333643335303939613437306433376332616331326339393232613465 -35306235393465396235633761363764663333303864306639373666626535303635646439396333 -35313038663335393237386665313561616466393038336464383433393762333363356161323864 -61613466623936653530373765313731383963393831613964323562303566313239386132346131 -36666463373730633666303737343337656433336363383765363139363166303565323465376363 -37623439376330363936353830653633343366653335333938326364366230373665616264333865 -65323438393933616161653138313434653838303038373566373039383963346439653065663261 -62343161356532323861663962363565623934613733643062383732396264643562386433363163 -35663432656461373337643435363030393933336239623861366161346264613066653839333338 -33633261663236336366303261626134306265656137343765623539626563376337653761633631 -36616639653532376566346330616438306632393736613638613439363164336338336662616632 -38333365636130643434666634383434386331383461633761653236386630353663623836373766 -63626365306636373034386661643537313934656661373237306536376531613766633638616533 -61323538363931643238396531656436383762346130383030323162656630376530656661633134 -32323437633863323937393562383265336265333765373438353562306339663736613039343031 -30616563363137616231336538666638363431643134323866306361386339323437643737666130 -30623835646633333364646639393134383663633031633936356238653663303730353433363536 -39666132633036373635333963343935363235323861383637326637386530373238653131646437 -38623030353232626461616564623630333533613733303932303936653036663339316361303432 -64346331666535336539323463393733396462663762396232336239656638383666623032366436 -65313463366534343265333265626434616135376264353636656565613932653539646336393032 -33386631633839343564653134636538646230626263326633323663356436366232363664353936 -61393231616364383062613133373062353039613938626236656463616232386630353239613131 -31653431333239346230633731636537353662333130656364666134306461336239363938363565 -61333665373438313461663134613162393532623363623761346561313330656130316262386261 -62373333613861356133633964656332313866633165313562306636366465366462313865313735 -61333932633562383134383630393836303866383266376165616462616338366330333135643465 -37356561343861623564343961353235306338333836643565646636323465613430373062356263 -30346364323237343837643336653934653834306537396632326538653132363930646366346530 -64393963656166616239393530373532343739333466643666643835346233643566383536336463 -38343635613536366161633631393366623066613533333337626665303665323363626132613537 -66656332323936353464393933353562373430373065373965316264316335326664353637663236 -64353765643932346639626362306237353864343830636565643636653633303065353131616634 -61373631343932353265636634616665346430373666613337326264313932316433656437303037 -62616130356233643362356162663662653236643861333530363061376239343961316162313235 -36656336343565323263386266663930373639346238343566636563376431386138353030393631 -61636632646236383566333862376363626636613239343935653066653835323639323837663664 -33626333623734346363343533643931656330656533666662666362363431313561636231616237 -34633833336264396633306437313230326130353234303435396132333161343961383033303939 -35373230393061656134343832613463613465623064316135626131393738323832303462386564 -65373366326261363263666362323030643263343633306362633663613033303638623761356537 -61633664386533356463363036363039653465656633373462383337393965633536353762313539 -34633632313430333166313737336633646535616230306466623834653935336537646539616664 -39646663633162643637393964353531333831376363313661353665376134316537353434633831 -33376436663862313663316566383665383537396337626133313132373733336531643464336263 -62643031373239633939323935373961363963613161346637653434356261646662383465666134 -32373866383065613037366334303931393161343435643030636565383335626630643366653965 -31613935343431633833643932356565313937636438633566343533363736353037393064333163 -66373338323765643861383531363665636339353836613364376133356434356661656563306662 -31623637613130616361646463663431376130616266353166303030393134333934373766623936 -39623736666437303464323363333836353733363939346636646566336137303536656263653662 -63393965353062326131653838376531306634663231646365323465386263363330363237303733 -34663864356139363765623030373639376533363037626464383137343534343464623937636336 -35376636303063333636656634316330363065353364636136383637623964616237336330643437 -39356162356634316130316166373133643063323461623731653535336230303439653836653161 -62306336646231626632306161336233366636623535346565333137356561616635376437333033 -37373430613665306365626431353262633931373630383535313464306331633538646665646362 -62616566316130623834376364383665306130306539646133353238373861376562633031666661 -66633034366264326335643632363236666235353030343836666233656563633139376638643763 -63323932363634613230343932376436356434343164646263343464366531366361656666333765 -39363166343233353361373239636332626462613162326162373333643134393664313666323035 -34306139623734393039373661396463343465613462373130396263643830363334333037363637 -35633761633130383730663134613763333630356563306539323234353532353364363938626331 -31376234653930666631303564643065633030613266393064346163376534343963306537306336 -36303033313766346462653131333735633338623064323964333961366164356134346636363365 -33653265643663393362363033323632633862623934613638616161353039303433323830343233 -63343733313765373562666164333538613963363963383431616632643636663763636362663034 -61363762653233343362663732653762333761646265383932373036323566633534386661623936 -63383336653562336466323063373037646566653332366639623835653165386632303065653735 -62636634643764386365306163633661356130653032663333396166363039623033646139346537 -38333561313934323962366262316162343165363364356664663330636631363965383730636637 -61383766353762316230653837643564643161613161633561366563343365316337343633356339 -32323839663731616261353764383364396661323230303539313035656437623964383138376264 -61636534353639373665656131323835353832343666646263303461613764303633636339373366 -37306266306163313065313164393930386338343635393865613562386461613763303937396335 -61353361353738353033326561326465623833316538336538336333633564653761653036323561 -36616637343465323062326564646133353530633064303539313739303134353736396633616332 -38383735376464383934393032633466633036393464346561626631363534396537373962373764 -36343761386365323337613030323330396130396163633835613063313261343066306262656661 -38306333353363633238623737646332646464306238383637666236326635346131653331636364 -34643039633163396137653564643134633039356465346562323262623063316661353638336233 -65366265366438386633333362326435643161346664663736326437623530303135373132313364 -39396561383064666436623265356632366539303863333531333266336464313637303337323663 -61636138626162313465393161346265393465363164353861643830333963303261363231396433 -35366137626638303035626230633565663931656165613165343537346561326531303766616266 -66393061306136623661656139386565356637326338313838653031633736376131306238646132 -62343734663233343935653964633764323432346565343838323462353435653637353565336364 -30343633303862353332373964343732666533653232633863383962626634613064 +62653338373865656231663838616362303131383034663431663139646433653762323437656463 +6665366431376666636431366365643534636438663433320a613931383431323661656339663235 +31656464373634386430663838373566306663633631663066373930353534316136383738633736 +3137646638376231360a333330313261383936353630613234373035366162643663336437383966 +63616635633938346635313861333339303534626164613333376462393561656635613733313833 +66386639646634376132376338636565303333616532373932386230653566353838633337313463 +64363265303736383566373033653763366630613431373165653539326231316530386366643762 +38656161376363653165386166623331396239393238323362316334393933383737353565313937 +65656564643030356265346533613961636230316333613539303462336334366139343366323461 +61666563346464323066316536363339653135633537323165663633643664636333643235336430 +37303863376536396566313339626365376130633635623838363338383964613639383466353139 +62393837323239306230363661396533656333303163656561626538643061653565323635323530 +39303664613539643734373330613136343336393266613033353432666636373466333330316234 +39333032303835373563373939313733613262366161373630366534316431303430636336343934 +31653366666461666337633265653236383630656164623761333031643939616561303330336261 +36396361653839353230383165393162386563373231336437383664656230373832646364383461 +32313938643738366336373061386133356637306435636633343533653838386332616130333436 +62333330366431363161303131353861383336383139373034326363653134633265633030346433 +62346666633836323135663735363133626265616432653665333564363662333734646530333838 +32356663653839336561633564333261663262633835623563653961303461623938386131623335 +33633235623132653338623131336564363232633339633732313835343135373666643466313130 +30353736336333303361646362363163396633663737386334303538616161383337336637336664 +32653930383831363531353137316435643363303330333435346364336235633536633831663466 +37306462643335303335663837363964306530336365643738376565373035376638626338613636 +65376462633931623063663538383133323264316465336261353961323665386464656165323462 +64303032373635316263636235383863356532363239376663323361393331623830393764336132 +61306564383039383931396364353461663539383636373830383539663161396632383631353665 +36363437326538656438663734633539353066333833386434343931613935356662363266623434 +30613766363161643733356463323535383434313436643132363363356532306638333635653063 +30633633366235323363363562316461656236623062396138656262326566363233623564653265 +66383534313538353165303739363835363837353065396433363739386135306364653738306638 +32613462393561643037633431363438643833346539386435373166646232333830373964373535 +63636230373263336534613134303634636131623362316462393161636264346131343465623233 +39303736373231666165643762663335623939376634373939373437663865653865333235303739 +36353636313266343931623032333031323165666437393334333463646636363931653038313637 +62656632333838613333336631333832386531643362316635666463303734636462613763303137 +32363834336536373166666235333634623833663030666136356232643464643537323361396434 +34366362346137353035393438663766306537663939643465636563643831656535343762323232 +62626532353965356461336161376531623063616638633732363430363361646539636435623365 +32633639343635313231323937633030336164646332323631343831633936613961356438666638 +65643430646331613433313934626661326236366335393637356364636661346361653339346565 +62646664303562373033306365633565393337636539336133643564623133353033303266343231 +38306539313531653764653665376464316562333235623232306331323264333264326535343734 +36366139303730313131626133623034623132343337373033356436353564343064376636633230 +34616635633138303630373035363764313732383766313732363766316534356265376666343336 +39376339303839336237656565633362306631343066333766363137346634623462323436663438 +31653366393335343933323036633365623761353830663234613862373232616431623134666166 +32396139313834366230626635393637356562653865633431343564646264613663356666336535 +30323261383330376366363730623661626163373463363233366533316636383533366331653831 +35646138623336653230373964356437383337613535353235343864653630383938356333646365 +38636538613566353830613066306665633035663734333763336631623531336634336434356563 +63393939616561633962663532356636366561333736336638653539373366646566353035656137 +38653939646139663631396237376166663162643662623538333233626565393139393736303135 +38343738363232633938666536373734386437346164346131623736363861313665653738396463 +38383830653166336335373431353561373434373065626234396661616530323733373961623939 +62356235306561346537333963306232333731626436396332373564613532313466373932646132 +36306330336630386638343931386165653537613835646436646533343438663434653066306561 +39653432616464393038626634396535326435346165623232396434366462356530343235313935 +31306237326631336531313931663930663032663264323639366630653663303164383462363064 +64373165306235373734303763643430343434326231383939623032356335616430653863313462 +61643035646132386461393839326365353964316434386533353661333937663832313865353237 +63343537373164313963636561386665336434633037376433663739363239666634636530373430 +38373564666362653633666138366665613033363731346566373462323462333362333333643135 +31656561613030336634363133663532333366636234626630613836313937653363303836383434 +37313064313939616639626137663163383766336232383333633830623531626435623035346661 +39626235666532616366643063373636316430643437393564393535363564396239656131626430 +33323262376439363333346661356335303233373161356162336634663934323937663232626366 +63386530316139396662633539646633346638663233623639356661633732653964613939653834 +37613236363163623336326239326437666336643134643536636664313132336662353933393366 +66313661373838656331333839663164663733393736363866366338613434633836656162353232 +61306136623931626333363936306130336461303738343364653333303962616331336164366164 +34346662666137303463363334343964623936653533306436633739346163313739356265343234 +33316363373439336661656264356662653662353064363930643839643063383762373439626164 +65323536313764353638386334363461373935326239366233353639353933313335303231383833 +39666236383834623266653835393036663538633933303038643935383932303264383330663466 +37306561346638623066356630366533343962643762633463323233323963653635623564333031 +34326331336539616533356630616633363434353562383866363364666664613839326237373466 +63346237323934303866653965323361643837633834616433323061633961303238343538323131 +62666364636138303733313939303536316536353139623066366534383661356266323036316661 +36646339303463613565333261656637353231643463356133633630633035626239343230346361 +32336434303530313661373464353961363731613862346639643138343737343962653237383835 +65326662633835643264336437343666353330666262326132386136633230363433626435653337 +33613535626637303565636566363264613836646663373432643466666566663534626130393335 +30666531393336613035336666306334313730633466643264656337666539333362383663616263 +62333235613534366130346365336535363337333139366562313337623535383461366265383239 +35656463633261306239633233333664396465613162356164336131656430373062356131323065 +65636566626163656534396639306539303830376163633261616439316232373437636564636462 +38653633383962623135653839316232333066366461313434653630303633633236623931663233 +30653531643863326435373237366533336165366637333636666636353764396638313735346462 +38633132303664666161393161626439666230376536303530623032356561373663633235386335 +30646164613135373331383461313039313837373831653264643635376232646361336635396231 +32646538336236363937336639333137663135633038613133363538393864653831313132663965 +66383631323761376537643662313237336262616363343231343138613762316564363962356437 +30336431373364356231653332613836353731303366383338386462663033633639363862353838 +64633264376330336165373363313063346234376164373263366261643534386139396362613039 +35306534643135643437626566633864623631363133666362656334623463306163313938643564 +36383965613037313739646439396138393636373261653466653866313165313934303633653430 +31303064363161636330343866346239396639646137623764306433313538656331663137373966 +36323832643731313966393331333437313163373434373833383937396261306331353330326261 +66616161363662383535623362303165363466303265613231336237626462383233373037356230 +63373031653139326364636166323566626639383265353834633932643861643936613730313531 +34626233396631613031653565393839326131396239653339353366393861616363313938396666 +30616261373131303935343063333134323937313666616166623465373339346230383437356539 +37623131346461323734616438373163643334666637666434313837393162386331356639343264 +63376432353438653434313632333531353837353364343138333130613336343630326561386665 +33616532636461643838613835633364633863363730663333393466333866373132313439386535 +39373639376538373733353830366432323038633664343630373163616338663664623638626134 +39653335333462616339633834353062313662303462313761386636346262353565626531663331 +32653635643337363234366533346530386332663066393365656663336335376235396166303634 +30616366613261613034366262623661623635663265303433366366373730343265323439643434 +30623937313863356665383066303334396637353436636135346338346134343866356631393433 +63393064633731333833316230343266313361316632383436646138386130333266643933333435 +34666161643630373735656238666338613034333032306564316461616362623861626364643832 +39646538623131396165346333303061346630386264633737613065653030356164623531316566 +36366431636338616365306138333931643464336662303236643966633865393666356263636630 +33643634336164383463646434653331666233616166666234363730343234363962363931326130 +39393130656339383938376230353665346464333964653766386233626530323333623237623366 +61393263393863396237343033393033666539343136663161623861313734633739613038303539 +30613232653765616263346162326130663139633235333934316431383932653064313739633838 +61396165306330616666626237663931653137373331633566303430323435313766613963366337 +33356437343938393134656138323965653361663563373362306264383834356436383464366538 +65623538306137393262306336333561383033323731643664376130633736343662393166643865 +61616264386464626566326466336366656338626265373564643934663834393963323330633062 +64393439633530343961623935373539393461333833346162373732393966633166393939323866 +33393030373331666532333732626435646335333033343461333633656231323537633362646130 +35316139666137656238396537366133386365636139636463663135663430383339636336373565 +64316635336333666639393035393135313366353066353837613833653065303131353163396366 +33363764383434373663336632646139663666643334373733393637363361353865363934306461 +30616663653563366438386632306230626362623361306339313664386663663736663939633162 +30353434396463363266636437316261653063313962666335386630356165616133613036396635 +38626239303638663366353632366137323637336433623833386362313432323561353634363933 +64636339366632306237336262633236346333373063653362306237346562306333636634336435 +30393566376536366362316638323261316462636334356266333561326632643338383162366439 +39633862666665366661336162373136306537393832613535343663366332326666343064356139 +31633232666332656639383434373536653130616437363931643836373034656462396135393531 +30613334343462316661623663336532333635303834643738323734316436336238643132343731 +64303232363636633839326539366636613663346166643563663662616537333365316466396665 +37326265633764303465373936333130306366373531323237656136366431633439333231623961 +39303561333836363263363066303739313530623032386533366132653866623535333363663463 +65656539366461303538353632326136386331663230613235653865666564633339353337383965 +36613436323037346239613165613035666137356565383731383765626534313038326462343166 +32653462363134623731636638326466393363356664373239313263633933383138336338393135 +31633637626436323238653133366130613830333531633333313538343266636166623037333961 +36623834313733653738613136366230626630666637363231383963613862666530663465356137 +37386466306332383032626366383664366536376364393865396339316533636263653336343361 +62343361363639613063626336353333323737626636623033333731383133346537333765666161 +37313234383238353934626136343766353963376562646366623735356463626264666566383366 +38363339623631313933663563303465643532386437383731353839393461623437663130323932 +33313364336430336362613562396137643836643666333065643836653935636538353635363339 +62373131623232653530356437393233353731366435653235306534363730373166336137373737 +63353731623862323361316539396137373137393961633337313531363436303637366631656535 +39353065666132636566663165333739306465616238613432373136313432363535333363313434 +34343534323361323934626166653433623836386639313538363933373262666633316438356430 +34623634613761646339346462356365346139656263643230316264643838643431353933613563 +62363634306661376663323634393736383063643132643735353863646537356334656438646163 +64623235363938346231663636373137353532343264366130353866626531313664623565633235 +62323939386264333433663863363865613262373061666130663166383235333336336630663136 +35323236326231383933323632646662666364643430613562643339393134613634326337343932 +32336463336463333239373231393530393238343633323164316539623237306162663035393431 +33333065373464363036633831346434386336383164336365343961393039616435666533396366 +35623837633162643765643966353266336533623165633966656336613830316130333962313865 +66373262643135346565303164326462633934613362643735616235316239366432393936376438 +61666661323230363265643433623361633137663234323330373630353437656537653462303536 +32646165376661336330313939313235343335343137626566343164346432363230646366373864 +63656162643632333931373934393133316261323665343764386662346535346466 From 9eeb8ccd733fa8519906110ba180254b2c049393 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 16:08:08 +0100 Subject: [PATCH 16/78] Remove non-Ansible SSH root keys --- roles/ldap_client/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml index 8599950..94ed070 100644 --- a/roles/ldap_client/tasks/main.yml +++ b/roles/ldap_client/tasks/main.yml @@ -21,4 +21,4 @@ user: root key: "{{ ssh_pub_keys }}" state: present -# exclusive: True + exclusive: True From cdb9f88614ec09296fba451764a445fc9281e8f0 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 16:31:52 +0100 Subject: [PATCH 17/78] Do not rate limit collection of journald logs --- roles/rsyslog_common/templates/10-common.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/rsyslog_common/templates/10-common.conf.j2 b/roles/rsyslog_common/templates/10-common.conf.j2 index dcb1775..c5e6449 100644 --- a/roles/rsyslog_common/templates/10-common.conf.j2 +++ b/roles/rsyslog_common/templates/10-common.conf.j2 @@ -20,7 +20,7 @@ module(load="imuxsock") module(load="imklog") # Collect systemd-journald logs -module(load="imjournal") +module(load="imjournal" ratelimit.interval="0" ratelimit.burst="0") # Parse CEE logs module(load="mmjsonparse") From 9547868c7d8bb88ad626653eb4ef7db1403c2543 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 17:40:05 +0100 Subject: [PATCH 18/78] Send nginx logs to local syslog --- roles/nginx/tasks/main.yml | 18 ++++++++++++++++++ .../nginx/conf.d/extended_log.conf.j2 | 7 +++++++ .../nginx/sites-available/redirect.j2 | 8 ++++++++ .../nginx/sites-available/reverseproxy.j2 | 4 ++++ .../reverseproxy_redirect_dname.j2 | 4 ++++ .../templates/nginx/sites-available/service.j2 | 9 +++++++++ .../templates/nginx/snippets/syslog.conf.j2 | 4 ++++ 7 files changed, 54 insertions(+) create mode 100644 roles/nginx/templates/nginx/conf.d/extended_log.conf.j2 create mode 100644 roles/nginx/templates/nginx/snippets/syslog.conf.j2 diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 210c7f0..a8fb885 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -29,6 +29,24 @@ dest: "/etc/nginx/sites-enabled/default" state: absent +- name: Add 'extended' log format + template: + src: nginx/conf.d/extended_log.conf.j2 + dest: /etc/nginx/conf.d/extended_log.conf + owner: root + group: root + mode: 0644 + notify: Reload nginx + +- name: Add syslog snippet + template: + src: nginx/snippets/syslog.conf.j2 + dest: /etc/nginx/snippets/syslog.conf + owner: root + group: root + mode: 0644 + notify: Reload nginx + - name: Copy reverse proxy sites when: reverseproxy is defined template: diff --git a/roles/nginx/templates/nginx/conf.d/extended_log.conf.j2 b/roles/nginx/templates/nginx/conf.d/extended_log.conf.j2 new file mode 100644 index 0000000..b28809f --- /dev/null +++ b/roles/nginx/templates/nginx/conf.d/extended_log.conf.j2 @@ -0,0 +1,7 @@ +{{ ansible_managed | comment }} + +log_format extended + '$remote_addr - $http_x_forwarded_for - $connection ' + '$remote_user [$time_local] ' + '"$host" "$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; diff --git a/roles/nginx/templates/nginx/sites-available/redirect.j2 b/roles/nginx/templates/nginx/sites-available/redirect.j2 index 2543400..9e8e687 100644 --- a/roles/nginx/templates/nginx/sites-available/redirect.j2 +++ b/roles/nginx/templates/nginx/sites-available/redirect.j2 @@ -8,6 +8,8 @@ server { server_name {{ site.from }}; + include "/etc/nginx/snippets/syslog.conf"; + {% for realip in nginx.real_ip_from %} set_real_ip_from {{ realip }}; {% endfor %} @@ -25,6 +27,8 @@ server { server_name {{ site.from }}; + include "/etc/nginx/snippets/syslog.conf"; + # SSL common conf include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf"; @@ -52,6 +56,8 @@ server { server_name {{ from }}; + include "/etc/nginx/snippets/syslog.conf"; + {% for realip in nginx.real_ip_from %} set_real_ip_from {{ realip }}; {% endfor %} @@ -72,6 +78,8 @@ server { # SSL common conf include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf"; + include "/etc/nginx/snippets/syslog.conf"; + {% for realip in nginx.real_ip_from %} set_real_ip_from {{ realip }}; {% endfor %} diff --git a/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 b/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 index ae2d7a6..699d6d5 100644 --- a/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 +++ b/roles/nginx/templates/nginx/sites-available/reverseproxy.j2 @@ -15,6 +15,8 @@ server { server_name {{ site.from }}; + include "/etc/nginx/snippets/syslog.conf"; + {% for realip in nginx.real_ip_from %} set_real_ip_from {{ realip }}; {% endfor %} @@ -39,6 +41,8 @@ server { access_log /var/log/nginx/{{ site.from }}.log; error_log /var/log/nginx/{{ site.from }}_error.log; + include "/etc/nginx/snippets/syslog.conf"; + # Keep the TCP connection open a bit for faster browsing keepalive_timeout 70; diff --git a/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 b/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 index 819fd7a..f90d53b 100644 --- a/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 +++ b/roles/nginx/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 @@ -12,6 +12,8 @@ server { server_name {{ from }}; + include "/etc/nginx/snippets/syslog.conf"; + {% for realip in nginx.real_ip_from %} set_real_ip_from {{ realip }}; {% endfor %} @@ -29,6 +31,8 @@ server { server_name {{ from }}; + include "/etc/nginx/snippets/syslog.conf"; + # SSL common conf include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf"; diff --git a/roles/nginx/templates/nginx/sites-available/service.j2 b/roles/nginx/templates/nginx/sites-available/service.j2 index 39f25eb..77c3d74 100644 --- a/roles/nginx/templates/nginx/sites-available/service.j2 +++ b/roles/nginx/templates/nginx/sites-available/service.j2 @@ -19,6 +19,9 @@ upstream {{ upstream.name }} { server { listen 443 default_server ssl; listen [::]:443 default_server ssl; + + include "/etc/nginx/snippets/syslog.conf"; + include "/etc/nginx/snippets/options-ssl.{{ nginx.default_ssl_domain }}.conf"; server_name _; @@ -50,6 +53,8 @@ server { # Hide Nginx version server_tokens off; + include "/etc/nginx/snippets/syslog.conf"; + {% for realip in nginx.real_ip_from %} set_real_ip_from {{ realip }}; {% endfor %} @@ -71,6 +76,8 @@ server { server_name {{ server.server_name|join(" ") }}; charset utf-8; + include "/etc/nginx/snippets/syslog.conf"; + # Hide Nginx version server_tokens off; @@ -98,6 +105,8 @@ server { server_name {{ server.server_name|join(" ") }}; charset utf-8; + include "/etc/nginx/snippets/syslog.conf"; + # Hide Nginx version server_tokens off; diff --git a/roles/nginx/templates/nginx/snippets/syslog.conf.j2 b/roles/nginx/templates/nginx/snippets/syslog.conf.j2 new file mode 100644 index 0000000..b34867c --- /dev/null +++ b/roles/nginx/templates/nginx/snippets/syslog.conf.j2 @@ -0,0 +1,4 @@ +{{ ansible_managed | comment }} + +access_log syslog:server=unix:/dev/log,tag=nginx,nohostname,severity=info extended; +error_log syslog:server=unix:/dev/log,tag=nginx,nohostname,severity=error; From acd5721a5b006e0ac41379b7fe79271a03d6cb7c Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 17:42:34 +0100 Subject: [PATCH 19/78] Fix typos in rotate-remote-logs.service.j2 --- .../templates/rotate-remote-logs.service.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 b/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 index 3b915e7..4d8733e 100644 --- a/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 +++ b/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 @@ -5,8 +5,8 @@ Description=Rotate remote logs [Service] User=root -Type=OneShot +Type=oneshot ExecStart={{ rsyslog_collector_rotate_path }} \ - --base-dir {{ rsyslog_collector_keep_days }} \ + --base-dir {{ rsyslog_collector_base_dir }} \ --compress-days {{ rsyslog_collector_compress_days }} \ - --keep-days {{ rsyslog_collector_base_dir }} + --keep-days {{ rsyslog_collector_keep_days }} From 8f815a30c597f5b4da84dd0e90214a7279f6c762 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 17:47:12 +0100 Subject: [PATCH 20/78] Remove useless date (already added by journald) --- roles/rsyslog_collector/files/rotate | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/rsyslog_collector/files/rotate b/roles/rsyslog_collector/files/rotate index 8738fef..6dc23e0 100644 --- a/roles/rsyslog_collector/files/rotate +++ b/roles/rsyslog_collector/files/rotate @@ -43,9 +43,7 @@ def main(): args = parser.parse_args() - logging.basicConfig( - format="[%(asctime)s] %(levelname)s %(message)s", level=logging.INFO - ) + logging.basicConfig(format="%(levelname)s %(message)s", level=logging.INFO) logging.info("Rotate script started") From b13b22da054da89c943f3f2543ece8d468cea3c6 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 19:39:11 +0100 Subject: [PATCH 21/78] Add ignored destinations for firewall logs --- roles/router/templates/firewall_config.py | 5 +++++ roles/router/templates/firewall_config_aurore.py | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/roles/router/templates/firewall_config.py b/roles/router/templates/firewall_config.py index 9971765..07e25e0 100644 --- a/roles/router/templates/firewall_config.py +++ b/roles/router/templates/firewall_config.py @@ -36,6 +36,11 @@ interfaces_type = { 'admin' : ['ens18'] } +log_ignore_v4 = [ + '224.0.0.0/24', + '224.0.1.0/24', + '239.0.0.0/8', +] ### Specify nat settings: name, interfaces with range, and global range for nat ### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST diff --git a/roles/router/templates/firewall_config_aurore.py b/roles/router/templates/firewall_config_aurore.py index 9565e3b..91a4808 100644 --- a/roles/router/templates/firewall_config_aurore.py +++ b/roles/router/templates/firewall_config_aurore.py @@ -33,6 +33,12 @@ interfaces_type = { 'admin' : ['ens19', 'ens20', 'ens23'] } +log_ignore_v4 = [ + '224.0.0.0/24', + '224.0.1.0/24', + '239.0.0.0/8', +] + ### Specify nat settings: name, interfaces with range, and global range for nat ### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST ### contain /16 range From 0f55b90de9a8921785bf50eeaaf74d9aa030de64 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 20:04:02 +0100 Subject: [PATCH 22/78] Remove 10.129.0.1 gateway on routeur-aurore-* --- roles/router/templates/interfaces-aurore | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/router/templates/interfaces-aurore b/roles/router/templates/interfaces-aurore index 401e5aa..7a5ef1d 100644 --- a/roles/router/templates/interfaces-aurore +++ b/roles/router/templates/interfaces-aurore @@ -11,7 +11,6 @@ iface lo inet loopback auto ens18 iface ens18 inet static address 10.129.0.{{ router_hard_ip_suffix }}/16 - gateway 10.129.0.1 iface ens18 inet6 static address 2a09:6840:129::0:{{ router_hard_ip_suffix }}/64 From 1f6bfeee2312a65e3ccbe74f566cc53b636e5f1d Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 20:04:38 +0100 Subject: [PATCH 23/78] Fix broadcast address on routeur-aurore --- roles/router/templates/keepalived-aurore.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/router/templates/keepalived-aurore.conf b/roles/router/templates/keepalived-aurore.conf index cd22a5b..b8882fd 100644 --- a/roles/router/templates/keepalived-aurore.conf +++ b/roles/router/templates/keepalived-aurore.conf @@ -39,7 +39,7 @@ vrrp_instance VI_ROUT_aurore_IPv4 { 10.129.0.254/16 brd 10.129.255.255 dev ens18 scope global # Adm - 10.128.0.254/16 brd 10.129.255.255 dev ens19 scope global + 10.128.0.254/16 brd 10.128.255.255 dev ens19 scope global # Switches 10.130.0.254/16 brd 10.130.255.255 dev ens20 scope global From ee041b9eadb379e4d3deb7706046c62763a2abb8 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Tue, 2 Mar 2021 00:14:25 +0100 Subject: [PATCH 24/78] Use 'simple' instead of 'oneshot' (rotate service) --- roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 b/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 index 4d8733e..0e75a2b 100644 --- a/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 +++ b/roles/rsyslog_collector/templates/rotate-remote-logs.service.j2 @@ -5,7 +5,7 @@ Description=Rotate remote logs [Service] User=root -Type=oneshot +Type=simple ExecStart={{ rsyslog_collector_rotate_path }} \ --base-dir {{ rsyslog_collector_base_dir }} \ --compress-days {{ rsyslog_collector_compress_days }} \ From 529550f59432165d9ad4e1d8d4f9b9cc7917f4f0 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Tue, 2 Mar 2021 00:46:16 +0100 Subject: [PATCH 25/78] Don't use 'imjournal' ('imuxsock' is already used) I still don't understand why it increased the size of the firewall logs by a factor of 5 to 10, but we don't really need structured logs from systemd-journald and the author seems to discourage it's use, so I will not investigate further. --- roles/rsyslog_common/templates/10-common.conf.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/rsyslog_common/templates/10-common.conf.j2 b/roles/rsyslog_common/templates/10-common.conf.j2 index c5e6449..ffc48de 100644 --- a/roles/rsyslog_common/templates/10-common.conf.j2 +++ b/roles/rsyslog_common/templates/10-common.conf.j2 @@ -19,9 +19,6 @@ module(load="imuxsock") # Collect kernel logs module(load="imklog") -# Collect systemd-journald logs -module(load="imjournal" ratelimit.interval="0" ratelimit.burst="0") - # Parse CEE logs module(load="mmjsonparse") From 5d319cf167b7cf1fc1f3627496b793eb44207f3b Mon Sep 17 00:00:00 2001 From: Jeltz Date: Tue, 2 Mar 2021 00:52:38 +0100 Subject: [PATCH 26/78] Define rsyslog_{inputs,outputs} for all hosts --- group_vars/all/vars.yml | 6 ++++++ host_vars/log.adm.auro.re.yml | 1 + 2 files changed, 7 insertions(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 599e834..9a85175 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -89,3 +89,9 @@ apartment_block_dhcp: "{{ apartment_block }}" ipv6_base_prefix: "2a09:6840" is_aurore_host: "{{ 'aurore_vm' in group_names }}" + +rsyslog_outputs: + - proto: relp + address: 10.128.0.241 + port: 20514 +... diff --git a/host_vars/log.adm.auro.re.yml b/host_vars/log.adm.auro.re.yml index 24ae171..1c2ba97 100644 --- a/host_vars/log.adm.auro.re.yml +++ b/host_vars/log.adm.auro.re.yml @@ -5,4 +5,5 @@ rsyslog_inputs: port: 20514 - proto: udp port: 514 +rsyslog_outputs: [] ... From 77a5fdac6fd78429223ebd6a9146ef93f8362d20 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Tue, 2 Mar 2021 00:54:59 +0100 Subject: [PATCH 27/78] Remove some duplicate logs from syslog.log --- roles/rsyslog_common/templates/10-common.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/rsyslog_common/templates/10-common.conf.j2 b/roles/rsyslog_common/templates/10-common.conf.j2 index ffc48de..36cd4dc 100644 --- a/roles/rsyslog_common/templates/10-common.conf.j2 +++ b/roles/rsyslog_common/templates/10-common.conf.j2 @@ -63,8 +63,8 @@ ruleset(name="sendLogsToDisk") { auth,authpriv.* action(type="omfile" file="/var/log/auth.log") mail.* action(type="omfile" file="/var/log/mail.log" sync="off") kern.* action(type="omfile" file="/var/log/kern.log") - *.*;auth,authpriv.none action(type="omfile" file="/var/log/syslog.log" - sync="off") + *.*;auth,authpriv,mail,kern.none action(type="omfile" + file="/var/log/syslog.log" sync="off") } # Send logs to remote collector(s) From 6525508401c9892226ab95d5ffc9b6c964ea623a Mon Sep 17 00:00:00 2001 From: Jeltz Date: Tue, 2 Mar 2021 01:24:53 +0100 Subject: [PATCH 28/78] Forward journald logs to rsyslog --- roles/rsyslog_common/templates/forward-syslog.conf.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/rsyslog_common/templates/forward-syslog.conf.j2 b/roles/rsyslog_common/templates/forward-syslog.conf.j2 index 7f81095..c332de6 100644 --- a/roles/rsyslog_common/templates/forward-syslog.conf.j2 +++ b/roles/rsyslog_common/templates/forward-syslog.conf.j2 @@ -1,6 +1,5 @@ {{ ansible_managed | comment }} [Journal] -# journald logs are already retrieved by rsyslog using imjournal -ForwardToSyslog=no +ForwardToSyslog=yes MaxLevelSyslog=debug From 7e92fdfab7079993b0c2db41cfee60a0c5926998 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 04:30:32 +0100 Subject: [PATCH 29/78] Create an 'update_motd' role --- roles/update_motd/handlers/main.yml | 10 ++++++ roles/update_motd/tasks/main.yml | 44 +++++++++++++++++++++++++ roles/update_motd/templates/00-logo | 39 ++++++++++++++++++++++ roles/update_motd/templates/10-messages | 4 +++ roles/update_motd/templates/20-uname | 4 +++ 5 files changed, 101 insertions(+) create mode 100644 roles/update_motd/handlers/main.yml create mode 100644 roles/update_motd/tasks/main.yml create mode 100644 roles/update_motd/templates/00-logo create mode 100644 roles/update_motd/templates/10-messages create mode 100644 roles/update_motd/templates/20-uname diff --git a/roles/update_motd/handlers/main.yml b/roles/update_motd/handlers/main.yml new file mode 100644 index 0000000..41dcc84 --- /dev/null +++ b/roles/update_motd/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: Remove cached motd + become: true + file: + path: "{{ item }}" + state: absent + loop: + - /var/run/motd.dynamic + - /var/run/motd.dynamic.new +... diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml new file mode 100644 index 0000000..ce90dfa --- /dev/null +++ b/roles/update_motd/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- name: Customize motd + become: true + template: + src: "{{ item }}" + dest: "/etc/update-motd.d/{{ item }}" + mode: u=rwx,g=rx,o=rx + owner: root + group: root + loop: + - 00-logo + - 10-messages + - 20-uname + notify: Remove cached motd + +- name: Remove Debian warranty motd + become: true + file: + path: /etc/motd + state: absent + notify: Remove cached motd + +- name: Ensure motd-messages exists + become: true + file: + path: /etc/motd-messages + state: directory + mode: u=rwx,g=rx,o=rx + owner: root + group: root + notify: Remove cached motd + +- name: Install additionnal motd messages + become: true + copy: + content: "✨ {{ item.message }}\n" + dest: "/etc/motd-messages/{{ item.key }}" + mode: u=rwx,g=rx,o=rx + owner: root + group: root + loop: "{{ motd_messages }}" + notify: Remove cached motd + when: motd_messages is defined +... diff --git a/roles/update_motd/templates/00-logo b/roles/update_motd/templates/00-logo new file mode 100644 index 0000000..4456160 --- /dev/null +++ b/roles/update_motd/templates/00-logo @@ -0,0 +1,39 @@ +#!/bin/sh +{{ ansible_managed | comment }} + +# Pretty uptime +upSeconds="$(/usr/bin/cut -d. -f1 /proc/uptime)" +mins="$((upSeconds / 60 % 60))" +hours="$((upSeconds / 3600 % 24))" +days="$((upSeconds / 86400))" +UPTIME="$(printf "%d jours, %02dh%02dm" "$days" "$hours" "$mins")" + +# RAM +RAM="$(free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2}')" +DISK="$(df -h | awk '$NF=="/"{printf "%d/%dGB (%s)\n", $3,$2,$5}')" + +# Text font +bold="$(tput bold)" +normal="$(tput sgr0)" + +# Logo +cat < Date: Sat, 6 Mar 2021 04:31:20 +0100 Subject: [PATCH 30/78] Use 'update_motd' in 'baseconfig' --- roles/baseconfig/files/update-motd.d/00-logo | 39 ------------------- roles/baseconfig/files/update-motd.d/10-uname | 3 -- roles/baseconfig/tasks/main.yml | 11 +----- 3 files changed, 2 insertions(+), 51 deletions(-) delete mode 100755 roles/baseconfig/files/update-motd.d/00-logo delete mode 100755 roles/baseconfig/files/update-motd.d/10-uname diff --git a/roles/baseconfig/files/update-motd.d/00-logo b/roles/baseconfig/files/update-motd.d/00-logo deleted file mode 100755 index 025257f..0000000 --- a/roles/baseconfig/files/update-motd.d/00-logo +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -# {{ ansible_managed }} - -# Pretty uptime -upSeconds="$(/usr/bin/cut -d. -f1 /proc/uptime)" -mins=$((${upSeconds}/60%60)) -hours=$((${upSeconds}/3600%24)) -days=$((${upSeconds}/86400)) -UPTIME=`printf "%d jours, %02dh%02dm" "$days" "$hours" "$mins"` - -# RAM -RAM=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2 }'` -DISK=`df -h | awk '$NF=="/"{printf "%d/%dGB (%s)\n", $3,$2,$5}'` - -# Text font -bold=$(tput bold) -normal=$(tput sgr0) - -# Logo -cat << EOF - -      ${bold}Uptime${normal} : ${UPTIME} -    ${bold}Mémoire${normal} : ${RAM} -        ${bold}Disque racine${normal} : ${DISK} -        -           -            -           -           -        -        -          -          -          -            -         -   ${bold}Aurore${normal}     - -EOF diff --git a/roles/baseconfig/files/update-motd.d/10-uname b/roles/baseconfig/files/update-motd.d/10-uname deleted file mode 100755 index 4586095..0000000 --- a/roles/baseconfig/files/update-motd.d/10-uname +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -# {{ ansible_managed }} -uname -snrvm diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index 0c13978..04492c3 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -32,15 +32,8 @@ retries: 3 until: apt_result is succeeded -# Pimp my server -- name: Customize motd - copy: - src: "update-motd.d/{{ item }}" - dest: "/etc/update-motd.d/{{ item }}" - mode: 0755 - loop: - - 00-logo - - 10-uname +- include_role: + name: update_motd - name: Remove Debian warranty motd file: From 1d0200a1f050e6068cd1cdd55f9ab0bb366890f3 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 04:32:06 +0100 Subject: [PATCH 31/78] Use 'update_motd' in 'prometheus' --- roles/prometheus/tasks/main.yml | 13 ++++++++----- .../templates/update-motd.d/05-service.j2 | 4 ---- 2 files changed, 8 insertions(+), 9 deletions(-) delete mode 100755 roles/prometheus/templates/update-motd.d/05-service.j2 diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index a820190..a3d2063 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -84,8 +84,11 @@ enabled: true state: started -- name: Indicate role in motd - template: - src: update-motd.d/05-service.j2 - dest: /etc/update-motd.d/05-prometheus - mode: 0755 +- include_role: + name: update_motd + vars: + motd_messages: + - key: 05-prometheus + message: >- + Prometheus est déployé sur cette machine (voir /etc/prometheus) +... diff --git a/roles/prometheus/templates/update-motd.d/05-service.j2 b/roles/prometheus/templates/update-motd.d/05-service.j2 deleted file mode 100755 index f027dc4..0000000 --- a/roles/prometheus/templates/update-motd.d/05-service.j2 +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -# {{ ansible_managed }} -echo "> prometheus a été déployé sur cette machine." -echo " Voir /etc/prometheus/" From 2353589da6e79906692159cc313ad73c1ddca1f1 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 04:42:21 +0100 Subject: [PATCH 32/78] Ensures /etc/update-motd.d exists --- roles/update_motd/tasks/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml index ce90dfa..edfda74 100644 --- a/roles/update_motd/tasks/main.yml +++ b/roles/update_motd/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: Ensure update-motd.d exists + become: true + file: + path: /etc/update-motd.d + state: directory + mode: u=rwx,g=rx,o=rx + owner: root + group: root + - name: Customize motd become: true template: From bc2701d8ba957b1a29d8a87a80cb1c86b2f60c5f Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 04:43:09 +0100 Subject: [PATCH 33/78] Use 'update_motd' in 'prometheus_federate' --- .../prometheus_federate/templates/update-motd.d/05-service.j2 | 4 ---- 1 file changed, 4 deletions(-) delete mode 100755 roles/prometheus_federate/templates/update-motd.d/05-service.j2 diff --git a/roles/prometheus_federate/templates/update-motd.d/05-service.j2 b/roles/prometheus_federate/templates/update-motd.d/05-service.j2 deleted file mode 100755 index f027dc4..0000000 --- a/roles/prometheus_federate/templates/update-motd.d/05-service.j2 +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -# {{ ansible_managed }} -echo "> prometheus a été déployé sur cette machine." -echo " Voir /etc/prometheus/" From 71ee06c9c086758d4d514e9658990c15f1a9c002 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 04:45:00 +0100 Subject: [PATCH 34/78] Fix typo --- roles/update_motd/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml index edfda74..f4a125d 100644 --- a/roles/update_motd/tasks/main.yml +++ b/roles/update_motd/tasks/main.yml @@ -39,7 +39,7 @@ group: root notify: Remove cached motd -- name: Install additionnal motd messages +- name: Install additional motd messages become: true copy: content: "✨ {{ item.message }}\n" From 929baa300f2888fc0daa594b54838c2a9d234b5c Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 6 Mar 2021 04:48:39 +0100 Subject: [PATCH 35/78] Use 'update_motd' in 'prometheus_federate' (again) --- roles/prometheus_federate/tasks/main.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/prometheus_federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml index f168f1f..73ae803 100644 --- a/roles/prometheus_federate/tasks/main.yml +++ b/roles/prometheus_federate/tasks/main.yml @@ -38,9 +38,12 @@ enabled: true state: started -- name: Indicate role in motd - template: - src: update-motd.d/05-service.j2 - dest: /etc/update-motd.d/05-prometheus - mode: 0755 +- include_role: + name: update_motd + vars: + motd_messages: + - key: 05-prometheus-federate + message: >- + Prometheus (en configuration fédération) est déployé sur cette + machine (voir /etc/prometheus) ... From 2e912fc47ae72ac73585d43df9d8aced93c4d608 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 7 Mar 2021 21:22:51 +0100 Subject: [PATCH 36/78] Add recovery SSH keys for ynerant and otthorn --- group_vars/all/vault.yml | 342 ++++++++++++++++++++------------------- 1 file changed, 177 insertions(+), 165 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 3db555c..2191326 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,166 +1,178 @@ $ANSIBLE_VAULT;1.1;AES256 -62653338373865656231663838616362303131383034663431663139646433653762323437656463 -6665366431376666636431366365643534636438663433320a613931383431323661656339663235 -31656464373634386430663838373566306663633631663066373930353534316136383738633736 -3137646638376231360a333330313261383936353630613234373035366162643663336437383966 -63616635633938346635313861333339303534626164613333376462393561656635613733313833 -66386639646634376132376338636565303333616532373932386230653566353838633337313463 -64363265303736383566373033653763366630613431373165653539326231316530386366643762 -38656161376363653165386166623331396239393238323362316334393933383737353565313937 -65656564643030356265346533613961636230316333613539303462336334366139343366323461 -61666563346464323066316536363339653135633537323165663633643664636333643235336430 -37303863376536396566313339626365376130633635623838363338383964613639383466353139 -62393837323239306230363661396533656333303163656561626538643061653565323635323530 -39303664613539643734373330613136343336393266613033353432666636373466333330316234 -39333032303835373563373939313733613262366161373630366534316431303430636336343934 -31653366666461666337633265653236383630656164623761333031643939616561303330336261 -36396361653839353230383165393162386563373231336437383664656230373832646364383461 -32313938643738366336373061386133356637306435636633343533653838386332616130333436 -62333330366431363161303131353861383336383139373034326363653134633265633030346433 -62346666633836323135663735363133626265616432653665333564363662333734646530333838 -32356663653839336561633564333261663262633835623563653961303461623938386131623335 -33633235623132653338623131336564363232633339633732313835343135373666643466313130 -30353736336333303361646362363163396633663737386334303538616161383337336637336664 -32653930383831363531353137316435643363303330333435346364336235633536633831663466 -37306462643335303335663837363964306530336365643738376565373035376638626338613636 -65376462633931623063663538383133323264316465336261353961323665386464656165323462 -64303032373635316263636235383863356532363239376663323361393331623830393764336132 -61306564383039383931396364353461663539383636373830383539663161396632383631353665 -36363437326538656438663734633539353066333833386434343931613935356662363266623434 -30613766363161643733356463323535383434313436643132363363356532306638333635653063 -30633633366235323363363562316461656236623062396138656262326566363233623564653265 -66383534313538353165303739363835363837353065396433363739386135306364653738306638 -32613462393561643037633431363438643833346539386435373166646232333830373964373535 -63636230373263336534613134303634636131623362316462393161636264346131343465623233 -39303736373231666165643762663335623939376634373939373437663865653865333235303739 -36353636313266343931623032333031323165666437393334333463646636363931653038313637 -62656632333838613333336631333832386531643362316635666463303734636462613763303137 -32363834336536373166666235333634623833663030666136356232643464643537323361396434 -34366362346137353035393438663766306537663939643465636563643831656535343762323232 -62626532353965356461336161376531623063616638633732363430363361646539636435623365 -32633639343635313231323937633030336164646332323631343831633936613961356438666638 -65643430646331613433313934626661326236366335393637356364636661346361653339346565 -62646664303562373033306365633565393337636539336133643564623133353033303266343231 -38306539313531653764653665376464316562333235623232306331323264333264326535343734 -36366139303730313131626133623034623132343337373033356436353564343064376636633230 -34616635633138303630373035363764313732383766313732363766316534356265376666343336 -39376339303839336237656565633362306631343066333766363137346634623462323436663438 -31653366393335343933323036633365623761353830663234613862373232616431623134666166 -32396139313834366230626635393637356562653865633431343564646264613663356666336535 -30323261383330376366363730623661626163373463363233366533316636383533366331653831 -35646138623336653230373964356437383337613535353235343864653630383938356333646365 -38636538613566353830613066306665633035663734333763336631623531336634336434356563 -63393939616561633962663532356636366561333736336638653539373366646566353035656137 -38653939646139663631396237376166663162643662623538333233626565393139393736303135 -38343738363232633938666536373734386437346164346131623736363861313665653738396463 -38383830653166336335373431353561373434373065626234396661616530323733373961623939 -62356235306561346537333963306232333731626436396332373564613532313466373932646132 -36306330336630386638343931386165653537613835646436646533343438663434653066306561 -39653432616464393038626634396535326435346165623232396434366462356530343235313935 -31306237326631336531313931663930663032663264323639366630653663303164383462363064 -64373165306235373734303763643430343434326231383939623032356335616430653863313462 -61643035646132386461393839326365353964316434386533353661333937663832313865353237 -63343537373164313963636561386665336434633037376433663739363239666634636530373430 -38373564666362653633666138366665613033363731346566373462323462333362333333643135 -31656561613030336634363133663532333366636234626630613836313937653363303836383434 -37313064313939616639626137663163383766336232383333633830623531626435623035346661 -39626235666532616366643063373636316430643437393564393535363564396239656131626430 -33323262376439363333346661356335303233373161356162336634663934323937663232626366 -63386530316139396662633539646633346638663233623639356661633732653964613939653834 -37613236363163623336326239326437666336643134643536636664313132336662353933393366 -66313661373838656331333839663164663733393736363866366338613434633836656162353232 -61306136623931626333363936306130336461303738343364653333303962616331336164366164 -34346662666137303463363334343964623936653533306436633739346163313739356265343234 -33316363373439336661656264356662653662353064363930643839643063383762373439626164 -65323536313764353638386334363461373935326239366233353639353933313335303231383833 -39666236383834623266653835393036663538633933303038643935383932303264383330663466 -37306561346638623066356630366533343962643762633463323233323963653635623564333031 -34326331336539616533356630616633363434353562383866363364666664613839326237373466 -63346237323934303866653965323361643837633834616433323061633961303238343538323131 -62666364636138303733313939303536316536353139623066366534383661356266323036316661 -36646339303463613565333261656637353231643463356133633630633035626239343230346361 -32336434303530313661373464353961363731613862346639643138343737343962653237383835 -65326662633835643264336437343666353330666262326132386136633230363433626435653337 -33613535626637303565636566363264613836646663373432643466666566663534626130393335 -30666531393336613035336666306334313730633466643264656337666539333362383663616263 -62333235613534366130346365336535363337333139366562313337623535383461366265383239 -35656463633261306239633233333664396465613162356164336131656430373062356131323065 -65636566626163656534396639306539303830376163633261616439316232373437636564636462 -38653633383962623135653839316232333066366461313434653630303633633236623931663233 -30653531643863326435373237366533336165366637333636666636353764396638313735346462 -38633132303664666161393161626439666230376536303530623032356561373663633235386335 -30646164613135373331383461313039313837373831653264643635376232646361336635396231 -32646538336236363937336639333137663135633038613133363538393864653831313132663965 -66383631323761376537643662313237336262616363343231343138613762316564363962356437 -30336431373364356231653332613836353731303366383338386462663033633639363862353838 -64633264376330336165373363313063346234376164373263366261643534386139396362613039 -35306534643135643437626566633864623631363133666362656334623463306163313938643564 -36383965613037313739646439396138393636373261653466653866313165313934303633653430 -31303064363161636330343866346239396639646137623764306433313538656331663137373966 -36323832643731313966393331333437313163373434373833383937396261306331353330326261 -66616161363662383535623362303165363466303265613231336237626462383233373037356230 -63373031653139326364636166323566626639383265353834633932643861643936613730313531 -34626233396631613031653565393839326131396239653339353366393861616363313938396666 -30616261373131303935343063333134323937313666616166623465373339346230383437356539 -37623131346461323734616438373163643334666637666434313837393162386331356639343264 -63376432353438653434313632333531353837353364343138333130613336343630326561386665 -33616532636461643838613835633364633863363730663333393466333866373132313439386535 -39373639376538373733353830366432323038633664343630373163616338663664623638626134 -39653335333462616339633834353062313662303462313761386636346262353565626531663331 -32653635643337363234366533346530386332663066393365656663336335376235396166303634 -30616366613261613034366262623661623635663265303433366366373730343265323439643434 -30623937313863356665383066303334396637353436636135346338346134343866356631393433 -63393064633731333833316230343266313361316632383436646138386130333266643933333435 -34666161643630373735656238666338613034333032306564316461616362623861626364643832 -39646538623131396165346333303061346630386264633737613065653030356164623531316566 -36366431636338616365306138333931643464336662303236643966633865393666356263636630 -33643634336164383463646434653331666233616166666234363730343234363962363931326130 -39393130656339383938376230353665346464333964653766386233626530323333623237623366 -61393263393863396237343033393033666539343136663161623861313734633739613038303539 -30613232653765616263346162326130663139633235333934316431383932653064313739633838 -61396165306330616666626237663931653137373331633566303430323435313766613963366337 -33356437343938393134656138323965653361663563373362306264383834356436383464366538 -65623538306137393262306336333561383033323731643664376130633736343662393166643865 -61616264386464626566326466336366656338626265373564643934663834393963323330633062 -64393439633530343961623935373539393461333833346162373732393966633166393939323866 -33393030373331666532333732626435646335333033343461333633656231323537633362646130 -35316139666137656238396537366133386365636139636463663135663430383339636336373565 -64316635336333666639393035393135313366353066353837613833653065303131353163396366 -33363764383434373663336632646139663666643334373733393637363361353865363934306461 -30616663653563366438386632306230626362623361306339313664386663663736663939633162 -30353434396463363266636437316261653063313962666335386630356165616133613036396635 -38626239303638663366353632366137323637336433623833386362313432323561353634363933 -64636339366632306237336262633236346333373063653362306237346562306333636634336435 -30393566376536366362316638323261316462636334356266333561326632643338383162366439 -39633862666665366661336162373136306537393832613535343663366332326666343064356139 -31633232666332656639383434373536653130616437363931643836373034656462396135393531 -30613334343462316661623663336532333635303834643738323734316436336238643132343731 -64303232363636633839326539366636613663346166643563663662616537333365316466396665 -37326265633764303465373936333130306366373531323237656136366431633439333231623961 -39303561333836363263363066303739313530623032386533366132653866623535333363663463 -65656539366461303538353632326136386331663230613235653865666564633339353337383965 -36613436323037346239613165613035666137356565383731383765626534313038326462343166 -32653462363134623731636638326466393363356664373239313263633933383138336338393135 -31633637626436323238653133366130613830333531633333313538343266636166623037333961 -36623834313733653738613136366230626630666637363231383963613862666530663465356137 -37386466306332383032626366383664366536376364393865396339316533636263653336343361 -62343361363639613063626336353333323737626636623033333731383133346537333765666161 -37313234383238353934626136343766353963376562646366623735356463626264666566383366 -38363339623631313933663563303465643532386437383731353839393461623437663130323932 -33313364336430336362613562396137643836643666333065643836653935636538353635363339 -62373131623232653530356437393233353731366435653235306534363730373166336137373737 -63353731623862323361316539396137373137393961633337313531363436303637366631656535 -39353065666132636566663165333739306465616238613432373136313432363535333363313434 -34343534323361323934626166653433623836386639313538363933373262666633316438356430 -34623634613761646339346462356365346139656263643230316264643838643431353933613563 -62363634306661376663323634393736383063643132643735353863646537356334656438646163 -64623235363938346231663636373137353532343264366130353866626531313664623565633235 -62323939386264333433663863363865613262373061666130663166383235333336336630663136 -35323236326231383933323632646662666364643430613562643339393134613634326337343932 -32336463336463333239373231393530393238343633323164316539623237306162663035393431 -33333065373464363036633831346434386336383164336365343961393039616435666533396366 -35623837633162643765643966353266336533623165633966656336613830316130333962313865 -66373262643135346565303164326462633934613362643735616235316239366432393936376438 -61666661323230363265643433623361633137663234323330373630353437656537653462303536 -32646165376661336330313939313235343335343137626566343164346432363230646366373864 -63656162643632333931373934393133316261323665343764386662346535346466 +37623034653164356337646538613665336362663764363537393937666637663864636365303266 +6636363032363834633231633262306633663064616537610a643361343233303438343266363633 +62646234633831656537616162303162653430373137633831316366363931306332373161303165 +3938323535386163660a396465653966313230613037653364646633346633353561313539383536 +61663061343130363363356163626264613636383364346534323331666632643235343231316166 +37313039633230376265313264383331613933303239623664646338396632363430336131646364 +38663736373732666466356162386338316366623061316362393266633831356661333137653361 +62626361653862633234336330623738373436363365643866323131653763636637336131343639 +62383061373138316535346239323465306632353334663633383361313365303466643333303430 +62313534623839303236613564663863653132623163376432303633333038386161346530363534 +63653135396262633230376464383530326634646466376534333633336363323462363234613834 +35313936343862613166616433366664356334626539616562353639363936613431636263316238 +33373334316539653130303563363130326564306538383565653065333034636436326362633735 +64626335333465396536373838626266613365613234643038383138653038313033316331326662 +66316536363562343330613437303434633134643162613365613966643562393731613065373937 +34353639646539396536303864373832313637316430323534613835313632653733316337383738 +30373737353039393831393334363738656364663266393330383039346634373537613335363138 +36303963663138393866326433376231323261616338643666323930393932663237313731313833 +32363132393234393165393363396163643961363635663030393235313436643037633032393935 +32633632633461383965363230383531316239313637313365613531663365336163343363643365 +63346366666433333736623533653264663538323562636565623134633634353234363163646639 +35633662336636326237336134663334353435323333656235383231326431633035623664326538 +39393961303031643831363634353730663836353464333536393838353133633765633238626630 +31323564323938373833303965626165303462363139366262636462333631313835653332383637 +63343263323861643863313237303864363630666464653834323736323563633162396232643439 +38303338323538653263616335386338336133653733333137343532353066363039633961323036 +32666439353734313738386535353966373963313534323666323633316338666139386130383262 +62303466616666343862396435633239636533613135343836333838626663316433343661636561 +61656361313165393932333932653539663464303564643931313736323864623233376339666266 +63656638633363343766376336356339623235623838326530663031383739333936633938663661 +65383334373736313134313961623732616339636466396130343233396630633464336631336364 +35326433306663343764656437343065323033356666316161383262623236626237383531623165 +36386434316230323239613266363862333134656331316166353631613464336164326365353738 +35346563653364373334343061346639363538616433396131646362393162663033643532313932 +65336536366132643861613065346530643061343939393533346331653235356530626431336364 +63396235383764343933316639363934366161323765346632346331313831386266303664363066 +36393235393861313333303734656634663634303133353131613630633231333935356262383161 +62313661323734386233396133353261663434353662353064386538663531613466616532646237 +31306362663139616266313765303562383163323333313435366536396633626261626632663135 +65646366636461626535616662363735396263323563356239373963353434373061386331353664 +31323662633433383738346532626463386535646363623961373466376132316265653833333766 +31336464343439343632393438326537373539663463636261333066313134656664363031663137 +62633336396162373736343737636565623038303362323261656365396130316132346436303637 +30313131366631666534356132353933336663396130393038623266356531373531303766333830 +37303765336435333161346339643065363165646538613165363634616362306466303063393566 +64626562383065653562646536386662663762653665353339316232363534643837656535326633 +30396134346432306135396337383765613361616331356433323766343139646631303861386263 +38333262383239336662633463356134613239393563356662313463646432306130383433363137 +35623231366238353062656333353565653366363735373433313337656364353232613832326433 +34313238666233623462336665383964623662363662326331383131313161376233633234616236 +36373831613132343236346263623732313233623533356264656439353465663866643161663461 +38356261333430373631656238336337343664663563356461663839393864396662623530623932 +35303038613261393132366262333463653935616362396262343530356637663630323431643762 +33623364363163366262643133633065383063343162383232323832316462326661396232303937 +39616133323561653435373666363264303737376430313966323362383933643433656236363039 +32316361303835316465633862653431623431346465666166316136326363303538383236386364 +63666666643065346635366131313037633233316363336161313761643163376163646561373936 +39313964343866666332333034333233616134656331306236386339643130623530626466626339 +31663435323633643231366265323766316438366130653434633530643231653864626639623334 +37613931363264363132383764346364393038333130303364313334316333306235616237653563 +30393962333332326137613963343734366230326163343132653830653733346435386639323363 +62363066396563393861623764623330343332633535633737393364646137653361303032333436 +35643936393734643533613137386430353337353536653333373535623630366333356633643034 +30373565666430323235373939613839333034363532343738326536303334396565613765333639 +66363064643264656163633430636563336430613634326265613934643433366134623339393437 +62303666323933646166363465623437396630643662656364303666336133396663613438376139 +66613965646639643337343137346537656465386337643864613637393664306436333063363830 +64396361666261666339653230386635633139616330666132333232303064383738353336346632 +63663064633631336231366266663737386137396636633039616165653339373831333338303736 +63653566383161373131343233303132306237656133333136656161653736336433363164393833 +35373363386232653036313635303862323838636433636565373135306466336562316232366537 +35303137386433326364366232643837386364376463666531633664333932653536373931396333 +37383931353465386636623637313063333933333062623361343835303634313439333862306436 +62643863343730353334333863633534313232333332376562626366343131636132393566356563 +30346666386539613864303537346636333534333534376439313164656634366465383131353335 +64343730666230636462656666373061643338376633386338623238636531333636313631333036 +37376337643739393934343362343865636362383638663630313831353963636364613138393136 +31366361376533363861393537323433663533316465383334656133623637343530323561303631 +30373534653437633765636664316364386139613565616464323735643333633962623665323831 +38343661373632313936616632353635623232343630346565346262313365336366393262336631 +36646430366531306665366465383530366432623737373662393263343336633837646630393139 +32633566653335636130386338633035636135316461396366313532363834653966653239636533 +32313039623433663861393832323564366337646161626632613563376131353265373938306430 +35323762393434303966623536356466383933333139336561666335663133356130386166653064 +65306137663938663162396265653439666562333766373132396434383365386338333635653166 +36366139643335303135626337363363633334633464326234666361333234383262363035346362 +31393538303961386465623437343766376565333564346338666365333865323537353731363262 +63386632383766303261666563323133616136306563623761653831663466326433306631643365 +61313862343235643963626331353465313734613930393163363236373438613939656164633137 +38343061633164623361353430373830616365646362383565353865663930343134393736643730 +36383439333032623233656565336666663539396531633865326166303837333736373333393836 +37616139303039343439303338653133393563316537626239613961363164303538636566663931 +30656236356230623734383662643735326264666362626239356565653361333266373132383365 +30373763333938613636383364643862343832633631336131626162326330653465353661313639 +35303434643534323731393665663930363163653965373832323966306335343562643334616333 +63643637303038623039396331313439663332646566326132306235653234633262336539656463 +64643336373535656462313462366337653862623131393230326532633035333864383936366332 +31333962336430663061356537323638656137343638643033316461353761303435363263323337 +34393235303630643265636338343430366232613831666662653162633333353262623331656339 +39303064393533323132653433316665366436316235663332646362666539656262353037313538 +35333239323736306434323435323236343634336337323364653862323932643130313737306339 +64333763316134383033353762353264393764653638616533623366313361363766666436633164 +34623266373130303437383635623763646165363538653666383966343063636435336462326233 +64633332613961333532666235303935646139626135323964346666353732653531356238393338 +39656231363935306533313632626134353439633131653537353466323565633532383031666364 +31356338313334383263616134643834373064316361313362366562656464656566633961336532 +31393931313633366630303931336137383732383533616163353361616336613863616462636230 +35656561313735313864353133663735376462666639323930663039373630613138343735643061 +35326665316465663834383766373366653464643263383662636134366161343532666265316632 +35313233346236356166306464306139306263376339336266303861386632623030666239373734 +34386330616335326339633761623366613931386366333138643236363338386435613036393732 +38306137353930383737663063393734306539613633316337386334326562643731356536393036 +64326363643162333561336364643034313735303761313233653865303638363766333066343862 +64393063336439323233656263343432336365333630303238376133336235613266306338653664 +36303761393036393964653962353164326432343731353861353432333738643365303032356534 +61623339623664343164666338383361633863336432613762386238323331633264653666313532 +38333165373738383539316663366437333733646561613232366130646565313063306631653331 +61396236333663393937303639643061383133346563343339346136636237383663623364303535 +30373562353531313630626533336431626539306137353331653430653737613462353739353936 +62333562636137363964303735623434333537396330386338386661346437353936633533353961 +34663532376636353233396362616361643164396539326339376237313737656161353032383566 +37363234393334616363323465343332373436613636643431326436316135383230633136353633 +37373564653033323034643661333733313431323133616639366230343433633366636261623039 +66663866326465666132333863666431653433616565343964613338636339643466613634363162 +66636464656135383231373135666661303761363964383538643738346136366339613264663663 +39316437393962333239333732326432616239656538663030613763326533646131653663326166 +32326365323630613339343263323133656361663131336230386664616561623033646535613736 +34393130376233333134323662646132616430353233396364653437353335313962363865666536 +66343239643131343730366562303061343061326139306165343931326166326435343236323064 +37306534373831356364306339333233633866633931383666363639336563363763336163336131 +39616464373630386164383033333530353866666531363361633430383335616161643139333964 +64633365616532396461373736616462313966326432363562353437383762326362323531623637 +64306638306633316533343766623136636331363439633031316366663063643262386566396633 +30306231633730643961303266343337343531386634363037303535643239376236343737393066 +31373765623732333736366434363865396366333165366362386132373536383730633766326564 +34356635333135616666303161656233373038353338376433336466346633663935626564396533 +62353432333637643665633766356534653735326662346466353737303131323934313433666335 +35653930356564336138626365383730313131346534616139313965313831393237353930613231 +63303034326463633335353064363438323839623533313637383236386535303663373930663234 +37343833323838343431626438366630663465653534373339306539656462643237396661346632 +35623261346463393037666266333835623664313938396239386461663230656239623534346537 +30336432393433346438316533646132636336613661623935303434646334626434636466636634 +37653532383538326666363864633165626266633331626239333536643663623335326262346232 +33393864646261643639663635343731336330366638633266373136346537373236336539356233 +33366536386463636462373865623861643466306331653938383934323232366463663935353830 +32633266613833666266646462393062336263633937396666653732306233613666376339353362 +62353236386337626663653064396564623933613535346264643630343766656462366164363864 +33386637373030336530363838346534636361373965613664386635313938343663653434323438 +65336433326661643864303738636362386239636239373265643139356563356166373161663064 +62633061393861316236653833353634616338333062393564373431636666613264646262663762 +30376334613639633233336536653631663866393535643039616333623636323764383862633235 +65636438316430383162663832353038313037623366386135393636323161303732646466373833 +31386463363265363161396330643539336566313763666136636265383531346638363964303762 +34633666323665666430333465396266626533353761373932666165393634313236396366326464 +32623963373638383133613535316461646632653831333862623536393531663536333161306664 +37366537646261333166633961656136386466643864623463643331396234386233316263303539 +30646234316437316633633761343361633234363661663465303164663662366562393539663666 +64373065313161333632313931386538306231303639393036316138613332376131663434366362 +37386262643366313465386332313335313434393134336134626265396164326430366466376331 +66616665313761366631366364346538323933373664643663616335363631346630626338343137 +63313833643262316664306261323839336666636361343032323938316232336136356139383061 +38373637386434653265636261616633636365303134653866643763333434643138373337383065 +62613335653332366566356537626266633334613766643666303261353239363034666639656463 +39363939653634646632373239616363316263386333326566383061323337363335643037353833 +61376364346164376333336131353638333032353034306361363536316134623535336363633531 +37343935643933666564663861306331663833656165666134646262373134643834373432326634 +66336431643164393336656161306333386437336133393062303231636130343464663434393332 +37373066646138353636656531363532366465626538333461353131613731363939303933616232 +35636261613433336232663532383065376137626266326161316530616666613437306361656134 +39363636633834303634333135643037626538383930383030633764316434303062346263646436 +33613662323735616563373330303965373033376166363136653761663864303761626665343063 +64343234363839623633363562633764656136383063346633386338626337616531656334646337 +36393331633938396439643032333136643766366437383934363333383466383738656333663633 +31656437386237666438373664623561333336383866613366616166313062366365303765646362 +33333930613961373036326639626364353133363933653739643935383966356130373437636564 +62313933623061336631323163653263393866363231623438623430303338656236353462333237 +65323334316136383236393234346261323638373536613165656233383535333062 From 2c0727a419eafbbec1fc3df27612df68728da3f7 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 7 Mar 2021 21:41:42 +0100 Subject: [PATCH 37/78] Update the list of packages installed via baseconfig --- roles/baseconfig/tasks/main.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index 0c13978..9210b5c 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -9,8 +9,6 @@ - aptitude # nice to have for Ansible - bash-completion # because bash - curl # better than wget - - emacs-nox # for maman - - fish # to motivate @edpibu - git # code versioning - htop # better than top - iotop # monitor i/o @@ -18,15 +16,14 @@ - lsb-release - molly-guard # prevent reboot - nano # for vulcain - - net-tools - ntp # network time sync - - oidentd # postgresql identification - screen # Vulcain asked for this - sudo - tmux # For shirenn - tree # create a graphical tree of files - vim # better than nano - zsh # to be able to ssh @erdnaxe + - dnsutils # dig update_cache: true register: apt_result retries: 3 From 64ae2a8521e2e87d2288a1ebf3786a7721f8c41f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:01:16 +0100 Subject: [PATCH 38/78] configure postgres for services-bdd-ovh --- host_vars/services-bdd-ovh.adm.auro.re | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 host_vars/services-bdd-ovh.adm.auro.re diff --git a/host_vars/services-bdd-ovh.adm.auro.re b/host_vars/services-bdd-ovh.adm.auro.re new file mode 100644 index 0000000..18d6a15 --- /dev/null +++ b/host_vars/services-bdd-ovh.adm.auro.re @@ -0,0 +1,5 @@ +postgresql: + version: 11 + hosts: # dbname, username, CIDR ip addr, auth method + - [ "etherpad", "etherpad", "10.128.0.150", "md5" ] + - [ "codimd", "codimd", "10.128.0.150", "md5" ] From a625a58ddd3b94b7e79782fa189d215b47a90112 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:01:32 +0100 Subject: [PATCH 39/78] create role postgresql_server --- roles/postgresql_server/handlers/main.yml | 6 + roles/postgresql_server/tasks/main.yml | 41 ++ .../templates/postgresql/pg_hba.conf.j2 | 103 +++ .../templates/postgresql/postgresql.conf.j2 | 694 ++++++++++++++++++ 4 files changed, 844 insertions(+) create mode 100644 roles/postgresql_server/handlers/main.yml create mode 100644 roles/postgresql_server/tasks/main.yml create mode 100644 roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 create mode 100644 roles/postgresql_server/templates/postgresql/postgresql.conf.j2 diff --git a/roles/postgresql_server/handlers/main.yml b/roles/postgresql_server/handlers/main.yml new file mode 100644 index 0000000..731acb9 --- /dev/null +++ b/roles/postgresql_server/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart postgresql + service: + name: postgresql + state: restarted + enabled: true diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml new file mode 100644 index 0000000..696be41 --- /dev/null +++ b/roles/postgresql_server/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Install postgresql + apt: + update_cache: true + name: postgresql + state: present + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Ensure main postgresql directory exists + file: + path: /etc/postgresql/{{ postgresql.version }}/main/ + state: directory + owner: postgres + group: postgres + mode: 0755 + recurse: yes + +- name: Ensure configuration directory exists + file: + path: /etc/postgresql/{{ postgresql.version }}/main/conf.d + state: directory + owner: postgres + group: postgres + mode: 0755 + +- name: Configuration of postgresql {{ postgresql.version }} + template: + src: postgresql/{{ item }}.j2 + dest: /etc/postgresql/{{ postgresql.version }}/main/{{ item }} + mode: 0640 + owner: postgres + group: postgres + loop: + - pg_hba.conf + - postgresql.conf + notify: + - restart postgresql + + diff --git a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 new file mode 100644 index 0000000..c9321ec --- /dev/null +++ b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 @@ -0,0 +1,103 @@ +# {{ ansible_managed }} + +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", +# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". +# Note that "password" sends passwords in clear text; "md5" or +# "scram-sha-256" are preferred since they send encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the server receives a +# SIGHUP signal. If you edit the file on a running system, you have to +# SIGHUP the server for the changes to take effect, run "pg_ctl reload", +# or execute "SELECT pg_reload_conf()". +# +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer + +{% for host in postgresql.hosts %} +host {{ host[0] }} {{ host[1] }} {{ host[2] }} {{ host[3] }} +{% endfor %} + + +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all peer +host replication all 127.0.0.1/32 md5 +host replication all ::1/128 md5 diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 new file mode 100644 index 0000000..768d3f0 --- /dev/null +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -0,0 +1,694 @@ +{{ ansible_header | comment }} + +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. +# All changes to this section REQUIRES restart + +# use data in another directory +data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main' +# host-based authentication file +hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf' + +# If external_pid_file is not explicitly set, no extra PID file is written. +external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' +# write an extra PID file + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +ssl = on +#ssl_ca_file = '' +ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' +#ssl_crl_file = '' +ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = replica # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +max_wal_size = 1GB +min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 10 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 10 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +# - Subscribers - + +# These settings are ignored on a publisher. + +#max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) +#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off +#jit = on # allow JIT compilation +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Paris' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +cluster_name = '{{ postgresql.version }}/main' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +stats_temp_directory = '/var/run/postgresql/{{ postgresql.version }}-main.pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, dmy' +#intervalstyle = 'postgres' +timezone = 'Europe/Paris' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'fr_FR.UTF-8' # locale for system error message + # strings +lc_monetary = 'fr_FR.UTF-8' # locale for monetary formatting +lc_numeric = 'fr_FR.UTF-8' # locale for number formatting +lc_time = 'fr_FR.UTF-8' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.french' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +include_dir = 'conf.d' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here From d14306a86c225d5676b691b1f212d15b4086d38e Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:08:05 +0100 Subject: [PATCH 40/78] fix syntax for CI --- roles/postgresql_server/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 696be41..9ccbd54 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -5,8 +5,8 @@ name: postgresql state: present register: apt_result - retries: 3 - until: apt_result is succeeded + retries: 3 + until: apt_result is succeeded - name: Ensure main postgresql directory exists file: From a4c393d3fb2d711eb1c31c539581cad0aa6ba1ae Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:10:06 +0100 Subject: [PATCH 41/78] fix yaml ci truthy value --- roles/ldap_client/tasks/main.yml | 2 +- roles/postgresql_server/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml index 94ed070..968b42f 100644 --- a/roles/ldap_client/tasks/main.yml +++ b/roles/ldap_client/tasks/main.yml @@ -21,4 +21,4 @@ user: root key: "{{ ssh_pub_keys }}" state: present - exclusive: True + exclusive: true diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 9ccbd54..9a42e8a 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -15,7 +15,7 @@ owner: postgres group: postgres mode: 0755 - recurse: yes + recurse: true - name: Ensure configuration directory exists file: From dbbaf0d26d4f1b457c504ccd53a525acc9897fd0 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:11:02 +0100 Subject: [PATCH 42/78] remove tailling whitespaces --- roles/postgresql_server/tasks/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 9a42e8a..7f119dd 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -24,7 +24,7 @@ owner: postgres group: postgres mode: 0755 - + - name: Configuration of postgresql {{ postgresql.version }} template: src: postgresql/{{ item }}.j2 @@ -37,5 +37,3 @@ - postgresql.conf notify: - restart postgresql - - From 8b9bef865e3719a93f5a969261c0fbbfa106aa1f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:26:18 +0100 Subject: [PATCH 43/78] postgresql listen on pseudo-address --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index 768d3f0..f2d1b3e 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -57,6 +57,8 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # - Connection Settings - +listen_addresses = 0.0.0.0, [::] +# listen_addresses = * # listen to all #listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; # defaults to 'localhost'; use '*' for all From 1105ea88c189b11da1609ad556096072b8c25a19 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:40:17 +0100 Subject: [PATCH 44/78] rename VM to a simpler name (services-bdd-ovh -> bdd-ovh) --- host_vars/{services-bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename host_vars/{services-bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re} (100%) diff --git a/host_vars/services-bdd-ovh.adm.auro.re b/host_vars/bdd-ovh.adm.auro.re similarity index 100% rename from host_vars/services-bdd-ovh.adm.auro.re rename to host_vars/bdd-ovh.adm.auro.re From 6951e017b7a5378175d76990741d4b331b9b2a35 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:43:08 +0100 Subject: [PATCH 45/78] bdd config for synapse --- host_vars/bdd-ovh.adm.auro.re | 1 + 1 file changed, 1 insertion(+) diff --git a/host_vars/bdd-ovh.adm.auro.re b/host_vars/bdd-ovh.adm.auro.re index 18d6a15..df77200 100644 --- a/host_vars/bdd-ovh.adm.auro.re +++ b/host_vars/bdd-ovh.adm.auro.re @@ -3,3 +3,4 @@ postgresql: hosts: # dbname, username, CIDR ip addr, auth method - [ "etherpad", "etherpad", "10.128.0.150", "md5" ] - [ "codimd", "codimd", "10.128.0.150", "md5" ] + - [ "synapse", "synapse", "10.128.0.56", "md5" ] From 0656dacbe84d13a9b5946ac07ff906ae6242022b Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:47:04 +0100 Subject: [PATCH 46/78] Add config for bdd local --- host_vars/bdd.adm.auro.re | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 host_vars/bdd.adm.auro.re diff --git a/host_vars/bdd.adm.auro.re b/host_vars/bdd.adm.auro.re new file mode 100644 index 0000000..d1e9353 --- /dev/null +++ b/host_vars/bdd.adm.auro.re @@ -0,0 +1,8 @@ +postgresql: + version: 11 + hosts: # dbname, username, CIDR ip addr, auth method + - [ "nextcloud", "nextcloud", "10.128.0.58", "md5" ] + - [ "gitea", "gitea", "10.128.0.60", "md5" ] + - [ "drone", "drone", "10.128.0.64", "md5" ] + - [ "wikijs", "wikijs", "10.128.0.66", "md5" ] + - [ "vote", "vote", "10.128.0.81", "md5" ] From 69c6d5b55d9f1967a7c82cd8cc7b1477919494f8 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:51:07 +0100 Subject: [PATCH 47/78] add and clean bdd hosts --- hosts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts b/hosts index 7cf9128..68488a0 100644 --- a/hosts +++ b/hosts @@ -29,7 +29,7 @@ stream.adm.auro.re re2o-server.adm.auro.re re2o-ldap.adm.auro.re re2o-db.adm.auro.re -services-bdd-local.adm.auro.re +#services-bdd-local.adm.auro.re backup.adm.auro.re services-web.adm.auro.re mail.adm.auro.re @@ -37,6 +37,8 @@ wikijs.adm.auro.re prometheus-aurore.adm.auro.re portail.adm.auro.re jitsi-aurore.adm.auro.re +bdd.adm.auro.re +bdd-ovh.adm.auro.re [aurore_testing_vm] pendragon.adm.auro.re @@ -49,7 +51,7 @@ horus.adm.auro.re [ovh_container] synapse.adm.auro.re -services-bdd.adm.auro.re +#services-bdd.adm.auro.re phabricator.adm.auro.re wiki.adm.auro.re www.adm.auro.re @@ -508,3 +510,7 @@ reverseproxy [reverseproxy] proxy-ovh.adm.auro.re proxy.adm.auro.re + +[bdd] +bdd.adm.auro.re +bdd-ovh.adm.auro.re From 76361de3f13ad14200e04311946b8307e66cb640 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 12:52:15 +0100 Subject: [PATCH 48/78] Add playbook for DBs --- bdd.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 bdd.yml diff --git a/bdd.yml b/bdd.yml new file mode 100644 index 0000000..485d0b4 --- /dev/null +++ b/bdd.yml @@ -0,0 +1,5 @@ +#!/usr/bin/env ansible-playbook +--- +# Install and configure bdd servers at Saclay and at OVH +- hosts: bdd + roles: postgresql_server From d81543436035ac3306fe0d8633952eb708a18248 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 10 Mar 2021 12:53:28 +0100 Subject: [PATCH 49/78] Add new ups monitored --- monitoring.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/monitoring.yml b/monitoring.yml index 76282b9..852f30e 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -27,6 +27,7 @@ - targets: "{{ groups['pacaterie_unifi'] | list | sort }}" prometheus_ups_snmp_targets: - ups-pn-1.ups.auro.re + - ups-ps-1.ups.auro.re roles: - prometheus @@ -38,6 +39,7 @@ # Prometheus targets.json prometheus_ups_snmp_targets: - ups-ec-1.ups.auro.re + - ups-ec-2.ups.auro.re prometheus_targets: - targets: | From bbf4ac323c7476c5353d6835142cb71eb67005c7 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 10 Mar 2021 12:55:11 +0100 Subject: [PATCH 50/78] Moniroting of ups environmental temperature --- roles/prometheus/templates/prometheus/snmp.yml.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/prometheus/templates/prometheus/snmp.yml.j2 b/roles/prometheus/templates/prometheus/snmp.yml.j2 index 8757d79..e8849d8 100644 --- a/roles/prometheus/templates/prometheus/snmp.yml.j2 +++ b/roles/prometheus/templates/prometheus/snmp.yml.j2 @@ -68,9 +68,10 @@ eatonups: - labelname: upsOutputLineIndex type: gauge - name: xupsEnvRemoteTemp - oid: 1.3.6.1.4.1.534.1.6.5 +# oid: 1.3.6.1.4.1.534.1.6.5 + oid: 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4 type: gauge - help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.534.1.6.5 + help: The reading of an EMP's temperature sensor. - 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4 - name: xupsEnvRemoteHumidity oid: 1.3.6.1.4.1.534.1.6.6 type: gauge From ba4db4a835872c1c5352f014601650ab89f1b928 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Wed, 10 Mar 2021 12:58:51 +0100 Subject: [PATCH 51/78] Fix undefined variable --- monitoring.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/monitoring.yml b/monitoring.yml index 852f30e..76ef704 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -4,6 +4,7 @@ vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + snmp_switch_community: "{{ vault_snmp_switch_community }}" # Prometheus targets.json prometheus_targets: @@ -18,6 +19,7 @@ vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + snmp_switch_community: "{{ vault_snmp_switch_community }}" # Prometheus targets.json prometheus_targets: @@ -35,6 +37,7 @@ vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + snmp_switch_community: "{{ vault_snmp_switch_community }}" # Prometheus targets.json prometheus_ups_snmp_targets: @@ -53,6 +56,7 @@ vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + snmp_switch_community: "{{ vault_snmp_switch_community }}" # Prometheus targets.json prometheus_targets: @@ -69,6 +73,7 @@ vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + snmp_switch_community: "{{ vault_snmp_switch_community }}" # Prometheus targets.json prometheus_ups_snmp_targets: From 879e0338574e61a9d14267929f6b5efb77cb5fab Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:21:19 +0100 Subject: [PATCH 52/78] Fix malformed role definition --- bdd.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bdd.yml b/bdd.yml index 485d0b4..7a0bf6c 100644 --- a/bdd.yml +++ b/bdd.yml @@ -2,4 +2,6 @@ --- # Install and configure bdd servers at Saclay and at OVH - hosts: bdd - roles: postgresql_server + roles: + - postgresql_server +... From 9ef6202fdf7da5f4c4fe4c378970bf504a35794f Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:23:52 +0100 Subject: [PATCH 53/78] Add configuration for users and databases --- roles/postgresql_server/defaults/main.yml | 4 ++++ roles/postgresql_server/tasks/main.yml | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 roles/postgresql_server/defaults/main.yml diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml new file mode 100644 index 0000000..643fc0a --- /dev/null +++ b/roles/postgresql_server/defaults/main.yml @@ -0,0 +1,4 @@ +--- +postgresql_db: [] +postgresql_users: [] +... diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 7f119dd..6748c04 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -37,3 +37,17 @@ - postgresql.conf notify: - restart postgresql + +- name: Create databases + postgresql_db: + name: "{{ item.name }}" + loop: "{{ postgresql_databases }}" + +- name: Create users + postgresql_user: + db: "{{ item.database }}" + name: "{{ item.name }}" + password: "{{ item.password }}" + priv: "{{ item.priv }}" + loop: "{{ postgresql_users }}" +... From f919ec689a57f4d7576f86cfa5f1493d60d78c38 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:25:36 +0100 Subject: [PATCH 54/78] =?UTF-8?q?Fix=20'ansible=5Fheader'=20=E2=86=92=20'a?= =?UTF-8?q?nsible=5Fmanaged'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index f2d1b3e..d2e1d29 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -1,4 +1,4 @@ -{{ ansible_header | comment }} +{{ ansible_managed | comment }} # ----------------------------- # PostgreSQL configuration file From 36b04239fd2c00947cc2cb97f1910004befbb049 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:34:58 +0100 Subject: [PATCH 55/78] Rename 'postgresql_db' to 'postgresql_databases' --- roles/postgresql_server/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml index 643fc0a..89733f0 100644 --- a/roles/postgresql_server/defaults/main.yml +++ b/roles/postgresql_server/defaults/main.yml @@ -1,4 +1,4 @@ --- -postgresql_db: [] +postgresql_databases: [] postgresql_users: [] ... From 7a071552375f727678db742666fa06bfbf28db92 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:35:18 +0100 Subject: [PATCH 56/78] Install python3-psycopg2 (required by Ansible) --- roles/postgresql_server/tasks/main.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 6748c04..f4f3909 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -1,8 +1,10 @@ --- -- name: Install postgresql +- name: Install postgresql and psycopg2 apt: update_cache: true - name: postgresql + pkg: + - postgresql + - python3-psycopg2 state: present register: apt_result retries: 3 @@ -39,11 +41,15 @@ - restart postgresql - name: Create databases + become: true + become_user: postgres postgresql_db: - name: "{{ item.name }}" + name: "{{ item }}" loop: "{{ postgresql_databases }}" - name: Create users + become: true + become_user: postgres postgresql_user: db: "{{ item.database }}" name: "{{ item.name }}" From 8e855d7009f6ac7424874b9b2d2ea56c0deb5b70 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:36:10 +0100 Subject: [PATCH 57/78] Listen addresses must be quoted --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index d2e1d29..0df0512 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -57,7 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # - Connection Settings - -listen_addresses = 0.0.0.0, [::] +listen_addresses = '0.0.0.0, [::]' # listen_addresses = * # listen to all #listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; From 40eadf802c691772e141fbd998e74e4de5682dd1 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 13:58:40 +0100 Subject: [PATCH 58/78] Add template and no_log for postgresql_user --- host_vars/{bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re.yml} | 0 roles/postgresql_server/tasks/main.yml | 6 +++++- 2 files changed, 5 insertions(+), 1 deletion(-) rename host_vars/{bdd-ovh.adm.auro.re => bdd-ovh.adm.auro.re.yml} (100%) diff --git a/host_vars/bdd-ovh.adm.auro.re b/host_vars/bdd-ovh.adm.auro.re.yml similarity index 100% rename from host_vars/bdd-ovh.adm.auro.re rename to host_vars/bdd-ovh.adm.auro.re.yml diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index f4f3909..6be936f 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -17,7 +17,6 @@ owner: postgres group: postgres mode: 0755 - recurse: true - name: Ensure configuration directory exists file: @@ -45,6 +44,10 @@ become_user: postgres postgresql_db: name: "{{ item }}" + encoding: UTF-8 + lc_collate: en_US.UTF-8 + lc_ctype: en_US.UTF-8 + template: template0 loop: "{{ postgresql_databases }}" - name: Create users @@ -55,5 +58,6 @@ name: "{{ item.name }}" password: "{{ item.password }}" priv: "{{ item.priv }}" + no_log: true loop: "{{ postgresql_users }}" ... From 06b54d5f8987840fac19526925c9f3cbd64c9083 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 14:27:14 +0100 Subject: [PATCH 59/78] Use postgresql_privs --- roles/postgresql_server/tasks/main.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 6be936f..0dc5c1c 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -57,7 +57,17 @@ db: "{{ item.database }}" name: "{{ item.name }}" password: "{{ item.password }}" - priv: "{{ item.priv }}" no_log: true loop: "{{ postgresql_users }}" + +- name: Grant privileges to users + become: true + become_user: postgres + postgresql_privs: + db: postgres + type: database + role: "{{ item.name }}" + privs: "{{ item.privs | join(',') }}" + obj: "{{ item.database }}" + loop: "{{ postgresql_users }}" ... From bd05b702bb4d37755adad0f2fd7e46474d82b1b6 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:19:39 +0100 Subject: [PATCH 60/78] Use '::' in place of '[::]' --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index 0df0512..bcab09c 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -57,7 +57,7 @@ external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' # - Connection Settings - -listen_addresses = '0.0.0.0, [::]' +listen_addresses = '0.0.0.0, ::' # listen_addresses = * # listen to all #listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; From 628e11488d55675913b060a466f05a0f7e115038 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:22:01 +0100 Subject: [PATCH 61/78] Switch postgresql to english --- .../templates/postgresql/postgresql.conf.j2 | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index bcab09c..1085939 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -607,11 +607,10 @@ timezone = 'Europe/Paris' # encoding # These settings are initialized by initdb, but they can be changed. -lc_messages = 'fr_FR.UTF-8' # locale for system error message - # strings -lc_monetary = 'fr_FR.UTF-8' # locale for monetary formatting -lc_numeric = 'fr_FR.UTF-8' # locale for number formatting -lc_time = 'fr_FR.UTF-8' # locale for time formatting +lc_messages = 'en_US.UTF-8' +lc_monetary = 'en_US.UTF-8' +lc_numeric = 'en_US.UTF-8' +lc_time = 'en_US.UTF-8' # default configuration for text search default_text_search_config = 'pg_catalog.french' From 4f6eda832985edc2a721d0503c49119599916456 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:57:19 +0100 Subject: [PATCH 62/78] Use /run instead of /var/run to please systemd --- roles/postgresql_server/templates/postgresql/postgresql.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 index 1085939..f28c61e 100644 --- a/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/postgresql.conf.j2 @@ -47,7 +47,7 @@ data_directory = '/var/lib/postgresql/{{ postgresql.version }}/main' hba_file = '/etc/postgresql/{{ postgresql.version }}/main/pg_hba.conf' # If external_pid_file is not explicitly set, no extra PID file is written. -external_pid_file = '/var/run/postgresql/{{ postgresql.version }}-main.pid' +external_pid_file = '/run/postgresql/{{ postgresql.version }}-main.pid' # write an extra PID file From d16f4441301a15e34f238e45335ad5ed98b3de68 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 15:59:21 +0100 Subject: [PATCH 63/78] Use a dict for HBA hosts --- host_vars/bdd-ovh.adm.auro.re.yml | 26 +++++- roles/postgresql_server/defaults/main.yml | 1 + .../templates/postgresql/pg_hba.conf.j2 | 91 +------------------ 3 files changed, 26 insertions(+), 92 deletions(-) diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index df77200..78aeff4 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -1,6 +1,22 @@ +--- postgresql: - version: 11 - hosts: # dbname, username, CIDR ip addr, auth method - - [ "etherpad", "etherpad", "10.128.0.150", "md5" ] - - [ "codimd", "codimd", "10.128.0.150", "md5" ] - - [ "synapse", "synapse", "10.128.0.56", "md5" ] + version: 13 + +postgresql_hosts: + - database: etherpad + user: etherpad + net: 10.128.0.150/32 + method: md5 + - database: codimd + user: codimd + net: 10.128.0.150/32 + method: md5 + - database: synapse + user: synapse + net: 10.128.0.56/32 + method: md5 + - database: codimd + user: codimd + net: 127.0.0.1/32 + method: md5 +... diff --git a/roles/postgresql_server/defaults/main.yml b/roles/postgresql_server/defaults/main.yml index 89733f0..8eb5639 100644 --- a/roles/postgresql_server/defaults/main.yml +++ b/roles/postgresql_server/defaults/main.yml @@ -1,4 +1,5 @@ --- +postgresql_hosts: [] postgresql_databases: [] postgresql_users: [] ... diff --git a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 index c9321ec..3a56905 100644 --- a/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 +++ b/roles/postgresql_server/templates/postgresql/pg_hba.conf.j2 @@ -1,81 +1,6 @@ -# {{ ansible_managed }} - -# PostgreSQL Client Authentication Configuration File -# =================================================== -# -# Refer to the "Client Authentication" section in the PostgreSQL -# documentation for a complete description of this file. A short -# synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which PostgreSQL user names they can use, which -# databases they can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTIONS] -# host DATABASE USER ADDRESS METHOD [OPTIONS] -# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] -# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, -# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a -# plain TCP/IP socket. -# -# DATABASE can be "all", "sameuser", "samerole", "replication", a -# database name, or a comma-separated list thereof. The "all" -# keyword does not match "replication". Access to replication -# must be enabled in a separate record (see example below). -# -# USER can be "all", a user name, a group name prefixed with "+", or a -# comma-separated list thereof. In both the DATABASE and USER fields -# you can also write a file name prefixed with "@" to include names -# from a separate file. -# -# ADDRESS specifies the set of hosts the record matches. It can be a -# host name, or it is made up of an IP address and a CIDR mask that is -# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that -# specifies the number of significant bits in the mask. A host name -# that starts with a dot (.) matches a suffix of the actual host name. -# Alternatively, you can write an IP address and netmask in separate -# columns to specify the set of hosts. Instead of a CIDR-address, you -# can write "samehost" to match any of the server's own IP addresses, -# or "samenet" to match any address in any subnet that the server is -# directly connected to. -# -# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", -# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". -# Note that "password" sends passwords in clear text; "md5" or -# "scram-sha-256" are preferred since they send encrypted passwords. -# -# OPTIONS are a set of options for the authentication in the format -# NAME=VALUE. The available options depend on the different -# authentication methods -- refer to the "Client Authentication" -# section in the documentation for a list of which options are -# available for which authentication methods. -# -# Database and user names containing spaces, commas, quotes and other -# special characters must be quoted. Quoting one of the keywords -# "all", "sameuser", "samerole" or "replication" makes the name lose -# its special character, and just match a database or username with -# that name. -# -# This file is read on server startup and when the server receives a -# SIGHUP signal. If you edit the file on a running system, you have to -# SIGHUP the server for the changes to take effect, run "pg_ctl reload", -# or execute "SELECT pg_reload_conf()". -# -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make PostgreSQL -# listen on a non-local interface via the listen_addresses -# configuration parameter, or via the -i or -h command line switches. - - +{{ ansible_managed | comment }} +# TYPE DATABASE USER ADDRESS METHOD # DO NOT DISABLE! # If you change this first entry you will need to make sure that the @@ -86,18 +11,10 @@ # Database administrative login by Unix domain socket local all postgres peer -# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer -{% for host in postgresql.hosts %} -host {{ host[0] }} {{ host[1] }} {{ host[2] }} {{ host[3] }} +{% for host in postgresql_hosts %} +host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }} {% endfor %} - - -# Allow replication connections from localhost, by a user with the -# replication privilege. -local replication all peer -host replication all 127.0.0.1/32 md5 -host replication all ::1/128 md5 From 5871e1cfb8012e13359f633571b6589cb486c6dd Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 17:13:13 +0100 Subject: [PATCH 64/78] Add/Update password for postgres db codimd, etherpad and synapse --- group_vars/all/vault.yml | 361 ++++++++++++++++++++------------------- 1 file changed, 182 insertions(+), 179 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 1823262..f961428 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,180 +1,183 @@ $ANSIBLE_VAULT;1.1;AES256 -36323837313536343438346161633830326364666265343833323539626361653065363734393533 -3062363534346566626433663561313034323930623565640a363866396538623763393232383462 -61623430366665323931393339373665376536633631306639356435323939653434616163343365 -3463393937653666620a363639643662373365343261613831313165653837336461623135633062 -33313632363236633838303430656334383539323937333036396135313433306566353132386634 -35626431623730336635336136356437343639656331363462313064373038636439393631653264 -35666565626132653665336163363965326265356339623838326238303865643632663233313464 -64633434346635363033396265646661643766313339386337333030353561326165306663613834 -62393565343036366534666166323238653939616433343866326338313332623062366439346436 -38363930646639353263663666333332383632656261633038363030613334663239373134343138 -62386233653264623437656535316532306432626531623239323439666437643364643537666139 -36323262643662313261326434663931633031643061323438643335616534356464613837343632 -33643761306538623430633031626266363531353432373930343435613934626231363234336266 -33353962396435623836666664346666323564393135613865373966316266313336613538303263 -36646564623039366138306332383663363765653063313436366432333438386534616439326132 -36623234653633653931363939386265306439383030366539393836303164353232653939613231 -66383761373965663939613262323262373938663964373961633762356332663965363364623033 -31303236373864393039363366333732666438313061666534656434303634616235393336346532 -62613565396163313833383435656431663662626166666532396138636635643833303462623863 -62343634326536613030643663646134653131643232343033633234303234356239393264666435 -62323961346236366463613466376434333639373537376265356334623430633865353866616132 -33363437633365633062383939616134316165343939383730366231376338613638393633616634 -33313064346434343435313238333538363165333237653339653635643339623732656237343138 -33376231383832303561313633336533396139303666363365373765633836366434343466653736 -38653764353861333431633837646538303332613234633632363134313563663861326234663964 -39306364333031656634643737316562653738623436386366663034653230626632353162353565 -64613133356364366138636434333165666663633231626234326562636333666134626136656533 -33363830616637373831666230323432643863663166613061613839303538633133633466623161 -34373761313135616638336638353433393362633738313965333964376664616631333138383366 -66636463303637613263353038386436376331633539336639313264636261393037613536363233 -63363030323466316161623162626338353530326362653334326338366234316530336439356161 -61616161393966646235343064643934663830343738323231643165316338393233663432383235 -30393734643131326333626566303263313361653833363032373462386266616664636539303462 -37656566386236626564633065376666396261393132653639343931323637376333343966646666 -36643737396233653639356461666637346639663365396137336637343462616138643261636561 -66386433363734323363633135613636316537663139353838326139353966646431616135393730 -66353534313131646662323239353035636433306438326232633738343662643738373564653434 -39643636343530353664646565376161303139636264653431656630623761643234366538313135 -36633761623832306666316230313731306262333661313339623930636261663466636539643431 -66383464623433366462383363636239616635646533326531356635653664613737623636656164 -37363136323035333434646437366361356366313030353333666530366563343166636264323937 -63313033393264376138383437646235393938636466396333333561646330643438353931383033 -34383133616364666533333732613362646439373339616536353333656635666266356333373730 -38663036646530346635326337616630633031383766643832303565353162303364646365633831 -31623461323838366663643534323963643964363439356661373165643836383133663566623336 -61633431636635333239386662396663306130363864313362623832363065653265653332383537 -36353935656364396138336338383138393563363963393633616137613165333336656334633737 -33653739643438663665396165653430353535353866653563343336396461343036346534623531 -64303932643336393062343765346634663166663230343039366362326133393832313564316562 -36333733376664323531623031376138326663383037316435383938386561393030393061633738 -66386363383064353533306461393831646436396335313664303038316135373064646434336336 -66656135396662336461643266626537623533303761636166383761356339353533303631366461 -38396466323865616564656632623834376164623464323466613830313663633366376163656562 -64663662376264383330343863313134626637316133633531336534333261646631343532346436 -32616332653832613937393864316537363964373437393162653264643730326533623637353639 -66646265363463303562623935626166636463353966663233656335323338323466306334623464 -61626532356438393732646135373933636166326666316564336636313963336136373331636137 -63343964613663303665656237366463363264316134363063326263393233323263386230343761 -32656335353935313362323734613466633238386664346538356137343632623032366433393633 -65313435353334313730636264646237343230336262366163633232326639393330306637373534 -62343562343464326566326165653235353931326535626230656334353038623139643837346332 -35623133386336646535343435306538623962633030353136373831323063653261333930653166 -39326661323163636534633433663037363866646535353931336166653738306634386332646236 -39366139373933326538626166613634326333653330653636343230626138386466396466656532 -37383565366133626364393432313634303630316265373832656666623932363363613061316434 -62356239356531363236643039366437653762616364366332313833396661653863303138373262 -64323665656537333433346437613766613237356537646262353731653834373439343362356565 -61373530656134656134343763393263306165393635646538616635643136363636313030356562 -61326635373737376636383934366136396566623634653539346631333832343066373235613463 -64316536393433366336656563333733336461373033636466323936633138623465333239616538 -38383836303530356164333733333265396536333231313664633464313436653738616532363639 -33666133306562336637396133366230356162666639356238393265626164636631376539363738 -36383837636262373339313865663435643565343638313631666166636232613031306663653632 -37383430323366373163353235613138336666353430626262353830326362396265396639653635 -63383761623133383266653764613330646533396439646465343536313664666631633538626135 -32323437386531636435386161633437666133303565613139383839623530636137306531643765 -31326130376664613935613431356235656363306136643831663935383161313161303430386434 -31656364393534393666623935333237393264333839626136626531386364303431366432363037 -31663962633465353131663035656337636362313337303532396163316538613565626431623161 -66346533626135303937633364393533663134326139303661303239663332333637363866366631 -39663837393836303432383436643938613833653633663633373636623435663139303736666234 -66316365376266623235326265666438333735356638643332343438623436326561653634396638 -35393736393130373234316461336634323763396564613638393564366262376535666238353634 -66303964346537363161356238666135653666383534393338323331323364363439373839393335 -34363037306636363163626566366633336666396364646664346636613661346139326234636232 -37633033356438633833326231313733316531653137623263353765633432343637353931666437 -34336561316661393232613237353937366331643466363234383031303664386565303332663637 -64666364656166353938336665306232336338383161326331636363336634666436323532333361 -39313531633831633230656131306637356337346230343930663861383136303031666637636337 -36326439346566366461646561313665386163303634376361323033343538396138386166633166 -64393735313137653764323963323039306531656639306638663437353034363838393466353436 -34616335633235366634323233373537396130333938343133343265643665316438626635613136 -38383763646463356463326235313539356333633636303535333865393331623936633231616561 -64353337663665646333383830623966353134646563663832343839333039313130326634366162 -37363337303033393039313630333535616665643033616334646336366265373033626266383061 -39326366316663333530323632613462316538653966386463613439363137323139633232393565 -64373466333632613933356364333166303535643464393135366536326565333136656633313366 -61656361643866363931383231636636383434393637363965373836386433316564306430616233 -37653864363832363231643461343461323534616635663835386262383963376166666464313433 -65323231396162333937373261383336306665363936326237643537623235613337393738323037 -61653563333532626161343336643136663161663733346462343035373534363962616631333833 -63313633646166326538343366663865653737626162363463313862643661326231613437633964 -30643366346136653135626236663932303736643331323231366439306435643163633438353035 -32386434396638306465346165363938626135303134326335343739376563386566323964323661 -64636134306233383437656165626232643731313037316634633566646331383864343138386335 -61613562386138656339346665303962656330306261363330633161623063663433376537653037 -31633965633835366464373938343164396366393439626432336237353066376333623136333161 -34386537663964306434346364303637623264303063633531643361386437373766313336326330 -39326163633231663138393632343064306430396166663362316137616236306566663432373331 -65356661353133666138376137386363623133383338393561333365663337366637626132333735 -62383636383333323432363730353136333836636662656163323830643638623932353133313962 -33316563323865336239613466343034663730313633326364363432326433316233326166386132 -35393534343962353461303536386139373338336533653530383664303734656236646632353937 -31313563343439663461636336623364643130666330383932313839373161653433366564626530 -33303565333438323136343531313133653136633636346666316138356361326162393635376531 -36336463663863613661353664303135313233373561363866393832306333363361316462643165 -35666637663739613830386562646266643263633235623230336133653135376662643333363661 -30386531306335613538373635376664613434303833323835343235306230633038363339383432 -62623462313530393361323465353134623638363962383833373530346561303439363933646361 -39623037623835383366633635363636616330646164313664303037633665373463653233616432 -61303133663731646531616165376330333764313038353137666264346135353737613433363161 -32376365343265326239373764336466366131326661613730353536616639376364663139643138 -64353663643161653539336638336431393261343366343338396162666461356465303830363435 -30363330666563343732396262343034656264353237393238636436663661333431393332616561 -65653564353864646665306662393937623439353531613930643365313765313130336166363531 -35316537373237613364393263653764333736313563363362343436333162303464356637393261 -31376336373739626363613237633236356533646430653531656535333064313437613063383035 -63623333643461613364633538663462396138346537306538333132323231333864663632303364 -38343239613633666265303364353035313861323430666362333566363530626631333032633332 -33626364653239343436636234363934653730333839656333343161303633326530633432326231 -65303766633465396232306230343861363432393537306139663339316635643662306432373661 -37383361626261366561303632366663656135623730366462623964396332613764613636373736 -65386263353934653764636636316464303164363835313732383062356436366633616435616133 -62653361653965316332623266376636663131643464376362333061393964346265323034373962 -62333366643264656337366530303137656630666230376165633437653132303938616162346463 -31356235303039323937666134363133366632363937366662383561623764363132666634303030 -38616366666563613763623738393334363932393630303661626234626463633331643139366334 -65636661303730373264626132313835623436316561313064313062333137643737653130663835 -65323464383366393139646262626439656235306136663139323465363362633030363634636462 -32353536636538636637653834616566363833363639376666343864356231633737326130646433 -36613237323137356162386266373664653365653930623635393031386362633835383062613332 -34313166376362643338346630393132626364646539666530356637643864646136303164393130 -66616265653465626136333130653835636265383363666161316330396132356135396264323833 -31656434613535333138653733343432383331313766613966313834616665343732356430333135 -37336536363137373539303161346161343464613166663138373630646539316430633265643866 -33363335626232353736396531653065663735353039666434326465613139316266613239303263 -38646130356363643063653865656463643863396237656162303739343665333038383437663339 -39343161343666663731653265373531373465346438376463656535666136346334336431356536 -65656262383061386137373639356435323964613065613932386661386362363961656364633431 -31323037666465623466306430653133343836303330343337653131303630633231613161376636 -63386363373938396664633562313132643336353465303236313666653064626162323431303563 -62316366653735353038616537633036336430396365336433396138636465333061343164313464 -31306166396264303063366239333538366530333235646663656263613964613435326431303933 -65396137626634323432306439346364323039336366326562376531343938396632363330646538 -32386137333636323334666265383931653064303734316430393762333462396462396262343432 -39656437316564303833373132343162376238613531316465663634343934343564313336613330 -66633761353536313237363038336363376363623634373065383161666639323165383662373766 -39323361623930653764613566316462653730613632663130613039363330383533393865633233 -32613533306166633030313761376264646335356236616161666461363731313934346231376564 -31653065373237616562643739623432623132313965303161616162356439323064616331323136 -35666263373333336136336362626565363037643836346564336536633566636138396232333037 -63613134313130616432373838633964616634346132353061663337333662396339373665643030 -31323431366361643335386534393739656632386539356133613062653266643739313465653465 -63663438306362656436383634396461383233323766356632373133626139363165663734643835 -66613565353837373134373161656434396266316261643432323633393961633861313032623030 -32323830633038306166656164373465386334666266306361396266313764366136656139336562 -36326138636130383032663066363532303464386562643535383439363630643031386630373439 -31656636333034303131313433343236313661353961396533383839383734336461366164373539 -62386335623036646462306162326333666366366133633661353163386633663235646566333332 -65616533303636653066643339333765626139393561373663653663323536656433303561383738 -61636266643663363961636439303534316635383362616530656435643764383433323433613639 -36373864643164373364316536303962633533393866393965346261316632363338373065616436 -30653433386536386131643230333761363639326532333837623638643831383663333766616137 -34656665653239313936386337653435656435316261366137373138643663313630613863326261 -38336433633538393864356137616465343831626539323336626665663036653335616665323763 -32663661383966613362646431316333383466393531653364636462343634626564343438653332 -65656266626466323130363763346436333763343162373361326166636430333563373233313332 -37373032326665646265376135633765643466636533643965306161383962626533663333336536 -353133313336393639373965653035323366 +30333937303238376536303166643966383131366566613435346433313461333366656366333637 +3365373234323063303538386635323230616665663038390a636533363233303666333936613136 +35303931383338383035636639623238613338646264623939343539633037323264613036383266 +3339316238306263320a323761623938396364396638623461636136393361636237343936393336 +31376535623265313132366435306562626432326462396461643663636238653830373336373137 +35663261343964376137666361383662323964613737393431666635326132363930336236323731 +38666263656535643661646233363466363861653862663633353562373835356135653665376663 +32323161663736646263363863623061303339366339653931643632396566613537373230383535 +64643862313961623564336665356462393531313939613563323330343265366237643131633936 +36623434366366666431396337393766656537323465313531646561313465613838343839323532 +61386264363061303137363165356365643836646233333861326535343865303333616166643630 +35643665646437353762303331613032653130323930336263336334636661396262646138616231 +37363532366666323434343735643332386335383664363761373038373934653765653939353039 +32323663376431373664366236366439396234376139303164383935643431646330663134396365 +35363930336261316463353932376337323235333661633164373166343038376332626564626534 +35353637363939613131386336633261393531303235643933633264353935636366623433336366 +63396131313664626364393663343764663663373436623930343633333136353438653237626232 +37336235393037393330613433383564626263353939656265616166643733646661326135343563 +38646362373135386163333362643165373334633036346132373634616330313664346238646462 +32643634646464623535393864363565636139393562353364313264303264316431393938656338 +66636131646339343237393234316365323266356265626430376236363763303961376166313432 +62343833373565653965313463656530363432376130656630633336653766633433626134343463 +65633135353235666562306463383536373733303831383230353165623964356639376337386232 +36343639633539373538323465356436313266336364626131656462303238303338613131656465 +35636136643263313938613039306339643763343238336332663737373538653839313736616662 +39333437323563633136383737613063333931303736376235316636633030303637383939303235 +35323932336262343061666639646662353563383361313835343433343338373730303430646635 +64363833323264666533653466366665313438366635643333666432343832373162313364303863 +66393231353130323232656134633938626433303238386634383766386334653362333162616366 +38643730303835316161643766353436633862623264333731663632343161616634333239643133 +65346164386666356566636532616530363766653662306561343863383262316233356338633234 +35393064373538306633356538386261646232383064343565613966336436356637333932336564 +39336563306364316364646464663234386335623235656335306162633261393032386331636361 +39613263653838316238623230636637313061353037383534663836666637376132633738383032 +34643561366134663932376261306239326366323935313739633034343765343761396233646234 +37646363313463316538626539316365343839613039326261653839386630663863313964326665 +37306534636664333964653932653534346564323531316535633736373965643535396437656433 +33306536366634336166306235333735663933616635633561666331303530303630653537613063 +30633731383937346335393465656538623233346437323137373038633733386563313338393364 +36636666306238633166303032353163396365373231326232356366396263363464636436656262 +61363233663363613035663836646635303665626630643138663731656538383664306461616662 +37313630663130346637393366393930316336383838363431613339353434646164323338643564 +61333732333661323364336531343237643632353364336533633766316235363763353033656664 +65656532383266353264356465303135636561613038653435306633396461633038373035376164 +37366338646165333564613639633539353363653862393034313763333363396236633462396133 +35623932636164353739666433393465393031303337663239383538656537393365323164356232 +35326131326333303731623933363262356466663864333665633565623336346437613439316338 +64343466396331343035303532633632356532626133646136393061613431363762343339333238 +34616535633133666162316132366333663738656538353439313961323464666535333839383837 +34303331626539653163643539363763363538306238356332623661646436663635623364383730 +64623564386538666237303066383936666461616363343836366635313634653664656530326439 +36323764303130353731336333366438633737313535633361316330363436333032363630646337 +66626466363231393938386537633234623230323662346263643839333837346531323636623133 +62333438666562636230326530393535306465396334623464343330393336393934303336633237 +39653831333839316338346335336339646238343430356464663039396133343532363364346235 +30663739373466616434393230383832633137313936373331353637653866616532323239353237 +39663030373639613164313766623532383566373430383139666538373536643463303331346166 +38623762336630313439343263383833303762373030383035336538626162626164376133303633 +64373236653462393932633862363866386661356139663835336231316366656637303062323233 +32383131343561333361663466373964656364303235353531346661653431303234616464353236 +63653535363137333033633534616365363261353733336136333564303566393766643037316237 +37653732363230313031633433343230313839393135653137353734653435626431356539343364 +38383364353262303463323639373766323965336263363035623330303039613735343362353865 +34613332636366353333643533326164633637663061363965646464303162616132343330356131 +30613230636339653263343631643962623364356564333066306339626230306239653466306231 +61366437323639353563663666303933393535616136343736383133396238383466303663623132 +63616466643235623265343837386266333330633662613366616163666334643731656335323862 +61346432343366396664616531626530353139343763316530633766303139356536333439383663 +34306466353839653261633233353637353863666637313030383939336233353131313236343561 +31353166323062303238386439323834626537333862343733616536363165663133343531333630 +36383438656137336330353263356133333233303736366536316339656264346435323464643364 +33633262343666623761356131393464623433646437313161393965363132303537373537336166 +36383239386330313864323166386133313162383533643435356265316630386535663764326137 +37306365613463303539323837333539303262306331353332323931393161303663393765636339 +38363532333761323038346661346338323632343239336466643664356132393138386161353161 +35666435663231373065623337356630666132353165333962396635666336633739616562303638 +36313161363265643561656134363932616333306362303965306362343837333366363339323336 +61326239346330373833323465633961366335336530623834636232383638373761346461376234 +38613862386637306232386239353864306230666637333664386135393437653835343232666138 +63306263396337626565633736343865313237326336626333626639393233393864303662633766 +39643435313463326364633336613735323936356261656662396538326234613331356163383334 +63653562386636323834363962623335303636336138616137303230663336343130613537366231 +35366235346261646132396231616136363437636565383235656462366265353765326163373832 +33346265303964316336393837313161356366616134353733376130646234616137663162396530 +32633038313535313232336532356538393835303039343563363833373839663263363531356134 +66633761343066313333366663313961666536383865373766326563326634656335323232336231 +39663932666461623331343730623965396136616337643161353363316664623538316361303466 +34316636663138663033643964356161323730616333336333336239653237323235386531643235 +31363161396230656265616562346261656230366362303735326136613939633339393563316664 +65303065626463633862663837353636643030366463353638366563363631666264633564336261 +34333231323665666665613536336434653864366165613063653839643064383662613665663138 +31326134366164663639386261656430333966386432663666316333353165626463396264616462 +37643132633961323532353237383433326633383337313131643934663363633364393536343134 +30623137323038666239326535646534353734653234666566313334653462393338303962636564 +66303736333336336638386132343166613834386138633633343635613262613537346464313062 +36336533373035313135653234313832316337333738303836663039343139316633636331343862 +63373036363237393562363861333933303636623435353562363666643136353665303431613465 +64616230333230313632353364396565653337643333653933303733613761383138306433386363 +62343636316166376131363231623766383038663738666462316238626531383137336662656234 +65643265643631303364356232333535633931613236613137613435343061336362313332306138 +61663230316564323335383132363133333139353233636566663332356138303139363638336461 +63363063616136356333363465633137646234343036316463636130633566316364303662656461 +64333366363061623535346434613664343464666135316136363062333131363030326333316338 +64316133633735663234373030333836313130613663636234653033323030623263333839313139 +36626438386666333233356161643432613139313231316336396434663165643565336235323565 +62303735323966363235393334636232343966336535303863346362386365353166393965643335 +31363036623433313137336665313263663761383436396263396631316535363665633136373239 +33393739623438383466633830363135646536323935363963653536356334656438366338376264 +37326334656239666239376533366236306237306664666234343332646366393662343735356466 +32626364373362323136616663333136363561626337323962386439616237373861346662626165 +30383032663337633735613866663665623633356166623862303965313466623761646231633930 +63313432666435316662396534383632626333376162643132323766613832656635353161626637 +32343935363330666332613633363465643732333030356331363263333035323863633362653031 +63376539373865636366343862333861663137643666613732636538356637313966353461336462 +32626166643534333934666133376239363966393337356134633366306563303065316539663233 +36333337363337613764383162373536396234616336386233306630343762386132373135383131 +64663834656162306636356561303736353961373134323138376564363966336135323366333730 +31653965623962323439353234653439333563346636623762313565343961316666396161616330 +32306137353636323330373564653038343036356635346635343131326635643364306633356465 +34373965313561393966363363386261656638646237363233613863643839653731616330663666 +33653238366630323033353736323861376138313630376163343362643633643934663161373733 +33633164313562306237393363383262613038346535623166633533336438636362373033336231 +64303033303531306631323337306130393538356265313066396637633061333561313566326163 +34393530643532373666396130313231363765343739623239656235643637303062333838653661 +33316463656238316533343462366338336134326232333561383732353561306632616635343337 +30393131616132663065643366313937653138346637626665663739303866343939623564363761 +35373961326135336531356633356637646161613265633765313132613238373562363330386162 +66623230353564366635343332343564386161663438376431356232636237366437623864653530 +37666438633731366562666136323239623462376435346535313933633866343564626633366164 +34333431633939616238373561393830393130653366366361613465663538383639636230613566 +65626234386632353262303933363637303835646438613139373334366364313166613466663564 +34306564666463323432663234633561306164323036636339333963363036326432633538646362 +36643662616564316236323334613365333666613233383165326638336134393934646464303062 +65616537616538343866313763636164393236373334316234666564353639636330333332393833 +63353962623336653666613361326265353762636263346331396639373731323832396130386662 +62633030636537633265306239383466346636393436366135383434366439333434373532336530 +30616334613232653734656330633130373865303639656436346439316334383437626466313431 +37313664373561346130656337303161623635363434613732336531623366623265383130386430 +62323066663564626336343032313932373561646638616531343034306665383137633932646162 +38633131366331323836643164613430313565626332366637356262653936616664363036303939 +62383031373566643334353735616632663166663163343233326561633833363839303036623836 +61343039626566333238653235313238383239316535323965663465663634383039613436333735 +30633037663637663562666437376336613963356531333436363863313364383733306438326162 +33303763303063333264643434383164613863653939393531336361326264393332666163653464 +31376365633535326462323763626162313336396266353236646462643233613232666438383766 +31646331373331616262383666316561373061393966633935623464663565323062386462303738 +64393836666439346236323932336637646231363166363438373866633461633534383165383430 +30373437316530383565393439323335653438303561353463363261663135653361343166353533 +39623135386662663534613461643863343035663839616333343462643265636235316630633737 +31663233383332336235386133373236633866373865303231323637353933353336316538616431 +31613833356538333237306266303866373935343862663433303466376461393336636630343539 +66653965326165613862626135656163396330643535303339346263373235383262666330376333 +35633861316332646336303462303135646432353439343230333765666261633834353030383531 +64636335326166353730643764636262653730383235363765366234373738653062313039393530 +35373763313865366562386265666264326265666533613630623237626238383531363965333264 +65666233613061653763313964653632363539376133656362313533343033326135633734366561 +33643635313161376533653861303731373539323738643462643032306138346365613064323231 +39313161393362363263353064363536636532383435633638613239363463653862303333663065 +38303863323233623966363237376133663630356235333033643661633664346264643865353166 +66633937616236656135636265373334623461306362353032633765623930653331386534613631 +62623463306635383266666534303261326236343231306334373434316634666165353165396233 +61383038363134646633656163643732323764323462636464383139613531303333336137396464 +32363433633965393039343861663562376561313630646338363338333333663635663937633061 +66386164636166346634623832633333333261633864336535623732396434386531353232303534 +32303433663433383564323234396534633335623534306631353766613339366536393061363233 +34613061313238323136343638386139326130353863343131356565376632376466323666306639 +35333839313033326237643361393439336162663930333731313834623034336130383432653865 +30633461356439316530633063663732656234373436663463646566303861653039656139626165 +31356636363231393936633739393830616631666366396231613561656337363136386130366164 +38616338613737326137353765626433343336643237383239656362653035623065633333303535 +38613436646430333933613633653534643632623365353132343432336461383036646630313565 +35326633356539323433346434616137343833383739653562333265313833663537613235313130 +32613061333030353065373135346636373130326166356163396338396166356137613835333437 +33366162386662303839613938353962346634313730323635316231383431663233616232356565 +31313638353038636266613834663666636134353864333666623536346561336433373966303538 +31353037643737656334396233313131353166383633313531323939663237353563656565356665 +64336632396165376361376534623366393032626232346137663637393966336365373435646462 +39383939383663663562626564386432323837616438653531643737656636623234396530376433 +62323131356235616461383532363065633864396230313764326138363565373263616538303261 +37393139616236353239613130386637633231383235653439356139633033373635316364353731 +62656561366636393938656162666462653539313665353939336537666633663430363333653466 +6333613030663163343838306631313935323133303134646565 From b3fa8a455dbc47c32c09acbe9665a6e659951ac1 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 10 Mar 2021 17:13:56 +0100 Subject: [PATCH 65/78] Add/Update password for postgres db codimd, etherpad and synapse --- group_vars/all/vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 599e834..4d85954 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -20,6 +20,7 @@ ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}" postgresql_services_url: 'services-bdd.adm.auro.re' postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}" postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}" +postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}" # Scripts will tell users to go there to manage their account intranet_url: 'https://re2o.auro.re/' From 630377edad07492ec340429901286d095b193f58 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 17:21:58 +0100 Subject: [PATCH 66/78] Create users and databases on bdd-ovh --- host_vars/bdd-ovh.adm.auro.re.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index 78aeff4..959dd82 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -19,4 +19,26 @@ postgresql_hosts: user: codimd net: 127.0.0.1/32 method: md5 + +postgresql_databases: + - synapse + - codimd + - etherpad + +postgresql_users: + - name: synapse + database: synapse + password: "{{ postgresql_synapse_passwd }}" + privs: + - ALL + - name: codimd + database: codimd + password: "{{ postgresql_codimd_passwd }}" + privs: + - ALL + - name: etherpad + database: etherpad + password: "{{ postgresql_etherpad_passwd }}" + privs: + - ALL ... From 6095d9cef99a8374b3b2a9a5a8518e9f8cebf321 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 18:18:08 +0100 Subject: [PATCH 67/78] Add 'no_log' for postgres passwords --- roles/postgresql_server/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 0dc5c1c..ed45e1a 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -69,5 +69,6 @@ role: "{{ item.name }}" privs: "{{ item.privs | join(',') }}" obj: "{{ item.database }}" + no_log: true loop: "{{ postgresql_users }}" ... From df4bee29808a3cd242675b662968d7ecfe57ab5c Mon Sep 17 00:00:00 2001 From: Jeltz Date: Wed, 10 Mar 2021 20:14:02 +0100 Subject: [PATCH 68/78] Add kanboard database to bdd-ovh --- group_vars/all/vars.yml | 1 + group_vars/all/vault.yml | 367 +++++++++++++++--------------- host_vars/bdd-ovh.adm.auro.re.yml | 12 +- 3 files changed, 195 insertions(+), 185 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 4d85954..282dfd5 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -21,6 +21,7 @@ postgresql_services_url: 'services-bdd.adm.auro.re' postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}" postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}" postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}" +postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}" # Scripts will tell users to go there to manage their account intranet_url: 'https://re2o.auro.re/' diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index f961428..db7cad5 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,183 +1,186 @@ $ANSIBLE_VAULT;1.1;AES256 -30333937303238376536303166643966383131366566613435346433313461333366656366333637 -3365373234323063303538386635323230616665663038390a636533363233303666333936613136 -35303931383338383035636639623238613338646264623939343539633037323264613036383266 -3339316238306263320a323761623938396364396638623461636136393361636237343936393336 -31376535623265313132366435306562626432326462396461643663636238653830373336373137 -35663261343964376137666361383662323964613737393431666635326132363930336236323731 -38666263656535643661646233363466363861653862663633353562373835356135653665376663 -32323161663736646263363863623061303339366339653931643632396566613537373230383535 -64643862313961623564336665356462393531313939613563323330343265366237643131633936 -36623434366366666431396337393766656537323465313531646561313465613838343839323532 -61386264363061303137363165356365643836646233333861326535343865303333616166643630 -35643665646437353762303331613032653130323930336263336334636661396262646138616231 -37363532366666323434343735643332386335383664363761373038373934653765653939353039 -32323663376431373664366236366439396234376139303164383935643431646330663134396365 -35363930336261316463353932376337323235333661633164373166343038376332626564626534 -35353637363939613131386336633261393531303235643933633264353935636366623433336366 -63396131313664626364393663343764663663373436623930343633333136353438653237626232 -37336235393037393330613433383564626263353939656265616166643733646661326135343563 -38646362373135386163333362643165373334633036346132373634616330313664346238646462 -32643634646464623535393864363565636139393562353364313264303264316431393938656338 -66636131646339343237393234316365323266356265626430376236363763303961376166313432 -62343833373565653965313463656530363432376130656630633336653766633433626134343463 -65633135353235666562306463383536373733303831383230353165623964356639376337386232 -36343639633539373538323465356436313266336364626131656462303238303338613131656465 -35636136643263313938613039306339643763343238336332663737373538653839313736616662 -39333437323563633136383737613063333931303736376235316636633030303637383939303235 -35323932336262343061666639646662353563383361313835343433343338373730303430646635 -64363833323264666533653466366665313438366635643333666432343832373162313364303863 -66393231353130323232656134633938626433303238386634383766386334653362333162616366 -38643730303835316161643766353436633862623264333731663632343161616634333239643133 -65346164386666356566636532616530363766653662306561343863383262316233356338633234 -35393064373538306633356538386261646232383064343565613966336436356637333932336564 -39336563306364316364646464663234386335623235656335306162633261393032386331636361 -39613263653838316238623230636637313061353037383534663836666637376132633738383032 -34643561366134663932376261306239326366323935313739633034343765343761396233646234 -37646363313463316538626539316365343839613039326261653839386630663863313964326665 -37306534636664333964653932653534346564323531316535633736373965643535396437656433 -33306536366634336166306235333735663933616635633561666331303530303630653537613063 -30633731383937346335393465656538623233346437323137373038633733386563313338393364 -36636666306238633166303032353163396365373231326232356366396263363464636436656262 -61363233663363613035663836646635303665626630643138663731656538383664306461616662 -37313630663130346637393366393930316336383838363431613339353434646164323338643564 -61333732333661323364336531343237643632353364336533633766316235363763353033656664 -65656532383266353264356465303135636561613038653435306633396461633038373035376164 -37366338646165333564613639633539353363653862393034313763333363396236633462396133 -35623932636164353739666433393465393031303337663239383538656537393365323164356232 -35326131326333303731623933363262356466663864333665633565623336346437613439316338 -64343466396331343035303532633632356532626133646136393061613431363762343339333238 -34616535633133666162316132366333663738656538353439313961323464666535333839383837 -34303331626539653163643539363763363538306238356332623661646436663635623364383730 -64623564386538666237303066383936666461616363343836366635313634653664656530326439 -36323764303130353731336333366438633737313535633361316330363436333032363630646337 -66626466363231393938386537633234623230323662346263643839333837346531323636623133 -62333438666562636230326530393535306465396334623464343330393336393934303336633237 -39653831333839316338346335336339646238343430356464663039396133343532363364346235 -30663739373466616434393230383832633137313936373331353637653866616532323239353237 -39663030373639613164313766623532383566373430383139666538373536643463303331346166 -38623762336630313439343263383833303762373030383035336538626162626164376133303633 -64373236653462393932633862363866386661356139663835336231316366656637303062323233 -32383131343561333361663466373964656364303235353531346661653431303234616464353236 -63653535363137333033633534616365363261353733336136333564303566393766643037316237 -37653732363230313031633433343230313839393135653137353734653435626431356539343364 -38383364353262303463323639373766323965336263363035623330303039613735343362353865 -34613332636366353333643533326164633637663061363965646464303162616132343330356131 -30613230636339653263343631643962623364356564333066306339626230306239653466306231 -61366437323639353563663666303933393535616136343736383133396238383466303663623132 -63616466643235623265343837386266333330633662613366616163666334643731656335323862 -61346432343366396664616531626530353139343763316530633766303139356536333439383663 -34306466353839653261633233353637353863666637313030383939336233353131313236343561 -31353166323062303238386439323834626537333862343733616536363165663133343531333630 -36383438656137336330353263356133333233303736366536316339656264346435323464643364 -33633262343666623761356131393464623433646437313161393965363132303537373537336166 -36383239386330313864323166386133313162383533643435356265316630386535663764326137 -37306365613463303539323837333539303262306331353332323931393161303663393765636339 -38363532333761323038346661346338323632343239336466643664356132393138386161353161 -35666435663231373065623337356630666132353165333962396635666336633739616562303638 -36313161363265643561656134363932616333306362303965306362343837333366363339323336 -61326239346330373833323465633961366335336530623834636232383638373761346461376234 -38613862386637306232386239353864306230666637333664386135393437653835343232666138 -63306263396337626565633736343865313237326336626333626639393233393864303662633766 -39643435313463326364633336613735323936356261656662396538326234613331356163383334 -63653562386636323834363962623335303636336138616137303230663336343130613537366231 -35366235346261646132396231616136363437636565383235656462366265353765326163373832 -33346265303964316336393837313161356366616134353733376130646234616137663162396530 -32633038313535313232336532356538393835303039343563363833373839663263363531356134 -66633761343066313333366663313961666536383865373766326563326634656335323232336231 -39663932666461623331343730623965396136616337643161353363316664623538316361303466 -34316636663138663033643964356161323730616333336333336239653237323235386531643235 -31363161396230656265616562346261656230366362303735326136613939633339393563316664 -65303065626463633862663837353636643030366463353638366563363631666264633564336261 -34333231323665666665613536336434653864366165613063653839643064383662613665663138 -31326134366164663639386261656430333966386432663666316333353165626463396264616462 -37643132633961323532353237383433326633383337313131643934663363633364393536343134 -30623137323038666239326535646534353734653234666566313334653462393338303962636564 -66303736333336336638386132343166613834386138633633343635613262613537346464313062 -36336533373035313135653234313832316337333738303836663039343139316633636331343862 -63373036363237393562363861333933303636623435353562363666643136353665303431613465 -64616230333230313632353364396565653337643333653933303733613761383138306433386363 -62343636316166376131363231623766383038663738666462316238626531383137336662656234 -65643265643631303364356232333535633931613236613137613435343061336362313332306138 -61663230316564323335383132363133333139353233636566663332356138303139363638336461 -63363063616136356333363465633137646234343036316463636130633566316364303662656461 -64333366363061623535346434613664343464666135316136363062333131363030326333316338 -64316133633735663234373030333836313130613663636234653033323030623263333839313139 -36626438386666333233356161643432613139313231316336396434663165643565336235323565 -62303735323966363235393334636232343966336535303863346362386365353166393965643335 -31363036623433313137336665313263663761383436396263396631316535363665633136373239 -33393739623438383466633830363135646536323935363963653536356334656438366338376264 -37326334656239666239376533366236306237306664666234343332646366393662343735356466 -32626364373362323136616663333136363561626337323962386439616237373861346662626165 -30383032663337633735613866663665623633356166623862303965313466623761646231633930 -63313432666435316662396534383632626333376162643132323766613832656635353161626637 -32343935363330666332613633363465643732333030356331363263333035323863633362653031 -63376539373865636366343862333861663137643666613732636538356637313966353461336462 -32626166643534333934666133376239363966393337356134633366306563303065316539663233 -36333337363337613764383162373536396234616336386233306630343762386132373135383131 -64663834656162306636356561303736353961373134323138376564363966336135323366333730 -31653965623962323439353234653439333563346636623762313565343961316666396161616330 -32306137353636323330373564653038343036356635346635343131326635643364306633356465 -34373965313561393966363363386261656638646237363233613863643839653731616330663666 -33653238366630323033353736323861376138313630376163343362643633643934663161373733 -33633164313562306237393363383262613038346535623166633533336438636362373033336231 -64303033303531306631323337306130393538356265313066396637633061333561313566326163 -34393530643532373666396130313231363765343739623239656235643637303062333838653661 -33316463656238316533343462366338336134326232333561383732353561306632616635343337 -30393131616132663065643366313937653138346637626665663739303866343939623564363761 -35373961326135336531356633356637646161613265633765313132613238373562363330386162 -66623230353564366635343332343564386161663438376431356232636237366437623864653530 -37666438633731366562666136323239623462376435346535313933633866343564626633366164 -34333431633939616238373561393830393130653366366361613465663538383639636230613566 -65626234386632353262303933363637303835646438613139373334366364313166613466663564 -34306564666463323432663234633561306164323036636339333963363036326432633538646362 -36643662616564316236323334613365333666613233383165326638336134393934646464303062 -65616537616538343866313763636164393236373334316234666564353639636330333332393833 -63353962623336653666613361326265353762636263346331396639373731323832396130386662 -62633030636537633265306239383466346636393436366135383434366439333434373532336530 -30616334613232653734656330633130373865303639656436346439316334383437626466313431 -37313664373561346130656337303161623635363434613732336531623366623265383130386430 -62323066663564626336343032313932373561646638616531343034306665383137633932646162 -38633131366331323836643164613430313565626332366637356262653936616664363036303939 -62383031373566643334353735616632663166663163343233326561633833363839303036623836 -61343039626566333238653235313238383239316535323965663465663634383039613436333735 -30633037663637663562666437376336613963356531333436363863313364383733306438326162 -33303763303063333264643434383164613863653939393531336361326264393332666163653464 -31376365633535326462323763626162313336396266353236646462643233613232666438383766 -31646331373331616262383666316561373061393966633935623464663565323062386462303738 -64393836666439346236323932336637646231363166363438373866633461633534383165383430 -30373437316530383565393439323335653438303561353463363261663135653361343166353533 -39623135386662663534613461643863343035663839616333343462643265636235316630633737 -31663233383332336235386133373236633866373865303231323637353933353336316538616431 -31613833356538333237306266303866373935343862663433303466376461393336636630343539 -66653965326165613862626135656163396330643535303339346263373235383262666330376333 -35633861316332646336303462303135646432353439343230333765666261633834353030383531 -64636335326166353730643764636262653730383235363765366234373738653062313039393530 -35373763313865366562386265666264326265666533613630623237626238383531363965333264 -65666233613061653763313964653632363539376133656362313533343033326135633734366561 -33643635313161376533653861303731373539323738643462643032306138346365613064323231 -39313161393362363263353064363536636532383435633638613239363463653862303333663065 -38303863323233623966363237376133663630356235333033643661633664346264643865353166 -66633937616236656135636265373334623461306362353032633765623930653331386534613631 -62623463306635383266666534303261326236343231306334373434316634666165353165396233 -61383038363134646633656163643732323764323462636464383139613531303333336137396464 -32363433633965393039343861663562376561313630646338363338333333663635663937633061 -66386164636166346634623832633333333261633864336535623732396434386531353232303534 -32303433663433383564323234396534633335623534306631353766613339366536393061363233 -34613061313238323136343638386139326130353863343131356565376632376466323666306639 -35333839313033326237643361393439336162663930333731313834623034336130383432653865 -30633461356439316530633063663732656234373436663463646566303861653039656139626165 -31356636363231393936633739393830616631666366396231613561656337363136386130366164 -38616338613737326137353765626433343336643237383239656362653035623065633333303535 -38613436646430333933613633653534643632623365353132343432336461383036646630313565 -35326633356539323433346434616137343833383739653562333265313833663537613235313130 -32613061333030353065373135346636373130326166356163396338396166356137613835333437 -33366162386662303839613938353962346634313730323635316231383431663233616232356565 -31313638353038636266613834663666636134353864333666623536346561336433373966303538 -31353037643737656334396233313131353166383633313531323939663237353563656565356665 -64336632396165376361376534623366393032626232346137663637393966336365373435646462 -39383939383663663562626564386432323837616438653531643737656636623234396530376433 -62323131356235616461383532363065633864396230313764326138363565373263616538303261 -37393139616236353239613130386637633231383235653439356139633033373635316364353731 -62656561366636393938656162666462653539313665353939336537666633663430363333653466 -6333613030663163343838306631313935323133303134646565 +65623030336636323834313162306633623333666663633162356162313233393137646365363161 +3334363038323835666431626538383433626162373330360a656162303733653437633637663535 +62626630663332373761656137633165666531303137303565313236663564623061643631373333 +3164306333653734350a333333653630616462386637613432623039303931393661393563306137 +37326564333837306230326637626131666232646564383130623137613939633163313532653836 +62393766623065376135343062346362623466336234633239343530366432313336653863346534 +34346563666638643136316236626561396534316332623730633936646631623866383631633763 +32306236316334626632393736643135306333363135333566353062653866313161653763646336 +34636465663639396335353562343936333263616363653535303934646361656135383938626134 +34376335303564623436643735363262346334316465366435373435343338373666383635393666 +36643032613636643138373432393739626230326437386366386132636535313137313765616464 +31623461373166613237356362663939323633653565623830303334353834363561373832623163 +35316137633630633736383265333666636436326433653134313038626132633537316162376539 +37323338333235333836326161396236666661636464373163333934376662636639356432366565 +63363266633266643332663934356564323466646666656530336662353336346333366639613130 +33633039343666633536616237386265313863323537353466363432303632323265656265323166 +33313135333932363934386432663863383836333862333162333935313562626430353663636335 +34653231343964376531306366313264363930613432343864396130653666636332366239636236 +33343431353737323534396235613931666262626430303637626236393134386136366164306138 +64396238363030616465303634366339353731363461383432353434373735336363656266316336 +66313064653233653965646630313632336536643530363562613039313439366437353663363265 +30386238363562326263303164366436653334316164646633356666366631653636303835303738 +39366163613434623861376138363134616662343231306536396531366433313963383234373764 +64326664343736663264626432643664326563383633353364383963353733343864373766666534 +34393638613864333265313732333632373565303537316463623337326363383539336566646664 +66363764323261323330346338336133346136623431616333373235313565643164613432613861 +61346137356133343063636562336633646537373666323763626430633439323632326635383562 +36373461623931613162663466333065336237656265366437663035663831616363383066623731 +62326462313238373631386362393737323731643865623763333833316637323533656562663536 +30326465323164356436326463386137336439326231623534326164323530303239363161643762 +61313261333265366631656631326366313464336264626163653363333565353137313863646631 +62636534346534336136643164383766323631353837326561616436633139653531356533303432 +32616434653237376664353134363464613231366136323330646439623132306464623138393162 +34613931633736633532346634303535366430323164313764653832336464303337626634313861 +37333863316666353935363663613531643039613534393539343762363732383362333639356435 +61303663363438383733636663346362373033383130636431386636616366666537393937396633 +33653836343865326433316233306661653831613239376561393834653032633462306238373730 +61336266333364616533633433383663363564373334313934633132626238303036326339313932 +37323435663537376563343336666262343065316436346663623432333064326136316630633763 +65343538313163346539346336643237663431623861653433616639333130643162366539633238 +61306335346366363935373438353765333238323037343033626132323730326437656163353765 +39343863363366343764613533346537363661353234646364663037623030306334653264386630 +36653030316134656236373336616435363337643637623539633865333963363137363433383338 +62636330626631393438326365396331656361646263343863326635393666383638636337343339 +64313462623564326462636131313163353036393938393634376436306163663863653462663431 +66363334353039303266333430316239646533653337383164303837396130333366353465643965 +35383939633336386537626662316263383331336565643237396334643737313232306464363638 +34393131656232323865333739666639346335646336376666643065353538653530323338356639 +64623965326161386430323337326433343334363435316237626666363161353362383361326438 +35336431653033333261396632393966653463366637636539663165356532616331633837343435 +66356536313037623139613966356139363737656437356238636433366635313137623639366230 +36373837383462623966343535383434633932656133326565353063343530363066343365323462 +32333666373263353063346535343639623230613733363832323636313830636234326436613438 +30363765356637626134353763663938376134653539336436336336303834633533616664376535 +32613061363262303839313062666261363032363364366662333364653532373163653434366261 +39336233313232393331303732333735346434656436353466313932656239306631383237626565 +63313166326538663732363438393263643533636536333665663038383739383334366136646564 +33383936393463323235623038393138386164656164623439393734656336343835313135393165 +37616232633036383237643730313061323563643163633662393334353133343730656630643762 +39333937303931666161613037313837343836643330356538343264633761343432373161393061 +63393933383238356235613663343362656466353330383333393636386438306161623434343836 +35313030383235663461306539663666393234306332306536653862616138656135393131343462 +61633735303134326639663061643935373533336430306538363365623063663536376234356363 +65653432636430333330303131633263386265386662656131353833393138643732356336376335 +31393438393734336465396633306565343139626135386432343061623232363337326664366632 +36613434616662373431613238326464396437363935646437306665313936323732396165633266 +33343166333665373937656338333930343338373061633639393463316538373630626561333761 +63323336643133323962613435303134613230343033666336646132303462323037383139656166 +31323038653738666463323164366662363138663833393637313437633861353462663935616632 +65653939353435653337353966373135333036653061333438353136616434643563393465323735 +65373230373036353466356338343835363035653031363864316232613232323365353932313061 +62626432303334646365616330626261633066306661303537353264653235643632386466336236 +30316261666461616337363562323865636234356638653661336261373761383365386639303638 +38663763313931323266373162303136323433656466393330646462643438336236613530363636 +35353763373463376531323536613563643865346334646164326561663962393034643438326437 +30306437343331346233383036656663613038623137363962626462613762653262633035623539 +31613932313237343263373333313434386562623465663365306433333635366339616333393430 +63626466333934336130313038626136626466323563323630373965303435626664633138333838 +37643538353138303332653435343139383265363933646134636236656131643932353932303135 +65353438656431613335653838656462333731316665303063623464316462633961656464313933 +36366161623661393865346162383966323531396432646432383663326231373162373462633539 +31303138626662326637376536303532393636326530366362336437633639306436366531313636 +31613332656466343832316632313161336135663661333739646136313137386634633066316535 +66613334303139353463613866323431613037333239353839623165356233653361613063646335 +33386263616164303631653162633330633136666635376635623437656263306466623462366563 +61636334616134376230343265623336373863303463623833663761333039333335626665613661 +62626133316338303333613863373663623166323438656566653936616532343065383232323437 +38353731643561663461336561313637656563333230353963366632396637333033303365626562 +65373463653735313732353165643530336232396562653030623037303463326565643465363764 +38316663356535373432656563336538633765393031663339666638366138346564366162303436 +66363164633432326632306561643662663265666465373537383335303432616138613939366133 +39396430386437353163323935366265306339326563343530366161333330376535313737396537 +39353330323938326662303863323738626535643465656438376339643437653639666133633663 +39303464326237653933616238663839313730343731383132613062613736376232646366346365 +37653136393335396338346536393865316134343365623338623761303661343637336332316535 +31633133356263336534643230383034383164396630343131396533313864333963316433366130 +38653461303736343861333161343832363934386230393662616463386534336264626363386562 +62633832316664323032353835663266653534393733343166303763333434323633616233656131 +37333266356337656532386336373563353634656265313061363063356637353366636236653333 +31643535373762353663613035316464323033303438623635336637636265363363393961396435 +33646438366139323230623235666630663863633961393036376463386538313633626163323365 +36633266646330623463336434363934376438326465303938316432643035373236626437663766 +36303737386132383261663764386333343532626334633961373666376232633739663164323132 +61323230316266333837363537316165376261363738363762373231356533666332376333663239 +30646161666434363236633432616163323530643766363533653733346436303461643235343038 +65663738633032643334303737666565666137616437613662363062636664326235663737613863 +37653164653437356136623563653238366236613964663337336132326232653762643363623664 +66656166346230643930653232323234653266393730323735636164303230623766393630393262 +63333661396231323430343462656339653466363562303830643233636164303162376631383733 +38346231623835333762656135663366616566313963323732663037323338326231613465343462 +65616432626432333538396336353965353636636339336239653536613865643265353939656333 +66663933343664366163323730336337356634656436326661336636313363663165336161396333 +31626163303863653332613733663666383234303164346564646531366261323262636263353036 +64666135336264343636396466396564303665623965346163373337376331396233396561613765 +32636331376665396132313839653232306535613737653936366438323962333235336530396338 +63633737633630646164376361363631623862643363363066376364653965313837373462393832 +66336138366132626536323766393832386261396436336537316661383633613065393032636530 +63323866643266666637363633616535613032653930663734636663363865336565663864356234 +34626262663363376436346463393164646534386135303065623462623861353133656437323861 +33623938366635343930633264303530323164396661393338303163386539353938373237633436 +35663762353762313935313832383338663430363865343537663530613761303239356563363533 +37306162663831663464316464303136396539343030303631613964313165396531303665653761 +61383061653364383962663138356366373039366139613536633936633739343133376337613038 +62393730636433613037383665303430663666363663646564343935313063386135323963623965 +35643734656336623961363432363362393132613432303239393761353136636265613334373634 +34396335663037383661663832373937653639633531653064303732656332643962643866306337 +34303232623963623562613162623562366539393464663966366464643639343432663338616331 +30323461396138663334396265313134646263613033353833656465633537356261366261393261 +39303764633636376438656435633737366464343630653735313630386539623462653133396161 +36353235343635386636646361623465323135323239613161346563343263646235326232353863 +62646434333866653830316166656439643464393337306132376433633439376131366664383464 +36393635343265333530653166306263383236656136313136376436393531653334323564663236 +30653235343233636334626330363031373433396565663439333033623062313261643632306164 +66616338633261356136313334313365356234316262313439623563383330356233363438313833 +63313131316461333438363939626636346463366665393433653036663931643537613162393561 +34626662303462343239313265653838313634323230656130373163313863313162383736363835 +39663337353638613836636263373136623266373732373665353164376534623732313532306366 +31353930343062653532386237616433373437663239636230386133393766376238353064656366 +61666637646433333366313661353438313337643861333932313662636462346463643664356165 +62373338313237353936636138666539643166626631646163653262343365326637626133353361 +33663961373334376137393036383833356361383539653362343866386438633366353439323832 +38663461313431636562613435303237363163323936323530393966663361326365623564633865 +66356433626637376238653865303236646433316164666366303131336331616562323865643566 +36643664363363323566353730303339666262663434393863376234656136643865653135383861 +61396366383939656130616661396263396331666137666662323932303032623162396633346335 +65326362353933663437356235656530343833313136313662643236626661653332613539393638 +62656232326238313333623263333366366533313335336330643666383033333038336164316135 +61346335633139303163326433353633616562363866396234636138386638356235343035363436 +35633737336262383264383065343234373534663564316133643738306638393539353136356630 +63613238663066666336626262343933346433393438356565646565613566386566336138386661 +30373162333837656131653238393533646663323730626538316437363865626335626635666437 +34366663636366303438373032343235333634666637666336313061663239316663613861646133 +30383639666362346634303437383035306661623735643139643062653836366631336261643137 +36393135633338646238653763613935366566363032343730313666656539353866643564336661 +61643261393134303362303666393465643933363962653734646664643033386263346566316332 +36633166356665666161616530356439653832323064633662656138356435386434336431396664 +34373737643936316133343364353165653130376434646639633866336536373534396235633035 +33333734343835323565323863316364613132656665356639623364376538613539626137353564 +66343833653435383465376332363533326661373333303435303562396366616231306463396562 +65353966613832386235646539643033653335376131333333646237393431363163643630353135 +35666264626564623732346565613662303938643034326130646332663530383136333865386266 +31313633613739633865363736646138353937306438646532363033383539613534666437663961 +61313632613433353437306233626463373335366564653661643038373338303937316366316332 +64386132326633306336653134333038316639363538653735383266366239663861333830656438 +34393734363665656337626461376234306632623937353863333531313231616365316431303732 +32323436663736396439396361663965653632333066373764353561303030666134383836393537 +65323038373363316537323533646566396431326634336564306562636232316563613734366339 +37326465623137303436346430333263373437656632373039303338626130333834663564633535 +39353865376134383637633866356536393766376132396666656235396363656635633630656165 +38303439626438623166326331373036386263393331366266356539333533323864613932643335 +36303537636131386231613062383163346664643261323263393264343862386562313931616261 +34666533613831343764663630623139616634636531393861306337636239346131323437396337 +61633064663938613135666334396330363463636166653966653333326235343563633834666634 +38353937646265363964626661343565306331646363303038666264613833653962663237353538 +64393465363061653837343131373566336139643632323461323635343535313164383766343233 +61393136636536366433333766303263663839383064323430366666646163663663316138663532 +66363061626363396561353435386266653832313430633337346234333430393338353632383335 +64323765636634303632663135306533366232333665383333383936653033373332333331656261 +37326164666235323538633963616562633938626131346266366531333133333832393966326637 +62376661383562633834353631393933626237316431366237613634356666343031623566666330 +61623137336433383139633233356263643237393966613366326632303865353866643332316662 +35343239643933313031656534336165666161393566636435663039653438643832636232386566 +34326266353631333731636433333639316638643162653234346365353762353333316138303861 +36353932656264336165363532313366636536386661663934363761653362623362346431336530 +63663064656539343361383963663366626566306431353238633832353335383535 diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index 959dd82..68faa14 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -15,15 +15,16 @@ postgresql_hosts: user: synapse net: 10.128.0.56/32 method: md5 - - database: codimd - user: codimd - net: 127.0.0.1/32 + - database: kanboard + user: kanboard + net: 10.128.0.150/32 method: md5 postgresql_databases: - synapse - codimd - etherpad + - kanboard postgresql_users: - name: synapse @@ -41,4 +42,9 @@ postgresql_users: password: "{{ postgresql_etherpad_passwd }}" privs: - ALL + - name: kanboard + database: kanboard + password: "{{ postgresql_kanboard_passwd }}" + privs: + - ALL ... From d233fc2759559c3245cad2e7b10f75b232181426 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Thu, 11 Mar 2021 13:23:15 +0100 Subject: [PATCH 69/78] Update of threesold for warning battery --- monitoring.yml | 1 + roles/prometheus/templates/prometheus/alert.rules.yml.j2 | 2 +- roles/prometheus/templates/prometheus/snmp.yml.j2 | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/monitoring.yml b/monitoring.yml index 76ef704..8d25fbf 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -107,6 +107,7 @@ vars: prometheus_alertmanager: docker-ovh.adm.auro.re:9093 snmp_unifi_password: "{{ vault_snmp_unifi_password }}" + snmp_switch_community: "{{ vault_snmp_switch_community }}" # Prometheus targets.json prometheus_targets: diff --git a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 index 028d5d0..bf4127b 100644 --- a/roles/prometheus/templates/prometheus/alert.rules.yml.j2 +++ b/roles/prometheus/templates/prometheus/alert.rules.yml.j2 @@ -119,7 +119,7 @@ groups: summary: "La tension de sortie de {{ $labels.instance }} est de {{ $value }}V." - alert: UpsTimeRemainingWarning - expr: upsEstimatedMinutesRemaining < 15 + expr: upsEstimatedMinutesRemaining < 8 for: 1m labels: severity: warning diff --git a/roles/prometheus/templates/prometheus/snmp.yml.j2 b/roles/prometheus/templates/prometheus/snmp.yml.j2 index e8849d8..7f543db 100644 --- a/roles/prometheus/templates/prometheus/snmp.yml.j2 +++ b/roles/prometheus/templates/prometheus/snmp.yml.j2 @@ -14,6 +14,7 @@ eatonups: - 1.3.6.1.2.1.33.1.3 - 1.3.6.1.2.1.33.1.4 - 1.3.6.1.4.1.534.1.6 + - 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4 get: - 1.3.6.1.2.1.1.3.0 metrics: From a64864150fb7a06d5c4dafa29d6c5f2b09ec7781 Mon Sep 17 00:00:00 2001 From: pz2891 Date: Thu, 11 Mar 2021 13:33:03 +0100 Subject: [PATCH 70/78] Remove services-web from hosts --- hosts | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts b/hosts index 7cf9128..ba53414 100644 --- a/hosts +++ b/hosts @@ -31,7 +31,6 @@ re2o-ldap.adm.auro.re re2o-db.adm.auro.re services-bdd-local.adm.auro.re backup.adm.auro.re -services-web.adm.auro.re mail.adm.auro.re wikijs.adm.auro.re prometheus-aurore.adm.auro.re From 69516012a24c6558edba116c21969966575a9fcf Mon Sep 17 00:00:00 2001 From: Jeltz Date: Thu, 11 Mar 2021 19:28:14 +0100 Subject: [PATCH 71/78] Add databases for Grafana and CAS --- group_vars/all/vars.yml | 4 +- group_vars/all/vault.yml | 378 +++++++++++++++--------------- host_vars/bdd-ovh.adm.auro.re.yml | 20 ++ 3 files changed, 216 insertions(+), 186 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 282dfd5..55125de 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -17,11 +17,13 @@ ldap_admin_password: "{{ vault_ldap_admin_password }}" ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}" # Databases -postgresql_services_url: 'services-bdd.adm.auro.re' +postgresql_services_url: 'bdd-ovh.adm.auro.re' postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}" postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}" postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}" postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}" +postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}" +postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}" # Scripts will tell users to go there to manage their account intranet_url: 'https://re2o.auro.re/' diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index db7cad5..88ebc9c 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,186 +1,194 @@ $ANSIBLE_VAULT;1.1;AES256 -65623030336636323834313162306633623333666663633162356162313233393137646365363161 -3334363038323835666431626538383433626162373330360a656162303733653437633637663535 -62626630663332373761656137633165666531303137303565313236663564623061643631373333 -3164306333653734350a333333653630616462386637613432623039303931393661393563306137 -37326564333837306230326637626131666232646564383130623137613939633163313532653836 -62393766623065376135343062346362623466336234633239343530366432313336653863346534 -34346563666638643136316236626561396534316332623730633936646631623866383631633763 -32306236316334626632393736643135306333363135333566353062653866313161653763646336 -34636465663639396335353562343936333263616363653535303934646361656135383938626134 -34376335303564623436643735363262346334316465366435373435343338373666383635393666 -36643032613636643138373432393739626230326437386366386132636535313137313765616464 -31623461373166613237356362663939323633653565623830303334353834363561373832623163 -35316137633630633736383265333666636436326433653134313038626132633537316162376539 -37323338333235333836326161396236666661636464373163333934376662636639356432366565 -63363266633266643332663934356564323466646666656530336662353336346333366639613130 -33633039343666633536616237386265313863323537353466363432303632323265656265323166 -33313135333932363934386432663863383836333862333162333935313562626430353663636335 -34653231343964376531306366313264363930613432343864396130653666636332366239636236 -33343431353737323534396235613931666262626430303637626236393134386136366164306138 -64396238363030616465303634366339353731363461383432353434373735336363656266316336 -66313064653233653965646630313632336536643530363562613039313439366437353663363265 -30386238363562326263303164366436653334316164646633356666366631653636303835303738 -39366163613434623861376138363134616662343231306536396531366433313963383234373764 -64326664343736663264626432643664326563383633353364383963353733343864373766666534 -34393638613864333265313732333632373565303537316463623337326363383539336566646664 -66363764323261323330346338336133346136623431616333373235313565643164613432613861 -61346137356133343063636562336633646537373666323763626430633439323632326635383562 -36373461623931613162663466333065336237656265366437663035663831616363383066623731 -62326462313238373631386362393737323731643865623763333833316637323533656562663536 -30326465323164356436326463386137336439326231623534326164323530303239363161643762 -61313261333265366631656631326366313464336264626163653363333565353137313863646631 -62636534346534336136643164383766323631353837326561616436633139653531356533303432 -32616434653237376664353134363464613231366136323330646439623132306464623138393162 -34613931633736633532346634303535366430323164313764653832336464303337626634313861 -37333863316666353935363663613531643039613534393539343762363732383362333639356435 -61303663363438383733636663346362373033383130636431386636616366666537393937396633 -33653836343865326433316233306661653831613239376561393834653032633462306238373730 -61336266333364616533633433383663363564373334313934633132626238303036326339313932 -37323435663537376563343336666262343065316436346663623432333064326136316630633763 -65343538313163346539346336643237663431623861653433616639333130643162366539633238 -61306335346366363935373438353765333238323037343033626132323730326437656163353765 -39343863363366343764613533346537363661353234646364663037623030306334653264386630 -36653030316134656236373336616435363337643637623539633865333963363137363433383338 -62636330626631393438326365396331656361646263343863326635393666383638636337343339 -64313462623564326462636131313163353036393938393634376436306163663863653462663431 -66363334353039303266333430316239646533653337383164303837396130333366353465643965 -35383939633336386537626662316263383331336565643237396334643737313232306464363638 -34393131656232323865333739666639346335646336376666643065353538653530323338356639 -64623965326161386430323337326433343334363435316237626666363161353362383361326438 -35336431653033333261396632393966653463366637636539663165356532616331633837343435 -66356536313037623139613966356139363737656437356238636433366635313137623639366230 -36373837383462623966343535383434633932656133326565353063343530363066343365323462 -32333666373263353063346535343639623230613733363832323636313830636234326436613438 -30363765356637626134353763663938376134653539336436336336303834633533616664376535 -32613061363262303839313062666261363032363364366662333364653532373163653434366261 -39336233313232393331303732333735346434656436353466313932656239306631383237626565 -63313166326538663732363438393263643533636536333665663038383739383334366136646564 -33383936393463323235623038393138386164656164623439393734656336343835313135393165 -37616232633036383237643730313061323563643163633662393334353133343730656630643762 -39333937303931666161613037313837343836643330356538343264633761343432373161393061 -63393933383238356235613663343362656466353330383333393636386438306161623434343836 -35313030383235663461306539663666393234306332306536653862616138656135393131343462 -61633735303134326639663061643935373533336430306538363365623063663536376234356363 -65653432636430333330303131633263386265386662656131353833393138643732356336376335 -31393438393734336465396633306565343139626135386432343061623232363337326664366632 -36613434616662373431613238326464396437363935646437306665313936323732396165633266 -33343166333665373937656338333930343338373061633639393463316538373630626561333761 -63323336643133323962613435303134613230343033666336646132303462323037383139656166 -31323038653738666463323164366662363138663833393637313437633861353462663935616632 -65653939353435653337353966373135333036653061333438353136616434643563393465323735 -65373230373036353466356338343835363035653031363864316232613232323365353932313061 -62626432303334646365616330626261633066306661303537353264653235643632386466336236 -30316261666461616337363562323865636234356638653661336261373761383365386639303638 -38663763313931323266373162303136323433656466393330646462643438336236613530363636 -35353763373463376531323536613563643865346334646164326561663962393034643438326437 -30306437343331346233383036656663613038623137363962626462613762653262633035623539 -31613932313237343263373333313434386562623465663365306433333635366339616333393430 -63626466333934336130313038626136626466323563323630373965303435626664633138333838 -37643538353138303332653435343139383265363933646134636236656131643932353932303135 -65353438656431613335653838656462333731316665303063623464316462633961656464313933 -36366161623661393865346162383966323531396432646432383663326231373162373462633539 -31303138626662326637376536303532393636326530366362336437633639306436366531313636 -31613332656466343832316632313161336135663661333739646136313137386634633066316535 -66613334303139353463613866323431613037333239353839623165356233653361613063646335 -33386263616164303631653162633330633136666635376635623437656263306466623462366563 -61636334616134376230343265623336373863303463623833663761333039333335626665613661 -62626133316338303333613863373663623166323438656566653936616532343065383232323437 -38353731643561663461336561313637656563333230353963366632396637333033303365626562 -65373463653735313732353165643530336232396562653030623037303463326565643465363764 -38316663356535373432656563336538633765393031663339666638366138346564366162303436 -66363164633432326632306561643662663265666465373537383335303432616138613939366133 -39396430386437353163323935366265306339326563343530366161333330376535313737396537 -39353330323938326662303863323738626535643465656438376339643437653639666133633663 -39303464326237653933616238663839313730343731383132613062613736376232646366346365 -37653136393335396338346536393865316134343365623338623761303661343637336332316535 -31633133356263336534643230383034383164396630343131396533313864333963316433366130 -38653461303736343861333161343832363934386230393662616463386534336264626363386562 -62633832316664323032353835663266653534393733343166303763333434323633616233656131 -37333266356337656532386336373563353634656265313061363063356637353366636236653333 -31643535373762353663613035316464323033303438623635336637636265363363393961396435 -33646438366139323230623235666630663863633961393036376463386538313633626163323365 -36633266646330623463336434363934376438326465303938316432643035373236626437663766 -36303737386132383261663764386333343532626334633961373666376232633739663164323132 -61323230316266333837363537316165376261363738363762373231356533666332376333663239 -30646161666434363236633432616163323530643766363533653733346436303461643235343038 -65663738633032643334303737666565666137616437613662363062636664326235663737613863 -37653164653437356136623563653238366236613964663337336132326232653762643363623664 -66656166346230643930653232323234653266393730323735636164303230623766393630393262 -63333661396231323430343462656339653466363562303830643233636164303162376631383733 -38346231623835333762656135663366616566313963323732663037323338326231613465343462 -65616432626432333538396336353965353636636339336239653536613865643265353939656333 -66663933343664366163323730336337356634656436326661336636313363663165336161396333 -31626163303863653332613733663666383234303164346564646531366261323262636263353036 -64666135336264343636396466396564303665623965346163373337376331396233396561613765 -32636331376665396132313839653232306535613737653936366438323962333235336530396338 -63633737633630646164376361363631623862643363363066376364653965313837373462393832 -66336138366132626536323766393832386261396436336537316661383633613065393032636530 -63323866643266666637363633616535613032653930663734636663363865336565663864356234 -34626262663363376436346463393164646534386135303065623462623861353133656437323861 -33623938366635343930633264303530323164396661393338303163386539353938373237633436 -35663762353762313935313832383338663430363865343537663530613761303239356563363533 -37306162663831663464316464303136396539343030303631613964313165396531303665653761 -61383061653364383962663138356366373039366139613536633936633739343133376337613038 -62393730636433613037383665303430663666363663646564343935313063386135323963623965 -35643734656336623961363432363362393132613432303239393761353136636265613334373634 -34396335663037383661663832373937653639633531653064303732656332643962643866306337 -34303232623963623562613162623562366539393464663966366464643639343432663338616331 -30323461396138663334396265313134646263613033353833656465633537356261366261393261 -39303764633636376438656435633737366464343630653735313630386539623462653133396161 -36353235343635386636646361623465323135323239613161346563343263646235326232353863 -62646434333866653830316166656439643464393337306132376433633439376131366664383464 -36393635343265333530653166306263383236656136313136376436393531653334323564663236 -30653235343233636334626330363031373433396565663439333033623062313261643632306164 -66616338633261356136313334313365356234316262313439623563383330356233363438313833 -63313131316461333438363939626636346463366665393433653036663931643537613162393561 -34626662303462343239313265653838313634323230656130373163313863313162383736363835 -39663337353638613836636263373136623266373732373665353164376534623732313532306366 -31353930343062653532386237616433373437663239636230386133393766376238353064656366 -61666637646433333366313661353438313337643861333932313662636462346463643664356165 -62373338313237353936636138666539643166626631646163653262343365326637626133353361 -33663961373334376137393036383833356361383539653362343866386438633366353439323832 -38663461313431636562613435303237363163323936323530393966663361326365623564633865 -66356433626637376238653865303236646433316164666366303131336331616562323865643566 -36643664363363323566353730303339666262663434393863376234656136643865653135383861 -61396366383939656130616661396263396331666137666662323932303032623162396633346335 -65326362353933663437356235656530343833313136313662643236626661653332613539393638 -62656232326238313333623263333366366533313335336330643666383033333038336164316135 -61346335633139303163326433353633616562363866396234636138386638356235343035363436 -35633737336262383264383065343234373534663564316133643738306638393539353136356630 -63613238663066666336626262343933346433393438356565646565613566386566336138386661 -30373162333837656131653238393533646663323730626538316437363865626335626635666437 -34366663636366303438373032343235333634666637666336313061663239316663613861646133 -30383639666362346634303437383035306661623735643139643062653836366631336261643137 -36393135633338646238653763613935366566363032343730313666656539353866643564336661 -61643261393134303362303666393465643933363962653734646664643033386263346566316332 -36633166356665666161616530356439653832323064633662656138356435386434336431396664 -34373737643936316133343364353165653130376434646639633866336536373534396235633035 -33333734343835323565323863316364613132656665356639623364376538613539626137353564 -66343833653435383465376332363533326661373333303435303562396366616231306463396562 -65353966613832386235646539643033653335376131333333646237393431363163643630353135 -35666264626564623732346565613662303938643034326130646332663530383136333865386266 -31313633613739633865363736646138353937306438646532363033383539613534666437663961 -61313632613433353437306233626463373335366564653661643038373338303937316366316332 -64386132326633306336653134333038316639363538653735383266366239663861333830656438 -34393734363665656337626461376234306632623937353863333531313231616365316431303732 -32323436663736396439396361663965653632333066373764353561303030666134383836393537 -65323038373363316537323533646566396431326634336564306562636232316563613734366339 -37326465623137303436346430333263373437656632373039303338626130333834663564633535 -39353865376134383637633866356536393766376132396666656235396363656635633630656165 -38303439626438623166326331373036386263393331366266356539333533323864613932643335 -36303537636131386231613062383163346664643261323263393264343862386562313931616261 -34666533613831343764663630623139616634636531393861306337636239346131323437396337 -61633064663938613135666334396330363463636166653966653333326235343563633834666634 -38353937646265363964626661343565306331646363303038666264613833653962663237353538 -64393465363061653837343131373566336139643632323461323635343535313164383766343233 -61393136636536366433333766303263663839383064323430366666646163663663316138663532 -66363061626363396561353435386266653832313430633337346234333430393338353632383335 -64323765636634303632663135306533366232333665383333383936653033373332333331656261 -37326164666235323538633963616562633938626131346266366531333133333832393966326637 -62376661383562633834353631393933626237316431366237613634356666343031623566666330 -61623137336433383139633233356263643237393966613366326632303865353866643332316662 -35343239643933313031656534336165666161393566636435663039653438643832636232386566 -34326266353631333731636433333639316638643162653234346365353762353333316138303861 -36353932656264336165363532313366636536386661663934363761653362623362346431336530 -63663064656539343361383963663366626566306431353238633832353335383535 +61343633663661363430326639663636383962313132646533626563366164323530386666353863 +3164643762313835303732653631363664663963613238340a646533343436623562356231383831 +30626339313739393633623830663263626236616566376662656534656563303866396433393039 +3264356462336533320a386464386334633738626135653864323363353538393263626661633439 +65343032396264343539323261353839613462613732623932303035653965626161646637333062 +39393762393661373633303762306361356339343933363936373837623733653130393937343630 +36393865626561646330613636383361373465366166363132613164333438333362613730373432 +32626530316533383639623265353039646466396663333765363531656161633732313033666663 +38623831613138386136636539366262373965393865396631306331366663333236383939336165 +64613730643964656564636535376637303832393164383462346133343432373236656365633636 +36356630343739636262626364386561623036366439333365336464643861663730613034613063 +61393666666432303366313835323639366266663933323739316463353339636465366363303139 +35313630353363393933373130653730353831393162326563316162323430306161616431656433 +32653739356236656233396531376539396462646365356336343663383563316438343862383239 +30623464343632386636343861326632346233376664393638366236303865303064653436626539 +30626539353332666261616634316239653764343366323434333265383133353466623330613935 +63346333336461346432613565303235356439616564376537363164343130353833663464346336 +35363930303637626134643936643336323366373136313032333264633934633333636138393261 +35653930373632343838386430343961663436356539363064316638313531303364353864613861 +31306331663734396266383539323033393563653435396334656665313931346365623636306463 +65346362373335363032323866633466356363643133336330626533316365623865613163376636 +35353838353363303234393430373433613130333661303833383965643739383465316163623434 +34636133626565663062303130313530306663666665646664613639366239306461376663356332 +34303536343765373865643466623230636330316365306231643566303831313238396533343161 +65373434333561643136646232653737623737396431393334626234333262333334393634343331 +39356238646536386632653731653038646166303364376363633064343665303530396630356561 +34373238656534356166316639623232346434646132663936363238396363313864636531313764 +33343364346334373237366634626665656561343934613262313530373536316337353036333230 +39303730343638383138386138303863396631333534366233383533346232653639396566363662 +31366533386565663734626230353438353730363966356635616261356237346131616234326233 +61623633613633393265353838346436396535633839386664356534323962643761316661626162 +63666337363534653632343661373865383532313837396538633235313435333164393333383264 +63656362323561653731303332626331393531383030633231373331333032336334373330366562 +35663431316432373438326265646263633639636164323361643062636535623765623566393237 +36303766323930336538623564373038636661366132383465323431666361626134303136636234 +34393538323830323033616638656236623332623364393463303332616233313837376335643434 +33346532613264396264393834643039666465366338616133346261373336633261666234326238 +30653032633932653930633566646332623232313334353537363939376336663264313535663635 +39656630653964643462343930306232636266306639616664363864346433313239313863313666 +30653834666133353036636466643165653165303064353664393239343666646366356236643738 +61313734346334366530323935396133646534323538336333376362356664633538393933363739 +31346262303365386232376537346366303762613735366561383165653737633738303432646531 +32386162633364383737663734346464653362656633313036303261663834636334333233303039 +62656531653336333436623863633139623531643837643461663038386430316663313264643738 +34393731633163396236373038333566346432313566316539616439663939626433653637366134 +37663936643031383834343163373166373362386531373462643638656333373136356331306662 +33323533616466343165323233323238613963373035343335306636353838656337653835663835 +66383438653238316532323535393638643333623931363561663539346535393464623064373032 +63323138353466386538326137316263363166633637343632623162306331313666376666636463 +38616161353463396666313562613165366634316664663030613664366265626235613230623861 +66613532656262636161656463373266346333346636663763646566643836373436653032303133 +37323662363338663533353035653134616562303633303533303132306562346435613561636536 +38303465303331666235663034363066663034373336346539396639383530383534373732616261 +39636535323635623630313139303730663962316530333938626664623238383732303737613330 +61373331656465373639653263343736653534336563636564336137386461636465396633666132 +34386365363830346535323135663664353761646635663236383332636362306666656439383736 +39366661323532393837363139626236633538343264346535323166656530616238343039663166 +34633663396437663930633966653934643739353832636666323337363861373162326162643137 +66666633663561396162613731323331363565346435376233336132663566623462306233653836 +64663733653636646432366430353762336234333738623062623235616131626538646462646430 +33383132636161613136313061613766336235393635366232613766306532366531636265303239 +34396537656335383864626330643133313563656334666430346365363939616533643038383136 +36376537373162303265356431343432643862346634386332313662303835306239656566383531 +63396666393437636564323664663164643631326539616437343737346635363530333863393761 +39346537623966626638613166383733623338383139323431306663363433653064323738323765 +39313366353532643634643733623337666632346561333262326563636462356463326432376265 +30376337346335356362623430353161366435373032643633306136343665656335373766363166 +31396330343134356533616134613261316138386533653661626364343939613635626161636565 +63343035303637306564323035353865623166316539363938353461663137636539663964346337 +33663966316466373466643462613834663734393466653830393761386535616531613839303435 +64353062313731386663353938646363643164366163623537383236623635333239343761626463 +36666237613564303736306133326266386362613436653461356131636666613936663131616434 +32383831386262643761316630623939303064393433663063316463376235643031623631313333 +36383635386630626537643438623065386232616634303564353538613366333062653365633632 +62633137323831353631623962633533623364343031373565666434346364653830383430643366 +31643935313334623838636131316135373663626132336365336435613732326361616664623633 +35656265333264326436323262633136313563376334623339386461346131636636383165353632 +62356135663230383534366465663537336365366162346464616530393937616637623466663661 +64653361386633383433326639643134666336616234356462383231376637643262646163313366 +34306666383437383633633931303035343732663661643139663361653834376663323034306535 +62343462653264633235313561326633613936303164323366313164303062366331346132376331 +32346137383665353839393530323638653364633262383234633933383038633763383731363036 +63306564643233653631353033623162393763313661366437396139643332633166663265636636 +32646136326138663364326664656466363330656365636463306139626137663436316238393865 +63326338356332633166636430313934626438346235303161323438633162343334383738313562 +35356162366134323336643038363039633662643932316630303663373962643235643539383165 +36633638383963363032373338633165353131393466623462646538373762613364666239636666 +33666563303565313639373862326163323238373434393265333231646337643631383065323464 +62326131663831343732333239316639336536383032323831343961373761383066323366323434 +34346136633164663333353935663530653532346464663134366563346635383966323434353762 +33303561396538303465386533376432623734666166313465353039613563376262303462396163 +34663630316230633165663939333239656635666136373363306335633835353533623366376165 +36623032643666383831336134653037333333366664383436306566333366343538333734393433 +64353866396239323561313863303966323266663139653738353530303939373239633639653831 +66663464323932643633396665393231633765623561373663336631353430616230626563323861 +66373665393764653864613263333961356462616163373933623739633931323432393162343138 +64373630646437306534363233623530633563353962653130656531393137346337613365636463 +34646531386236666163393537353863626266633961653032353533353036656433663734323935 +62356434613034653966623437633364663433666537363135396534346330333832343166333731 +38323664396665313439653637333037646461633033643635643935333263356633313761323137 +33643737323938373332626661363761336236303265353261383263333439633930356565656236 +36383830313961646363363234343165633537306562643961313139316337633433386465613535 +35333038333631336663613331393837386266346137386435313031666335386439353961613062 +38656362313435313735623931626362316634383264613664643235323933363935643464353634 +64353431623033636537343061396433613365376536623933363632626639626231323736323339 +65316131626336613931333765303562316562623962353530643533636164306135386331353734 +37316266313463343034393130363732333737633033356463393564323166383533353132336432 +34663162386335613233363764396233356661633732613236303564313061653337303833373133 +66383136656337396337393233313661386538663338663933303364636566363436663164623531 +36616463646238386463623133386337623936386266373164626439303335346563333363373038 +63366233643463646431306330383537623434303534306336366163393431393538303835616261 +65336134613331363035353162303435663863653039353561643432316631626261363935663062 +31646663653535653363336539633336346561653664653764373463363364343832396665663163 +35303464323432303266333765346130396636386236376336363466633064613363633431623733 +32313863353936303932653564376163323833636133356633343065633332303064343838313561 +36363966663938386263613436663435376431376534303133643631323734373363326461336365 +64613933393539373165383536313564666163653639356164366566663437656661373836643861 +34323830316165313336323538336430333564306264616462326338323762336138303963366537 +64623761303537616439363039316365623739633435386563623832306537323232306437353932 +34323531373366633830626132393135636661656637363961363836383232326534386530353438 +63343235303463303437353537646666343434626531336639396531633939346330663831313234 +66323830393739316633646538303163326438396565376139653663326133613937663531343466 +64653161646262663539653036303832333431323165656263623831323734616438633631633330 +65346139326532393662313331646135313063653839623539636361623037306239383034313733 +65393161623935306631366633643363646539326561666631313138303937616230653831616531 +61653639363763623266326164373638366565313164373539393364323031663533623561373431 +30353162343731363336373230346663393164626663336461663065613835633631613036623538 +65303632306435613430643634353135383865333934653034326237313139313162653136323939 +39623731666230316230333539303131363462633530366361656235366563396438643836383832 +36303430303934323166353735393933636162333439313863626135643433323032613333363665 +35333132303138323538386163633264386132323439346335333237343738366130326438353161 +65303036396662643033356461656564326566323261396333336366633066616630643637363730 +39643663643162366130323333376561343037656263623863653665663431343061363436613838 +39326235336439646533626334626131656230306635323433626364336337663438646465356132 +62346463336534303863616363353638623465636331353961346137373934323363356466383864 +66653839623835393136326636666233666630646339623035666339366330666533343335616431 +35656437356136343437666563326438373561386264396561306361636366326530373061353061 +35626662376130306464356662646436383265306434313638326165623563343539366532363166 +37383564316334363365356163376338356631363365306237303562316366623237643639646636 +32353663373564633030373639343639623661613364363361636234646137326264363236346234 +62383938353636346134636666386263386238326366343864346138383036656538363265643365 +66613431613438346535383861336435653536663765633439653461336333333962396237353839 +62343738656232643564333132323634653238386437383039383064346435646263663534356438 +38613839333134346233353930303030656338363337393261623731623564343135653966656462 +35313439393165343333623832626630316164376134616563383362646630663036316336373931 +39633135616463633036366163623063656563303635353165653631333532396364643465636236 +35656161656238366532383666373033373861323939386465613737616434643061333338353339 +32626431316133306631313733376137306537633237353037393664363635303738373130313635 +32646362643432353430306132383233633739316562633762623062356163356537346132636332 +32393031663631653036323233666331633764386165643363316232623337613635306465376534 +65643030343862343636616330343462323666323235656333373331623361383464363161653839 +37363665623061363637363764313831636532653039616164663566366135323831653635626538 +34386537643361633430343139613232636563336666643138633166393333383635626237626339 +35323539666338636262663461613362313736353835623861313365656633303533393832343661 +65366262636230383139363932616361326336363166353137633165343838663162343664333136 +35323162363337613861303133373637666664353233666133323363623261396135343131623361 +34326666316230366131336133303439373938656365343165336133383639316338373334313638 +33326438636630643064623237663037336337373864363262363034376331353738636166646566 +63343062346538396434613235643764623630346366373362366161343835303532343033356434 +34323362306265353662363164306361613137363763303338643433303665333030643738376333 +65653865323362383436633964366538356333343532663833653630373265366134303464656531 +34306363613033366664336133346162393339326265626530336136626430336365396130663161 +62393666656163323030616137646636623232626634623061633363393632353338323137656538 +61353861323662623064653434353430646265626263646563353263356536376238313331623566 +33333338393430306138346364626239306339653361353266653566346439333434653932336163 +66643763306463313062323932383863363635346531666232363938303534623261336137363066 +30383266313137313064383836356634666532313565623737346232313230376437643164666363 +31386466356237633030393530656536653834363734666235386131336663303938346562623866 +38313439653036633133663535616334356133303265636631623163333638646164303732323564 +34623764323833323932643234393235353265316535623430333336353231373764396336636362 +64326139633762306436646232313536306530653265363430353465653637643561656536653964 +37383332363234636534313734393230626132613461393632323861633039663764626431363931 +61373138333830336431313232323338343064353932663932623934656235653463326365636165 +62313835396539666434366232363639653663326132653033346265613739376131643764333363 +61386239653166316234353763376632623132383232356636366131316236613638636264336530 +33343734366338306336356565323166346633363237643637366565663837326461393333373135 +30306633653461636633626432343032613661326431376630646332356534633335346466353838 +36383431656538616331316236316463353666666166313465336534393234396438646335323562 +32336262353432663331363532623735373834666139626464356565323335633036623939643234 +61623363653536383931366661666534333561666662313564383362623934393664396465366561 +65333233316432666539303832363735393666373231646530366566306432656433343036666131 +35373636343631643730343235653234326638663565636237663930663364623335343064666265 +37323165333261373532313136326164663962363133363634333036383137616431346230313135 +37386133343062653831353165323136633738386439396139353033333664306262616361623762 +65643039646466303364363434356534323866393432616362636439633334353562363065336533 +63373335383965653365666539636161363361363336376336383363306337386230366664656330 +65313161343638366564336136636438393365366330636232306130313033653036666537653964 +32366133313263306466363266616234643039366638633463346362323839316133343461333464 +33643034626437363233353331653839646361346132386431636562646236353166633836383938 +62323364303338623133323931613466306537623563646232306134373566313865363335346266 +64636638316165343861316134663066386133316166346564613030326263643130386137333739 +62643664383834346133643965366538303965373132393334623161336264633834633663333465 +6234 diff --git a/host_vars/bdd-ovh.adm.auro.re.yml b/host_vars/bdd-ovh.adm.auro.re.yml index 68faa14..2164cb6 100644 --- a/host_vars/bdd-ovh.adm.auro.re.yml +++ b/host_vars/bdd-ovh.adm.auro.re.yml @@ -19,12 +19,22 @@ postgresql_hosts: user: kanboard net: 10.128.0.150/32 method: md5 + - database: grafana + user: grafana + net: 10.128.0.150/32 + method: md5 + - database: cas + user: cas + net: 10.128.0.150/32 + method: md5 postgresql_databases: - synapse - codimd - etherpad - kanboard + - grafana + - cas postgresql_users: - name: synapse @@ -47,4 +57,14 @@ postgresql_users: password: "{{ postgresql_kanboard_passwd }}" privs: - ALL + - name: grafana + database: grafana + password: "{{ postgresql_grafana_passwd }}" + privs: + - ALL + - name: cas + database: cas + password: "{{ postgresql_cas_passwd }}" + privs: + - ALL ... From bdc59049ae2303c7cda10a7e8bbaf595ae02434f Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 13 Mar 2021 02:35:03 +0100 Subject: [PATCH 72/78] Rename file for consistency --- host_vars/{bdd.adm.auro.re => bdd.adm.auro.re.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename host_vars/{bdd.adm.auro.re => bdd.adm.auro.re.yml} (100%) diff --git a/host_vars/bdd.adm.auro.re b/host_vars/bdd.adm.auro.re.yml similarity index 100% rename from host_vars/bdd.adm.auro.re rename to host_vars/bdd.adm.auro.re.yml From 8ec838962d09dd1d36aeceabdec1778f1d844174 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 13 Mar 2021 02:35:39 +0100 Subject: [PATCH 73/78] Postgresql is version 13 on bullseye --- host_vars/bdd.adm.auro.re.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/host_vars/bdd.adm.auro.re.yml b/host_vars/bdd.adm.auro.re.yml index d1e9353..206a504 100644 --- a/host_vars/bdd.adm.auro.re.yml +++ b/host_vars/bdd.adm.auro.re.yml @@ -1,5 +1,5 @@ postgresql: - version: 11 + version: 13 hosts: # dbname, username, CIDR ip addr, auth method - [ "nextcloud", "nextcloud", "10.128.0.58", "md5" ] - [ "gitea", "gitea", "10.128.0.60", "md5" ] From 98171e449db16a939649b8c3724f028c58674240 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 13 Mar 2021 02:48:10 +0100 Subject: [PATCH 74/78] Update postgresql variable to match the new scheme in bdd.adm.auro.re --- host_vars/bdd.adm.auro.re.yml | 64 +++++++++++++++++++++++++++++++---- 1 file changed, 58 insertions(+), 6 deletions(-) diff --git a/host_vars/bdd.adm.auro.re.yml b/host_vars/bdd.adm.auro.re.yml index 206a504..bf28fcd 100644 --- a/host_vars/bdd.adm.auro.re.yml +++ b/host_vars/bdd.adm.auro.re.yml @@ -1,8 +1,60 @@ +--- postgresql: version: 13 - hosts: # dbname, username, CIDR ip addr, auth method - - [ "nextcloud", "nextcloud", "10.128.0.58", "md5" ] - - [ "gitea", "gitea", "10.128.0.60", "md5" ] - - [ "drone", "drone", "10.128.0.64", "md5" ] - - [ "wikijs", "wikijs", "10.128.0.66", "md5" ] - - [ "vote", "vote", "10.128.0.81", "md5" ] + +postgresql_hosts: + - database: nextcloud + user: nextcloud + net: 10.128.0.58/32 + method: md5 + - database: gitea + user: gitea + net: 10.128.0.60/32 + method: md5 + - database: vote + user: vote + net: 10.128.0.81/32 + method: md5 + - database: wikijs + user: wikijs + net: 10.128.0.66/32 + method: md5 + - database: drone + user: drone + net: 10.128.0.64/32 + method: md5 + +postgresql_databases: + - nextcloud + - gitea + - vote + - wikijs + - drone + +postgresql_users: + - name: nextcloud + database: nextcloud + password: "{{ postgresql_nextcloud_passwd }}" + privs: + - ALL + - name: gitea + database: gitea + password: "{{ postgresql_gitea_passwd }}" + privs: + - ALL + - name: vote + database: vote + password: "{{ postgresql_vote_passwd }}" + privs: + - ALL + - name: wikijs + database: wikijs + password: "{{ postgresql_wikijs_passwd }}" + privs: + - ALL + - name: drone + database: drone + password: "{{ postgresql_drone_passwd }}" + privs: + - ALL +... From a01a2095d699062a948babc6a5e8cb38e51fc36d Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 13 Mar 2021 03:07:35 +0100 Subject: [PATCH 75/78] Add passwords in all and vault for postgres db for wikijs, gitea, nextcloud, drone --- group_vars/all/vars.yml | 4 + group_vars/all/vault.yml | 402 ++++++++++++++++++++------------------- 2 files changed, 213 insertions(+), 193 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 55125de..e19f6de 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -24,6 +24,10 @@ postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}" postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}" postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}" postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}" +postgresql_drone_passwd: "{{ vault_postgresql_drone_passwd }}" +postgresql_wikijs_passwd: "{{ vault_postgresql_wikijs_passwd }}" +postgresql_nextcloud_passwd: "{{ vault_postgresql_nextcloud_passwd }}" +postgresql_gitea_passwd: "{{ vault_postgresql_gitea_passwd }}" # Scripts will tell users to go there to manage their account intranet_url: 'https://re2o.auro.re/' diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 88ebc9c..aba5f3e 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,194 +1,210 @@ $ANSIBLE_VAULT;1.1;AES256 -61343633663661363430326639663636383962313132646533626563366164323530386666353863 -3164643762313835303732653631363664663963613238340a646533343436623562356231383831 -30626339313739393633623830663263626236616566376662656534656563303866396433393039 -3264356462336533320a386464386334633738626135653864323363353538393263626661633439 -65343032396264343539323261353839613462613732623932303035653965626161646637333062 -39393762393661373633303762306361356339343933363936373837623733653130393937343630 -36393865626561646330613636383361373465366166363132613164333438333362613730373432 -32626530316533383639623265353039646466396663333765363531656161633732313033666663 -38623831613138386136636539366262373965393865396631306331366663333236383939336165 -64613730643964656564636535376637303832393164383462346133343432373236656365633636 -36356630343739636262626364386561623036366439333365336464643861663730613034613063 -61393666666432303366313835323639366266663933323739316463353339636465366363303139 -35313630353363393933373130653730353831393162326563316162323430306161616431656433 -32653739356236656233396531376539396462646365356336343663383563316438343862383239 -30623464343632386636343861326632346233376664393638366236303865303064653436626539 -30626539353332666261616634316239653764343366323434333265383133353466623330613935 -63346333336461346432613565303235356439616564376537363164343130353833663464346336 -35363930303637626134643936643336323366373136313032333264633934633333636138393261 -35653930373632343838386430343961663436356539363064316638313531303364353864613861 -31306331663734396266383539323033393563653435396334656665313931346365623636306463 -65346362373335363032323866633466356363643133336330626533316365623865613163376636 -35353838353363303234393430373433613130333661303833383965643739383465316163623434 -34636133626565663062303130313530306663666665646664613639366239306461376663356332 -34303536343765373865643466623230636330316365306231643566303831313238396533343161 -65373434333561643136646232653737623737396431393334626234333262333334393634343331 -39356238646536386632653731653038646166303364376363633064343665303530396630356561 -34373238656534356166316639623232346434646132663936363238396363313864636531313764 -33343364346334373237366634626665656561343934613262313530373536316337353036333230 -39303730343638383138386138303863396631333534366233383533346232653639396566363662 -31366533386565663734626230353438353730363966356635616261356237346131616234326233 -61623633613633393265353838346436396535633839386664356534323962643761316661626162 -63666337363534653632343661373865383532313837396538633235313435333164393333383264 -63656362323561653731303332626331393531383030633231373331333032336334373330366562 -35663431316432373438326265646263633639636164323361643062636535623765623566393237 -36303766323930336538623564373038636661366132383465323431666361626134303136636234 -34393538323830323033616638656236623332623364393463303332616233313837376335643434 -33346532613264396264393834643039666465366338616133346261373336633261666234326238 -30653032633932653930633566646332623232313334353537363939376336663264313535663635 -39656630653964643462343930306232636266306639616664363864346433313239313863313666 -30653834666133353036636466643165653165303064353664393239343666646366356236643738 -61313734346334366530323935396133646534323538336333376362356664633538393933363739 -31346262303365386232376537346366303762613735366561383165653737633738303432646531 -32386162633364383737663734346464653362656633313036303261663834636334333233303039 -62656531653336333436623863633139623531643837643461663038386430316663313264643738 -34393731633163396236373038333566346432313566316539616439663939626433653637366134 -37663936643031383834343163373166373362386531373462643638656333373136356331306662 -33323533616466343165323233323238613963373035343335306636353838656337653835663835 -66383438653238316532323535393638643333623931363561663539346535393464623064373032 -63323138353466386538326137316263363166633637343632623162306331313666376666636463 -38616161353463396666313562613165366634316664663030613664366265626235613230623861 -66613532656262636161656463373266346333346636663763646566643836373436653032303133 -37323662363338663533353035653134616562303633303533303132306562346435613561636536 -38303465303331666235663034363066663034373336346539396639383530383534373732616261 -39636535323635623630313139303730663962316530333938626664623238383732303737613330 -61373331656465373639653263343736653534336563636564336137386461636465396633666132 -34386365363830346535323135663664353761646635663236383332636362306666656439383736 -39366661323532393837363139626236633538343264346535323166656530616238343039663166 -34633663396437663930633966653934643739353832636666323337363861373162326162643137 -66666633663561396162613731323331363565346435376233336132663566623462306233653836 -64663733653636646432366430353762336234333738623062623235616131626538646462646430 -33383132636161613136313061613766336235393635366232613766306532366531636265303239 -34396537656335383864626330643133313563656334666430346365363939616533643038383136 -36376537373162303265356431343432643862346634386332313662303835306239656566383531 -63396666393437636564323664663164643631326539616437343737346635363530333863393761 -39346537623966626638613166383733623338383139323431306663363433653064323738323765 -39313366353532643634643733623337666632346561333262326563636462356463326432376265 -30376337346335356362623430353161366435373032643633306136343665656335373766363166 -31396330343134356533616134613261316138386533653661626364343939613635626161636565 -63343035303637306564323035353865623166316539363938353461663137636539663964346337 -33663966316466373466643462613834663734393466653830393761386535616531613839303435 -64353062313731386663353938646363643164366163623537383236623635333239343761626463 -36666237613564303736306133326266386362613436653461356131636666613936663131616434 -32383831386262643761316630623939303064393433663063316463376235643031623631313333 -36383635386630626537643438623065386232616634303564353538613366333062653365633632 -62633137323831353631623962633533623364343031373565666434346364653830383430643366 -31643935313334623838636131316135373663626132336365336435613732326361616664623633 -35656265333264326436323262633136313563376334623339386461346131636636383165353632 -62356135663230383534366465663537336365366162346464616530393937616637623466663661 -64653361386633383433326639643134666336616234356462383231376637643262646163313366 -34306666383437383633633931303035343732663661643139663361653834376663323034306535 -62343462653264633235313561326633613936303164323366313164303062366331346132376331 -32346137383665353839393530323638653364633262383234633933383038633763383731363036 -63306564643233653631353033623162393763313661366437396139643332633166663265636636 -32646136326138663364326664656466363330656365636463306139626137663436316238393865 -63326338356332633166636430313934626438346235303161323438633162343334383738313562 -35356162366134323336643038363039633662643932316630303663373962643235643539383165 -36633638383963363032373338633165353131393466623462646538373762613364666239636666 -33666563303565313639373862326163323238373434393265333231646337643631383065323464 -62326131663831343732333239316639336536383032323831343961373761383066323366323434 -34346136633164663333353935663530653532346464663134366563346635383966323434353762 -33303561396538303465386533376432623734666166313465353039613563376262303462396163 -34663630316230633165663939333239656635666136373363306335633835353533623366376165 -36623032643666383831336134653037333333366664383436306566333366343538333734393433 -64353866396239323561313863303966323266663139653738353530303939373239633639653831 -66663464323932643633396665393231633765623561373663336631353430616230626563323861 -66373665393764653864613263333961356462616163373933623739633931323432393162343138 -64373630646437306534363233623530633563353962653130656531393137346337613365636463 -34646531386236666163393537353863626266633961653032353533353036656433663734323935 -62356434613034653966623437633364663433666537363135396534346330333832343166333731 -38323664396665313439653637333037646461633033643635643935333263356633313761323137 -33643737323938373332626661363761336236303265353261383263333439633930356565656236 -36383830313961646363363234343165633537306562643961313139316337633433386465613535 -35333038333631336663613331393837386266346137386435313031666335386439353961613062 -38656362313435313735623931626362316634383264613664643235323933363935643464353634 -64353431623033636537343061396433613365376536623933363632626639626231323736323339 -65316131626336613931333765303562316562623962353530643533636164306135386331353734 -37316266313463343034393130363732333737633033356463393564323166383533353132336432 -34663162386335613233363764396233356661633732613236303564313061653337303833373133 -66383136656337396337393233313661386538663338663933303364636566363436663164623531 -36616463646238386463623133386337623936386266373164626439303335346563333363373038 -63366233643463646431306330383537623434303534306336366163393431393538303835616261 -65336134613331363035353162303435663863653039353561643432316631626261363935663062 -31646663653535653363336539633336346561653664653764373463363364343832396665663163 -35303464323432303266333765346130396636386236376336363466633064613363633431623733 -32313863353936303932653564376163323833636133356633343065633332303064343838313561 -36363966663938386263613436663435376431376534303133643631323734373363326461336365 -64613933393539373165383536313564666163653639356164366566663437656661373836643861 -34323830316165313336323538336430333564306264616462326338323762336138303963366537 -64623761303537616439363039316365623739633435386563623832306537323232306437353932 -34323531373366633830626132393135636661656637363961363836383232326534386530353438 -63343235303463303437353537646666343434626531336639396531633939346330663831313234 -66323830393739316633646538303163326438396565376139653663326133613937663531343466 -64653161646262663539653036303832333431323165656263623831323734616438633631633330 -65346139326532393662313331646135313063653839623539636361623037306239383034313733 -65393161623935306631366633643363646539326561666631313138303937616230653831616531 -61653639363763623266326164373638366565313164373539393364323031663533623561373431 -30353162343731363336373230346663393164626663336461663065613835633631613036623538 -65303632306435613430643634353135383865333934653034326237313139313162653136323939 -39623731666230316230333539303131363462633530366361656235366563396438643836383832 -36303430303934323166353735393933636162333439313863626135643433323032613333363665 -35333132303138323538386163633264386132323439346335333237343738366130326438353161 -65303036396662643033356461656564326566323261396333336366633066616630643637363730 -39643663643162366130323333376561343037656263623863653665663431343061363436613838 -39326235336439646533626334626131656230306635323433626364336337663438646465356132 -62346463336534303863616363353638623465636331353961346137373934323363356466383864 -66653839623835393136326636666233666630646339623035666339366330666533343335616431 -35656437356136343437666563326438373561386264396561306361636366326530373061353061 -35626662376130306464356662646436383265306434313638326165623563343539366532363166 -37383564316334363365356163376338356631363365306237303562316366623237643639646636 -32353663373564633030373639343639623661613364363361636234646137326264363236346234 -62383938353636346134636666386263386238326366343864346138383036656538363265643365 -66613431613438346535383861336435653536663765633439653461336333333962396237353839 -62343738656232643564333132323634653238386437383039383064346435646263663534356438 -38613839333134346233353930303030656338363337393261623731623564343135653966656462 -35313439393165343333623832626630316164376134616563383362646630663036316336373931 -39633135616463633036366163623063656563303635353165653631333532396364643465636236 -35656161656238366532383666373033373861323939386465613737616434643061333338353339 -32626431316133306631313733376137306537633237353037393664363635303738373130313635 -32646362643432353430306132383233633739316562633762623062356163356537346132636332 -32393031663631653036323233666331633764386165643363316232623337613635306465376534 -65643030343862343636616330343462323666323235656333373331623361383464363161653839 -37363665623061363637363764313831636532653039616164663566366135323831653635626538 -34386537643361633430343139613232636563336666643138633166393333383635626237626339 -35323539666338636262663461613362313736353835623861313365656633303533393832343661 -65366262636230383139363932616361326336363166353137633165343838663162343664333136 -35323162363337613861303133373637666664353233666133323363623261396135343131623361 -34326666316230366131336133303439373938656365343165336133383639316338373334313638 -33326438636630643064623237663037336337373864363262363034376331353738636166646566 -63343062346538396434613235643764623630346366373362366161343835303532343033356434 -34323362306265353662363164306361613137363763303338643433303665333030643738376333 -65653865323362383436633964366538356333343532663833653630373265366134303464656531 -34306363613033366664336133346162393339326265626530336136626430336365396130663161 -62393666656163323030616137646636623232626634623061633363393632353338323137656538 -61353861323662623064653434353430646265626263646563353263356536376238313331623566 -33333338393430306138346364626239306339653361353266653566346439333434653932336163 -66643763306463313062323932383863363635346531666232363938303534623261336137363066 -30383266313137313064383836356634666532313565623737346232313230376437643164666363 -31386466356237633030393530656536653834363734666235386131336663303938346562623866 -38313439653036633133663535616334356133303265636631623163333638646164303732323564 -34623764323833323932643234393235353265316535623430333336353231373764396336636362 -64326139633762306436646232313536306530653265363430353465653637643561656536653964 -37383332363234636534313734393230626132613461393632323861633039663764626431363931 -61373138333830336431313232323338343064353932663932623934656235653463326365636165 -62313835396539666434366232363639653663326132653033346265613739376131643764333363 -61386239653166316234353763376632623132383232356636366131316236613638636264336530 -33343734366338306336356565323166346633363237643637366565663837326461393333373135 -30306633653461636633626432343032613661326431376630646332356534633335346466353838 -36383431656538616331316236316463353666666166313465336534393234396438646335323562 -32336262353432663331363532623735373834666139626464356565323335633036623939643234 -61623363653536383931366661666534333561666662313564383362623934393664396465366561 -65333233316432666539303832363735393666373231646530366566306432656433343036666131 -35373636343631643730343235653234326638663565636237663930663364623335343064666265 -37323165333261373532313136326164663962363133363634333036383137616431346230313135 -37386133343062653831353165323136633738386439396139353033333664306262616361623762 -65643039646466303364363434356534323866393432616362636439633334353562363065336533 -63373335383965653365666539636161363361363336376336383363306337386230366664656330 -65313161343638366564336136636438393365366330636232306130313033653036666537653964 -32366133313263306466363266616234643039366638633463346362323839316133343461333464 -33643034626437363233353331653839646361346132386431636562646236353166633836383938 -62323364303338623133323931613466306537623563646232306134373566313865363335346266 -64636638316165343861316134663066386133316166346564613030326263643130386137333739 -62643664383834346133643965366538303965373132393334623161336264633834633663333465 -6234 +64396638346335393963396239326463353436373937386664393164373338376461636666326432 +3839376164613031613166313535346136396465383365660a376666373138363930393761376166 +35663763316466336162316335623362633131636264663239316264666234393637333931616139 +3434636563363237300a663032636362343739343363356363643035363431373963316161303666 +30343866336465623738613739333030323537376663383265306237346537313839656137353565 +61303237643462626564346539343933313334663330323565396438663633316239333064376664 +31356233363431313161643131303234616162613164643539643563613339313432333235383863 +61376431316661626465383562386235616166353839616235356366386534393334373064616636 +32623832643533663536626130333234366366366635393038393437313139383061633030653235 +63666366333732626166653831613731363865313461636262346635666363373938316266383738 +33306632353536663138663961623964636436373564376431623165623031353737366539313966 +36373533653139373866666435343730613530646665343333643764666263626433363262313337 +65396332666632323531333364666330366430356437383338303665646233383931306166326435 +35653538643332353536626336323034353630353564633264333334613531363839653362663730 +36326562383934363034363830313139393361363638623139663538653138393533626238303836 +38326561366536353036356163656130633430306635393763663664643936306136346163383237 +37653465656335306565333432643863623762366134313137326138613336323664323333313166 +66363438636161613362346633346434663364396536613932616461613963383339336262313731 +36636432366332356435643266353362333437333131343961336639343234363636353535636464 +39353330643136613463343435623939653964346334616131393566623330386131333262666539 +35656662323332373330353231393462646564393431646238653438386563633365333162656263 +62623536316165316662653832393364316439303865326631636337373365333035336339666666 +31323864303136616365643735306332326237666136306435626534363739373332656332336639 +38343566643062616434656338646235343234333031343038346630306639633732623733313039 +33393965653839396166326565653963303137316666663135373338613265613239643661336537 +62306634326266323662623733346164383039653936326162663165316439653332313730313535 +66613335653463396662626230653232383664363137323462353037303633633666626433306630 +39623933343736616630333539393365396636366331393136343866323766656435613262383938 +65383663663237386631333236363061306131643133336432313035396264346631656264356530 +30663636653434323531343233633431313838636434666537373439333364666635363731316464 +61623666653561623233623131666464396530316439626135653933343531303938313965393438 +30346636363136386264643161666231396533323765343434346633303162383762663763616537 +38656436353661326165393934613235376565316663643930656338333932633664643562633235 +61656232613164643735626439393731626430343437303732393163616432616336323436643737 +63626564363464396561356366616466363035663864306561616164373639376431633264633532 +37316565313636363536666566313663653637333665343036363261373765306233386535326463 +34316461346364323837326462386363313338666563623135376163656330393830663031326536 +35373935636538656566646336633435643830346136663262386463366563613665613032336533 +36373837616132666630393634656232303362613038353764353362303830323536373639306666 +66306230336430666435663061616264343137303564303764356130396434666138373132323066 +33623465663535643736383032396236613632643537633064346631383539366330363436666633 +34323133626638613936636264346662373739616136663165626339326333623365336161653230 +65626131643832306664666364333961633535313164376533343334613666303331333036643431 +65626566613937633137343538323563373737623265353436336234316439316434613962313030 +36366634383633363437373862323764366263623063653932383534353538363866643437303637 +32346533643438323632653830626163666463343366346531383830353833346164313537326332 +62623462316161663731653832653064313436633931393565323631306134613962396338353039 +39323037366235336239646539643265303061623935636263336435653831373463313131343866 +61666265616335356530376633343762343734373539613865333065343066343963383634653436 +34363431356264373166663632643232646261323332636263383065356564383663363439373732 +31636238346661616563646262353962393266613137363536346534313764376666313737306530 +63666263346231353765623130396530623362383165373863383537633464636136313130373566 +33396137366538656430653065373230376236626439316232396630326537653936356461623534 +65623562306131613633373632356264366439373137356132333062343839383132643834323463 +31353034306339663365343234396466396463663634613433663262623038363331363161623831 +33366137643963633066323837363563326137383834346430316262353834353238336264373235 +63353330656166333132306665623835316439623239333539626364313535616230626430313663 +32323335653433303233343336663935653861393961626636623264333030383365623838653862 +37663336346537336530656161613539666431366239666461343139343461613033336535306263 +66326365663132333165666239306532386338323237653832363763386464333634383731393033 +31666431366432303036313765616432353061616462393236383131373938353238613966383232 +35376635326534386533653834353966633765303165633036343133393836316637313531636333 +32376532383865323731306237633565663032666631616463636237313938663034396363373632 +62613030666166343262333865636363346131393664373633313064656463366533336335316435 +31653531366436646365636139663236393464636366666334336433396365663634336263323835 +64653634326638393133346335343665343265333133363236343566366561653831313561326239 +66393663336632333931383766633966333763333632393633353537333834643465373237386435 +33366638643861386431313030623465633938313932326264396136353336653163373636633762 +35313463313066373236623466356333616238343034616436333437363033343436353265613932 +36646538663734346434313861363664316538663766383462633434343666343230306261663231 +33643031313432333330363664396438663933636465303731373065386539363762353530323063 +34383434393062623037356637323264663961383166373736376136336237613662363038343931 +39393766323163333431373466303739363566623464646532666330653132376466346136303735 +30303537353863623164373362306334333134616364323366326636323463346461326366303034 +33646230333263366137313234646265653339326533666361363632653166326364336639333131 +66346234366334316539343734633164656132343130303939613030346263616632616434653362 +66316165626236343464373631623034396634313637303737643165303939333130313333393732 +34663134373864626466376332373731393039336336383937646535666362386666663765623132 +66313363313162323663356230383231376539363732396630623061663361373866316432623066 +36643739363361373833616237353664313666613036666161623935343233346266626165393134 +32346361323462393830366161646630303836376431316566613631343938316362383663343233 +64376265353166303032373664336632616337353339643061623661663066363433616239356561 +34633339323161396466663435396565383636653830373865346363333531396637633332653866 +38633535333035343630323633363564613030653834333538616461653566636638646137396266 +66613235306361653463643532313435383366326430383031306665373764643632653962623535 +61363438336136383635386336363533613863346264353530303565353761626466636136306335 +31383035326163393563383038383037353037666661363531633836376638393935336639333761 +62333030326639623034326331643033326431396337376630333937623063313634353032326530 +66393261663331313139643232313661356664653536326665363065646163626236306637666163 +33373837343331306632623865316461336466656131303638303035366564336330613234616535 +35356361623634646163646436623364353539623131333966383632383566313363613032393363 +65313136383834366564643234643039386664376362353435613433373266616261633263386334 +34616633653735373361656461363462636666656661326637363262363539613164336464336631 +31326535626635333662346433656262633031643134623862653831643333396633363062356361 +37343530643633663261323037333830393737366134303035333232343232333835653731623332 +62333739346563353737386664663864343561306164333432306231626233646131333264656666 +30356138376336373436333732383835303230323039326165633834336634626162326439613961 +39613435326330383662373732373537633535633032366131633062386332343264363135383038 +63643661653838636565616239353566636137656139323265326534386434306333343631353762 +32616466323663653564363832613265323534336664353965363138623762376539346338316135 +65303334313362303532653438313837336334333831343331396563626131633937386437333133 +36663834303337666461313564366561353265363263316438303235393465646434663961646137 +37646332306539393162633339643434396531663534633763616433326363383332373233636437 +61643037396361623938386466313736313235323165343964346463346339626632383535323630 +33396135303434666233353631616436653262646136623035376232316264343930626435303634 +32646133303963343239383931653631653036353535333665373536366464366466646330656466 +66623136333437346637343534396430313838636665663933376263623362363134396330356566 +37616361326463323164663036386439373539663164393038663636643166383131616164643765 +63303339653835353161663637323138376233613265373461316430353331633938336662656464 +66613464666634363931303232326461653239396234303863386533333832663530346261353135 +63656636306539353139353763663461336630373463353162623566383230366366653665326166 +31393333376434313039396234393839643863346363383535653465323261666432633935336135 +63363864386135313438373532353266353334616635653433613765393265363465656439356139 +30643864343166353263633262663036613766396633343564363633303165373631633965373730 +64636561663438646562363765623435313866303534623038383731396638306536323732626231 +63343538616631363736336164316531653137646537303436343336653434646133336534356539 +64306139643537393361666161623261353763646631386361666637656137633266343238656632 +32333866666233636164313131363666376261663930653330393436666464653731333164643836 +63386163363463343737386338653636323230653336393765386538393563356435646439626565 +38623439623364326634616639303734383330613133393665643963313932316365656563383039 +61643739333434366162663438613966343534393438373135643064623465386236353632646562 +64346137393231313461393436626335626461343661653430396536373437306336666630313934 +38616638336638303530346164663033613332366133656435656131356262343635386136636361 +39623161383636373664396535366531396231643162353938663230373762626633663638343937 +66326533386564353336366561316361646333393130316530366434383931666661646636373835 +64323135356630656134366231646130626162356237613337386232636333383261376535653032 +36366338636565616537313337323964613030393035393839626134373135646663636263633964 +66623036633266623566646566386234356562396164366166656230663738633665333531653730 +61383263656235313463666439666563656432363332616633646139363135316638613464383239 +32633732653837326332326363326265336130633065623963636338323662383234623438623333 +64653038323566326366336634313637363132343030633966313363646665313835343833376632 +39616364616236396265643232336365356235333064323432326561633730386533633064393832 +33313838373236386463366162386437356365346631633639613436356635396238646361376434 +34626238333366343831393364653064656166396535343133343131316537653263646239323061 +65393761326462656265393235663037323638333831623733323430623238626234303031303866 +64336130333164306530333062343161653532383031336464363237656264363665373739626630 +64353861383364386632613335646562623535353031303831653436633330663337613338666331 +37396466633231303032656334313033633865636231613564303733633462366162383835623563 +32616439333064663234663037623832633933303664383732646238376465353763646637623137 +66623664333364653039326431333439373934383735316231373164376365646231353935623664 +64653839613332626638623039366165356630383539333736383738326561313838383131633236 +30306537383865326533623337346138376533376137336536343163326534396564656130326361 +61623063636138323965643737313262616532346533333137346232396561373735376130356132 +37646639383430336637646134353732323262333732323434353265376262353039633963313061 +63363663353532633437333335306662313133306565623537666232353665333631653263663463 +63656264333064333662343836366131333534386662303933336665353361663938346430653264 +66383539643537313436373434363536376137333636363833626361376131633537643334383864 +34626264666437323930396562626134653063396533323139616264313063343535623636626238 +38366437626534376364623535613432313636366332353830616238666534363561646438343235 +62613664313631643137643765626437363962636137343765343562613761396266626461393236 +63613134303065623031396231366130373432633738393139393331323764623963346565373839 +64356439663964333032366363343461353130326136363731386535313661663135303237386638 +39336531333064613731323066376461373732323437386462353432613464663666363832653866 +62666461313734643562346335393434653933313661336236383933363738323066636562363230 +34666136626566376264623734393837353466616461666132623333656135346534646462633739 +36363331383337343561326536303263303739656562653536363234636130633563663161353631 +66613338323461623534613935396638343230643330636562353936343333383834303466643939 +36346532663237616132633166323630623434353338366534373366326234366566383931343837 +34613134646563383662656533666163653265326433643832626435663361336361376362633938 +38326235383664653366353162393034323866653339383139306630663835306537663563366231 +35306362663930326133363835643262393439346437653935343030653161303361303939323235 +34363438313763623934613534613334333464366361323164323337316531303332663433376363 +39326239653731653766303135343437333431636362666231393938316634663631353539386463 +66623730356336633536336634313264336236633664303864373735663837316563363666363037 +39303330623765316334666132326134376636303633393736343030323837383666333832613937 +31383033663638373666626336636539636665386465666237323232643466383236313262383235 +63303866366162393434633631323539633565363036326264376339666637316133376537633163 +66353264353337653733353034643030333932313463393132396632353030656134313064326466 +65636330346433643732313033643032393261313736343533636535643439336530663261353961 +63326231643131613665306563646331323536396232633366313036623136623636376336383438 +31363764323335666464623330333265386236643038353164303863356261653634316536303734 +33356630346666393539393931393661656666386635663965346537353365396330613061663939 +37386638653737383434393438366661303337636263666665373935316439386363663936646639 +65333532636161353538363161363138356364303661396166643435386234336132393733663562 +64383030656332343736626161653034333539343562303530336165373961356532663234366237 +38666632616439343437333366623362626339363535623162303437306334643731633662343162 +32623537383966623866613361383266353936643462613964646139653532633864643931376631 +62633433613435356561316536663364656639373733646539316566373334636133383936303166 +64366139616164636336303930306138316161306563623366633130386662306163386361353464 +30393231666266383064343234636430356564323534353339396637636632303962633665363661 +63303733333137393261316436373864333734613136373633343564373537653935366333363464 +63346430643030323039343539356364313635653863373465303134353361653664333333356132 +37623062333663323135613133373662626663353838623233386166623739656535613732636564 +63333937613233643035353136386463376661346131616562393236623338636661636661373166 +62663962666237613431396436343434353031303165363130663163616633336134353430326634 +66383463363266346630646339643563633235623065666265643066313134383534666530356561 +62373737313834373239396262663463613835643737383439653837376135303733366436333733 +36363436386233663135646134386462306434303339656632313562623037633664346562323034 +33303833373733383338306333323561656333313430323136326234343032323034646663333436 +30316661636237333266656430376535366135353534633932356135383333646261663935363734 +30666263643265306434333535346330313231386339363865643862366639663832366431663161 +37646632376633323862303764363437613332643131623138393330353633323634303337616431 +66336366646138653737333137396338646138613339336466356537626461346330646434613933 +61633835653235333637623635353565376331623464636137393861633064353739323262653166 +66393533656435306530653034313034356231616563393438333162393630306462313530353535 +31656537626163316535376234393236336631366262666539613337633461396134396563326532 +30386538383136356632653962643538613261356462323637316335323864613133316364663933 +37633661306635323361336639633561663738396133623362316437303733313838313332303264 +36363932633136373762363762303933306637646230303564313965383335386333646161353261 +31663836366639326438626463326631343162616537653266366334343538643634663831343736 +61626666616463303034323730653966383365613637633539646263396238656630333766633134 +37326438366434333066666334323137343635396464366430633931366335353231643630383161 +64353034313338346162653237666266333466313630313363636135393433653761326134353464 +62306233663930383166313033373561366231313865303662316662663236343638383731633132 +62663061613837633833613737666633343063333963626265303236366365303736636361336337 +35666536383738636239626139633031376262306165386362386462346330386334333331376338 +30386235333963333732343930613562316464323632663638323536613232666230303631336436 +37643131353437393661663934306332343037323866656665613436393237333236636661333064 +62303063393239373065346461326464396232356531393932623739643835356637 From 4150a776493aa2365ad5bd6ac3bcc855168dc615 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 13 Mar 2021 03:09:21 +0100 Subject: [PATCH 76/78] Remove vote from bdd.adm.auro.re --- host_vars/bdd.adm.auro.re.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/host_vars/bdd.adm.auro.re.yml b/host_vars/bdd.adm.auro.re.yml index bf28fcd..c0c0601 100644 --- a/host_vars/bdd.adm.auro.re.yml +++ b/host_vars/bdd.adm.auro.re.yml @@ -11,10 +11,6 @@ postgresql_hosts: user: gitea net: 10.128.0.60/32 method: md5 - - database: vote - user: vote - net: 10.128.0.81/32 - method: md5 - database: wikijs user: wikijs net: 10.128.0.66/32 @@ -27,7 +23,6 @@ postgresql_hosts: postgresql_databases: - nextcloud - gitea - - vote - wikijs - drone @@ -42,11 +37,6 @@ postgresql_users: password: "{{ postgresql_gitea_passwd }}" privs: - ALL - - name: vote - database: vote - password: "{{ postgresql_vote_passwd }}" - privs: - - ALL - name: wikijs database: wikijs password: "{{ postgresql_wikijs_passwd }}" From 65c94d8e84a9ede0fdc7a11c76703ae18b1600b4 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 13 Mar 2021 03:13:43 +0100 Subject: [PATCH 77/78] Fix trailing whitespace in the linter --- host_vars/bdd.adm.auro.re.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/host_vars/bdd.adm.auro.re.yml b/host_vars/bdd.adm.auro.re.yml index c0c0601..f782355 100644 --- a/host_vars/bdd.adm.auro.re.yml +++ b/host_vars/bdd.adm.auro.re.yml @@ -24,7 +24,7 @@ postgresql_databases: - nextcloud - gitea - wikijs - - drone + - drone postgresql_users: - name: nextcloud From 637b74a2ada52f5b897b489e60469fa8d71935eb Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 13 Mar 2021 05:05:30 +0100 Subject: [PATCH 78/78] Fix some linter issues --- .ansible-lint | 1 + roles/rsyslog_collector/tasks/main.yml | 2 +- roles/rsyslog_common/tasks/main.yml | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index d98efd4..0e01ba3 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -2,6 +2,7 @@ skip_list: - no-changed-when - load-failure - document-start + - meta-no-info warn_list: - experimental # all rules tagged as experimental diff --git a/roles/rsyslog_collector/tasks/main.yml b/roles/rsyslog_collector/tasks/main.yml index 0c122e9..dc64fcc 100644 --- a/roles/rsyslog_collector/tasks/main.yml +++ b/roles/rsyslog_collector/tasks/main.yml @@ -3,7 +3,7 @@ become: true apt: name: rsyslog-relp - state: latest + state: present when: "rsyslog_inputs | selectattr('proto', 'eq', 'relp') | list" - name: Ensure log storage directory exists diff --git a/roles/rsyslog_common/tasks/main.yml b/roles/rsyslog_common/tasks/main.yml index c3a0cc3..030fd10 100644 --- a/roles/rsyslog_common/tasks/main.yml +++ b/roles/rsyslog_common/tasks/main.yml @@ -3,13 +3,13 @@ become: true apt: name: rsyslog - state: latest + state: present - name: Install rsyslog modules if needed become: true apt: name: "{{ item.pkg }}" - state: latest + state: present when: "rsyslog_outputs | selectattr('proto', 'eq', item.proto) | list" loop: - proto: relp