Merge pull request 'pve_service' (#67) from pve_service into master

Reviewed-on: Aurore/ansible#67
2021-11-22 18:31:59 +01:00 · 2021-11-22 18:31:59 +01:00 · d23dbe2d49
commit d23dbe2d49
parent 4ccd33eec1 eed6ec558c
8 changed files with 33 additions and 25 deletions
--- a/README.md
+++ b/README.md
@ -88,8 +88,11 @@ On va utiliser plutôt `ProxyJump`.
 Dans la configuration SSH :

 ```
-# Use a proxy jump server to log on all Aurore inventory
-Host 10.128.0.* *.adm.auro.re
+Host *.adm.auro.re *.pve.auro.re
+    # Accept new host keys
+    StrictHostKeyChecking accept-new
+
+    # Use passerelle to connect to administration VLANs
    ProxyJump passerelle.auro.re
 ```

--- a/copy-keys.sh
+++ b/copy-keys.sh
@ -15,6 +15,6 @@ for host in $HOSTS; do

  # sshpass can be used for non-interactive password authentication.
  # place your password in ldap-password.txt.
-  SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
+  SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
 done

--- a/12
+++ b/12
@ -8,10 +8,7 @@
 ###############################################################################
 # Aurore : main services

-viviane.adm.auro.re
-
 [aurore_pve]
-merlin.adm.auro.re

 [aurore_vm]
 routeur-aurore.adm.auro.re
@ -25,7 +22,7 @@ camelot.adm.auro.re
 gitea.adm.auro.re
 drone.adm.auro.re
 nextcloud.adm.auro.re
-stream.adm.auro.re
+galene.adm.auro.re
 re2o-server.adm.auro.re
 re2o-ldap.adm.auro.re
 re2o-db.adm.auro.re
@ -39,9 +36,9 @@ bdd.adm.auro.re
 bdd-ovh.adm.auro.re
 litl.adm.auro.re
 log.adm.auro.re
+netbox.adm.auro.re

 [aurore_testing_vm]
-pendragon.adm.auro.re

 ###############################################################################
 # OVH
@ -51,11 +48,8 @@ horus.adm.auro.re

 [ovh_container]
 synapse.adm.auro.re
-phabricator.adm.auro.re
-wiki.adm.auro.re
 www.adm.auro.re
 proxy-ovh.adm.auro.re
-matrix-services.adm.auro.re

 [ovh_vm]
 serge.adm.auro.re
@ -77,7 +71,6 @@ prometheus-federate.adm.auro.re
 perceval.adm.auro.re

 [fleming_pve]
-freya.adm.auro.re
 marki.adm.auro.re

 [fleming_vm]
@ -350,7 +343,6 @@ gh-1-2.borne.auro.re
 ###############################################################################
 # Les Rives
 [rives_pve]
-thor.adm.auro.re
 loki.adm.auro.re

 [rives_vm]
--- a/log.yml
+++ b/log.yml
@ -1,3 +1,4 @@
+#!/usr/bin/env ansible-playbook
 ---
 - hosts: log.adm.auro.re
  roles:
--- a/roles/ldap_client/templates/nslcd.conf.j2
+++ b/roles/ldap_client/templates/nslcd.conf.j2
@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt

 # The search scope.
 #scope sub
+
--- a/roles/logrotate/templates/logrotate.conf
+++ b/roles/logrotate/templates/logrotate.conf
@ -1,7 +1,24 @@
+# see "man logrotate" for details
 {{ ansible_managed | comment }}

+# global options do not affect preceding include directives
+
+# rotate log files weekly
 weekly
+
+# keep 4 weeks worth of backlogs
 rotate 4
+
+# create new (empty) log files after rotating old ones
 create

+# use date as a suffix of the rotated file
+#dateext
+
+# uncomment this if you want your log files compressed
+#compress
+
+# packages drop log rotation information into this directory
 include /etc/logrotate.d
+
+# system-specific logs may also be configured here.
--- a/roles/rsyslog_common/tasks/main.yml
+++ b/roles/rsyslog_common/tasks/main.yml
@ -1,12 +1,10 @@
 ---
 - name: Install rsyslog
-  become: true
  apt:
    name: rsyslog
    state: present

 - name: Install rsyslog modules if needed
-  become: true
  apt:
    name: "{{ item.pkg }}"
    state: present
@ -18,7 +16,6 @@
      pkg: rsyslog-hiredis

 - name: Deploy main rsyslog configuration
-  become: true
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -33,7 +30,6 @@
  notify: Restart rsyslog

 - name: Create journald.conf.d directory
-  become: true
  file:
    path: /etc/systemd/journald.conf.d
    state: directory
@ -42,7 +38,6 @@
    mode: u=rwx,g=rx,o=rx

 - name: Deploy journald configuration
-  become: true
  template:
    src: forward-syslog.conf.j2
    dest: /etc/systemd/journald.conf.d/forward-syslog.conf
@ -52,7 +47,6 @@
  notify: Restart systemd-journald

 - name: Deploy logrotate configuration
-  become: true
  template:
    src: logrotate.j2
    dest: /etc/logrotate.d/rsyslog
@ -62,7 +56,6 @@
  notify: Reload logrotate

 - name: Enable rsyslog service
-  become: true
  systemd:
    name: rsyslog.service
    state: started
--- a/roles/update_motd/tasks/main.yml
+++ b/roles/update_motd/tasks/main.yml
@ -1,6 +1,5 @@
 ---
 - name: Ensure update-motd.d exists
-  become: true
  file:
    path: /etc/update-motd.d
    state: directory
@ -9,7 +8,6 @@
    group: root

 - name: Customize motd
-  become: true
  template:
    src: "{{ item }}"
    dest: "/etc/update-motd.d/{{ item }}"
@ -22,15 +20,19 @@
    - 20-uname
  notify: Remove cached motd

+- name: Remove Debian uname motd
+  file:
+    path: /etc/update-motd.d/10-uname
+    state: absent
+  notify: Remove cached motd
+
 - name: Remove Debian warranty motd
-  become: true
  file:
    path: /etc/motd
    state: absent
  notify: Remove cached motd

 - name: Ensure motd-messages exists
-  become: true
  file:
    path: /etc/motd-messages
    state: directory
@ -40,7 +42,6 @@
  notify: Remove cached motd

 - name: Install additional motd messages
-  become: true
  copy:
    content: "✨ {{ item.message }}\n"
    dest: "/etc/motd-messages/{{ item.key }}"