diff --git a/README.md b/README.md index cb8683f..541ca42 100644 --- a/README.md +++ b/README.md @@ -88,8 +88,11 @@ On va utiliser plutôt `ProxyJump`. Dans la configuration SSH : ``` -# Use a proxy jump server to log on all Aurore inventory -Host 10.128.0.* *.adm.auro.re +Host *.adm.auro.re *.pve.auro.re + # Accept new host keys + StrictHostKeyChecking accept-new + + # Use passerelle to connect to administration VLANs ProxyJump passerelle.auro.re ``` diff --git a/copy-keys.sh b/copy-keys.sh index 6aa1bb6..857e1a5 100755 --- a/copy-keys.sh +++ b/copy-keys.sh @@ -15,6 +15,6 @@ for host in $HOSTS; do # sshpass can be used for non-interactive password authentication. # place your password in ldap-password.txt. - SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host" + SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host" done diff --git a/hosts b/hosts index 5b24998..c216aba 100644 --- a/hosts +++ b/hosts @@ -8,10 +8,7 @@ ############################################################################### # Aurore : main services -viviane.adm.auro.re - [aurore_pve] -merlin.adm.auro.re [aurore_vm] routeur-aurore.adm.auro.re @@ -25,7 +22,7 @@ camelot.adm.auro.re gitea.adm.auro.re drone.adm.auro.re nextcloud.adm.auro.re -stream.adm.auro.re +galene.adm.auro.re re2o-server.adm.auro.re re2o-ldap.adm.auro.re re2o-db.adm.auro.re @@ -39,9 +36,9 @@ bdd.adm.auro.re bdd-ovh.adm.auro.re litl.adm.auro.re log.adm.auro.re +netbox.adm.auro.re [aurore_testing_vm] -pendragon.adm.auro.re ############################################################################### # OVH @@ -51,11 +48,8 @@ horus.adm.auro.re [ovh_container] synapse.adm.auro.re -phabricator.adm.auro.re -wiki.adm.auro.re www.adm.auro.re proxy-ovh.adm.auro.re -matrix-services.adm.auro.re [ovh_vm] serge.adm.auro.re @@ -77,7 +71,6 @@ prometheus-federate.adm.auro.re perceval.adm.auro.re [fleming_pve] -freya.adm.auro.re marki.adm.auro.re [fleming_vm] @@ -350,7 +343,6 @@ gh-1-2.borne.auro.re ############################################################################### # Les Rives [rives_pve] -thor.adm.auro.re loki.adm.auro.re [rives_vm] diff --git a/log.yml b/log.yml old mode 100644 new mode 100755 index e63f59a..b37e4d5 --- a/log.yml +++ b/log.yml @@ -1,3 +1,4 @@ +#!/usr/bin/env ansible-playbook --- - hosts: log.adm.auro.re roles: diff --git a/roles/ldap_client/templates/nslcd.conf.j2 b/roles/ldap_client/templates/nslcd.conf.j2 index e5b8841..3fe094b 100644 --- a/roles/ldap_client/templates/nslcd.conf.j2 +++ b/roles/ldap_client/templates/nslcd.conf.j2 @@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt # The search scope. #scope sub + diff --git a/roles/logrotate/templates/logrotate.conf b/roles/logrotate/templates/logrotate.conf index 7e65378..385db96 100644 --- a/roles/logrotate/templates/logrotate.conf +++ b/roles/logrotate/templates/logrotate.conf @@ -1,7 +1,24 @@ +# see "man logrotate" for details {{ ansible_managed | comment }} +# global options do not affect preceding include directives + +# rotate log files weekly weekly + +# keep 4 weeks worth of backlogs rotate 4 + +# create new (empty) log files after rotating old ones create +# use date as a suffix of the rotated file +#dateext + +# uncomment this if you want your log files compressed +#compress + +# packages drop log rotation information into this directory include /etc/logrotate.d + +# system-specific logs may also be configured here. diff --git a/roles/rsyslog_common/tasks/main.yml b/roles/rsyslog_common/tasks/main.yml index 6ca28d1..c481935 100644 --- a/roles/rsyslog_common/tasks/main.yml +++ b/roles/rsyslog_common/tasks/main.yml @@ -1,12 +1,10 @@ --- - name: Install rsyslog - become: true apt: name: rsyslog state: present - name: Install rsyslog modules if needed - become: true apt: name: "{{ item.pkg }}" state: present @@ -18,7 +16,6 @@ pkg: rsyslog-hiredis - name: Deploy main rsyslog configuration - become: true template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -33,7 +30,6 @@ notify: Restart rsyslog - name: Create journald.conf.d directory - become: true file: path: /etc/systemd/journald.conf.d state: directory @@ -42,7 +38,6 @@ mode: u=rwx,g=rx,o=rx - name: Deploy journald configuration - become: true template: src: forward-syslog.conf.j2 dest: /etc/systemd/journald.conf.d/forward-syslog.conf @@ -52,7 +47,6 @@ notify: Restart systemd-journald - name: Deploy logrotate configuration - become: true template: src: logrotate.j2 dest: /etc/logrotate.d/rsyslog @@ -62,7 +56,6 @@ notify: Reload logrotate - name: Enable rsyslog service - become: true systemd: name: rsyslog.service state: started diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml index f4a125d..e0ae1f8 100644 --- a/roles/update_motd/tasks/main.yml +++ b/roles/update_motd/tasks/main.yml @@ -1,6 +1,5 @@ --- - name: Ensure update-motd.d exists - become: true file: path: /etc/update-motd.d state: directory @@ -9,7 +8,6 @@ group: root - name: Customize motd - become: true template: src: "{{ item }}" dest: "/etc/update-motd.d/{{ item }}" @@ -22,15 +20,19 @@ - 20-uname notify: Remove cached motd +- name: Remove Debian uname motd + file: + path: /etc/update-motd.d/10-uname + state: absent + notify: Remove cached motd + - name: Remove Debian warranty motd - become: true file: path: /etc/motd state: absent notify: Remove cached motd - name: Ensure motd-messages exists - become: true file: path: /etc/motd-messages state: directory @@ -40,7 +42,6 @@ notify: Remove cached motd - name: Install additional motd messages - become: true copy: content: "✨ {{ item.message }}\n" dest: "/etc/motd-messages/{{ item.key }}"