From 6e77b4cb3cd7e0aa84962b2ac22fe66a660eb572 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 21 Nov 2021 09:40:37 +0100 Subject: [PATCH 01/11] Update copy-keys.sh script and SSH configuration --- README.md | 9 ++++++--- copy-keys.sh | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index cb8683f..d05d2e2 100644 --- a/README.md +++ b/README.md @@ -88,9 +88,12 @@ On va utiliser plutôt `ProxyJump`. Dans la configuration SSH : ``` -# Use a proxy jump server to log on all Aurore inventory -Host 10.128.0.* *.adm.auro.re - ProxyJump passerelle.auro.re +Host *.adm.auro.re *.pve.auro.re + # Accept new host keys + StrictHostKeyChecking accept-new + + # Use routeur-aurore to connect to administration VLANs + ProxyJump routeur-aurore.auro.re ``` Il faut sa clé SSH configurée sur le serveur que l'on déploit. diff --git a/copy-keys.sh b/copy-keys.sh index 6aa1bb6..857e1a5 100755 --- a/copy-keys.sh +++ b/copy-keys.sh @@ -15,6 +15,6 @@ for host in $HOSTS; do # sshpass can be used for non-interactive password authentication. # place your password in ldap-password.txt. - SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host" + SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host" done From 311cfb223b37ff04f6fa3d25d922f1d386443498 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 21 Nov 2021 10:06:08 +0100 Subject: [PATCH 02/11] Remove defunct servers --- hosts | 9 --------- 1 file changed, 9 deletions(-) diff --git a/hosts b/hosts index 5b24998..ad493c7 100644 --- a/hosts +++ b/hosts @@ -8,10 +8,7 @@ ############################################################################### # Aurore : main services -viviane.adm.auro.re - [aurore_pve] -merlin.adm.auro.re [aurore_vm] routeur-aurore.adm.auro.re @@ -41,7 +38,6 @@ litl.adm.auro.re log.adm.auro.re [aurore_testing_vm] -pendragon.adm.auro.re ############################################################################### # OVH @@ -51,11 +47,8 @@ horus.adm.auro.re [ovh_container] synapse.adm.auro.re -phabricator.adm.auro.re -wiki.adm.auro.re www.adm.auro.re proxy-ovh.adm.auro.re -matrix-services.adm.auro.re [ovh_vm] serge.adm.auro.re @@ -77,7 +70,6 @@ prometheus-federate.adm.auro.re perceval.adm.auro.re [fleming_pve] -freya.adm.auro.re marki.adm.auro.re [fleming_vm] @@ -350,7 +342,6 @@ gh-1-2.borne.auro.re ############################################################################### # Les Rives [rives_pve] -thor.adm.auro.re loki.adm.auro.re [rives_vm] From b2a17e20f294c5c10ae9dac7d5c9ea17909323f0 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sun, 21 Nov 2021 10:23:24 +0100 Subject: [PATCH 03/11] Rename stream to galene --- hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts b/hosts index ad493c7..984da24 100644 --- a/hosts +++ b/hosts @@ -22,7 +22,7 @@ camelot.adm.auro.re gitea.adm.auro.re drone.adm.auro.re nextcloud.adm.auro.re -stream.adm.auro.re +galene.adm.auro.re re2o-server.adm.auro.re re2o-ldap.adm.auro.re re2o-db.adm.auro.re From 11b3738fcd945a9dddace5e7f4f801a3f2b96c45 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 22 Nov 2021 18:00:57 +0100 Subject: [PATCH 04/11] ldap_client: Add one extra line to follow Debian --- roles/ldap_client/templates/nslcd.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/ldap_client/templates/nslcd.conf.j2 b/roles/ldap_client/templates/nslcd.conf.j2 index e5b8841..3fe094b 100644 --- a/roles/ldap_client/templates/nslcd.conf.j2 +++ b/roles/ldap_client/templates/nslcd.conf.j2 @@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt # The search scope. #scope sub + From cfb891d10c1d5d0545fe54defa362e228ad7aa2a Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 22 Nov 2021 18:01:11 +0100 Subject: [PATCH 05/11] Add netbox machine --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index 984da24..c216aba 100644 --- a/hosts +++ b/hosts @@ -36,6 +36,7 @@ bdd.adm.auro.re bdd-ovh.adm.auro.re litl.adm.auro.re log.adm.auro.re +netbox.adm.auro.re [aurore_testing_vm] From 1392e3fe6486fc8313617e891d6ca651873a1895 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 22 Nov 2021 18:01:21 +0100 Subject: [PATCH 06/11] Remove cached motd --- roles/update_motd/tasks/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml index f4a125d..9479003 100644 --- a/roles/update_motd/tasks/main.yml +++ b/roles/update_motd/tasks/main.yml @@ -22,6 +22,13 @@ - 20-uname notify: Remove cached motd +- name: Remove Debian uname motd + become: true + file: + path: /etc/update-motd.d/10-uname + state: absent + notify: Remove cached motd + - name: Remove Debian warranty motd become: true file: From 94b8f3730269c5bc433383a0e30bb7db9053b555 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 22 Nov 2021 18:02:53 +0100 Subject: [PATCH 07/11] rsyslog_common: remove become true --- roles/rsyslog_common/tasks/main.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/roles/rsyslog_common/tasks/main.yml b/roles/rsyslog_common/tasks/main.yml index 6ca28d1..c481935 100644 --- a/roles/rsyslog_common/tasks/main.yml +++ b/roles/rsyslog_common/tasks/main.yml @@ -1,12 +1,10 @@ --- - name: Install rsyslog - become: true apt: name: rsyslog state: present - name: Install rsyslog modules if needed - become: true apt: name: "{{ item.pkg }}" state: present @@ -18,7 +16,6 @@ pkg: rsyslog-hiredis - name: Deploy main rsyslog configuration - become: true template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -33,7 +30,6 @@ notify: Restart rsyslog - name: Create journald.conf.d directory - become: true file: path: /etc/systemd/journald.conf.d state: directory @@ -42,7 +38,6 @@ mode: u=rwx,g=rx,o=rx - name: Deploy journald configuration - become: true template: src: forward-syslog.conf.j2 dest: /etc/systemd/journald.conf.d/forward-syslog.conf @@ -52,7 +47,6 @@ notify: Restart systemd-journald - name: Deploy logrotate configuration - become: true template: src: logrotate.j2 dest: /etc/logrotate.d/rsyslog @@ -62,7 +56,6 @@ notify: Reload logrotate - name: Enable rsyslog service - become: true systemd: name: rsyslog.service state: started From 3a56439facc0c2f963dd1a818244b16b88339c2b Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 22 Nov 2021 18:03:09 +0100 Subject: [PATCH 08/11] update_motd: remove become true --- roles/update_motd/tasks/main.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml index 9479003..e0ae1f8 100644 --- a/roles/update_motd/tasks/main.yml +++ b/roles/update_motd/tasks/main.yml @@ -1,6 +1,5 @@ --- - name: Ensure update-motd.d exists - become: true file: path: /etc/update-motd.d state: directory @@ -9,7 +8,6 @@ group: root - name: Customize motd - become: true template: src: "{{ item }}" dest: "/etc/update-motd.d/{{ item }}" @@ -23,21 +21,18 @@ notify: Remove cached motd - name: Remove Debian uname motd - become: true file: path: /etc/update-motd.d/10-uname state: absent notify: Remove cached motd - name: Remove Debian warranty motd - become: true file: path: /etc/motd state: absent notify: Remove cached motd - name: Ensure motd-messages exists - become: true file: path: /etc/motd-messages state: directory @@ -47,7 +42,6 @@ notify: Remove cached motd - name: Install additional motd messages - become: true copy: content: "✨ {{ item.message }}\n" dest: "/etc/motd-messages/{{ item.key }}" From 3efc8179bc9e2d9d5fe059928fd02552553b78c3 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 22 Nov 2021 18:08:25 +0100 Subject: [PATCH 09/11] logrotate: restore Debian formatting --- roles/logrotate/templates/logrotate.conf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/roles/logrotate/templates/logrotate.conf b/roles/logrotate/templates/logrotate.conf index 7e65378..385db96 100644 --- a/roles/logrotate/templates/logrotate.conf +++ b/roles/logrotate/templates/logrotate.conf @@ -1,7 +1,24 @@ +# see "man logrotate" for details {{ ansible_managed | comment }} +# global options do not affect preceding include directives + +# rotate log files weekly weekly + +# keep 4 weeks worth of backlogs rotate 4 + +# create new (empty) log files after rotating old ones create +# use date as a suffix of the rotated file +#dateext + +# uncomment this if you want your log files compressed +#compress + +# packages drop log rotation information into this directory include /etc/logrotate.d + +# system-specific logs may also be configured here. From 2ac9c4057960b91dc941491ddb2d1d635693e28a Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 22 Nov 2021 18:12:27 +0100 Subject: [PATCH 10/11] make log.yml executable --- log.yml | 1 + 1 file changed, 1 insertion(+) mode change 100644 => 100755 log.yml diff --git a/log.yml b/log.yml old mode 100644 new mode 100755 index e63f59a..b37e4d5 --- a/log.yml +++ b/log.yml @@ -1,3 +1,4 @@ +#!/usr/bin/env ansible-playbook --- - hosts: log.adm.auro.re roles: From eed6ec558c53f46d0bf1fa799a51bf3041d021d8 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 22 Nov 2021 18:24:38 +0100 Subject: [PATCH 11/11] README: use passerelle.auro.re --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d05d2e2..541ca42 100644 --- a/README.md +++ b/README.md @@ -92,8 +92,8 @@ Host *.adm.auro.re *.pve.auro.re # Accept new host keys StrictHostKeyChecking accept-new - # Use routeur-aurore to connect to administration VLANs - ProxyJump routeur-aurore.auro.re + # Use passerelle to connect to administration VLANs + ProxyJump passerelle.auro.re ``` Il faut sa clé SSH configurée sur le serveur que l'on déploit.