Merge pull request 'pve_service' (#67) from pve_service into master

Reviewed-on: Aurore/ansible#67
This commit is contained in:
erdnaxe 2021-11-22 18:31:59 +01:00
commit d23dbe2d49
8 changed files with 33 additions and 25 deletions

View file

@ -88,8 +88,11 @@ On va utiliser plutôt `ProxyJump`.
Dans la configuration SSH : Dans la configuration SSH :
``` ```
# Use a proxy jump server to log on all Aurore inventory Host *.adm.auro.re *.pve.auro.re
Host 10.128.0.* *.adm.auro.re # Accept new host keys
StrictHostKeyChecking accept-new
# Use passerelle to connect to administration VLANs
ProxyJump passerelle.auro.re ProxyJump passerelle.auro.re
``` ```

View file

@ -15,6 +15,6 @@ for host in $HOSTS; do
# sshpass can be used for non-interactive password authentication. # sshpass can be used for non-interactive password authentication.
# place your password in ldap-password.txt. # place your password in ldap-password.txt.
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host" SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
done done

12
hosts
View file

@ -8,10 +8,7 @@
############################################################################### ###############################################################################
# Aurore : main services # Aurore : main services
viviane.adm.auro.re
[aurore_pve] [aurore_pve]
merlin.adm.auro.re
[aurore_vm] [aurore_vm]
routeur-aurore.adm.auro.re routeur-aurore.adm.auro.re
@ -25,7 +22,7 @@ camelot.adm.auro.re
gitea.adm.auro.re gitea.adm.auro.re
drone.adm.auro.re drone.adm.auro.re
nextcloud.adm.auro.re nextcloud.adm.auro.re
stream.adm.auro.re galene.adm.auro.re
re2o-server.adm.auro.re re2o-server.adm.auro.re
re2o-ldap.adm.auro.re re2o-ldap.adm.auro.re
re2o-db.adm.auro.re re2o-db.adm.auro.re
@ -39,9 +36,9 @@ bdd.adm.auro.re
bdd-ovh.adm.auro.re bdd-ovh.adm.auro.re
litl.adm.auro.re litl.adm.auro.re
log.adm.auro.re log.adm.auro.re
netbox.adm.auro.re
[aurore_testing_vm] [aurore_testing_vm]
pendragon.adm.auro.re
############################################################################### ###############################################################################
# OVH # OVH
@ -51,11 +48,8 @@ horus.adm.auro.re
[ovh_container] [ovh_container]
synapse.adm.auro.re synapse.adm.auro.re
phabricator.adm.auro.re
wiki.adm.auro.re
www.adm.auro.re www.adm.auro.re
proxy-ovh.adm.auro.re proxy-ovh.adm.auro.re
matrix-services.adm.auro.re
[ovh_vm] [ovh_vm]
serge.adm.auro.re serge.adm.auro.re
@ -77,7 +71,6 @@ prometheus-federate.adm.auro.re
perceval.adm.auro.re perceval.adm.auro.re
[fleming_pve] [fleming_pve]
freya.adm.auro.re
marki.adm.auro.re marki.adm.auro.re
[fleming_vm] [fleming_vm]
@ -350,7 +343,6 @@ gh-1-2.borne.auro.re
############################################################################### ###############################################################################
# Les Rives # Les Rives
[rives_pve] [rives_pve]
thor.adm.auro.re
loki.adm.auro.re loki.adm.auro.re
[rives_vm] [rives_vm]

1
log.yml Normal file → Executable file
View file

@ -1,3 +1,4 @@
#!/usr/bin/env ansible-playbook
--- ---
- hosts: log.adm.auro.re - hosts: log.adm.auro.re
roles: roles:

View file

@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope. # The search scope.
#scope sub #scope sub

View file

@ -1,7 +1,24 @@
# see "man logrotate" for details
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
# global options do not affect preceding include directives
# rotate log files weekly
weekly weekly
# keep 4 weeks worth of backlogs
rotate 4 rotate 4
# create new (empty) log files after rotating old ones
create create
# use date as a suffix of the rotated file
#dateext
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d include /etc/logrotate.d
# system-specific logs may also be configured here.

View file

@ -1,12 +1,10 @@
--- ---
- name: Install rsyslog - name: Install rsyslog
become: true
apt: apt:
name: rsyslog name: rsyslog
state: present state: present
- name: Install rsyslog modules if needed - name: Install rsyslog modules if needed
become: true
apt: apt:
name: "{{ item.pkg }}" name: "{{ item.pkg }}"
state: present state: present
@ -18,7 +16,6 @@
pkg: rsyslog-hiredis pkg: rsyslog-hiredis
- name: Deploy main rsyslog configuration - name: Deploy main rsyslog configuration
become: true
template: template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
@ -33,7 +30,6 @@
notify: Restart rsyslog notify: Restart rsyslog
- name: Create journald.conf.d directory - name: Create journald.conf.d directory
become: true
file: file:
path: /etc/systemd/journald.conf.d path: /etc/systemd/journald.conf.d
state: directory state: directory
@ -42,7 +38,6 @@
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
- name: Deploy journald configuration - name: Deploy journald configuration
become: true
template: template:
src: forward-syslog.conf.j2 src: forward-syslog.conf.j2
dest: /etc/systemd/journald.conf.d/forward-syslog.conf dest: /etc/systemd/journald.conf.d/forward-syslog.conf
@ -52,7 +47,6 @@
notify: Restart systemd-journald notify: Restart systemd-journald
- name: Deploy logrotate configuration - name: Deploy logrotate configuration
become: true
template: template:
src: logrotate.j2 src: logrotate.j2
dest: /etc/logrotate.d/rsyslog dest: /etc/logrotate.d/rsyslog
@ -62,7 +56,6 @@
notify: Reload logrotate notify: Reload logrotate
- name: Enable rsyslog service - name: Enable rsyslog service
become: true
systemd: systemd:
name: rsyslog.service name: rsyslog.service
state: started state: started

View file

@ -1,6 +1,5 @@
--- ---
- name: Ensure update-motd.d exists - name: Ensure update-motd.d exists
become: true
file: file:
path: /etc/update-motd.d path: /etc/update-motd.d
state: directory state: directory
@ -9,7 +8,6 @@
group: root group: root
- name: Customize motd - name: Customize motd
become: true
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/update-motd.d/{{ item }}" dest: "/etc/update-motd.d/{{ item }}"
@ -22,15 +20,19 @@
- 20-uname - 20-uname
notify: Remove cached motd notify: Remove cached motd
- name: Remove Debian uname motd
file:
path: /etc/update-motd.d/10-uname
state: absent
notify: Remove cached motd
- name: Remove Debian warranty motd - name: Remove Debian warranty motd
become: true
file: file:
path: /etc/motd path: /etc/motd
state: absent state: absent
notify: Remove cached motd notify: Remove cached motd
- name: Ensure motd-messages exists - name: Ensure motd-messages exists
become: true
file: file:
path: /etc/motd-messages path: /etc/motd-messages
state: directory state: directory
@ -40,7 +42,6 @@
notify: Remove cached motd notify: Remove cached motd
- name: Install additional motd messages - name: Install additional motd messages
become: true
copy: copy:
content: "✨ {{ item.message }}\n" content: "✨ {{ item.message }}\n"
dest: "/etc/motd-messages/{{ item.key }}" dest: "/etc/motd-messages/{{ item.key }}"