From b82afd13d9c2475080e3ed8d82844286375bfa07 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 19:14:39 +0100 Subject: [PATCH 01/11] update_motd: use update_motd dict --- backups.yml | 6 ++++++ roles/update_motd/tasks/main.yml | 8 ++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/backups.yml b/backups.yml index 4886548..f4d305c 100644 --- a/backups.yml +++ b/backups.yml @@ -1,7 +1,13 @@ --- - hosts: perceval.adm.auro.re + vars: + update_motd: + borgbackup_server: >- + Les sauvegardes (borg) sont stockées dans + {{ borg_server_backups_dir }}. roles: - borgbackup_server + - update_motd - hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re roles: diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml index e0ae1f8..1ba08f5 100644 --- a/roles/update_motd/tasks/main.yml +++ b/roles/update_motd/tasks/main.yml @@ -43,12 +43,12 @@ - name: Install additional motd messages copy: - content: "✨ {{ item.message }}\n" + content: "✨ {{ item.value }}\n" dest: "/etc/motd-messages/{{ item.key }}" - mode: u=rwx,g=rx,o=rx + mode: u=rw,g=r,o=r owner: root group: root - loop: "{{ motd_messages }}" + loop: "{{ update_motd | dict2items }}" notify: Remove cached motd - when: motd_messages is defined + when: update_motd is defined ... From 82fdcd026ea6b809455cbede379f5fc543fe93e0 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 19:14:56 +0100 Subject: [PATCH 02/11] grafana: update motd --- grafana.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/grafana.yml b/grafana.yml index df5a984..edc2f0a 100755 --- a/grafana.yml +++ b/grafana.yml @@ -20,5 +20,8 @@ editors_group_dn: - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re + update_motd: + grafana: Grafana est déployé (/etc/grafana). roles: - grafana + - update_motd From ea394a01db7cfe7818f4aa224d508cc4eb64f2d2 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 19:16:11 +0100 Subject: [PATCH 03/11] prometheus-federate: call update_motd role in play --- monitoring.yml | 4 ++++ roles/prometheus_federate/tasks/main.yml | 10 ---------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/monitoring.yml b/monitoring.yml index bb3c92a..f5b2ef8 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -172,8 +172,12 @@ - prometheus-rives.adm.auro.re - prometheus-aurore.adm.auro.re - prometheus-ovh.adm.auro.re + update_motd: + prometheus_federate: >- + Prometheus (en configuration fédération) est déployé (/etc/prometheus). roles: - prometheus_federate + - update_motd # Postgres Exporters - hosts: bdd,radius diff --git a/roles/prometheus_federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml index bcadbc0..24f46e0 100644 --- a/roles/prometheus_federate/tasks/main.yml +++ b/roles/prometheus_federate/tasks/main.yml @@ -42,14 +42,4 @@ name: prometheus enabled: true state: started - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 05-prometheus-federate - message: >- - Prometheus (en configuration fédération) est déployé sur cette - machine (voir /etc/prometheus) ... From 1009298023ee721437194de4f4b51c1672e2a0e7 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 19:16:24 +0100 Subject: [PATCH 04/11] borgbackup_server: call update_motd role in play --- roles/borgbackup_server/tasks/main.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/borgbackup_server/tasks/main.yml b/roles/borgbackup_server/tasks/main.yml index ff31c07..fc31e60 100644 --- a/roles/borgbackup_server/tasks/main.yml +++ b/roles/borgbackup_server/tasks/main.yml @@ -35,14 +35,4 @@ owner: "{{ borg_server_user }}" group: "{{ borg_server_group }}" mode: u=rwx,g=,o= - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 10-borg-server - message: >- - Les sauvegardes (borg) sont stockées dans - {{ borg_server_backups_dir }}. ... From ce04f937db9ca8b2ea567e6ec597ba65b204ec30 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 19:20:32 +0100 Subject: [PATCH 05/11] prometheus: call update_motd role in play --- monitoring.yml | 30 ++++++++++++++++++++++++++++-- roles/prometheus/tasks/main.yml | 9 --------- 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/monitoring.yml b/monitoring.yml index f5b2ef8..9be7fb6 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -14,8 +14,12 @@ {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }} prometheus_unifi_snmp_targets: - targets: "{{ groups['fleming_unifi'] | list | sort }}" + update_motd: + prometheus: >- + Prometheus (en configuration fleming) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-pacaterie.adm.auro.re vars: @@ -34,8 +38,12 @@ prometheus_ups_snmp_targets: - ups-pn-1.ups.auro.re - ups-ps-1.ups.auro.re + update_motd: + prometheus: >- + Prometheus (en configuration pacaterie) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-edc.adm.auro.re vars: @@ -56,8 +64,12 @@ {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }} prometheus_unifi_snmp_targets: - targets: "{{ groups['edc_unifi'] | list | sort }}" + update_motd: + prometheus: >- + Prometheus (en configuration edc) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-gs.adm.auro.re vars: @@ -77,8 +89,12 @@ - ups-gk-1.ups.auro.re prometheus_pdu_snmp_targets: - pdu-ga-1.ups.auro.re + update_motd: + prometheus: >- + Prometheus (en configuration gs) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-rives.adm.auro.re vars: @@ -98,8 +114,12 @@ {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }} prometheus_unifi_snmp_targets: - targets: "{{ groups['rives_unifi'] | list | sort }}" + update_motd: + prometheus: >- + Prometheus (en configuration rives) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-aurore.adm.auro.re vars: @@ -132,8 +152,12 @@ - sw-ec-core.switch.auro.re - sw-gk-core.switch.auro.re - sw-r3-core.switch.auro.re + update_motd: + prometheus: >- + Prometheus (en configuration aurore) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-ovh.adm.auro.re vars: @@ -152,9 +176,12 @@ - bdd-ovh.adm.auro.re prometheus_docker_targets: - docker-ovh.adm.auro.re + update_motd: + prometheus: >- + Prometheus (en configuration ovh) est déployé (/etc/prometheus). roles: - prometheus - + - update_motd - hosts: prometheus-federate.adm.auro.re vars: @@ -184,7 +211,6 @@ roles: - prometheus_postgres - # Monitor all hosts - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container roles: diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index f9e48e8..e7dd24d 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -118,13 +118,4 @@ name: prometheus enabled: true state: started - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 05-prometheus - message: >- - Prometheus est déployé sur cette machine (voir /etc/prometheus) ... From 07a0429ae0ae595e9ab1570fb2429092f54d0c99 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 20:02:08 +0100 Subject: [PATCH 06/11] nginx: call update_motd role in play --- roles/nginx/tasks/main.yml | 9 --------- services_web.yml | 8 ++++++++ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 7a3af07..6f3a251 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -148,15 +148,6 @@ group: www-data mode: 0644 -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 10-nginx - message: >- - NGinx est installé sur ce serveur. Voir /etc/nginx. - - name: Clean old files file: path: "{{ item }}" diff --git a/services_web.yml b/services_web.yml index 00d5b7b..c72321b 100755 --- a/services_web.yml +++ b/services_web.yml @@ -15,14 +15,22 @@ certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}' + update_motd: + nginx: >- + Le reverse-proxy NGINX est déployé (/etc/nginx). roles: - certbot - nginx + - update_motd - hosts: nginx,!reverseproxy vars: certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' + update_motd: + nginx: >- + NGINX avec certbot est déployé (/etc/nginx). roles: - certbot - nginx + - update_motd From cc6f96bbc81763ded2902c2a97281874a68a983c Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 20:04:05 +0100 Subject: [PATCH 07/11] borgbackup-client: call update_motd role in play --- backups.yml | 5 +++++ roles/borgbackup_client/tasks/main.yml | 7 ------- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/backups.yml b/backups.yml index f4d305c..a926719 100644 --- a/backups.yml +++ b/backups.yml @@ -10,6 +10,11 @@ - update_motd - hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re + vars: + update_motd: + borgbackup_client: >- + BorgBackup est déployé (/etc/borgmatic/config.yaml) roles: - borgbackup_client + - update_motd ... diff --git a/roles/borgbackup_client/tasks/main.yml b/roles/borgbackup_client/tasks/main.yml index 8fa0852..de004f2 100644 --- a/roles/borgbackup_client/tasks/main.yml +++ b/roles/borgbackup_client/tasks/main.yml @@ -107,11 +107,4 @@ name: borgmatic.timer state: started enabled: true - -- name: Configure MOTD - include_role: - name: update_motd - vars: - key: 10-borgmatic - message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml. ... From 14b6a6804037bf39edbdea46f16f9406c9b0dbd2 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 20:05:14 +0100 Subject: [PATCH 08/11] base: configure motd --- base.yml | 1 + roles/baseconfig/tasks/main.yml | 4 ---- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/base.yml b/base.yml index 38ec360..ed05dbd 100755 --- a/base.yml +++ b/base.yml @@ -5,6 +5,7 @@ roles: - baseconfig - basesecurity + - update_motd # Plug LDAP on all servers - hosts: all,!unifi diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index 0af0b40..b122f4d 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -29,10 +29,6 @@ retries: 3 until: apt_result is succeeded -- name: Configure MOTD - include_role: - name: update_motd - # Configure APT mirrors on Debian Stretch - name: Configure APT mirrors when: From 09793704188de9b6cf7db07a5bc6e16f08c80fea Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 22:16:29 +0100 Subject: [PATCH 09/11] Add motd for most plays --- bdd.yml | 4 ++++ matrix.yml | 5 +++++ network.yml | 23 ++++++++++++++++++++--- roles/docker/tasks/main.yml | 9 --------- roles/re2o_service/tasks/main.yml | 10 ---------- roles/unifi_controller/tasks/main.yml | 9 --------- services_web.yml | 4 ++++ 7 files changed, 33 insertions(+), 31 deletions(-) diff --git a/bdd.yml b/bdd.yml index f3fa7d3..eceddaf 100644 --- a/bdd.yml +++ b/bdd.yml @@ -2,6 +2,10 @@ --- # Install and configure bdd servers at Saclay and at OVH - hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re + vars: + router: + postgresql: PostgreSQL est déployé. roles: - postgresql_server + - update_motd ... diff --git a/matrix.yml b/matrix.yml index be54c53..ac3f4ce 100755 --- a/matrix.yml +++ b/matrix.yml @@ -5,12 +5,17 @@ vars: mxisd_releases: https://github.com/kamax-matrix/mxisd/releases mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb" + router: + matrix-synapse: matrix-synapse est déployé. + matrix-appservice-irc: matrix-appservice-irc est déployé. + matrix-appservice-webhooks: matrix-appservice-webhooks est déployé. roles: - debian_backports - nodejs - matrix_synapse - matrix_appservice_irc - matrix_appservice_webhooks + - update_motd # Install Matrix services - hosts: matrix-services.adm.auro.re diff --git a/network.yml b/network.yml index 50fde19..c389c24 100755 --- a/network.yml +++ b/network.yml @@ -2,35 +2,52 @@ --- # Set up DHCP servers. - hosts: dhcp-*.adm.auro.re + vars: + update_motd: + unbound: isc-dhcp-server est déployé. roles: - isc_dhcp_server - + - update_motd # Deploy unbound DNS server (recursive). - hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re + vars: + update_motd: + unbound: Unbound est déployé. roles: - unbound - + - update_motd # Déploiement du service re2o aurore-firewall et keepalived # radvd: IPv6 SLAAC (/64 subnets, private IPs). # Must NOT be on routeur-aurore-*, or will with DHCPv6! - hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re + vars: + router: + unbound: Le routage (avec radvd) est déployé. roles: - router - radvd + - update_motd # No radvd here - hosts: ~routeur-aurore.*\.adm\.auro\.re + vars: + router: + unbound: Le routage (avec DHCPv6) est déployé. roles: - router - ipv6_edge_router + - update_motd # Radius (backup only for now) - hosts: radius-*.adm.auro.re + vars: + router: + unbound: FreeRADIUS est déployé. roles: - radius - + - update_motd # WIP: Deploy authoritative DNS servers # - hosts: authoritative_dns diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 38d3a55..a1ec160 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -50,13 +50,4 @@ url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64 dest: /usr/local/bin/docker-compose mode: "0755" - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 10-docker - message: >- - Docker est installé sur ce serveur. ... diff --git a/roles/re2o_service/tasks/main.yml b/roles/re2o_service/tasks/main.yml index 2bed1a3..fb72045 100644 --- a/roles/re2o_service/tasks/main.yml +++ b/roles/re2o_service/tasks/main.yml @@ -39,14 +39,4 @@ owner: "{{ service_user }}" group: nogroup state: link - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: "15-re2o-service-{{ service_name }}" - message: >- - Le service re2o {{ service_name }} est dans - {{ service_homedir }}/{{ service_name }}. ... diff --git a/roles/unifi_controller/tasks/main.yml b/roles/unifi_controller/tasks/main.yml index 811b5e1..ddabe3b 100644 --- a/roles/unifi_controller/tasks/main.yml +++ b/roles/unifi_controller/tasks/main.yml @@ -39,13 +39,4 @@ register: apt_result retries: 3 until: apt_result is succeeded - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 10-unifi-controller - message: >- - Le contrôleur Unifi a été installé sur ce serveur. ... diff --git a/services_web.yml b/services_web.yml index c72321b..3beffd0 100755 --- a/services_web.yml +++ b/services_web.yml @@ -2,8 +2,12 @@ --- # Deploy Docker hosts - hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re + vars: + router: + docker: Docker est déployé. roles: - docker + - update_motd # Deploy Passbolt - hosts: passbolt.adm.auro.re From 5bc84dbdd248a62ea09e1c9f083dc31af3138134 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 22:22:29 +0100 Subject: [PATCH 10/11] Add sheband to backups, bdd and postfix playbooks --- backups.yml | 1 + bdd.yml | 0 deploy_postfix_non_mailhost.yml | 1 + 3 files changed, 2 insertions(+) mode change 100644 => 100755 backups.yml mode change 100644 => 100755 bdd.yml mode change 100644 => 100755 deploy_postfix_non_mailhost.yml diff --git a/backups.yml b/backups.yml old mode 100644 new mode 100755 index a926719..60200b9 --- a/backups.yml +++ b/backups.yml @@ -1,3 +1,4 @@ +#!/usr/bin/env ansible-playbook --- - hosts: perceval.adm.auro.re vars: diff --git a/bdd.yml b/bdd.yml old mode 100644 new mode 100755 diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml old mode 100644 new mode 100755 index e335928..741d653 --- a/deploy_postfix_non_mailhost.yml +++ b/deploy_postfix_non_mailhost.yml @@ -1,3 +1,4 @@ +#!/usr/bin/env ansible-playbook --- # Deploy a correclty configured postfix on non mailhost servers - hosts: all,!unifi From cdaf3dc77a36f45c09c6c034bf1b2b02aee42695 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 27 Nov 2021 22:30:58 +0100 Subject: [PATCH 11/11] update_motd: Fix typo in vars --- bdd.yml | 2 +- matrix.yml | 2 +- network.yml | 6 +++--- services_web.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bdd.yml b/bdd.yml index eceddaf..da4248d 100755 --- a/bdd.yml +++ b/bdd.yml @@ -3,7 +3,7 @@ # Install and configure bdd servers at Saclay and at OVH - hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re vars: - router: + update_motd: postgresql: PostgreSQL est déployé. roles: - postgresql_server diff --git a/matrix.yml b/matrix.yml index ac3f4ce..4cec87b 100755 --- a/matrix.yml +++ b/matrix.yml @@ -5,7 +5,7 @@ vars: mxisd_releases: https://github.com/kamax-matrix/mxisd/releases mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb" - router: + update_motd: matrix-synapse: matrix-synapse est déployé. matrix-appservice-irc: matrix-appservice-irc est déployé. matrix-appservice-webhooks: matrix-appservice-webhooks est déployé. diff --git a/network.yml b/network.yml index c389c24..dee41b3 100755 --- a/network.yml +++ b/network.yml @@ -23,7 +23,7 @@ # Must NOT be on routeur-aurore-*, or will with DHCPv6! - hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re vars: - router: + update_motd: unbound: Le routage (avec radvd) est déployé. roles: - router @@ -33,7 +33,7 @@ # No radvd here - hosts: ~routeur-aurore.*\.adm\.auro\.re vars: - router: + update_motd: unbound: Le routage (avec DHCPv6) est déployé. roles: - router @@ -43,7 +43,7 @@ # Radius (backup only for now) - hosts: radius-*.adm.auro.re vars: - router: + update_motd: unbound: FreeRADIUS est déployé. roles: - radius diff --git a/services_web.yml b/services_web.yml index 3beffd0..d79a735 100755 --- a/services_web.yml +++ b/services_web.yml @@ -3,7 +3,7 @@ # Deploy Docker hosts - hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re vars: - router: + update_motd: docker: Docker est déployé. roles: - docker