Commit graph

1011 commits

Author SHA1 Message Date
Yohaï-Eliel BERREBY
fe62055cdd radius: enable service, fix details 2020-05-21 19:25:30 +02:00
Yohaï-Eliel BERREBY
8ce63d14b6 radius: fix settings_local.py 2020-05-21 18:39:50 +02:00
Yohaï-Eliel BERREBY
99070ed5ef radius: step 2 of deployment (WIP) 2020-05-21 18:06:37 +02:00
Yohaï-Eliel BERREBY
e2fa1964af radius: change proxy.conf password, use vault
and also actually template it... it wasn't being
uploaded.
2020-05-21 14:19:28 +02:00
Yohaï-Eliel BERREBY
266b0dde6f radius: initial setup 2020-05-16 22:08:22 +02:00
Yohaï-Eliel BERREBY
8355546131 edc: raise DHCP-announced MTU to 1500 2020-05-14 17:50:06 +02:00
Yohaï-Eliel BERREBY
6d00e2733b unbound: fix log rotation
Was too frequent, now that we only log SERVFAILs.
Rotate according to file size.
Fix unbound-control binary path.
2020-05-11 20:18:23 +02:00
Yohaï-Eliel BERREBY
87b2e4f8cf pacaterie: raise MTU to 1500 2020-05-09 16:15:56 +02:00
Yohaï-Eliel BERREBY
ba3aec348f keepalived: deploy to fleming w/ proper password 2020-05-09 16:07:04 +02:00
Alexandre Iooss
a992612381
Add certbot challenge DNS-01 key 2020-05-09 13:03:31 +02:00
Alexandre Iooss
9c226c680c
Certbot wildcard role 2020-05-09 12:54:38 +02:00
Alexandre Iooss
544498c81a
New reverse proxy role 2020-05-09 12:52:17 +02:00
Alexandre Iooss
eae3a3ff44
Deploy docker-worker1-aurore and proxy-backup 2020-05-09 12:21:36 +02:00
Yohaï-Eliel BERREBY
dea4dda285 hosts: remove dhcp and recursive_dns groups
Use patterns instead for now.
2020-05-09 10:15:28 +02:00
Pierre
3f26e7d4b4 routeur de la pacaterie en ...254 au lieu de ...240 pour keepalived 2020-05-08 18:39:05 +02:00
Yohaï-Eliel BERREBY
a4d0f051b6 dhcp: restart server on config update 2020-05-08 16:44:32 +02:00
Yohaï-Eliel BERREBY
223578eefa keepalived: no ansible_managed
Used to restart keepalived needlessly
2020-05-08 16:43:49 +02:00
Yohaï-Eliel BERREBY
4372b21976 dhcp: allow different router IP suffix
This variable is only needed because we're in the process of deploying
keepalived. For now it's only at EDC.
2020-05-08 16:36:07 +02:00
Yohaï-Eliel BERREBY
e58ee1c4b5 keepalived: initial config 2020-05-08 16:25:02 +02:00
Yohaï-Eliel BERREBY
26524eccc5 ansible-list: allow lack of idempotence 2020-05-07 20:33:25 +02:00
Yohaï-Eliel BERREBY
e45bdcbba8 network.yml: ensure safety without --limit 2020-05-07 20:27:36 +02:00
Yohaï-Eliel BERREBY
fea73a13aa aurore-firewall: correct backup router ip 2020-05-07 20:23:30 +02:00
Yohaï-Eliel BERREBY
8ba2de1698 aurore-firewall: fix repo address + branch 2020-05-07 20:01:44 +02:00
Yohaï-Eliel BERREBY
44be43e528 aurore-firewall: add config after cloning 2020-05-07 19:57:00 +02:00
Yohaï-Eliel BERREBY
1a10729b67 hosts: manage dhcp-edc 2020-05-07 19:48:07 +02:00
Yohaï-Eliel BERREBY
5ee7bb3069 ansible.cfg: unset scp_if_ssh 2020-05-07 19:48:07 +02:00
Yohaï-Eliel BERREBY
c77ae7f4c3 aurore-firewall: initial setup
group_vars: add apartment_block_id var
dhcp: move vars to role
2020-05-07 19:47:50 +02:00
Yohaï-Eliel BERREBY
268c4d2419 hosts: manage recursive DNS on EDC 2020-05-07 18:51:45 +02:00
Yohaï-Eliel BERREBY
e4d428d1dc unbound: change task order
Seems to be necessary to restart unbound manually for some reason?...
2020-05-07 18:49:31 +02:00
Yohaï-Eliel BERREBY
3d742c391c hosts: add routeur-edc-backup 2020-05-07 17:06:48 +02:00
Yohaï-Eliel BERREBY
4f224ee817 re2o-service: install Python dependencies 2020-05-07 14:55:12 +02:00
Yohaï-Eliel BERREBY
24a6063a91 baseconfig: fix resolv.conf 2020-05-07 14:51:02 +02:00
Yohaï-Eliel BERREBY
3f5e0d0035 edc: add group vars required for dhcp deployment 2020-05-07 13:03:44 +02:00
Yohaï-Eliel BERREBY
0db7713bbf hosts: add dhcp-edc-backup 2020-05-07 12:55:19 +02:00
Yohaï-Eliel BERREBY
7c7abb6be5 baseconfig: set up /etc/resolv.conf 2020-05-07 12:53:59 +02:00
Yohaï-Eliel BERREBY
7e9c4352a0 base: group name is ldap_replica
It's an underscore, not a hyphen
2020-05-04 18:49:51 +02:00
Yohaï-Eliel BERREBY
9c1f186682 hosts: s/physical/pve/g, add new backup hosts 2020-05-04 18:48:00 +02:00
Alexandre Iooss
ef88d0a42b
Some clean up in hosts 2020-05-03 20:50:29 +02:00
Alexandre Iooss
36343d90fd
BangShebang! 2020-05-03 18:45:07 +02:00
Alexandre Iooss
dc2db3d6a3
Decomment hosts 2020-05-03 18:40:26 +02:00
Alexandre Iooss
3b72e2fe2d
Remove SSH blacklist 2020-05-03 17:26:10 +02:00
Alexandre IOOSS
e42bdd53a8 Merge branch 'aurore-dev' into 'master'
Aurore dev

See merge request aurore/ansible!47
2020-05-03 16:11:29 +02:00
Alexandre IOOSS
81592fa986 Merge branch 'master' into 'aurore-dev'
# Conflicts:
#   .gitignore
#   hosts
#   network.yml
#   proxmox.yml
2020-05-03 16:11:19 +02:00
Yohaï-Eliel BERREBY
29991141f5 misc: add script to copy SSH keys
This one has the advantage of actually working :)
I had to blacklist some hosts because they would either outright refuse
connections or would refuse my LDAP credentials.
2020-05-03 11:26:53 +02:00
Yohaï-Eliel BERREBY
a77b2c4f0f unbound: fix MTU settings
That was the root cause of all our DNSSEC issues.
Now that this was fixed, we're not having these anymore,
so the relaxed checks can be restored back to their original state.
2020-05-02 18:59:22 +02:00
Yohaï-Eliel BERREBY
aae7e0120a unbound: drop verbosity but log SERVFAILs
TODO: less frequent log rotation because of decreased log volume
2020-05-02 18:06:58 +02:00
Yohaï-Eliel BERREBY
c54e8f5d67 unbound: smarter logging
- stop using journald, write to /var/log/unbound/
- set up frequent log rotation for the huge log files
we are producing
2020-05-02 17:13:01 +02:00
Yohaï-Eliel BERREBY
1dca5d2259 unbound: use handlers
Only restart unbound if the configuration
was actually updated.
2020-05-02 16:43:44 +02:00
Yohaï-Eliel BERREBY
b94c62d710 unbound-control: no certificates for local use 2020-05-02 16:37:21 +02:00
Yohaï-Eliel BERREBY
3695a3d771 unbound: attempt to fix spurious blacklisting 2020-04-28 23:14:43 +02:00