Compare commits
1 commit
master
...
remove_old
Author | SHA1 | Date | |
---|---|---|---|
50364fa989 |
140 changed files with 1974 additions and 3634 deletions
|
@ -3,7 +3,9 @@ skip_list:
|
||||||
- load-failure
|
- load-failure
|
||||||
- document-start
|
- document-start
|
||||||
- meta-no-info
|
- meta-no-info
|
||||||
- ignore-errors
|
|
||||||
|
warn_list:
|
||||||
|
- experimental # all rules tagged as experimental
|
||||||
|
|
||||||
exclude_paths:
|
exclude_paths:
|
||||||
- group_vars/all/vault.yml
|
- group_vars/all/vault.yml
|
||||||
|
|
|
@ -5,7 +5,8 @@ name: check
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: ansible and yaml linting
|
- name: ansible and yaml linting
|
||||||
image: quay.io/ansible/toolset:3.5.0
|
pull: never
|
||||||
|
image: aurore-ansible-lint-image
|
||||||
commands:
|
commands:
|
||||||
- ansible-lint
|
- ansible-lint
|
||||||
...
|
...
|
||||||
|
|
12
README.md
12
README.md
|
@ -2,9 +2,8 @@
|
||||||
|
|
||||||
# Recettes Ansible d'Aurore
|
# Recettes Ansible d'Aurore
|
||||||
|
|
||||||
Dépendances requises :
|
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
|
||||||
|
Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
|
||||||
* Ansible 2.9 ou plus récent.
|
|
||||||
|
|
||||||
## Ansible 101
|
## Ansible 101
|
||||||
|
|
||||||
|
@ -89,11 +88,8 @@ On va utiliser plutôt `ProxyJump`.
|
||||||
Dans la configuration SSH :
|
Dans la configuration SSH :
|
||||||
|
|
||||||
```
|
```
|
||||||
Host *.adm.auro.re *.pve.auro.re
|
# Use a proxy jump server to log on all Aurore inventory
|
||||||
# Accept new host keys
|
Host 10.128.0.* *.adm.auro.re
|
||||||
StrictHostKeyChecking accept-new
|
|
||||||
|
|
||||||
# Use passerelle to connect to administration VLANs
|
|
||||||
ProxyJump passerelle.auro.re
|
ProxyJump passerelle.auro.re
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
31
ansible.cfg
31
ansible.cfg
|
@ -1,17 +1,38 @@
|
||||||
|
# Ansible configuration
|
||||||
|
|
||||||
[defaults]
|
[defaults]
|
||||||
ask_vault_pass = True
|
|
||||||
roles_path = ./roles
|
# Do not create .retry files
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
|
|
||||||
|
# Use inventory
|
||||||
inventory = ./hosts
|
inventory = ./hosts
|
||||||
filter_plugins = ./filter_plugins
|
|
||||||
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
|
# Custom header in templates
|
||||||
|
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
|
||||||
|
|
||||||
|
# Do not use cows (with cowsay)
|
||||||
nocows = 1
|
nocows = 1
|
||||||
|
|
||||||
|
# Do more parallelism
|
||||||
forks = 15
|
forks = 15
|
||||||
|
|
||||||
|
# Some SSH connection will take time
|
||||||
timeout = 60
|
timeout = 60
|
||||||
remote_user = root
|
|
||||||
|
[privilege_escalation]
|
||||||
|
|
||||||
|
# Use sudo to get priviledge access
|
||||||
|
become = True
|
||||||
|
|
||||||
|
# Ask for password
|
||||||
|
become_ask_pass = True
|
||||||
|
|
||||||
[diff]
|
[diff]
|
||||||
|
|
||||||
|
# TO know what changed
|
||||||
always = yes
|
always = yes
|
||||||
|
|
||||||
|
|
||||||
[ssh_connection]
|
[ssh_connection]
|
||||||
pipelining = True
|
pipelining = True
|
||||||
|
|
9
backups.yml
Normal file
9
backups.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- hosts: perceval.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- borgbackup_server
|
||||||
|
|
||||||
|
- hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- borgbackup_client
|
||||||
|
...
|
|
@ -5,6 +5,13 @@
|
||||||
roles:
|
roles:
|
||||||
- baseconfig
|
- baseconfig
|
||||||
- basesecurity
|
- basesecurity
|
||||||
|
|
||||||
|
# Plug LDAP on all servers
|
||||||
|
- hosts: all,!unifi
|
||||||
|
roles:
|
||||||
- ldap_client
|
- ldap_client
|
||||||
|
|
||||||
|
# Install logrotate
|
||||||
|
- hosts: all,!unifi,!pve
|
||||||
|
roles:
|
||||||
- logrotate
|
- logrotate
|
||||||
- update_motd
|
|
7
bdd.yml
Normal file
7
bdd.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Install and configure bdd servers at Saclay and at OVH
|
||||||
|
- hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- postgresql_server
|
||||||
|
...
|
20
copy-keys.sh
Executable file
20
copy-keys.sh
Executable file
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Grab valid unique hostnames from the Ansible inventory.
|
||||||
|
HOSTS=$(grep -ve '^[#\[]' hosts \
|
||||||
|
| grep -F adm.auro.re \
|
||||||
|
| sort -u)
|
||||||
|
|
||||||
|
# Ask password
|
||||||
|
read -s -p "Hello adventurer, what is your LDAP password? " passwd
|
||||||
|
echo
|
||||||
|
|
||||||
|
for host in $HOSTS; do
|
||||||
|
echo "[+] Handling host $host"
|
||||||
|
|
||||||
|
# sshpass can be used for non-interactive password authentication.
|
||||||
|
# place your password in ldap-password.txt.
|
||||||
|
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
|
||||||
|
done
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
# Deploy all playbooks
|
|
||||||
ansible-playbook playbooks/*.yml $@
|
|
8
deploy_postfix_non_mailhost.yml
Normal file
8
deploy_postfix_non_mailhost.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
# Deploy a correclty configured postfix on non mailhost servers
|
||||||
|
- hosts: all,!unifi
|
||||||
|
vars:
|
||||||
|
local_network: 10.128.0.0/16
|
||||||
|
relay_host: proxy.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- postfix_non_mailhost
|
7
docker-ansible-lint/Dockerfile
Normal file
7
docker-ansible-lint/Dockerfile
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
FROM python:3.9-alpine
|
||||||
|
LABEL description="Aurore's docker image for ansible-lint"
|
||||||
|
|
||||||
|
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
|
||||||
|
RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0"
|
||||||
|
RUN pip install --no-cache-dir "ansible-lint==5.0.0"
|
||||||
|
RUN pip install --no-cache-dir "ansible>=2.10,<2.11"
|
18
docker-ansible-lint/README.md
Normal file
18
docker-ansible-lint/README.md
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# Ansible-lint image
|
||||||
|
|
||||||
|
In order to build this image when a new version comes out, you need to
|
||||||
|
1. ssh into the `drone.adm.auro.re` server
|
||||||
|
2. git pull this repo to the lastest version
|
||||||
|
3. optionally make the changes if it has not been done yet
|
||||||
|
4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
|
||||||
|
5. ???
|
||||||
|
6. enjoy
|
||||||
|
|
||||||
|
You can verify that the image was correclty built by running
|
||||||
|
```
|
||||||
|
# list the images present
|
||||||
|
sudo docker image ls
|
||||||
|
|
||||||
|
# run your image with an interactive shell
|
||||||
|
sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
|
||||||
|
```
|
|
@ -1,40 +0,0 @@
|
||||||
import ipaddress
|
|
||||||
from operator import attrgetter
|
|
||||||
|
|
||||||
import dns.name
|
|
||||||
|
|
||||||
|
|
||||||
class FilterModule:
|
|
||||||
def filters(self):
|
|
||||||
return {
|
|
||||||
"remove_domain_suffix": remove_domain_suffix,
|
|
||||||
"ipaddr_sort": ipaddr_sort,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def remove_domain_suffix(name):
|
|
||||||
parent = dns.name.from_text(name).parent()
|
|
||||||
return parent.to_text()
|
|
||||||
|
|
||||||
|
|
||||||
def ipaddr_sort(addrs, types, unknown_after=True):
|
|
||||||
check_types = {
|
|
||||||
"global": attrgetter("is_global"),
|
|
||||||
"link-local": attrgetter("is_link_local"),
|
|
||||||
"loopback": attrgetter("is_loopback"),
|
|
||||||
"multicast": attrgetter("is_multicast"),
|
|
||||||
"private": attrgetter("is_private"),
|
|
||||||
"reserved": attrgetter("is_reserved"),
|
|
||||||
"site_local": attrgetter("is_site_local"),
|
|
||||||
"unspecified": attrgetter("is_unspecified"),
|
|
||||||
}
|
|
||||||
|
|
||||||
def addr_weight(addr):
|
|
||||||
if isinstance(addr, str):
|
|
||||||
addr = ipaddress.ip_address(addr.split("/")[0])
|
|
||||||
for index, ty in enumerate(types):
|
|
||||||
if check_types[ty](ipaddress.ip_address(addr)):
|
|
||||||
return index
|
|
||||||
return len(types) if unknown_after else -1
|
|
||||||
|
|
||||||
return sorted(addrs, key=addr_weight)
|
|
|
@ -18,6 +18,16 @@ ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
|
||||||
|
|
||||||
# Databases
|
# Databases
|
||||||
postgresql_services_url: 'bdd-ovh.adm.auro.re'
|
postgresql_services_url: 'bdd-ovh.adm.auro.re'
|
||||||
|
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
|
||||||
|
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
|
||||||
|
postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}"
|
||||||
|
postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}"
|
||||||
|
postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}"
|
||||||
|
postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}"
|
||||||
|
postgresql_drone_passwd: "{{ vault_postgresql_drone_passwd }}"
|
||||||
|
postgresql_wikijs_passwd: "{{ vault_postgresql_wikijs_passwd }}"
|
||||||
|
postgresql_nextcloud_passwd: "{{ vault_postgresql_nextcloud_passwd }}"
|
||||||
|
postgresql_gitea_passwd: "{{ vault_postgresql_gitea_passwd }}"
|
||||||
|
|
||||||
# Scripts will tell users to go there to manage their account
|
# Scripts will tell users to go there to manage their account
|
||||||
intranet_url: 'https://re2o.auro.re/'
|
intranet_url: 'https://re2o.auro.re/'
|
||||||
|
|
|
@ -1,246 +1,214 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
64313161633263303464663933363265373935633862653634643862343232643432343966376438
|
65616665376265626636393064366339323264623332323337356438303634646361303530626536
|
||||||
6134633764383937373966346538306530316539303966320a363035303038616435383366656532
|
3134646236376339666130646239626333613866383766340a366465373839396639623862636436
|
||||||
39346463396563626166333362306464343836386365303836356461323663633831636562393039
|
34336636326332313432373162356565383034636366613135353037393138363466626235353261
|
||||||
3832636432626238350a666566323435623834396166656233306639333830343130326265616234
|
3634306231333966350a323133396531626565633433313761343433303964316163643365626466
|
||||||
61666365663963643437386530363261306438376665386463376366363662656161316263303831
|
33376632643937663566386232383161303231326638356338383536626531313462636335363166
|
||||||
61393136363934316462616131326463333736656136643038623061313363386538393833663637
|
35353138393964663063613331386138363030356661633530313533336138336362306437626431
|
||||||
36373565333566306632313865646538633532393731313430633462666334323762653337383338
|
34613435383966333538363734613730386634393532653334393766613262666434303666386537
|
||||||
63313433333835653366363061343839326131666139346563306366656365316663333438363837
|
33643832653236313136663761613762656334356466623431383533333563646135336332653331
|
||||||
33323165353936343165646464306434303161313139653561346461653537616164623434376534
|
39376164363533383930343237366638323534313232613561643936336330353538393136363534
|
||||||
33666662343734633766356230383761353239333632613031396365346536373432363433633564
|
37353536623939386131616638623531326531316233656166383133316564393731623366353833
|
||||||
61633762393033343336373864653438336436613630366539333731383336346665313732396265
|
31613665303532303435363765373434653933386530356433653061623232306239316534653432
|
||||||
32356138666135383562656366353131366436363464643630656130303437623131333239386363
|
39663938616637363238623866303439326666303438613066633866343830303762633233383333
|
||||||
66373866393064306565306565386230373638633733326661333065633136633130323963323765
|
65343332616430613839636337396238666466666430383031663939323239383964346638356538
|
||||||
30353262323835313365383562326363343965636634376133613331363133313030346561653931
|
65306463303330373534316438313932373864626637643935636165333835373662623737613734
|
||||||
39363636636235646131353034663861336362383263613165323230366439383561653165363764
|
36373161386163383831623065323763356637313364303539343763653065383139623934353638
|
||||||
65366130623362623539393461363832353435616266393036386439303834316635366438393936
|
34373861616336363861363761373665393465623566393063346331333861326337316363373163
|
||||||
33383933366262636232383066663130383965306137356363363539633661373664613738336539
|
31633532373966656565303866653335356364633063313665386335663863363163303431656165
|
||||||
31363131616135623039346465623530376533386263343836376662316562386530336266303062
|
61383231666665346162303635393838323462613261663231356531393734313063663231616632
|
||||||
64386531303938623939653635313163633261336339366139666135323130653862346132646636
|
30343562366433363261393037313062343036663139353431663330383263316662313330636534
|
||||||
30363065303235346331333434653331646333616337623562643564366435613938643235333664
|
33666463393664636538376365663236613536633663303738373034303136383939343039316463
|
||||||
30626164373030303237656366623631396138333265383566333664663061613536666363623630
|
38363731333435333262383064336138303062303836303735383836626430623738666635383637
|
||||||
61623362383439636239336234333161366635306432363230366630383836326330343932303863
|
36383031646561666632666339616632366138383534393030636331323037643564306363303864
|
||||||
39393232373831363863333332636362396639663831656266336430313837666463336439353332
|
33616664326330656136336538363539623039376565383166373032386230383639326564343961
|
||||||
63303036633433323439613535326663633332346565646338353761363733643766363132666365
|
39623465366233383663383433313862306366643432623130363037643033366531376163386165
|
||||||
34303865656262303563323665363730663062626537363461646363636461633762663237366366
|
64353930386233373561356530316361623665643531333632376266633963303262346532386633
|
||||||
64393133656464643065633634313261336662646435313735306266316132636530393631353830
|
34363938363765313366636134636364616634393061333264386262386261383236386532393966
|
||||||
61303939373363323131316463333136326365333430626266376636356130396239323464353937
|
62636332633165383730313365366631303032336339346138633231656165646465643039666362
|
||||||
64616232373532396334343433636332353530386662633164353235626361623164313039336666
|
39613534303532616433646433616261653739663366383566303862386666383363633736306265
|
||||||
31636434666437393839393133633961373139313663616366373239386163623064373836376164
|
65366434626634303033616463316433393730373034666463663333376633656630386665313934
|
||||||
62316638366366376134386231306435616138656461373633393339653532363434393834393430
|
36626337383236373533623830326134303931653434613837353961366130623665623336303139
|
||||||
37363335623934306661333135343266663464623438353665613330356236323036363139643064
|
63616265366638393064666166343331306530313438636436306264636235643762623564653762
|
||||||
62383934363465316338393065383935646134353230376131613935613431656333383565353134
|
65393435363564366266313161393631383836396464643635643361363034306134626535353962
|
||||||
34643866353131653061623236306536363163373639396564336434653839346263303930633663
|
63393530313438383731303666343637303666616239643334626338393864613635363330653062
|
||||||
39393935636235313431303032336361313730373238333732626465346662363038636361383631
|
31633030396362666237376232306238373065616238373934313930313234353433343934363432
|
||||||
65393433346363366337383233646166306339653533646632623262376630383265393438326135
|
35633636656632643964613431333435656532653038373532343036396136636231306436326639
|
||||||
31643039333835666338383762336163336337343532393063323165636531353361613731363065
|
36376163656634303236396133316664613164346661346565646165303664343735303233636164
|
||||||
65303637396332613432663636326334646635346237396461636366356133303333306239393739
|
38393361343561396336333133326539346561373038613265666364316630363339336565363265
|
||||||
34353966653662346230383865643231313239626533643761366162613164333132373636623237
|
64623063346232346334373836346231353336383931393663373365623838363036643232646330
|
||||||
32356335643766646266646266633366363165373861306433316561363166363865303133633939
|
37303139663166653634336363626637653666363965383632313261326530323236303961343130
|
||||||
34633132343438363034323638376666313061383965323566646463653163313235373364386666
|
39663165303836346339396536313137636462373765313135303039386339393536303263636236
|
||||||
62393865373137343237306637363536383939303833663532396333313931336162333837613935
|
31333534323735373638666364643365396435636533393932643432386630663135633839643965
|
||||||
66383266343735396337663936333162323738383264376533316536376563396333343263643931
|
34346330613132383533393361626333636132616130343266663835616534616562646366366336
|
||||||
65646535363337373865353265306434356432353066656665366638353331366334366339613538
|
38303337373331303638643639373535633331626461613862333562653165306663383237383232
|
||||||
32373637633564613861626538373365336362313434633137613966353861393462623862663330
|
63303331656338656137613162323138333661613834323863633265353737633666336263636665
|
||||||
64386431373066306334383863366133333564373163386433313231363366393830343230323734
|
34393064376330306562343930376337626165373562336630633938316566343434633734613561
|
||||||
61633962356637326538336663386330653563353763663236623539363630626363323237333237
|
39363531383233666437373562663136303834373838383632356436643638306633346434316362
|
||||||
30656139626561313064323330373032323031343137366638303966313832646365666238326337
|
63343866353465396630383562306230313737353863363935346630396134393534353531336535
|
||||||
63306363613361653933306234386163383837666430616663383664386563323839326232383761
|
65366634316230323264366662376133303565626638386635616536303839363737663538353338
|
||||||
35373539626438356539393266653864353066633365383437623437356464383335383039343137
|
32663834636363643034316165303164386430346663303635323634373465326537653132366230
|
||||||
61373539343631373932373033656233323964353666626162386537616333366562346265656238
|
38376361663233646266663330363236666533663861303365303833386465653864656331616162
|
||||||
35396130356166303564303036383664656435626534303064653363316464616335303965376330
|
66323532643737643539643562653335393338643465373838656464326133393466373733343666
|
||||||
61646638383138323265313631613037396561626162306661653231646230343139656135333236
|
39613331376538653934333061376664323230636663336232333361623136393836326262336430
|
||||||
63303838316266333665636335663361656262353066666430656162323236633564313337353665
|
35663930336364376230356537326131323666343330373030303765653763323863646631666136
|
||||||
35363565303736633564356632346632343832363934343962313030646132663566346664313632
|
39623936613762393332303763633966303966396536643236366534316539386136633230653433
|
||||||
38393061613163356265643434626166393366366634343032626637333332316361663639623534
|
65326634323062313730376338343965386338306135393033333161313839333963326134653966
|
||||||
62323239373639393337373537646232663531653835356165313264663561623633633830373734
|
66363365353537323034646537633331336134363239393465363164663263313731666335613032
|
||||||
31336234613633666538373961626430316530346462343061323661353564323938353338373961
|
61643935623064626464346430353033313961326164316637316664363830633137383335316538
|
||||||
64616637303734303333626166306330613238646265636136653939363936356165356232396436
|
31646133623461386434343663313365376230613237326638393464366166633635646462373939
|
||||||
65353731633836363433616534636330663565643561363233396538386430393964353433616437
|
31313165616363373730393733386430633065373433643935643931363965393465323264626164
|
||||||
36343936313936303165396236393463646363383338366238363961666530623335653234656139
|
65333431653566646134646132626136323035323362313163303463393962306631363631383762
|
||||||
65346337663437623134376137326166323933613861663032623965643538343638376234316232
|
63333063633934646332303966666461663566626564643365643232323732646530303834616639
|
||||||
36333065323234663263343630353739313661373536316162366532336438373263303730626464
|
63616262316563636636613764663563323063636331643063373364373337373664333763363464
|
||||||
38613136393166626663636631363064303736666235333036616435373063363762666565363136
|
31346663633866653162323934613532333934626430643138613631653164343063323661383163
|
||||||
38333966303831313333613831313132633062616235353365313533386236613338373130303836
|
36633431376463633334306663346462373166613531663064323238323434346439333936313539
|
||||||
61326262313833306437366364316433393931353265326131653563656131333436376338613266
|
33663036663234383934626661383530666566323336363734336265346235306135336136373864
|
||||||
39326632613366666136643137303635336631353230396435313537656366326239626362313833
|
38313937663965313334653139366430316632313737303639636135666235346633303861626430
|
||||||
62653039343261613265306362323234623264366664306561663839306631663465303962386462
|
34373938633331666535336438313363626636363063333265316166333562616330306563386335
|
||||||
39353934643562383762623937643034383534393962333466613636346637323235346438666636
|
65366366303937376438313032643037656465393263393434623462336430393031373433383532
|
||||||
31613838313535666166663063373333653439313035346266666463623666613837313933623837
|
66306566656437323530323434353835303838303438613662356134343136386630643338333264
|
||||||
63343565663739393764353761316432626237346234663032316131306262356233333439323961
|
30643039666535323736303930336239643730653233393538633235303938623161343437616136
|
||||||
38646664383030303832646563393836643135303731306435383338623633626638306165386637
|
34613337383363656536373737396261396261653264373362313161336435623466366436623736
|
||||||
65393238653464623032336437643838333932366131656332333165376261383539386466343139
|
61313036383063656537613664633437336361396665633764313062396265323766346363656666
|
||||||
65613733383837323832303738363664653138613830376333363038383839623463623631666237
|
33656130316566633563353631323438343532393563633830343131653063353331323961343636
|
||||||
63363263396533353763373934373034643763376665316638353435663635346135333265363235
|
38303239623566383337356262313538316437323731326166366139623665356132313563663734
|
||||||
62663432343935343964626432353563313036303761393039386231343530663737633466643035
|
34353065316164653638313439303466316338373565323435343937653632313566656438333730
|
||||||
65343835353037643539316439666666633866356530363237373230373439373133313337653237
|
62373366333335643366356438613838373963363436393035623132626233373830666238323464
|
||||||
66613631373637313534353862653437393234363365323032393035376438616264336661616262
|
33356562636261376665303262633665323830316137306239626432323330393863613938313539
|
||||||
37336435326135373065353564383637626637343532396331623334643139386364316431376435
|
33613438373733633661633266353866373834346436383466636138393736373638623136383639
|
||||||
36356566363033636539363430356565373039363863396565643730656531346364626334393436
|
38653439373230353265386166663562633738306232623132636333396135343461646136303162
|
||||||
33343839303538383530363231366166623233333730323163323432373831313639626337346230
|
36343636306333376564383764356433653362356434306566376565653736643035336433303331
|
||||||
30333930333064393337616564386163623436613933623466353933393733346339383534633239
|
38626430623633313336653261633834323430323137313533333166393966633662613561643863
|
||||||
30633365313364666566643533326163336330323232353533316633313739343035383465376330
|
65653237636436373739633862313132623831623461643063626361613231343537383032346132
|
||||||
65356139386463633565366132383832643032333234633964373437633836343435393631396166
|
61383666383134373061643061656164366364656231343434616366356237303766343166613964
|
||||||
34633439643764623936366536353931646132373539326238303761383339643661616266646130
|
36376461366663373132326263616263316663323039626239643361363362306334633636343064
|
||||||
30393166393465326365393130636136336433623262346435353936306133616135653734383635
|
66336533626562323832633133653366323137616431363566653561363233626239616262346165
|
||||||
65393530633836613937346430366337626365363361663533313837363063396538663766646566
|
30396466343639383665383762383765396638323761653065356339343965373032306136656563
|
||||||
63373639653732353135343562353266316164303863336365303635653464393232613939396131
|
31353033343532366339303331366235373838356461353564623430333561356635336163396466
|
||||||
30636361343932663233663566656131363938656161623966316366656561343166336532613666
|
38303438616436383763386538663039393862636333326630623862353732343961646162653933
|
||||||
65613534663762353662353262623634616264373964316336626166353330303539356130646166
|
35633235303530353065343434333164306530363839663366316235333563663965623934383634
|
||||||
63643435353765633766626165643465386331333637366562393861613834323464363932306430
|
32616565313232373964366163323739353261643432363037666639663664303861383033333462
|
||||||
32643836646266643031396262626136313363623663366430376432373036643835653863323631
|
62333633626263393637306365353565306636386238613365643537353861396638643065616236
|
||||||
30613164326430633664306630333632363931656135643465363439376263386561383534633666
|
63303130313363326333663936393765623930636331663837313835333862386263303238386262
|
||||||
64323763656466343064396639313264386239356664663461333166626332326536623132333434
|
35646634663163626438356536346239666461306462326465613339653337326436356638323666
|
||||||
62303261643164643330333662623935383037353338306135613737306563326336336162633138
|
38323134396238356532623430303233303636343839646436363066383136366436336536313766
|
||||||
33623066373265663362303133363032343933306336396466383034636131333837313333326531
|
33373036386465623737316435643430616434336165343832386539666432613365326664663237
|
||||||
39336163313633623639303462313763656632633030336236643030343262653366633939643536
|
61333166343438313131643635663234626638623139363034616263643463356632353932383938
|
||||||
31636535393864663363353930363761623264343630396336396431663330323436613462633136
|
61383065343231633438313536633039633266323563336531663365326137666535623230336134
|
||||||
37336464353730643566393432343762333336653932333366636265343663323462626232623635
|
34646661306330653631383364343566386531313137643233376265313461396538373132396366
|
||||||
34346136333630363539633666316561376266373032373961313437653564636537656630303261
|
66313534386133346161373130386465383139623831653566326434646461306139633433656630
|
||||||
37313639333233333365383763333061373730623939303530303832646365323739356564626137
|
64623164376361643062396139356464373131653036336361623738633263326234323066613661
|
||||||
35633366393636376463393961333830343232363266633931613332643134643234303733373466
|
31306163313038333861656561356661383436363534366665376362346661616464633065303234
|
||||||
35323831623931633436626636346431303965663639666566623433383736633834626330303265
|
61616237313434363761636261313630356639346434636465363763373235636462666338343265
|
||||||
37353337656233663938663839373931623137666662623266336537383631626631306235363064
|
34336533376366393339306539633238326663656266373965623962623665626238366333393734
|
||||||
33313564316438633139336261623736336336326239376630316335313631376132646563333430
|
35646636666535396638373134376362396134353035633566336461326630323833383734356161
|
||||||
33656432643130643832343065353834633366363339353964623762666564633835633636313731
|
62303738343662633735663965336435316630653061373736643035653337363635623863626533
|
||||||
63353637636165663136623736343234393038313235333363643237643566623766393838386635
|
31306138313839616131363333326439323863646236613133333163366162353063366561656631
|
||||||
33646233623032653233336266636335666233353032303837663162303939383262373761623261
|
61623237633361313631633463666335643935616237656134383830393335346632393066666632
|
||||||
35366661363966346233633739663635353361303264356534366235616164316138623730623632
|
66326331653430633165333037316637303138353133313264643739626566353137383265366264
|
||||||
62316362623736396264366632373661373835393434343364353431316362666235616635633566
|
38353533613863353431656665363339633265303463613565636565393836616230643932333762
|
||||||
64353530633334393737346663653562346335323065356665643132353738363132623031353664
|
30353437343761613236613431626536666538336234633166623961363031393235333763626337
|
||||||
66666639326238386634363664356664343161386435323736316636343536326435303066353035
|
65623836323538653730393533383532626133393834376339303630626533613339623666353839
|
||||||
37363731613138393333636562386363333932386362303139643262386237353863363764643139
|
38613833623830306566333035336334383733626166363239356661353965353462393161626136
|
||||||
64616561373239346464623165616332623434303433626638376232333733646136376431626438
|
37336365663863393963653031303337396666653262646635386337386230383562616564653966
|
||||||
66613134343639656331626630303030366133356636663735353466353834613430356265386162
|
34393831383639303562333464653736363330326462623266383038326561323264363563623065
|
||||||
66613332663232623438636661306332613162666561353537313336643134663664306630636639
|
30366435323961613463653636666238383632353661326439346430356134643866396531623039
|
||||||
61613363353264373831393962333631383236666130646333336431303735333165656438363432
|
66663830353732663863393762626161383263663535333032393632633066363836363939316262
|
||||||
38396530333631636135653534393531326434306362396237366430383166323832336434376364
|
30373766363637316535306538663235656137363038623936366465376636393535326437666334
|
||||||
38393431646338316232373431613930326532646333386435303034356564336665346133393866
|
30343437326362613761376262383265313264383464383838386638653065313864353235373331
|
||||||
61643533643361646265313334633463616437393437653935613261366635616430313064346532
|
62646366333137643931316339373761663731633766363864633461323266663236613231656633
|
||||||
32363831613565313836376338646466323130373032613863323037323566643164653132633735
|
31653132343031313535656538663761386266333062646439383633336531373764366166646165
|
||||||
65636562653535626461396666643330386333663137613333643165656336633038323036373162
|
64343439386336323064616634363532353166353531633332663862653666666436666564356236
|
||||||
31376338613862333334643561313332326237646565633934323032626662633631633033623063
|
62336332386437626137386566333934393636313933386466366361633232383135383066396263
|
||||||
63306664656437663732323339383735306132616531373865323835633264333639336163366466
|
38343432323865353563363631646535633438336333316134343862336666313063643036343030
|
||||||
33373433653839393638323034623835643531393266306331313563613265616633353763653438
|
62323732353837363639376564336665343265663861303938316564646533346337306338623834
|
||||||
65363532653163303861383531356639316331343531666666636336373634636134633331366364
|
62353835356465303561346337366136396664383961663237653538643462666263346638303363
|
||||||
62366230366435323435613964636533353236373935626632623536396664313264653031623062
|
32663564646333343532613861336132396530363435626361643631666464383364613336383235
|
||||||
33366166343630313839366262313234346262343336386538336335393835646138666330656361
|
64376465636238633765643234383665663637643565626663393066316538313563393730396430
|
||||||
61313936323838653832633130346539636363613838343363663431623063333933383466353938
|
36373037396264613731353337393261346534343263393862376464393565353739393431313031
|
||||||
65383361333561383631643938613862343236346233363466333237316339616362366565306639
|
61353538366439383234316530326338633635393035376335616565356630633964636639386639
|
||||||
39356563656132303463346138356435303038303165363935343266396462326365363262393336
|
63356666653532666435663564393332303234363465636335316365326365633837663930616233
|
||||||
37396235366639623761366239386165613065626431633733306234343866663266633631656237
|
61343933653232666138613866666430376439396336353535663361373564366262646663653064
|
||||||
63643430383433393835663635356265636635363137613064353066313338346436356632346265
|
31353765386537656235613131323763323930363162646236333632663034356237363231313762
|
||||||
38393730336465396263373137383238653337396364643061303234666266663064663265383434
|
39323531333264633863363163333735303636333866653763373362626265396265356564303533
|
||||||
36636138643432373633313038393737663735363838396164366234643533633762383062353831
|
31353838333337393732633961353561633430616637396235626261316433366339356239633737
|
||||||
66326231363337323666386263373438656630346336663239643030386434636264666634393631
|
64333636333566366237303231376337613539643464663839303438313532323538643738353866
|
||||||
39313364333761343532346165396365306463393037643935666363323630326664616638313338
|
38626438303033346531323836336534633732366631376665663139323037643161326561363635
|
||||||
39396336653738353333343835363861643166376565346463303135376439336134666235623230
|
34633237623537383466316433336636633962623161383338656339613139346138366132356365
|
||||||
32363031303732666133386164313437366164326539373564623236356432303132633436323563
|
38363635666234616532316333366236396639353130646234626533666133363661393038353666
|
||||||
36323634373538376133613736633133356638323861636434646465643432636366376138636232
|
38343530306239336234336463646332356462356565376463383930656561336239656465303231
|
||||||
63633830613462613831313938326339343632393038376639623131366364623536353338363439
|
61323862333032343137636434643335383163366236373161653366323139646235306564366637
|
||||||
32613331623863336165636364616634303264356630303665383638663737343836663831363263
|
31313335653732633434616436636532343037383861393931323734383964346437323933653737
|
||||||
63366562393734323030306436346534626530656465396535323835316139633562363830373437
|
39653633663064313933346231663931343163336166663662333239376634386135666230393563
|
||||||
63626530326530383538623165356532303862353763326432373966626436303465373431373762
|
34333163653935326532386662613537373161366331633737653539333161386461313638643034
|
||||||
38613539623164353732623636376630643465343839666531306438326633343362306665366132
|
62323433613164383731653534383662316364333538613433623731376234306538663766363965
|
||||||
39396537366266353864656232616334336130333337306463313932393832653661343036396261
|
64376432396361636637343539393330323835353562393031616137393363333662346332616464
|
||||||
64613461633433356334623631643861303133383963336635623138326139613564343838366565
|
32643939663266343038356539656464393665616637383030666630333834613830373837353738
|
||||||
36343130353462333162313736636139306233366466626231306561626335396262663531333839
|
63623130653465386135636635643637366231383765623761356563323061343337306538633031
|
||||||
61336437343137356335633764373730306466326133356331333530353537616661373062656438
|
66326334303539623763636362333534643431383962383539613964613531353135663463373266
|
||||||
35356235666464656466323937353837623535643937383866666133383633396563333338633034
|
37326632353861383964653430656362613930353138316566636531323733396231333361663431
|
||||||
38366531613164363966323137646237393135383164643230663331306335636432656565633636
|
66356561366634323832386437336130363535343132333436633761613731636561333039303965
|
||||||
34343031633632346533353666353034666266666561346464306665386634313263323333653330
|
33336532373764303334636461646464633866656237656466613361613131613764366339336233
|
||||||
66323033393531343633356466613837346164393332613037636465343230623731616361336338
|
38373030366130613230636365303233393631383538316230366434326137336532333261383236
|
||||||
61373332373636646435353734386366613334323161626437396232613534613330613532323534
|
64306566343964643139646438633066373261363836386361316138326362373361316536313839
|
||||||
65653065386432313733663165616333663666363733623162306536303833663136353334656466
|
39663633343330663732376230633638626533313963306266363030306431373862633833383532
|
||||||
64353931363838613761663561666639373865393438396565626661343934353662363834636535
|
36623537323532373934613962613761376463363337393666316434383463393962616366643436
|
||||||
65363664393433313036383438643864663339626331343230343337316437336634636363303563
|
34326566383666663266396165613534633464656130313535383963353238623238393837353133
|
||||||
35373539383535353235633730386232363539616632336566376264393832383637663330613133
|
66396661626432313038306362393136616166653962363736363133303835376264616561343736
|
||||||
37643261363966633138373935333438393536373938383265373261363232343030373539366335
|
38383531623733326366333661393262613335653238343235353165613339393535316236353563
|
||||||
61633162663137643061363366653135323639363838626266386262666133306461333432313738
|
35663037363935386634623064636333666135313361303837383630643665613863373931626333
|
||||||
30313332626166303630363839396663396564633961383863326663356230343938643833303933
|
36316138343462636538616466383461353639613264653831323133333262626633353766643730
|
||||||
34333032353935323565346633363537656639613663356130383264373739636231363364613066
|
63343030346536616539643832303238393539383362316137386437356630313438623436636465
|
||||||
36653664346434393933383337313630623131396461343930383537633536643365306564396665
|
35363436306634393764386362616330373732623763373064306562326337303732333733346563
|
||||||
31353861643335353538623838393335326364393738376239623431306231363739656438626265
|
63356231343165653132303338343439356666646162626639646232623064656664336133666233
|
||||||
37666532336661306262303761616238666239623265663231386165353437366631376234343035
|
36366366363264663033333731616632383438306435663631613439646466663434343931663764
|
||||||
33393037316563373534373765616238616639303031346430623561663430393536303163613338
|
36623437666232323336366363333333373430303639393761636463333135626263333066656538
|
||||||
65353062336164626335376235656235343637366438353334356436653266333062663838316263
|
35336431623265663239633963353162366534653864653530623935333137653761336234616133
|
||||||
32623732306462356162623437393035626433336631643833626463656634366332613936346465
|
61643231663033393535383063373236363538623964303435623337383031653734626461623731
|
||||||
34653331363133373635633330363564333264623566613432383439396537343963653239336265
|
62306565303739313166333663363935313362356362303066323635626638393961623138613864
|
||||||
33326132663434363065646265646130333935303662623037363938313464366564323734333437
|
33626639323030306461326232323533303131633630316437333936653839626362613162336339
|
||||||
36336335303738643634653164306332636130316161393335656536386131396662616366383139
|
39373339626238303238306363356166646532623963306438626264633961643765353434326430
|
||||||
36663863343736666665363337663537326330323437346565346465326231366563643136366365
|
65323535306566343537663632393866616239613732643032356536303764636564306630383633
|
||||||
37636361343961326261336437616266373962643765346438333766306537303137353764396330
|
66356435616237376538653539366636636533343866623764316462346634313032333636336166
|
||||||
39626635373631353635313935363834363730386132376363663462653330623130663266373432
|
33653231336563363336303936336430343137653966393530393532323563393532353434393231
|
||||||
65343237326535613535386363396236336536366165306463643162346638623638373433646163
|
38363662613161626132383266323635613165363433623630653663396562366262376634326561
|
||||||
62613935363636353639623839396231393838303135346536383037353636613563323234626131
|
66643938306331663931386535613833613761313639363038616139343966656662646432663666
|
||||||
64373666303436393861373164376564646235366131343433623733663832653039393738343537
|
63393931373738373536323631353361303366343330306565393230396332373932303866333034
|
||||||
65323534343464613230346532623966616462353532373064623566626563336464326336393364
|
35396166633165396537373638333730303730613939386663653032626439363466623231303833
|
||||||
39626237646431313135323036303065343138616632343237396136366332636132303037376132
|
63656338656435383531613734643165613536353632393535646132303034663731396631303237
|
||||||
33623031623635653162616265316366663262373666636638386130643336383130643232643662
|
64376438373538373362353766303963396639333732373266343766363534623063313138616139
|
||||||
34326663343562613962343033396332303261636230353331313730336630633461333736626333
|
39313861616164613031643934313466633431316230656566306666303932343039383737313565
|
||||||
66636430643330383032646634396133626339623036333963396662313234623466366634636334
|
66356432336663636631666138636538323238303462376330663134616365323536386234666136
|
||||||
33373762386662613966353664346239666133656435353365653536356331613632666132376264
|
63343032383465616437303437303063626335363333656166393435343834646634313435653334
|
||||||
62613433366633663065306166396166633836306139376533396165393966323465303638373563
|
31366465386238393133366364376565656639656230343161613463393931373537383564353866
|
||||||
63326330323161303065643365343363313338326238363137663139613463613434643834613662
|
31313464663531353165646665356231646634383936643539323866376631666635306334616261
|
||||||
64663365633965653363633165653038333335333232633434323037643936646561376431626230
|
39383439366664386563386133356239333133306162316466343334356631616434623363643535
|
||||||
66356138373136366134373533386634373061666330663364376336383433306331386162393633
|
38663530623063373965666530386632323034623139303839323761376638313362316430373536
|
||||||
33636330643531396464313736363061303466393861613730323563626363643731333633366532
|
62363265366537656237633663663266653631653561303965616635363438613061306362336430
|
||||||
64646130636234653566346533323962353332653335336239353630633535623935396638663366
|
35303461633864353735613330643966396230623434323132383135623331353361633134663931
|
||||||
37383661343636613261623833653032373764653164346634663431653664636233323734666166
|
33333435306635313161613930656239346461623931356430306364383937353433626435633832
|
||||||
36373664306566663930353338366431623563396166356638626166333165623263636336613138
|
64613437313464323861356338643733386432656233663333343437353935353236346561366330
|
||||||
34343936393964666564306637346561393538383137663162663630336462656663316338376236
|
32396465333833343732653136616636663736623434363765336161383433356333313135313161
|
||||||
63633666333263663734353861633164653132663334306664643133663736663766626639393236
|
33373764393265376661613465626638353636653931323162363031666262653062626166363930
|
||||||
32653430333163313363343731666135656662363838366132383732346130313130363365656263
|
39613931356338393862356537343332633635366134343037633765616634316362386335663036
|
||||||
32643533393163376264653632663262353966306630333064313932616262323134326361633764
|
32666465323538356634346662383238326663333339623430376362306534363630613337626266
|
||||||
63383837303936616434616630653833653833623263623532306363373836323431393335623530
|
39326361383435623939663163373835626439643433393839383730666166666266356361633731
|
||||||
34316562343035326265333164643163356230643639373431326431303538346363376332373434
|
33336265613531303735613239316362633538386632343836613230326164366165616265313066
|
||||||
31313666313663343363353130306561646136393732663164393232636330663635346434343134
|
35333361303734343231633930346230343432336665383337343431303031383962383366343433
|
||||||
33663138663336636430373763396435323138373633666438623234363631336232366635366532
|
63363364333063313632663765633831323863626636643862323865356461366361343563383363
|
||||||
62616239663934653462656163326134303261376635323864633435383666363065656665303538
|
33363138646366333136326435376537356338633862623531393938373935353466376266333664
|
||||||
62626538343638366236646136363232373437336630383739656438636465326531646664366462
|
31633039336362363237376266346561313064393537613832663130653761636633313562316639
|
||||||
36353663626634386538336239623734323234393463313034303837363164363263623065613061
|
36633432613931663263343861396632356136366636336163343333323661666663346365626564
|
||||||
38333162646232366339333662313965663336613238386530393162346266636532353433656136
|
32613734313663656164333537653666313033643262336239623961313638306634343666303938
|
||||||
66326436323836376432313238613165373565643233333435393361636637653361616435393438
|
62636236353161336134323430336263643038623663353965656236623465326661633766363765
|
||||||
32383763393561343734643438346635613663393736613839623263663866336165343235663933
|
35653261663335313065383266383833393431333631653363363030363939323862653262316637
|
||||||
66623137616561313462653631613830363666653635336534643935373739353138363934656134
|
62343263623037643435656165623466326365363532353434643665336632383765313937666535
|
||||||
35663063396162623432373534333463376231666466393963336231653939326663396336383735
|
37663463303034363531386465383663393534393435633764646138313962373735393334326137
|
||||||
34633763336163313432616163313638623963306666643432306661393632346339373963633265
|
61653933316435363130333335323066386532626234626534396435383061333961363739333033
|
||||||
32303862643661376433356661383335313365306534663534396638313531373538326236636363
|
61656364313963303132623837666463633066653165316633373166373161343539393132316665
|
||||||
37626138333437393363323261336663653163643565303063313231346131376261653763356631
|
37646631643265333665643262666265653339616530336361333333633939373839323264613761
|
||||||
62306262336337366134626632333663363139393131306666303235303761623665356431646234
|
62643363356431306330313761623933623333383066333364663439646536333232386232623238
|
||||||
33666461663035303066353137623762653565353533613435663839396238336337333463636465
|
62356533636632396330353430653935613965383938643638353632643865323832623737646635
|
||||||
38353135356634626137376232613330393235383432356436393030313564306537616363383136
|
32636464343734653765396236653538343463373662653733326362363330643038663766383861
|
||||||
66356463373138313661373565326565343066643133633630313031303132313031663739316631
|
34316338343064393862353364613037393231343366633364393535343965623431
|
||||||
66666631386163313034306532393862393930653931363235396662366262636466363464396466
|
|
||||||
61303962303066633764393831396632626233343633313061323838623134373036393164633139
|
|
||||||
30303861636335636131376334376239636235653233323435623262366132663934613661333135
|
|
||||||
61386136326435363337316363666330363431613135663661303438383664663930656564373730
|
|
||||||
32373731393666333364633835646431646662313232383136616238303264383438663766356462
|
|
||||||
32346664376430663934626661663039656461383738626265346162393861346163656161323333
|
|
||||||
39323666643031376530303230626166613233383731363766373634623430633635303963313466
|
|
||||||
34646331363539636133373134353535356265393265393635323532323134643034343663636362
|
|
||||||
38633261613433393634396234396265623063346138363133646532366638306632396464646432
|
|
||||||
61373961383438386535336131393633303430346162613738343839653038303035303033626535
|
|
||||||
37343030623530333332306265373539633735616634663666356437303862636338363866613861
|
|
||||||
38346130336338373865343866306665616530313938616366346131376262346135323537663137
|
|
||||||
39383366313766666234323234363937623264353532323033363966313135653163343036666262
|
|
||||||
34393832613034383239393930383063336131356364303231323966303633333331633666373764
|
|
||||||
65383137333965663234663933303231356165376233326233303035316536666563656363343933
|
|
||||||
36633039666432643135636331353932633164633964623661373739633665313433306561303637
|
|
||||||
62373534346562363132643063643732343462653838393635343266626535353864656437313434
|
|
||||||
34376538303965616539626534613431623834376337643936613137323031323139393762636463
|
|
||||||
66346664666361623636666533663037613434353135393862376633636233656330366136646434
|
|
||||||
30653735323961383130393763333630306131376430363436623238646632363462383739653636
|
|
||||||
37346566663039383866323639633565366338353438386461616239313639343766333661346435
|
|
||||||
33316538366463383733346663316564656566656165396465393461363061613239666165346661
|
|
||||||
62346639623163363762366431313831663135643062336363323336303737393437653863303665
|
|
||||||
36643466336566336236353166333063633830646461626262333937316162353365353130353535
|
|
||||||
30383164363532363532306364393236303537383139643431393962333063633162313033613561
|
|
||||||
32323434336364343061386666616639336566373461633462393130336461303531353436623065
|
|
||||||
65663430623066336533373662306566396263376562343936666166626666323964373334613835
|
|
||||||
64633535303365643564626562643562636363363834353865353765356665643965663861366436
|
|
||||||
63333736613232353130616466316637613966646139323565356537666331666564623832333439
|
|
||||||
36376131663431616430616265323039646432393166613631313762613264313765323231663961
|
|
||||||
65616636306362386534626130636261636566626365643630616135323634343935653033653433
|
|
||||||
3061
|
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
loc_nginx:
|
loc_nginx:
|
||||||
servers: []
|
servers: []
|
||||||
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
---
|
|
||||||
rsyslog_high_density: true
|
|
||||||
...
|
|
70
host_vars/bdd-ovh.adm.auro.re.yml
Normal file
70
host_vars/bdd-ovh.adm.auro.re.yml
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
---
|
||||||
|
postgresql:
|
||||||
|
version: 13
|
||||||
|
|
||||||
|
postgresql_hosts:
|
||||||
|
- database: etherpad
|
||||||
|
user: etherpad
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: codimd
|
||||||
|
user: codimd
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: synapse
|
||||||
|
user: synapse
|
||||||
|
net: 10.128.0.56/32
|
||||||
|
method: md5
|
||||||
|
- database: kanboard
|
||||||
|
user: kanboard
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: grafana
|
||||||
|
user: grafana
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: cas
|
||||||
|
user: cas
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
|
||||||
|
postgresql_databases:
|
||||||
|
- synapse
|
||||||
|
- codimd
|
||||||
|
- etherpad
|
||||||
|
- kanboard
|
||||||
|
- grafana
|
||||||
|
- cas
|
||||||
|
|
||||||
|
postgresql_users:
|
||||||
|
- name: synapse
|
||||||
|
database: synapse
|
||||||
|
password: "{{ postgresql_synapse_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: codimd
|
||||||
|
database: codimd
|
||||||
|
password: "{{ postgresql_codimd_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: etherpad
|
||||||
|
database: etherpad
|
||||||
|
password: "{{ postgresql_etherpad_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: kanboard
|
||||||
|
database: kanboard
|
||||||
|
password: "{{ postgresql_kanboard_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: grafana
|
||||||
|
database: grafana
|
||||||
|
password: "{{ postgresql_grafana_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: cas
|
||||||
|
database: cas
|
||||||
|
password: "{{ postgresql_cas_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
...
|
50
host_vars/bdd.adm.auro.re.yml
Normal file
50
host_vars/bdd.adm.auro.re.yml
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
---
|
||||||
|
postgresql:
|
||||||
|
version: 13
|
||||||
|
|
||||||
|
postgresql_hosts:
|
||||||
|
- database: nextcloud
|
||||||
|
user: nextcloud
|
||||||
|
net: 10.128.0.58/32
|
||||||
|
method: md5
|
||||||
|
- database: gitea
|
||||||
|
user: gitea
|
||||||
|
net: 10.128.0.60/32
|
||||||
|
method: md5
|
||||||
|
- database: wikijs
|
||||||
|
user: wikijs
|
||||||
|
net: 10.128.0.66/32
|
||||||
|
method: md5
|
||||||
|
- database: drone
|
||||||
|
user: drone
|
||||||
|
net: 10.128.0.64/32
|
||||||
|
method: md5
|
||||||
|
|
||||||
|
postgresql_databases:
|
||||||
|
- nextcloud
|
||||||
|
- gitea
|
||||||
|
- wikijs
|
||||||
|
- drone
|
||||||
|
|
||||||
|
postgresql_users:
|
||||||
|
- name: nextcloud
|
||||||
|
database: nextcloud
|
||||||
|
password: "{{ postgresql_nextcloud_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: gitea
|
||||||
|
database: gitea
|
||||||
|
password: "{{ postgresql_gitea_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: wikijs
|
||||||
|
database: wikijs
|
||||||
|
password: "{{ postgresql_wikijs_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: drone
|
||||||
|
database: drone
|
||||||
|
password: "{{ postgresql_drone_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
...
|
|
@ -10,7 +10,5 @@ rsyslog_inputs:
|
||||||
port: 20514
|
port: 20514
|
||||||
- proto: udp
|
- proto: udp
|
||||||
port: 514
|
port: 514
|
||||||
- proto: tcp
|
|
||||||
port: 6514
|
|
||||||
rsyslog_outputs: []
|
rsyslog_outputs: []
|
||||||
...
|
...
|
||||||
|
|
|
@ -13,8 +13,6 @@ loc_reverseproxy:
|
||||||
to: auro.re
|
to: auro.re
|
||||||
- from: 92.222.211.195
|
- from: 92.222.211.195
|
||||||
to: auro.re
|
to: auro.re
|
||||||
- from: codimd.auro.re
|
|
||||||
to: hedgedoc.auro.re
|
|
||||||
|
|
||||||
reverseproxy_sites:
|
reverseproxy_sites:
|
||||||
- from: phabricator.auro.re
|
- from: phabricator.auro.re
|
||||||
|
@ -29,9 +27,6 @@ loc_reverseproxy:
|
||||||
- from: passbolt.auro.re
|
- from: passbolt.auro.re
|
||||||
to: 10.128.0.53
|
to: 10.128.0.53
|
||||||
|
|
||||||
- from: auth.auro.re
|
|
||||||
to: 10.128.0.150:8089
|
|
||||||
|
|
||||||
- from: riot.auro.re
|
- from: riot.auro.re
|
||||||
to: "10.128.0.150:8080"
|
to: "10.128.0.150:8080"
|
||||||
- from: element.auro.re
|
- from: element.auro.re
|
||||||
|
@ -39,6 +34,8 @@ loc_reverseproxy:
|
||||||
- from: chat.auro.re
|
- from: chat.auro.re
|
||||||
to: "10.128.0.150:8080"
|
to: "10.128.0.150:8080"
|
||||||
|
|
||||||
|
- from: codimd.auro.re
|
||||||
|
to: "10.128.0.150:8081"
|
||||||
- from: hedgedoc.auro.re
|
- from: hedgedoc.auro.re
|
||||||
to: "10.128.0.150:8081"
|
to: "10.128.0.150:8081"
|
||||||
|
|
||||||
|
@ -59,8 +56,6 @@ loc_reverseproxy:
|
||||||
|
|
||||||
- from: cas.auro.re
|
- from: cas.auro.re
|
||||||
to: "10.128.0.150:8085"
|
to: "10.128.0.150:8085"
|
||||||
- from: rss.auro.re
|
|
||||||
to: 10.128.0.150:8090
|
|
||||||
- from: status.auro.re
|
- from: status.auro.re
|
||||||
to: "10.128.0.150:8086"
|
to: "10.128.0.150:8086"
|
||||||
- from: "kanboard.auro.re"
|
- from: "kanboard.auro.re"
|
||||||
|
|
|
@ -41,6 +41,9 @@ loc_reverseproxy:
|
||||||
- from: intranet.auro.re
|
- from: intranet.auro.re
|
||||||
to: 10.128.0.20
|
to: 10.128.0.20
|
||||||
|
|
||||||
|
- from: bbb.auro.re
|
||||||
|
to: 10.128.0.54
|
||||||
|
|
||||||
- from: nextcloud.auro.re
|
- from: nextcloud.auro.re
|
||||||
to: "10.128.0.58:8080"
|
to: "10.128.0.58:8080"
|
||||||
|
|
||||||
|
@ -61,12 +64,3 @@ loc_reverseproxy:
|
||||||
|
|
||||||
- from: wikijs.auro.re
|
- from: wikijs.auro.re
|
||||||
to: "10.128.0.66:3000"
|
to: "10.128.0.66:3000"
|
||||||
|
|
||||||
- from: wiki.auro.re
|
|
||||||
to: "10.128.0.66:3000"
|
|
||||||
|
|
||||||
- from: netbox.auro.re
|
|
||||||
to: 10.128.0.97
|
|
||||||
|
|
||||||
- from: grafana.auro.re
|
|
||||||
to: "10.128.0.98:3000"
|
|
||||||
|
|
1
host_vars/re2o-bdd.adm.auro.re.yml
Normal file
1
host_vars/re2o-bdd.adm.auro.re.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
postgresql_databases: true
|
348
hosts
348
hosts
|
@ -8,11 +8,10 @@
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Aurore : main services
|
# Aurore : main services
|
||||||
|
|
||||||
|
viviane.adm.auro.re
|
||||||
|
|
||||||
[aurore_pve]
|
[aurore_pve]
|
||||||
escalope.adm.auro.re
|
merlin.adm.auro.re
|
||||||
services-1.pve.auro.re
|
|
||||||
services-2.pve.auro.re
|
|
||||||
services-3.pve.auro.re
|
|
||||||
|
|
||||||
[aurore_vm]
|
[aurore_vm]
|
||||||
routeur-aurore.adm.auro.re
|
routeur-aurore.adm.auro.re
|
||||||
|
@ -26,10 +25,11 @@ camelot.adm.auro.re
|
||||||
gitea.adm.auro.re
|
gitea.adm.auro.re
|
||||||
drone.adm.auro.re
|
drone.adm.auro.re
|
||||||
nextcloud.adm.auro.re
|
nextcloud.adm.auro.re
|
||||||
galene.adm.auro.re
|
stream.adm.auro.re
|
||||||
re2o-server.adm.auro.re
|
re2o-server.adm.auro.re
|
||||||
re2o-ldap.adm.auro.re
|
re2o-ldap.adm.auro.re
|
||||||
re2o-db.adm.auro.re
|
re2o-db.adm.auro.re
|
||||||
|
backup.adm.auro.re
|
||||||
mail.adm.auro.re
|
mail.adm.auro.re
|
||||||
wikijs.adm.auro.re
|
wikijs.adm.auro.re
|
||||||
prometheus-aurore.adm.auro.re
|
prometheus-aurore.adm.auro.re
|
||||||
|
@ -40,16 +40,9 @@ bdd.adm.auro.re
|
||||||
bdd-ovh.adm.auro.re
|
bdd-ovh.adm.auro.re
|
||||||
litl.adm.auro.re
|
litl.adm.auro.re
|
||||||
log.adm.auro.re
|
log.adm.auro.re
|
||||||
netbox.adm.auro.re
|
|
||||||
grafana.adm.auro.re
|
|
||||||
dolibarr.adm.auro.re
|
|
||||||
infra-1.router.auro.re ansible_host=10.129.0.245
|
|
||||||
infra-2.router.auro.re ansible_host=10.129.0.246
|
|
||||||
|
|
||||||
[aurore_testing_vm]
|
[aurore_testing_vm]
|
||||||
|
pendragon.adm.auro.re
|
||||||
[aurore_ilo]
|
|
||||||
escalope-ilo.adm.auro.re
|
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# OVH
|
# OVH
|
||||||
|
@ -59,11 +52,16 @@ horus.adm.auro.re
|
||||||
|
|
||||||
[ovh_container]
|
[ovh_container]
|
||||||
synapse.adm.auro.re
|
synapse.adm.auro.re
|
||||||
|
phabricator.adm.auro.re
|
||||||
|
wiki.adm.auro.re
|
||||||
www.adm.auro.re
|
www.adm.auro.re
|
||||||
proxy-ovh.adm.auro.re
|
proxy-ovh.adm.auro.re
|
||||||
|
matrix-services.adm.auro.re
|
||||||
|
|
||||||
[ovh_vm]
|
[ovh_vm]
|
||||||
serge.adm.auro.re
|
serge.adm.auro.re
|
||||||
|
passbolt.adm.auro.re
|
||||||
|
vpn-ovh.adm.auro.re
|
||||||
docker-ovh.adm.auro.re
|
docker-ovh.adm.auro.re
|
||||||
switchs-manager.adm.auro.re
|
switchs-manager.adm.auro.re
|
||||||
ldap-replica-ovh.adm.auro.re
|
ldap-replica-ovh.adm.auro.re
|
||||||
|
@ -77,10 +75,8 @@ prometheus-federate.adm.auro.re
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Les Jardins de Fleming
|
# Les Jardins de Fleming
|
||||||
|
|
||||||
[fleming_server]
|
|
||||||
perceval.adm.auro.re
|
|
||||||
|
|
||||||
[fleming_pve]
|
[fleming_pve]
|
||||||
|
freya.adm.auro.re
|
||||||
marki.adm.auro.re
|
marki.adm.auro.re
|
||||||
|
|
||||||
[fleming_vm]
|
[fleming_vm]
|
||||||
|
@ -89,30 +85,37 @@ dhcp-fleming.adm.auro.re
|
||||||
dhcp-fleming-backup.adm.auro.re
|
dhcp-fleming-backup.adm.auro.re
|
||||||
dns-fleming.adm.auro.re
|
dns-fleming.adm.auro.re
|
||||||
dns-fleming-backup.adm.auro.re
|
dns-fleming-backup.adm.auro.re
|
||||||
ntp-1.int.infra.auro.re
|
|
||||||
prometheus-fleming.adm.auro.re
|
prometheus-fleming.adm.auro.re
|
||||||
#prometheus-fleming-fo.adm.auro.re
|
#prometheus-fleming-fo.adm.auro.re
|
||||||
radius-fleming.adm.auro.re
|
radius-fleming.adm.auro.re
|
||||||
dns-1.int.infra.auro.re
|
|
||||||
isp-1.rtr.infra.auro.re
|
|
||||||
isp-2.rtr.infra.auro.re
|
|
||||||
dhcp-1.isp.auro.re
|
|
||||||
dhcp-2.isp.auro.re
|
|
||||||
radius-fleming-backup.adm.auro.re
|
radius-fleming-backup.adm.auro.re
|
||||||
unifi-fleming.adm.auro.re
|
unifi-fleming.adm.auro.re
|
||||||
routeur-fleming.adm.auro.re
|
routeur-fleming.adm.auro.re
|
||||||
routeur-fleming-backup.adm.auro.re
|
routeur-fleming-backup.adm.auro.re
|
||||||
|
|
||||||
[fleming_ilo]
|
|
||||||
marki-ilo.adm.auro.re
|
|
||||||
|
|
||||||
[fleming_unifi]
|
[fleming_unifi]
|
||||||
fa-0-1.borne.auro.re
|
ff-1-2.borne.auro.re
|
||||||
|
fe-1-2.borne.auro.re
|
||||||
|
ff-2-2.borne.auro.re
|
||||||
|
ff-3-2.borne.auro.re
|
||||||
|
ff-4-2.borne.auro.re
|
||||||
|
fh-1-2.borne.auro.re
|
||||||
|
fh-2-2.borne.auro.re
|
||||||
|
fe-3-2.borne.auro.re
|
||||||
|
fe-2-2.borne.auro.re
|
||||||
|
fe-4-2.borne.auro.re
|
||||||
|
fh-3-2.borne.auro.re
|
||||||
|
fh-4-2.borne.auro.re
|
||||||
|
fg-3-2.borne.auro.re
|
||||||
|
fg-2-2.borne.auro.re
|
||||||
|
fi-1-2.borne.auro.re
|
||||||
|
fi-2-2.borne.auro.re
|
||||||
|
fi-3-2.borne.auro.re
|
||||||
|
fi-4-2.borne.auro.re
|
||||||
fa-1-1.borne.auro.re
|
fa-1-1.borne.auro.re
|
||||||
fa-2-1.borne.auro.re
|
fa-2-1.borne.auro.re
|
||||||
fa-3-1.borne.auro.re
|
fa-3-1.borne.auro.re
|
||||||
fa-4-1.borne.auro.re
|
fa-4-1.borne.auro.re
|
||||||
fa-j-1.borne.auro.re
|
|
||||||
fb-0-1.borne.auro.re
|
fb-0-1.borne.auro.re
|
||||||
fb-1-1.borne.auro.re
|
fb-1-1.borne.auro.re
|
||||||
fb-2-1.borne.auro.re
|
fb-2-1.borne.auro.re
|
||||||
|
@ -123,83 +126,67 @@ fc-1-1.borne.auro.re
|
||||||
fc-2-1.borne.auro.re
|
fc-2-1.borne.auro.re
|
||||||
fc-3-1.borne.auro.re
|
fc-3-1.borne.auro.re
|
||||||
fc-4-1.borne.auro.re
|
fc-4-1.borne.auro.re
|
||||||
|
fd-2-1.borne.auro.re
|
||||||
fd-0-1.borne.auro.re
|
fd-0-1.borne.auro.re
|
||||||
fd-1-1.borne.auro.re
|
fd-1-1.borne.auro.re
|
||||||
fd-2-1.borne.auro.re
|
fa-0-1.borne.auro.re
|
||||||
fd-3-1.borne.auro.re
|
fd-3-1.borne.auro.re
|
||||||
fe-0-1.borne.auro.re
|
fe-0-1.borne.auro.re
|
||||||
fe-1-1.borne.auro.re
|
|
||||||
fe-1-2.borne.auro.re
|
|
||||||
fe-2-1.borne.auro.re
|
|
||||||
fe-2-2.borne.auro.re
|
|
||||||
fe-3-1.borne.auro.re
|
fe-3-1.borne.auro.re
|
||||||
fe-3-2.borne.auro.re
|
|
||||||
fe-4-1.borne.auro.re
|
fe-4-1.borne.auro.re
|
||||||
fe-4-2.borne.auro.re
|
|
||||||
ff-0-1.borne.auro.re
|
ff-0-1.borne.auro.re
|
||||||
ff-0-f.borne.auro.re
|
|
||||||
ff-1-1.borne.auro.re
|
ff-1-1.borne.auro.re
|
||||||
ff-1-2.borne.auro.re
|
|
||||||
ff-2-1.borne.auro.re
|
ff-2-1.borne.auro.re
|
||||||
ff-2-2.borne.auro.re
|
|
||||||
ff-3-1.borne.auro.re
|
ff-3-1.borne.auro.re
|
||||||
ff-3-2.borne.auro.re
|
|
||||||
ff-4-1.borne.auro.re
|
ff-4-1.borne.auro.re
|
||||||
ff-4-2.borne.auro.re
|
|
||||||
fg-0-1.borne.auro.re
|
fg-0-1.borne.auro.re
|
||||||
fg-1-1.borne.auro.re
|
fg-1-1.borne.auro.re
|
||||||
fg-1-2.borne.auro.re
|
|
||||||
fg-2-1.borne.auro.re
|
fg-2-1.borne.auro.re
|
||||||
fg-2-2.borne.auro.re
|
|
||||||
fg-3-1.borne.auro.re
|
fg-3-1.borne.auro.re
|
||||||
fg-3-2.borne.auro.re
|
|
||||||
fg-4-1.borne.auro.re
|
fg-4-1.borne.auro.re
|
||||||
fh-0-1.borne.auro.re
|
fh-0-1.borne.auro.re
|
||||||
fh-1-1.borne.auro.re
|
fh-1-1.borne.auro.re
|
||||||
fh-1-2.borne.auro.re
|
|
||||||
fh-2-1.borne.auro.re
|
fh-2-1.borne.auro.re
|
||||||
fh-2-2.borne.auro.re
|
|
||||||
fh-3-1.borne.auro.re
|
fh-3-1.borne.auro.re
|
||||||
fh-3-2.borne.auro.re
|
fe-2-1.borne.auro.re
|
||||||
fh-4-1.borne.auro.re
|
fh-4-1.borne.auro.re
|
||||||
fh-4-2.borne.auro.re
|
|
||||||
fi-0-1.borne.auro.re
|
fi-0-1.borne.auro.re
|
||||||
fi-0-2.borne.auro.re
|
|
||||||
fi-1-1.borne.auro.re
|
fi-1-1.borne.auro.re
|
||||||
fi-1-2.borne.auro.re
|
|
||||||
fi-2-1.borne.auro.re
|
fi-2-1.borne.auro.re
|
||||||
fi-2-2.borne.auro.re
|
|
||||||
fi-3-1.borne.auro.re
|
fi-3-1.borne.auro.re
|
||||||
fi-3-2.borne.auro.re
|
|
||||||
fi-4-1.borne.auro.re
|
fi-4-1.borne.auro.re
|
||||||
fi-4-2.borne.auro.re
|
|
||||||
fj-0-1.borne.auro.re
|
fj-0-1.borne.auro.re
|
||||||
fj-1-1.borne.auro.re
|
fj-1-1.borne.auro.re
|
||||||
fj-1-2.borne.auro.re
|
|
||||||
fj-2-1.borne.auro.re
|
fj-2-1.borne.auro.re
|
||||||
fj-2-2.borne.auro.re
|
|
||||||
fj-3-1.borne.auro.re
|
fj-3-1.borne.auro.re
|
||||||
fj-3-2.borne.auro.re
|
|
||||||
fj-4-1.borne.auro.re
|
fj-4-1.borne.auro.re
|
||||||
fj-4-2.borne.auro.re
|
|
||||||
fk-0-1.borne.auro.re
|
fk-0-1.borne.auro.re
|
||||||
fk-1-1.borne.auro.re
|
fk-1-1.borne.auro.re
|
||||||
fk-1-2.borne.auro.re
|
|
||||||
fk-2-1.borne.auro.re
|
fk-2-1.borne.auro.re
|
||||||
fk-2-2.borne.auro.re
|
|
||||||
fk-3-1.borne.auro.re
|
fk-3-1.borne.auro.re
|
||||||
fk-3-2.borne.auro.re
|
|
||||||
fk-4-1.borne.auro.re
|
fk-4-1.borne.auro.re
|
||||||
fk-4-2.borne.auro.re
|
|
||||||
fl-0-1.borne.auro.re
|
fl-0-1.borne.auro.re
|
||||||
fl-1-1.borne.auro.re
|
fl-1-1.borne.auro.re
|
||||||
fl-1-2.borne.auro.re
|
|
||||||
fl-2-1.borne.auro.re
|
fl-2-1.borne.auro.re
|
||||||
fl-2-2.borne.auro.re
|
|
||||||
fl-3-1.borne.auro.re
|
fl-3-1.borne.auro.re
|
||||||
fl-3-2.borne.auro.re
|
|
||||||
fl-4-1.borne.auro.re
|
fl-4-1.borne.auro.re
|
||||||
|
fe-1-1.borne.auro.re
|
||||||
|
ff-0-f.borne.auro.re
|
||||||
|
fj-4-2.borne.auro.re
|
||||||
|
fj-3-2.borne.auro.re
|
||||||
|
fj-2-2.borne.auro.re
|
||||||
|
fj-1-2.borne.auro.re
|
||||||
|
fk-4-2.borne.auro.re
|
||||||
|
fk-3-2.borne.auro.re
|
||||||
|
fk-2-2.borne.auro.re
|
||||||
|
fk-1-2.borne.auro.re
|
||||||
fl-4-2.borne.auro.re
|
fl-4-2.borne.auro.re
|
||||||
|
fl-3-2.borne.auro.re
|
||||||
|
fl-2-2.borne.auro.re
|
||||||
|
fl-1-2.borne.auro.re
|
||||||
|
fa-j-1.borne.auro.re
|
||||||
|
fg-1-2.borne.auro.re
|
||||||
|
fi-0-2.borne.auro.re
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Pacaterie
|
# Pacaterie
|
||||||
|
@ -222,51 +209,48 @@ unifi-pacaterie.adm.auro.re
|
||||||
routeur-pacaterie.adm.auro.re
|
routeur-pacaterie.adm.auro.re
|
||||||
routeur-pacaterie-backup.adm.auro.re
|
routeur-pacaterie-backup.adm.auro.re
|
||||||
|
|
||||||
[pacaterie_ilo]
|
|
||||||
mordred-ilo.adm.auro.re
|
|
||||||
titan-ilo.adm.auro.re
|
|
||||||
|
|
||||||
[pacaterie_unifi]
|
[pacaterie_unifi]
|
||||||
pc-1-1.borne.auro.re
|
pn-1-1.borne.auro.re
|
||||||
pn-0-1.borne.auro.re
|
|
||||||
pn-0-2.borne.auro.re
|
pn-0-2.borne.auro.re
|
||||||
pn-0-3.borne.auro.re
|
pn-0-3.borne.auro.re
|
||||||
pn-1-1.borne.auro.re
|
|
||||||
pn-1-2.borne.auro.re
|
|
||||||
pn-1-3.borne.auro.re
|
pn-1-3.borne.auro.re
|
||||||
pn-2-1.borne.auro.re
|
pn-3-1.borne.auro.re
|
||||||
pn-2-2.borne.auro.re
|
pn-2-2.borne.auro.re
|
||||||
pn-2-3.borne.auro.re
|
pn-2-3.borne.auro.re
|
||||||
pn-3-1.borne.auro.re
|
|
||||||
pn-3-2.borne.auro.re
|
|
||||||
pn-3-3.borne.auro.re
|
pn-3-3.borne.auro.re
|
||||||
pn-4-1.borne.auro.re
|
|
||||||
pn-4-2.borne.auro.re
|
|
||||||
pn-4-3.borne.auro.re
|
pn-4-3.borne.auro.re
|
||||||
ps-0-1.borne.auro.re
|
pn-2-1.borne.auro.re
|
||||||
ps-0-2.borne.auro.re
|
pn-3-2.borne.auro.re
|
||||||
|
pn-0-1.borne.auro.re
|
||||||
|
pn-1-2.borne.auro.re
|
||||||
|
pc-1-1.borne.auro.re
|
||||||
|
pn-4-2.borne.auro.re
|
||||||
|
pn-4-1.borne.auro.re
|
||||||
ps-0-3.borne.auro.re
|
ps-0-3.borne.auro.re
|
||||||
ps-1-1.borne.auro.re
|
ps-0-1.borne.auro.re
|
||||||
ps-1-2.borne.auro.re
|
|
||||||
ps-1-3.borne.auro.re
|
ps-1-3.borne.auro.re
|
||||||
ps-2-1.borne.auro.re
|
|
||||||
ps-2-2.borne.auro.re
|
|
||||||
ps-2-3.borne.auro.re
|
ps-2-3.borne.auro.re
|
||||||
ps-3-1.borne.auro.re
|
ps-1-2.borne.auro.re
|
||||||
ps-3-2.borne.auro.re
|
ps-3-2.borne.auro.re
|
||||||
ps-3-3.borne.auro.re
|
|
||||||
ps-4-1.borne.auro.re
|
ps-4-1.borne.auro.re
|
||||||
ps-4-2.borne.auro.re
|
ps-2-1.borne.auro.re
|
||||||
|
ps-3-1.borne.auro.re
|
||||||
ps-4-3.borne.auro.re
|
ps-4-3.borne.auro.re
|
||||||
|
ps-2-2.borne.auro.re
|
||||||
|
ps-1-1.borne.auro.re
|
||||||
|
ps-4-2.borne.auro.re
|
||||||
|
ps-0-2.borne.auro.re
|
||||||
|
ps-3-3.borne.auro.re
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Emilie du Chatelet
|
# Emilie du Chatelet
|
||||||
|
|
||||||
[edc_server]
|
[edc_server]
|
||||||
caradoc.adm.auro.re
|
perceval.adm.auro.re
|
||||||
|
|
||||||
[edc_pve]
|
[edc_pve]
|
||||||
chapalux.adm.auro.re
|
chapalux.adm.auro.re
|
||||||
|
escalope.adm.auro.re
|
||||||
|
|
||||||
[edc_vm]
|
[edc_vm]
|
||||||
routeur-edc.adm.auro.re
|
routeur-edc.adm.auro.re
|
||||||
|
@ -281,20 +265,13 @@ radius-edc-backup.adm.auro.re
|
||||||
ldap-replica-edc.adm.auro.re
|
ldap-replica-edc.adm.auro.re
|
||||||
prometheus-edc.adm.auro.re
|
prometheus-edc.adm.auro.re
|
||||||
|
|
||||||
[edc_ilo]
|
|
||||||
caradoc-ilo.adm.auro.re
|
|
||||||
chapalux-ilo.adm.auro.re
|
|
||||||
|
|
||||||
[edc_unifi]
|
[edc_unifi]
|
||||||
ee-2-1.borne.auro.re
|
|
||||||
ee-2-2.borne.auro.re
|
|
||||||
eo-0-1.borne.auro.re
|
|
||||||
eo-2-1.borne.auro.re
|
|
||||||
ep-0-1.borne.auro.re
|
|
||||||
ep-1-1.borne.auro.re
|
ep-1-1.borne.auro.re
|
||||||
ep-1-2.borne.auro.re
|
|
||||||
ep-1-3.borne.auro.re
|
ep-1-3.borne.auro.re
|
||||||
|
ep-1-2.borne.auro.re
|
||||||
|
ep-0-1.borne.auro.re
|
||||||
|
eo-2-1.borne.auro.re
|
||||||
|
ee-2-1.borne.auro.re
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# George Sand
|
# George Sand
|
||||||
|
@ -316,64 +293,59 @@ radius-gs-backup.adm.auro.re
|
||||||
prometheus-gs.adm.auro.re
|
prometheus-gs.adm.auro.re
|
||||||
ldap-replica-gs.adm.auro.re
|
ldap-replica-gs.adm.auro.re
|
||||||
|
|
||||||
[gs_ilo]
|
|
||||||
lancelot-ilo.adm.auro.re
|
|
||||||
odin-ilo.adm.auro.re
|
|
||||||
|
|
||||||
[gs_unifi]
|
[gs_unifi]
|
||||||
|
ga-1-2.borne.auro.re
|
||||||
|
ge-3-2.borne.auro.re
|
||||||
|
gb-4-2.borne.auro.re
|
||||||
|
gg-5-2.borne.auro.re
|
||||||
|
gd-5-2.borne.auro.re
|
||||||
|
gc-5-2.borne.auro.re
|
||||||
|
gc-3-1.borne.auro.re
|
||||||
|
gc-4-1.borne.auro.re
|
||||||
|
gg-5-1.borne.auro.re
|
||||||
|
ge-1-2.borne.auro.re
|
||||||
|
gh-1-2.borne.auro.re
|
||||||
|
gd-1-2.borne.auro.re
|
||||||
|
gf-3-2.borne.auro.re
|
||||||
|
gd-4-2.borne.auro.re
|
||||||
ga-0-1.borne.auro.re
|
ga-0-1.borne.auro.re
|
||||||
ga-1-1.borne.auro.re
|
ga-1-1.borne.auro.re
|
||||||
ga-1-2.borne.auro.re
|
|
||||||
ga-2-1.borne.auro.re
|
ga-2-1.borne.auro.re
|
||||||
ga-2-2.borne.auro.re
|
|
||||||
ga-3-1.borne.auro.re
|
ga-3-1.borne.auro.re
|
||||||
ga-4-1.borne.auro.re
|
ga-4-1.borne.auro.re
|
||||||
ga-5-1.borne.auro.re
|
ga-5-1.borne.auro.re
|
||||||
ga-5-2.borne.auro.re
|
|
||||||
gb-1-1.borne.auro.re
|
gb-1-1.borne.auro.re
|
||||||
|
gc-1-1.borne.auro.re
|
||||||
|
gc-2-1.borne.auro.re
|
||||||
|
gc-5-1.borne.auro.re
|
||||||
gb-2-1.borne.auro.re
|
gb-2-1.borne.auro.re
|
||||||
gb-3-1.borne.auro.re
|
gb-3-1.borne.auro.re
|
||||||
gb-4-1.borne.auro.re
|
gb-4-1.borne.auro.re
|
||||||
gb-4-2.borne.auro.re
|
|
||||||
gb-5-1.borne.auro.re
|
gb-5-1.borne.auro.re
|
||||||
gc-1-1.borne.auro.re
|
|
||||||
gc-2-1.borne.auro.re
|
|
||||||
gc-3-1.borne.auro.re
|
|
||||||
gc-4-1.borne.auro.re
|
|
||||||
gc-5-1.borne.auro.re
|
|
||||||
gc-5-2.borne.auro.re
|
|
||||||
gd-1-1.borne.auro.re
|
gd-1-1.borne.auro.re
|
||||||
gd-1-2.borne.auro.re
|
|
||||||
gd-2-1.borne.auro.re
|
gd-2-1.borne.auro.re
|
||||||
gd-3-1.borne.auro.re
|
gd-3-1.borne.auro.re
|
||||||
gd-4-1.borne.auro.re
|
gd-4-1.borne.auro.re
|
||||||
gd-4-2.borne.auro.re
|
|
||||||
gd-5-1.borne.auro.re
|
gd-5-1.borne.auro.re
|
||||||
gd-5-2.borne.auro.re
|
|
||||||
gd-garage-1.borne.auro.re
|
|
||||||
ge-0-1.borne.auro.re
|
ge-0-1.borne.auro.re
|
||||||
ge-1-1.borne.auro.re
|
ge-1-1.borne.auro.re
|
||||||
ge-1-2.borne.auro.re
|
|
||||||
ge-2-1.borne.auro.re
|
ge-2-1.borne.auro.re
|
||||||
ge-2-2.borne.auro.re
|
|
||||||
ge-3-1.borne.auro.re
|
ge-3-1.borne.auro.re
|
||||||
ge-3-2.borne.auro.re
|
|
||||||
ge-4-1.borne.auro.re
|
ge-4-1.borne.auro.re
|
||||||
ge-5-1.borne.auro.re
|
ge-5-1.borne.auro.re
|
||||||
gf-0-1.borne.auro.re
|
gf-0-1.borne.auro.re
|
||||||
gf-1-1.borne.auro.re
|
|
||||||
gf-2-1.borne.auro.re
|
gf-2-1.borne.auro.re
|
||||||
gf-3-1.borne.auro.re
|
gf-3-1.borne.auro.re
|
||||||
gf-3-2.borne.auro.re
|
|
||||||
gf-4-1.borne.auro.re
|
gf-4-1.borne.auro.re
|
||||||
|
gf-1-1.borne.auro.re
|
||||||
|
gd-garage-1.borne.auro.re
|
||||||
gf-5-1.borne.auro.re
|
gf-5-1.borne.auro.re
|
||||||
gg-5-1.borne.auro.re
|
|
||||||
gg-5-2.borne.auro.re
|
|
||||||
gh-1-2.borne.auro.re
|
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Les Rives
|
# Les Rives
|
||||||
[rives_pve]
|
[rives_pve]
|
||||||
|
thor.adm.auro.re
|
||||||
loki.adm.auro.re
|
loki.adm.auro.re
|
||||||
|
|
||||||
[rives_vm]
|
[rives_vm]
|
||||||
|
@ -384,75 +356,41 @@ radius-rives-backup.adm.auro.re
|
||||||
routeur-rives-backup.adm.auro.re
|
routeur-rives-backup.adm.auro.re
|
||||||
ldap-replica-rives.adm.auro.re
|
ldap-replica-rives.adm.auro.re
|
||||||
prometheus-rives.adm.auro.re
|
prometheus-rives.adm.auro.re
|
||||||
dhcp-rives.adm.auro.re
|
|
||||||
dns-rives.adm.auro.re
|
|
||||||
radius-rives.adm.auro.re
|
|
||||||
routeur-rives.adm.auro.re
|
|
||||||
|
|
||||||
[rives_ilo]
|
|
||||||
loki-ilo.adm.auro.re
|
|
||||||
|
|
||||||
[rives_unifi]
|
[rives_unifi]
|
||||||
r1-1-1.borne.auro.re
|
r3-4-4.borne.auro.re
|
||||||
r1-1-2.borne.auro.re
|
r3-4-3.borne.auro.re
|
||||||
r1-1-3.borne.auro.re
|
r3-2-1.borne.auro.re
|
||||||
r1-1-4.borne.auro.re
|
r3-4-1.borne.auro.re
|
||||||
r1-1-5.borne.auro.re
|
r3-2-8.borne.auro.re
|
||||||
r1-1-6.borne.auro.re
|
r3-3-4.borne.auro.re
|
||||||
r1-2-1.borne.auro.re
|
|
||||||
r1-2-2.borne.auro.re
|
|
||||||
r1-2-3.borne.auro.re
|
|
||||||
r1-2-4.borne.auro.re
|
|
||||||
r1-3-1.borne.auro.re
|
|
||||||
r1-3-2.borne.auro.re
|
|
||||||
r1-3-3.borne.auro.re
|
|
||||||
r1-3-4.borne.auro.re
|
|
||||||
r1-3-5.borne.auro.re
|
|
||||||
r1-3-6.borne.auro.re
|
|
||||||
r2-1-1.borne.auro.re
|
|
||||||
r2-1-2.borne.auro.re
|
|
||||||
r2-1-3.borne.auro.re
|
|
||||||
r2-1-4.borne.auro.re
|
|
||||||
r2-2-1.borne.auro.re
|
|
||||||
r2-2-2.borne.auro.re
|
|
||||||
r2-2-3.borne.auro.re
|
|
||||||
r2-3-1.borne.auro.re
|
|
||||||
r2-3-2.borne.auro.re
|
|
||||||
r2-3-3.borne.auro.re
|
|
||||||
r2-3-4.borne.auro.re
|
|
||||||
r3-0-1.borne.auro.re
|
|
||||||
r3-0-2.borne.auro.re
|
|
||||||
r3-0-3.borne.auro.re
|
|
||||||
r3-0-4.borne.auro.re
|
|
||||||
r3-1-1.borne.auro.re
|
|
||||||
r3-1-2.borne.auro.re
|
|
||||||
r3-1-3.borne.auro.re
|
r3-1-3.borne.auro.re
|
||||||
r3-1-4.borne.auro.re
|
r3-3-5.borne.auro.re
|
||||||
r3-1-5.borne.auro.re
|
r3-2-4.borne.auro.re
|
||||||
|
r3-3-6.borne.auro.re
|
||||||
|
r3-1-2.borne.auro.re
|
||||||
|
r3-4-5.borne.auro.re
|
||||||
|
r3-2-2.borne.auro.re
|
||||||
|
r3-4-6.borne.auro.re
|
||||||
|
r3-1-1.borne.auro.re
|
||||||
|
r3-4-7.borne.auro.re
|
||||||
|
r3-4-2.borne.auro.re
|
||||||
|
r3-4-8.borne.auro.re
|
||||||
|
r3-2-3.borne.auro.re
|
||||||
r3-1-6.borne.auro.re
|
r3-1-6.borne.auro.re
|
||||||
r3-1-7.borne.auro.re
|
r3-1-7.borne.auro.re
|
||||||
r3-2-1.borne.auro.re
|
|
||||||
r3-2-2.borne.auro.re
|
|
||||||
r3-2-3.borne.auro.re
|
|
||||||
r3-2-4.borne.auro.re
|
|
||||||
r3-2-5.borne.auro.re
|
r3-2-5.borne.auro.re
|
||||||
r3-2-6.borne.auro.re
|
r3-2-6.borne.auro.re
|
||||||
r3-2-7.borne.auro.re
|
r3-2-7.borne.auro.re
|
||||||
r3-2-8.borne.auro.re
|
|
||||||
r3-3-1.borne.auro.re
|
|
||||||
r3-3-2.borne.auro.re
|
|
||||||
r3-3-3.borne.auro.re
|
r3-3-3.borne.auro.re
|
||||||
r3-3-4.borne.auro.re
|
r3-0-1.borne.auro.re
|
||||||
r3-3-5.borne.auro.re
|
r3-3-2.borne.auro.re
|
||||||
r3-3-6.borne.auro.re
|
r3-0-2.borne.auro.re
|
||||||
r3-4-1.borne.auro.re
|
r3-3-1.borne.auro.re
|
||||||
r3-4-2.borne.auro.re
|
r3-0-3.borne.auro.re
|
||||||
r3-4-3.borne.auro.re
|
r3-1-5.borne.auro.re
|
||||||
r3-4-4.borne.auro.re
|
r3-0-4.borne.auro.re
|
||||||
r3-4-5.borne.auro.re
|
r3-1-4.borne.auro.re
|
||||||
r3-4-6.borne.auro.re
|
|
||||||
r3-4-7.borne.auro.re
|
|
||||||
r3-4-8.borne.auro.re
|
|
||||||
|
|
||||||
# -aurore services
|
# -aurore services
|
||||||
[aurore:children]
|
[aurore:children]
|
||||||
|
@ -467,7 +405,6 @@ ovh_vm
|
||||||
|
|
||||||
# everything at fleming
|
# everything at fleming
|
||||||
[fleming:children]
|
[fleming:children]
|
||||||
fleming_server
|
|
||||||
fleming_pve
|
fleming_pve
|
||||||
fleming_vm
|
fleming_vm
|
||||||
fleming_unifi
|
fleming_unifi
|
||||||
|
@ -480,7 +417,6 @@ pacaterie_unifi
|
||||||
|
|
||||||
# everything at edc
|
# everything at edc
|
||||||
[edc:children]
|
[edc:children]
|
||||||
edc_server
|
|
||||||
edc_pve
|
edc_pve
|
||||||
edc_vm
|
edc_vm
|
||||||
edc_unifi
|
edc_unifi
|
||||||
|
@ -513,11 +449,6 @@ edc_vm
|
||||||
gs_vm
|
gs_vm
|
||||||
rives_vm
|
rives_vm
|
||||||
|
|
||||||
# every server
|
|
||||||
[server:children]
|
|
||||||
fleming_server
|
|
||||||
edc_server
|
|
||||||
|
|
||||||
# every PVE
|
# every PVE
|
||||||
[pve:children]
|
[pve:children]
|
||||||
ovh_pve
|
ovh_pve
|
||||||
|
@ -538,20 +469,6 @@ pacaterie_unifi
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Groups by service
|
# Groups by service
|
||||||
|
|
||||||
[routeur]
|
|
||||||
routeur-fleming.adm.auro.re
|
|
||||||
routeur-fleming-backup.adm.auro.re
|
|
||||||
routeur-pacaterie.adm.auro.re
|
|
||||||
routeur-pacaterie-backup.adm.auro.re
|
|
||||||
routeur-edc.adm.auro.re
|
|
||||||
routeur-edc-backup.adm.auro.re
|
|
||||||
routeur-gs.adm.auro.re
|
|
||||||
routeur-gs-backup.adm.auro.re
|
|
||||||
routeur-rives.adm.auro.re
|
|
||||||
routeur-rives-backup.adm.auro.re
|
|
||||||
routeur-aurore.adm.auro.re
|
|
||||||
routeur-aurore-backup.adm.auro.re
|
|
||||||
|
|
||||||
[ldap_replica:children]
|
[ldap_replica:children]
|
||||||
ldap_replica_fleming
|
ldap_replica_fleming
|
||||||
ldap_replica_pacaterie
|
ldap_replica_pacaterie
|
||||||
|
@ -597,27 +514,4 @@ proxy.adm.auro.re
|
||||||
[bdd]
|
[bdd]
|
||||||
bdd.adm.auro.re
|
bdd.adm.auro.re
|
||||||
bdd-ovh.adm.auro.re
|
bdd-ovh.adm.auro.re
|
||||||
re2o-db.adm.auro.re
|
re2o-bdd.adm.auro.re
|
||||||
|
|
||||||
[radius]
|
|
||||||
radius-aurore.adm.auro.re
|
|
||||||
radius-fleming.adm.auro.re
|
|
||||||
radius-fleming-backup.adm.auro.re
|
|
||||||
radius-edc.adm.auro.re
|
|
||||||
radius-edc-backup.adm.auro.re
|
|
||||||
radius-gs.adm.auro.re
|
|
||||||
radius-gs-backup.adm.auro.re
|
|
||||||
radius-pacaterie.adm.auro.re
|
|
||||||
radius-pacaterie-backup.adm.auro.re
|
|
||||||
radius-rives.adm.auro.re
|
|
||||||
radius-rives-backup.adm.auro.re
|
|
||||||
|
|
||||||
[prometheus]
|
|
||||||
prometheus-ovh.adm.auro.re
|
|
||||||
prometheus-aurore.adm.auro.re
|
|
||||||
prometheus-rives.adm.auro.re
|
|
||||||
prometheus-gs.adm.auro.re
|
|
||||||
prometheus-edc.adm.auro.re
|
|
||||||
prometheus-pacaterie.adm.auro.re
|
|
||||||
prometheus-fleming.adm.auro.re
|
|
||||||
prometheus-federate.adm.auro.re
|
|
||||||
|
|
|
@ -1,10 +1,7 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: all
|
|
||||||
roles: []
|
|
||||||
|
|
||||||
# Clone LDAP on local geographic location
|
# Clone LDAP on local geographic location
|
||||||
# DON'T DO THIS AS IT RECREATES THE REPLICA
|
# DON'T DO THIS AS IT RECREATES THE REPLICA
|
||||||
# - hosts: ldap_replica
|
- hosts: ldap_replica
|
||||||
# roles:
|
roles:
|
||||||
# - ldap_replica
|
- ldap_replica
|
5
log.yml
Normal file
5
log.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- hosts: log.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- rsyslog_collector
|
||||||
|
...
|
|
@ -1,18 +1,18 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Install Matrix Synapse
|
# Install Matrix Synapse on corresponding containers
|
||||||
- hosts: synapse.adm.auro.re
|
- hosts: synapse.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
|
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
|
||||||
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
|
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
|
||||||
update_motd:
|
|
||||||
matrix-synapse: matrix-synapse est déployé.
|
|
||||||
matrix-appservice-irc: matrix-appservice-irc est déployé.
|
|
||||||
matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
|
|
||||||
roles:
|
roles:
|
||||||
- debian_backports
|
- debian_backports
|
||||||
- nodejs
|
- nodejs
|
||||||
- matrix_synapse
|
- matrix_synapse
|
||||||
- matrix_appservice_irc
|
- matrix_appservice_irc
|
||||||
- matrix_appservice_webhooks
|
- matrix_appservice_webhooks
|
||||||
- update_motd
|
|
||||||
|
# Install Matrix services
|
||||||
|
- hosts: matrix-services.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- debian_backports
|
156
monitoring.yml
Executable file
156
monitoring.yml
Executable file
|
@ -0,0 +1,156 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: prometheus-fleming.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_targets:
|
||||||
|
- targets: |
|
||||||
|
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets:
|
||||||
|
- targets: "{{ groups['fleming_unifi'] | list | sort }}"
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
|
||||||
|
- hosts: prometheus-pacaterie.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_targets:
|
||||||
|
- targets: |
|
||||||
|
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets:
|
||||||
|
- targets: "{{ groups['pacaterie_unifi'] | list | sort }}"
|
||||||
|
prometheus_ups_snmp_targets:
|
||||||
|
- ups-pn-1.ups.auro.re
|
||||||
|
- ups-ps-1.ups.auro.re
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
|
||||||
|
- hosts: prometheus-edc.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_ups_snmp_targets:
|
||||||
|
- ups-ec-1.ups.auro.re
|
||||||
|
- ups-ec-2.ups.auro.re
|
||||||
|
|
||||||
|
prometheus_targets:
|
||||||
|
- targets: |
|
||||||
|
{{ groups['edc_pve'] + groups['edc_vm'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets:
|
||||||
|
- targets: "{{ groups['edc_unifi'] | list | sort }}"
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
|
||||||
|
- hosts: prometheus-gs.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_targets:
|
||||||
|
- targets: |
|
||||||
|
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets:
|
||||||
|
- targets: "{{ groups['gs_unifi'] | list | sort }}"
|
||||||
|
prometheus_ups_snmp_targets:
|
||||||
|
- ups-gk-1.ups.auro.re
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
|
||||||
|
- hosts: prometheus-rives.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_ups_snmp_targets:
|
||||||
|
- ups-r3-1.ups.auro.re
|
||||||
|
|
||||||
|
prometheus_targets:
|
||||||
|
- targets: |
|
||||||
|
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
||||||
|
prometheus_unifi_snmp_targets:
|
||||||
|
- targets: "{{ groups['rives_unifi'] | list | sort }}"
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
|
||||||
|
- hosts: prometheus-aurore.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_targets:
|
||||||
|
- targets: |
|
||||||
|
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
||||||
|
prometheus_switch_snmp_targets:
|
||||||
|
- targets:
|
||||||
|
- yggdrasil.switch.auro.re
|
||||||
|
- sw-pn-serveurs.switch.auro.re
|
||||||
|
- sw-ec-serveurs.switch.auro.re
|
||||||
|
- sw-gk-serveurs.switch.auro.re
|
||||||
|
- sw-fl-serveurs.switch.auro.re
|
||||||
|
- sw-ff-uplink.switch.auro.re
|
||||||
|
- sw-fl-core.switch.auro.re
|
||||||
|
- sw-fd-vcore.switch.auro.re
|
||||||
|
- sw-fl-vcore.switch.auro.re
|
||||||
|
- sw-ff-vcore.switch.auro.re
|
||||||
|
- sw-pn-core.switch.auro.re
|
||||||
|
- sw-ec-core.switch.auro.re
|
||||||
|
- sw-gk-core.switch.auro.re
|
||||||
|
- sw-r3-core.switch.auro.re
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
|
||||||
|
- hosts: prometheus-ovh.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_targets:
|
||||||
|
- targets: |
|
||||||
|
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
||||||
|
prometheus_docker_targets:
|
||||||
|
- docker-ovh.adm.auro.re:8087
|
||||||
|
roles:
|
||||||
|
- prometheus
|
||||||
|
|
||||||
|
|
||||||
|
- hosts: prometheus-federate.adm.auro.re
|
||||||
|
vars:
|
||||||
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
|
||||||
|
# Prometheus targets.json
|
||||||
|
prometheus_targets:
|
||||||
|
- prometheus-edc.adm.auro.re
|
||||||
|
- prometheus-gs.adm.auro.re
|
||||||
|
- prometheus-fleming.adm.auro.re
|
||||||
|
- prometheus-pacaterie.adm.auro.re
|
||||||
|
- prometheus-rives.adm.auro.re
|
||||||
|
- prometheus-aurore.adm.auro.re
|
||||||
|
- prometheus-ovh.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- prometheus_federate
|
||||||
|
|
||||||
|
|
||||||
|
# Monitor all hosts
|
||||||
|
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
||||||
|
roles:
|
||||||
|
- prometheus_node
|
65
network.yml
Executable file
65
network.yml
Executable file
|
@ -0,0 +1,65 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Set up DHCP servers.
|
||||||
|
- hosts: dhcp-*.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- isc_dhcp_server
|
||||||
|
|
||||||
|
|
||||||
|
# Deploy unbound DNS server (recursive).
|
||||||
|
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- unbound
|
||||||
|
|
||||||
|
|
||||||
|
# Déploiement du service re2o aurore-firewall et keepalived
|
||||||
|
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
||||||
|
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
||||||
|
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
||||||
|
roles:
|
||||||
|
- router
|
||||||
|
- radvd
|
||||||
|
|
||||||
|
# No radvd here
|
||||||
|
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
||||||
|
roles:
|
||||||
|
- router
|
||||||
|
- ipv6_edge_router
|
||||||
|
|
||||||
|
# Radius (backup only for now)
|
||||||
|
- hosts: radius-*.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- radius
|
||||||
|
|
||||||
|
|
||||||
|
# WIP: Deploy authoritative DNS servers
|
||||||
|
# - hosts: authoritative_dns
|
||||||
|
# vars:
|
||||||
|
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
||||||
|
# service_name: dns
|
||||||
|
# service_version: crans
|
||||||
|
# service_config:
|
||||||
|
# hostname: re2o-server.adm.auro.re
|
||||||
|
# username: service-user
|
||||||
|
# password: "{{ vault_serviceuser_passwd }}"
|
||||||
|
# roles:
|
||||||
|
# - re2o_service
|
||||||
|
|
||||||
|
|
||||||
|
# Deploy Unifi Controller
|
||||||
|
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
|
||||||
|
# roles:
|
||||||
|
# - unifi-controller
|
||||||
|
|
||||||
|
# Deploy Re2o switch service
|
||||||
|
# - hosts: switchs-manager.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# service_repo: https://gitlab.federez.net/re2o/switchs.git
|
||||||
|
# service_name: switchs
|
||||||
|
# service_version: master
|
||||||
|
# service_config:
|
||||||
|
# hostname: re2o-server.adm.auro.re
|
||||||
|
# username: service-user
|
||||||
|
# password: "{{ vault_serviceuser_passwd }}"
|
||||||
|
# roles:
|
||||||
|
# - re2o_service
|
|
@ -1,32 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: perceval.adm.auro.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
borgbackup_server: >-
|
|
||||||
Les sauvegardes (borg) sont stockées dans
|
|
||||||
{{ borg_server_backups_dir }}.
|
|
||||||
roles:
|
|
||||||
- borgbackup_server
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: all,!unifi,!unifi-*,!bdd
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
borgbackup_client: >-
|
|
||||||
BorgBackup est déployé (/etc/borgmatic/config.yaml)
|
|
||||||
roles:
|
|
||||||
- borgbackup_client
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
# On databases server, also backup databases
|
|
||||||
- hosts: bdd
|
|
||||||
vars:
|
|
||||||
borg_postgresql_databases: true
|
|
||||||
update_motd:
|
|
||||||
borgbackup_client: >-
|
|
||||||
BorgBackup est déployé (/etc/borgmatic/config.yaml)
|
|
||||||
roles:
|
|
||||||
- borgbackup_client
|
|
||||||
- update_motd
|
|
||||||
...
|
|
|
@ -1,27 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
vars:
|
|
||||||
chronyd__allow_networks:
|
|
||||||
- 10.128.0.0/16
|
|
||||||
- 2a09:6840:128::/48
|
|
||||||
chronyd__pools:
|
|
||||||
- 0.pool.ntp.org
|
|
||||||
- 1.pool.ntp.org
|
|
||||||
- 2.pool.ntp.org
|
|
||||||
- 3.pool.ntp.org
|
|
||||||
chronyd__local_stratum: 10
|
|
||||||
roles:
|
|
||||||
- chronyd
|
|
||||||
|
|
||||||
- hosts:
|
|
||||||
- all
|
|
||||||
- "!ntp-1.int.infra.auro.re"
|
|
||||||
- "!unifi"
|
|
||||||
vars:
|
|
||||||
chronyd__pools:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
roles:
|
|
||||||
- chronyd
|
|
||||||
...
|
|
|
@ -1,10 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Deploy Docker hosts
|
|
||||||
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,wikijs.adm.auro.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
docker: Docker est déployé.
|
|
||||||
roles:
|
|
||||||
- docker
|
|
||||||
- update_motd
|
|
|
@ -1,27 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Deploy Grafana
|
|
||||||
- hosts: grafana.adm.auro.re
|
|
||||||
vars:
|
|
||||||
grafana:
|
|
||||||
root_url: https://grafana.auro.re
|
|
||||||
database:
|
|
||||||
type: postgres
|
|
||||||
host: 10.128.0.95
|
|
||||||
name: grafana
|
|
||||||
user: grafana
|
|
||||||
password: "{{ vault_postgresql_grafana_passwd }}"
|
|
||||||
ldap:
|
|
||||||
host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
|
|
||||||
bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
|
|
||||||
bind_password: "{{ vault_ldap_grafana_password }}"
|
|
||||||
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
|
|
||||||
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
|
|
||||||
editors_group_dn:
|
|
||||||
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
|
|
||||||
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
|
|
||||||
update_motd:
|
|
||||||
grafana: Grafana est déployé (/etc/grafana).
|
|
||||||
roles:
|
|
||||||
- grafana
|
|
||||||
- update_motd
|
|
|
@ -1,213 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
- dns-1.int.infra.auro.re
|
|
||||||
- dhcp-1.isp.auro.re
|
|
||||||
- dhcp-2.isp.auro.re
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
vars:
|
|
||||||
# TODO: netbox
|
|
||||||
ifupdown2__hosts:
|
|
||||||
ntp-1.int.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::203/56
|
|
||||||
- 10.128.0.203/16
|
|
||||||
dns-1.int.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::127/56
|
|
||||||
- 10.128.0.127/16
|
|
||||||
dhcp-1.isp.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::204/56
|
|
||||||
- 10.128.0.204/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.2/27
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-1:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.34/27
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-2:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.66/27
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-3:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.98/27
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-4:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.130/27
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
dhcp-2.isp.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::91/56
|
|
||||||
- 10.128.0.91/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.3/27
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-1:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.35/27
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-2:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.67/27
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-3:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.99/27
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
client-4:
|
|
||||||
addresses:
|
|
||||||
- 100.64.0.131/27
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
isp-1.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::255/56
|
|
||||||
- 10.128.0.255/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
bridge_disable_pvid: true
|
|
||||||
forward: true
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-0:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-1:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-2:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-3:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-4:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
isp-2.rtr.infra.auro.re:
|
|
||||||
ens18:
|
|
||||||
gateways:
|
|
||||||
- 2a09:6840:128::254
|
|
||||||
- 10.128.0.254
|
|
||||||
addresses:
|
|
||||||
- 2a09:6840:128::158/56
|
|
||||||
- 10.128.0.158/16
|
|
||||||
ens19: null
|
|
||||||
clients:
|
|
||||||
bridge_vlan_aware: true
|
|
||||||
bridge_ports:
|
|
||||||
- ens19
|
|
||||||
bridge_vids:
|
|
||||||
- 1000-1004
|
|
||||||
client-0:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1000
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-1:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1001
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-2:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1002
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-3:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1003
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
client-4:
|
|
||||||
forward: true
|
|
||||||
vlan_id: 1004
|
|
||||||
vlan_raw_device: clients
|
|
||||||
ipv6_addrgen: false
|
|
||||||
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
|
||||||
roles:
|
|
||||||
- ifupdown2
|
|
||||||
|
|
||||||
- hosts:
|
|
||||||
- ntp-1.int.infra.auro.re
|
|
||||||
- dns-1.int.infra.auro.re
|
|
||||||
- dhcp-1.isp.auro.re
|
|
||||||
- dhcp-2.isp.auro.re
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
vars:
|
|
||||||
resolvconf__nameservers:
|
|
||||||
- 2a09:6840:128::127
|
|
||||||
- 10.128.0.127
|
|
||||||
resolvconf__domain: auro.re
|
|
||||||
resolvconf__search:
|
|
||||||
- "{{ inventory_hostname | remove_domain_suffix }}"
|
|
||||||
- auro.re
|
|
||||||
roles:
|
|
||||||
- resolvconf
|
|
||||||
...
|
|
|
@ -1,9 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: dhcp-*.adm.auro.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
unbound: isc-dhcp-server est déployé.
|
|
||||||
roles:
|
|
||||||
- isc_dhcp_server
|
|
||||||
- update_motd
|
|
|
@ -1,32 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts:
|
|
||||||
- isp-1.rtr.infra.auro.re
|
|
||||||
- isp-2.rtr.infra.auro.re
|
|
||||||
vars:
|
|
||||||
keepalived__virtual_router_id: 80
|
|
||||||
keepalived__interface: ens18
|
|
||||||
keepalived__virtual_addresses:
|
|
||||||
client-0:
|
|
||||||
- 100.64.0.1/27
|
|
||||||
- 2a09:6841::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-1:
|
|
||||||
- 100.64.0.33/27
|
|
||||||
- 2a09:6841:0:100::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-2:
|
|
||||||
- 100.64.0.65/27
|
|
||||||
- 2a09:6841:0:100::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-3:
|
|
||||||
- 100.64.0.97/27
|
|
||||||
- 2a09:6841:0:200::/56
|
|
||||||
- fe80::1/10
|
|
||||||
client-4:
|
|
||||||
- 100.64.0.129/27
|
|
||||||
- 2a09:6841:0:300::/56
|
|
||||||
- fe80::1/10
|
|
||||||
roles:
|
|
||||||
- keepalived
|
|
||||||
...
|
|
|
@ -1,17 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles: []
|
|
||||||
|
|
||||||
# WIP: Deploy authoritative DNS servers
|
|
||||||
# - hosts: authoritative_dns
|
|
||||||
# vars:
|
|
||||||
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
|
||||||
# service_name: dns
|
|
||||||
# service_version: crans
|
|
||||||
# service_config:
|
|
||||||
# hostname: re2o-server.adm.auro.re
|
|
||||||
# username: service-user
|
|
||||||
# password: "{{ vault_serviceuser_passwd }}"
|
|
||||||
# roles:
|
|
||||||
# - re2o_service
|
|
|
@ -1,170 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Install and configure database servers at Saclay
|
|
||||||
- hosts: bdd.adm.auro.re
|
|
||||||
vars:
|
|
||||||
postgresql:
|
|
||||||
version: 13
|
|
||||||
hosts:
|
|
||||||
- database: nextcloud
|
|
||||||
user: nextcloud
|
|
||||||
net: 10.128.0.58/32
|
|
||||||
method: md5
|
|
||||||
- database: gitea
|
|
||||||
user: gitea
|
|
||||||
net: 10.128.0.60/32
|
|
||||||
method: md5
|
|
||||||
- database: wikijs
|
|
||||||
user: wikijs
|
|
||||||
net: 10.128.0.66/32
|
|
||||||
method: md5
|
|
||||||
- database: drone
|
|
||||||
user: drone
|
|
||||||
net: 10.128.0.64/32
|
|
||||||
method: md5
|
|
||||||
- database: netbox
|
|
||||||
user: netbox
|
|
||||||
net: 10.128.0.97/32
|
|
||||||
method: md5
|
|
||||||
- database: grafana
|
|
||||||
user: grafana
|
|
||||||
net: 10.128.0.98/32
|
|
||||||
method: md5
|
|
||||||
- database: dolibarr
|
|
||||||
user: dolibarr
|
|
||||||
net: 10.128.0.236/32
|
|
||||||
method: md5
|
|
||||||
- database: rt5
|
|
||||||
user: rt5
|
|
||||||
net: 10.128.0.123/32
|
|
||||||
method: md5
|
|
||||||
databases:
|
|
||||||
- nextcloud
|
|
||||||
- gitea
|
|
||||||
- wikijs
|
|
||||||
- drone
|
|
||||||
- netbox
|
|
||||||
- grafana
|
|
||||||
- dolibarr
|
|
||||||
- rt5
|
|
||||||
users:
|
|
||||||
- name: nextcloud
|
|
||||||
database: nextcloud
|
|
||||||
password: "{{ vault_postgresql_nextcloud_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: gitea
|
|
||||||
database: gitea
|
|
||||||
password: "{{ vault_postgresql_gitea_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: wikijs
|
|
||||||
database: wikijs
|
|
||||||
password: "{{ vault_postgresql_wikijs_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: drone
|
|
||||||
database: drone
|
|
||||||
password: "{{ vault_postgresql_drone_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: netbox
|
|
||||||
database: netbox
|
|
||||||
password: "{{ vault_postgresql_netbox_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: grafana
|
|
||||||
database: grafana
|
|
||||||
password: "{{ vault_postgresql_grafana_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: dolibarr
|
|
||||||
database: dolibarr
|
|
||||||
password: "{{ vault_postgresql_dolibarr_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: rt5
|
|
||||||
database: rt5
|
|
||||||
password: "{{ vault_postgresql_rt5_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
update_motd:
|
|
||||||
postgresql: PostgreSQL est déployé.
|
|
||||||
roles:
|
|
||||||
- postgresql
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
# Install and configure database servers at OVH
|
|
||||||
- hosts: bdd-ovh.adm.auro.re
|
|
||||||
vars:
|
|
||||||
postgresql:
|
|
||||||
version: 13
|
|
||||||
hosts:
|
|
||||||
- database: etherpad
|
|
||||||
user: etherpad
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
- database: codimd
|
|
||||||
user: codimd
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
- database: synapse
|
|
||||||
user: synapse
|
|
||||||
net: 10.128.0.56/32
|
|
||||||
method: md5
|
|
||||||
- database: kanboard
|
|
||||||
user: kanboard
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
- database: cas
|
|
||||||
user: cas
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
- database: appservice-discord
|
|
||||||
user: appservice-discord
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
databases:
|
|
||||||
- synapse
|
|
||||||
- codimd
|
|
||||||
- etherpad
|
|
||||||
- kanboard
|
|
||||||
- cas
|
|
||||||
- appservice-discord
|
|
||||||
users:
|
|
||||||
- name: synapse
|
|
||||||
database: synapse
|
|
||||||
password: "{{ vault_postgresql_synapse_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: codimd
|
|
||||||
database: codimd
|
|
||||||
password: "{{ vault_postgresql_codimd_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: etherpad
|
|
||||||
database: etherpad
|
|
||||||
password: "{{ vault_postgresql_etherpad_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: kanboard
|
|
||||||
database: kanboard
|
|
||||||
password: "{{ vault_postgresql_kanboard_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: cas
|
|
||||||
database: cas
|
|
||||||
password: "{{ vault_postgresql_cas_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: appservice-discord
|
|
||||||
database: appservice-discord
|
|
||||||
password: "{{ vault_postgresql_appservice_discord_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
update_motd:
|
|
||||||
postgresql: PostgreSQL est déployé.
|
|
||||||
roles:
|
|
||||||
- postgresql
|
|
||||||
- update_motd
|
|
||||||
...
|
|
|
@ -1,241 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: prometheus-fleming.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['fleming_unifi'] | list | sort }}
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['fleming_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-pacaterie.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['pacaterie_unifi'] | list | sort }}
|
|
||||||
prometheus_ups_snmp_targets:
|
|
||||||
- ups-pn-1.ups.auro.re
|
|
||||||
- ups-ps-1.ups.auro.re
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['pacaterie_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-edc.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_ups_snmp_targets:
|
|
||||||
- ups-ec-1.ups.auro.re
|
|
||||||
# - ups-ec-2.ups.auro.re
|
|
||||||
- ups-ec-3.ups.auro.re
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['edc_unifi'] | list | sort }}
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['edc_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration edc) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-gs.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['gs_unifi'] | list | sort }}
|
|
||||||
prometheus_ups_snmp_targets:
|
|
||||||
- ups-gk-1.ups.auro.re
|
|
||||||
prometheus_apc_pdu_snmp_targets:
|
|
||||||
- pdu-ga-1.ups.auro.re
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['gs_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration gs) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-rives.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_ups_snmp_targets:
|
|
||||||
- ups-r3-1.ups.auro.re
|
|
||||||
- ups-r1-1.ups.auro.re
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
|
||||||
prometheus_unifi_snmp_targets: |
|
|
||||||
{{ groups['rives_unifi'] | list | sort }}
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['rives_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration rives) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-aurore.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
|
||||||
prometheus_postgresql_targets: |
|
|
||||||
{{ groups['bdd'] + groups['radius'] | list | sort }}
|
|
||||||
prometheus_switch_snmp_targets:
|
|
||||||
- yggdrasil.switch.auro.re
|
|
||||||
- sw-pn-serveurs.switch.auro.re
|
|
||||||
- sw-ec-serveurs.switch.auro.re
|
|
||||||
- sw-gk-serveurs.switch.auro.re
|
|
||||||
- sw-fl-serveurs.switch.auro.re
|
|
||||||
- sw-ff-uplink.switch.auro.re
|
|
||||||
- sw-fl-core.switch.auro.re
|
|
||||||
- sw-fd-vcore.switch.auro.re
|
|
||||||
- sw-fl-vcore.switch.auro.re
|
|
||||||
- sw-ff-vcore.switch.auro.re
|
|
||||||
- sw-pn-core.switch.auro.re
|
|
||||||
- sw-ec-core.switch.auro.re
|
|
||||||
- sw-gk-core.switch.auro.re
|
|
||||||
- sw-r3-core.switch.auro.re
|
|
||||||
prometheus_ilo_snmp_targets: |
|
|
||||||
{{ groups['aurore_ilo'] | list | sort }}
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-ovh.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets: |
|
|
||||||
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
|
||||||
prometheus_postgresql_targets:
|
|
||||||
- bdd-ovh.adm.auro.re
|
|
||||||
prometheus_docker_targets:
|
|
||||||
- docker-ovh.adm.auro.re
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus: >-
|
|
||||||
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
- hosts: prometheus-federate.adm.auro.re
|
|
||||||
vars:
|
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
|
||||||
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
|
||||||
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
|
||||||
snmp_ilo_user: aurore
|
|
||||||
snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
|
|
||||||
snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
|
|
||||||
|
|
||||||
prometheus_servers_targets:
|
|
||||||
- prometheus-edc.adm.auro.re
|
|
||||||
- prometheus-gs.adm.auro.re
|
|
||||||
- prometheus-fleming.adm.auro.re
|
|
||||||
- prometheus-pacaterie.adm.auro.re
|
|
||||||
- prometheus-rives.adm.auro.re
|
|
||||||
- prometheus-aurore.adm.auro.re
|
|
||||||
- prometheus-ovh.adm.auro.re
|
|
||||||
|
|
||||||
update_motd:
|
|
||||||
prometheus_federate: >-
|
|
||||||
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
|
|
||||||
roles:
|
|
||||||
- prometheus_federate
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
# Postgres Exporters
|
|
||||||
- hosts: bdd,radius
|
|
||||||
roles:
|
|
||||||
- prometheus_postgres
|
|
||||||
|
|
||||||
# Monitor all hosts
|
|
||||||
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
|
||||||
roles:
|
|
||||||
- prometheus_node
|
|
|
@ -1,10 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Deploy Radius
|
|
||||||
- hosts: radius-*.adm.auro.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
unbound: FreeRADIUS est déployé.
|
|
||||||
roles:
|
|
||||||
- radius
|
|
||||||
- update_motd
|
|
|
@ -1,9 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: all,!unifi
|
|
||||||
vars:
|
|
||||||
root_shell: /bin/bash
|
|
||||||
root_password: "{{ vault_root_password }}"
|
|
||||||
roles:
|
|
||||||
- root_account
|
|
||||||
...
|
|
|
@ -1,23 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Deploy firewall and keepalived
|
|
||||||
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
|
||||||
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
|
||||||
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
unbound: Le routage (avec radvd) est déployé.
|
|
||||||
roles:
|
|
||||||
- router
|
|
||||||
- radvd
|
|
||||||
- update_motd
|
|
||||||
|
|
||||||
# No radvd here
|
|
||||||
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
unbound: Le routage (avec DHCPv6) est déployé.
|
|
||||||
roles:
|
|
||||||
- router
|
|
||||||
- ipv6_edge_router
|
|
||||||
- update_motd
|
|
|
@ -1,10 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: log.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- rsyslog_collector
|
|
||||||
|
|
||||||
- hosts: all,!unifi
|
|
||||||
roles:
|
|
||||||
- rsyslog_common
|
|
||||||
...
|
|
|
@ -1,14 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: all,!unifi
|
|
||||||
vars:
|
|
||||||
openssh_users_ca_public_key:
|
|
||||||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
|
|
||||||
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
|
|
||||||
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
|
|
||||||
openssh_authorized_principals:
|
|
||||||
- any
|
|
||||||
- "{{ inventory_hostname }}"
|
|
||||||
roles:
|
|
||||||
- openssh_server
|
|
||||||
...
|
|
|
@ -1,17 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles: []
|
|
||||||
|
|
||||||
# Deploy Re2o switch service
|
|
||||||
# - hosts: switchs-manager.adm.auro.re
|
|
||||||
# vars:
|
|
||||||
# service_repo: https://gitlab.federez.net/re2o/switchs.git
|
|
||||||
# service_name: switchs
|
|
||||||
# service_version: master
|
|
||||||
# service_config:
|
|
||||||
# hostname: re2o-server.adm.auro.re
|
|
||||||
# username: service-user
|
|
||||||
# password: "{{ vault_serviceuser_passwd }}"
|
|
||||||
# roles:
|
|
||||||
# - re2o_service
|
|
|
@ -1,10 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Deploy unbound DNS server (recursive).
|
|
||||||
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
|
|
||||||
vars:
|
|
||||||
update_motd:
|
|
||||||
unbound: Unbound est déployé.
|
|
||||||
roles:
|
|
||||||
- unbound
|
|
||||||
- update_motd
|
|
|
@ -1,9 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles: []
|
|
||||||
|
|
||||||
# Deploy Unifi Controller
|
|
||||||
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
|
|
||||||
# roles:
|
|
||||||
# - unifi-controller
|
|
432
proxmox.yml
Executable file
432
proxmox.yml
Executable file
|
@ -0,0 +1,432 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# This is a special playbook to create a new VM !
|
||||||
|
- hosts: proxy.adm.auro.re # Host with python-proxmoxer and python-requests
|
||||||
|
become: false # We do not need root as we use Proxmox API
|
||||||
|
|
||||||
|
vars:
|
||||||
|
vm_definitions:
|
||||||
|
|
||||||
|
# Réseau Pacaterie
|
||||||
|
- name: ldap-replica-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: unifi-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-9.9.0-amd64-netinst.iso
|
||||||
|
|
||||||
|
# Réseau Fleming
|
||||||
|
- name: ldap-replica-fleming1
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: unifi-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-9.9.0-amd64-netinst.iso
|
||||||
|
|
||||||
|
# Réseau EdC
|
||||||
|
- name: ldap-replica-edc1
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: unifi-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-9.9.0-amd64-netinst.iso
|
||||||
|
|
||||||
|
# Réseau George Sand
|
||||||
|
- name: ldap-replica-gs1
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-gs
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-gs
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-gs
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-gs
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: unifi-gs
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-9.9.0-amd64-netinst.iso
|
||||||
|
|
||||||
|
vars_prompt:
|
||||||
|
- name: "password"
|
||||||
|
prompt: "Enter LDAP password for your user"
|
||||||
|
private: true
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Define a virtual machine in Proxmox
|
||||||
|
proxmox_kvm:
|
||||||
|
api_user: "{{ ansible_user_id }}@pam"
|
||||||
|
api_password: "{{ password }}"
|
||||||
|
api_host: "{{ item.virtu }}.adm.auro.re"
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
node: "{{ item.virtu }}"
|
||||||
|
scsihw: virtio-scsi-pci
|
||||||
|
scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}'
|
||||||
|
sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}'
|
||||||
|
net: '{"net0":"virtio,bridge=vmbr2"}' # Adm only by default
|
||||||
|
cores: "{{ item.cores }}"
|
||||||
|
memory: "{{ item.memory }}"
|
||||||
|
balloon: "{{ item.memory // 2 }}"
|
||||||
|
bios: seabios # Ansible module doesn't support UEFI boot disk
|
||||||
|
loop:
|
||||||
|
# Réseau Fleming
|
||||||
|
- name: ldap-replica-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: unifi-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-9.9.0-amd64-netinst.iso
|
||||||
|
- name: routeur-fleming
|
||||||
|
virtu: freya
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
|
||||||
|
- name: ldap-replica-fleming-fo
|
||||||
|
virtu: marki
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-fleming-fo
|
||||||
|
virtu: marki
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-fleming-fo
|
||||||
|
virtu: marki
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-fleming-fo
|
||||||
|
virtu: marki
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-fleming-fo
|
||||||
|
virtu: marki
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: routeur-fleming-fo
|
||||||
|
virtu: marki
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
|
||||||
|
# Réseau Pacaterie
|
||||||
|
- name: ldap-replica-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: unifi-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-9.9.0-amd64-netinst.iso
|
||||||
|
- name: routeur-pacaterie
|
||||||
|
virtu: mordred
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
|
||||||
|
- name: ldap-replica-pacaterie-fo
|
||||||
|
virtu: titan
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-pacaterie-fo
|
||||||
|
virtu: titan
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-pacaterie-fo
|
||||||
|
virtu: titan
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-pacaterie-fo
|
||||||
|
virtu: titan
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-pacaterie-fo
|
||||||
|
virtu: titan
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: routeur-pacaterie-fo
|
||||||
|
virtu: titan
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
|
||||||
|
# Réseau EDC
|
||||||
|
- name: ldap-replica-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: unifi-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-9.9.0-amd64-netinst.iso
|
||||||
|
- name: routeur-edc
|
||||||
|
virtu: chapalux
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
|
||||||
|
# Réseau George Sand
|
||||||
|
- name: ldap-replica-georgesand
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dhcp-georgesand
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: dns-georgesand
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: prometheus-georgesand
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: radius-georgesand
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
||||||
|
- name: unifi-georgesand
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-9.9.0-amd64-netinst.iso
|
||||||
|
- name: routeur-georgesand
|
||||||
|
virtu: perceval
|
||||||
|
cores: 2 # 2 mimimum, 10 maximum
|
||||||
|
memory: 1024 # M
|
||||||
|
disksize: 16 # G
|
||||||
|
installiso: debian-10.0.0-amd64-netinst.iso
|
|
@ -29,6 +29,14 @@
|
||||||
retries: 3
|
retries: 3
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: update_motd
|
||||||
|
|
||||||
|
- name: Remove Debian warranty motd
|
||||||
|
file:
|
||||||
|
path: /etc/motd
|
||||||
|
state: absent
|
||||||
|
|
||||||
# Configure APT mirrors on Debian Stretch
|
# Configure APT mirrors on Debian Stretch
|
||||||
- name: Configure APT mirrors
|
- name: Configure APT mirrors
|
||||||
when:
|
when:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
---
|
---
|
||||||
|
- debug:
|
||||||
|
msg: "{{ ansible_distribution_major_version }}"
|
||||||
|
|
||||||
- name: Pin borgmatic
|
- name: Pin borgmatic
|
||||||
template:
|
template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
|
@ -13,7 +16,7 @@
|
||||||
dest: /etc/apt/preferences.d/borgmatic-bullseye
|
dest: /etc/apt/preferences.d/borgmatic-bullseye
|
||||||
when:
|
when:
|
||||||
- "ansible_distribution == 'Debian'"
|
- "ansible_distribution == 'Debian'"
|
||||||
- "ansible_distribution_major_version in ('stretch', 'buster', '9', '10')"
|
- "ansible_distribution_major_version in ('9', '10', 'stretch', 'buster')"
|
||||||
|
|
||||||
- name: Install borgmatic
|
- name: Install borgmatic
|
||||||
apt:
|
apt:
|
||||||
|
@ -107,4 +110,10 @@
|
||||||
name: borgmatic.timer
|
name: borgmatic.timer
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: update_motd
|
||||||
|
vars:
|
||||||
|
key: 10-borgmatic
|
||||||
|
message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
|
||||||
...
|
...
|
||||||
|
|
|
@ -4,13 +4,8 @@
|
||||||
Description=Timer for borgmatic backup
|
Description=Timer for borgmatic backup
|
||||||
|
|
||||||
[Timer]
|
[Timer]
|
||||||
{% if borg_keep_hourly > 0 %}
|
|
||||||
OnCalendar=hourly
|
OnCalendar=hourly
|
||||||
RandomizedDelaySec=60m
|
RandomizedDelaySec=60m
|
||||||
{% else %}
|
|
||||||
OnCalendar=daily
|
|
||||||
RandomizedDelaySec=24h
|
|
||||||
{% endif %}
|
|
||||||
FixedRandomDelay=true
|
FixedRandomDelay=true
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
@ -42,7 +42,7 @@ consistency:
|
||||||
- repository
|
- repository
|
||||||
- archives
|
- archives
|
||||||
|
|
||||||
{% if borg_postgresql_databases is defined %}
|
{% if postgresql_databases is defined %}
|
||||||
hooks:
|
hooks:
|
||||||
postgresql_databases:
|
postgresql_databases:
|
||||||
- name: all
|
- name: all
|
||||||
|
|
|
@ -35,4 +35,13 @@
|
||||||
owner: "{{ borg_server_user }}"
|
owner: "{{ borg_server_user }}"
|
||||||
group: "{{ borg_server_group }}"
|
group: "{{ borg_server_group }}"
|
||||||
mode: u=rwx,g=,o=
|
mode: u=rwx,g=,o=
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: update_motd
|
||||||
|
vars:
|
||||||
|
motd_messages:
|
||||||
|
- key: 10-borg-server
|
||||||
|
message: >-
|
||||||
|
Les sauvegardes (borg) sont stockées dans
|
||||||
|
{{ borg_server_backups_dir }}.
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
---
|
|
||||||
chronyd__pools: []
|
|
||||||
chronyd__key_file: /etc/chrony/chrony.keys
|
|
||||||
chronyd__drift_file: /var/lib/chrony/chrony.drift
|
|
||||||
chronyd__nts_dump_dir: /var/lib/chrony
|
|
||||||
chronyd__log_dir: /var/log/chrony
|
|
||||||
chronyd__max_update_skew: 100.0
|
|
||||||
chronyd__rtcsync: true
|
|
||||||
chronyd__allow_networks: []
|
|
||||||
chronyd__log_change_seconds: 0.5
|
|
||||||
...
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart chronyd
|
|
||||||
systemd:
|
|
||||||
name: chrony.service
|
|
||||||
state: restarted
|
|
||||||
...
|
|
|
@ -1,32 +0,0 @@
|
||||||
---
|
|
||||||
- name: Uninstall ntp and sntp
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- sntp
|
|
||||||
- ntp
|
|
||||||
- systemd-timesyncd
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Install chronyd
|
|
||||||
apt:
|
|
||||||
name: chrony
|
|
||||||
|
|
||||||
- name: Configure chronyd
|
|
||||||
template:
|
|
||||||
src: "{{ item }}.j2"
|
|
||||||
dest: "/etc/chrony/{{ item }}"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rw,g=r,o=
|
|
||||||
loop:
|
|
||||||
- chrony.conf
|
|
||||||
- chrony.keys
|
|
||||||
notify:
|
|
||||||
- Restart chronyd
|
|
||||||
|
|
||||||
- name: Enable and start chronyd
|
|
||||||
systemd:
|
|
||||||
name: chrony.service
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
...
|
|
|
@ -1,30 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
{% for pool in chronyd__pools %}
|
|
||||||
pool {{ pool }} iburst
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
keyfile {{ chronyd__key_file }}
|
|
||||||
driftfile {{ chronyd__drift_file }}
|
|
||||||
ntsdumpdir {{ chronyd__nts_dump_dir }}
|
|
||||||
logdir {{ chronyd__log_dir }}
|
|
||||||
|
|
||||||
log tracking measurements statistics
|
|
||||||
|
|
||||||
maxupdateskew {{ chronyd__max_update_skew | float }}
|
|
||||||
|
|
||||||
{% if chronyd__rtcsync %}
|
|
||||||
rtcsync
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if chronyd__local_stratum is defined %}
|
|
||||||
local stratum {{ chronyd__local_stratum | int }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
logchange {{ chronyd__log_change_seconds | float }}
|
|
||||||
|
|
||||||
leapsectz right/UTC
|
|
||||||
|
|
||||||
{% for network in chronyd__allow_networks %}
|
|
||||||
allow {{ network | ipaddr }}
|
|
||||||
{% endfor %}
|
|
|
@ -1 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
|
@ -50,4 +50,9 @@
|
||||||
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
|
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
|
||||||
dest: /usr/local/bin/docker-compose
|
dest: /usr/local/bin/docker-compose
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
...
|
|
||||||
|
- name: Indicate role in motd
|
||||||
|
template:
|
||||||
|
src: update-motd.d/05-service.j2
|
||||||
|
dest: /etc/update-motd.d/05-docker
|
||||||
|
mode: 0755
|
||||||
|
|
3
roles/docker/templates/update-motd.d/05-service.j2
Executable file
3
roles/docker/templates/update-motd.d/05-service.j2
Executable file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
echo "> Les recettes Docker-compose se trouvent dans /var/local/ansible-docker"
|
30
roles/dokuwiki/tasks/main.yml
Normal file
30
roles/dokuwiki/tasks/main.yml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
# For DokuWiki package
|
||||||
|
- name: Configure Debian Buster mirrors
|
||||||
|
when:
|
||||||
|
- ansible_distribution == 'Debian'
|
||||||
|
- ansible_distribution_release == 'stretch'
|
||||||
|
template:
|
||||||
|
src: apt/buster.list.j2
|
||||||
|
dest: /etc/apt/sources.list.d/buster.list
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
# For DokuWiki package
|
||||||
|
- name: Configure DokuWiki pin
|
||||||
|
when:
|
||||||
|
- ansible_distribution == 'Debian'
|
||||||
|
- ansible_distribution_release == 'stretch'
|
||||||
|
template:
|
||||||
|
src: apt/dokuwiki.j2
|
||||||
|
dest: /etc/apt/preferences.d/dokuwiki
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
# Install
|
||||||
|
- name: Install DokuWiki
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
name: dokuwiki
|
||||||
|
state: present
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
9
roles/dokuwiki/templates/apt/buster.list.j2
Normal file
9
roles/dokuwiki/templates/apt/buster.list.j2
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
{# #}
|
||||||
|
{# Default mirror #}
|
||||||
|
{% if debian_mirror is not defined %}
|
||||||
|
{% set debian_mirror = 'http://ftp.fr.debian.org/debian' %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
deb {{ debian_mirror }} buster main
|
||||||
|
deb-src {{ debian_mirror }} buster main
|
9
roles/dokuwiki/templates/apt/dokuwiki.j2
Normal file
9
roles/dokuwiki/templates/apt/dokuwiki.j2
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
Package: *
|
||||||
|
Pin: release n=stretch*
|
||||||
|
Pin-Priority: 990
|
||||||
|
|
||||||
|
Package: dokuwiki
|
||||||
|
Pin: release n=buster
|
||||||
|
Pin-Priority: 990
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart grafana
|
|
||||||
service:
|
|
||||||
name: grafana-server
|
|
||||||
state: restarted
|
|
|
@ -1,111 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install gpg (to import Grafana key)
|
|
||||||
apt:
|
|
||||||
name: gpg
|
|
||||||
state: present
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
|
|
||||||
- name: Import Grafana GPG signing key
|
|
||||||
apt_key:
|
|
||||||
url: https://packages.grafana.com/gpg.key
|
|
||||||
state: present
|
|
||||||
register: apt_key_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_key_result is succeeded
|
|
||||||
|
|
||||||
- name: Add Grafana repository
|
|
||||||
apt_repository:
|
|
||||||
repo: deb https://packages.grafana.com/oss/deb stable main
|
|
||||||
state: present
|
|
||||||
update_cache: true
|
|
||||||
|
|
||||||
- name: Install Grafana
|
|
||||||
apt:
|
|
||||||
name: grafana
|
|
||||||
state: present
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
|
|
||||||
- name: Configure Grafana
|
|
||||||
ini_file:
|
|
||||||
path: /etc/grafana/grafana.ini
|
|
||||||
section: "{{ item.section }}"
|
|
||||||
option: "{{ item.option }}"
|
|
||||||
value: "{{ item.value }}"
|
|
||||||
mode: 0640
|
|
||||||
loop:
|
|
||||||
- section: server
|
|
||||||
option: root_url
|
|
||||||
value: "{{ grafana.root_url }}"
|
|
||||||
- section: analytics
|
|
||||||
option: reporting_enabled
|
|
||||||
value: "false"
|
|
||||||
- section: analytics
|
|
||||||
option: check_for_updates
|
|
||||||
value: "false"
|
|
||||||
- section: security
|
|
||||||
option: disable_initial_admin_creation
|
|
||||||
value: "true"
|
|
||||||
- section: security
|
|
||||||
option: cookie_secure
|
|
||||||
value: "true"
|
|
||||||
- section: security
|
|
||||||
option: disable_gravatar
|
|
||||||
value: "true"
|
|
||||||
- section: snapshots
|
|
||||||
option: external_enabled
|
|
||||||
value: "false"
|
|
||||||
- section: users
|
|
||||||
option: allow_sign_up
|
|
||||||
value: "false"
|
|
||||||
- section: users
|
|
||||||
option: allow_org_create
|
|
||||||
value: "false"
|
|
||||||
- section: auth.anonymous
|
|
||||||
option: enabled
|
|
||||||
value: "false" # no public access
|
|
||||||
- section: auth.anonymous
|
|
||||||
option: hide_version
|
|
||||||
value: "true"
|
|
||||||
- section: auth.basic # only LDAP auth
|
|
||||||
option: enabled
|
|
||||||
value: "false"
|
|
||||||
- section: auth.ldap
|
|
||||||
option: enabled
|
|
||||||
value: "true"
|
|
||||||
- section: alerting
|
|
||||||
option: enabled
|
|
||||||
value: "false"
|
|
||||||
- section: database
|
|
||||||
option: type
|
|
||||||
value: "{{ grafana.database.type }}"
|
|
||||||
- section: database
|
|
||||||
option: host
|
|
||||||
value: "{{ grafana.database.host }}"
|
|
||||||
- section: database
|
|
||||||
option: name
|
|
||||||
value: "{{ grafana.database.name }}"
|
|
||||||
- section: database
|
|
||||||
option: user
|
|
||||||
value: "{{ grafana.database.user }}"
|
|
||||||
- section: database
|
|
||||||
option: password
|
|
||||||
value: "{{ grafana.database.password }}"
|
|
||||||
notify: Restart grafana
|
|
||||||
|
|
||||||
- name: Configure Grafana LDAP
|
|
||||||
template:
|
|
||||||
src: ldap.toml.j2
|
|
||||||
dest: /etc/grafana/ldap.toml
|
|
||||||
mode: 0640
|
|
||||||
notify: Restart grafana
|
|
||||||
|
|
||||||
- name: Enable and start Grafana
|
|
||||||
systemd:
|
|
||||||
name: grafana-server
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
daemon_reload: true
|
|
|
@ -1,61 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
|
|
||||||
# [log]
|
|
||||||
# filters = ldap:debug
|
|
||||||
|
|
||||||
[[servers]]
|
|
||||||
# Ldap server host (specify multiple hosts space separated)
|
|
||||||
host = "{{ grafana.ldap.host }}"
|
|
||||||
# Default port is 389 or 636 if use_ssl = true
|
|
||||||
port = 389
|
|
||||||
# Set to true if ldap server supports TLS
|
|
||||||
use_ssl = false
|
|
||||||
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
|
|
||||||
start_tls = false
|
|
||||||
# set to true if you want to skip ssl cert validation
|
|
||||||
ssl_skip_verify = false
|
|
||||||
# set to the path to your root CA certificate or leave unset to use system defaults
|
|
||||||
# root_ca_cert = "/path/to/certificate.crt"
|
|
||||||
# Authentication against LDAP servers requiring client certificates
|
|
||||||
# client_cert = "/path/to/client.crt"
|
|
||||||
# client_key = "/path/to/client.key"
|
|
||||||
|
|
||||||
# Search user bind dn
|
|
||||||
bind_dn = "{{ grafana.ldap.bind_dn }}"
|
|
||||||
# Search user bind password
|
|
||||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
|
||||||
bind_password = '{{ grafana.ldap.bind_password }}'
|
|
||||||
|
|
||||||
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
|
||||||
search_filter = "(cn=%s)"
|
|
||||||
|
|
||||||
# An array of base dns to search through
|
|
||||||
search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
|
|
||||||
|
|
||||||
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
|
|
||||||
## Please check grafana LDAP docs for examples
|
|
||||||
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
|
|
||||||
group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
|
|
||||||
group_search_filter_user_attribute = "cn"
|
|
||||||
|
|
||||||
# Specify names of the ldap attributes your ldap uses
|
|
||||||
[servers.attributes]
|
|
||||||
name = "sn"
|
|
||||||
surname = ""
|
|
||||||
username = "cn"
|
|
||||||
member_of = "dn"
|
|
||||||
email = "mail"
|
|
||||||
|
|
||||||
# Editors
|
|
||||||
{% for group_dn in grafana.ldap.editors_group_dn %}
|
|
||||||
[[servers.group_mappings]]
|
|
||||||
group_dn = "{{ group_dn }}"
|
|
||||||
org_role = "Editor"
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
# Viewers
|
|
||||||
[[servers.group_mappings]]
|
|
||||||
# If you want to match all (or no ldap groups) then you can use wildcard
|
|
||||||
group_dn = "*"
|
|
||||||
org_role = "Viewer"
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
---
|
|
||||||
ifupdown2__interfaces: {}
|
|
||||||
...
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart networking
|
|
||||||
systemd:
|
|
||||||
name: networking.service
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
- name: Bring all interfaces up
|
|
||||||
shell: /usr/sbin/ifup -a
|
|
||||||
...
|
|
|
@ -1,42 +0,0 @@
|
||||||
---
|
|
||||||
- name: Gather package facts
|
|
||||||
package_facts:
|
|
||||||
manager: apt
|
|
||||||
|
|
||||||
- name: Check if ifupdown2 is installed
|
|
||||||
set_fact:
|
|
||||||
must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
|
|
||||||
|
|
||||||
- name: Mask networking before installing ifupdown2
|
|
||||||
systemd:
|
|
||||||
name: networking.service
|
|
||||||
masked: true
|
|
||||||
when: must_mask
|
|
||||||
|
|
||||||
- name: Install ifupdown2
|
|
||||||
apt:
|
|
||||||
name: ifupdown2
|
|
||||||
|
|
||||||
- name: Unmask networking now that ifupdown2 is installed
|
|
||||||
systemd:
|
|
||||||
name: networking.service
|
|
||||||
masked: false
|
|
||||||
when: must_mask
|
|
||||||
|
|
||||||
- name: Configure ifupdown2
|
|
||||||
template:
|
|
||||||
src: interfaces.j2
|
|
||||||
dest: /etc/network/interfaces
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rw,g=r,o=
|
|
||||||
notify:
|
|
||||||
- Restart networking
|
|
||||||
- Bring all interfaces up
|
|
||||||
|
|
||||||
- name: Enable and start networking
|
|
||||||
systemd:
|
|
||||||
name: networking.service
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
...
|
|
|
@ -1,41 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
{% for name, iface in ifupdown2__interfaces.items() %}
|
|
||||||
auto {{ name }}
|
|
||||||
iface {{ name }}
|
|
||||||
{% for address in iface.addresses | default([]) %}
|
|
||||||
address {{ address | ipaddr }}
|
|
||||||
{% endfor %}
|
|
||||||
{% for gateway in iface.gateways | default([]) %}
|
|
||||||
gateway {{ gateway | ipaddr }}
|
|
||||||
{% endfor %}
|
|
||||||
{% if iface.bridge_ports is defined %}
|
|
||||||
bridge-ports {{ iface.bridge_ports | join(" ") }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.bridge_vlan_aware is defined %}
|
|
||||||
bridge-vlan-aware {{ iface.bridge_vlan_aware
|
|
||||||
| ternary("yes", "no") }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.bridge_vids is defined %}
|
|
||||||
bridge-vids {{ iface.bridge_vids | join(",") }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.vlan_id is defined %}
|
|
||||||
vlan-id {{ iface.vlan_id | int }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.vlan_raw_device is defined %}
|
|
||||||
vlan-raw-device {{ iface.vlan_raw_device }}
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.bridge_disable_pvid | default(false) %}
|
|
||||||
bridge-pvid 0
|
|
||||||
post-up bridge vlan del dev {{ name }} vid 1 self
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.forward | default(false) %}
|
|
||||||
ip-forward yes
|
|
||||||
ip6-forward yes
|
|
||||||
{% endif %}
|
|
||||||
{% if iface.ipv6_addrgen is defined %}
|
|
||||||
ipv6-addrgen {{ iface.ipv6_addrgen
|
|
||||||
| ternary("yes", "no") }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% endfor %}
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
keepalived__virtual_addresses: {}
|
|
||||||
keepalived__notify_master: []
|
|
||||||
keepalived__notify_backup: []
|
|
||||||
keepalived__notify_fault: []
|
|
||||||
keepalived__max_auto_priority: -1
|
|
||||||
...
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
- name: Reload keepalived
|
|
||||||
systemd:
|
|
||||||
name: keepalived.service
|
|
||||||
state: reloaded
|
|
||||||
...
|
|
|
@ -1,28 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install keepalived
|
|
||||||
apt:
|
|
||||||
name: keepalived
|
|
||||||
|
|
||||||
- name: Configure keepalived
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
loop:
|
|
||||||
- src: keepalived.conf.j2
|
|
||||||
dest: /etc/keepalived/keepalived.conf
|
|
||||||
mode: u=rw,g=,o=
|
|
||||||
- src: notify.sh.j2
|
|
||||||
dest: /etc/keepalived/notify.sh
|
|
||||||
mode: u=rwx,g=,o=
|
|
||||||
notify:
|
|
||||||
- Reload keepalived
|
|
||||||
|
|
||||||
- name: Enable and start keepalived
|
|
||||||
systemd:
|
|
||||||
name: keepalived
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
...
|
|
|
@ -1,92 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
global_defs {
|
|
||||||
dynamic_interfaces
|
|
||||||
script_user root
|
|
||||||
enable_script_security
|
|
||||||
vrrp_version 3
|
|
||||||
{% if keepalived__max_auto_priority is defined %}
|
|
||||||
max_auto_priority {{ keepalived__max_auto_priority | int }}
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
|
|
||||||
{%
|
|
||||||
set ipv4_enabled =
|
|
||||||
keepalived__ipv4_enabled
|
|
||||||
| default(keepalived__virtual_addresses.values()
|
|
||||||
| flatten | ansible.utils.ipv4)
|
|
||||||
%}
|
|
||||||
{%
|
|
||||||
set ipv6_enabled =
|
|
||||||
keepalived__ipv6_enabled
|
|
||||||
| default(keepalived__virtual_addresses.values()
|
|
||||||
| flatten | ansible.utils.ipv6)
|
|
||||||
%}
|
|
||||||
|
|
||||||
{% if ipv4_enabled and ipv6_enabled %}
|
|
||||||
vrrp_sync_group group {
|
|
||||||
group {
|
|
||||||
{% if ipv4_enabled %}
|
|
||||||
instance_v4
|
|
||||||
{% endif %}
|
|
||||||
{% if ipv6_enabled %}
|
|
||||||
instance_v6
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
notify_master "/etc/keepalived/notify.sh master"
|
|
||||||
notify_backup "/etc/keepalived/notify.sh backup"
|
|
||||||
notify_fault "/etc/keepalived/notify.sh fault"
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if ipv4_enabled %}
|
|
||||||
vrrp_instance instance_v4 {
|
|
||||||
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
|
||||||
interface {{ keepalived__interface }}
|
|
||||||
state BACKUP
|
|
||||||
priority 250
|
|
||||||
nopreempt
|
|
||||||
advert_int 1
|
|
||||||
accept
|
|
||||||
virtual_ipaddress {
|
|
||||||
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
|
||||||
{% for address in addresses %}
|
|
||||||
{% if address | ansible.utils.ipv4 %}
|
|
||||||
{{ address }} dev {{ dev }}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
|
||||||
}
|
|
||||||
{% if not (ipv4_enabled and ipv6_enabled) %}
|
|
||||||
notify_master "/etc/keepalived/notify.sh master"
|
|
||||||
notify_backup "/etc/keepalived/notify.sh backup"
|
|
||||||
notify_fault "/etc/keepalived/notify.sh fault"
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if ipv6_enabled %}
|
|
||||||
vrrp_instance instance_v6 {
|
|
||||||
virtual_router_id {{ keepalived__virtual_router_id | int }}
|
|
||||||
interface {{ keepalived__interface }}
|
|
||||||
state BACKUP
|
|
||||||
priority 250
|
|
||||||
nopreempt
|
|
||||||
advert_int 1
|
|
||||||
accept
|
|
||||||
virtual_ipaddress {
|
|
||||||
{% for dev, addresses in keepalived__virtual_addresses.items() %}
|
|
||||||
{% for address in addresses | ipaddr_sort(["link-local"]) %}
|
|
||||||
{% if address | ansible.utils.ipv6 %}
|
|
||||||
{{ address }} dev {{ dev }}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
|
||||||
}
|
|
||||||
{% if not (ipv4_enabled and ipv6_enabled) %}
|
|
||||||
notify_master "/etc/keepalived/notify.sh master"
|
|
||||||
notify_backup "/etc/keepalived/notify.sh backup"
|
|
||||||
notify_fault "/etc/keepalived/notify.sh fault"
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
|
@ -1,33 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
master=(
|
|
||||||
{% for notify in keepalived__notify_master %}
|
|
||||||
{{ notify | quote }}
|
|
||||||
{% endfor %}
|
|
||||||
)
|
|
||||||
|
|
||||||
backup=(
|
|
||||||
{% for notify in keepalived__notify_backup %}
|
|
||||||
{{ notify | quote }}
|
|
||||||
{% endfor %}
|
|
||||||
)
|
|
||||||
|
|
||||||
fault=(
|
|
||||||
{% for notify in keepalived__notify_fault %}
|
|
||||||
{{ notify | quote }}
|
|
||||||
{% endfor %}
|
|
||||||
)
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
master | backup | fault)
|
|
||||||
scripts="$1[@]"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: $0 (master|backup|fault)" >&2
|
|
||||||
exit 1
|
|
||||||
esac
|
|
||||||
|
|
||||||
for script in "${!scripts}"
|
|
||||||
do
|
|
||||||
eval "${script}"
|
|
||||||
done
|
|
|
@ -60,4 +60,3 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
# The search scope.
|
# The search scope.
|
||||||
#scope sub
|
#scope sub
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Reload logrotate
|
- name: reload logrotate
|
||||||
systemd:
|
service:
|
||||||
name: logrotate.service
|
name: logrotate
|
||||||
state: reloaded
|
state: reloaded
|
||||||
...
|
|
||||||
|
|
|
@ -1,28 +1,29 @@
|
||||||
---
|
---
|
||||||
|
# Install and configure logrotate
|
||||||
|
|
||||||
|
# Install the apt package
|
||||||
- name: Install logrotate
|
- name: Install logrotate
|
||||||
apt:
|
apt:
|
||||||
name: logrotate
|
name:
|
||||||
state: present
|
- logrotate
|
||||||
|
|
||||||
- name: Create rsyslog configuration directory
|
|
||||||
file:
|
|
||||||
path: /etc/rsyslog.d
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rwx,g=rx,o=rx
|
|
||||||
|
|
||||||
|
# Copy the configuration and reload the service if it has changed
|
||||||
- name: Configure logrotate
|
- name: Configure logrotate
|
||||||
template:
|
template:
|
||||||
src: logrotate.conf
|
src: logrotate.d/rsyslog.j2
|
||||||
dest: /etc/logrotate.conf
|
dest: /etc/logrotate.d/rsyslog
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: u=rwx,g=r,o=r
|
mode: "0644"
|
||||||
notify: Reload logrotate
|
notify: reload logrotate
|
||||||
|
|
||||||
|
# Make sure the service is enabled and started
|
||||||
- name: Enable logrotate service
|
- name: Enable logrotate service
|
||||||
systemd:
|
service:
|
||||||
name: logrotate.service
|
name: logrotate
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
...
|
|
||||||
|
# Enforce new logrotate rules now
|
||||||
|
- name: Run logrotate now
|
||||||
|
command: /usr/sbin/logrotate -f /etc/logrotate.d/rsyslog
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
# see "man logrotate" for details
|
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
# global options do not affect preceding include directives
|
|
||||||
|
|
||||||
# rotate log files weekly
|
|
||||||
weekly
|
|
||||||
|
|
||||||
# keep 4 weeks worth of backlogs
|
|
||||||
rotate 4
|
|
||||||
|
|
||||||
# create new (empty) log files after rotating old ones
|
|
||||||
create
|
|
||||||
|
|
||||||
# use date as a suffix of the rotated file
|
|
||||||
#dateext
|
|
||||||
|
|
||||||
# uncomment this if you want your log files compressed
|
|
||||||
#compress
|
|
||||||
|
|
||||||
# packages drop log rotation information into this directory
|
|
||||||
include /etc/logrotate.d
|
|
||||||
|
|
||||||
# system-specific logs may also be configured here.
|
|
39
roles/logrotate/templates/logrotate.d/rsyslog.j2
Normal file
39
roles/logrotate/templates/logrotate.d/rsyslog.j2
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
/var/log/syslog
|
||||||
|
{
|
||||||
|
rotate 7
|
||||||
|
daily
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
delaycompress
|
||||||
|
compress
|
||||||
|
postrotate
|
||||||
|
/usr/lib/rsyslog/rsyslog-rotate
|
||||||
|
endscript
|
||||||
|
}
|
||||||
|
|
||||||
|
/var/log/mail.info
|
||||||
|
/var/log/mail.warn
|
||||||
|
/var/log/mail.err
|
||||||
|
/var/log/mail.log
|
||||||
|
/var/log/daemon.log
|
||||||
|
/var/log/kern.log
|
||||||
|
/var/log/auth.log
|
||||||
|
/var/log/user.log
|
||||||
|
/var/log/lpr.log
|
||||||
|
/var/log/cron.log
|
||||||
|
/var/log/debug
|
||||||
|
/var/log/messages
|
||||||
|
{
|
||||||
|
rotate 90
|
||||||
|
daily
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
compress
|
||||||
|
delaycompress
|
||||||
|
sharedscripts
|
||||||
|
postrotate
|
||||||
|
/usr/lib/rsyslog/rsyslog-rotate
|
||||||
|
endscript
|
||||||
|
}
|
|
@ -148,6 +148,12 @@
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Indicate role in motd
|
||||||
|
template:
|
||||||
|
src: update-motd.d/05-service.j2
|
||||||
|
dest: /etc/update-motd.d/05-nginx
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
- name: Clean old files
|
- name: Clean old files
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
|
@ -156,4 +162,3 @@
|
||||||
- "/etc/nginx/snippets/options-ssl.conf"
|
- "/etc/nginx/snippets/options-ssl.conf"
|
||||||
- "/var/www/custom_401.html"
|
- "/var/www/custom_401.html"
|
||||||
- "/var/www/robots.txt"
|
- "/var/www/robots.txt"
|
||||||
...
|
|
||||||
|
|
3
roles/nginx/templates/update-motd.d/05-service.j2
Executable file
3
roles/nginx/templates/update-motd.d/05-service.j2
Executable file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/usr/bin/tail +14
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
[0m> [38;5;82mNGINX[0m a été déployé sur cette machine. Voir [38;5;6m/etc/nginx/[0m.
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
openssh_authorized_principals:
|
|
||||||
- any
|
|
||||||
...
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart sshd
|
|
||||||
systemd:
|
|
||||||
name: ssh.service
|
|
||||||
state: restarted
|
|
||||||
...
|
|
|
@ -1,39 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install OpenSSH server
|
|
||||||
apt:
|
|
||||||
name: openssh-server
|
|
||||||
|
|
||||||
- name: Enable OpenSSH Server
|
|
||||||
systemd:
|
|
||||||
name: ssh.service
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
|
|
||||||
- name: Install sshd configuration file
|
|
||||||
template:
|
|
||||||
src: sshd_config.j2
|
|
||||||
dest: /etc/ssh/sshd_config
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=r,g=,o=
|
|
||||||
validate: "/usr/sbin/sshd -tf %s"
|
|
||||||
notify: Restart sshd
|
|
||||||
|
|
||||||
- name: Install Users CA public key
|
|
||||||
copy:
|
|
||||||
content: "{{ openssh_users_ca_public_key }}"
|
|
||||||
dest: /etc/ssh/users_ca.pub
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=r,g=,o=
|
|
||||||
notify: Restart sshd
|
|
||||||
|
|
||||||
- name: Install authorized principals file
|
|
||||||
copy:
|
|
||||||
content: "{{ openssh_authorized_principals | join('\n') }}"
|
|
||||||
dest: /etc/ssh/authorized_principals
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=r,g=,o=
|
|
||||||
notify: Restart sshd
|
|
||||||
...
|
|
|
@ -1,45 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
SyslogFacility AUTH
|
|
||||||
LogLevel VERBOSE
|
|
||||||
|
|
||||||
AddressFamily any
|
|
||||||
ListenAddress 0.0.0.0
|
|
||||||
ListenAddress ::
|
|
||||||
|
|
||||||
Port 22
|
|
||||||
|
|
||||||
MaxStartups 10:30:100
|
|
||||||
|
|
||||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
||||||
HostKey /etc/ssh/ssh_host_rsa_key
|
|
||||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
||||||
|
|
||||||
# https://infosec.mozilla.org/guidelines/openssh.html
|
|
||||||
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
|
|
||||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
|
||||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
|
||||||
|
|
||||||
AuthenticationMethods publickey
|
|
||||||
|
|
||||||
TrustedUserCAKeys /etc/ssh/users_ca.pub
|
|
||||||
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
|
|
||||||
|
|
||||||
StrictModes yes
|
|
||||||
UsePAM no
|
|
||||||
PermitRootLogin yes
|
|
||||||
PermitUserRC no
|
|
||||||
PermitUserEnvironment no
|
|
||||||
AllowAgentForwarding no
|
|
||||||
AllowTcpForwarding yes
|
|
||||||
X11Forwarding no
|
|
||||||
PermitTTY yes
|
|
||||||
PermitTunnel no
|
|
||||||
VersionAddendum none
|
|
||||||
PrintLastLog yes
|
|
||||||
PrintMotd yes
|
|
||||||
TCPKeepAlive yes
|
|
||||||
UseDNS no
|
|
||||||
AcceptEnv LANG LC_*
|
|
||||||
|
|
||||||
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
|
|
10
roles/passbolt/defaults/main.yml
Normal file
10
roles/passbolt/defaults/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
# URL to clone
|
||||||
|
passbolt_repo: https://github.com/passbolt/passbolt_api.git
|
||||||
|
passbolt_version: v2.10.0
|
||||||
|
|
||||||
|
# Install target
|
||||||
|
passbolt_path: /var/www/passbolt
|
||||||
|
|
||||||
|
# User used to run passbolt
|
||||||
|
passbolt_user: www-data
|
39
roles/passbolt/tasks/main.yml
Normal file
39
roles/passbolt/tasks/main.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
# See https://help.passbolt.com/hosting/install/ce/from-source.html
|
||||||
|
|
||||||
|
- name: Clone passbolt project
|
||||||
|
git:
|
||||||
|
repo: "{{ passbolt_repo }}"
|
||||||
|
dest: "{{ passbolt_path }}"
|
||||||
|
version: "{{ passbolt_version }}"
|
||||||
|
become: true
|
||||||
|
become_user: "{{ passbolt_user }}"
|
||||||
|
|
||||||
|
- name: Install passbolt dependencies
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- composer
|
||||||
|
- php-fpm
|
||||||
|
- php-intl
|
||||||
|
- php-gnupg
|
||||||
|
- php-gd
|
||||||
|
- php-mysql
|
||||||
|
- nginx
|
||||||
|
- mariadb-server
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
# Setup dependencies
|
||||||
|
- name: Install passbolt PHP dependencies
|
||||||
|
composer:
|
||||||
|
command: install
|
||||||
|
working_dir: "{{ passbolt_path }}"
|
||||||
|
no_dev: true
|
||||||
|
become: true
|
||||||
|
become_user: "{{ passbolt_user }}"
|
||||||
|
register: composer_result
|
||||||
|
retries: 3
|
||||||
|
until: composer_result is succeeded
|
|
@ -1,7 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
# TYPE DATABASE USER ADDRESS METHOD
|
|
||||||
local all postgres peer map=map_local
|
|
||||||
{% for host in postgresql.hosts | default([]) %}
|
|
||||||
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
|
|
||||||
{% endfor %}
|
|
|
@ -1,5 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
|
||||||
map_local root postgres
|
|
||||||
map_local postgres postgres
|
|
5
roles/postgresql_server/defaults/main.yml
Normal file
5
roles/postgresql_server/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
postgresql_hosts: []
|
||||||
|
postgresql_databases: []
|
||||||
|
postgresql_users: []
|
||||||
|
...
|
|
@ -55,7 +55,7 @@
|
||||||
lc_collate: en_US.UTF-8
|
lc_collate: en_US.UTF-8
|
||||||
lc_ctype: en_US.UTF-8
|
lc_ctype: en_US.UTF-8
|
||||||
template: template0
|
template: template0
|
||||||
loop: "{{ postgresql.databases | default([]) }}"
|
loop: "{{ postgresql_databases }}"
|
||||||
|
|
||||||
- name: Create users
|
- name: Create users
|
||||||
become: true
|
become: true
|
||||||
|
@ -65,7 +65,7 @@
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
password: "{{ item.password }}"
|
password: "{{ item.password }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
loop: "{{ postgresql.users | default([]) }}"
|
loop: "{{ postgresql_users }}"
|
||||||
|
|
||||||
- name: Grant privileges to users
|
- name: Grant privileges to users
|
||||||
become: true
|
become: true
|
||||||
|
@ -77,5 +77,5 @@
|
||||||
privs: "{{ item.privs | join(',') }}"
|
privs: "{{ item.privs | join(',') }}"
|
||||||
obj: "{{ item.database }}"
|
obj: "{{ item.database }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
loop: "{{ postgresql.users | default([]) }}"
|
loop: "{{ postgresql_users }}"
|
||||||
...
|
...
|
19
roles/postgresql_server/templates/postgresql/pg_hba.conf.j2
Normal file
19
roles/postgresql_server/templates/postgresql/pg_hba.conf.j2
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# TYPE DATABASE USER ADDRESS METHOD
|
||||||
|
|
||||||
|
# DO NOT DISABLE!
|
||||||
|
# If you change this first entry you will need to make sure that the
|
||||||
|
# database superuser can access the database using some other method.
|
||||||
|
# Noninteractive access to all databases is required during automatic
|
||||||
|
# maintenance (custom daily cronjobs, replication, and similar tasks).
|
||||||
|
#
|
||||||
|
# Database administrative login by Unix domain socket
|
||||||
|
local all postgres peer map=map_root
|
||||||
|
|
||||||
|
# "local" is for Unix domain socket connections only
|
||||||
|
local all all peer
|
||||||
|
|
||||||
|
{% for host in postgresql_hosts %}
|
||||||
|
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
|
||||||
|
{% endfor %}
|
|
@ -0,0 +1,4 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
||||||
|
map_root root postgress
|
|
@ -8,4 +8,3 @@
|
||||||
service:
|
service:
|
||||||
name: prometheus-snmp-exporter
|
name: prometheus-snmp-exporter
|
||||||
state: restarted
|
state: restarted
|
||||||
...
|
|
||||||
|
|
|
@ -11,38 +11,20 @@
|
||||||
|
|
||||||
- name: Configure Prometheus
|
- name: Configure Prometheus
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}.j2"
|
src: prometheus/prometheus.yml.j2
|
||||||
dest: "/etc/prometheus/{{ item }}"
|
dest: /etc/prometheus/prometheus.yml
|
||||||
owner: prometheus
|
mode: 0644
|
||||||
group: prometheus
|
|
||||||
mode: u=r,g=r,o=
|
|
||||||
loop:
|
|
||||||
- prometheus.yml
|
|
||||||
notify: Restart Prometheus
|
notify: Restart Prometheus
|
||||||
|
|
||||||
- name: Creates directory for alerts
|
- name: Configure Prometheus alert rules
|
||||||
file:
|
|
||||||
path: /etc/prometheus/alerts
|
|
||||||
state: directory
|
|
||||||
owner: prometheus
|
|
||||||
group: prometheus
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: Configure Prometheus alerts
|
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}.j2"
|
src: "prometheus/{{ item }}.j2"
|
||||||
dest: "/etc/prometheus/alerts/{{ item }}"
|
dest: "/etc/prometheus/{{ item }}"
|
||||||
owner: prometheus
|
mode: 0644
|
||||||
group: prometheus
|
|
||||||
mode: u=r,g=r,o=
|
|
||||||
loop:
|
|
||||||
- server.rules.yml
|
|
||||||
- docker.rules.yml
|
|
||||||
- ups.rules.yml
|
|
||||||
- postgres.rules.yml
|
|
||||||
- environmental.rules.yml
|
|
||||||
- ilo.rules.yml
|
|
||||||
notify: Restart Prometheus
|
notify: Restart Prometheus
|
||||||
|
loop:
|
||||||
|
- alert.rules.yml
|
||||||
|
- django.rules.yml
|
||||||
|
|
||||||
- name: Make Prometheus snmp-exporter listen on localhost only
|
- name: Make Prometheus snmp-exporter listen on localhost only
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -51,21 +33,62 @@
|
||||||
line: "ARGS=\"--web.listen-address=127.0.0.1:9116\""
|
line: "ARGS=\"--web.listen-address=127.0.0.1:9116\""
|
||||||
notify: Restart prometheus-snmp-exporter
|
notify: Restart prometheus-snmp-exporter
|
||||||
|
|
||||||
# These files store SNMP OIDs
|
# This file store SNMP OIDs
|
||||||
- name: Configure Prometheus snmp-exporter
|
- name: Configure Prometheus snmp-exporter
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}.j2"
|
src: "prometheus/snmp.yml.j2"
|
||||||
dest: "/etc/prometheus/{{ item }}"
|
dest: "/etc/prometheus/snmp.yml"
|
||||||
|
mode: 0600
|
||||||
owner: prometheus
|
owner: prometheus
|
||||||
group: prometheus
|
|
||||||
mode: u=r,g=r,o=
|
|
||||||
loop:
|
|
||||||
- snmp.yml
|
|
||||||
notify: Restart prometheus-snmp-exporter
|
notify: Restart prometheus-snmp-exporter
|
||||||
|
|
||||||
|
# We don't need to restart Prometheus when updating nodes
|
||||||
|
- name: Configure Prometheus nodes
|
||||||
|
copy:
|
||||||
|
content: "{{ prometheus_targets | to_nice_json }}"
|
||||||
|
dest: /etc/prometheus/targets.json
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
# We don't need to restart Prometheus when updating nodes
|
||||||
|
- name: Configure Prometheus Ubiquity Unifi SNMP devices
|
||||||
|
copy:
|
||||||
|
content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
|
||||||
|
dest: /etc/prometheus/targets_unifi_snmp.json
|
||||||
|
mode: 0644
|
||||||
|
when: prometheus_unifi_snmp_targets is defined
|
||||||
|
|
||||||
|
- name: Configure Prometheus Switchs
|
||||||
|
copy:
|
||||||
|
content: "{{ prometheus_switch_snmp_targets | to_nice_json }}"
|
||||||
|
dest: /etc/prometheus/targets_switch_snmp.json
|
||||||
|
mode: 0644
|
||||||
|
when: prometheus_switch_snmp_targets is defined
|
||||||
|
|
||||||
|
- name: Configure Prometheus UPS SNMP devices
|
||||||
|
copy:
|
||||||
|
content: "{{ [{'targets': prometheus_ups_snmp_targets }] | to_nice_json }}\n"
|
||||||
|
dest: /etc/prometheus/targets_ups_snmp.json
|
||||||
|
mode: 0644
|
||||||
|
when: prometheus_ups_snmp_targets is defined
|
||||||
|
|
||||||
|
- name: Configure Prometheus docker monitoring
|
||||||
|
copy:
|
||||||
|
content: "{{ [{'targets': prometheus_docker_targets }] | to_nice_json }}\n"
|
||||||
|
dest: /etc/prometheus/targets_docker.json
|
||||||
|
mode: 0644
|
||||||
|
when: prometheus_docker_targets is defined
|
||||||
|
|
||||||
- name: Activate prometheus service
|
- name: Activate prometheus service
|
||||||
systemd:
|
systemd:
|
||||||
name: prometheus
|
name: prometheus
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: update_motd
|
||||||
|
vars:
|
||||||
|
motd_messages:
|
||||||
|
- key: 05-prometheus
|
||||||
|
message: >-
|
||||||
|
Prometheus est déployé sur cette machine (voir /etc/prometheus)
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,50 +0,0 @@
|
||||||
---
|
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
{% macro raw(string) -%}
|
|
||||||
{{ "{{" }} {{ string }} {{ "}}" }}
|
|
||||||
{%- endmacro %}
|
|
||||||
|
|
||||||
groups:
|
|
||||||
|
|
||||||
- name: docker.rules
|
|
||||||
rules:
|
|
||||||
|
|
||||||
- alert: ContainerDown
|
|
||||||
expr: docker_container_running_state != 1
|
|
||||||
for: 0m
|
|
||||||
labels:
|
|
||||||
severity: critical
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Le container Docker est éteint / tombé
|
|
||||||
(container {{ raw('$labels.name') }})
|
|
||||||
|
|
||||||
- alert: ContainerFailed
|
|
||||||
expr: sum(increase(docker_container_restart_count[5m])) > 2
|
|
||||||
for: 0m
|
|
||||||
labels:
|
|
||||||
severity: critical
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Le container Docker redémarre souvent
|
|
||||||
(container {{ raw('$labels.name') }})
|
|
||||||
|
|
||||||
- alert: ContainerFailed
|
|
||||||
expr:
|
|
||||||
(
|
|
||||||
docker_container_cpu_used_total
|
|
||||||
/
|
|
||||||
docker_container_cpu_capacity_total
|
|
||||||
) * 100
|
|
||||||
> 30
|
|
||||||
for: 0m
|
|
||||||
labels:
|
|
||||||
severity: critical
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Le container Docker utilise beaucoup de CPU
|
|
||||||
(container {{ raw('$labels.name') }},
|
|
||||||
valeur {{ raw('$value | printf "%.1f"') }})
|
|
||||||
|
|
||||||
...
|
|
|
@ -1,52 +0,0 @@
|
||||||
---
|
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
{% macro raw(string) -%}
|
|
||||||
{{ "{{" }} {{ string }} {{ "}}" }}
|
|
||||||
{%- endmacro %}
|
|
||||||
|
|
||||||
groups:
|
|
||||||
|
|
||||||
- name: environmental.rules
|
|
||||||
rules:
|
|
||||||
|
|
||||||
- alert: EnvironmentalTemperature
|
|
||||||
expr: rPDU2SensorTempHumidityStatusTempC / 10 > 30
|
|
||||||
for: 10m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Température environnementale à {{ raw('$value') }}°
|
|
||||||
|
|
||||||
- alert: EnvironmentalTemperature
|
|
||||||
expr: rPDU2SensorTempHumidityStatusTempC / 10 > 40
|
|
||||||
for: 10m
|
|
||||||
labels:
|
|
||||||
severity: critical
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Température environnementale à {{ raw('$value') }}°
|
|
||||||
|
|
||||||
|
|
||||||
- alert: EnvironmentalTemperature
|
|
||||||
expr: xupsEnvRemoteTemp > 30
|
|
||||||
for: 10m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Température environnementale à {{ raw('$value') }}°
|
|
||||||
|
|
||||||
- alert: EnvironmentalTemperature
|
|
||||||
expr: xupsEnvRemoteTemp > 40
|
|
||||||
for: 10m
|
|
||||||
labels:
|
|
||||||
severity: critical
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Température environnementale à {{ raw('$value') }}°
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
...
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue