Global_monitoring #24
18 changed files with 173 additions and 32 deletions
|
@ -1,5 +1,10 @@
|
||||||
skip_list:
|
skip_list:
|
||||||
- '301'
|
- no-changed-when
|
||||||
|
- load-failure
|
||||||
|
- document-start
|
||||||
|
|
||||||
warn_list:
|
warn_list:
|
||||||
- experimental # all rules tagged as experimental
|
- experimental # all rules tagged as experimental
|
||||||
|
|
||||||
|
exclude_paths:
|
||||||
|
- group_vars/all/vault.yml
|
||||||
|
|
13
.drone.yml
13
.drone.yml
|
@ -4,16 +4,9 @@ type: docker
|
||||||
name: check
|
name: check
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: yamllint
|
- name: ansible and yaml linting
|
||||||
image: python:3.9-alpine
|
pull: never
|
||||||
|
image: aurore-ansible-lint-image
|
||||||
commands:
|
commands:
|
||||||
- pip install yamllint==1.25.0
|
|
||||||
- yamllint -c .yamllint.yml .
|
|
||||||
|
|
||||||
- name: ansible-lint
|
|
||||||
image: python:3.9-alpine
|
|
||||||
commands:
|
|
||||||
- apk add --no-cache gcc libc-dev libffi-dev openssl-dev
|
|
||||||
- pip install ansible-lint==4.3.7
|
|
||||||
- ansible-lint
|
- ansible-lint
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
image: python:3.9-alpine
|
|
||||||
|
|
||||||
stages:
|
|
||||||
- lint
|
|
||||||
|
|
||||||
yamllint:
|
|
||||||
stage: lint
|
|
||||||
script:
|
|
||||||
- pip install yamllint==1.25.0
|
|
||||||
- yamllint -c .yamllint.yml .
|
|
||||||
|
|
||||||
ansible-lint:
|
|
||||||
stage: lint
|
|
||||||
script:
|
|
||||||
- apk add gcc libc-dev libffi-dev openssl-dev
|
|
||||||
- pip install ansible-lint==4.3.7
|
|
||||||
- ansible-lint *.yml
|
|
||||||
...
|
|
|
@ -6,6 +6,5 @@ rules:
|
||||||
max: 120
|
max: 120
|
||||||
level: warning
|
level: warning
|
||||||
document-start:
|
document-start:
|
||||||
ignore: |
|
ignore: group_vars/all/vault.yml
|
||||||
/groups_var/all/vault.yml
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible)
|
||||||
|
|
||||||
# Recettes Ansible d'Aurore
|
# Recettes Ansible d'Aurore
|
||||||
|
|
||||||
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
|
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
|
||||||
|
|
8
deploy_postfix_non_mailhost.yml
Normal file
8
deploy_postfix_non_mailhost.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
# Deploy a correclty configured postfix on non mailhost servers
|
||||||
|
- hosts: all,!unifi
|
||||||
|
vars:
|
||||||
|
local_network: 10.128.0.0/16
|
||||||
|
relay_host: proxy.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- postfix_non_mailhost
|
7
docker-ansible-lint/Dockerfile
Normal file
7
docker-ansible-lint/Dockerfile
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
FROM python:3.9-alpine
|
||||||
|
LABEL description="Aurore's docker image for ansible-lint"
|
||||||
|
|
||||||
|
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
|
||||||
|
RUN pip install "yamllint>=1.26.0,<2.0"
|
||||||
|
RUN pip install "ansible-lint==5.0.0"
|
||||||
|
RUN pip install "ansible>=2.10,<2.11"
|
18
docker-ansible-lint/README.md
Normal file
18
docker-ansible-lint/README.md
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# Ansible-lint image
|
||||||
|
|
||||||
|
In order to build this image when a new version comes out, you need to
|
||||||
|
1. ssh into the `drone.adm.auro.re` server
|
||||||
|
2. git pull this repo to the lastest version
|
||||||
|
3. optionally make the changes if it has not been done yet
|
||||||
|
4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
|
||||||
|
5. ???
|
||||||
|
6. enjoy
|
||||||
|
|
||||||
|
You can verify that the image was correclty built by running
|
||||||
|
```
|
||||||
|
# list the images present
|
||||||
|
sudo docker image ls
|
||||||
|
|
||||||
|
# run your image with an interactive shell
|
||||||
|
sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
|
||||||
|
```
|
10
roles/postfix_non_mailhost/handlers/main.yml
Normal file
10
roles/postfix_non_mailhost/handlers/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: restart postfix
|
||||||
|
service:
|
||||||
|
name: postfix
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: reload postfix
|
||||||
|
service:
|
||||||
|
name: postfix
|
||||||
|
state: reloaded
|
17
roles/postfix_non_mailhost/tasks/main.yml
Normal file
17
roles/postfix_non_mailhost/tasks/main.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
- name: Install postfix
|
||||||
|
apt:
|
||||||
|
name: postfix
|
||||||
|
update_cache: true
|
||||||
|
register: result
|
||||||
|
retries: 3
|
||||||
|
until: result is succeeded
|
||||||
|
|
||||||
|
- name: Configure postfix
|
||||||
|
template:
|
||||||
|
src: main.cf.j2
|
||||||
|
dest: /etc/postfix/main.cf
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
notify: restart postfix
|
32
roles/postfix_non_mailhost/templates/main.cf.j2
Normal file
32
roles/postfix_non_mailhost/templates/main.cf.j2
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
||||||
|
# Template based on /usr/share/postfix/main.cf.debian
|
||||||
|
|
||||||
|
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
||||||
|
biff = no
|
||||||
|
|
||||||
|
# appending .domain is the MUA's job.
|
||||||
|
append_dot_mydomain = no
|
||||||
|
|
||||||
|
# Uncomment the next line to generate "delayed mail" warnings
|
||||||
|
#delay_warning_time = 4h
|
||||||
|
|
||||||
|
readme_directory = no
|
||||||
|
|
||||||
|
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
|
||||||
|
# fresh installs.
|
||||||
|
compatibility_level = 2
|
||||||
|
|
||||||
|
# Send mail as user@{{ ansible_fqdn }}
|
||||||
|
myhostname = {{ ansible_fqdn }}
|
||||||
|
myorigin = $myhostname
|
||||||
|
mydomain = $myhostname
|
||||||
|
|
||||||
|
# Specify the trusted networks
|
||||||
|
mynetworks = 127.0.0.0/8 {{ local_network }}
|
||||||
|
|
||||||
|
# This host does not relay mail from untrusted networks
|
||||||
|
relay_domains =
|
||||||
|
|
||||||
|
# This is needed if no direct Internet access is available
|
||||||
|
relayhost = {{ relay_host }}
|
4
utils/README.md
Normal file
4
utils/README.md
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
# Utils
|
||||||
|
|
||||||
|
A repository of Ansible Playbooks that are useful, as little script or various
|
||||||
|
utilities, but not used in production.
|
13
utils/re2o_mail_server.yml
Executable file
13
utils/re2o_mail_server.yml
Executable file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# Deploy Re2o mail service
|
||||||
|
- hosts: mail.auro.re
|
||||||
|
vars:
|
||||||
|
service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
|
||||||
|
service_name: mail-server
|
||||||
|
service_version: aurore
|
||||||
|
service_config:
|
||||||
|
hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod!
|
||||||
|
username: service-user
|
||||||
|
password: "{{ vault_serviceuser_passwd }}"
|
||||||
|
roles:
|
||||||
|
- re2o-service
|
31
utils/reboot_needed_check.yml
Executable file
31
utils/reboot_needed_check.yml
Executable file
|
@ -0,0 +1,31 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Check if a reboot is required by the installation of some packages (ie kernel)
|
||||||
|
- hosts: localhost
|
||||||
|
tasks:
|
||||||
|
- name: Make sure local file exist but is empty # weird hack, I know
|
||||||
|
copy:
|
||||||
|
dest: /tmp/ansible_dump_reboot_needed.txt
|
||||||
|
content: ""
|
||||||
|
force: true
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re
|
||||||
|
tasks:
|
||||||
|
# Register the output of the file /var/run/reboot-required.pkgs
|
||||||
|
- name: Register if boot is required
|
||||||
|
shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: DEBUG
|
||||||
|
debug:
|
||||||
|
msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
|
||||||
|
when: result.stdout is defined
|
||||||
|
|
||||||
|
# Add info line by line
|
||||||
|
- name: Dump all info into the local file
|
||||||
|
delegate_to: localhost
|
||||||
|
lineinfile:
|
||||||
|
path: /tmp/ansible_dump_reboot_needed.txt
|
||||||
|
line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}"
|
||||||
|
when: result.stdout is defined
|
21
utils/version_check.yml
Executable file
21
utils/version_check.yml
Executable file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Check for the distribution
|
||||||
|
- hosts: localhost
|
||||||
|
tasks:
|
||||||
|
- name: Make sure local file exist but is empty # weird hack, I know
|
||||||
|
copy:
|
||||||
|
dest: /tmp/ansible_dump_reboot_needed.txt
|
||||||
|
content: ""
|
||||||
|
force: true
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- hosts: all,!unifi
|
||||||
|
tasks:
|
||||||
|
# Add info line by line
|
||||||
|
- name: Dump all info into the local file
|
||||||
|
delegate_to: localhost
|
||||||
|
lineinfile:
|
||||||
|
path: /tmp/ansible_dump_dist_version.txt
|
||||||
|
line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{
|
||||||
|
ansible_distribution }} {{ ansible_distribution_version }}"
|
Loading…
Reference in a new issue