pve_service #67
8 changed files with 33 additions and 25 deletions
|
@ -88,8 +88,11 @@ On va utiliser plutôt `ProxyJump`.
|
||||||
Dans la configuration SSH :
|
Dans la configuration SSH :
|
||||||
|
|
||||||
```
|
```
|
||||||
# Use a proxy jump server to log on all Aurore inventory
|
Host *.adm.auro.re *.pve.auro.re
|
||||||
Host 10.128.0.* *.adm.auro.re
|
# Accept new host keys
|
||||||
|
StrictHostKeyChecking accept-new
|
||||||
|
|
||||||
|
# Use passerelle to connect to administration VLANs
|
||||||
ProxyJump passerelle.auro.re
|
ProxyJump passerelle.auro.re
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,6 @@ for host in $HOSTS; do
|
||||||
|
|
||||||
# sshpass can be used for non-interactive password authentication.
|
# sshpass can be used for non-interactive password authentication.
|
||||||
# place your password in ldap-password.txt.
|
# place your password in ldap-password.txt.
|
||||||
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
|
SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
12
hosts
12
hosts
|
@ -8,10 +8,7 @@
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Aurore : main services
|
# Aurore : main services
|
||||||
|
|
||||||
viviane.adm.auro.re
|
|
||||||
|
|
||||||
[aurore_pve]
|
[aurore_pve]
|
||||||
merlin.adm.auro.re
|
|
||||||
|
|
||||||
[aurore_vm]
|
[aurore_vm]
|
||||||
routeur-aurore.adm.auro.re
|
routeur-aurore.adm.auro.re
|
||||||
|
@ -25,7 +22,7 @@ camelot.adm.auro.re
|
||||||
gitea.adm.auro.re
|
gitea.adm.auro.re
|
||||||
drone.adm.auro.re
|
drone.adm.auro.re
|
||||||
nextcloud.adm.auro.re
|
nextcloud.adm.auro.re
|
||||||
stream.adm.auro.re
|
galene.adm.auro.re
|
||||||
re2o-server.adm.auro.re
|
re2o-server.adm.auro.re
|
||||||
re2o-ldap.adm.auro.re
|
re2o-ldap.adm.auro.re
|
||||||
re2o-db.adm.auro.re
|
re2o-db.adm.auro.re
|
||||||
|
@ -39,9 +36,9 @@ bdd.adm.auro.re
|
||||||
bdd-ovh.adm.auro.re
|
bdd-ovh.adm.auro.re
|
||||||
litl.adm.auro.re
|
litl.adm.auro.re
|
||||||
log.adm.auro.re
|
log.adm.auro.re
|
||||||
|
netbox.adm.auro.re
|
||||||
|
|
||||||
[aurore_testing_vm]
|
[aurore_testing_vm]
|
||||||
pendragon.adm.auro.re
|
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# OVH
|
# OVH
|
||||||
|
@ -51,11 +48,8 @@ horus.adm.auro.re
|
||||||
|
|
||||||
[ovh_container]
|
[ovh_container]
|
||||||
synapse.adm.auro.re
|
synapse.adm.auro.re
|
||||||
phabricator.adm.auro.re
|
|
||||||
wiki.adm.auro.re
|
|
||||||
www.adm.auro.re
|
www.adm.auro.re
|
||||||
proxy-ovh.adm.auro.re
|
proxy-ovh.adm.auro.re
|
||||||
matrix-services.adm.auro.re
|
|
||||||
|
|
||||||
[ovh_vm]
|
[ovh_vm]
|
||||||
serge.adm.auro.re
|
serge.adm.auro.re
|
||||||
|
@ -77,7 +71,6 @@ prometheus-federate.adm.auro.re
|
||||||
perceval.adm.auro.re
|
perceval.adm.auro.re
|
||||||
|
|
||||||
[fleming_pve]
|
[fleming_pve]
|
||||||
freya.adm.auro.re
|
|
||||||
marki.adm.auro.re
|
marki.adm.auro.re
|
||||||
|
|
||||||
[fleming_vm]
|
[fleming_vm]
|
||||||
|
@ -350,7 +343,6 @@ gh-1-2.borne.auro.re
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Les Rives
|
# Les Rives
|
||||||
[rives_pve]
|
[rives_pve]
|
||||||
thor.adm.auro.re
|
|
||||||
loki.adm.auro.re
|
loki.adm.auro.re
|
||||||
|
|
||||||
[rives_vm]
|
[rives_vm]
|
||||||
|
|
1
log.yml
Normal file → Executable file
1
log.yml
Normal file → Executable file
|
@ -1,3 +1,4 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: log.adm.auro.re
|
- hosts: log.adm.auro.re
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
# The search scope.
|
# The search scope.
|
||||||
#scope sub
|
#scope sub
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,24 @@
|
||||||
|
# see "man logrotate" for details
|
||||||
jeltz marked this conversation as resolved
|
|||||||
{{ ansible_managed | comment }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# global options do not affect preceding include directives
|
||||||
|
|
||||||
|
# rotate log files weekly
|
||||||
weekly
|
weekly
|
||||||
|
|
||||||
|
# keep 4 weeks worth of backlogs
|
||||||
rotate 4
|
rotate 4
|
||||||
|
|
||||||
|
# create new (empty) log files after rotating old ones
|
||||||
create
|
create
|
||||||
|
|
||||||
|
# use date as a suffix of the rotated file
|
||||||
|
#dateext
|
||||||
|
|
||||||
|
# uncomment this if you want your log files compressed
|
||||||
|
#compress
|
||||||
|
|
||||||
|
# packages drop log rotation information into this directory
|
||||||
include /etc/logrotate.d
|
include /etc/logrotate.d
|
||||||
|
|
||||||
|
# system-specific logs may also be configured here.
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
---
|
---
|
||||||
- name: Install rsyslog
|
- name: Install rsyslog
|
||||||
become: true
|
|
||||||
apt:
|
apt:
|
||||||
name: rsyslog
|
name: rsyslog
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Install rsyslog modules if needed
|
- name: Install rsyslog modules if needed
|
||||||
become: true
|
|
||||||
apt:
|
apt:
|
||||||
name: "{{ item.pkg }}"
|
name: "{{ item.pkg }}"
|
||||||
state: present
|
state: present
|
||||||
|
@ -18,7 +16,6 @@
|
||||||
pkg: rsyslog-hiredis
|
pkg: rsyslog-hiredis
|
||||||
|
|
||||||
- name: Deploy main rsyslog configuration
|
- name: Deploy main rsyslog configuration
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
|
@ -33,7 +30,6 @@
|
||||||
notify: Restart rsyslog
|
notify: Restart rsyslog
|
||||||
|
|
||||||
- name: Create journald.conf.d directory
|
- name: Create journald.conf.d directory
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/journald.conf.d
|
path: /etc/systemd/journald.conf.d
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -42,7 +38,6 @@
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
- name: Deploy journald configuration
|
- name: Deploy journald configuration
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: forward-syslog.conf.j2
|
src: forward-syslog.conf.j2
|
||||||
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
|
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
|
||||||
|
@ -52,7 +47,6 @@
|
||||||
notify: Restart systemd-journald
|
notify: Restart systemd-journald
|
||||||
|
|
||||||
- name: Deploy logrotate configuration
|
- name: Deploy logrotate configuration
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: logrotate.j2
|
src: logrotate.j2
|
||||||
dest: /etc/logrotate.d/rsyslog
|
dest: /etc/logrotate.d/rsyslog
|
||||||
|
@ -62,7 +56,6 @@
|
||||||
notify: Reload logrotate
|
notify: Reload logrotate
|
||||||
|
|
||||||
- name: Enable rsyslog service
|
- name: Enable rsyslog service
|
||||||
become: true
|
|
||||||
systemd:
|
systemd:
|
||||||
name: rsyslog.service
|
name: rsyslog.service
|
||||||
state: started
|
state: started
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Ensure update-motd.d exists
|
- name: Ensure update-motd.d exists
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/update-motd.d
|
path: /etc/update-motd.d
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -9,7 +8,6 @@
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: Customize motd
|
- name: Customize motd
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "/etc/update-motd.d/{{ item }}"
|
dest: "/etc/update-motd.d/{{ item }}"
|
||||||
|
@ -22,15 +20,19 @@
|
||||||
- 20-uname
|
- 20-uname
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
|
|
||||||
|
- name: Remove Debian uname motd
|
||||||
|
file:
|
||||||
|
path: /etc/update-motd.d/10-uname
|
||||||
|
state: absent
|
||||||
|
notify: Remove cached motd
|
||||||
|
|
||||||
- name: Remove Debian warranty motd
|
- name: Remove Debian warranty motd
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/motd
|
path: /etc/motd
|
||||||
state: absent
|
state: absent
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
|
|
||||||
- name: Ensure motd-messages exists
|
- name: Ensure motd-messages exists
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/motd-messages
|
path: /etc/motd-messages
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -40,7 +42,6 @@
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
|
|
||||||
- name: Install additional motd messages
|
- name: Install additional motd messages
|
||||||
become: true
|
|
||||||
copy:
|
copy:
|
||||||
content: "✨ {{ item.message }}\n"
|
content: "✨ {{ item.message }}\n"
|
||||||
dest: "/etc/motd-messages/{{ item.key }}"
|
dest: "/etc/motd-messages/{{ item.key }}"
|
||||||
|
|
Loading…
Reference in a new issue
Pourquoi remettre les commentaires (surtout qu'ils sont d'un intérêt limité) ?
Ça permet de diff pendant un upgrade APT. On reste également plus proche de l'état d'origine d'un Debian.
On fera des diversions en masse un autre jour.
Ok en attendant.