pve_service #67

Merged
erdnaxe merged 11 commits from pve_service into master 2021-11-22 18:32:23 +01:00
8 changed files with 33 additions and 25 deletions

View file

@ -88,8 +88,11 @@ On va utiliser plutôt `ProxyJump`.
Dans la configuration SSH : Dans la configuration SSH :
``` ```
# Use a proxy jump server to log on all Aurore inventory Host *.adm.auro.re *.pve.auro.re
Host 10.128.0.* *.adm.auro.re # Accept new host keys
StrictHostKeyChecking accept-new
# Use passerelle to connect to administration VLANs
ProxyJump passerelle.auro.re ProxyJump passerelle.auro.re
erdnaxe marked this conversation as resolved Outdated
Outdated
Review

Mettre passerelle.auro.re (c'est la VIP).

Mettre passerelle.auro.re (c'est la VIP).
``` ```

View file

@ -15,6 +15,6 @@ for host in $HOSTS; do
# sshpass can be used for non-interactive password authentication. # sshpass can be used for non-interactive password authentication.
# place your password in ldap-password.txt. # place your password in ldap-password.txt.
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host" SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
done done

12
hosts
View file

@ -8,10 +8,7 @@
############################################################################### ###############################################################################
# Aurore : main services # Aurore : main services
viviane.adm.auro.re
[aurore_pve] [aurore_pve]
merlin.adm.auro.re
[aurore_vm] [aurore_vm]
routeur-aurore.adm.auro.re routeur-aurore.adm.auro.re
@ -25,7 +22,7 @@ camelot.adm.auro.re
gitea.adm.auro.re gitea.adm.auro.re
drone.adm.auro.re drone.adm.auro.re
nextcloud.adm.auro.re nextcloud.adm.auro.re
stream.adm.auro.re galene.adm.auro.re
re2o-server.adm.auro.re re2o-server.adm.auro.re
re2o-ldap.adm.auro.re re2o-ldap.adm.auro.re
re2o-db.adm.auro.re re2o-db.adm.auro.re
@ -39,9 +36,9 @@ bdd.adm.auro.re
bdd-ovh.adm.auro.re bdd-ovh.adm.auro.re
litl.adm.auro.re litl.adm.auro.re
log.adm.auro.re log.adm.auro.re
netbox.adm.auro.re
[aurore_testing_vm] [aurore_testing_vm]
pendragon.adm.auro.re
############################################################################### ###############################################################################
# OVH # OVH
@ -51,11 +48,8 @@ horus.adm.auro.re
[ovh_container] [ovh_container]
synapse.adm.auro.re synapse.adm.auro.re
phabricator.adm.auro.re
wiki.adm.auro.re
www.adm.auro.re www.adm.auro.re
proxy-ovh.adm.auro.re proxy-ovh.adm.auro.re
matrix-services.adm.auro.re
[ovh_vm] [ovh_vm]
serge.adm.auro.re serge.adm.auro.re
@ -77,7 +71,6 @@ prometheus-federate.adm.auro.re
perceval.adm.auro.re perceval.adm.auro.re
[fleming_pve] [fleming_pve]
freya.adm.auro.re
marki.adm.auro.re marki.adm.auro.re
[fleming_vm] [fleming_vm]
@ -350,7 +343,6 @@ gh-1-2.borne.auro.re
############################################################################### ###############################################################################
# Les Rives # Les Rives
[rives_pve] [rives_pve]
thor.adm.auro.re
loki.adm.auro.re loki.adm.auro.re
[rives_vm] [rives_vm]

1
log.yml Normal file → Executable file
View file

@ -1,3 +1,4 @@
#!/usr/bin/env ansible-playbook
--- ---
- hosts: log.adm.auro.re - hosts: log.adm.auro.re
roles: roles:

View file

@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope. # The search scope.
#scope sub #scope sub

View file

@ -1,7 +1,24 @@
# see "man logrotate" for details
jeltz marked this conversation as resolved
Review

Pourquoi remettre les commentaires (surtout qu'ils sont d'un intérêt limité) ?

Pourquoi remettre les commentaires (surtout qu'ils sont d'un intérêt limité) ?
Review

Ça permet de diff pendant un upgrade APT. On reste également plus proche de l'état d'origine d'un Debian.

Ça permet de diff pendant un upgrade APT. On reste également plus proche de l'état d'origine d'un Debian.
Review

On fera des diversions en masse un autre jour.

Ok en attendant.

On fera des diversions en masse un autre jour. Ok en attendant.
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
# global options do not affect preceding include directives
# rotate log files weekly
weekly weekly
# keep 4 weeks worth of backlogs
rotate 4 rotate 4
# create new (empty) log files after rotating old ones
create create
# use date as a suffix of the rotated file
#dateext
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d include /etc/logrotate.d
# system-specific logs may also be configured here.

View file

@ -1,12 +1,10 @@
--- ---
- name: Install rsyslog - name: Install rsyslog
become: true
apt: apt:
name: rsyslog name: rsyslog
state: present state: present
- name: Install rsyslog modules if needed - name: Install rsyslog modules if needed
become: true
apt: apt:
name: "{{ item.pkg }}" name: "{{ item.pkg }}"
state: present state: present
@ -18,7 +16,6 @@
pkg: rsyslog-hiredis pkg: rsyslog-hiredis
- name: Deploy main rsyslog configuration - name: Deploy main rsyslog configuration
become: true
template: template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
@ -33,7 +30,6 @@
notify: Restart rsyslog notify: Restart rsyslog
- name: Create journald.conf.d directory - name: Create journald.conf.d directory
become: true
file: file:
path: /etc/systemd/journald.conf.d path: /etc/systemd/journald.conf.d
state: directory state: directory
@ -42,7 +38,6 @@
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
- name: Deploy journald configuration - name: Deploy journald configuration
become: true
template: template:
src: forward-syslog.conf.j2 src: forward-syslog.conf.j2
dest: /etc/systemd/journald.conf.d/forward-syslog.conf dest: /etc/systemd/journald.conf.d/forward-syslog.conf
@ -52,7 +47,6 @@
notify: Restart systemd-journald notify: Restart systemd-journald
- name: Deploy logrotate configuration - name: Deploy logrotate configuration
become: true
template: template:
src: logrotate.j2 src: logrotate.j2
dest: /etc/logrotate.d/rsyslog dest: /etc/logrotate.d/rsyslog
@ -62,7 +56,6 @@
notify: Reload logrotate notify: Reload logrotate
- name: Enable rsyslog service - name: Enable rsyslog service
become: true
systemd: systemd:
name: rsyslog.service name: rsyslog.service
state: started state: started

View file

@ -1,6 +1,5 @@
--- ---
- name: Ensure update-motd.d exists - name: Ensure update-motd.d exists
become: true
file: file:
path: /etc/update-motd.d path: /etc/update-motd.d
state: directory state: directory
@ -9,7 +8,6 @@
group: root group: root
- name: Customize motd - name: Customize motd
become: true
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/update-motd.d/{{ item }}" dest: "/etc/update-motd.d/{{ item }}"
@ -22,15 +20,19 @@
- 20-uname - 20-uname
notify: Remove cached motd notify: Remove cached motd
- name: Remove Debian uname motd
file:
path: /etc/update-motd.d/10-uname
state: absent
notify: Remove cached motd
- name: Remove Debian warranty motd - name: Remove Debian warranty motd
become: true
file: file:
path: /etc/motd path: /etc/motd
state: absent state: absent
notify: Remove cached motd notify: Remove cached motd
- name: Ensure motd-messages exists - name: Ensure motd-messages exists
become: true
file: file:
path: /etc/motd-messages path: /etc/motd-messages
state: directory state: directory
@ -40,7 +42,6 @@
notify: Remove cached motd notify: Remove cached motd
- name: Install additional motd messages - name: Install additional motd messages
become: true
copy: copy:
content: "✨ {{ item.message }}\n" content: "✨ {{ item.message }}\n"
dest: "/etc/motd-messages/{{ item.key }}" dest: "/etc/motd-messages/{{ item.key }}"