pve_service #67
8 changed files with 33 additions and 25 deletions
|
@ -88,8 +88,11 @@ On va utiliser plutôt `ProxyJump`.
|
||||||
Dans la configuration SSH :
|
Dans la configuration SSH :
|
||||||
|
|
||||||
```
|
```
|
||||||
# Use a proxy jump server to log on all Aurore inventory
|
Host *.adm.auro.re *.pve.auro.re
|
||||||
Host 10.128.0.* *.adm.auro.re
|
# Accept new host keys
|
||||||
|
StrictHostKeyChecking accept-new
|
||||||
|
|
||||||
|
# Use passerelle to connect to administration VLANs
|
||||||
ProxyJump passerelle.auro.re
|
ProxyJump passerelle.auro.re
|
||||||
erdnaxe marked this conversation as resolved
Outdated
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,6 @@ for host in $HOSTS; do
|
||||||
|
|
||||||
# sshpass can be used for non-interactive password authentication.
|
# sshpass can be used for non-interactive password authentication.
|
||||||
# place your password in ldap-password.txt.
|
# place your password in ldap-password.txt.
|
||||||
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
|
SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
12
hosts
12
hosts
|
@ -8,10 +8,7 @@
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Aurore : main services
|
# Aurore : main services
|
||||||
|
|
||||||
viviane.adm.auro.re
|
|
||||||
|
|
||||||
[aurore_pve]
|
[aurore_pve]
|
||||||
merlin.adm.auro.re
|
|
||||||
|
|
||||||
[aurore_vm]
|
[aurore_vm]
|
||||||
routeur-aurore.adm.auro.re
|
routeur-aurore.adm.auro.re
|
||||||
|
@ -25,7 +22,7 @@ camelot.adm.auro.re
|
||||||
gitea.adm.auro.re
|
gitea.adm.auro.re
|
||||||
drone.adm.auro.re
|
drone.adm.auro.re
|
||||||
nextcloud.adm.auro.re
|
nextcloud.adm.auro.re
|
||||||
stream.adm.auro.re
|
galene.adm.auro.re
|
||||||
re2o-server.adm.auro.re
|
re2o-server.adm.auro.re
|
||||||
re2o-ldap.adm.auro.re
|
re2o-ldap.adm.auro.re
|
||||||
re2o-db.adm.auro.re
|
re2o-db.adm.auro.re
|
||||||
|
@ -39,9 +36,9 @@ bdd.adm.auro.re
|
||||||
bdd-ovh.adm.auro.re
|
bdd-ovh.adm.auro.re
|
||||||
litl.adm.auro.re
|
litl.adm.auro.re
|
||||||
log.adm.auro.re
|
log.adm.auro.re
|
||||||
|
netbox.adm.auro.re
|
||||||
|
|
||||||
[aurore_testing_vm]
|
[aurore_testing_vm]
|
||||||
pendragon.adm.auro.re
|
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# OVH
|
# OVH
|
||||||
|
@ -51,11 +48,8 @@ horus.adm.auro.re
|
||||||
|
|
||||||
[ovh_container]
|
[ovh_container]
|
||||||
synapse.adm.auro.re
|
synapse.adm.auro.re
|
||||||
phabricator.adm.auro.re
|
|
||||||
wiki.adm.auro.re
|
|
||||||
www.adm.auro.re
|
www.adm.auro.re
|
||||||
proxy-ovh.adm.auro.re
|
proxy-ovh.adm.auro.re
|
||||||
matrix-services.adm.auro.re
|
|
||||||
|
|
||||||
[ovh_vm]
|
[ovh_vm]
|
||||||
serge.adm.auro.re
|
serge.adm.auro.re
|
||||||
|
@ -77,7 +71,6 @@ prometheus-federate.adm.auro.re
|
||||||
perceval.adm.auro.re
|
perceval.adm.auro.re
|
||||||
|
|
||||||
[fleming_pve]
|
[fleming_pve]
|
||||||
freya.adm.auro.re
|
|
||||||
marki.adm.auro.re
|
marki.adm.auro.re
|
||||||
|
|
||||||
[fleming_vm]
|
[fleming_vm]
|
||||||
|
@ -350,7 +343,6 @@ gh-1-2.borne.auro.re
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Les Rives
|
# Les Rives
|
||||||
[rives_pve]
|
[rives_pve]
|
||||||
thor.adm.auro.re
|
|
||||||
loki.adm.auro.re
|
loki.adm.auro.re
|
||||||
|
|
||||||
[rives_vm]
|
[rives_vm]
|
||||||
|
|
1
log.yml
Normal file → Executable file
1
log.yml
Normal file → Executable file
|
@ -1,3 +1,4 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: log.adm.auro.re
|
- hosts: log.adm.auro.re
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
# The search scope.
|
# The search scope.
|
||||||
#scope sub
|
#scope sub
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,24 @@
|
||||||
|
# see "man logrotate" for details
|
||||||
jeltz marked this conversation as resolved
jeltz
commented
Pourquoi remettre les commentaires (surtout qu'ils sont d'un intérêt limité) ? Pourquoi remettre les commentaires (surtout qu'ils sont d'un intérêt limité) ?
erdnaxe
commented
Ça permet de diff pendant un upgrade APT. On reste également plus proche de l'état d'origine d'un Debian. Ça permet de diff pendant un upgrade APT. On reste également plus proche de l'état d'origine d'un Debian.
jeltz
commented
On fera des diversions en masse un autre jour. Ok en attendant. On fera des diversions en masse un autre jour.
Ok en attendant.
|
|||||||
{{ ansible_managed | comment }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# global options do not affect preceding include directives
|
||||||
|
|
||||||
|
# rotate log files weekly
|
||||||
weekly
|
weekly
|
||||||
|
|
||||||
|
# keep 4 weeks worth of backlogs
|
||||||
rotate 4
|
rotate 4
|
||||||
|
|
||||||
|
# create new (empty) log files after rotating old ones
|
||||||
create
|
create
|
||||||
|
|
||||||
|
# use date as a suffix of the rotated file
|
||||||
|
#dateext
|
||||||
|
|
||||||
|
# uncomment this if you want your log files compressed
|
||||||
|
#compress
|
||||||
|
|
||||||
|
# packages drop log rotation information into this directory
|
||||||
include /etc/logrotate.d
|
include /etc/logrotate.d
|
||||||
|
|
||||||
|
# system-specific logs may also be configured here.
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
---
|
---
|
||||||
- name: Install rsyslog
|
- name: Install rsyslog
|
||||||
become: true
|
|
||||||
apt:
|
apt:
|
||||||
name: rsyslog
|
name: rsyslog
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Install rsyslog modules if needed
|
- name: Install rsyslog modules if needed
|
||||||
become: true
|
|
||||||
apt:
|
apt:
|
||||||
name: "{{ item.pkg }}"
|
name: "{{ item.pkg }}"
|
||||||
state: present
|
state: present
|
||||||
|
@ -18,7 +16,6 @@
|
||||||
pkg: rsyslog-hiredis
|
pkg: rsyslog-hiredis
|
||||||
|
|
||||||
- name: Deploy main rsyslog configuration
|
- name: Deploy main rsyslog configuration
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
|
@ -33,7 +30,6 @@
|
||||||
notify: Restart rsyslog
|
notify: Restart rsyslog
|
||||||
|
|
||||||
- name: Create journald.conf.d directory
|
- name: Create journald.conf.d directory
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/journald.conf.d
|
path: /etc/systemd/journald.conf.d
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -42,7 +38,6 @@
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
- name: Deploy journald configuration
|
- name: Deploy journald configuration
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: forward-syslog.conf.j2
|
src: forward-syslog.conf.j2
|
||||||
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
|
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
|
||||||
|
@ -52,7 +47,6 @@
|
||||||
notify: Restart systemd-journald
|
notify: Restart systemd-journald
|
||||||
|
|
||||||
- name: Deploy logrotate configuration
|
- name: Deploy logrotate configuration
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: logrotate.j2
|
src: logrotate.j2
|
||||||
dest: /etc/logrotate.d/rsyslog
|
dest: /etc/logrotate.d/rsyslog
|
||||||
|
@ -62,7 +56,6 @@
|
||||||
notify: Reload logrotate
|
notify: Reload logrotate
|
||||||
|
|
||||||
- name: Enable rsyslog service
|
- name: Enable rsyslog service
|
||||||
become: true
|
|
||||||
systemd:
|
systemd:
|
||||||
name: rsyslog.service
|
name: rsyslog.service
|
||||||
state: started
|
state: started
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Ensure update-motd.d exists
|
- name: Ensure update-motd.d exists
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/update-motd.d
|
path: /etc/update-motd.d
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -9,7 +8,6 @@
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: Customize motd
|
- name: Customize motd
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "/etc/update-motd.d/{{ item }}"
|
dest: "/etc/update-motd.d/{{ item }}"
|
||||||
|
@ -22,15 +20,19 @@
|
||||||
- 20-uname
|
- 20-uname
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
|
|
||||||
|
- name: Remove Debian uname motd
|
||||||
|
file:
|
||||||
|
path: /etc/update-motd.d/10-uname
|
||||||
|
state: absent
|
||||||
|
notify: Remove cached motd
|
||||||
|
|
||||||
- name: Remove Debian warranty motd
|
- name: Remove Debian warranty motd
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/motd
|
path: /etc/motd
|
||||||
state: absent
|
state: absent
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
|
|
||||||
- name: Ensure motd-messages exists
|
- name: Ensure motd-messages exists
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/motd-messages
|
path: /etc/motd-messages
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -40,7 +42,6 @@
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
|
|
||||||
- name: Install additional motd messages
|
- name: Install additional motd messages
|
||||||
become: true
|
|
||||||
copy:
|
copy:
|
||||||
content: "✨ {{ item.message }}\n"
|
content: "✨ {{ item.message }}\n"
|
||||||
dest: "/etc/motd-messages/{{ item.key }}"
|
dest: "/etc/motd-messages/{{ item.key }}"
|
||||||
|
|
Loading…
Reference in a new issue
Mettre passerelle.auro.re (c'est la VIP).