aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

pve_service #67

Merged
erdnaxe merged 11 commits from pve_service into master 2021-11-22 18:32:23 +01:00
Conversation 0 Commits 11 Files changed 8 +33 -25
8 changed files with 33 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -88,8 +88,11 @@ On va utiliser plutôt `ProxyJump`.
Dans la configuration SSH :
```
# Use a proxy jump server to log on all Aurore inventory
Host 10.128.0.* *.adm.auro.re
Host *.adm.auro.re *.pve.auro.re
# Accept new host keys
StrictHostKeyChecking accept-new
# Use passerelle to connect to administration VLANs
ProxyJump passerelle.auro.re
erdnaxe marked this conversation as resolved Outdated
jeltz commented 2021-11-22 18:20:18 +01:00
Outdated
Review
Copy link

Mettre passerelle.auro.re (c'est la VIP).

Mettre passerelle.auro.re (c'est la VIP).
```

2
copy-keys.sh
View file

@ -15,6 +15,6 @@ for host in $HOSTS; do
# sshpass can be used for non-interactive password authentication.
# place your password in ldap-password.txt.
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
done

12
hosts
View file

@ -8,10 +8,7 @@
###############################################################################
# Aurore : main services
viviane.adm.auro.re
[aurore_pve]
merlin.adm.auro.re
[aurore_vm]
routeur-aurore.adm.auro.re
@ -25,7 +22,7 @@ camelot.adm.auro.re
gitea.adm.auro.re
drone.adm.auro.re
nextcloud.adm.auro.re
stream.adm.auro.re
galene.adm.auro.re
re2o-server.adm.auro.re
re2o-ldap.adm.auro.re
re2o-db.adm.auro.re
@ -39,9 +36,9 @@ bdd.adm.auro.re
bdd-ovh.adm.auro.re
litl.adm.auro.re
log.adm.auro.re
netbox.adm.auro.re
[aurore_testing_vm]
pendragon.adm.auro.re
###############################################################################
# OVH
@ -51,11 +48,8 @@ horus.adm.auro.re
[ovh_container]
synapse.adm.auro.re
phabricator.adm.auro.re
wiki.adm.auro.re
www.adm.auro.re
proxy-ovh.adm.auro.re
matrix-services.adm.auro.re
[ovh_vm]
serge.adm.auro.re
@ -77,7 +71,6 @@ prometheus-federate.adm.auro.re
perceval.adm.auro.re
[fleming_pve]
freya.adm.auro.re
marki.adm.auro.re
[fleming_vm]
@ -350,7 +343,6 @@ gh-1-2.borne.auro.re
###############################################################################
# Les Rives
[rives_pve]
thor.adm.auro.re
loki.adm.auro.re
[rives_vm]

1
log.yml Normal file → Executable file
View file

@ -1,3 +1,4 @@
#!/usr/bin/env ansible-playbook
---
- hosts: log.adm.auro.re
roles:

1
roles/ldap_client/templates/nslcd.conf.j2
View file

@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope.
#scope sub

17
roles/logrotate/templates/logrotate.conf
View file

@ -1,7 +1,24 @@
# see "man logrotate" for details
jeltz marked this conversation as resolved
jeltz commented 2021-11-22 18:22:09 +01:00
Review
Copy link

Pourquoi remettre les commentaires (surtout qu'ils sont d'un intérêt limité) ?

Pourquoi remettre les commentaires (surtout qu'ils sont d'un intérêt limité) ?
erdnaxe commented 2021-11-22 18:23:43 +01:00
Review
Copy link

Ça permet de diff pendant un upgrade APT. On reste également plus proche de l'état d'origine d'un Debian.

Ça permet de diff pendant un upgrade APT. On reste également plus proche de l'état d'origine d'un Debian.
jeltz commented 2021-11-22 18:58:14 +01:00
Review
Copy link

On fera des diversions en masse un autre jour.

Ok en attendant.

On fera des diversions en masse un autre jour. Ok en attendant.
{{ ansible_managed | comment }}
# global options do not affect preceding include directives
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
#dateext
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# system-specific logs may also be configured here.

7
roles/rsyslog_common/tasks/main.yml
View file

@ -1,12 +1,10 @@
---
- name: Install rsyslog
become: true
apt:
name: rsyslog
state: present
- name: Install rsyslog modules if needed
become: true
apt:
name: "{{ item.pkg }}"
state: present
@ -18,7 +16,6 @@
pkg: rsyslog-hiredis
- name: Deploy main rsyslog configuration
become: true
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@ -33,7 +30,6 @@
notify: Restart rsyslog
- name: Create journald.conf.d directory
become: true
file:
path: /etc/systemd/journald.conf.d
state: directory
@ -42,7 +38,6 @@
mode: u=rwx,g=rx,o=rx
- name: Deploy journald configuration
become: true
template:
src: forward-syslog.conf.j2
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
@ -52,7 +47,6 @@
notify: Restart systemd-journald
- name: Deploy logrotate configuration
become: true
template:
src: logrotate.j2
dest: /etc/logrotate.d/rsyslog
@ -62,7 +56,6 @@
notify: Reload logrotate
- name: Enable rsyslog service
become: true
systemd:
name: rsyslog.service
state: started

11
roles/update_motd/tasks/main.yml
View file

@ -1,6 +1,5 @@
---
- name: Ensure update-motd.d exists
become: true
file:
path: /etc/update-motd.d
state: directory
@ -9,7 +8,6 @@
group: root
- name: Customize motd
become: true
template:
src: "{{ item }}"
dest: "/etc/update-motd.d/{{ item }}"
@ -22,15 +20,19 @@
- 20-uname
notify: Remove cached motd
- name: Remove Debian uname motd
file:
path: /etc/update-motd.d/10-uname
state: absent
notify: Remove cached motd
- name: Remove Debian warranty motd
become: true
file:
path: /etc/motd
state: absent
notify: Remove cached motd
- name: Ensure motd-messages exists
become: true
file:
path: /etc/motd-messages
state: directory
@ -40,7 +42,6 @@
notify: Remove cached motd
- name: Install additional motd messages
become: true
copy:
content: "✨ {{ item.message }}\n"
dest: "/etc/motd-messages/{{ item.key }}"