diff --git a/backups.yml b/backups.yml old mode 100644 new mode 100755 index 4886548..60200b9 --- a/backups.yml +++ b/backups.yml @@ -1,9 +1,21 @@ +#!/usr/bin/env ansible-playbook --- - hosts: perceval.adm.auro.re + vars: + update_motd: + borgbackup_server: >- + Les sauvegardes (borg) sont stockées dans + {{ borg_server_backups_dir }}. roles: - borgbackup_server + - update_motd - hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re + vars: + update_motd: + borgbackup_client: >- + BorgBackup est déployé (/etc/borgmatic/config.yaml) roles: - borgbackup_client + - update_motd ... diff --git a/base.yml b/base.yml index 38ec360..ed05dbd 100755 --- a/base.yml +++ b/base.yml @@ -5,6 +5,7 @@ roles: - baseconfig - basesecurity + - update_motd # Plug LDAP on all servers - hosts: all,!unifi diff --git a/bdd.yml b/bdd.yml old mode 100644 new mode 100755 index f3fa7d3..da4248d --- a/bdd.yml +++ b/bdd.yml @@ -2,6 +2,10 @@ --- # Install and configure bdd servers at Saclay and at OVH - hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re + vars: + update_motd: + postgresql: PostgreSQL est déployé. roles: - postgresql_server + - update_motd ... diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml old mode 100644 new mode 100755 index e335928..741d653 --- a/deploy_postfix_non_mailhost.yml +++ b/deploy_postfix_non_mailhost.yml @@ -1,3 +1,4 @@ +#!/usr/bin/env ansible-playbook --- # Deploy a correclty configured postfix on non mailhost servers - hosts: all,!unifi diff --git a/grafana.yml b/grafana.yml index df5a984..edc2f0a 100755 --- a/grafana.yml +++ b/grafana.yml @@ -20,5 +20,8 @@ editors_group_dn: - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re + update_motd: + grafana: Grafana est déployé (/etc/grafana). roles: - grafana + - update_motd diff --git a/matrix.yml b/matrix.yml index be54c53..4cec87b 100755 --- a/matrix.yml +++ b/matrix.yml @@ -5,12 +5,17 @@ vars: mxisd_releases: https://github.com/kamax-matrix/mxisd/releases mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb" + update_motd: + matrix-synapse: matrix-synapse est déployé. + matrix-appservice-irc: matrix-appservice-irc est déployé. + matrix-appservice-webhooks: matrix-appservice-webhooks est déployé. roles: - debian_backports - nodejs - matrix_synapse - matrix_appservice_irc - matrix_appservice_webhooks + - update_motd # Install Matrix services - hosts: matrix-services.adm.auro.re diff --git a/monitoring.yml b/monitoring.yml index bb3c92a..9be7fb6 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -14,8 +14,12 @@ {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }} prometheus_unifi_snmp_targets: - targets: "{{ groups['fleming_unifi'] | list | sort }}" + update_motd: + prometheus: >- + Prometheus (en configuration fleming) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-pacaterie.adm.auro.re vars: @@ -34,8 +38,12 @@ prometheus_ups_snmp_targets: - ups-pn-1.ups.auro.re - ups-ps-1.ups.auro.re + update_motd: + prometheus: >- + Prometheus (en configuration pacaterie) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-edc.adm.auro.re vars: @@ -56,8 +64,12 @@ {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }} prometheus_unifi_snmp_targets: - targets: "{{ groups['edc_unifi'] | list | sort }}" + update_motd: + prometheus: >- + Prometheus (en configuration edc) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-gs.adm.auro.re vars: @@ -77,8 +89,12 @@ - ups-gk-1.ups.auro.re prometheus_pdu_snmp_targets: - pdu-ga-1.ups.auro.re + update_motd: + prometheus: >- + Prometheus (en configuration gs) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-rives.adm.auro.re vars: @@ -98,8 +114,12 @@ {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }} prometheus_unifi_snmp_targets: - targets: "{{ groups['rives_unifi'] | list | sort }}" + update_motd: + prometheus: >- + Prometheus (en configuration rives) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-aurore.adm.auro.re vars: @@ -132,8 +152,12 @@ - sw-ec-core.switch.auro.re - sw-gk-core.switch.auro.re - sw-r3-core.switch.auro.re + update_motd: + prometheus: >- + Prometheus (en configuration aurore) est déployé (/etc/prometheus). roles: - prometheus + - update_motd - hosts: prometheus-ovh.adm.auro.re vars: @@ -152,9 +176,12 @@ - bdd-ovh.adm.auro.re prometheus_docker_targets: - docker-ovh.adm.auro.re + update_motd: + prometheus: >- + Prometheus (en configuration ovh) est déployé (/etc/prometheus). roles: - prometheus - + - update_motd - hosts: prometheus-federate.adm.auro.re vars: @@ -172,15 +199,18 @@ - prometheus-rives.adm.auro.re - prometheus-aurore.adm.auro.re - prometheus-ovh.adm.auro.re + update_motd: + prometheus_federate: >- + Prometheus (en configuration fédération) est déployé (/etc/prometheus). roles: - prometheus_federate + - update_motd # Postgres Exporters - hosts: bdd,radius roles: - prometheus_postgres - # Monitor all hosts - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container roles: diff --git a/network.yml b/network.yml index 50fde19..dee41b3 100755 --- a/network.yml +++ b/network.yml @@ -2,35 +2,52 @@ --- # Set up DHCP servers. - hosts: dhcp-*.adm.auro.re + vars: + update_motd: + unbound: isc-dhcp-server est déployé. roles: - isc_dhcp_server - + - update_motd # Deploy unbound DNS server (recursive). - hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re + vars: + update_motd: + unbound: Unbound est déployé. roles: - unbound - + - update_motd # Déploiement du service re2o aurore-firewall et keepalived # radvd: IPv6 SLAAC (/64 subnets, private IPs). # Must NOT be on routeur-aurore-*, or will with DHCPv6! - hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re + vars: + update_motd: + unbound: Le routage (avec radvd) est déployé. roles: - router - radvd + - update_motd # No radvd here - hosts: ~routeur-aurore.*\.adm\.auro\.re + vars: + update_motd: + unbound: Le routage (avec DHCPv6) est déployé. roles: - router - ipv6_edge_router + - update_motd # Radius (backup only for now) - hosts: radius-*.adm.auro.re + vars: + update_motd: + unbound: FreeRADIUS est déployé. roles: - radius - + - update_motd # WIP: Deploy authoritative DNS servers # - hosts: authoritative_dns diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index 0af0b40..b122f4d 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -29,10 +29,6 @@ retries: 3 until: apt_result is succeeded -- name: Configure MOTD - include_role: - name: update_motd - # Configure APT mirrors on Debian Stretch - name: Configure APT mirrors when: diff --git a/roles/borgbackup_client/tasks/main.yml b/roles/borgbackup_client/tasks/main.yml index 8fa0852..de004f2 100644 --- a/roles/borgbackup_client/tasks/main.yml +++ b/roles/borgbackup_client/tasks/main.yml @@ -107,11 +107,4 @@ name: borgmatic.timer state: started enabled: true - -- name: Configure MOTD - include_role: - name: update_motd - vars: - key: 10-borgmatic - message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml. ... diff --git a/roles/borgbackup_server/tasks/main.yml b/roles/borgbackup_server/tasks/main.yml index ff31c07..fc31e60 100644 --- a/roles/borgbackup_server/tasks/main.yml +++ b/roles/borgbackup_server/tasks/main.yml @@ -35,14 +35,4 @@ owner: "{{ borg_server_user }}" group: "{{ borg_server_group }}" mode: u=rwx,g=,o= - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 10-borg-server - message: >- - Les sauvegardes (borg) sont stockées dans - {{ borg_server_backups_dir }}. ... diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 38d3a55..a1ec160 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -50,13 +50,4 @@ url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64 dest: /usr/local/bin/docker-compose mode: "0755" - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 10-docker - message: >- - Docker est installé sur ce serveur. ... diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 7a3af07..6f3a251 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -148,15 +148,6 @@ group: www-data mode: 0644 -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 10-nginx - message: >- - NGinx est installé sur ce serveur. Voir /etc/nginx. - - name: Clean old files file: path: "{{ item }}" diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index f9e48e8..e7dd24d 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -118,13 +118,4 @@ name: prometheus enabled: true state: started - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 05-prometheus - message: >- - Prometheus est déployé sur cette machine (voir /etc/prometheus) ... diff --git a/roles/prometheus_federate/tasks/main.yml b/roles/prometheus_federate/tasks/main.yml index bcadbc0..24f46e0 100644 --- a/roles/prometheus_federate/tasks/main.yml +++ b/roles/prometheus_federate/tasks/main.yml @@ -42,14 +42,4 @@ name: prometheus enabled: true state: started - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 05-prometheus-federate - message: >- - Prometheus (en configuration fédération) est déployé sur cette - machine (voir /etc/prometheus) ... diff --git a/roles/re2o_service/tasks/main.yml b/roles/re2o_service/tasks/main.yml index 2bed1a3..fb72045 100644 --- a/roles/re2o_service/tasks/main.yml +++ b/roles/re2o_service/tasks/main.yml @@ -39,14 +39,4 @@ owner: "{{ service_user }}" group: nogroup state: link - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: "15-re2o-service-{{ service_name }}" - message: >- - Le service re2o {{ service_name }} est dans - {{ service_homedir }}/{{ service_name }}. ... diff --git a/roles/unifi_controller/tasks/main.yml b/roles/unifi_controller/tasks/main.yml index 811b5e1..ddabe3b 100644 --- a/roles/unifi_controller/tasks/main.yml +++ b/roles/unifi_controller/tasks/main.yml @@ -39,13 +39,4 @@ register: apt_result retries: 3 until: apt_result is succeeded - -- name: Configure MOTD - include_role: - name: update_motd - vars: - motd_messages: - - key: 10-unifi-controller - message: >- - Le contrôleur Unifi a été installé sur ce serveur. ... diff --git a/roles/update_motd/tasks/main.yml b/roles/update_motd/tasks/main.yml index e0ae1f8..1ba08f5 100644 --- a/roles/update_motd/tasks/main.yml +++ b/roles/update_motd/tasks/main.yml @@ -43,12 +43,12 @@ - name: Install additional motd messages copy: - content: "✨ {{ item.message }}\n" + content: "✨ {{ item.value }}\n" dest: "/etc/motd-messages/{{ item.key }}" - mode: u=rwx,g=rx,o=rx + mode: u=rw,g=r,o=r owner: root group: root - loop: "{{ motd_messages }}" + loop: "{{ update_motd | dict2items }}" notify: Remove cached motd - when: motd_messages is defined + when: update_motd is defined ... diff --git a/services_web.yml b/services_web.yml index 00d5b7b..d79a735 100755 --- a/services_web.yml +++ b/services_web.yml @@ -2,8 +2,12 @@ --- # Deploy Docker hosts - hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re + vars: + update_motd: + docker: Docker est déployé. roles: - docker + - update_motd # Deploy Passbolt - hosts: passbolt.adm.auro.re @@ -15,14 +19,22 @@ certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}' + update_motd: + nginx: >- + Le reverse-proxy NGINX est déployé (/etc/nginx). roles: - certbot - nginx + - update_motd - hosts: nginx,!reverseproxy vars: certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' + update_motd: + nginx: >- + NGINX avec certbot est déployé (/etc/nginx). roles: - certbot - nginx + - update_motd