2021-11-27 22:34:05 +01:00
19 changed files with 94 additions and 86 deletions
--- a/backups.yml
+++ b/backups.yml
@ -1,9 +1,21 @@
+#!/usr/bin/env ansible-playbook
 ---
 - hosts: perceval.adm.auro.re
+  vars:
+    update_motd:
+      borgbackup_server: >-
+        Les sauvegardes (borg) sont stockées dans
+        {{ borg_server_backups_dir }}.
  roles:
    - borgbackup_server
+    - update_motd

 - hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
+  vars:
+    update_motd:
+      borgbackup_client: >-
+        BorgBackup est déployé (/etc/borgmatic/config.yaml)
  roles:
    - borgbackup_client
+    - update_motd
 ...
--- a/base.yml
+++ b/base.yml
@ -5,6 +5,7 @@
  roles:
    - baseconfig
    - basesecurity
+    - update_motd

 # Plug LDAP on all servers
 - hosts: all,!unifi
--- a/bdd.yml
+++ b/bdd.yml
@ -2,6 +2,10 @@
 ---
 # Install and configure bdd servers at Saclay and at OVH
 - hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
+  vars:
+    update_motd:
+      postgresql: PostgreSQL est déployé.
  roles:
    - postgresql_server
+    - update_motd
 ...
--- a/deploy_postfix_non_mailhost.yml
+++ b/deploy_postfix_non_mailhost.yml
@ -1,3 +1,4 @@
+#!/usr/bin/env ansible-playbook
 ---
 # Deploy a correclty configured postfix on non mailhost servers
 - hosts: all,!unifi
--- a/grafana.yml
+++ b/grafana.yml
@ -20,5 +20,8 @@
        editors_group_dn:
          - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
          - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
+    update_motd:
+      grafana: Grafana est déployé (/etc/grafana).
  roles:
    - grafana
+    - update_motd
--- a/matrix.yml
+++ b/matrix.yml
@ -5,12 +5,17 @@
  vars:
    mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
    mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
+    update_motd:
+      matrix-synapse: matrix-synapse est déployé.
+      matrix-appservice-irc: matrix-appservice-irc est déployé.
+      matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
  roles:
    - debian_backports
    - nodejs
    - matrix_synapse
    - matrix_appservice_irc
    - matrix_appservice_webhooks
+    - update_motd

 # Install Matrix services
 - hosts: matrix-services.adm.auro.re
--- a/monitoring.yml
+++ b/monitoring.yml
@ -14,8 +14,12 @@
          {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
    prometheus_unifi_snmp_targets:
      - targets: "{{ groups['fleming_unifi'] | list | sort }}"
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration fleming) est déployé (/etc/prometheus).
  roles:
    - prometheus
+    - update_motd

 - hosts: prometheus-pacaterie.adm.auro.re
  vars:
@ -34,8 +38,12 @@
    prometheus_ups_snmp_targets:
      - ups-pn-1.ups.auro.re
      - ups-ps-1.ups.auro.re
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
  roles:
    - prometheus
+    - update_motd

 - hosts: prometheus-edc.adm.auro.re
  vars:
@ -56,8 +64,12 @@
          {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
    prometheus_unifi_snmp_targets:
      - targets: "{{ groups['edc_unifi'] | list | sort }}"
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration edc) est déployé (/etc/prometheus).
  roles:
    - prometheus
+    - update_motd

 - hosts: prometheus-gs.adm.auro.re
  vars:
@ -77,8 +89,12 @@
      - ups-gk-1.ups.auro.re
    prometheus_pdu_snmp_targets:
      - pdu-ga-1.ups.auro.re
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration gs) est déployé (/etc/prometheus).
  roles:
    - prometheus
+    - update_motd

 - hosts: prometheus-rives.adm.auro.re
  vars:
@ -98,8 +114,12 @@
          {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
    prometheus_unifi_snmp_targets:
      - targets: "{{ groups['rives_unifi'] | list | sort }}"
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration rives) est déployé (/etc/prometheus).
  roles:
    - prometheus
+    - update_motd

 - hosts: prometheus-aurore.adm.auro.re
  vars:
@ -132,8 +152,12 @@
          - sw-ec-core.switch.auro.re
          - sw-gk-core.switch.auro.re
          - sw-r3-core.switch.auro.re
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration aurore) est déployé (/etc/prometheus).
  roles:
    - prometheus
+    - update_motd

 - hosts: prometheus-ovh.adm.auro.re
  vars:
@ -152,9 +176,12 @@
          - bdd-ovh.adm.auro.re
    prometheus_docker_targets:
      - docker-ovh.adm.auro.re
+    update_motd:
+      prometheus: >-
+        Prometheus (en configuration ovh) est déployé (/etc/prometheus).
  roles:
    - prometheus
-
+    - update_motd

 - hosts: prometheus-federate.adm.auro.re
  vars:
@ -172,15 +199,18 @@
      - prometheus-rives.adm.auro.re
      - prometheus-aurore.adm.auro.re
      - prometheus-ovh.adm.auro.re
+    update_motd:
+      prometheus_federate: >-
+        Prometheus (en configuration fédération) est déployé (/etc/prometheus).
  roles:
    - prometheus_federate
+    - update_motd

 # Postgres Exporters
 - hosts: bdd,radius
  roles:
    - prometheus_postgres

-
 # Monitor all hosts
 - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
  roles:
--- a/network.yml
+++ b/network.yml
@ -2,35 +2,52 @@
 ---
 # Set up DHCP servers.
 - hosts: dhcp-*.adm.auro.re
+  vars:
+    update_motd:
+      unbound: isc-dhcp-server est déployé.
  roles:
    - isc_dhcp_server
-
+    - update_motd

 # Deploy unbound DNS server (recursive).
 - hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
+  vars:
+    update_motd:
+      unbound: Unbound est déployé.
  roles:
    - unbound
-
+    - update_motd

 # Déploiement du service re2o aurore-firewall et keepalived
 # radvd: IPv6 SLAAC (/64 subnets, private IPs).
 #   Must NOT be on routeur-aurore-*, or will with DHCPv6!
 - hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
+  vars:
+    update_motd:
+      unbound: Le routage (avec radvd) est déployé.
  roles:
    - router
    - radvd
+    - update_motd

 # No radvd here
 - hosts: ~routeur-aurore.*\.adm\.auro\.re
+  vars:
+    update_motd:
+      unbound: Le routage (avec DHCPv6) est déployé.
  roles:
    - router
    - ipv6_edge_router
+    - update_motd

 # Radius (backup only for now)
 - hosts: radius-*.adm.auro.re
+  vars:
+    update_motd:
+      unbound: FreeRADIUS est déployé.
  roles:
    - radius
-
+    - update_motd

 # WIP: Deploy authoritative DNS servers
 # - hosts: authoritative_dns
--- a/roles/baseconfig/tasks/main.yml
+++ b/roles/baseconfig/tasks/main.yml
@ -29,10 +29,6 @@
  retries: 3
  until: apt_result is succeeded

- name: Configure MOTD
-  include_role:
-    name: update_motd
-
 # Configure APT mirrors on Debian Stretch
 - name: Configure APT mirrors
  when:
--- a/roles/borgbackup_client/tasks/main.yml
+++ b/roles/borgbackup_client/tasks/main.yml
@ -107,11 +107,4 @@
    name: borgmatic.timer
    state: started
    enabled: true
-
- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    key: 10-borgmatic
-    message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
 ...
--- a/roles/borgbackup_server/tasks/main.yml
+++ b/roles/borgbackup_server/tasks/main.yml
@ -35,14 +35,4 @@
    owner: "{{ borg_server_user }}"
    group: "{{ borg_server_group }}"
    mode: u=rwx,g=,o=
-
- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 10-borg-server
-        message: >-
-          Les sauvegardes (borg) sont stockées dans
-          {{ borg_server_backups_dir }}.
 ...
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -50,13 +50,4 @@
    url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
    dest: /usr/local/bin/docker-compose
    mode: "0755"
-
- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 10-docker
-        message: >-
-          Docker est installé sur ce serveur.
 ...
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -148,15 +148,6 @@
    group: www-data
    mode: 0644

- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 10-nginx
-        message: >-
-          NGinx est installé sur ce serveur. Voir /etc/nginx.
-
 - name: Clean old files
  file:
    path: "{{ item }}"
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@ -118,13 +118,4 @@
    name: prometheus
    enabled: true
    state: started
-
- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 05-prometheus
-        message: >-
-          Prometheus est déployé sur cette machine (voir /etc/prometheus)
 ...
--- a/roles/prometheus_federate/tasks/main.yml
+++ b/roles/prometheus_federate/tasks/main.yml
@ -42,14 +42,4 @@
    name: prometheus
    enabled: true
    state: started
-
- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 05-prometheus-federate
-        message: >-
-          Prometheus (en configuration fédération) est déployé sur cette
-          machine (voir /etc/prometheus)
 ...
--- a/roles/re2o_service/tasks/main.yml
+++ b/roles/re2o_service/tasks/main.yml
@ -39,14 +39,4 @@
    owner: "{{ service_user }}"
    group: nogroup
    state: link
-
- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: "15-re2o-service-{{ service_name }}"
-        message: >-
-          Le service re2o {{ service_name }} est dans
-          {{ service_homedir }}/{{ service_name }}.
 ...
--- a/roles/unifi_controller/tasks/main.yml
+++ b/roles/unifi_controller/tasks/main.yml
@ -39,13 +39,4 @@
  register: apt_result
  retries: 3
  until: apt_result is succeeded
-
- name: Configure MOTD
-  include_role:
-    name: update_motd
-  vars:
-    motd_messages:
-      - key: 10-unifi-controller
-        message: >-
-          Le contrôleur Unifi a été installé sur ce serveur.
 ...
--- a/roles/update_motd/tasks/main.yml
+++ b/roles/update_motd/tasks/main.yml
@ -43,12 +43,12 @@

 - name: Install additional motd messages
  copy:
-    content: "✨ {{ item.message }}\n"
+    content: "✨ {{ item.value }}\n"
    dest: "/etc/motd-messages/{{ item.key }}"
-    mode: u=rwx,g=rx,o=rx
+    mode: u=rw,g=r,o=r
    owner: root
    group: root
-  loop: "{{ motd_messages }}"
+  loop: "{{ update_motd | dict2items }}"
  notify: Remove cached motd
-  when: motd_messages is defined
+  when: update_motd is defined
 ...
--- a/services_web.yml
+++ b/services_web.yml
@ -2,8 +2,12 @@
 ---
 # Deploy Docker hosts
 - hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re
+  vars:
+    update_motd:
+      docker: Docker est déployé.
  roles:
    - docker
+    - update_motd

 # Deploy Passbolt
 - hosts: passbolt.adm.auro.re
@ -15,14 +19,22 @@
    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
    reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
+    update_motd:
+      nginx: >-
+        Le reverse-proxy NGINX est déployé (/etc/nginx).
  roles:
    - certbot
    - nginx
+    - update_motd

 - hosts: nginx,!reverseproxy
  vars:
    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    update_motd:
+      nginx: >-
+        NGINX avec certbot est déployé (/etc/nginx).
  roles:
    - certbot
    - nginx
+    - update_motd