update_motd: apply conventions #71

Merged
erdnaxe merged 11 commits from update_motd into master 2021-11-27 22:34:05 +01:00
19 changed files with 94 additions and 86 deletions

12
backups.yml Normal file → Executable file
View file

@ -1,9 +1,21 @@
#!/usr/bin/env ansible-playbook
--- ---
- hosts: perceval.adm.auro.re - hosts: perceval.adm.auro.re
vars:
update_motd:
borgbackup_server: >-
Les sauvegardes (borg) sont stockées dans
{{ borg_server_backups_dir }}.
roles: roles:
- borgbackup_server - borgbackup_server
- update_motd
- hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re - hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
vars:
update_motd:
borgbackup_client: >-
BorgBackup est déployé (/etc/borgmatic/config.yaml)
roles: roles:
- borgbackup_client - borgbackup_client
- update_motd
... ...

View file

@ -5,6 +5,7 @@
roles: roles:
- baseconfig - baseconfig
- basesecurity - basesecurity
- update_motd
# Plug LDAP on all servers # Plug LDAP on all servers
- hosts: all,!unifi - hosts: all,!unifi

4
bdd.yml Normal file → Executable file
View file

@ -2,6 +2,10 @@
--- ---
# Install and configure bdd servers at Saclay and at OVH # Install and configure bdd servers at Saclay and at OVH
- hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re - hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
vars:
update_motd:
erdnaxe marked this conversation as resolved Outdated
Outdated
Review

routerupdate_motd

`router` → `update_motd`
postgresql: PostgreSQL est déployé.
roles: roles:
- postgresql_server - postgresql_server
- update_motd
... ...

1
deploy_postfix_non_mailhost.yml Normal file → Executable file
View file

@ -1,3 +1,4 @@
#!/usr/bin/env ansible-playbook
--- ---
# Deploy a correclty configured postfix on non mailhost servers # Deploy a correclty configured postfix on non mailhost servers
- hosts: all,!unifi - hosts: all,!unifi

View file

@ -20,5 +20,8 @@
editors_group_dn: editors_group_dn:
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
update_motd:
grafana: Grafana est déployé (/etc/grafana).
roles: roles:
- grafana - grafana
- update_motd

View file

@ -5,12 +5,17 @@
vars: vars:
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb" mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
update_motd:
erdnaxe marked this conversation as resolved Outdated
Outdated
Review

routerupdate_motd

`router` → `update_motd`
matrix-synapse: matrix-synapse est déployé.
matrix-appservice-irc: matrix-appservice-irc est déployé.
matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
roles: roles:
- debian_backports - debian_backports
- nodejs - nodejs
- matrix_synapse - matrix_synapse
- matrix_appservice_irc - matrix_appservice_irc
- matrix_appservice_webhooks - matrix_appservice_webhooks
- update_motd
# Install Matrix services # Install Matrix services
- hosts: matrix-services.adm.auro.re - hosts: matrix-services.adm.auro.re

View file

@ -14,8 +14,12 @@
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }} {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
prometheus_unifi_snmp_targets: prometheus_unifi_snmp_targets:
- targets: "{{ groups['fleming_unifi'] | list | sort }}" - targets: "{{ groups['fleming_unifi'] | list | sort }}"
update_motd:
prometheus: >-
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
roles: roles:
- prometheus - prometheus
- update_motd
- hosts: prometheus-pacaterie.adm.auro.re - hosts: prometheus-pacaterie.adm.auro.re
vars: vars:
@ -34,8 +38,12 @@
prometheus_ups_snmp_targets: prometheus_ups_snmp_targets:
- ups-pn-1.ups.auro.re - ups-pn-1.ups.auro.re
- ups-ps-1.ups.auro.re - ups-ps-1.ups.auro.re
update_motd:
prometheus: >-
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
roles: roles:
- prometheus - prometheus
- update_motd
- hosts: prometheus-edc.adm.auro.re - hosts: prometheus-edc.adm.auro.re
vars: vars:
@ -56,8 +64,12 @@
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }} {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
prometheus_unifi_snmp_targets: prometheus_unifi_snmp_targets:
- targets: "{{ groups['edc_unifi'] | list | sort }}" - targets: "{{ groups['edc_unifi'] | list | sort }}"
update_motd:
prometheus: >-
Prometheus (en configuration edc) est déployé (/etc/prometheus).
roles: roles:
- prometheus - prometheus
- update_motd
- hosts: prometheus-gs.adm.auro.re - hosts: prometheus-gs.adm.auro.re
vars: vars:
@ -77,8 +89,12 @@
- ups-gk-1.ups.auro.re - ups-gk-1.ups.auro.re
prometheus_pdu_snmp_targets: prometheus_pdu_snmp_targets:
- pdu-ga-1.ups.auro.re - pdu-ga-1.ups.auro.re
update_motd:
prometheus: >-
Prometheus (en configuration gs) est déployé (/etc/prometheus).
roles: roles:
- prometheus - prometheus
- update_motd
- hosts: prometheus-rives.adm.auro.re - hosts: prometheus-rives.adm.auro.re
vars: vars:
@ -98,8 +114,12 @@
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }} {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
prometheus_unifi_snmp_targets: prometheus_unifi_snmp_targets:
- targets: "{{ groups['rives_unifi'] | list | sort }}" - targets: "{{ groups['rives_unifi'] | list | sort }}"
update_motd:
prometheus: >-
Prometheus (en configuration rives) est déployé (/etc/prometheus).
roles: roles:
- prometheus - prometheus
- update_motd
- hosts: prometheus-aurore.adm.auro.re - hosts: prometheus-aurore.adm.auro.re
vars: vars:
@ -132,8 +152,12 @@
- sw-ec-core.switch.auro.re - sw-ec-core.switch.auro.re
- sw-gk-core.switch.auro.re - sw-gk-core.switch.auro.re
- sw-r3-core.switch.auro.re - sw-r3-core.switch.auro.re
update_motd:
prometheus: >-
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
roles: roles:
- prometheus - prometheus
- update_motd
- hosts: prometheus-ovh.adm.auro.re - hosts: prometheus-ovh.adm.auro.re
vars: vars:
@ -152,9 +176,12 @@
- bdd-ovh.adm.auro.re - bdd-ovh.adm.auro.re
prometheus_docker_targets: prometheus_docker_targets:
- docker-ovh.adm.auro.re - docker-ovh.adm.auro.re
update_motd:
prometheus: >-
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
roles: roles:
- prometheus - prometheus
- update_motd
- hosts: prometheus-federate.adm.auro.re - hosts: prometheus-federate.adm.auro.re
vars: vars:
@ -172,15 +199,18 @@
- prometheus-rives.adm.auro.re - prometheus-rives.adm.auro.re
- prometheus-aurore.adm.auro.re - prometheus-aurore.adm.auro.re
- prometheus-ovh.adm.auro.re - prometheus-ovh.adm.auro.re
update_motd:
prometheus_federate: >-
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
roles: roles:
- prometheus_federate - prometheus_federate
- update_motd
# Postgres Exporters # Postgres Exporters
- hosts: bdd,radius - hosts: bdd,radius
roles: roles:
- prometheus_postgres - prometheus_postgres
# Monitor all hosts # Monitor all hosts
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
roles: roles:

View file

@ -2,35 +2,52 @@
--- ---
# Set up DHCP servers. # Set up DHCP servers.
- hosts: dhcp-*.adm.auro.re - hosts: dhcp-*.adm.auro.re
vars:
update_motd:
unbound: isc-dhcp-server est déployé.
roles: roles:
- isc_dhcp_server - isc_dhcp_server
- update_motd
# Deploy unbound DNS server (recursive). # Deploy unbound DNS server (recursive).
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re - hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
vars:
update_motd:
unbound: Unbound est déployé.
roles: roles:
- unbound - unbound
- update_motd
# Déploiement du service re2o aurore-firewall et keepalived # Déploiement du service re2o aurore-firewall et keepalived
# radvd: IPv6 SLAAC (/64 subnets, private IPs). # radvd: IPv6 SLAAC (/64 subnets, private IPs).
# Must NOT be on routeur-aurore-*, or will with DHCPv6! # Must NOT be on routeur-aurore-*, or will with DHCPv6!
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re - hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
vars:
update_motd:
erdnaxe marked this conversation as resolved Outdated
Outdated
Review

routerupdate_motd

`router` → `update_motd`
unbound: Le routage (avec radvd) est déployé.
roles: roles:
- router - router
- radvd - radvd
- update_motd
# No radvd here # No radvd here
- hosts: ~routeur-aurore.*\.adm\.auro\.re - hosts: ~routeur-aurore.*\.adm\.auro\.re
vars:
update_motd:
erdnaxe marked this conversation as resolved Outdated
Outdated
Review

routerupdate_motd

`router` → `update_motd`
unbound: Le routage (avec DHCPv6) est déployé.
roles: roles:
- router - router
- ipv6_edge_router - ipv6_edge_router
- update_motd
# Radius (backup only for now) # Radius (backup only for now)
- hosts: radius-*.adm.auro.re - hosts: radius-*.adm.auro.re
vars:
update_motd:
erdnaxe marked this conversation as resolved Outdated
Outdated
Review

routerupdate_motd

`router` → `update_motd`
unbound: FreeRADIUS est déployé.
roles: roles:
- radius - radius
- update_motd
# WIP: Deploy authoritative DNS servers # WIP: Deploy authoritative DNS servers
# - hosts: authoritative_dns # - hosts: authoritative_dns

View file

@ -29,10 +29,6 @@
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
- name: Configure MOTD
include_role:
name: update_motd
# Configure APT mirrors on Debian Stretch # Configure APT mirrors on Debian Stretch
- name: Configure APT mirrors - name: Configure APT mirrors
when: when:

View file

@ -107,11 +107,4 @@
name: borgmatic.timer name: borgmatic.timer
state: started state: started
enabled: true enabled: true
- name: Configure MOTD
include_role:
name: update_motd
vars:
key: 10-borgmatic
message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
... ...

View file

@ -35,14 +35,4 @@
owner: "{{ borg_server_user }}" owner: "{{ borg_server_user }}"
group: "{{ borg_server_group }}" group: "{{ borg_server_group }}"
mode: u=rwx,g=,o= mode: u=rwx,g=,o=
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 10-borg-server
message: >-
Les sauvegardes (borg) sont stockées dans
{{ borg_server_backups_dir }}.
... ...

View file

@ -50,13 +50,4 @@
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64 url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
dest: /usr/local/bin/docker-compose dest: /usr/local/bin/docker-compose
mode: "0755" mode: "0755"
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 10-docker
message: >-
Docker est installé sur ce serveur.
... ...

View file

@ -148,15 +148,6 @@
group: www-data group: www-data
mode: 0644 mode: 0644
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 10-nginx
message: >-
NGinx est installé sur ce serveur. Voir /etc/nginx.
- name: Clean old files - name: Clean old files
file: file:
path: "{{ item }}" path: "{{ item }}"

View file

@ -118,13 +118,4 @@
name: prometheus name: prometheus
enabled: true enabled: true
state: started state: started
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 05-prometheus
message: >-
Prometheus est déployé sur cette machine (voir /etc/prometheus)
... ...

View file

@ -42,14 +42,4 @@
name: prometheus name: prometheus
enabled: true enabled: true
state: started state: started
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 05-prometheus-federate
message: >-
Prometheus (en configuration fédération) est déployé sur cette
machine (voir /etc/prometheus)
... ...

View file

@ -39,14 +39,4 @@
owner: "{{ service_user }}" owner: "{{ service_user }}"
group: nogroup group: nogroup
state: link state: link
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: "15-re2o-service-{{ service_name }}"
message: >-
Le service re2o {{ service_name }} est dans
{{ service_homedir }}/{{ service_name }}.
... ...

View file

@ -39,13 +39,4 @@
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
- name: Configure MOTD
include_role:
name: update_motd
vars:
motd_messages:
- key: 10-unifi-controller
message: >-
Le contrôleur Unifi a été installé sur ce serveur.
... ...

View file

@ -43,12 +43,12 @@
- name: Install additional motd messages - name: Install additional motd messages
copy: copy:
content: "✨ {{ item.message }}\n" content: "✨ {{ item.value }}\n"
dest: "/etc/motd-messages/{{ item.key }}" dest: "/etc/motd-messages/{{ item.key }}"
mode: u=rwx,g=rx,o=rx mode: u=rw,g=r,o=r
owner: root owner: root
group: root group: root
loop: "{{ motd_messages }}" loop: "{{ update_motd | dict2items }}"
notify: Remove cached motd notify: Remove cached motd
when: motd_messages is defined when: update_motd is defined
... ...

View file

@ -2,8 +2,12 @@
--- ---
# Deploy Docker hosts # Deploy Docker hosts
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re - hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re
vars:
update_motd:
erdnaxe marked this conversation as resolved Outdated
Outdated
Review

routerupdate_motd

`router` → `update_motd`
docker: Docker est déployé.
roles: roles:
- docker - docker
- update_motd
# Deploy Passbolt # Deploy Passbolt
- hosts: passbolt.adm.auro.re - hosts: passbolt.adm.auro.re
@ -15,14 +19,22 @@
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}' reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
update_motd:
nginx: >-
Le reverse-proxy NGINX est déployé (/etc/nginx).
roles: roles:
- certbot - certbot
- nginx - nginx
- update_motd
- hosts: nginx,!reverseproxy - hosts: nginx,!reverseproxy
vars: vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
update_motd:
nginx: >-
NGINX avec certbot est déployé (/etc/nginx).
roles: roles:
- certbot - certbot
- nginx - nginx
- update_motd