More clean-up
parent
8952eb42c7
commit
0b70cca323
2
all.yml
2
all.yml
|
|
@ -11,7 +11,7 @@
|
||||||
- import_playbook: plays/monitoring.yml
|
- import_playbook: plays/monitoring.yml
|
||||||
|
|
||||||
# Services that only apply to a subset of server
|
# Services that only apply to a subset of server
|
||||||
- import_playbook: plays/cas.yml
|
# - import_playbook: plays/cas.yml
|
||||||
- import_playbook: plays/dhcp.yml
|
- import_playbook: plays/dhcp.yml
|
||||||
- import_playbook: plays/dns.yml
|
- import_playbook: plays/dns.yml
|
||||||
- import_playbook: plays/etherpad.yml
|
- import_playbook: plays/etherpad.yml
|
||||||
|
|
|
||||||
66
hosts
66
hosts
|
|
@ -16,9 +16,19 @@ git
|
||||||
radius # We use certbot to manage LE certificates
|
radius # We use certbot to manage LE certificates
|
||||||
reverseproxy
|
reverseproxy
|
||||||
|
|
||||||
[dhcp]
|
[dhcp:children]
|
||||||
routeur-sam.adm.crans.org
|
routeurs_vm
|
||||||
#routeur-daniel.adm.crans.org
|
|
||||||
|
[dns_auth_master]
|
||||||
|
silice.adm.crans.org
|
||||||
|
|
||||||
|
[dns_authoritative:children]
|
||||||
|
dns_auth_master
|
||||||
|
freebox
|
||||||
|
ovh_physical
|
||||||
|
|
||||||
|
[dns_recursive:children]
|
||||||
|
routeurs_vm
|
||||||
|
|
||||||
[dovecot]
|
[dovecot]
|
||||||
owl.adm.crans.org
|
owl.adm.crans.org
|
||||||
|
|
@ -29,6 +39,10 @@ ethercalc-srv.adm.crans.org
|
||||||
[framadate]
|
[framadate]
|
||||||
voyager.adm.crans.org
|
voyager.adm.crans.org
|
||||||
|
|
||||||
|
[freebox]
|
||||||
|
boeing.adm.crans.org
|
||||||
|
titanic.adm.crans.org
|
||||||
|
|
||||||
[git]
|
[git]
|
||||||
gitzly.adm.crans.org
|
gitzly.adm.crans.org
|
||||||
|
|
||||||
|
|
@ -38,9 +52,8 @@ horde.adm.crans.org
|
||||||
[irc]
|
[irc]
|
||||||
irc.adm.crans.org
|
irc.adm.crans.org
|
||||||
|
|
||||||
[keepalived]
|
[keepalived:children]
|
||||||
routeur-sam.adm.crans.org
|
routeurs_vm
|
||||||
#routeur-daniel.adm.crans.org
|
|
||||||
|
|
||||||
[ldap_server]
|
[ldap_server]
|
||||||
tealc.adm.crans.org
|
tealc.adm.crans.org
|
||||||
|
|
@ -48,24 +61,35 @@ sam.adm.crans.org
|
||||||
daniel.adm.crans.org
|
daniel.adm.crans.org
|
||||||
jack.adm.crans.org
|
jack.adm.crans.org
|
||||||
|
|
||||||
|
[monitoring]
|
||||||
|
monitoring.adm.crans.org
|
||||||
|
|
||||||
|
[nginx]
|
||||||
|
charybde.adm.crans.org
|
||||||
|
|
||||||
[nginx_rtmp]
|
[nginx_rtmp]
|
||||||
fluxx.adm.crans.org
|
fluxx.adm.crans.org
|
||||||
|
|
||||||
|
[nginx:children]
|
||||||
|
reverseproxy
|
||||||
|
|
||||||
[postfix]
|
[postfix]
|
||||||
boeing.adm.crans.org
|
|
||||||
mailman.adm.crans.org
|
mailman.adm.crans.org
|
||||||
redisdead.adm.crans.org
|
redisdead.adm.crans.org
|
||||||
soyouz.adm.crans.org
|
|
||||||
sputnik.adm.crans.org
|
|
||||||
titanic.adm.crans.org
|
|
||||||
zamok.adm.crans.org
|
zamok.adm.crans.org
|
||||||
|
|
||||||
[radius]
|
[postfix:children]
|
||||||
routeur-sam.adm.crans.org
|
freebox
|
||||||
|
ovh_physical
|
||||||
|
|
||||||
|
[radius:children]
|
||||||
|
routeurs_vm
|
||||||
|
|
||||||
[re2o]
|
[re2o]
|
||||||
re2o-newinfra.adm.crans.org
|
re2o-newinfra.adm.crans.org
|
||||||
routeur-sam.adm.crans.org
|
|
||||||
|
[re2o:children]
|
||||||
|
radius
|
||||||
|
|
||||||
[reverseproxy]
|
[reverseproxy]
|
||||||
hodaur.adm.crans.org
|
hodaur.adm.crans.org
|
||||||
|
|
@ -73,17 +97,24 @@ hodaur.adm.crans.org
|
||||||
[roundcube]
|
[roundcube]
|
||||||
roundcube-srv.adm.crans.org
|
roundcube-srv.adm.crans.org
|
||||||
|
|
||||||
|
[routeurs_vm]
|
||||||
|
routeur-daniel.adm.crans.org
|
||||||
|
routeur-jack.adm.crans.org
|
||||||
|
routeur-sam.adm.crans.org
|
||||||
|
|
||||||
[virtu]
|
[virtu]
|
||||||
sam.adm.crans.org
|
sam.adm.crans.org
|
||||||
daniel.adm.crans.org
|
daniel.adm.crans.org
|
||||||
jack.adm.crans.org
|
jack.adm.crans.org
|
||||||
|
|
||||||
[crans_routeurs:children]
|
[crans_routeurs:children]
|
||||||
dhcp
|
# dhcp TODO: Really needed ?
|
||||||
keepalived
|
# keepalived
|
||||||
|
routeurs_vm
|
||||||
|
|
||||||
[crans_physical]
|
[crans_physical]
|
||||||
omnomnom.adm.crans.org
|
omnomnom.adm.crans.org
|
||||||
|
charybde.adm.crans.org
|
||||||
|
|
||||||
[crans_physical:children]
|
[crans_physical:children]
|
||||||
backups
|
backups
|
||||||
|
|
@ -112,13 +143,14 @@ owl.adm.crans.org
|
||||||
owncloud.adm.crans.org
|
owncloud.adm.crans.org
|
||||||
#re2o-ldap.adm.crans.org
|
#re2o-ldap.adm.crans.org
|
||||||
roundcube.adm.crans.org
|
roundcube.adm.crans.org
|
||||||
#routeur-daniel.adm.crans.org
|
|
||||||
routeur-sam.adm.crans.org
|
|
||||||
#silice.adm.crans.org
|
#silice.adm.crans.org
|
||||||
tracker.adm.crans.org
|
tracker.adm.crans.org
|
||||||
voyager.adm.crans.org
|
voyager.adm.crans.org
|
||||||
#unifi.adm.crans.org
|
#unifi.adm.crans.org
|
||||||
|
|
||||||
|
[crans_vm:children]
|
||||||
|
routeurs_vm
|
||||||
|
|
||||||
[ovh_physical]
|
[ovh_physical]
|
||||||
sputnik.adm.crans.org
|
sputnik.adm.crans.org
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Deploy recursive DNS cache server
|
# Deploy recursive DNS cache server
|
||||||
- hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org
|
- hosts: dns_recursive
|
||||||
roles:
|
roles:
|
||||||
- bind-recursive
|
- bind-recursive
|
||||||
|
|
||||||
# Deploy authoritative DNS server
|
# Deploy authoritative DNS server
|
||||||
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
|
- hosts: dns_authoritative
|
||||||
vars:
|
vars:
|
||||||
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
|
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
|
certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
|
||||||
|
|
@ -18,7 +18,7 @@
|
||||||
roles:
|
roles:
|
||||||
- bind-authoritative
|
- bind-authoritative
|
||||||
|
|
||||||
- hosts: silice.adm.crans.org
|
- hosts: dns_auth_master
|
||||||
vars:
|
vars:
|
||||||
re2o:
|
re2o:
|
||||||
server: re2o.adm.crans.org
|
server: re2o.adm.crans.org
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Deploy Prometheus and Grafana on monitoring server
|
# Deploy Prometheus and Grafana on monitoring server
|
||||||
- hosts: monitoring.adm.crans.org
|
- hosts: monitoring
|
||||||
vars:
|
vars:
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus:
|
prometheus:
|
||||||
|
|
@ -64,13 +64,13 @@
|
||||||
|
|
||||||
|
|
||||||
# Monitor all hosts
|
# Monitor all hosts
|
||||||
- hosts: server,test_vm
|
- hosts: server
|
||||||
vars:
|
vars:
|
||||||
adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
|
adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
|
||||||
roles: ["prometheus-node-exporter"]
|
roles: ["prometheus-node-exporter"]
|
||||||
|
|
||||||
# Export nginx metrics
|
# Export nginx metrics
|
||||||
- hosts: charybde.adm.crans.org,hodaur.adm.crans.org
|
- hosts: nginx
|
||||||
vars:
|
vars:
|
||||||
adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
|
adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
|
||||||
roles: ["prometheus-nginx-exporter"]
|
roles: ["prometheus-nginx-exporter"]
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue