More clean-up

all.yml

@@ -11,7 +11,7 @@
 - import_playbook: plays/monitoring.yml
 
 # Services that only apply to a subset of server
-- import_playbook: plays/cas.yml
+# - import_playbook: plays/cas.yml
 - import_playbook: plays/dhcp.yml
 - import_playbook: plays/dns.yml
 - import_playbook: plays/etherpad.yml

hosts

@@ -16,9 +16,19 @@ git
 radius  # We use certbot to manage LE certificates
 reverseproxy
 
-[dhcp]
-routeur-sam.adm.crans.org
-#routeur-daniel.adm.crans.org
+[dhcp:children]
+routeurs_vm
+
+[dns_auth_master]
+silice.adm.crans.org
+
+[dns_authoritative:children]
+dns_auth_master
+freebox
+ovh_physical
+
+[dns_recursive:children]
+routeurs_vm
 
 [dovecot]
 owl.adm.crans.org
@@ -29,6 +39,10 @@ ethercalc-srv.adm.crans.org
 [framadate]
 voyager.adm.crans.org
 
+[freebox]
+boeing.adm.crans.org
+titanic.adm.crans.org
+
 [git]
 gitzly.adm.crans.org
 
@@ -38,9 +52,8 @@ horde.adm.crans.org
 [irc]
 irc.adm.crans.org
 
-[keepalived]
-routeur-sam.adm.crans.org
-#routeur-daniel.adm.crans.org
+[keepalived:children]
+routeurs_vm
 
 [ldap_server]
 tealc.adm.crans.org
@@ -48,24 +61,35 @@ sam.adm.crans.org
 daniel.adm.crans.org
 jack.adm.crans.org
 
+[monitoring]
+monitoring.adm.crans.org
+
+[nginx]
+charybde.adm.crans.org
+
 [nginx_rtmp]
 fluxx.adm.crans.org
 
+[nginx:children]
+reverseproxy
+
 [postfix]
-boeing.adm.crans.org
 mailman.adm.crans.org
 redisdead.adm.crans.org
-soyouz.adm.crans.org
-sputnik.adm.crans.org
-titanic.adm.crans.org
 zamok.adm.crans.org
 
-[radius]
-routeur-sam.adm.crans.org
+[postfix:children]
+freebox
+ovh_physical
+
+[radius:children]
+routeurs_vm
 
 [re2o]
 re2o-newinfra.adm.crans.org
-routeur-sam.adm.crans.org
+
+[re2o:children]
+radius
 
 [reverseproxy]
 hodaur.adm.crans.org
@@ -73,17 +97,24 @@ hodaur.adm.crans.org
 [roundcube]
 roundcube-srv.adm.crans.org
 
+[routeurs_vm]
+routeur-daniel.adm.crans.org
+routeur-jack.adm.crans.org
+routeur-sam.adm.crans.org
+
 [virtu]
 sam.adm.crans.org
 daniel.adm.crans.org
 jack.adm.crans.org
 
 [crans_routeurs:children]
-dhcp
-keepalived
+# dhcp  TODO: Really needed ?
+# keepalived
+routeurs_vm
 
 [crans_physical]
 omnomnom.adm.crans.org
+charybde.adm.crans.org
 
 [crans_physical:children]
 backups
@@ -112,13 +143,14 @@ owl.adm.crans.org
 owncloud.adm.crans.org
 #re2o-ldap.adm.crans.org
 roundcube.adm.crans.org
-#routeur-daniel.adm.crans.org
-routeur-sam.adm.crans.org
 #silice.adm.crans.org
 tracker.adm.crans.org
 voyager.adm.crans.org
 #unifi.adm.crans.org
 
+[crans_vm:children]
+routeurs_vm
+
 [ovh_physical]
 sputnik.adm.crans.org
 

plays/dns.yml

@@ -1,12 +1,12 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy recursive DNS cache server
-- hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org
+- hosts: dns_recursive
   roles:
     - bind-recursive
 
 # Deploy authoritative DNS server
-- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
+- hosts: dns_authoritative
   vars:
     certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
     certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
@@ -18,7 +18,7 @@
   roles:
     - bind-authoritative
 
-- hosts: silice.adm.crans.org
+- hosts: dns_auth_master
   vars:
     re2o:
       server: re2o.adm.crans.org

plays/monitoring.yml

@@ -1,7 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy Prometheus and Grafana on monitoring server
-- hosts: monitoring.adm.crans.org
+- hosts: monitoring
   vars:
     # Prometheus targets.json
     prometheus:
@@ -64,13 +64,13 @@
 
 
 # Monitor all hosts
-- hosts: server,test_vm
+- hosts: server
   vars:
     adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
   roles: ["prometheus-node-exporter"]
 
 # Export nginx metrics
-- hosts: charybde.adm.crans.org,hodaur.adm.crans.org
+- hosts: nginx
   vars:
     adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
   roles: ["prometheus-nginx-exporter"]