Add cachan group to factorize configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-06-22 00:21:29 +02:00 · 2021-06-22 00:21:29 +02:00 · 239a95c1de
parent 1c23ef255d
commit 239a95c1de
25 changed files with 162 additions and 295 deletions
--- a/group_vars/all/mirror.yml
+++ b/group_vars/all/mirror.yml
@ -1,7 +1,8 @@
 ---
 glob_mirror:
  hostname: mirror.adm.crans.org
-  ip: 172.16.10.30
+  ip: 172.16.10.104

 debian_mirror: http://mirror.adm.crans.org/debian
 debian_components: main contrib non-free
+proxmox_mirror: http://mirror.adm.crans.org/proxmox/debian/pve
--- a/group_vars/cachan/borg.yml
+++ b/group_vars/cachan/borg.yml
@ -0,0 +1,20 @@
+---
+glob_borg:
+  to_exclude:
+    - /var/lib/lxcfs
+  to_backup:
+    - /etc
+    - /var
+  path: /backup/borg
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  retention:
+    - ["daily", 4]
+    - ["monthly", 6]
+  consistency_check:
+    - disabled
+  extra_init:
+    - make-parent-dirs
+  encryption_passphrase: "{{ vault.borgbackup_passwd }}"
+  ssh_privkey: "{{ vault.borgbackup_ssh_privkey }}"
+  ssh_options: ""
--- a/group_vars/cachan/home_nounou.yml
+++ b/group_vars/cachan/home_nounou.yml
@ -0,0 +1,10 @@
+---
+glob_home_nounou:
+  mounts:
+  - ip: 172.17.10.9
+    mountpoint: /pool/home
+    target: /home_nounou
+    name: home_nounou
+    owner: root
+    group: _user
+    mode: '0750'
--- a/group_vars/cachan/ldap.yml
+++ b/group_vars/cachan/ldap.yml
@ -0,0 +1,7 @@
+---
+glob_ldap:
+  uri: 'ldaps://re2o-ldap.cachan-adm.crans.org/'
+  users_base: 'cn=Utilisateurs,dc=crans,dc=org'
+  servers:
+    - 172.17.10.204
+  base: 'dc=crans,dc=org'
--- a/group_vars/cachan/mirror.yml
+++ b/group_vars/cachan/mirror.yml
@ -0,0 +1,8 @@
+---
+glob_mirror:
+  hostname: mirror.cachan-adm.crans.org
+  ip: 172.17.10.30
+
+debian_mirror: http://mirror.cachan-adm.crans.org/debian
+debian_components: main contrib non-free
+proxmox_mirror: http://mirror.cachan-adm.crans.org/proxmox/debian/pve
--- a/group_vars/cachan/network_interfaces.yml
+++ b/group_vars/cachan/network_interfaces.yml
@ -0,0 +1,22 @@
+glob_network_interfaces:
+  vlan:
+    - name: cachan_srv
+      id: 2
+      gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
+      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
+      gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv6 | first }}"
+    - name: cachan_srv_nat
+      id: 3
+      gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv-nat') | ipv4 | first }}"
+      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv-nat') | ipv4 | first }}"
+      gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv-nat') | ipv6 | first }}"
+    - name: cachan_adm
+      id: 10
+      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adm') | ipv4 | first }}"
+      extra:
+        - "post-up /sbin/ip route add 172.16.10.0/24 via {{ query('ldap', 'ip', 'terenez', 'cachan-adm') | ipv4 | first }}"
+    # extra_v6:
+    #   - "post-up /sbin/ip -6 route add fd00:0:0:10::/64 {{ query('ldap', 'ip', 'terenez', 'cachan-adm') | ipv6 | first }}"
+    - name: infra
+      id: 11
+      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'infra') | ipv4 | first }}"
--- a/group_vars/cachan/ntp.yml
+++ b/group_vars/cachan/ntp.yml
@ -0,0 +1,3 @@
+glob_ntp_client:
+  servers:
+    - ntp.cachan-adm.crans.org
--- a/group_vars/cachan/prometheus_nginx_exporter.yaml
+++ b/group_vars/cachan/prometheus_nginx_exporter.yaml
@ -0,0 +1,3 @@
+---
+loc_prometheus_nginx_exporter:
+  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
--- a/group_vars/cachan/prometheus_node_exporter.yaml
+++ b/group_vars/cachan/prometheus_node_exporter.yaml
@ -0,0 +1,3 @@
+---
+glob_prometheus_node_exporter:
+  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
--- a/group_vars/cachan/rsyslog_client.yml
+++ b/group_vars/cachan/rsyslog_client.yml
@ -0,0 +1,3 @@
+---
+glob_rsyslog_client:
+  server: "{{ query('ldap', 'ip', 'gulp', 'adm') | ipv4 | first }}"
--- a/group_vars/server/ntp.yml
+++ b/group_vars/server/ntp.yml
@ -1,3 +1,3 @@
 glob_ntp_client:
  servers:
-    - charybde.adm.crans.org
+    - ntp.adm.crans.org
--- a/group_vars/virtu.yml
+++ b/group_vars/virtu.yml
@ -1,2 +0,0 @@
---
-proxmox_mirror: http://mirror.adm.crans.org/proxmox/debian/pve
--- a/host_vars/airbus.cachan-adm.crans.org.yml
+++ b/host_vars/airbus.cachan-adm.crans.org.yml
@ -1,26 +1,3 @@
 ---
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-glob_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-
-loc_borg:
-  remote:
-    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  ssh_options: ""
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+interfaces:
+  cachan_adm: ens18
--- a/host_vars/charybde.cachan-adm.crans.org.yml
+++ b/host_vars/charybde.cachan-adm.crans.org.yml
@ -1,32 +1,8 @@
 ---
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-loc_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-
-loc_borg:
-  remote:
-    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  ssh_options: ""
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-glob_prometheus_nginx_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+interfaces:
+  cachan_adm: eth0.10
+  cachan_srv: eth1.2
+  infra: eth0.111

 loc_vsftpd:
  root: /pool/mirror/pub
--- a/host_vars/fyre.cachan-adm.crans.org.yml
+++ b/host_vars/fyre.cachan-adm.crans.org.yml
@ -2,19 +2,11 @@
 interfaces:
  adm: ens18

-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
 loc_ldap:
  servers:
    - 172.17.10.9
  base: 'dc=crans,dc=org'

-loc_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
 debian_mirror: http://mirror.cachan-adm.crans.org/debian

 loc_borg:
--- a/host_vars/omnomnom.cachan-adm.crans.org.yml
+++ b/host_vars/omnomnom.cachan-adm.crans.org.yml
@ -1,29 +1,3 @@
 ---
 interfaces:
-  adm: eno1.10
-
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-loc_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-
-loc_borg:
-  remote:
-    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  ssh_options: ""
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+  cachan_adm: eno1.10
--- a/host_vars/re2o-ldap.cachan-adm.crans.org.yml
+++ b/host_vars/re2o-ldap.cachan-adm.crans.org.yml
@ -1,26 +1,3 @@
 ---
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-glob_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-
-loc_borg:
-  remote:
-    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  ssh_options: ""
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+interfaces:
+  cachan_adm: ens18
--- a/host_vars/re2o.cachan-adm.crans.org.yml
+++ b/host_vars/re2o.cachan-adm.crans.org.yml
@ -1,29 +1,7 @@
 ---
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-glob_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_borg:
-  remote:
-    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  ssh_options: ""
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+interfaces:
+  cachan_adm: ens18
+  cachan_srv_nat: ens19

 loc_re2o:
  owner: root
--- a/host_vars/rodauh.cachan-adm.crans.org.yml
+++ b/host_vars/rodauh.cachan-adm.crans.org.yml
@ -1,22 +1,7 @@
 ---
 interfaces:
-  cachan-adm: ens18
-  srv: ens19
-
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-glob_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
+  cachan_adm: ens18
+  cachan_srv: ens19

 loc_certbot:
  - dns_rfc2136_server: '185.230.79.9'
@ -44,17 +29,3 @@ loc_reverseproxy:
    - {from: re2o.crans.org, to: 172.17.10.203}

  redirect_sites: []
-
-loc_borg:
-  remote:
-    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  ssh_options: ""
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-glob_prometheus_nginx_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml
@ -1,26 +0,0 @@
---
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-loc_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-
-loc_borg:
-  remote:
-    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  ssh_options: ""
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
--- a/host_vars/terenez.cachan-adm.crans.org.yml
+++ b/host_vars/terenez.cachan-adm.crans.org.yml
@ -1,29 +1,19 @@
 ---
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
+interfaces:
+  cachan_adm: ens18
+  cachan_srv: ens19
+  infra: ens20

-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-glob_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-
-loc_borg:
-  remote:
-    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  ssh_options: ""
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-glob_prometheus_nginx_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+loc_network_interfaces:
+  vlan:
+    - name: cachan_srv
+      id: 2
+      gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
+      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
+      gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv6 | first }}"
+    - name: cachan_adm
+      id: 10
+      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adm') | ipv4 | first }}"
+    - name: infra
+      id: 11
+      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'infra') | ipv4 | first }}"
--- a/host_vars/unifi.cachan-adm.crans.org.yml
+++ b/host_vars/unifi.cachan-adm.crans.org.yml
@ -3,29 +3,3 @@ interfaces:
  cachan_adm: ens18
  cachan_srv_nat: ens19
  infra: ens20
-
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-glob_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-
-loc_borg:
-  remote:
-    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
-  ssh_options: ""
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
--- a/host_vars/zephir.cachan-adm.crans.org.yml
+++ b/host_vars/zephir.cachan-adm.crans.org.yml
@ -1,32 +1,3 @@
 ---
 interfaces:
-  adm: eno1
-
-loc_home_nounou:
-  ip: 172.17.10.9
-  mountpoint: /rpool/home
-
-loc_ldap:
-  servers:
-    - 172.17.10.9
-  base: 'dc=crans,dc=org'
-
-loc_ntp_client:
-  servers:
-    - terenez.cachan-adm.crans.org
-
-debian_mirror: http://mirror.cachan-adm.crans.org/debian
-
-loc_borg:
-  remote:
-    - /backup/borg/zephir
-  ssh_options: ""
-  to_exclude:
-    - /var/lib/backuppc
-    - /var/lib/lxcfs
-
-glob_prometheus_node_exporter:
-  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
-
-loc_rsyslog_client:
-  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"
+  cachan_adm: eno1
--- a/51
+++ b/51
@ -197,11 +197,16 @@ gitlab
 [roundcube]
 roundcube.adm.crans.org

+[routeurs_cachan]
+routeur-gulp.cachan-adm.crans.org
+
 [routeurs_vm]
 routeur-daniel.adm.crans.org
 routeur-jack.adm.crans.org
 routeur-sam.adm.crans.org
-routeur-gulp.cachan-adm.crans.org
+
+[routeurs_vm:children]
+routeurs_cachan

 [rsyncd]
 charybde.cachan-adm.crans.org
@ -228,10 +233,15 @@ zamok.adm.crans.org

 [virtu]
 daniel.adm.crans.org
-gulp.cachan-adm.crans.org
 jack.adm.crans.org
 sam.adm.crans.org

+[virtu:children]
+virtu_cachan
+
+[virtu_cachan]
+gulp.cachan-adm.crans.org
+
 [vsftpd]
 charybde.cachan-adm.crans.org
 eclat.adm.crans.org
@ -241,24 +251,44 @@ ptf.adm.crans.org
 kiwi.adm.crans.org
 sputnik.adm.crans.org

+[cachan:children]
+cachan_physical
+cachan_vm
+
+[cachan_physical]
+charybde.cachan-adm.crans.org
+# omnomnom.cachan-adm.crans.org
+zephir.cachan-adm.crans.org
+
+[cachan_physical:children]
+virtu_cachan
+
+[cachan_vm]
+airbus.cachan-adm.crans.org
+fyre.cachan-adm.crans.org
+re2o.cachan-adm.crans.org
+re2o-ldap.cachan-adm.crans.org
+rodauh.cachan-adm.crans.org
+terenez.cachan-adm.crans.org
+# unifi.cachan-adm.crans.org
+
+[cachan_vm:children]
+routeurs_cachan
+
 [crans_routeurs:children]
 routeurs_vm

 [crans_physical]
-charybde.cachan-adm.crans.org
 #cochon.adm.crans.org
-gulp.cachan-adm.crans.org
-omnomnom.cachan-adm.crans.org
 zamok.adm.crans.org
-zephir.cachan-adm.crans.org

 [crans_physical:children]
 backups
 baie
+cachan_physical
 virtu

 [crans_vm]
-airbus.cachan-adm.crans.org
 belenios.adm.crans.org
 boeing.adm.crans.org
 c3po.adm.crans.org
@ -268,7 +298,6 @@ constellation-dev.adm.crans.org
 eclat.adm.crans.org
 ethercalc.adm.crans.org
 fluxx.adm.crans.org
-fyre.cachan-adm.crans.org
 gitlab-ci.adm.crans.org
 gitzly.adm.crans.org
 hodaur.adm.crans.org
@ -285,22 +314,18 @@ owl.adm.crans.org
 owncloud.adm.crans.org
 ptf.adm.crans.org
 # re2o.adm.crans.org
-re2o.cachan-adm.crans.org
 # re2o-ldap.adm.crans.org
-re2o-ldap.cachan-adm.crans.org
 redisdead.adm.crans.org
-rodauh.cachan-adm.crans.org
 roundcube.adm.crans.org
 silice.adm.crans.org
-terenez.cachan-adm.crans.org
 tracker.adm.crans.org
-# unifi.cachan-adm.crans.org
 vol447.adm.crans.org
 voyager.adm.crans.org
 yson-partou.adm.crans.org
 zamok-tmtc.adm.crans.org

 [crans_vm:children]
+cachan_vm
 routeurs_vm

 [ovh_physical]
--- a/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2
+++ b/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2
@ -34,6 +34,11 @@ iface {{ interfaces[item.name] }} inet static
 {% endfor %}
 {% endif %}
 {% endif %}
+{% if item.extra is defined %}
+{% for line in item.extra %}
+	{{ line }}
+{% endfor %}
+{% endif %}
 {% endif %}

 {% if (ips | ipv6 | length) > 0 %}
@ -52,4 +57,9 @@ iface {{ interfaces[item.name] }} inet6 static
 {% endfor %}
 {% endif %}
 {% endif %}
+{% if item.extra_v6 is defined %}
+{% for line in item.extra_v6 %}
+	{{ line }}
+{% endfor %}
+{% endif %}
 {% endif %}