From 2641dcd9c5a2e36925299e0ffd8b801c70b19f74 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Tue, 14 Jul 2020 19:42:19 +0200 Subject: [PATCH] Move reverse-proxy in plays/ --- base.yml | 1 + network.yml | 86 ----------------------- plays/reverse-proxy.yml | 53 ++++++++++++++ roles/moinmoin-gendoc/templates/server.j2 | 8 +-- 4 files changed, 58 insertions(+), 90 deletions(-) create mode 100755 plays/reverse-proxy.yml diff --git a/base.yml b/base.yml index 02634823..d6a8243d 100755 --- a/base.yml +++ b/base.yml @@ -81,3 +81,4 @@ - import_playbook: plays/wireguard.yml - import_playbook: plays/mirror.yml - import_playbook: plays/owncloud.yml +- import_playbook: plays/reverse-proxy.yml diff --git a/network.yml b/network.yml index b033433a..a9f21b53 100755 --- a/network.yml +++ b/network.yml @@ -1,91 +1,5 @@ #!/usr/bin/env ansible-playbook --- -# Deploy reverse proxy -- hosts: bakdaur.adm.crans.org,frontdaur.adm.crans.org - vars: - certbot: - dns_rfc2136_name: certbot_challenge. - dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}" - mail: root@crans.org - certname: crans.org - domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu" - bind: - masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" - nginx: - ssl: - cert: /etc/letsencrypt/live/crans.org/fullchain.pem - cert_key: /etc/letsencrypt/live/crans.org/privkey.pem - trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem - - redirect_dnames: - - crans.eu - - crans.fr - - reverseproxy_sites: - # Services web Crans - - {from: lutim.crans.org, to: 10.231.136.69} - - {from: zero.crans.org, to: 10.231.136.76} - - {from: pad.crans.org, to: "10.231.136.76:9001"} - - {from: ethercalc.crans.org, to: "10.231.136.203:8000"} - - {from: mediadrop.crans.org, to: 10.231.136.106} - - {from: videos.crans.org, to: 10.231.136.106} - - {from: video.crans.org, to: 10.231.136.106} - - {from: roundcube.crans.org, to: 10.231.136.105} - - {from: phabricator.crans.org, to: 10.231.136.123} - - {from: trackerusercontent.crans.org, to: 10.231.136.123} - - {from: cas.crans.org, to: 10.231.136.18} - - {from: auth.crans.org, to: 10.231.136.18} - - {from: login.crans.org, to: 10.231.136.18} - - {from: webmail.crans.org, to: 10.231.136.107} - - {from: horde.crans.org, to: 10.231.136.107} - - {from: owncloud.crans.org, to: 10.231.136.26} - - {from: ftps.crans.org, to: 10.231.136.98} - - {from: wiki.crans.org, to: 10.231.136.204} - - {from: www.crans.org, to: 10.231.136.46} - - {from: doc.crans.org, to: 10.231.136.46} - - {from: limesurvey.crans.org, to: 10.231.136.253} - - {from: perso.crans.org, to: 10.231.136.1} - - {from: webnews.crans.org, to: 10.231.136.63} - - {from: re2o.crans.org, to: 10.231.136.9} - - {from: intranet.crans.org, to: 10.231.136.9} - - {from: autoconfig.crans.org, to: 10.231.136.46} - - {from: grafana.crans.org, to: "10.231.136.102:3000"} - - {from: webirc.crans.org, to: "10.231.136.1:9000"} - - {from: framadate.crans.org, to: 10.231.136.153} - - # Zamok - - {from: install-party.crans.org, to: 10.231.136.1} - - {from: med.crans.org, to: 10.231.136.1} - - {from: med-cartons.crans.org, to: 10.231.136.1} - - {from: amap.crans.org, to: 10.231.136.1} - - {from: pot-vieux.crans.org, to: 10.231.136.1} - - {from: bonvivens.crans.org, to: 10.231.136.1} - - redirect_sites: - - {from: crans.org, to: www.crans.org} - - # Aliases or legacy support - - {from: factures.crans.org, to: intranet.crans.org} - - {from: accounts.crans.org, to: intranet.crans.org} - - {from: intranet2.crans.org, to: intranet.crans.org} - - {from: clubs.crans.org, to: perso.crans.org} - - {from: task.crans.org, to: phabricator.crans.org} - - {from: adopteunpingouin.crans.org, to: install-party.crans.org} - - {from: i-p.crans.org, to: install-party.crans.org} - - # To the wiki - - {from: wikipedia.crans.org, to: wiki.crans.org} - - {from: wifi.crans.org, to: wiki.crans.org/CransD%C3%A9marrage} - - {from: television.crans.org, to: wiki.crans.org/CransTv} - - {from: tv.crans.org, to: wiki.crans.org/CransTv} - - # ENS Cachan - - {from: crans.ens-cachan.fr, to: www.crans.org} - - {from: install-party.ens-cachan.fr, to: install-party.crans.org} - roles: - - certbot - - nginx-reverseproxy - - hosts: gitzly.adm.crans.org vars: certbot: diff --git a/plays/reverse-proxy.yml b/plays/reverse-proxy.yml new file mode 100755 index 00000000..5daf6670 --- /dev/null +++ b/plays/reverse-proxy.yml @@ -0,0 +1,53 @@ +#!/usr/bin/env ansible-playbook +--- +# Deploy reverse proxy +# Frontdaur is the backup of bakdaur (keepalived) +- hosts: bakdaur.adm.crans.org,frontdaur.adm.crans.org + vars: + certbot: + dns_rfc2136_name: certbot_challenge. + dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}" + mail: root@crans.org + certname: crans.org + domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu" + bind: + masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" + nginx: + ssl: + cert: /etc/letsencrypt/live/crans.org/fullchain.pem + cert_key: /etc/letsencrypt/live/crans.org/privkey.pem + trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem + + redirect_dnames: + - crans.eu + - crans.fr + + reverseproxy_sites: + # Services web Crans + - {from: lutim.crans.org, to: 10.231.136.69} + - {from: zero.crans.org, to: 10.231.136.76} + - {from: pad.crans.org, to: "10.231.136.76:9001"} + - {from: ethercalc.crans.org, to: "10.231.136.203:8000"} + - {from: mediadrop.crans.org, to: 10.231.136.106} + - {from: videos.crans.org, to: 10.231.136.106} + - {from: video.crans.org, to: 10.231.136.106} + - {from: roundcube.crans.org, to: 10.231.136.105} + - {from: phabricator.crans.org, to: 10.231.136.123} + - {from: trackerusercontent.crans.org, to: 10.231.136.123} + - {from: cas.crans.org, to: 10.231.136.18} + - {from: auth.crans.org, to: 10.231.136.18} + - {from: login.crans.org, to: 10.231.136.18} + - {from: webmail.crans.org, to: 10.231.136.107} + - {from: horde.crans.org, to: 10.231.136.107} + - {from: owncloud.crans.org, to: 10.231.136.26} + - {from: ftps.crans.org, to: 10.231.136.98} + - {from: wiki.crans.org, to: 10.231.136.204} + - {from: calendrier.crans.org, to: 10.231.136.204} + - {from: www.crans.org, to: 10.231.136.46} + - {from: doc.crans.org, to: 10.231.136.46} + - {from: limesurvey.crans.org, to: 10.231.136.253} + - {from: perso.crans.org, to: 10.231.136.1} + - {from: webnews.crans.org, to: 10.231.136.63} + - {from: re2o.crans.org, to: 10.231.136.9} + - {from: intranet.crans.org, to: 10.231.136.9} + - {from: autoconfig.crans.org, to: 10.231.136.46} diff --git a/roles/moinmoin-gendoc/templates/server.j2 b/roles/moinmoin-gendoc/templates/server.j2 index f9aed6ee..baf14dad 100644 --- a/roles/moinmoin-gendoc/templates/server.j2 +++ b/roles/moinmoin-gendoc/templates/server.j2 @@ -9,7 +9,7 @@ {% endif %} '''Matériel''' : -{{ ansible_system_vendor }} {{ ansible_product_name | replace('ProLiant', '!ProLiant') }} +{{ ansible_system_vendor }} {{ ansible_product_name | replace('ProLiant', '!ProLiant') | replace('PowerEdge', '!PowerEdge') }} '''Domaine''' : {{ ansible_domain }} @@ -62,9 +62,9 @@ et {{ (ansible_memory_mb.swap.total/1024)|round(1) }} GiB de SWAP. {{ ansible_kernel }} '''BIOS installé''' : -{%- for b in bios.values() %} -{{ b.data["Vendor"] }} {{ b.data["Version"] }} {{ b.data["BIOS Revision"] }} ({{ b.data["Release Date"] }}) -{%- if b.data["Characteristic x2"]["UEFI is supported"] == "True" %}, UEFI{% endif %} +{% for b in bios.values() -%} +{% if "Vendor" in b.data %}{{ b.data["Vendor"] }} {{ b.data["Version"] }} {{ b.data["BIOS Revision"] }} ({{ b.data["Release Date"] }}) +{%- if b.data["Characteristic x2"]["UEFI is supported"] == "True" %}, UEFI{% endif %}{% endif %} {% endfor %} === Interfaces réseau ===