[New-infra] Deploy ldap and nfs with base system.

base.yml

@@ -1,13 +1,20 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Set variable adm_iface for all servers
-- import_playbook: plays/get_adm_iface.yml
+# - hosts: server
+#   tasks:
+#     - name: Register adm interface in adm_iface variable
+#       shell: set -o pipefail && grep adm /sys/class/net/*/ifalias | sed "s|/sys/class/net/||" | sed "s|/ifalias:.*||"
+#       register: adm_iface
+#       check_mode: false
+#       changed_when: true
+#       args:
+#         executable: /bin/bash
 
 # Common CRANS configuration for all servers
 - hosts: server
   vars:
-    # Debian mirror on adm
-    debian_mirror: http://mirror.adm.crans.org/debian
+    debian_mirror: http://mirror.crans.org/debian # tmp
     debian_components: main non-free
 
     # LDAP binding
@@ -30,23 +37,47 @@
     # Will be in /usr/scripts/
     crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git"
 
-    # NTP servers
-    ntp_servers:
-      - charybde.adm.crans.org
-      - silice.adm.crans.org
+    # # NTP servers
+    # ntp_servers:
+    #   - charybde.adm.crans.org
+    #   - silice.adm.crans.org
   roles:
     - common-tools
     - debian-apt-sources
     - ldap-client
     - openssh
     - sudo
-    - ntp-client
-    - crans-scripts
+    # - ntp-client
+    # - crans-scripts
     - root-config
 
-- import_playbook: plays/mail.yml
+# Deploy LDAP replica
+- hosts: odlyd.adm.crans.org,soyouz.adm.crans.org,fy.adm.crans.org,thot.adm.crans.org
+  roles: []  # TODO
+
+- hosts: otis.adm.crans.org
+  roles:
+    - ansible
+
+# Tools for members
+- hosts: zamok.adm.crans.org
+  roles:
+    - zamok-tools
+
+# - import_playbook: plays/mail.yml
 - import_playbook: plays/nfs.yml
-- import_playbook: plays/logs.yml
-- import_playbook: plays/backup.yml
-- import_playbook: plays/network-interfaces.yml
-- import_playbook: plays/monitoring.yml
+# - import_playbook: plays/logs.yml
+# - import_playbook: plays/backup.yml
+# - import_playbook: plays/network-interfaces.yml
+# - import_playbook: plays/monitoring.yml
+# - import_playbook: plays/generate_documentation.yml
+
+# Services that only apply to a subset of server
+- import_playbook: plays/tv.yml
+- import_playbook: plays/mailman.yml
+- import_playbook: plays/dhcp.yml
+- import_playbook: plays/dns.yml
+- import_playbook: plays/wireguard.yml
+- import_playbook: plays/mirror.yml
+- import_playbook: plays/owncloud.yml
+- import_playbook: plays/reverse-proxy.yml

group_vars/crans_vm/vars.yml

@@ -0,0 +1,4 @@
+ldap:
+  local: False
+  servers: ["172.16.1.1"]
+  base: "dc=crans,dc=org"

hosts

@@ -4,208 +4,35 @@
 # > We name servers according to location, then type.
 # > Then we regroup everything in global geographic and type groups.
 
-[horde]
-horde-srv.adm.crans.org
-
-[framadate]
-voyager.adm.crans.org
-
-[dhcp]
-dhcp.adm.crans.org
-odlyd.adm.crans.org
-
-[keepalived]
-gulp.adm.crans.org
-odlyd.adm.crans.org
-eap.adm.crans.org
-radius.adm.crans.org
-frontdaur.adm.crans.org
-bakdaur.adm.crans.org
-
-[test_vm]
-re2o-test.adm.crans.org
+# [horde]
+# horde-srv.adm.crans.org
+#
+# [framadate]
+# voyager.adm.crans.org
+#
+# [dhcp]
+# dhcp.adm.crans.org
+# odlyd.adm.crans.org
+#
+# [keepalived]
+# gulp.adm.crans.org
+# odlyd.adm.crans.org
+# eap.adm.crans.org
+# radius.adm.crans.org
+# frontdaur.adm.crans.org
+# bakdaur.adm.crans.org
+#
+# [test_vm]
+# re2o-test.adm.crans.org
 
 [crans_physical]
-charybde.adm.crans.org
-cochon.adm.crans.org
-ft.adm.crans.org
-fyre.adm.crans.org
-fz.adm.crans.org
-gateau.adm.crans.org
-gulp.adm.crans.org
-odlyd.adm.crans.org
-omnomnom.adm.crans.org
-stitch.adm.crans.org
-thot.adm.crans.org
-vo.adm.crans.org
-zamok.adm.crans.org
-zbee.adm.crans.org
-zephir.adm.crans.org
+tealc
+daniel
 
 [crans_vm]
-alice.adm.crans.org
-bakdaur.adm.crans.org
-boeing.adm.crans.org
-cas-srv.adm.crans.org
-#civet.adm.crans.org
-#cups.adm.crans.org
-dhcp.adm.crans.org
-eap.adm.crans.org
-ethercalc-srv.adm.crans.org
-frontdaur.adm.crans.org
-gitzly.adm.crans.org
-horde-srv.adm.crans.org
-ipv6-zayo.adm.crans.org
-irc.adm.crans.org
-jitsi.adm.crans.org
-kenobi.adm.crans.org
-kiwi.adm.crans.org
-lutim.adm.crans.org
-#mediadrop-srv.adm.crans.org
-mailman.adm.crans.org
-nem.adm.crans.org
-#news.adm.crans.org
-otis.adm.crans.org
-owl.adm.crans.org
-owncloud-srv.adm.crans.org
-radius.adm.crans.org
-re2o-bcfg2.adm.crans.org
-re2o-ldap.adm.crans.org
-re2o-srv.adm.crans.org
-redisdead.adm.crans.org
-roundcube-srv.adm.crans.org
-routeur.adm.crans.org
-silice.adm.crans.org
-titanic.adm.crans.org
-tracker.adm.crans.org
-unifi.adm.crans.org
-voyager.adm.crans.org
-xmpp.adm.crans.org
-ytrap-llatsni.adm.crans.org
-sitesweb.adm.crans.org
-
-[crans_unifi]
-0g-2.borne.crans.org
-0g-3.borne.crans.org
-0g-4.borne.crans.org
-0h-2.borne.crans.org
-0h-3.borne.crans.org
-0m-2.borne.crans.org
-1g-1.borne.crans.org
-1g-3.borne.crans.org
-1g-4.borne.crans.org
-1g-5.borne.crans.org
-1h-2.borne.crans.org
-1h-3.borne.crans.org
-1i-2.borne.crans.org
-1i-3.borne.crans.org
-1j-2.borne.crans.org
-1j-3.borne.crans.org
-1m-1.borne.crans.org
-1m-2.borne.crans.org
-1m-5.borne.crans.org
-2a-1.borne.crans.org
-2b-3.borne.crans.org
-2c-2.borne.crans.org
-2c-3.borne.crans.org
-2g-1.borne.crans.org
-2g-3.borne.crans.org
-2g-5.borne.crans.org
-2h-2.borne.crans.org
-2h-3.borne.crans.org
-2i-2.borne.crans.org
-2i-3.borne.crans.org
-2j-2.borne.crans.org
-2j-3.borne.crans.org
-2m-2.borne.crans.org
-3a-2.borne.crans.org
-3b-3.borne.crans.org
-3c-2.borne.crans.org
-3c-3.borne.crans.org
-3g-1.borne.crans.org
-3g-5.borne.crans.org
-3h-2.borne.crans.org
-3h-3.borne.crans.org
-3i-2.borne.crans.org
-3i-3.borne.crans.org
-3j-2.borne.crans.org
-3m-2.borne.crans.org
-3m-4.borne.crans.org
-3m-5.borne.crans.org
-4a-1.borne.crans.org
-4a-2.borne.crans.org
-4a-3.borne.crans.org
-4b-1.borne.crans.org
-4c-2.borne.crans.org
-4c-3.borne.crans.org
-4g-1.borne.crans.org
-4g-3.borne.crans.org
-4g-5.borne.crans.org
-4h-2.borne.crans.org
-4h-3.borne.crans.org
-4i-2.borne.crans.org
-4i-3.borne.crans.org
-4j-1.borne.crans.org
-4j-2.borne.crans.org
-4j-3.borne.crans.org
-4m-2.borne.crans.org
-4m-4.borne.crans.org
-5a-1.borne.crans.org
-5b-1.borne.crans.org
-5c-1.borne.crans.org
-5g-1.borne.crans.org
-5g-3.borne.crans.org
-5m-4.borne.crans.org
-6a-1.borne.crans.org
-6a-2.borne.crans.org
-6c-1.borne.crans.org
-adonis.borne.crans.org # 5a
-atlas.borne.crans.org # 1a
-baba-au-rhum.borne.crans.org # 3b
-bacchus.borne.crans.org # 1b
-baucis.borne.crans.org # 2b
-bellerophon.borne.crans.org # 2b
-benedict-cumberbatch.borne.crans.org # 1b
-benthesicyme.borne.crans.org # 4b
-boree.borne.crans.org # 6b
-branchos.borne.crans.org # 3b
-calypso.borne.crans.org # 4c
-chaos.borne.crans.org # 1c
-chronos.borne.crans.org # 2c
-crios.borne.crans.org # 3c
-gaia.borne.crans.org # 0g
-hades.borne.crans.org # 4h
-hephaistos.borne.crans.org # 1h
-hermes.borne.crans.org # 3h
-hypnos.borne.crans.org # 2h
-iaso.borne.crans.org # 1i
-idothee.borne.crans.org # 3i
-idyie.borne.crans.org # 0i
-ino.borne.crans.org # 2i
-ioke.borne.crans.org # 4i
-jaipudidees.borne.crans.org # 2j
-jaipudpapier.borne.crans.org # 3j
-japavolonte.borne.crans.org # 1j
-jesuischarlie.borne.crans.org # 0j
-jveuxduwifi.borne.crans.org # 0j
-mania.borne.crans.org # 2m
-marquis.borne.crans.org # manoir
-mercure.borne.crans.org # 3m
-#5m-5.borne.crans.org Déplacée au 2b
-
-# TODO Récupérer ces bornes
-#kakia.borne.crans.org # kfet
-#koios.borne.crans.org # kfet
-#gym-1.borne.crans.org # gymnase
-#gym-2.borne.crans.org # gymnase
-#0d-1.borne.crans.org
-
-# TODO La fibre vers le resto U est coupée.
-#rhea.borne.crans.org # resto-univ
-#romulus.borne.crans.org # resto-univ
+belenios # on changera plus tard
 
 [ovh_physical]
-soyouz.adm.crans.org
 sputnik.adm.crans.org
 
 # every server at crans
@@ -217,7 +44,6 @@ crans_vm
 [crans:children]
 crans_physical
 crans_vm
-crans_unifi
 
 # everything at ovh
 [ovh:children]

plays/nfs.yml

@@ -7,12 +7,4 @@
 
 # Deploy NFS only on campus
 - hosts: crans_server
-  roles: ["nfs-common"]
-
-# Deploy autofs NFS
-- hosts: crans_server,!odlyd.adm.crans.org,!zamok.adm.crans.org,!omnomnom.adm.crans.org,!owl.adm.crans.org,!owncloud-srv.adm.crans.org
-  roles: ["nfs-autofs"]
-
-# Deploy home permanent
-- hosts: zamok.adm.crans.org,omnomnom.adm.crans.org,owl.adm.crans.org,owncloud-srv.adm.crans.org
-  roles: ["home-permanent"]
+  roles: ["home-nounous"]

roles/ldap-client/templates/nslcd.conf.j2

@@ -17,7 +17,7 @@ uri ldaps://{{ server }}/
 {% endif %}
 
 # The search base that will be used for all queries.
-base dc=crans,dc=org
+base {{ ldap.base }}
 
 # The LDAP protocol version to use.
 #ldap_version 3