crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[New-infra] Deploy ldap and nfs with base system.

certbot_on_virtu
_pollion 2020-07-27 23:08:27 +02:00 committed by shirenn
parent 2310a08594
commit 52e237b0cf
5 changed files with 74 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
base.yml
View File

@ -1,13 +1,20 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
# Set variable adm_iface for all servers # Set variable adm_iface for all servers
- import_playbook: plays/get_adm_iface.yml # - hosts: server
# tasks:
# - name: Register adm interface in adm_iface variable
# shell: set -o pipefail && grep adm /sys/class/net/*/ifalias | sed "s|/sys/class/net/||" | sed "s|/ifalias:.*||"
# register: adm_iface
# check_mode: false
# changed_when: true
# args:
# executable: /bin/bash
# Common CRANS configuration for all servers # Common CRANS configuration for all servers
- hosts: server - hosts: server
vars: vars:
# Debian mirror on adm debian_mirror: http://mirror.crans.org/debian # tmp
debian_mirror: http://mirror.adm.crans.org/debian
debian_components: main non-free debian_components: main non-free
# LDAP binding # LDAP binding
@ -30,23 +37,47 @@
# Will be in /usr/scripts/ # Will be in /usr/scripts/
crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git" crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git"
# NTP servers # # NTP servers
ntp_servers: # ntp_servers:
- charybde.adm.crans.org # - charybde.adm.crans.org
- silice.adm.crans.org # - silice.adm.crans.org
roles: roles:
- common-tools - common-tools
- debian-apt-sources - debian-apt-sources
- ldap-client - ldap-client
- openssh - openssh
- sudo - sudo
- ntp-client # - ntp-client
- crans-scripts # - crans-scripts
- root-config - root-config
- import_playbook: plays/mail.yml # Deploy LDAP replica
- hosts: odlyd.adm.crans.org,soyouz.adm.crans.org,fy.adm.crans.org,thot.adm.crans.org
roles: [] # TODO
- hosts: otis.adm.crans.org
roles:
- ansible
# Tools for members
- hosts: zamok.adm.crans.org
roles:
- zamok-tools
# - import_playbook: plays/mail.yml
- import_playbook: plays/nfs.yml - import_playbook: plays/nfs.yml
- import_playbook: plays/logs.yml # - import_playbook: plays/logs.yml
- import_playbook: plays/backup.yml # - import_playbook: plays/backup.yml
- import_playbook: plays/network-interfaces.yml # - import_playbook: plays/network-interfaces.yml
- import_playbook: plays/monitoring.yml # - import_playbook: plays/monitoring.yml
# - import_playbook: plays/generate_documentation.yml
# Services that only apply to a subset of server
- import_playbook: plays/tv.yml
- import_playbook: plays/mailman.yml
- import_playbook: plays/dhcp.yml
- import_playbook: plays/dns.yml
- import_playbook: plays/wireguard.yml
- import_playbook: plays/mirror.yml
- import_playbook: plays/owncloud.yml
- import_playbook: plays/reverse-proxy.yml

4
group_vars/crans_vm/vars.yml 100644
View File

@ -0,0 +1,4 @@
ldap:
local: False
servers: ["172.16.1.1"]
base: "dc=crans,dc=org"

220
hosts
View File

@ -4,208 +4,35 @@
# > We name servers according to location, then type. # > We name servers according to location, then type.
# > Then we regroup everything in global geographic and type groups. # > Then we regroup everything in global geographic and type groups.
[horde] # [horde]
horde-srv.adm.crans.org # horde-srv.adm.crans.org
#
[framadate] # [framadate]
voyager.adm.crans.org # voyager.adm.crans.org
#
[dhcp] # [dhcp]
dhcp.adm.crans.org # dhcp.adm.crans.org
odlyd.adm.crans.org # odlyd.adm.crans.org
#
[keepalived] # [keepalived]
gulp.adm.crans.org # gulp.adm.crans.org
odlyd.adm.crans.org # odlyd.adm.crans.org
eap.adm.crans.org # eap.adm.crans.org
radius.adm.crans.org # radius.adm.crans.org
frontdaur.adm.crans.org # frontdaur.adm.crans.org
bakdaur.adm.crans.org # bakdaur.adm.crans.org
#
[test_vm] # [test_vm]
re2o-test.adm.crans.org # re2o-test.adm.crans.org
[crans_physical] [crans_physical]
charybde.adm.crans.org tealc
cochon.adm.crans.org daniel
ft.adm.crans.org
fyre.adm.crans.org
fz.adm.crans.org
gateau.adm.crans.org
gulp.adm.crans.org
odlyd.adm.crans.org
omnomnom.adm.crans.org
stitch.adm.crans.org
thot.adm.crans.org
vo.adm.crans.org
zamok.adm.crans.org
zbee.adm.crans.org
zephir.adm.crans.org
[crans_vm] [crans_vm]
alice.adm.crans.org belenios # on changera plus tard
bakdaur.adm.crans.org
boeing.adm.crans.org
cas-srv.adm.crans.org
#civet.adm.crans.org
#cups.adm.crans.org
dhcp.adm.crans.org
eap.adm.crans.org
ethercalc-srv.adm.crans.org
frontdaur.adm.crans.org
gitzly.adm.crans.org
horde-srv.adm.crans.org
ipv6-zayo.adm.crans.org
irc.adm.crans.org
jitsi.adm.crans.org
kenobi.adm.crans.org
kiwi.adm.crans.org
lutim.adm.crans.org
#mediadrop-srv.adm.crans.org
mailman.adm.crans.org
nem.adm.crans.org
#news.adm.crans.org
otis.adm.crans.org
owl.adm.crans.org
owncloud-srv.adm.crans.org
radius.adm.crans.org
re2o-bcfg2.adm.crans.org
re2o-ldap.adm.crans.org
re2o-srv.adm.crans.org
redisdead.adm.crans.org
roundcube-srv.adm.crans.org
routeur.adm.crans.org
silice.adm.crans.org
titanic.adm.crans.org
tracker.adm.crans.org
unifi.adm.crans.org
voyager.adm.crans.org
xmpp.adm.crans.org
ytrap-llatsni.adm.crans.org
sitesweb.adm.crans.org
[crans_unifi]
0g-2.borne.crans.org
0g-3.borne.crans.org
0g-4.borne.crans.org
0h-2.borne.crans.org
0h-3.borne.crans.org
0m-2.borne.crans.org
1g-1.borne.crans.org
1g-3.borne.crans.org
1g-4.borne.crans.org
1g-5.borne.crans.org
1h-2.borne.crans.org
1h-3.borne.crans.org
1i-2.borne.crans.org
1i-3.borne.crans.org
1j-2.borne.crans.org
1j-3.borne.crans.org
1m-1.borne.crans.org
1m-2.borne.crans.org
1m-5.borne.crans.org
2a-1.borne.crans.org
2b-3.borne.crans.org
2c-2.borne.crans.org
2c-3.borne.crans.org
2g-1.borne.crans.org
2g-3.borne.crans.org
2g-5.borne.crans.org
2h-2.borne.crans.org
2h-3.borne.crans.org
2i-2.borne.crans.org
2i-3.borne.crans.org
2j-2.borne.crans.org
2j-3.borne.crans.org
2m-2.borne.crans.org
3a-2.borne.crans.org
3b-3.borne.crans.org
3c-2.borne.crans.org
3c-3.borne.crans.org
3g-1.borne.crans.org
3g-5.borne.crans.org
3h-2.borne.crans.org
3h-3.borne.crans.org
3i-2.borne.crans.org
3i-3.borne.crans.org
3j-2.borne.crans.org
3m-2.borne.crans.org
3m-4.borne.crans.org
3m-5.borne.crans.org
4a-1.borne.crans.org
4a-2.borne.crans.org
4a-3.borne.crans.org
4b-1.borne.crans.org
4c-2.borne.crans.org
4c-3.borne.crans.org
4g-1.borne.crans.org
4g-3.borne.crans.org
4g-5.borne.crans.org
4h-2.borne.crans.org
4h-3.borne.crans.org
4i-2.borne.crans.org
4i-3.borne.crans.org
4j-1.borne.crans.org
4j-2.borne.crans.org
4j-3.borne.crans.org
4m-2.borne.crans.org
4m-4.borne.crans.org
5a-1.borne.crans.org
5b-1.borne.crans.org
5c-1.borne.crans.org
5g-1.borne.crans.org
5g-3.borne.crans.org
5m-4.borne.crans.org
6a-1.borne.crans.org
6a-2.borne.crans.org
6c-1.borne.crans.org
adonis.borne.crans.org # 5a
atlas.borne.crans.org # 1a
baba-au-rhum.borne.crans.org # 3b
bacchus.borne.crans.org # 1b
baucis.borne.crans.org # 2b
bellerophon.borne.crans.org # 2b
benedict-cumberbatch.borne.crans.org # 1b
benthesicyme.borne.crans.org # 4b
boree.borne.crans.org # 6b
branchos.borne.crans.org # 3b
calypso.borne.crans.org # 4c
chaos.borne.crans.org # 1c
chronos.borne.crans.org # 2c
crios.borne.crans.org # 3c
gaia.borne.crans.org # 0g
hades.borne.crans.org # 4h
hephaistos.borne.crans.org # 1h
hermes.borne.crans.org # 3h
hypnos.borne.crans.org # 2h
iaso.borne.crans.org # 1i
idothee.borne.crans.org # 3i
idyie.borne.crans.org # 0i
ino.borne.crans.org # 2i
ioke.borne.crans.org # 4i
jaipudidees.borne.crans.org # 2j
jaipudpapier.borne.crans.org # 3j
japavolonte.borne.crans.org # 1j
jesuischarlie.borne.crans.org # 0j
jveuxduwifi.borne.crans.org # 0j
mania.borne.crans.org # 2m
marquis.borne.crans.org # manoir
mercure.borne.crans.org # 3m
#5m-5.borne.crans.org Déplacée au 2b
# TODO Récupérer ces bornes
#kakia.borne.crans.org # kfet
#koios.borne.crans.org # kfet
#gym-1.borne.crans.org # gymnase
#gym-2.borne.crans.org # gymnase
#0d-1.borne.crans.org
# TODO La fibre vers le resto U est coupée.
#rhea.borne.crans.org # resto-univ
#romulus.borne.crans.org # resto-univ
[ovh_physical] [ovh_physical]
soyouz.adm.crans.org
sputnik.adm.crans.org sputnik.adm.crans.org
# every server at crans # every server at crans
@ -217,7 +44,6 @@ crans_vm
[crans:children] [crans:children]
crans_physical crans_physical
crans_vm crans_vm
crans_unifi
# everything at ovh # everything at ovh
[ovh:children] [ovh:children]

10
plays/nfs.yml
View File

@ -7,12 +7,4 @@
# Deploy NFS only on campus # Deploy NFS only on campus
- hosts: crans_server - hosts: crans_server
roles: ["nfs-common"] roles: ["home-nounous"]
# Deploy autofs NFS
- hosts: crans_server,!odlyd.adm.crans.org,!zamok.adm.crans.org,!omnomnom.adm.crans.org,!owl.adm.crans.org,!owncloud-srv.adm.crans.org
roles: ["nfs-autofs"]
# Deploy home permanent
- hosts: zamok.adm.crans.org,omnomnom.adm.crans.org,owl.adm.crans.org,owncloud-srv.adm.crans.org
roles: ["home-permanent"]

2
roles/ldap-client/templates/nslcd.conf.j2
View File

@ -17,7 +17,7 @@ uri ldaps://{{ server }}/
{% endif %} {% endif %}
# The search base that will be used for all queries. # The search base that will be used for all queries.
base dc=crans,dc=org base {{ ldap.base }}
# The LDAP protocol version to use. # The LDAP protocol version to use.
#ldap_version 3 #ldap_version 3