Merge branch 'newinfra' into 'borgbackup'

# Conflicts:
#   group_vars/crans_server/vars.yml
#   plays/backup.yml

all.yml

@@ -1,15 +1,12 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Set variable adm_iface for all servers
-- import_playbook: plays/get_adm_iface.yml
-
 # Core playboot to have minimal configuration
 - import_playbook: plays/root.yml
 
 - import_playbook: plays/mail.yml
 - import_playbook: plays/nfs.yml
 #- import_playbook: plays/logs.yml
-- import_playbook: plays/backup.yml
+#- import_playbook: plays/backup.yml
 - import_playbook: plays/network-interfaces.yml
 - import_playbook: plays/monitoring.yml
 

group_vars/crans_server/vars.yml

@@ -4,10 +4,11 @@ ldap:
   base: "dc=crans,dc=org"
 
 
-# Parameters for debian mirror
+# Parameters for debian and ubuntu mirror
 debian_mirror: http://mirror.adm.crans.org/debian
+ubuntu_mirror: http://mirror.adm.crans.org/ubuntu
 debian_components: main non-free
-
+ubuntu_components: main restricted universe multiverse
 
 glob_borg:
   to_backup:
@@ -22,4 +23,4 @@ glob_borg:
   consistency_check:
     - disabled
   extra_init:
-    - make-parent-dirs
+    - make-parent-dirs

group_vars/reverseproxy.yml

@@ -66,25 +66,25 @@ nginx:
     #    - {from: amap.crans.org, to: 10.231.136.1}
     #    - {from: pot-vieux.crans.org, to: 10.231.136.1}
     #    - {from: bonvivens.crans.org, to: 10.231.136.1}
-    #
-  redirect_sites: []
-    #    - {from: crans.org, to: www.crans.org}
-    #
-    #    # Aliases or legacy support
-    #    - {from: factures.crans.org, to: intranet.crans.org}
-    #    - {from: accounts.crans.org, to: intranet.crans.org}
-    #    - {from: intranet2.crans.org, to: intranet.crans.org}
-    #    - {from: clubs.crans.org, to: perso.crans.org}
-    #    - {from: task.crans.org, to: phabricator.crans.org}
-    #    - {from: adopteunpingouin.crans.org, to: install-party.crans.org}
-    #    - {from: i-p.crans.org, to: install-party.crans.org}
-    #
-    #    # To the wiki
-    #    - {from: wikipedia.crans.org, to: wiki.crans.org}
-    #    - {from: wifi.crans.org, to: wiki.crans.org/CransD%C3%A9marrage}
-    #    - {from: television.crans.org, to: wiki.crans.org/CransTv}
-    #    - {from: tv.crans.org, to: wiki.crans.org/CransTv}
-    #
-    #    # ENS Cachan
-    #    - {from: crans.ens-cachan.fr, to: www.crans.org}
-    #    - {from: install-party.ens-cachan.fr, to: install-party.crans.org}
+
+  redirect_sites:
+    - {from: crans.org, to: www.crans.org}
+
+    # Aliases or legacy support
+    - {from: clubs.crans.org, to: perso.crans.org}
+    - {from: task.crans.org, to: phabricator.crans.org}
+    - {from: adopteunpingouin.crans.org, to: install-party.crans.org}
+    - {from: i-p.crans.org, to: install-party.crans.org}
+
+    # To the wiki
+    - {from: wikipedia.crans.org, to: wiki.crans.org}
+    - {from: television.crans.org, to: wiki.crans.org/CransTv}
+    - {from: tv.crans.org, to: wiki.crans.org/CransTv}
+
+    # ENS Cachan
+    - {from: crans.ens-cachan.fr, to: www.crans.org}
+    - {from: install-party.ens-cachan.fr, to: install-party.crans.org}
+
+  static_sites:
+    - www.crans.org
+    - install-party.crans.org

host_vars/bigbluebutton.adm.crans.org

@@ -0,0 +1,4 @@
+---
+interfaces:
+  adm: ens18
+  srv: ens19

hosts

@@ -113,6 +113,7 @@ jitsi.adm.crans.org
 kenobi.adm.crans.org
 roundcube.adm.crans.org
 horde.adm.crans.org
+bigbluebutton.adm.crans.org
 
 [ovh_physical]
 sputnik.adm.crans.org

plays/network-interfaces.yml

@@ -1,6 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-- hosts: voyager.adm.crans.org,boeing.adm.crans.org,fluxx.adm.crans.org,hodaur.adm.crans.org,unifi.adm.crans.org,kiwi.adm.crans.org,roundcube.adm.crans.org,monitoring.adm.crans.org
+- hosts: voyager.adm.crans.org,boeing.adm.crans.org,fluxx.adm.crans.org,hodaur.adm.crans.org,unifi.adm.crans.org,kiwi.adm.crans.org,roundcube.adm.crans.org,monitoring.adm.crans.org,bigbluebutton.adm.crans.org
   vars:
     vlan:
       - name: srv

roles/debian-apt-sources/templates/apt/sources.list.j2

@@ -1,5 +1,6 @@
 {{ ansible_header | comment }}
 
+{% if ansible_lsb.id == "Debian" %}
 # Mises à jour de sécurité
 deb     {{ debian_mirror }}-security {{ ansible_lsb.codename }}/updates {{ debian_components }}
 
@@ -8,3 +9,13 @@ deb     {{ debian_mirror }} {{ ansible_lsb.codename }} {{ debian_components }}
 
 # Dépôt pour mises à jour fréquentes (volatile)
 deb     {{ debian_mirror }} {{ ansible_lsb.codename }}-updates {{ debian_components }}
+{% elif ansible_lsb.id == "Ubuntu" %}
+# Mises à jour de sécurité
+deb     {{ ubuntu_mirror }} {{ ansible_lsb.codename }}-security {{ ubuntu_components }}
+
+# Dépôt classique
+deb     {{ ubuntu_mirror }} {{ ansible_lsb.codename }} {{ ubuntu_components }}
+
+# Dépôt pour mises à jour fréquentes (volatile)
+deb     {{ ubuntu_mirror }} {{ ansible_lsb.codename }}-updates {{ ubuntu_components }}
+{% endif %}

roles/ntp-client/tasks/main.yml

@@ -7,7 +7,7 @@
   register: apt_result
   retries: 3
   until: apt_result is succeeded
-  when: inventory_hostname in ntp_servers
+  when: inventory_hostname not in ntp_servers
 
 - name: Configure NTP
   lineinfile:
@@ -15,4 +15,4 @@
     regexp: '^NTP='
     line: "NTP={{ ntp_servers | join(' ') }}"
   notify: Restart systemd-timesyncd
-  when: inventory_hostname in ntp_servers
+  when: inventory_hostname not in ntp_servers

roles/prometheus-node-exporter/tasks/main.yml

@@ -8,7 +8,7 @@
   retries: 3
   until: apt_result is succeeded
   when:
-    - ansible_lsb.codename == 'buster'
+    - ansible_lsb.codename != 'stretch'
 
 # Prometheus 2 node is in stretch-backports
 - name: Install Prometheus node-exporter (stretch-backports)
@@ -46,3 +46,15 @@
     owner: root
     group: root
     mode: 0755
+  when: ansible_lsb.id == 'Debian'
+
+# Install new APT textfile collector, it might be upstreamed one day
+# https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/pull/35
+- name: Patch APT textfile collector
+  copy:
+    src: apt.sh
+    dest: /usr/share/prometheus-node-exporter-collectors/apt.sh
+    owner: root
+    group: root
+    mode: 0755
+  when: ansible_lsb.id == 'Ubuntu'