crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'newinfra' into 'borgbackup' 

# Conflicts:
#   group_vars/crans_server/vars.yml
#   plays/backup.yml
certbot_on_virtu
_pollion 2020-12-06 02:25:53 +01:00
parent 8798fa348c 502c03d674
commit d2a6501b9e
9 changed files with 59 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
all.yml
View File

@ -1,15 +1,12 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
# Set variable adm_iface for all servers
- import_playbook: plays/get_adm_iface.yml
# Core playboot to have minimal configuration # Core playboot to have minimal configuration
- import_playbook: plays/root.yml - import_playbook: plays/root.yml
- import_playbook: plays/mail.yml - import_playbook: plays/mail.yml
- import_playbook: plays/nfs.yml - import_playbook: plays/nfs.yml
#- import_playbook: plays/logs.yml #- import_playbook: plays/logs.yml
- import_playbook: plays/backup.yml #- import_playbook: plays/backup.yml
- import_playbook: plays/network-interfaces.yml - import_playbook: plays/network-interfaces.yml
- import_playbook: plays/monitoring.yml - import_playbook: plays/monitoring.yml

7
group_vars/crans_server/vars.yml
View File

@ -4,10 +4,11 @@ ldap:
base: "dc=crans,dc=org" base: "dc=crans,dc=org"
# Parameters for debian mirror # Parameters for debian and ubuntu mirror
debian_mirror: http://mirror.adm.crans.org/debian debian_mirror: http://mirror.adm.crans.org/debian
ubuntu_mirror: http://mirror.adm.crans.org/ubuntu
debian_components: main non-free debian_components: main non-free
ubuntu_components: main restricted universe multiverse
glob_borg: glob_borg:
to_backup: to_backup:
@ -22,4 +23,4 @@ glob_borg:
consistency_check: consistency_check:
- disabled - disabled
extra_init: extra_init:
- make-parent-dirs - make-parent-dirs

44
group_vars/reverseproxy.yml
View File

@ -66,25 +66,25 @@ nginx:
# - {from: amap.crans.org, to: 10.231.136.1} # - {from: amap.crans.org, to: 10.231.136.1}
# - {from: pot-vieux.crans.org, to: 10.231.136.1} # - {from: pot-vieux.crans.org, to: 10.231.136.1}
# - {from: bonvivens.crans.org, to: 10.231.136.1} # - {from: bonvivens.crans.org, to: 10.231.136.1}
#
redirect_sites: [] redirect_sites:
# - {from: crans.org, to: www.crans.org} - {from: crans.org, to: www.crans.org}
#
# # Aliases or legacy support # Aliases or legacy support
# - {from: factures.crans.org, to: intranet.crans.org} - {from: clubs.crans.org, to: perso.crans.org}
# - {from: accounts.crans.org, to: intranet.crans.org} - {from: task.crans.org, to: phabricator.crans.org}
# - {from: intranet2.crans.org, to: intranet.crans.org} - {from: adopteunpingouin.crans.org, to: install-party.crans.org}
# - {from: clubs.crans.org, to: perso.crans.org} - {from: i-p.crans.org, to: install-party.crans.org}
# - {from: task.crans.org, to: phabricator.crans.org}
# - {from: adopteunpingouin.crans.org, to: install-party.crans.org} # To the wiki
# - {from: i-p.crans.org, to: install-party.crans.org} - {from: wikipedia.crans.org, to: wiki.crans.org}
# - {from: television.crans.org, to: wiki.crans.org/CransTv}
# # To the wiki - {from: tv.crans.org, to: wiki.crans.org/CransTv}
# - {from: wikipedia.crans.org, to: wiki.crans.org}
# - {from: wifi.crans.org, to: wiki.crans.org/CransD%C3%A9marrage} # ENS Cachan
# - {from: television.crans.org, to: wiki.crans.org/CransTv} - {from: crans.ens-cachan.fr, to: www.crans.org}
# - {from: tv.crans.org, to: wiki.crans.org/CransTv} - {from: install-party.ens-cachan.fr, to: install-party.crans.org}
#
# # ENS Cachan static_sites:
# - {from: crans.ens-cachan.fr, to: www.crans.org} - www.crans.org
# - {from: install-party.ens-cachan.fr, to: install-party.crans.org} - install-party.crans.org

4
host_vars/bigbluebutton.adm.crans.org 100644
View File

@ -0,0 +1,4 @@
---
interfaces:
adm: ens18
srv: ens19

1
hosts
View File

@ -113,6 +113,7 @@ jitsi.adm.crans.org
kenobi.adm.crans.org kenobi.adm.crans.org
roundcube.adm.crans.org roundcube.adm.crans.org
horde.adm.crans.org horde.adm.crans.org
bigbluebutton.adm.crans.org
[ovh_physical] [ovh_physical]
sputnik.adm.crans.org sputnik.adm.crans.org

2
plays/network-interfaces.yml
View File

@ -1,6 +1,6 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: voyager.adm.crans.org,boeing.adm.crans.org,fluxx.adm.crans.org,hodaur.adm.crans.org,unifi.adm.crans.org,kiwi.adm.crans.org,roundcube.adm.crans.org,monitoring.adm.crans.org - hosts: voyager.adm.crans.org,boeing.adm.crans.org,fluxx.adm.crans.org,hodaur.adm.crans.org,unifi.adm.crans.org,kiwi.adm.crans.org,roundcube.adm.crans.org,monitoring.adm.crans.org,bigbluebutton.adm.crans.org
vars: vars:
vlan: vlan:
- name: srv - name: srv

11
roles/debian-apt-sources/templates/apt/sources.list.j2
View File

@ -1,5 +1,6 @@
{{ ansible_header | comment }} {{ ansible_header | comment }}
{% if ansible_lsb.id == "Debian" %}
# Mises à jour de sécurité # Mises à jour de sécurité
deb {{ debian_mirror }}-security {{ ansible_lsb.codename }}/updates {{ debian_components }} deb {{ debian_mirror }}-security {{ ansible_lsb.codename }}/updates {{ debian_components }}
@ -8,3 +9,13 @@ deb {{ debian_mirror }} {{ ansible_lsb.codename }} {{ debian_components }}
# Dépôt pour mises à jour fréquentes (volatile) # Dépôt pour mises à jour fréquentes (volatile)
deb {{ debian_mirror }} {{ ansible_lsb.codename }}-updates {{ debian_components }} deb {{ debian_mirror }} {{ ansible_lsb.codename }}-updates {{ debian_components }}
{% elif ansible_lsb.id == "Ubuntu" %}
# Mises à jour de sécurité
deb {{ ubuntu_mirror }} {{ ansible_lsb.codename }}-security {{ ubuntu_components }}
# Dépôt classique
deb {{ ubuntu_mirror }} {{ ansible_lsb.codename }} {{ ubuntu_components }}
# Dépôt pour mises à jour fréquentes (volatile)
deb {{ ubuntu_mirror }} {{ ansible_lsb.codename }}-updates {{ ubuntu_components }}
{% endif %}

4
roles/ntp-client/tasks/main.yml
View File

@ -7,7 +7,7 @@
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
when: inventory_hostname in ntp_servers when: inventory_hostname not in ntp_servers
- name: Configure NTP - name: Configure NTP
lineinfile: lineinfile:
@ -15,4 +15,4 @@
regexp: '^NTP=' regexp: '^NTP='
line: "NTP={{ ntp_servers | join(' ') }}" line: "NTP={{ ntp_servers | join(' ') }}"
notify: Restart systemd-timesyncd notify: Restart systemd-timesyncd
when: inventory_hostname in ntp_servers when: inventory_hostname not in ntp_servers

14
roles/prometheus-node-exporter/tasks/main.yml
View File

@ -8,7 +8,7 @@
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
when: when:
- ansible_lsb.codename == 'buster' - ansible_lsb.codename != 'stretch'
# Prometheus 2 node is in stretch-backports # Prometheus 2 node is in stretch-backports
- name: Install Prometheus node-exporter (stretch-backports) - name: Install Prometheus node-exporter (stretch-backports)
@ -46,3 +46,15 @@
owner: root owner: root
group: root group: root
mode: 0755 mode: 0755
when: ansible_lsb.id == 'Debian'
# Install new APT textfile collector, it might be upstreamed one day
# https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/pull/35
- name: Patch APT textfile collector
copy:
src: apt.sh
dest: /usr/share/prometheus-node-exporter-collectors/apt.sh
owner: root
group: root
mode: 0755
when: ansible_lsb.id == 'Ubuntu'