Retrait de thot dans ansible et retrait des secrets pour apprentis

2024-11-17 13:38:31 +01:00 · 2024-11-17 13:38:31 +01:00 · d8257424e2
parent 1f5129092e
commit d8257424e2
8 changed files with 2 additions and 111 deletions
--- a/group_vars/all/borg.yml
+++ b/group_vars/all/borg.yml
@ -10,7 +10,6 @@ glob_borg:
    - /backup/borg-adh
  remote:
    - ssh://borg@backup-ft.adm.crans.org/backup/borg-server/{{ ansible_hostname }}
-#   - ssh://borg@backup-thot.adm.crans.org/backup/borg-server/{{ ansible_hostname }}
  retention:
    - ["daily", 4]
    - ["monthly", 6]
--- a/host_vars/backup-thot.adm.crans.org.yml
+++ b/host_vars/backup-thot.adm.crans.org.yml
@ -1,26 +0,0 @@
---
-interfaces:
-  adm: ens18
-
-loc_unattended:
-  reboot: true
-
-loc_needrestart:
-  override: []
-
-loc_home_nounou:
-  mounts:
-    - ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}"
-      mountpoint: /home_nounou
-      target: /home_nounou
-      name: home_nounou
-      owner: root
-      group: _user
-      mode: '0750'
-    - ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}"
-      mountpoint: /rpool/backup
-      target: /backup
-      name: backup
-      owner: root
-      group: root
-      mode: '0755'
--- a/host_vars/routeur-thot.adm.crans.org.yml
+++ b/host_vars/routeur-thot.adm.crans.org.yml
@ -1,45 +0,0 @@
---
-interfaces:
-  adm: ens18
-  auto: ens19
-
-loc_unattended:
-  reboot: true
-
-loc_needrestart:
-  override: []
-
-loc_wireguard:
-  tunnels:
-    - name: "boeing"
-      listen_port: 51820
-      private_key: "{{ vault.wireguard.routeur_thot.privkey }}"
-      table: "off"
-      peers:
-        - public_key: "{{ vault.wireguard.boeing.aurore.pubkey }}"
-          allowed_ips:
-            - "{{ lookup('ldap', 'network', 'adm') }}"
-            - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
-          endpoint: "{{ lookup('ldap', 'ip4', 'boeing', 'srv') }}:51822"
-          persistent_keepalive: 25
-      post_up:
-        - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
-        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
-        - "ip route add {{ lookup('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy"
-        - "python3 /var/local/services/proxy/proxy.py --alter"
-      pre_down:
-        - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
-        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
-        - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
-
-
-loc_service_proxy:
-  config:
-    ldap:
-      - server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/"
-      - server: "ldaps://{{ lookup('ldap', 'ip4', 'thot', 'adm') }}/"
-    protocol: "proxy"
-    filter: ".adm.crans.org"
-    proxy:
-      default: "boeing"
-      aurore: "ens18"
--- a/host_vars/thot.adm.crans.org.yml
+++ b/host_vars/thot.adm.crans.org.yml
@ -1,17 +0,0 @@
---
-interfaces:
-  disable: true
-
-loc_needrestart:
-  override: []
-
-loc_borg:
-  to_backup:
-    - /etc
-    - /home_nounou
-    - /var
-
-loc_slapd:
-  ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}"
-  replica: true
-  replica_rid: 5
--- a/20
+++ b/20
@ -6,7 +6,6 @@ zamok.adm.crans.org
 [arpproxy]
 boeing.adm.crans.org
 routeur-ft.adm.crans.org
-routeur-thot.adm.crans.org

 [autoconfig]
 hodaur.adm.crans.org
@ -16,7 +15,6 @@ cameron.adm.crans.org

 [backups]
 backup-ft.adm.crans.org
-backup-thot.adm.crans.org

 [baie]
 cameron.adm.crans.org
@ -49,7 +47,6 @@ routeurs_vm

 [dropbear]
 ft.adm.crans.org
-thot.adm.crans.org

 [docker:children]
 gitlab_runner
@ -224,7 +221,6 @@ helloworld.adm.crans.org
 wall-e.adm.crans.org
 #sam.adm.crans.org
 #sputnik.adm.crans.org
-#thot.adm.crans.org

 [sssd]
 zamok.adm.crans.org
@ -245,7 +241,6 @@ sam.adm.crans.org

 [virtu_backup]
 ft.adm.crans.org
-thot.adm.crans.org

 [virtu:children]
 virtu_adh
@ -262,7 +257,6 @@ kiwi.adm.crans.org
 [wireguard]
 boeing.adm.crans.org
 routeur-ft.adm.crans.org
-routeur-thot.adm.crans.org
 sputnik.adm.crans.org

 [crans_routeurs:children]
@ -272,7 +266,6 @@ routeurs_vm
 zamok.adm.crans.org

 [crans_physical:children]
-aurore_physical
 baie
 virtu
 viarezo_physical
@ -328,19 +321,7 @@ routeur-ft.adm.crans.org
 viarezo_physical
 viarezo_vm

-[aurore_physical]
-thot.adm.crans.org
-
-[aurore_vm]
-backup-thot.adm.crans.org
-routeur-thot.adm.crans.org
-
-[aurore:children]
-aurore_physical
-aurore_vm
-
 [crans_vm:children]
-aurore_vm
 routeurs_vm
 viarezo_vm

@ -360,7 +341,6 @@ ilo-jack.adm.crans.org
 ilo-odlyd.adm.crans.org
 ilo-sam.adm.crans.org
 ilo-stitch.adm.crans.org
-ilo-thot.adm.crans.org
 ilo-zamok.adm.crans.org

 # everything at crans
--- a/plays/borgbackup_client.yml
+++ b/plays/borgbackup_client.yml
@ -2,7 +2,7 @@
 ---
 - import_playbook: ssh_known_hosts.yml

- hosts: server
+- hosts: server,!apprentis.adm.crans.org
  vars:
    borg: "{{ glob_borg | default({}) | combine(loc_borg | default({})) }}"
  roles:
--- a/plays/users.yml
+++ b/plays/users.yml
@ -6,7 +6,7 @@
  roles:
    - ldap-client

- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org,!ft.adm.crans.org,!thot.adm.crans.org
+- hosts: server,!ovh_physical,!apprentis.adm.crans.org,!ft.adm.crans.org,!routeur-sam.adm.crans.org,!sam.adm.crans.org,!tealc.adm.crans.org
  vars:
    nfs_mount: "{{ glob_home_nounou | default({}) | combine(loc_home_nounou | default({})) }}"
  roles:
--- a/0
+++ b/0