Création de README, suppression d'éléments inutiles
korenstin
parent
7241dd0745
commit
e965ce9acd
|
|
@ -4,7 +4,5 @@ glob_mirror:
|
|||
ip: "{{ lookup('ldap', 'ip4', 'eclat', 'adm') }}"
|
||||
|
||||
debian_mirror: http://mirror.adm.crans.org/debian
|
||||
ubuntu_mirror: http://mirror.adm.crans.org/ubuntu
|
||||
proxmox_mirror: http://mirror.adm.crans.org/proxmox/debian/pve
|
||||
debian_components: main contrib non-free
|
||||
ubuntu_components: main restricted universe multiverse
|
||||
|
|
|
|||
|
|
@ -10,33 +10,6 @@ loc_needrestart:
|
|||
override: []
|
||||
|
||||
loc_prometheus:
|
||||
node:
|
||||
config:
|
||||
- job_name: servers
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/node.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:9100'
|
||||
|
||||
nginx:
|
||||
config:
|
||||
- job_name: nginx
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/nginx.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: instance
|
||||
- source_labels: [instance]
|
||||
target_label: __address__
|
||||
replacement: '$1:9117'
|
||||
|
||||
apache:
|
||||
config:
|
||||
|
|
@ -50,29 +23,59 @@ loc_prometheus:
|
|||
target_label: __address__
|
||||
replacement: '$1:9117'
|
||||
|
||||
bind:
|
||||
config:
|
||||
- job_name: bind
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/bind.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:9119'
|
||||
|
||||
bird:
|
||||
config:
|
||||
- job_name: bird
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/bird.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:9324'
|
||||
|
||||
blackbox:
|
||||
file: targets/blackbox.json
|
||||
targets:
|
||||
- http://ftp.crans.org/
|
||||
- https://cas.crans.org/
|
||||
- https://crans.org/
|
||||
- https://www.crans.org/
|
||||
- https://webirc.crans.org/
|
||||
- https://jitsi.crans.org/
|
||||
- https://ftps.crans.org/
|
||||
- http://ftp.crans.org/
|
||||
- https://grafana.crans.org/
|
||||
- https://roundcube.crans.org/
|
||||
- https://zero.crans.org/
|
||||
- https://wiki.crans.org/PageAccueil
|
||||
- https://framadate.crans.org/
|
||||
- https://pad.crans.org/
|
||||
- https://lists.crans.org/
|
||||
- https://cas.crans.org/
|
||||
- https://ethercalc.crans.org/
|
||||
- https://framadate.crans.org/
|
||||
- https://ftps.crans.org/
|
||||
- https://gitlab.crans.org/
|
||||
- https://perso.crans.org/crans/
|
||||
- https://grafana.crans.org/
|
||||
- https://install-party.crans.org/
|
||||
- https://intranet.crans.org/
|
||||
- https://jitsi.crans.org/
|
||||
- https://lists.crans.org/
|
||||
- https://owncloud.crans.org/
|
||||
- https://pad.crans.org/
|
||||
- https://perso.crans.org/crans/
|
||||
- https://roundcube.crans.org/
|
||||
- https://webirc.crans.org/
|
||||
- https://wiki.crans.org/PageAccueil
|
||||
- https://zero.crans.org/
|
||||
config:
|
||||
- job_name: blackbox
|
||||
file_sd_configs:
|
||||
|
|
@ -106,27 +109,30 @@ loc_prometheus:
|
|||
- target_label: __address__
|
||||
replacement: 127.0.0.1:9115
|
||||
|
||||
bird:
|
||||
ilo_snmp:
|
||||
config:
|
||||
- job_name: bird
|
||||
- job_name: ilo_snmp
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/bird.json'
|
||||
- '/etc/prometheus/targets/ilo_snmp.json'
|
||||
metrics_path: '/snmp'
|
||||
params:
|
||||
module:
|
||||
- ilo
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- source_labels: [__param_target]
|
||||
- replacement: '127.0.0.1:9116'
|
||||
target_label: __address__
|
||||
replacement: '$1:9324'
|
||||
|
||||
bind:
|
||||
mtail:
|
||||
config:
|
||||
- job_name: bind
|
||||
- job_name: mtail
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/bind.json'
|
||||
- '/etc/prometheus/targets/mtail.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
|
|
@ -134,7 +140,50 @@ loc_prometheus:
|
|||
target_label: instance
|
||||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:9119'
|
||||
replacement: '$1:3903'
|
||||
|
||||
mysql:
|
||||
config:
|
||||
- job_name: mysql
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/mysql.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:9104'
|
||||
|
||||
nginx:
|
||||
config:
|
||||
- job_name: nginx
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/nginx.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: instance
|
||||
- source_labels: [instance]
|
||||
target_label: __address__
|
||||
replacement: '$1:9117'
|
||||
|
||||
node:
|
||||
config:
|
||||
- job_name: servers
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/node.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:9100'
|
||||
|
||||
postfix:
|
||||
config:
|
||||
|
|
@ -166,54 +215,27 @@ loc_prometheus:
|
|||
target_label: __address__
|
||||
replacement: '$1:9187'
|
||||
|
||||
mysql:
|
||||
printer_snmp:
|
||||
config:
|
||||
- job_name: mysql
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/mysql.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:9104'
|
||||
|
||||
mtail:
|
||||
config:
|
||||
- job_name: mtail
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/mtail.json'
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- source_labels: [__param_target]
|
||||
target_label: __address__
|
||||
replacement: '$1:3903'
|
||||
|
||||
ilo_snmp:
|
||||
config:
|
||||
- job_name: ilo_snmp
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- '/etc/prometheus/targets/ilo_snmp.json'
|
||||
- job_name: printer_snmp
|
||||
static_configs:
|
||||
- targets: ["printer.lp.crans.org"]
|
||||
metrics_path: '/snmp'
|
||||
params:
|
||||
module:
|
||||
- ilo
|
||||
- printer_mib
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- replacement: '127.0.0.1:9116'
|
||||
- replacement: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116"
|
||||
target_label: __address__
|
||||
|
||||
tsdb:
|
||||
retention_time: "180d"
|
||||
retention_size: "200GB"
|
||||
|
||||
ups_snmp:
|
||||
config:
|
||||
- job_name: ups_snmp
|
||||
|
|
@ -233,23 +255,3 @@ loc_prometheus:
|
|||
target_label: instance
|
||||
- replacement: 127.0.0.1:9116
|
||||
target_label: __address__
|
||||
|
||||
printer_snmp:
|
||||
config:
|
||||
- job_name: printer_snmp
|
||||
static_configs:
|
||||
- targets: ["printer.lp.crans.org"]
|
||||
metrics_path: '/snmp'
|
||||
params:
|
||||
module:
|
||||
- printer_mib
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- replacement: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116"
|
||||
target_label: __address__
|
||||
tsdb:
|
||||
retention_time: "180d"
|
||||
retention_size: "200GB"
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
---
|
||||
- name: Fetch ceph repository public key
|
||||
get_url:
|
||||
url: "{{ ceph.mirror_key }}"
|
||||
dest: /etc/apt/trusted.gpg.d/ceph-release.asc
|
||||
|
||||
- name: Add ceph to source lists
|
||||
lineinfile:
|
||||
path: /etc/apt/sources.list.d/ceph.list
|
||||
regexp: '^deb'
|
||||
create: true
|
||||
line: 'deb [signed-by=/etc/apt/trusted.gpg.d/ceph-release.asc] {{ ceph.mirror }} {{ ansible_distribution_release }} main'
|
||||
|
||||
- name: Install ceph
|
||||
apt:
|
||||
name:
|
||||
- ceph
|
||||
- ceph-mds
|
||||
- ceph-volume
|
||||
- rsync
|
||||
- nvme-cli
|
||||
- smartmontools
|
||||
install_recommends: false
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
# Common tools
|
||||
|
||||
Installe et configure les outils essentiels pour l'administration des serveurs.
|
||||
|
||||
Par exemple :
|
||||
|
||||
- git
|
||||
- nano
|
||||
- screen
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
# Debian apt sources
|
||||
|
||||
Configure les sources de debian avec le miroir du crans.
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# Ethercalc
|
||||
|
||||
Installe et configure ethercalc
|
||||
|
||||
## Variables
|
||||
|
||||
glob_ethercalc:
|
||||
ip: ip du serveur
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
# Etherpad
|
||||
|
||||
Installe et configure etherpad
|
||||
|
||||
# Variables
|
||||
|
||||
glob_etherpad:
|
||||
instances:
|
||||
- name: nom de l'instance
|
||||
title: titre de la page
|
||||
favicon: icon de la page
|
||||
skin:
|
||||
ip: ip du serveur
|
||||
port: port
|
||||
version: version du pad
|
||||
database:
|
||||
user: utilisateur de la bdd
|
||||
host: serveur pgsql
|
||||
name: nom de la bdd
|
||||
default_pad_text: texte par défaut des pads
|
||||
admin:
|
||||
user: utilisateur admin
|
||||
password: mot de passe
|
||||
apikey: clé api
|
||||
temporary:
|
||||
enabled: activer les pads éphémères
|
||||
delay: durée avant suppression
|
||||
loop: true si une boucle est utilisée
|
||||
loop_delay: delai entre chaque itération de la boucle
|
||||
delete_at_start: true si la suppression à lieu au démarrage du pad
|
||||
deleted_text: message après suppression
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# Logos
|
||||
|
||||
Copie les logos du crans.
|
||||
|
||||
## Variables
|
||||
|
||||
logos:
|
||||
- which: source du logo (cf : files/)
|
||||
where: destination du logo
|
||||
owner: propriétaire (défaut : root)
|
||||
group: groupe (defaut : root)
|
||||
mode: permissions (defaut : 0644)
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
# Moinmoin gendoc
|
||||
|
||||
Générateur automatique de la documentation sur le wiki.
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
# Moinmoin
|
||||
|
||||
Installe et configure le wiki (avec hardcode)
|
||||
|
||||
## Variables
|
||||
|
||||
moinmoin.main: booléen
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# NTP client
|
||||
|
||||
Installe et configure un client ntp.
|
||||
|
||||
## Variables
|
||||
|
||||
glob_ntp_client:
|
||||
servers: serveurs
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# NTP server
|
||||
|
||||
Installe et configure un serveur NTP
|
||||
|
||||
## Variables
|
||||
|
||||
glob_ntp_server:
|
||||
open: adresses ip
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
# Openssh
|
||||
|
||||
Installe et configure un serveur ssh.
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
# Prometheus
|
||||
|
||||
Installe et configure prometheus
|
||||
|
||||
## Variables
|
||||
|
||||
prometheus:
|
||||
tsdb:
|
||||
retention_time: Durée de conservation maximale
|
||||
retention_size: Taille maximale
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
# Qemu guest agent
|
||||
|
||||
Installe qemu guest agent
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
# Restic client
|
||||
|
||||
Restic client est déployé sur toutes les machines du crans. Il permet de
|
||||
configurer les backups sur toutes les machines du crans. Plus d'information sur
|
||||
la [documentation](gitlab.crans.org/nounous/documentation).
|
||||
|
||||
## Variables
|
||||
|
||||
glob_restic: (ou loc_restic dans host_vars)
|
||||
config:
|
||||
<nom>:
|
||||
to_exclude: chemins à ne pas backuper
|
||||
to_backup: chemins à backuper
|
||||
retention: règles de conservations
|
||||
remote: Serveurs sur lesquels les backups doivent être effectuées
|
||||
|
||||
Remarque : il est possible de configurer plusieurs backups (notamment pour avoir
|
||||
des rétentions différentes ou pour les séparer) en mettant plusieurs
|
||||
configurations dans `config` (avec des noms différents).
|
||||
|
|
@ -4,3 +4,7 @@
|
|||
name: restic-{{ item }}.timer
|
||||
state: restarted
|
||||
loop: "{{ restic.config.keys() }}"
|
||||
|
||||
- name: systemctl daemon-reload
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
# Root config
|
||||
|
||||
Configure les différentes applications de root (typiquement nano et vim).
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: Create or rewrite .nanorc for root
|
||||
- name: Create or rewrite .nanorc and .vimrc for root
|
||||
template:
|
||||
src: "{{ item.src }}.j2"
|
||||
dest: /root/{{ item.dest }}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
# Root
|
||||
|
||||
Configure le mot de passe root.
|
||||
|
||||
Remarque : Bien que le role `root` ne fasse que cela, le playbook root permet de
|
||||
pré-configurer une vm entièrement (backups, sudoers, home_nounou, ...)
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
# Sudo
|
||||
|
||||
Configure les sudoers.
|
||||
|
|
@ -1,11 +1,10 @@
|
|||
---
|
||||
- name: Configure sudoers
|
||||
template:
|
||||
src: "{{ item.src }}.j2"
|
||||
dest: "/etc/{{ item.dst | default(item.src) }}"
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/etc/{{ item }}"
|
||||
mode: 0440
|
||||
loop:
|
||||
- src: sudoers.d/custom_passprompt
|
||||
- src: sudoers.d/group_privilege
|
||||
- src: "sudoers.{{ ansible_distribution_release }}"
|
||||
dst: "sudoers"
|
||||
- sudoers.d/custom_passprompt
|
||||
- sudoers.d/group_privilege
|
||||
- sudoers
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
{{ ansible_header | comment }}
|
||||
#
|
||||
# See the man page for details on how to write a sudoers file.
|
||||
#
|
||||
Defaults env_reset
|
||||
Defaults mail_badpass
|
||||
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
|
||||
# Host alias specification
|
||||
User_Alias USERS= %_user
|
||||
User_Alias NOUNOUS= %_nounou
|
||||
|
||||
# User alias specification
|
||||
|
||||
# Cmnd alias specification
|
||||
|
||||
# User privilege specification
|
||||
root ALL=(ALL:ALL) ALL
|
||||
|
||||
{% if 'virtu' in group_names %}
|
||||
# Pour vérifier quels vms sont sur quels virtus
|
||||
USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
|
||||
|
||||
{% endif %}
|
||||
# See sudoers(5) for more information on "@include" directives:
|
||||
|
||||
@includedir /etc/sudoers.d
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
{{ ansible_header | comment }}
|
||||
#
|
||||
# See the man page for details on how to write a sudoers file.
|
||||
#
|
||||
Defaults env_reset
|
||||
Defaults mail_badpass
|
||||
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
|
||||
# Host alias specification
|
||||
User_Alias USERS= %_user
|
||||
User_Alias NOUNOUS= %_nounou
|
||||
|
||||
# User alias specification
|
||||
|
||||
# Cmnd alias specification
|
||||
|
||||
# User privilege specification
|
||||
root ALL=(ALL:ALL) ALL
|
||||
|
||||
{% if 'virtu' in group_names %}
|
||||
# Pour vérifier quels vms sont sur quels virtus
|
||||
USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
|
||||
|
||||
{% endif %}
|
||||
# See sudoers(5) for more information on "@include" directives:
|
||||
|
||||
#includedir /etc/sudoers.d
|
||||
|
|
@ -24,4 +24,4 @@ USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
|
|||
{% endif %}
|
||||
# See sudoers(5) for more information on "@include" directives:
|
||||
|
||||
@includedir /etc/sudoers.d
|
||||
{% if ansible_facts['distribution_major_version'] == "10" %}#{% else %}@{% endif %}includedir /etc/sudoers.d
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
# Wireguard
|
||||
|
||||
Installe et configure wireguard
|
||||
|
||||
## Variables
|
||||
|
||||
loc_wireguard:
|
||||
tunnels:
|
||||
- name: nom
|
||||
listen_port: port
|
||||
private_key: clé privée
|
||||
table: "off"
|
||||
peers:
|
||||
- public_key: clé publique de la machine distante
|
||||
allowed_ips: ips autorisées
|
||||
endpoint: ip:port (facultatif)
|
||||
persistent_keepalive: int (facultatif)
|
||||
post_up: actions après activation
|
||||
pre_down: actions avant arrêt
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
# Zamok tools
|
||||
|
||||
Installe les logiciels nécessaire sur Zamok et configure les pages persos.
|
||||
Loading…
Reference in New Issue