Merge branch 'cleanup' into 'newinfra'

Cleanup See merge request nounous/ansible!190
2021-01-16 20:11:48 +01:00 · 2021-01-16 20:11:48 +01:00 · ea4497cc73
parent 09ed83964a 82c7166dfc
commit ea4497cc73
11 changed files with 41 additions and 240 deletions
--- a/all.yml
+++ b/all.yml
@ -1,25 +1,34 @@
 #!/usr/bin/env ansible-playbook
 ---
+# This playbooks runs all playbooks
+# It's a good tool for lazy administrators that just want to check that
+# current running configuration matches Ansible.
+
 # Core playboot to have minimal configuration
 - import_playbook: plays/root.yml

+# Common configuration
 - import_playbook: plays/mail.yml
 - import_playbook: plays/nfs.yml
 #- import_playbook: plays/logs.yml  TODO: rsyncd
- import_playbook: plays/backup.yml
+- import_playbook: plays/backup.yml  # import borgbackup_client/server.yml
 # - import_playbook: plays/network-interfaces.yml  TODO: check this paybook
 - import_playbook: plays/monitoring.yml

 # Services that only apply to a subset of server
-# - import_playbook: plays/cas.yml
+- import_playbook: plays/cas.yml
+- import_playbook: plays/certbot.yml
 - import_playbook: plays/dhcp.yml
 - import_playbook: plays/dns.yml
+- import_playbook: plays/dovecot.yml
+- import_playbook: plays/ethercalc.yml
 - import_playbook: plays/etherpad.yml
 - import_playbook: plays/firewall.yml
 - import_playbook: plays/framadate.yml
 - import_playbook: plays/freeradius.yml
 - import_playbook: plays/generate_documentation.yml
 - import_playbook: plays/gitlab.yml
+- import_playbook: plays/home.yml
 - import_playbook: plays/horde.yml
 - import_playbook: plays/keepalived.yml
 - import_playbook: plays/mailman.yml
@ -28,14 +37,13 @@
 - import_playbook: plays/nginx_rtmp.yml
 - import_playbook: plays/ntp.yml
 - import_playbook: plays/owncloud.yml
+- import_playbook: plays/postfix.yml
 - import_playbook: plays/postgresql.yml
 - import_playbook: plays/re2o.yml
 - import_playbook: plays/reverse-proxy.yml
 - import_playbook: plays/roundcube.yml
+- import_playbook: plays/ssh_known_hosts.yml
 - import_playbook: plays/tv.yml
+- import_playbook: plays/unifi.yml
 - import_playbook: plays/wireguard.yml
-
-# FIXME: should be in plays/ directory
-# Deploy LDAP replica
- hosts: odlyd.adm.crans.org,soyouz.adm.crans.org,fy.adm.crans.org,thot.adm.crans.org
-  roles: []  # TODO
+- import_playbook: plays/zamok.yml
--- a/clean_servers.yml
+++ b/clean_servers.yml
@ -1,116 +0,0 @@
-#!/usr/bin/env ansible-playbook
---
-# This is a special playbook to clean old stuff from BCFG2
-# it will disapear when BCFG2 will disapear
-# `apt-mark showmanual` is a good start
- hosts: server,test_vm
-  tasks:
-    - name: Clean up unused packages
-      apt:
-        state: absent
-        name:
-          - acpid
-          - apt-dater-host
-          - arpwatch  # old sniffing
-          - at
-          - bcfg2
-          - byobu  # we already have screen and tmux
-          - collectd
-          - collectd-utils  # old monitoring
-          - debian-faq  # graphical
-          - doc-debian  # graphical
-          - icinga2
-          - icinga2-bin
-          - icinga2-common
-          - icinga2-ido-pgsql
-          - icinga2-node  # old monitoring
-          - ipython  # go use ipython3!
-          - irqbalance  # removed in newer debian
-          - libmonitoring-plugin-perl
-          - monit
-          - monitoring-plugins
-          - monitoring-plugins-basic
-          - monitoring-plugins-common
-          - monitoring-plugins-standard
-          - munin-common
-          - munin-node  # old monitoring
-          - munin  # old monitoring
-          - munin-plugins-core
-          - munin-plugins-extra
-          - nagios-nrpe-server
-          - nagios-plugins-contrib
-          - openbsd-inetd
-          - os-prober  # makes grub-install lag
-          - popularity-contest
-          - python3-nagiosplugin
-          - python3-reportbug
-          - python-nagiosplugin
-          - ramond  # remplaced by ra-guard on switchs
-          - snmp
-          - sysstat  # very old monitoring
-          - xscreensaver  # was on owncloud
-      register: apt_result
-      retries: 3
-      until: apt_result is succeeded
-
-    - name: Clean unwanted olderstuff
-      apt:
-        autoremove: true
-        purge: true
-      register: apt_result
-      retries: 3
-      until: apt_result is succeeded
-
-    - name: Remove old conf
-      file:
-        path: "{{ item }}"
-        state: absent
-      loop:
-        - /etc/apt/apt.conf.d/01aptitude
-        - /etc/apt/apt.conf.d/70debconf
-        - /etc/apt-dater-host.conf
-        - /etc/bcfg2.conf
-        - /etc/bcfg2.conf.ucf-dist
-        - /etc/crans
-        - /etc/cron.daily/bcfg2
-        - /etc/cron.daily/git_dirty_repo
-        - /etc/cron.d/autobcfg2
-        - /etc/cron.d/bcfg2-run
-        - /etc/cron.d/comptes_inactifs
-        - /etc/cron.d/letsencrypt_check_cert
-        - /etc/cron.d/monit
-        - /etc/cron.d/munin-crans
-        - /etc/cron.d/munin-node
-        - /etc/cron.d/munin-node.dpkg-dist
-        - /etc/cron.d/printer_watch
-        - /etc/cron.d/pull-repos-scripts
-        - /etc/cron.d/pxeboot
-        - /etc/cron.d/re2o-services
-        - /etc/cron.d/sshFingerprint
-        - /etc/cron.hourly/bcfg2
-        - /etc/cron.weekly/git_dirty_repo
-        - /etc/default/bcfg2
-        - /etc/default/bcfg2.ucf-dist
-        - /etc/icinga2
-        - /etc/init.d/bcfg2
-        - /etc/ldap/ldap.conf
-        - /etc/letsencrypt/conf.d/localhost.ini
-        - /etc/monit
-        - /etc/munin
-        - /etc/nagios
-        - /etc/nagios-plugins
-        - /etc/nginx/sites-available/status
-        - /etc/nginx/sites-enabled/status
-        - /etc/nss-ldapd.conf
-        - /etc/nut
-        - /etc/pnp4nagios
-        - /etc/sudoers.d/apt-dater-host
-        - /var/local/aptdater
-#    - name: Upgrade
-#      apt:
-#        upgrade: dist
-#        update_cache: true
-#        cache_valid_time: 86400  # one day
-#      register: apt_result
-#      retries: 3
-#      until: apt_result is succeeded
--- a/network.yml
+++ b/network.yml
@ -1,57 +0,0 @@
-#!/usr/bin/env ansible-playbook
---
- hosts: gitzly.adm.crans.org
-  vars:
-    certbot:
-      dns_rfc2136_name: certbot_adm_challenge.
-      dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
-      mail: root@crans.org
-      certname: adm.crans.org
-      domains: "*.adm.crans.org"
-    bind:
-      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
-  roles:
-    - certbot
-
-# Deploy firewall
- hosts: gulp.adm.crans.org
-  roles: []  # TODO
-
-# Deploy Unifi Controller
- hosts: unifi.adm.crans.org
-  roles:
-    - unifi-controller
-
-# Configure routers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
-  roles:
-    - logall
-    - quagga
-
-# Deploy BGP server configuration on IPv4 routers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org
-  vars:
-    zebra:
-      password: "{{ vault_zebra_password }}"
-    bgp:
-      as: 204515
-      router_id: 158.255.113.73
-      network: 185.230.76.0/22
-      neighbor: 158.255.113.72
-      remote_as: 8218
-  roles:
-    - quagga-ipv4
-
-# Deploy BGP server configuration on IPv6 routers
- hosts: ipv6-zayo.adm.crans.org
-  vars:
-    zebra:
-      password: "{{ vault_zebra_password }}"
-    bgp:
-      as: 204515
-      router_id: 138.231.136.200
-      network: 2a0c:700::/32
-      neighbor: 2001:1b48:2:103::bb:1
-      remote_as: 8218
-  roles:
-    - quagga-ipv6
--- a/plays/gather_fact.yml
+++ b/plays/gather_fact.yml
@ -1,3 +0,0 @@
-#!/usr/bin/env ansible-playbook
---
- hosts: all
--- a/plays/get_adm_iface.yml
+++ b/plays/get_adm_iface.yml
@ -1,11 +0,0 @@
-#!/usr/bin/env ansible-playbook
---
- hosts: server
-  tasks:
-    - name: Register adm interface in adm_iface variable
-      shell: set -o pipefail && grep adm /sys/class/net/*/ifalias | sed "s|/sys/class/net/||" | sed "s|/ifalias:.*||"
-      register: adm_iface
-      check_mode: false
-      changed_when: true
-      args:
-        executable: /bin/bash
--- a/plays/gitlab.yml
+++ b/plays/gitlab.yml
@ -5,3 +5,17 @@
  roles:
    - docker
    - gitlab-runner
+
+# This seems strange, don't know if it still used
+# - hosts: gitzly.adm.crans.org
+#   vars:
+#     certbot:
+#       dns_rfc2136_name: certbot_adm_challenge.
+#       dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
+#       mail: root@crans.org
+#       certname: adm.crans.org
+#       domains: "*.adm.crans.org"
+#     bind:
+#       masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
+#   roles:
+#     - certbot
--- a/plays/unifi.yml
+++ b/plays/unifi.yml
@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy Unifi Controller
+- hosts: unifi.adm.crans.org
+  roles:
+    - unifi-controller
--- a/radius.yml
+++ b/radius.yml
@ -1,10 +0,0 @@
-#!/usr/bin/env ansible-playbook
---
- hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org
-  vars:
-    certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
-    bind:
-      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
-  roles:
-    - certbot
-    - freeradius
--- a/re2o.yml
+++ b/re2o.yml
@ -1,21 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy Re2o
- hosts: otis.adm.crans.org
-  vars:
-    re2o:
-      owner: root
-      group: nounou
-      version: dev_crans
-      settings_local_owner: root
-      settings_local_group: root
-      db_password: "{{ vault_re2o_db_password }}"
-      django_secret_key: "{{ vault_re2o_django_secret_key }}"
-      aes_key: "{{ vault_re2o_aes_key }}"
-    ldap:
-      master_password: "{{ vault_ldap_master_password }}"
-  roles:
-    - re2o
+# THIS FILE SHOULD BE UPDATED TO NEW INFRA AND THE MERGED TO plays/

 # Deploy services config on all servers
 - hosts: server
--- a/roles/prometheus-snmp-exporter/templates/prometheus/snmp.yml.j2
+++ b/roles/prometheus-snmp-exporter/templates/prometheus/snmp.yml.j2
@ -80,21 +80,21 @@ procurve_switch:
  - 1.3.6.1.2.1.1.5.0
  - 1.3.6.1.2.1.1.6.0
  metrics:
-  - name: sysUpTime
+  - name: procurve_sysUpTime
    oid: 1.3.6.1.2.1.1.3
    type: gauge
    help: The time (in hundredths of a second) since the network management portion
      of the system was last re-initialized. - 1.3.6.1.2.1.1.3
-  - name: sysName
+  - name: procurve_sysName
    oid: 1.3.6.1.2.1.1.5
    type: DisplayString
    help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5
-  - name: sysLocation
+  - name: procurve_sysLocation
    oid: 1.3.6.1.2.1.1.6
    type: DisplayString
    help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
      - 1.3.6.1.2.1.1.6
-  - name: ifHCOutOctets
+  - name: procurve_ifHCOutOctets
    oid: 1.3.6.1.2.1.31.1.1.1.10
    type: counter
    help: The total number of octets transmitted out of the interface, including framing
@ -102,7 +102,7 @@ procurve_switch:
    indexes:
    - labelname: ifIndex
      type: gauge
-  - name: ifHCInOctets
+  - name: procurve_ifHCInOctets
    oid: 1.3.6.1.2.1.31.1.1.1.6
    type: counter
    help: The total number of octets received on the interface, including framing
--- a/services_web.yml
+++ b/services_web.yml
@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
---
-# Deploy MoinMoin Wiki
- hosts: soyouz.adm.crans.org
-  roles: []  # TODO
-
- hosts: cas-srv.adm.crans.org
-  roles: ["django-cas"]
-
- hosts: ethercalc-srv.adm.crans.org
-  roles: ["ethercalc"]
-
- import_playbook: plays/horde.yml
- import_playbook: plays/framadate.yml
-