diff --git a/all.yml b/all.yml index 6259b65a..abe59634 100755 --- a/all.yml +++ b/all.yml @@ -1,25 +1,34 @@ #!/usr/bin/env ansible-playbook --- +# This playbooks runs all playbooks +# It's a good tool for lazy administrators that just want to check that +# current running configuration matches Ansible. + # Core playboot to have minimal configuration - import_playbook: plays/root.yml +# Common configuration - import_playbook: plays/mail.yml - import_playbook: plays/nfs.yml #- import_playbook: plays/logs.yml TODO: rsyncd -- import_playbook: plays/backup.yml +- import_playbook: plays/backup.yml # import borgbackup_client/server.yml # - import_playbook: plays/network-interfaces.yml TODO: check this paybook - import_playbook: plays/monitoring.yml # Services that only apply to a subset of server -# - import_playbook: plays/cas.yml +- import_playbook: plays/cas.yml +- import_playbook: plays/certbot.yml - import_playbook: plays/dhcp.yml - import_playbook: plays/dns.yml +- import_playbook: plays/dovecot.yml +- import_playbook: plays/ethercalc.yml - import_playbook: plays/etherpad.yml - import_playbook: plays/firewall.yml - import_playbook: plays/framadate.yml - import_playbook: plays/freeradius.yml - import_playbook: plays/generate_documentation.yml - import_playbook: plays/gitlab.yml +- import_playbook: plays/home.yml - import_playbook: plays/horde.yml - import_playbook: plays/keepalived.yml - import_playbook: plays/mailman.yml @@ -28,14 +37,13 @@ - import_playbook: plays/nginx_rtmp.yml - import_playbook: plays/ntp.yml - import_playbook: plays/owncloud.yml +- import_playbook: plays/postfix.yml - import_playbook: plays/postgresql.yml - import_playbook: plays/re2o.yml - import_playbook: plays/reverse-proxy.yml - import_playbook: plays/roundcube.yml +- import_playbook: plays/ssh_known_hosts.yml - import_playbook: plays/tv.yml +- import_playbook: plays/unifi.yml - import_playbook: plays/wireguard.yml - -# FIXME: should be in plays/ directory -# Deploy LDAP replica -- hosts: odlyd.adm.crans.org,soyouz.adm.crans.org,fy.adm.crans.org,thot.adm.crans.org - roles: [] # TODO +- import_playbook: plays/zamok.yml diff --git a/clean_servers.yml b/clean_servers.yml deleted file mode 100755 index b866699a..00000000 --- a/clean_servers.yml +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# This is a special playbook to clean old stuff from BCFG2 -# it will disapear when BCFG2 will disapear -# `apt-mark showmanual` is a good start -- hosts: server,test_vm - tasks: - - name: Clean up unused packages - apt: - state: absent - name: - - acpid - - apt-dater-host - - arpwatch # old sniffing - - at - - bcfg2 - - byobu # we already have screen and tmux - - collectd - - collectd-utils # old monitoring - - debian-faq # graphical - - doc-debian # graphical - - icinga2 - - icinga2-bin - - icinga2-common - - icinga2-ido-pgsql - - icinga2-node # old monitoring - - ipython # go use ipython3! - - irqbalance # removed in newer debian - - libmonitoring-plugin-perl - - monit - - monitoring-plugins - - monitoring-plugins-basic - - monitoring-plugins-common - - monitoring-plugins-standard - - munin-common - - munin-node # old monitoring - - munin # old monitoring - - munin-plugins-core - - munin-plugins-extra - - nagios-nrpe-server - - nagios-plugins-contrib - - openbsd-inetd - - os-prober # makes grub-install lag - - popularity-contest - - python3-nagiosplugin - - python3-reportbug - - python-nagiosplugin - - ramond # remplaced by ra-guard on switchs - - snmp - - sysstat # very old monitoring - - xscreensaver # was on owncloud - register: apt_result - retries: 3 - until: apt_result is succeeded - - - name: Clean unwanted olderstuff - apt: - autoremove: true - purge: true - register: apt_result - retries: 3 - until: apt_result is succeeded - - - name: Remove old conf - file: - path: "{{ item }}" - state: absent - loop: - - /etc/apt/apt.conf.d/01aptitude - - /etc/apt/apt.conf.d/70debconf - - /etc/apt-dater-host.conf - - /etc/bcfg2.conf - - /etc/bcfg2.conf.ucf-dist - - /etc/crans - - /etc/cron.daily/bcfg2 - - /etc/cron.daily/git_dirty_repo - - /etc/cron.d/autobcfg2 - - /etc/cron.d/bcfg2-run - - /etc/cron.d/comptes_inactifs - - /etc/cron.d/letsencrypt_check_cert - - /etc/cron.d/monit - - /etc/cron.d/munin-crans - - /etc/cron.d/munin-node - - /etc/cron.d/munin-node.dpkg-dist - - /etc/cron.d/printer_watch - - /etc/cron.d/pull-repos-scripts - - /etc/cron.d/pxeboot - - /etc/cron.d/re2o-services - - /etc/cron.d/sshFingerprint - - /etc/cron.hourly/bcfg2 - - /etc/cron.weekly/git_dirty_repo - - /etc/default/bcfg2 - - /etc/default/bcfg2.ucf-dist - - /etc/icinga2 - - /etc/init.d/bcfg2 - - /etc/ldap/ldap.conf - - /etc/letsencrypt/conf.d/localhost.ini - - /etc/monit - - /etc/munin - - /etc/nagios - - /etc/nagios-plugins - - /etc/nginx/sites-available/status - - /etc/nginx/sites-enabled/status - - /etc/nss-ldapd.conf - - /etc/nut - - /etc/pnp4nagios - - /etc/sudoers.d/apt-dater-host - - /var/local/aptdater -# - name: Upgrade -# apt: -# upgrade: dist -# update_cache: true -# cache_valid_time: 86400 # one day -# register: apt_result -# retries: 3 -# until: apt_result is succeeded diff --git a/network.yml b/network.yml deleted file mode 100755 index a9f21b53..00000000 --- a/network.yml +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -- hosts: gitzly.adm.crans.org - vars: - certbot: - dns_rfc2136_name: certbot_adm_challenge. - dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}" - mail: root@crans.org - certname: adm.crans.org - domains: "*.adm.crans.org" - bind: - masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" - roles: - - certbot - -# Deploy firewall -- hosts: gulp.adm.crans.org - roles: [] # TODO - -# Deploy Unifi Controller -- hosts: unifi.adm.crans.org - roles: - - unifi-controller - -# Configure routers -- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org - roles: - - logall - - quagga - -# Deploy BGP server configuration on IPv4 routers -- hosts: gulp.adm.crans.org,odlyd.adm.crans.org - vars: - zebra: - password: "{{ vault_zebra_password }}" - bgp: - as: 204515 - router_id: 158.255.113.73 - network: 185.230.76.0/22 - neighbor: 158.255.113.72 - remote_as: 8218 - roles: - - quagga-ipv4 - -# Deploy BGP server configuration on IPv6 routers -- hosts: ipv6-zayo.adm.crans.org - vars: - zebra: - password: "{{ vault_zebra_password }}" - bgp: - as: 204515 - router_id: 138.231.136.200 - network: 2a0c:700::/32 - neighbor: 2001:1b48:2:103::bb:1 - remote_as: 8218 - roles: - - quagga-ipv6 diff --git a/plays/gather_fact.yml b/plays/gather_fact.yml deleted file mode 100755 index 29404790..00000000 --- a/plays/gather_fact.yml +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -- hosts: all diff --git a/plays/get_adm_iface.yml b/plays/get_adm_iface.yml deleted file mode 100755 index 4c98d38c..00000000 --- a/plays/get_adm_iface.yml +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -- hosts: server - tasks: - - name: Register adm interface in adm_iface variable - shell: set -o pipefail && grep adm /sys/class/net/*/ifalias | sed "s|/sys/class/net/||" | sed "s|/ifalias:.*||" - register: adm_iface - check_mode: false - changed_when: true - args: - executable: /bin/bash diff --git a/plays/gitlab.yml b/plays/gitlab.yml index 3be109e0..1e1b6410 100755 --- a/plays/gitlab.yml +++ b/plays/gitlab.yml @@ -5,3 +5,17 @@ roles: - docker - gitlab-runner + +# This seems strange, don't know if it still used +# - hosts: gitzly.adm.crans.org +# vars: +# certbot: +# dns_rfc2136_name: certbot_adm_challenge. +# dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}" +# mail: root@crans.org +# certname: adm.crans.org +# domains: "*.adm.crans.org" +# bind: +# masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" +# roles: +# - certbot diff --git a/plays/unifi.yml b/plays/unifi.yml new file mode 100755 index 00000000..28334d98 --- /dev/null +++ b/plays/unifi.yml @@ -0,0 +1,6 @@ +#!/usr/bin/env ansible-playbook +--- +# Deploy Unifi Controller +- hosts: unifi.adm.crans.org + roles: + - unifi-controller diff --git a/radius.yml b/radius.yml deleted file mode 100755 index a26e3549..00000000 --- a/radius.yml +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -- hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org - vars: - certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}' - bind: - masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" - roles: - - certbot - - freeradius diff --git a/re2o.yml b/re2o.yml index 576fc219..44f085d7 100755 --- a/re2o.yml +++ b/re2o.yml @@ -1,21 +1,6 @@ #!/usr/bin/env ansible-playbook --- -# Deploy Re2o -- hosts: otis.adm.crans.org - vars: - re2o: - owner: root - group: nounou - version: dev_crans - settings_local_owner: root - settings_local_group: root - db_password: "{{ vault_re2o_db_password }}" - django_secret_key: "{{ vault_re2o_django_secret_key }}" - aes_key: "{{ vault_re2o_aes_key }}" - ldap: - master_password: "{{ vault_ldap_master_password }}" - roles: - - re2o +# THIS FILE SHOULD BE UPDATED TO NEW INFRA AND THE MERGED TO plays/ # Deploy services config on all servers - hosts: server diff --git a/roles/prometheus-snmp-exporter/templates/prometheus/snmp.yml.j2 b/roles/prometheus-snmp-exporter/templates/prometheus/snmp.yml.j2 index 69770a1a..aa30bc43 100644 --- a/roles/prometheus-snmp-exporter/templates/prometheus/snmp.yml.j2 +++ b/roles/prometheus-snmp-exporter/templates/prometheus/snmp.yml.j2 @@ -80,21 +80,21 @@ procurve_switch: - 1.3.6.1.2.1.1.5.0 - 1.3.6.1.2.1.1.6.0 metrics: - - name: sysUpTime + - name: procurve_sysUpTime oid: 1.3.6.1.2.1.1.3 type: gauge help: The time (in hundredths of a second) since the network management portion of the system was last re-initialized. - 1.3.6.1.2.1.1.3 - - name: sysName + - name: procurve_sysName oid: 1.3.6.1.2.1.1.5 type: DisplayString help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5 - - name: sysLocation + - name: procurve_sysLocation oid: 1.3.6.1.2.1.1.6 type: DisplayString help: The physical location of this node (e.g., 'telephone closet, 3rd floor') - 1.3.6.1.2.1.1.6 - - name: ifHCOutOctets + - name: procurve_ifHCOutOctets oid: 1.3.6.1.2.1.31.1.1.1.10 type: counter help: The total number of octets transmitted out of the interface, including framing @@ -102,7 +102,7 @@ procurve_switch: indexes: - labelname: ifIndex type: gauge - - name: ifHCInOctets + - name: procurve_ifHCInOctets oid: 1.3.6.1.2.1.31.1.1.1.6 type: counter help: The total number of octets received on the interface, including framing diff --git a/services_web.yml b/services_web.yml deleted file mode 100755 index 5e45ef72..00000000 --- a/services_web.yml +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# Deploy MoinMoin Wiki -- hosts: soyouz.adm.crans.org - roles: [] # TODO - -- hosts: cas-srv.adm.crans.org - roles: ["django-cas"] - -- hosts: ethercalc-srv.adm.crans.org - roles: ["ethercalc"] - -- import_playbook: plays/horde.yml -- import_playbook: plays/framadate.yml -