Merge branch 'cleanup' into 'newinfra'

Cleanup See merge request nounous/ansible!190
2021-01-16 20:11:48 +01:00 · 2021-01-16 20:11:48 +01:00 · ea4497cc73
parent 09ed83964a 82c7166dfc
commit ea4497cc73
11 changed files with 41 additions and 240 deletions
--- a/all.yml
+++ b/all.yml
@ -1,25 +1,34 @@
 #!/usr/bin/env ansible-playbook
 ---
 # This playbooks runs all playbooks
 # It's a good tool for lazy administrators that just want to check that
 # current running configuration matches Ansible.
 # Core playboot to have minimal configuration
 - import_playbook: plays/root.yml
 # Common configuration
 - import_playbook: plays/mail.yml
 - import_playbook: plays/nfs.yml
 #- import_playbook: plays/logs.yml  TODO: rsyncd
- import_playbook: plays/backup.yml
+- import_playbook: plays/backup.yml  # import borgbackup_client/server.yml
 # - import_playbook: plays/network-interfaces.yml  TODO: check this paybook
 - import_playbook: plays/monitoring.yml
 # Services that only apply to a subset of server
-# - import_playbook: plays/cas.yml
+- import_playbook: plays/cas.yml
 - import_playbook: plays/certbot.yml
 - import_playbook: plays/dhcp.yml
 - import_playbook: plays/dns.yml
 - import_playbook: plays/dovecot.yml
 - import_playbook: plays/ethercalc.yml
 - import_playbook: plays/etherpad.yml
 - import_playbook: plays/firewall.yml
 - import_playbook: plays/framadate.yml
 - import_playbook: plays/freeradius.yml
 - import_playbook: plays/generate_documentation.yml
 - import_playbook: plays/gitlab.yml
 - import_playbook: plays/home.yml
 - import_playbook: plays/horde.yml
 - import_playbook: plays/keepalived.yml
 - import_playbook: plays/mailman.yml
@ -28,14 +37,13 @@
 - import_playbook: plays/nginx_rtmp.yml
 - import_playbook: plays/ntp.yml
 - import_playbook: plays/owncloud.yml
 - import_playbook: plays/postfix.yml
 - import_playbook: plays/postgresql.yml
 - import_playbook: plays/re2o.yml
 - import_playbook: plays/reverse-proxy.yml
 - import_playbook: plays/roundcube.yml
 - import_playbook: plays/ssh_known_hosts.yml
 - import_playbook: plays/tv.yml
 - import_playbook: plays/unifi.yml
 - import_playbook: plays/wireguard.yml
-
+- import_playbook: plays/zamok.yml
 # FIXME: should be in plays/ directory
 # Deploy LDAP replica
 - hosts: odlyd.adm.crans.org,soyouz.adm.crans.org,fy.adm.crans.org,thot.adm.crans.org
  roles: []  # TODO
--- a/clean_servers.yml
+++ b/clean_servers.yml
@ -1,116 +0,0 @@
 #!/usr/bin/env ansible-playbook
 ---
 # This is a special playbook to clean old stuff from BCFG2
 # it will disapear when BCFG2 will disapear
 # `apt-mark showmanual` is a good start
 - hosts: server,test_vm
  tasks:
    - name: Clean up unused packages
      apt:
        state: absent
        name:
          - acpid
          - apt-dater-host
          - arpwatch  # old sniffing
          - at
          - bcfg2
          - byobu  # we already have screen and tmux
          - collectd
          - collectd-utils  # old monitoring
          - debian-faq  # graphical
          - doc-debian  # graphical
          - icinga2
          - icinga2-bin
          - icinga2-common
          - icinga2-ido-pgsql
          - icinga2-node  # old monitoring
          - ipython  # go use ipython3!
          - irqbalance  # removed in newer debian
          - libmonitoring-plugin-perl
          - monit
          - monitoring-plugins
          - monitoring-plugins-basic
          - monitoring-plugins-common
          - monitoring-plugins-standard
          - munin-common
          - munin-node  # old monitoring
          - munin  # old monitoring
          - munin-plugins-core
          - munin-plugins-extra
          - nagios-nrpe-server
          - nagios-plugins-contrib
          - openbsd-inetd
          - os-prober  # makes grub-install lag
          - popularity-contest
          - python3-nagiosplugin
          - python3-reportbug
          - python-nagiosplugin
          - ramond  # remplaced by ra-guard on switchs
          - snmp
          - sysstat  # very old monitoring
          - xscreensaver  # was on owncloud
      register: apt_result
      retries: 3
      until: apt_result is succeeded
    - name: Clean unwanted olderstuff
      apt:
        autoremove: true
        purge: true
      register: apt_result
      retries: 3
      until: apt_result is succeeded
    - name: Remove old conf
      file:
        path: "{{ item }}"
        state: absent
      loop:
        - /etc/apt/apt.conf.d/01aptitude
        - /etc/apt/apt.conf.d/70debconf
        - /etc/apt-dater-host.conf
        - /etc/bcfg2.conf
        - /etc/bcfg2.conf.ucf-dist
        - /etc/crans
        - /etc/cron.daily/bcfg2
        - /etc/cron.daily/git_dirty_repo
        - /etc/cron.d/autobcfg2
        - /etc/cron.d/bcfg2-run
        - /etc/cron.d/comptes_inactifs
        - /etc/cron.d/letsencrypt_check_cert
        - /etc/cron.d/monit
        - /etc/cron.d/munin-crans
        - /etc/cron.d/munin-node
        - /etc/cron.d/munin-node.dpkg-dist
        - /etc/cron.d/printer_watch
        - /etc/cron.d/pull-repos-scripts
        - /etc/cron.d/pxeboot
        - /etc/cron.d/re2o-services
        - /etc/cron.d/sshFingerprint
        - /etc/cron.hourly/bcfg2
        - /etc/cron.weekly/git_dirty_repo
        - /etc/default/bcfg2
        - /etc/default/bcfg2.ucf-dist
        - /etc/icinga2
        - /etc/init.d/bcfg2
        - /etc/ldap/ldap.conf
        - /etc/letsencrypt/conf.d/localhost.ini
        - /etc/monit
        - /etc/munin
        - /etc/nagios
        - /etc/nagios-plugins
        - /etc/nginx/sites-available/status
        - /etc/nginx/sites-enabled/status
        - /etc/nss-ldapd.conf
        - /etc/nut
        - /etc/pnp4nagios
        - /etc/sudoers.d/apt-dater-host
        - /var/local/aptdater
 #    - name: Upgrade
 #      apt:
 #        upgrade: dist
 #        update_cache: true
 #        cache_valid_time: 86400  # one day
 #      register: apt_result
 #      retries: 3
 #      until: apt_result is succeeded
--- a/network.yml
+++ b/network.yml
@ -1,57 +0,0 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: gitzly.adm.crans.org
  vars:
    certbot:
      dns_rfc2136_name: certbot_adm_challenge.
      dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
      mail: root@crans.org
      certname: adm.crans.org
      domains: "*.adm.crans.org"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
  roles:
    - certbot
 # Deploy firewall
 - hosts: gulp.adm.crans.org
  roles: []  # TODO
 # Deploy Unifi Controller
 - hosts: unifi.adm.crans.org
  roles:
    - unifi-controller
 # Configure routers
 - hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
  roles:
    - logall
    - quagga
 # Deploy BGP server configuration on IPv4 routers
 - hosts: gulp.adm.crans.org,odlyd.adm.crans.org
  vars:
    zebra:
      password: "{{ vault_zebra_password }}"
    bgp:
      as: 204515
      router_id: 158.255.113.73
      network: 185.230.76.0/22
      neighbor: 158.255.113.72
      remote_as: 8218
  roles:
    - quagga-ipv4
 # Deploy BGP server configuration on IPv6 routers
 - hosts: ipv6-zayo.adm.crans.org
  vars:
    zebra:
      password: "{{ vault_zebra_password }}"
    bgp:
      as: 204515
      router_id: 138.231.136.200
      network: 2a0c:700::/32
      neighbor: 2001:1b48:2:103::bb:1
      remote_as: 8218
  roles:
    - quagga-ipv6
--- a/plays/gather_fact.yml
+++ b/plays/gather_fact.yml
@ -1,3 +0,0 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: all
--- a/plays/get_adm_iface.yml
+++ b/plays/get_adm_iface.yml
@ -1,11 +0,0 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: server
  tasks:
    - name: Register adm interface in adm_iface variable
      shell: set -o pipefail && grep adm /sys/class/net/*/ifalias | sed "s|/sys/class/net/||" | sed "s|/ifalias:.*||"
      register: adm_iface
      check_mode: false
      changed_when: true
      args:
        executable: /bin/bash
--- a/plays/gitlab.yml
+++ b/plays/gitlab.yml
@ -5,3 +5,17 @@
  roles:
    - docker
    - gitlab-runner
 # This seems strange, don't know if it still used
 # - hosts: gitzly.adm.crans.org
 #   vars:
 #     certbot:
 #       dns_rfc2136_name: certbot_adm_challenge.
 #       dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
 #       mail: root@crans.org
 #       certname: adm.crans.org
 #       domains: "*.adm.crans.org"
 #     bind:
 #       masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
 #   roles:
 #     - certbot
--- a/plays/unifi.yml
+++ b/plays/unifi.yml
@ -0,0 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy Unifi Controller
 - hosts: unifi.adm.crans.org
  roles:
    - unifi-controller
--- a/radius.yml
+++ b/radius.yml
@ -1,10 +0,0 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org
  vars:
    certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
  roles:
    - certbot
    - freeradius
--- a/re2o.yml
+++ b/re2o.yml
@ -1,21 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy Re2o
+# THIS FILE SHOULD BE UPDATED TO NEW INFRA AND THE MERGED TO plays/
 - hosts: otis.adm.crans.org
  vars:
    re2o:
      owner: root
      group: nounou
      version: dev_crans
      settings_local_owner: root
      settings_local_group: root
      db_password: "{{ vault_re2o_db_password }}"
      django_secret_key: "{{ vault_re2o_django_secret_key }}"
      aes_key: "{{ vault_re2o_aes_key }}"
    ldap:
      master_password: "{{ vault_ldap_master_password }}"
  roles:
    - re2o
 # Deploy services config on all servers
 - hosts: server
--- a/roles/prometheus-snmp-exporter/templates/prometheus/snmp.yml.j2
+++ b/roles/prometheus-snmp-exporter/templates/prometheus/snmp.yml.j2
@ -80,21 +80,21 @@ procurve_switch:
  - 1.3.6.1.2.1.1.5.0
  - 1.3.6.1.2.1.1.6.0
  metrics:
-  - name: sysUpTime
+  - name: procurve_sysUpTime
    oid: 1.3.6.1.2.1.1.3
    type: gauge
    help: The time (in hundredths of a second) since the network management portion
      of the system was last re-initialized. - 1.3.6.1.2.1.1.3
-  - name: sysName
+  - name: procurve_sysName
    oid: 1.3.6.1.2.1.1.5
    type: DisplayString
    help: An administratively-assigned name for this managed node - 1.3.6.1.2.1.1.5
-  - name: sysLocation
+  - name: procurve_sysLocation
    oid: 1.3.6.1.2.1.1.6
    type: DisplayString
    help: The physical location of this node (e.g., 'telephone closet, 3rd floor')
      - 1.3.6.1.2.1.1.6
-  - name: ifHCOutOctets
+  - name: procurve_ifHCOutOctets
    oid: 1.3.6.1.2.1.31.1.1.1.10
    type: counter
    help: The total number of octets transmitted out of the interface, including framing
@ -102,7 +102,7 @@ procurve_switch:
    indexes:
    - labelname: ifIndex
      type: gauge
-  - name: ifHCInOctets
+  - name: procurve_ifHCInOctets
    oid: 1.3.6.1.2.1.31.1.1.1.6
    type: counter
    help: The total number of octets received on the interface, including framing
--- a/services_web.yml
+++ b/services_web.yml
@ -1,15 +0,0 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy MoinMoin Wiki
 - hosts: soyouz.adm.crans.org
  roles: []  # TODO
 - hosts: cas-srv.adm.crans.org
  roles: ["django-cas"]
 - hosts: ethercalc-srv.adm.crans.org
  roles: ["ethercalc"]
 - import_playbook: plays/horde.yml
 - import_playbook: plays/framadate.yml