diff --git a/group_vars/baie.yml b/group_vars/baie.yml new file mode 100644 index 0000000000000000000000000000000000000000..06fecd60192a5978f14e9081c813b3e4f9797588 --- /dev/null +++ b/group_vars/baie.yml @@ -0,0 +1,4 @@ +--- +loc_apt: + backports: + components: 'main contrib non-free' diff --git a/group_vars/crans_server/vars.yml b/group_vars/crans_server/vars.yml index 876a0d405628f12d95e4cde9d9878e5136efe4d2..8e6eb23b6a670dcac233521b37c6932a6a6c1352 100644 --- a/group_vars/crans_server/vars.yml +++ b/group_vars/crans_server/vars.yml @@ -3,13 +3,6 @@ ldap: servers: ["172.16.1.1"] base: "dc=crans,dc=org" - -# Parameters for debian and ubuntu mirror -debian_mirror: http://mirror.adm.crans.org/debian -ubuntu_mirror: http://mirror.adm.crans.org/ubuntu -debian_components: main contrib non-free -ubuntu_components: main restricted universe multiverse - glob_borg: to_backup: - /etc diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml index 2b4fbd4068a9eb7b7374ab63632ba3608cec3160..9f2fc888f5d956fb6e8c4a727f1d1257596919ea 100644 --- a/group_vars/keepalived.yml +++ b/group_vars/keepalived.yml @@ -5,12 +5,28 @@ glob_keepalived: mail_destination: root@crans.org smtp_server: smtp.adm.crans.org pool: - dhcp: + all: password: "plopisverysecure" id: 60 ipv6: yes notify: /usr/scripts/notify-dhcp zones: + - vlan: zayo + ipv4: 158.255.113.73/31 + brd: false + ipv6: 2001:1b48:2:103::bb:2/126 + - vlan: srv + ipv4: 185.230.79.62/26 + brd: true + ipv6: 2a0c:700:2::ff:fe00:9902/64 + - vlan: srv_nat + ipv4: 172.16.3.99/24 + brd: true + ipv6: 2a0c:700:3::ff:fe00:9903/64 + - vlan: infra + ipv4: 172.16.32.99/22 + brd: true + ipv6: fd00::11:0:ff:fe00:9911/64 - vlan: adh ipv4: 185.230.78.99/24 brd: true @@ -19,12 +35,3 @@ glob_keepalived: ipv4: 100.64.0.99/16 brd: true ipv6: 2a0c:700:13::ff:fe00:9913/48 - radius: - password: 'plopisverysecure' - id: 61 - ipv6: yes - zones: - - vlan: infra - ipv4: 172.16.32.99/22 - brd: true - ipv6: fd00::11:0:ff:fe00:9911/64 diff --git a/group_vars/server/apt.yml b/group_vars/server/apt.yml new file mode 100644 index 0000000000000000000000000000000000000000..22b8c5e2e3f0eaadfb0eb83e43a5a92047689a6e --- /dev/null +++ b/group_vars/server/apt.yml @@ -0,0 +1,18 @@ +--- +glob_apt: + protocol: http:// + mirror: mirror.adm.crans.org + pool: debian + debs: + - name: '' + path: '' + components: 'main contrib non-free' + comment: 'Dépot classique' + - name: '' + path: '-updates' + components: 'main contrib non-free' + comment: 'Mises à jour fréquentes (volatiles)' + - name: '-security' + path: '/updates' + components: 'main contrib non-free' + comment: 'Mises à jour de sécurité' diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml new file mode 100644 index 0000000000000000000000000000000000000000..247e0e5b8915b23650e92b0dd4180d167a623627 --- /dev/null +++ b/group_vars/virtu.yml @@ -0,0 +1,3 @@ +--- +loc_apt: + proxmox: yes diff --git a/host_vars/bigbluebutton.adm.crans.org.yml b/host_vars/bigbluebutton.adm.crans.org.yml new file mode 100644 index 0000000000000000000000000000000000000000..f87095bbcf76f3086344980267b7b56d1e7dca51 --- /dev/null +++ b/host_vars/bigbluebutton.adm.crans.org.yml @@ -0,0 +1,17 @@ +--- +loc_apt: + pool: ubuntu + debs: + - name: '' + path: '' + components: 'main restricted universe multiverse' + comment: 'Dépot classique' + - name: '' + path: '-updates' + components: 'main restricted universe multiverse' + comment: 'Mises à jour fréquentes (volatiles)' + - name: '' + path: '-security' + components: 'main restricted universe multiverse' + comment: 'Mises à jour de sécurité' + diff --git a/host_vars/fluxx.adm.crans.org.yml b/host_vars/fluxx.adm.crans.org.yml index 5cde204461d4051fcc160eab974a5c25e3663a6c..e491027d888d90703b314bdf6dd5e4dbe693c3da 100644 --- a/host_vars/fluxx.adm.crans.org.yml +++ b/host_vars/fluxx.adm.crans.org.yml @@ -1,3 +1,14 @@ --- interfaces: adm: eth0 + +loc_apt: + debs: + - name: '' + path: '' + components: 'main non-free' + comment: 'Dépot classique' + - name: '' + path: '-updates' + components: 'main non-free' + comment: 'Mises à jour fréquentes (volatiles)' diff --git a/host_vars/monitoring.adm.crans.org.yml b/host_vars/monitoring.adm.crans.org.yml index ab6e12d6c57a8cc963b56891d576dd85b15c3a73..aa932be19d17dee8740366f23d28be9f73418bc4 100644 --- a/host_vars/monitoring.adm.crans.org.yml +++ b/host_vars/monitoring.adm.crans.org.yml @@ -2,3 +2,15 @@ interfaces: adm: eth0 srv_nat: eth1 infra: eth2 + +loc_apt: + debs: + - name: '' + path: '' + components: 'main non-free' + comment: 'Dépot classique' + - name: '' + path: '-updates' + components: 'main non-free' + comment: 'Mises à jour fréquentes (volatiles)' + diff --git a/host_vars/routeur-jack.adm.crans.org.yml b/host_vars/routeur-jack.adm.crans.org.yml new file mode 100644 index 0000000000000000000000000000000000000000..ed97d539c095cf1413af30cc23dea272095b97dd --- /dev/null +++ b/host_vars/routeur-jack.adm.crans.org.yml @@ -0,0 +1 @@ +--- diff --git a/host_vars/unifi.adm.crans.org.yml b/host_vars/unifi.adm.crans.org.yml new file mode 100644 index 0000000000000000000000000000000000000000..6824c2cbf88c2515320736f65bb3917858e53bf7 --- /dev/null +++ b/host_vars/unifi.adm.crans.org.yml @@ -0,0 +1,10 @@ +--- +loc_apt: + additional_repository: + - name: 100-ubnt-unifi + uri: https://www.ui.com/downloads/unifi/debian + release: stable + components: ubiquiti + key: + id: 06E85760C0A52C50 + server: keyserver.ubuntu.com diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml index bf60fd812bd4dee43b38d9b2c7b71293c520a6b1..ee2cc31e3d311609037f6587913d7d180ec2363b 100644 --- a/host_vars/zamok.adm.crans.org.yml +++ b/host_vars/zamok.adm.crans.org.yml @@ -7,3 +7,14 @@ loc_borg: params: - "- name: all" - " password: {{ vault_mysql_zamok_password }}" + +loc_apt: + debs: + - name: '' + path: '' + components: 'main non-free' + comment: 'Dépot classique' + - name: '' + path: '-updates' + components: 'main non-free' + comment: 'Mises à jour fréquentes (volatiles)' diff --git a/hosts b/hosts index 98de0fe45d3deef064b90c87e0675d84f864f24c..4773a52e4b73545b7c960c99f8502791baf9f11b 100644 --- a/hosts +++ b/hosts @@ -60,9 +60,9 @@ routeurs_vm [ldap_server] tealc.adm.crans.org -sam.adm.crans.org -daniel.adm.crans.org -jack.adm.crans.org + +[ldap_server:children] +virtu [monitoring] monitoring.adm.crans.org @@ -156,7 +156,7 @@ roundcube.adm.crans.org titanic.adm.crans.org tracker.adm.crans.org voyager.adm.crans.org -#unifi.adm.crans.org +unifi.adm.crans.org [crans_vm:children] routeurs_vm diff --git a/plays/root.yml b/plays/root.yml index 2b3d83c3da637678061d78680972d6457a1f4402..395104fbb91ed3f4d8e26f26b6a4817aaee0998c 100755 --- a/plays/root.yml +++ b/plays/root.yml @@ -2,34 +2,11 @@ --- # root is the first playbook to launch (as root) whe initiation a new server -- hosts: server - tasks: - - name: Check if mirror.adm is defined in /etc/hosts - lineinfile: - state: absent - path: /etc/hosts - regexp: '^{{ glob_mirror.ip }}' - check_mode: True - changed_when: False - register: check_mirror - - - name: Define mirror.adm.crans.org if it doesn't exist. - lineinfile: - path: /etc/hosts - line: '{{ glob_mirror.ip }} {{ glob_mirror.name }}' - insertafter: '127.0.0.1 localhost' - when: check_mirror.found == 0 - -- hosts: baie - roles: - - baie - -- hosts: virtu - roles: - - proxmox-apt-sources - - hosts: server vars: + play_apt: + mirror: 172.16.10.30 + apt: '{{ glob_apt | combine(loc_apt | default({})) | combine(play_apt) }}' # # Will be in /usr/scripts/ # crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git" @@ -38,13 +15,17 @@ - charybde.adm.crans.org # - silice.adm.crans.org roles: - - debian-apt-sources + - apt - common-tools - sudo - ntp-client # - crans-scripts - root-config +- hosts: baie + roles: + - zfs + - hosts: crans_vm roles: - qemu-guest-agent @@ -84,5 +65,12 @@ retries: 3 until: apt_result is succeeded +# Deploys back the apt configuration using the uri and not the ip +- hosts: server + vars: + apt: '{{ glob_apt | combine(loc_apt | default({})) }}' + roles: + - apt + - import_playbook: borgbackups_client.yml - import_playbook: monitoring.yml diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..4119d4e552592eed045ac37a41e9f2af0da8b469 --- /dev/null +++ b/roles/apt/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: Configure Debian repositories + template: + src: apt/sources.list.j2 + dest: /etc/apt/sources.list + +- name: Configure Debian backports repository + template: + src: apt/sources.list.d/backports.list.j2 + dest: /etc/apt/sources.list.d/backports.list + when: apt.backports is defined + +- name: Configure Proxmox repositories + template: + src: apt/sources.list.d/pve-enterprise.list.j2 + dest: /etc/apt/sources.list.d/pve-enterprise.list + when: apt.proxmox is defined and apt.proxmox + +- name: Configure apt additional keys + apt_key: + keyserver: '{{ item.key.server }}' + id: '{{ item.key.id }}' + state: present + register: apt_key_result + retries: 3 + until: apt_key_result is succeeded + when: apt.additional_repository + loop: "{{ apt.additional_repository | selectattr('key', 'defined') }}" + +- name: Configure additional repositories + template: + src: apt/sources.list.d/additional-repository.list.j2 + dest: /etc/apt/sources.list.d/{{ item.name }}.list + when: apt.additional_repository + loop: "{{ apt.additional_repository | list }}" diff --git a/roles/apt/templates/apt/sources.list.d/additional-repository.list.j2 b/roles/apt/templates/apt/sources.list.d/additional-repository.list.j2 new file mode 100644 index 0000000000000000000000000000000000000000..d6098ad37980761e7d9240f4adace8342668a478 --- /dev/null +++ b/roles/apt/templates/apt/sources.list.d/additional-repository.list.j2 @@ -0,0 +1 @@ +deb {{ item.uri }} {{ item.release }} {{ item.components }} diff --git a/roles/apt/templates/apt/sources.list.d/backports.list.j2 b/roles/apt/templates/apt/sources.list.d/backports.list.j2 new file mode 100644 index 0000000000000000000000000000000000000000..2d03ad522f5802e2b7f861b4013333d7240bbd4b --- /dev/null +++ b/roles/apt/templates/apt/sources.list.d/backports.list.j2 @@ -0,0 +1 @@ +deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }} {{ ansible_distribution_release }}-backports {{ apt.backports.components }} diff --git a/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 new file mode 100644 index 0000000000000000000000000000000000000000..83e0c080a64eec9a3edfde40ceb76569dac937db --- /dev/null +++ b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 @@ -0,0 +1,2 @@ +{{ ansible_header | comment }} +deb {{ apt.protocol }}{{ apt.mirror }}/proxmox/debian/pve {{ ansible_distribution_release }} pve-no-subscription diff --git a/roles/apt/templates/apt/sources.list.j2 b/roles/apt/templates/apt/sources.list.j2 new file mode 100644 index 0000000000000000000000000000000000000000..9dd9a5e922aa90ffe11e93a3f2e5a2a1f819331e --- /dev/null +++ b/roles/apt/templates/apt/sources.list.j2 @@ -0,0 +1,7 @@ +{{ ansible_header | comment }} + +{% for deb in apt.debs %} +# {{ deb.comment }} +deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release }}{{ deb.path }} {{ deb.components }} + +{% endfor %} diff --git a/roles/baie/templates/apt/sources.list.d/backports.list.j2 b/roles/baie/templates/apt/sources.list.d/backports.list.j2 deleted file mode 100644 index 6326b3e479e0fdc2fe3f69a4312f06057f4c9d54..0000000000000000000000000000000000000000 --- a/roles/baie/templates/apt/sources.list.d/backports.list.j2 +++ /dev/null @@ -1 +0,0 @@ -deb {{ debian_mirror }} {{ ansible_lsb.codename }}-backports main contrib non-free diff --git a/roles/debian-apt-sources/tasks/main.yml b/roles/debian-apt-sources/tasks/main.yml deleted file mode 100644 index 24c5fc4e520e5a4ab990ef4196c7a566d075fea2..0000000000000000000000000000000000000000 --- a/roles/debian-apt-sources/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Configure Debian repositories - template: - src: apt/sources.list.j2 - dest: /etc/apt/sources.list diff --git a/roles/debian-apt-sources/templates/apt/sources.list.j2 b/roles/debian-apt-sources/templates/apt/sources.list.j2 deleted file mode 100644 index 87b2cab297a0fb69238b0b9463f692befa142a6a..0000000000000000000000000000000000000000 --- a/roles/debian-apt-sources/templates/apt/sources.list.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{{ ansible_header | comment }} - -{% if ansible_distribution == "Debian" %} -{% if ansible_distribution_release != "bullseye" %} -{# Debian security does not exist yet for bullseye #} -# Mises à jour de sécurité -deb {{ debian_mirror }}-security {{ ansible_distribution_release }}/updates {{ debian_components }} - -{% endif %} -# Dépôt classique -deb {{ debian_mirror }} {{ ansible_distribution_release }} {{ debian_components }} - -# Dépôt pour mises à jour fréquentes (volatile) -deb {{ debian_mirror }} {{ ansible_distribution_release }}-updates {{ debian_components }} - -{% if backports | default(false) %} -# Backports -deb {{ debian_mirror }} {{ ansible_distribution_release }}-backports {{ debian_components }} -{% endif %} - -{% elif ansible_distribution == "Ubuntu" %} -# Mises à jour de sécurité -deb {{ ubuntu_mirror }} {{ ansible_distribution_release }}-security {{ ubuntu_components }} - -# Dépôt classique -deb {{ ubuntu_mirror }} {{ ansible_distribution_release }} {{ ubuntu_components }} - -# Dépôt pour mises à jour fréquentes (volatile) -deb {{ ubuntu_mirror }} {{ ansible_distribution_release }}-updates {{ ubuntu_components }} -{% endif %} diff --git a/roles/proxmox-apt-sources/tasks/main.yml b/roles/proxmox-apt-sources/tasks/main.yml deleted file mode 100644 index 1774927c974b4ad0585f5e85ed1318513499ee48..0000000000000000000000000000000000000000 --- a/roles/proxmox-apt-sources/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Configure Proxmox repositories - template: - src: apt/sources.list.d/pve-enterprise.list.j2 - dest: /etc/apt/sources.list.d/pve-enterprise.list diff --git a/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2 b/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2 deleted file mode 100644 index 739806d30d471227cce6da4730d3893282f069ed..0000000000000000000000000000000000000000 --- a/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2 +++ /dev/null @@ -1,2 +0,0 @@ -{{ ansible_header | comment }} -deb http://mirror.adm.crans.org/proxmox/debian/pve {{ ansible_lsb.codename }} pve-no-subscription diff --git a/roles/baie/tasks/main.yml b/roles/zfs/tasks/main.yml similarity index 71% rename from roles/baie/tasks/main.yml rename to roles/zfs/tasks/main.yml index 1ab5cece5e82e3d4d35142df77bb495936f7cea2..0b546d9bdb7fb54585f60781916bc407c5a8ec9f 100644 --- a/roles/baie/tasks/main.yml +++ b/roles/zfs/tasks/main.yml @@ -1,9 +1,4 @@ --- -- name: Configure Debian backports repository - template: - src: apt/sources.list.d/backports.list.j2 - dest: /etc/apt/sources.list.d/backports.list - - name: Install ZFS apt: update_cache: true