From f3eb2a8b864cc0c546a16ecc3e1186933250879a Mon Sep 17 00:00:00 2001 From: shirenn <shirenn@crans.org> Date: Sun, 10 Jan 2021 16:58:43 +0100 Subject: [PATCH 1/4] [apt] Cleans the role --- group_vars/all/vars.yaml | 1 + group_vars/baie.yml | 4 ++ group_vars/crans_server/vars.yml | 7 ---- group_vars/keepalived.yml | 27 +++++++----- group_vars/server/apt.yml | 18 ++++++++ group_vars/virtu.yml | 3 ++ host_vars/bigbluebutton.adm.crans.org.yml | 15 +++++++ host_vars/fluxx.adm.crans.org.yml | 9 ++++ host_vars/monitoring.adm.crans.org.yml | 10 +++++ host_vars/routeur-daniel.adm.crans.org.yml | 3 ++ host_vars/routeur-jack.adm.crans.org.yml | 3 ++ host_vars/routeur-sam.adm.crans.org.yml | 3 ++ host_vars/zamok.adm.crans.org.yml | 9 ++++ hosts | 6 +-- plays/root.yml | 42 +++++++------------ roles/apt/tasks/main.yml | 17 ++++++++ .../apt/sources.list.d/backports.list.j2 | 0 .../apt/sources.list.d/pve-enterprise.list.j2 | 2 + roles/apt/templates/apt/sources.list.j2 | 7 ++++ roles/debian-apt-sources/tasks/main.yml | 5 --- .../templates/apt/sources.list.j2 | 30 ------------- roles/proxmox-apt-sources/tasks/main.yml | 5 --- .../apt/sources.list.d/pve-enterprise.list.j2 | 2 - roles/{baie => zfs}/tasks/main.yml | 5 --- 24 files changed, 139 insertions(+), 94 deletions(-) create mode 100644 group_vars/baie.yml create mode 100644 group_vars/server/apt.yml create mode 100644 group_vars/virtu.yml create mode 100644 host_vars/bigbluebutton.adm.crans.org.yml create mode 100644 host_vars/routeur-jack.adm.crans.org.yml create mode 100644 roles/apt/tasks/main.yml rename roles/{baie => apt}/templates/apt/sources.list.d/backports.list.j2 (100%) create mode 100644 roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 create mode 100644 roles/apt/templates/apt/sources.list.j2 delete mode 100644 roles/debian-apt-sources/tasks/main.yml delete mode 100644 roles/debian-apt-sources/templates/apt/sources.list.j2 delete mode 100644 roles/proxmox-apt-sources/tasks/main.yml delete mode 100644 roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2 rename roles/{baie => zfs}/tasks/main.yml (71%) diff --git a/group_vars/all/vars.yaml b/group_vars/all/vars.yaml index fcba6e46..4aa00d61 100644 --- a/group_vars/all/vars.yaml +++ b/group_vars/all/vars.yaml @@ -59,3 +59,4 @@ glob_ldap: home_nounous: ip: 172.16.10.1 + diff --git a/group_vars/baie.yml b/group_vars/baie.yml new file mode 100644 index 00000000..6c2f2161 --- /dev/null +++ b/group_vars/baie.yml @@ -0,0 +1,4 @@ +--- + +glob_apt: + backports: yes diff --git a/group_vars/crans_server/vars.yml b/group_vars/crans_server/vars.yml index 876a0d40..8e6eb23b 100644 --- a/group_vars/crans_server/vars.yml +++ b/group_vars/crans_server/vars.yml @@ -3,13 +3,6 @@ ldap: servers: ["172.16.1.1"] base: "dc=crans,dc=org" - -# Parameters for debian and ubuntu mirror -debian_mirror: http://mirror.adm.crans.org/debian -ubuntu_mirror: http://mirror.adm.crans.org/ubuntu -debian_components: main contrib non-free -ubuntu_components: main restricted universe multiverse - glob_borg: to_backup: - /etc diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml index 2b4fbd40..9f2fc888 100644 --- a/group_vars/keepalived.yml +++ b/group_vars/keepalived.yml @@ -5,12 +5,28 @@ glob_keepalived: mail_destination: root@crans.org smtp_server: smtp.adm.crans.org pool: - dhcp: + all: password: "plopisverysecure" id: 60 ipv6: yes notify: /usr/scripts/notify-dhcp zones: + - vlan: zayo + ipv4: 158.255.113.73/31 + brd: false + ipv6: 2001:1b48:2:103::bb:2/126 + - vlan: srv + ipv4: 185.230.79.62/26 + brd: true + ipv6: 2a0c:700:2::ff:fe00:9902/64 + - vlan: srv_nat + ipv4: 172.16.3.99/24 + brd: true + ipv6: 2a0c:700:3::ff:fe00:9903/64 + - vlan: infra + ipv4: 172.16.32.99/22 + brd: true + ipv6: fd00::11:0:ff:fe00:9911/64 - vlan: adh ipv4: 185.230.78.99/24 brd: true @@ -19,12 +35,3 @@ glob_keepalived: ipv4: 100.64.0.99/16 brd: true ipv6: 2a0c:700:13::ff:fe00:9913/48 - radius: - password: 'plopisverysecure' - id: 61 - ipv6: yes - zones: - - vlan: infra - ipv4: 172.16.32.99/22 - brd: true - ipv6: fd00::11:0:ff:fe00:9911/64 diff --git a/group_vars/server/apt.yml b/group_vars/server/apt.yml new file mode 100644 index 00000000..b77e26b2 --- /dev/null +++ b/group_vars/server/apt.yml @@ -0,0 +1,18 @@ +--- +glob_apt: + backports: no + proxmox: no + protocol: http:// + mirror: mirror.adm.crans.org + pool: debian + components: 'main contrib non-free' + debs: + - name: '' + path: '' + comment: 'Dépot classique' + - name: '' + path: '-updates' + comment: 'Mises à jour fréquentes (volatiles)' + - name: '-security' + path: '/updates' + comment: 'Mises à jour de sécurité' diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml new file mode 100644 index 00000000..b99e0a9c --- /dev/null +++ b/group_vars/virtu.yml @@ -0,0 +1,3 @@ +--- +apt: + proxmox: yes diff --git a/host_vars/bigbluebutton.adm.crans.org.yml b/host_vars/bigbluebutton.adm.crans.org.yml new file mode 100644 index 00000000..8a36d6e2 --- /dev/null +++ b/host_vars/bigbluebutton.adm.crans.org.yml @@ -0,0 +1,15 @@ +--- +loc_apt: + components: 'main restricted universe multiverse' + pool: ubuntu + debs: + - name: '' + path: '' + comment: 'Dépot classique' + - name: '' + path: '-updates' + comment: 'Mises à jour fréquentes (volatiles)' + - name: '' + path: '-security' + comment: 'Mises à jour de sécurité' + diff --git a/host_vars/fluxx.adm.crans.org.yml b/host_vars/fluxx.adm.crans.org.yml index 5cde2044..09f6563e 100644 --- a/host_vars/fluxx.adm.crans.org.yml +++ b/host_vars/fluxx.adm.crans.org.yml @@ -1,3 +1,12 @@ --- interfaces: adm: eth0 + +loc_apt: + debs: + - name: '' + path: '' + comment: 'Dépot classique' + - name: '' + path: '-updates' + comment: 'Mises à jour fréquentes (volatiles)' diff --git a/host_vars/monitoring.adm.crans.org.yml b/host_vars/monitoring.adm.crans.org.yml index ab6e12d6..977556f8 100644 --- a/host_vars/monitoring.adm.crans.org.yml +++ b/host_vars/monitoring.adm.crans.org.yml @@ -2,3 +2,13 @@ interfaces: adm: eth0 srv_nat: eth1 infra: eth2 + +loc_apt: + debs: + - name: '' + path: '' + comment: 'Dépot classique' + - name: '' + path: '-updates' + comment: 'Mises à jour fréquentes (volatiles)' + diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml index c3d4db4a..13f00c1e 100644 --- a/host_vars/routeur-daniel.adm.crans.org.yml +++ b/host_vars/routeur-daniel.adm.crans.org.yml @@ -20,3 +20,6 @@ loc_keepalived: tag: VI_RAD state: BACKUP priority: 100 + +loc_apt: + proxmox: yes diff --git a/host_vars/routeur-jack.adm.crans.org.yml b/host_vars/routeur-jack.adm.crans.org.yml new file mode 100644 index 00000000..247e0e5b --- /dev/null +++ b/host_vars/routeur-jack.adm.crans.org.yml @@ -0,0 +1,3 @@ +--- +loc_apt: + proxmox: yes diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml index ea5639d5..1d2e1056 100644 --- a/host_vars/routeur-sam.adm.crans.org.yml +++ b/host_vars/routeur-sam.adm.crans.org.yml @@ -28,3 +28,6 @@ loc_re2o: version: master_freeradius_python3 settings_local_owner: freerad settings_local_group: nounou + +loc_apt: + proxmox: yes diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml index bf60fd81..30fbb002 100644 --- a/host_vars/zamok.adm.crans.org.yml +++ b/host_vars/zamok.adm.crans.org.yml @@ -7,3 +7,12 @@ loc_borg: params: - "- name: all" - " password: {{ vault_mysql_zamok_password }}" + +loc_apt: + debs: + - name: '' + path: '' + comment: 'Dépot classique' + - name: '' + path: '-updates' + comment: 'Mises à jour fréquentes (volatiles)' diff --git a/hosts b/hosts index 98de0fe4..454b90b1 100644 --- a/hosts +++ b/hosts @@ -60,9 +60,9 @@ routeurs_vm [ldap_server] tealc.adm.crans.org -sam.adm.crans.org -daniel.adm.crans.org -jack.adm.crans.org + +[ldap_server:children] +virtu [monitoring] monitoring.adm.crans.org diff --git a/plays/root.yml b/plays/root.yml index 2b3d83c3..395104fb 100755 --- a/plays/root.yml +++ b/plays/root.yml @@ -2,34 +2,11 @@ --- # root is the first playbook to launch (as root) whe initiation a new server -- hosts: server - tasks: - - name: Check if mirror.adm is defined in /etc/hosts - lineinfile: - state: absent - path: /etc/hosts - regexp: '^{{ glob_mirror.ip }}' - check_mode: True - changed_when: False - register: check_mirror - - - name: Define mirror.adm.crans.org if it doesn't exist. - lineinfile: - path: /etc/hosts - line: '{{ glob_mirror.ip }} {{ glob_mirror.name }}' - insertafter: '127.0.0.1 localhost' - when: check_mirror.found == 0 - -- hosts: baie - roles: - - baie - -- hosts: virtu - roles: - - proxmox-apt-sources - - hosts: server vars: + play_apt: + mirror: 172.16.10.30 + apt: '{{ glob_apt | combine(loc_apt | default({})) | combine(play_apt) }}' # # Will be in /usr/scripts/ # crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git" @@ -38,13 +15,17 @@ - charybde.adm.crans.org # - silice.adm.crans.org roles: - - debian-apt-sources + - apt - common-tools - sudo - ntp-client # - crans-scripts - root-config +- hosts: baie + roles: + - zfs + - hosts: crans_vm roles: - qemu-guest-agent @@ -84,5 +65,12 @@ retries: 3 until: apt_result is succeeded +# Deploys back the apt configuration using the uri and not the ip +- hosts: server + vars: + apt: '{{ glob_apt | combine(loc_apt | default({})) }}' + roles: + - apt + - import_playbook: borgbackups_client.yml - import_playbook: monitoring.yml diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml new file mode 100644 index 00000000..eda9183f --- /dev/null +++ b/roles/apt/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: Configure Debian repositories + template: + src: apt/sources.list.j2 + dest: /etc/apt/sources.list + +- name: Configure Debian backports repository + template: + src: apt/sources.list.d/backports.list.j2 + dest: /etc/apt/sources.list.d/backports.list + when: apt.backports + +- name: Configure Proxmox repositories + template: + src: apt/sources.list.d/pve-enterprise.list.j2 + dest: /etc/apt/sources.list.d/pve-enterprise.list + when: apt.proxmox diff --git a/roles/baie/templates/apt/sources.list.d/backports.list.j2 b/roles/apt/templates/apt/sources.list.d/backports.list.j2 similarity index 100% rename from roles/baie/templates/apt/sources.list.d/backports.list.j2 rename to roles/apt/templates/apt/sources.list.d/backports.list.j2 diff --git a/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 new file mode 100644 index 00000000..b04bf9c5 --- /dev/null +++ b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 @@ -0,0 +1,2 @@ +{{ ansible_header | comment }} +deb {{ apt.protocol }}{{ apt.mirror }}/proxmox/debian/pve {{ ansible_lsb.codename }} pve-no-subscription diff --git a/roles/apt/templates/apt/sources.list.j2 b/roles/apt/templates/apt/sources.list.j2 new file mode 100644 index 00000000..3fce6792 --- /dev/null +++ b/roles/apt/templates/apt/sources.list.j2 @@ -0,0 +1,7 @@ +{{ ansible_header | comment }} + +{% for deb in apt.debs %} +# {{ deb.comment }} +def {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release}}{{ deb.path }} {{ apt.components }} + +{% endfor %} diff --git a/roles/debian-apt-sources/tasks/main.yml b/roles/debian-apt-sources/tasks/main.yml deleted file mode 100644 index 24c5fc4e..00000000 --- a/roles/debian-apt-sources/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Configure Debian repositories - template: - src: apt/sources.list.j2 - dest: /etc/apt/sources.list diff --git a/roles/debian-apt-sources/templates/apt/sources.list.j2 b/roles/debian-apt-sources/templates/apt/sources.list.j2 deleted file mode 100644 index 87b2cab2..00000000 --- a/roles/debian-apt-sources/templates/apt/sources.list.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{{ ansible_header | comment }} - -{% if ansible_distribution == "Debian" %} -{% if ansible_distribution_release != "bullseye" %} -{# Debian security does not exist yet for bullseye #} -# Mises à jour de sécurité -deb {{ debian_mirror }}-security {{ ansible_distribution_release }}/updates {{ debian_components }} - -{% endif %} -# Dépôt classique -deb {{ debian_mirror }} {{ ansible_distribution_release }} {{ debian_components }} - -# Dépôt pour mises à jour fréquentes (volatile) -deb {{ debian_mirror }} {{ ansible_distribution_release }}-updates {{ debian_components }} - -{% if backports | default(false) %} -# Backports -deb {{ debian_mirror }} {{ ansible_distribution_release }}-backports {{ debian_components }} -{% endif %} - -{% elif ansible_distribution == "Ubuntu" %} -# Mises à jour de sécurité -deb {{ ubuntu_mirror }} {{ ansible_distribution_release }}-security {{ ubuntu_components }} - -# Dépôt classique -deb {{ ubuntu_mirror }} {{ ansible_distribution_release }} {{ ubuntu_components }} - -# Dépôt pour mises à jour fréquentes (volatile) -deb {{ ubuntu_mirror }} {{ ansible_distribution_release }}-updates {{ ubuntu_components }} -{% endif %} diff --git a/roles/proxmox-apt-sources/tasks/main.yml b/roles/proxmox-apt-sources/tasks/main.yml deleted file mode 100644 index 1774927c..00000000 --- a/roles/proxmox-apt-sources/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Configure Proxmox repositories - template: - src: apt/sources.list.d/pve-enterprise.list.j2 - dest: /etc/apt/sources.list.d/pve-enterprise.list diff --git a/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2 b/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2 deleted file mode 100644 index 739806d3..00000000 --- a/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2 +++ /dev/null @@ -1,2 +0,0 @@ -{{ ansible_header | comment }} -deb http://mirror.adm.crans.org/proxmox/debian/pve {{ ansible_lsb.codename }} pve-no-subscription diff --git a/roles/baie/tasks/main.yml b/roles/zfs/tasks/main.yml similarity index 71% rename from roles/baie/tasks/main.yml rename to roles/zfs/tasks/main.yml index 1ab5cece..0b546d9b 100644 --- a/roles/baie/tasks/main.yml +++ b/roles/zfs/tasks/main.yml @@ -1,9 +1,4 @@ --- -- name: Configure Debian backports repository - template: - src: apt/sources.list.d/backports.list.j2 - dest: /etc/apt/sources.list.d/backports.list - - name: Install ZFS apt: update_cache: true -- GitLab From f3223eb51517998196df28399fa3cb834ccf4b86 Mon Sep 17 00:00:00 2001 From: shirenn <shirenn@crans.org> Date: Sun, 17 Jan 2021 18:25:14 +0100 Subject: [PATCH 2/4] [apt] go and get squashed --- group_vars/all/vars.yaml | 1 - group_vars/baie.yml | 3 +-- group_vars/virtu.yml | 2 +- host_vars/fluxx.adm.crans.org.yml | 1 + host_vars/monitoring.adm.crans.org.yml | 1 + host_vars/zamok.adm.crans.org.yml | 1 + roles/apt/templates/apt/sources.list.d/backports.list.j2 | 2 +- roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 | 2 +- roles/apt/templates/apt/sources.list.j2 | 2 +- 9 files changed, 8 insertions(+), 7 deletions(-) diff --git a/group_vars/all/vars.yaml b/group_vars/all/vars.yaml index 4aa00d61..fcba6e46 100644 --- a/group_vars/all/vars.yaml +++ b/group_vars/all/vars.yaml @@ -59,4 +59,3 @@ glob_ldap: home_nounous: ip: 172.16.10.1 - diff --git a/group_vars/baie.yml b/group_vars/baie.yml index 6c2f2161..dc6d4275 100644 --- a/group_vars/baie.yml +++ b/group_vars/baie.yml @@ -1,4 +1,3 @@ --- - -glob_apt: +loc_apt: backports: yes diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml index b99e0a9c..247e0e5b 100644 --- a/group_vars/virtu.yml +++ b/group_vars/virtu.yml @@ -1,3 +1,3 @@ --- -apt: +loc_apt: proxmox: yes diff --git a/host_vars/fluxx.adm.crans.org.yml b/host_vars/fluxx.adm.crans.org.yml index 09f6563e..4823fd31 100644 --- a/host_vars/fluxx.adm.crans.org.yml +++ b/host_vars/fluxx.adm.crans.org.yml @@ -3,6 +3,7 @@ interfaces: adm: eth0 loc_apt: + components: 'main non-free' debs: - name: '' path: '' diff --git a/host_vars/monitoring.adm.crans.org.yml b/host_vars/monitoring.adm.crans.org.yml index 977556f8..8101aa64 100644 --- a/host_vars/monitoring.adm.crans.org.yml +++ b/host_vars/monitoring.adm.crans.org.yml @@ -4,6 +4,7 @@ interfaces: infra: eth2 loc_apt: + components: 'main non-free' debs: - name: '' path: '' diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml index 30fbb002..b1bdf33a 100644 --- a/host_vars/zamok.adm.crans.org.yml +++ b/host_vars/zamok.adm.crans.org.yml @@ -9,6 +9,7 @@ loc_borg: - " password: {{ vault_mysql_zamok_password }}" loc_apt: + components: 'main non-free' debs: - name: '' path: '' diff --git a/roles/apt/templates/apt/sources.list.d/backports.list.j2 b/roles/apt/templates/apt/sources.list.d/backports.list.j2 index 6326b3e4..9baaaee0 100644 --- a/roles/apt/templates/apt/sources.list.d/backports.list.j2 +++ b/roles/apt/templates/apt/sources.list.d/backports.list.j2 @@ -1 +1 @@ -deb {{ debian_mirror }} {{ ansible_lsb.codename }}-backports main contrib non-free +deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }} {{ ansible_distribution_release }}-backports {{ apt.components }} diff --git a/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 index b04bf9c5..83e0c080 100644 --- a/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 +++ b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 @@ -1,2 +1,2 @@ {{ ansible_header | comment }} -deb {{ apt.protocol }}{{ apt.mirror }}/proxmox/debian/pve {{ ansible_lsb.codename }} pve-no-subscription +deb {{ apt.protocol }}{{ apt.mirror }}/proxmox/debian/pve {{ ansible_distribution_release }} pve-no-subscription diff --git a/roles/apt/templates/apt/sources.list.j2 b/roles/apt/templates/apt/sources.list.j2 index 3fce6792..6aa3a9a7 100644 --- a/roles/apt/templates/apt/sources.list.j2 +++ b/roles/apt/templates/apt/sources.list.j2 @@ -2,6 +2,6 @@ {% for deb in apt.debs %} # {{ deb.comment }} -def {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release}}{{ deb.path }} {{ apt.components }} +deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release }}{{ deb.path }} {{ apt.components }} {% endfor %} -- GitLab From acc5641de01459eaa9bd3baaa62a6c82bcc4efc4 Mon Sep 17 00:00:00 2001 From: shirenn <shirenn@crans.org> Date: Mon, 18 Jan 2021 10:07:16 +0100 Subject: [PATCH 3/4] [apt] move components to debs --- group_vars/baie.yml | 3 ++- group_vars/server/apt.yml | 6 +++--- host_vars/bigbluebutton.adm.crans.org.yml | 4 +++- host_vars/fluxx.adm.crans.org.yml | 3 ++- host_vars/monitoring.adm.crans.org.yml | 3 ++- host_vars/routeur-daniel.adm.crans.org.yml | 3 --- host_vars/routeur-jack.adm.crans.org.yml | 2 -- host_vars/routeur-sam.adm.crans.org.yml | 3 --- host_vars/zamok.adm.crans.org.yml | 3 ++- roles/apt/tasks/main.yml | 4 ++-- roles/apt/templates/apt/sources.list.d/backports.list.j2 | 2 +- roles/apt/templates/apt/sources.list.j2 | 2 +- 12 files changed, 18 insertions(+), 20 deletions(-) diff --git a/group_vars/baie.yml b/group_vars/baie.yml index dc6d4275..06fecd60 100644 --- a/group_vars/baie.yml +++ b/group_vars/baie.yml @@ -1,3 +1,4 @@ --- loc_apt: - backports: yes + backports: + components: 'main contrib non-free' diff --git a/group_vars/server/apt.yml b/group_vars/server/apt.yml index b77e26b2..22b8c5e2 100644 --- a/group_vars/server/apt.yml +++ b/group_vars/server/apt.yml @@ -1,18 +1,18 @@ --- glob_apt: - backports: no - proxmox: no protocol: http:// mirror: mirror.adm.crans.org pool: debian - components: 'main contrib non-free' debs: - name: '' path: '' + components: 'main contrib non-free' comment: 'Dépot classique' - name: '' path: '-updates' + components: 'main contrib non-free' comment: 'Mises à jour fréquentes (volatiles)' - name: '-security' path: '/updates' + components: 'main contrib non-free' comment: 'Mises à jour de sécurité' diff --git a/host_vars/bigbluebutton.adm.crans.org.yml b/host_vars/bigbluebutton.adm.crans.org.yml index 8a36d6e2..f87095bb 100644 --- a/host_vars/bigbluebutton.adm.crans.org.yml +++ b/host_vars/bigbluebutton.adm.crans.org.yml @@ -1,15 +1,17 @@ --- loc_apt: - components: 'main restricted universe multiverse' pool: ubuntu debs: - name: '' path: '' + components: 'main restricted universe multiverse' comment: 'Dépot classique' - name: '' path: '-updates' + components: 'main restricted universe multiverse' comment: 'Mises à jour fréquentes (volatiles)' - name: '' path: '-security' + components: 'main restricted universe multiverse' comment: 'Mises à jour de sécurité' diff --git a/host_vars/fluxx.adm.crans.org.yml b/host_vars/fluxx.adm.crans.org.yml index 4823fd31..e491027d 100644 --- a/host_vars/fluxx.adm.crans.org.yml +++ b/host_vars/fluxx.adm.crans.org.yml @@ -3,11 +3,12 @@ interfaces: adm: eth0 loc_apt: - components: 'main non-free' debs: - name: '' path: '' + components: 'main non-free' comment: 'Dépot classique' - name: '' path: '-updates' + components: 'main non-free' comment: 'Mises à jour fréquentes (volatiles)' diff --git a/host_vars/monitoring.adm.crans.org.yml b/host_vars/monitoring.adm.crans.org.yml index 8101aa64..aa932be1 100644 --- a/host_vars/monitoring.adm.crans.org.yml +++ b/host_vars/monitoring.adm.crans.org.yml @@ -4,12 +4,13 @@ interfaces: infra: eth2 loc_apt: - components: 'main non-free' debs: - name: '' path: '' + components: 'main non-free' comment: 'Dépot classique' - name: '' path: '-updates' + components: 'main non-free' comment: 'Mises à jour fréquentes (volatiles)' diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml index 13f00c1e..c3d4db4a 100644 --- a/host_vars/routeur-daniel.adm.crans.org.yml +++ b/host_vars/routeur-daniel.adm.crans.org.yml @@ -20,6 +20,3 @@ loc_keepalived: tag: VI_RAD state: BACKUP priority: 100 - -loc_apt: - proxmox: yes diff --git a/host_vars/routeur-jack.adm.crans.org.yml b/host_vars/routeur-jack.adm.crans.org.yml index 247e0e5b..ed97d539 100644 --- a/host_vars/routeur-jack.adm.crans.org.yml +++ b/host_vars/routeur-jack.adm.crans.org.yml @@ -1,3 +1 @@ --- -loc_apt: - proxmox: yes diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml index 1d2e1056..ea5639d5 100644 --- a/host_vars/routeur-sam.adm.crans.org.yml +++ b/host_vars/routeur-sam.adm.crans.org.yml @@ -28,6 +28,3 @@ loc_re2o: version: master_freeradius_python3 settings_local_owner: freerad settings_local_group: nounou - -loc_apt: - proxmox: yes diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml index b1bdf33a..ee2cc31e 100644 --- a/host_vars/zamok.adm.crans.org.yml +++ b/host_vars/zamok.adm.crans.org.yml @@ -9,11 +9,12 @@ loc_borg: - " password: {{ vault_mysql_zamok_password }}" loc_apt: - components: 'main non-free' debs: - name: '' path: '' + components: 'main non-free' comment: 'Dépot classique' - name: '' path: '-updates' + components: 'main non-free' comment: 'Mises à jour fréquentes (volatiles)' diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml index eda9183f..495d6dbd 100644 --- a/roles/apt/tasks/main.yml +++ b/roles/apt/tasks/main.yml @@ -8,10 +8,10 @@ template: src: apt/sources.list.d/backports.list.j2 dest: /etc/apt/sources.list.d/backports.list - when: apt.backports + when: apt.backports is defined - name: Configure Proxmox repositories template: src: apt/sources.list.d/pve-enterprise.list.j2 dest: /etc/apt/sources.list.d/pve-enterprise.list - when: apt.proxmox + when: apt.proxmox is defined and apt.proxmox diff --git a/roles/apt/templates/apt/sources.list.d/backports.list.j2 b/roles/apt/templates/apt/sources.list.d/backports.list.j2 index 9baaaee0..2d03ad52 100644 --- a/roles/apt/templates/apt/sources.list.d/backports.list.j2 +++ b/roles/apt/templates/apt/sources.list.d/backports.list.j2 @@ -1 +1 @@ -deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }} {{ ansible_distribution_release }}-backports {{ apt.components }} +deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }} {{ ansible_distribution_release }}-backports {{ apt.backports.components }} diff --git a/roles/apt/templates/apt/sources.list.j2 b/roles/apt/templates/apt/sources.list.j2 index 6aa3a9a7..9dd9a5e9 100644 --- a/roles/apt/templates/apt/sources.list.j2 +++ b/roles/apt/templates/apt/sources.list.j2 @@ -2,6 +2,6 @@ {% for deb in apt.debs %} # {{ deb.comment }} -deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release }}{{ deb.path }} {{ apt.components }} +deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release }}{{ deb.path }} {{ deb.components }} {% endfor %} -- GitLab From 776a5a3799060c5f7ed9f2cbc952af3308bf2c2b Mon Sep 17 00:00:00 2001 From: shirenn <shirenn@crans.org> Date: Mon, 18 Jan 2021 10:48:59 +0100 Subject: [PATCH 4/4] [apt] configure additional repositories --- host_vars/unifi.adm.crans.org.yml | 10 ++++++++++ hosts | 2 +- roles/apt/tasks/main.yml | 18 ++++++++++++++++++ .../additional-repository.list.j2 | 1 + 4 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 host_vars/unifi.adm.crans.org.yml create mode 100644 roles/apt/templates/apt/sources.list.d/additional-repository.list.j2 diff --git a/host_vars/unifi.adm.crans.org.yml b/host_vars/unifi.adm.crans.org.yml new file mode 100644 index 00000000..6824c2cb --- /dev/null +++ b/host_vars/unifi.adm.crans.org.yml @@ -0,0 +1,10 @@ +--- +loc_apt: + additional_repository: + - name: 100-ubnt-unifi + uri: https://www.ui.com/downloads/unifi/debian + release: stable + components: ubiquiti + key: + id: 06E85760C0A52C50 + server: keyserver.ubuntu.com diff --git a/hosts b/hosts index 454b90b1..4773a52e 100644 --- a/hosts +++ b/hosts @@ -156,7 +156,7 @@ roundcube.adm.crans.org titanic.adm.crans.org tracker.adm.crans.org voyager.adm.crans.org -#unifi.adm.crans.org +unifi.adm.crans.org [crans_vm:children] routeurs_vm diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml index 495d6dbd..4119d4e5 100644 --- a/roles/apt/tasks/main.yml +++ b/roles/apt/tasks/main.yml @@ -15,3 +15,21 @@ src: apt/sources.list.d/pve-enterprise.list.j2 dest: /etc/apt/sources.list.d/pve-enterprise.list when: apt.proxmox is defined and apt.proxmox + +- name: Configure apt additional keys + apt_key: + keyserver: '{{ item.key.server }}' + id: '{{ item.key.id }}' + state: present + register: apt_key_result + retries: 3 + until: apt_key_result is succeeded + when: apt.additional_repository + loop: "{{ apt.additional_repository | selectattr('key', 'defined') }}" + +- name: Configure additional repositories + template: + src: apt/sources.list.d/additional-repository.list.j2 + dest: /etc/apt/sources.list.d/{{ item.name }}.list + when: apt.additional_repository + loop: "{{ apt.additional_repository | list }}" diff --git a/roles/apt/templates/apt/sources.list.d/additional-repository.list.j2 b/roles/apt/templates/apt/sources.list.d/additional-repository.list.j2 new file mode 100644 index 00000000..d6098ad3 --- /dev/null +++ b/roles/apt/templates/apt/sources.list.d/additional-repository.list.j2 @@ -0,0 +1 @@ +deb {{ item.uri }} {{ item.release }} {{ item.components }} -- GitLab