From 3dfdf5cb4fa039eae9af253c101bc1abc18ad7eb Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Mon, 27 Jun 2022 20:02:04 +0200 Subject: [PATCH 01/13] [borg] Backups are now managed by backup-ft Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- group_vars/all/borg.yml | 4 ++-- hosts | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/group_vars/all/borg.yml b/group_vars/all/borg.yml index c133bc14..e99c419d 100644 --- a/group_vars/all/borg.yml +++ b/group_vars/all/borg.yml @@ -7,7 +7,7 @@ glob_borg: - /var path: /backup/borg remote: - - borg@zephir-c.adm.crans.org:/backup/borg/{{ ansible_hostname }} + - borg@backup-ft.adm.crans.org:/backup/borg-server/{{ ansible_hostname }} retention: - ["daily", 4] - ["monthly", 6] @@ -17,4 +17,4 @@ glob_borg: - make-parent-dirs encryption_passphrase: "{{ vault.borg.encryption_passphrase }}" ssh_privkey: "{{ vault.borg.ssh.privkey }}" - ssh_options: -4 -p 2223 + ssh_options: "" diff --git a/hosts b/hosts index 55963056..fb376282 100644 --- a/hosts +++ b/hosts @@ -256,7 +256,6 @@ sputnik.adm.crans.org [wireguard] boeing.adm.crans.org sputnik.adm.crans.org -vol447.adm.crans.org [crans_routeurs:children] routeurs_vm @@ -265,7 +264,7 @@ routeurs_vm ft.adm.crans.org thot.adm.crans.org zamok.adm.crans.org -zbee.adm.crans.org +#zbee.adm.crans.org [crans_physical:children] backups @@ -308,7 +307,6 @@ roundcube.adm.crans.org routeur-2754.adm.crans.org silice.adm.crans.org trinity.adm.crans.org -vol447.adm.crans.org voyager.adm.crans.org yson-partou.adm.crans.org -- GitLab From 991f49aa574a00b8ce562632e6400189514f4e11 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 09:46:01 +0200 Subject: [PATCH 02/13] [backup-ft] Hello backup-ft! Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- group_vars/all/borg.yml | 5 ++++- host_vars/backup-ft.adm.crans.org.yml | 3 +++ host_vars/ft.adm.crans.org.yml | 6 ++++++ hosts | 2 ++ roles/borgbackup-server/templates/authorized_keys.j2 | 2 +- .../borgbackup-server/templates/update-motd.d/05-service.j2 | 2 +- 6 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 host_vars/backup-ft.adm.crans.org.yml create mode 100644 host_vars/ft.adm.crans.org.yml diff --git a/group_vars/all/borg.yml b/group_vars/all/borg.yml index e99c419d..abf2aa78 100644 --- a/group_vars/all/borg.yml +++ b/group_vars/all/borg.yml @@ -5,7 +5,9 @@ glob_borg: to_backup: - /etc - /var - path: /backup/borg + paths: + - /backup/borg-server + - /backup/borg-adh remote: - borg@backup-ft.adm.crans.org:/backup/borg-server/{{ ansible_hostname }} retention: @@ -17,4 +19,5 @@ glob_borg: - make-parent-dirs encryption_passphrase: "{{ vault.borg.encryption_passphrase }}" ssh_privkey: "{{ vault.borg.ssh.privkey }}" + ssh_pubkey: "{{ vault.borg.ssh.pubkey }}" ssh_options: "" diff --git a/host_vars/backup-ft.adm.crans.org.yml b/host_vars/backup-ft.adm.crans.org.yml new file mode 100644 index 00000000..dc2ef382 --- /dev/null +++ b/host_vars/backup-ft.adm.crans.org.yml @@ -0,0 +1,3 @@ +--- +interfaces: + adm: ens18 diff --git a/host_vars/ft.adm.crans.org.yml b/host_vars/ft.adm.crans.org.yml new file mode 100644 index 00000000..9bb00abd --- /dev/null +++ b/host_vars/ft.adm.crans.org.yml @@ -0,0 +1,6 @@ +--- +loc_borg: + to_backup: + - /etc + - /home_nounou + - /var diff --git a/hosts b/hosts index fb376282..b1e7e660 100644 --- a/hosts +++ b/hosts @@ -10,6 +10,7 @@ hodaur.adm.crans.org cameron.adm.crans.org [backups] +backup-ft.adm.crans.org [baie] cameron.adm.crans.org @@ -272,6 +273,7 @@ baie virtu [crans_vm] +backup-ft.adm.crans.org belenios.adm.crans.org boeing.adm.crans.org cas.adm.crans.org diff --git a/roles/borgbackup-server/templates/authorized_keys.j2 b/roles/borgbackup-server/templates/authorized_keys.j2 index 3504fcf9..80d0e785 100644 --- a/roles/borgbackup-server/templates/authorized_keys.j2 +++ b/roles/borgbackup-server/templates/authorized_keys.j2 @@ -1,3 +1,3 @@ {{ ansible_header | comment }} -command="borg serve --restrict-to-path {{ borg.path }}",restrict {{ vault.borgbackup_ssh_pubkey }} +command="borg serve{% for path in borg.paths %} --restrict-to-path {{ path }}{% endfor %}",restrict {{ borg.ssh_pubkey }} diff --git a/roles/borgbackup-server/templates/update-motd.d/05-service.j2 b/roles/borgbackup-server/templates/update-motd.d/05-service.j2 index f27119aa..b2f35c2f 100755 --- a/roles/borgbackup-server/templates/update-motd.d/05-service.j2 +++ b/roles/borgbackup-server/templates/update-motd.d/05-service.j2 @@ -1,3 +1,3 @@ #!/usr/bin/tail +14 {{ ansible_header | comment }} -[0m> [38;5;82mBorgbackup (Serveur)[0m a été déployé sur cette machine. Les backups sont situés dans [38;5;6m{{ borg.path }}[0m. +[0m> [38;5;82mBorgbackup (Serveur)[0m a été déployé sur cette machine. Les backups sont situés dans [38;5;6m{{ borg.paths|join(', ') }}[0m. -- GitLab From b34a5ceb154e930f2691edb316f8712373870841 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 10:17:56 +0200 Subject: [PATCH 03/13] Drop unusued networks Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- group_vars/all/network_interfaces.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/group_vars/all/network_interfaces.yml b/group_vars/all/network_interfaces.yml index d0560363..33772410 100644 --- a/group_vars/all/network_interfaces.yml +++ b/group_vars/all/network_interfaces.yml @@ -18,19 +18,13 @@ glob_network_interfaces: - name: adm id: 10 dns: "{{ query('ldap', 'ip', 'routeur-sam', 'adm') | ipv4 | first }} {{ query('ldap', 'ip', 'routeur-daniel', 'adm') | ipv4 | first }}" - - name: infra - id: 11 - dns: "{{ query('ldap', 'ip', 'passerelle', 'infra') | ipv4 | first }}" - name: adh id: 12 gateway: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ipv4 | first }}" dns: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ipv4 | first }}" gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ipv6 | first }}" - - name: adh_nat + - name: adh_adm id: 13 - gateway: "{{ query('ldap', 'ip', 'passerelle', 'adh-nat') | ipv4 | first }}" - dns: "{{ query('ldap', 'ip', 'passerelle', 'adh-nat') | ipv4 | first }}" - gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'adh-nat') | ipv6 | first }}" - name: renater id: 38 gateway: "{{ query('ldap', 'ip', 'dsi', 'renater') | ipv4 | first }}" -- GitLab From eec977ebe8d862cc9532299b056fbf6e585c2fbe Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 10:27:01 +0200 Subject: [PATCH 04/13] Add specific configuration for ft and ViaRezo Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- group_vars/all/home_nounou.yml | 2 +- group_vars/viarezo/home_nounou.yml | 10 ++++++++++ group_vars/viarezo/ldap.yml | 4 ++++ host_vars/backup-ft.adm.crans.org.yml | 17 +++++++++++++++++ hosts | 18 ++++++++++++++---- 5 files changed, 46 insertions(+), 5 deletions(-) create mode 100644 group_vars/viarezo/home_nounou.yml create mode 100644 group_vars/viarezo/ldap.yml diff --git a/group_vars/all/home_nounou.yml b/group_vars/all/home_nounou.yml index 4839e1fe..d4b16d6d 100644 --- a/group_vars/all/home_nounou.yml +++ b/group_vars/all/home_nounou.yml @@ -1,7 +1,7 @@ --- glob_home_nounou: mounts: - - ip: 172.16.10.1 + - ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}" mountpoint: /pool/home target: /home_nounou name: home_nounou diff --git a/group_vars/viarezo/home_nounou.yml b/group_vars/viarezo/home_nounou.yml new file mode 100644 index 00000000..461b21b2 --- /dev/null +++ b/group_vars/viarezo/home_nounou.yml @@ -0,0 +1,10 @@ +--- +loc_home_nounou: + mounts: + - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + mountpoint: /home_nounou + target: /home_nounou + name: home_nounou + owner: root + group: _user + mode: '0750' diff --git a/group_vars/viarezo/ldap.yml b/group_vars/viarezo/ldap.yml new file mode 100644 index 00000000..148b6ed7 --- /dev/null +++ b/group_vars/viarezo/ldap.yml @@ -0,0 +1,4 @@ +--- +loc_ldap: + servers: + - "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" diff --git a/host_vars/backup-ft.adm.crans.org.yml b/host_vars/backup-ft.adm.crans.org.yml index dc2ef382..c0cea06d 100644 --- a/host_vars/backup-ft.adm.crans.org.yml +++ b/host_vars/backup-ft.adm.crans.org.yml @@ -1,3 +1,20 @@ --- interfaces: adm: ens18 + +loc_home_nounou: + mounts: + - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + mountpoint: /home_nounou + target: /home_nounou + name: home_nounou + owner: root + group: _user + mode: '0750' + - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + mountpoint: /rpool/backup + target: /backup + name: backup + owner: root + group: root + mode: '0755' diff --git a/hosts b/hosts index b1e7e660..c40512cf 100644 --- a/hosts +++ b/hosts @@ -262,18 +262,16 @@ sputnik.adm.crans.org routeurs_vm [crans_physical] -ft.adm.crans.org thot.adm.crans.org zamok.adm.crans.org #zbee.adm.crans.org [crans_physical:children] -backups baie virtu +viarezo_physical [crans_vm] -backup-ft.adm.crans.org belenios.adm.crans.org boeing.adm.crans.org cas.adm.crans.org @@ -312,6 +310,17 @@ trinity.adm.crans.org voyager.adm.crans.org yson-partou.adm.crans.org +[viarezo_physical] +ft.adm.crans.org + +[viarezo_vm] +backup-ft.adm.crans.org +routeur-ft.adm.crans.org + +[viarezo:children] +viarezo_physical +viarezo_vm + [forget_me] ceph-controller-a.adm.crans.org ceph-controller-b.adm.crans.org @@ -321,8 +330,9 @@ ceph-storage-b.adm.crans.org tilque.adm.crans.org [crans_vm:children] -routeurs_vm forget_me +routeurs_vm +viarezo_vm [ovh_physical] sputnik.adm.crans.org -- GitLab From 0f84e0da18002af82db46d3e41333a55c4afbe30 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 11:32:59 +0200 Subject: [PATCH 05/13] [ft] Deploy root playbook on ft Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- group_vars/slapd.yml | 2 +- host_vars/ft.adm.crans.org.yml | 5 +++++ hosts | 9 +++++++-- plays/root.yml | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/group_vars/slapd.yml b/group_vars/slapd.yml index e82aa8c5..48ebdc81 100644 --- a/group_vars/slapd.yml +++ b/group_vars/slapd.yml @@ -2,6 +2,6 @@ glob_slapd: master_ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}" regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$" - replication_credentials: "{{ vault.sldap.tealc.replication_credentials }}" + replication_credentials: "{{ vault.slapd.tealc.replication_credentials }}" private_key: "{{ vault.slapd.tealc.private_key }}" certificate: "{{ vault.slapd.tealc.certificate }}" diff --git a/host_vars/ft.adm.crans.org.yml b/host_vars/ft.adm.crans.org.yml index 9bb00abd..95d02a50 100644 --- a/host_vars/ft.adm.crans.org.yml +++ b/host_vars/ft.adm.crans.org.yml @@ -4,3 +4,8 @@ loc_borg: - /etc - /home_nounou - /var + +loc_slapd: + ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + replica: true + replica_rid: 6 diff --git a/hosts b/hosts index c40512cf..9c8c10ee 100644 --- a/hosts +++ b/hosts @@ -219,11 +219,12 @@ monitoring.adm.crans.org helloworld.adm.crans.org [slapd] -tealc.adm.crans.org -sam.adm.crans.org daniel.adm.crans.org +ft.adm.crans.org jack.adm.crans.org +sam.adm.crans.org sputnik.adm.crans.org +tealc.adm.crans.org [sssd] zamok.adm.crans.org @@ -242,9 +243,13 @@ daniel.adm.crans.org jack.adm.crans.org sam.adm.crans.org +[virtu_backup] +ft.adm.crans.org + [virtu:children] virtu_adh virtu_adm +virtu_backup [vsftpd_mirror] eclat.adm.crans.org diff --git a/plays/root.yml b/plays/root.yml index 999bf68f..e9d7d0ad 100755 --- a/plays/root.yml +++ b/plays/root.yml @@ -21,7 +21,7 @@ roles: - ldap-client -- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org +- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org,!ft.adm.crans.org vars: nfs_mount: "{{ glob_home_nounou | default({}) | combine(loc_home_nounou | default({})) }}" roles: -- GitLab From 070e69cccdd5c37b2590a5ed65e981db365de191 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 11:35:20 +0200 Subject: [PATCH 06/13] [proxmox] Deploy service-proxmox-user on virtus to sync the list of users Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- group_vars/virtu.yml | 20 ++++++++++++++++++++ group_vars/virtu_adh.yml | 25 +++++++++++++++++++++++++ host_vars/daniel.adm.crans.org.yml | 3 +++ host_vars/gulp.adm.crans.org.yml | 3 +++ host_vars/jack.adm.crans.org.yml | 3 +++ host_vars/odlyd.adm.crans.org.yml | 3 +++ plays/root.yml | 3 +++ roles/service/tasks/main.yml | 2 +- 8 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 group_vars/virtu_adh.yml diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml index 570a04cb..3db203e8 100644 --- a/group_vars/virtu.yml +++ b/group_vars/virtu.yml @@ -4,3 +4,23 @@ glob_debian_images: rsync_host: 'eclat.adm.crans.org' rsync_module: 'mirror' include_extra_images: false + +glob_service_proxmox_user: + git: + remote: https://gitlab.adm.crans.org/nounous/proxmox-user.git + version: main + name: proxmox-user + install_dir: /var/local/services/proxmox-user + generated: false + cron: + frequency: "*/2 * * * *" + options: "" + config: + ldap: + admin: + uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + userBase: "ou=passwd,dc=crans,dc=org" + realm: "pam" + dependencies: + - python3-jinja2 + - python3-ldap diff --git a/group_vars/virtu_adh.yml b/group_vars/virtu_adh.yml new file mode 100644 index 00000000..d3a5f3e9 --- /dev/null +++ b/group_vars/virtu_adh.yml @@ -0,0 +1,25 @@ +glob_service_proxmox_user: + git: + remote: https://gitlab.adm.crans.org/nounous/proxmox-user.git + version: main + name: proxmox-user + install_dir: /var/local/services/proxmox-user + generated: false + cron: + frequency: "*/2 * * * *" + options: "" + config: + ldap: + admin: + uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + userBase: "ou=passwd,dc=crans,dc=org" + realm: "pam" + user: + uri: "ldaps://{{ query('ldap', 'ip', 'flirt', 'adm') | ipv4 | first }}/" + userBase: "ou=users,dc=adh,dc=crans,dc=org" + realm: "pve" + binddn: "{{ vault.ldap_adh_reader.binddn }}" + passwd: "{{ vault.ldap_adh_reader.bindpass }}" + dependencies: + - python3-jinja2 + - python3-ldap diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml index fe23407a..96967505 100644 --- a/host_vars/daniel.adm.crans.org.yml +++ b/host_vars/daniel.adm.crans.org.yml @@ -8,3 +8,6 @@ loc_postgres: version: 13 replica: true addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}" + +loc_service_proxmox_user: + cron: null diff --git a/host_vars/gulp.adm.crans.org.yml b/host_vars/gulp.adm.crans.org.yml index 119fa7ab..4c4ef29d 100644 --- a/host_vars/gulp.adm.crans.org.yml +++ b/host_vars/gulp.adm.crans.org.yml @@ -1,3 +1,6 @@ --- loc_debian_images: include_extra_images: true + +loc_service_proxmox_user: + cron: null diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml index 7a83dd68..ac4ac7e0 100644 --- a/host_vars/jack.adm.crans.org.yml +++ b/host_vars/jack.adm.crans.org.yml @@ -8,3 +8,6 @@ loc_postgres: version: 13 replica: true addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}" + +loc_service_proxmox_user: + cron: null diff --git a/host_vars/odlyd.adm.crans.org.yml b/host_vars/odlyd.adm.crans.org.yml index 119fa7ab..4c4ef29d 100644 --- a/host_vars/odlyd.adm.crans.org.yml +++ b/host_vars/odlyd.adm.crans.org.yml @@ -1,3 +1,6 @@ --- loc_debian_images: include_extra_images: true + +loc_service_proxmox_user: + cron: null diff --git a/plays/root.yml b/plays/root.yml index e9d7d0ad..6a632c76 100755 --- a/plays/root.yml +++ b/plays/root.yml @@ -3,8 +3,11 @@ # root is the first playbook to launch (as root) whe initiation a new server - hosts: virtu + vars: + service: "{{ glob_service_proxmox_user | default({}) | combine(loc_service_proxmox_user | default({})) }}" roles: - proxmox-apt-sources + - service - hosts: server roles: diff --git a/roles/service/tasks/main.yml b/roles/service/tasks/main.yml index 78c40fa8..11525d34 100644 --- a/roles/service/tasks/main.yml +++ b/roles/service/tasks/main.yml @@ -55,7 +55,7 @@ template: src: cron.d/service.j2 dest: "/etc/cron.d/services-{{ service.name }}" - when: service.cron is defined + when: service.cron is defined and service.cron.frequency is defined - name: Deploy service configuration template: -- GitLab From f28bfa3bfb0f835c23483a0313cc9d477ca837be Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 11:35:55 +0200 Subject: [PATCH 07/13] Backup homes on sam and routeur-sam Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- host_vars/routeur-sam.adm.crans.org/borg.yml | 6 ++++++ host_vars/sam.adm.crans.org.yml | 6 ++++++ 2 files changed, 12 insertions(+) create mode 100644 host_vars/routeur-sam.adm.crans.org/borg.yml diff --git a/host_vars/routeur-sam.adm.crans.org/borg.yml b/host_vars/routeur-sam.adm.crans.org/borg.yml new file mode 100644 index 00000000..9bb00abd --- /dev/null +++ b/host_vars/routeur-sam.adm.crans.org/borg.yml @@ -0,0 +1,6 @@ +--- +loc_borg: + to_backup: + - /etc + - /home_nounou + - /var diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml index fcc22925..ea05b3ac 100644 --- a/host_vars/sam.adm.crans.org.yml +++ b/host_vars/sam.adm.crans.org.yml @@ -1,4 +1,10 @@ --- +loc_borg: + to_backup: + - /etc + - /home_nounou + - /var + loc_slapd: ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ipv4 | first }}" replica: true -- GitLab From 34ee6d2eef27708c388a14185db00dc1f18aac4e Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 11:41:14 +0200 Subject: [PATCH 08/13] [thot] Prepare Ansible configuration for thot Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- group_vars/aurore/home_nounou.yml | 10 ++++++++++ group_vars/aurore/ldap.yml | 4 ++++ host_vars/backup-thot.adm.crans.org.yml | 20 ++++++++++++++++++++ host_vars/thot.adm.crans.org.yml | 11 +++++++++++ hosts | 15 +++++++++++++++ 5 files changed, 60 insertions(+) create mode 100644 group_vars/aurore/home_nounou.yml create mode 100644 group_vars/aurore/ldap.yml create mode 100644 host_vars/backup-thot.adm.crans.org.yml create mode 100644 host_vars/thot.adm.crans.org.yml diff --git a/group_vars/aurore/home_nounou.yml b/group_vars/aurore/home_nounou.yml new file mode 100644 index 00000000..462cc0f6 --- /dev/null +++ b/group_vars/aurore/home_nounou.yml @@ -0,0 +1,10 @@ +--- +loc_home_nounou: + mounts: + - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}" + mountpoint: /home_nounou + target: /home_nounou + name: home_nounou + owner: root + group: _user + mode: '0750' diff --git a/group_vars/aurore/ldap.yml b/group_vars/aurore/ldap.yml new file mode 100644 index 00000000..a2160a48 --- /dev/null +++ b/group_vars/aurore/ldap.yml @@ -0,0 +1,4 @@ +--- +loc_ldap: + servers: + - "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}" diff --git a/host_vars/backup-thot.adm.crans.org.yml b/host_vars/backup-thot.adm.crans.org.yml new file mode 100644 index 00000000..75cd112f --- /dev/null +++ b/host_vars/backup-thot.adm.crans.org.yml @@ -0,0 +1,20 @@ +--- +interfaces: + adm: ens18 + +loc_home_nounou: + mounts: + - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}" + mountpoint: /home_nounou + target: /home_nounou + name: home_nounou + owner: root + group: _user + mode: '0750' + - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}" + mountpoint: /rpool/backup + target: /backup + name: backup + owner: root + group: root + mode: '0755' diff --git a/host_vars/thot.adm.crans.org.yml b/host_vars/thot.adm.crans.org.yml new file mode 100644 index 00000000..efe08b40 --- /dev/null +++ b/host_vars/thot.adm.crans.org.yml @@ -0,0 +1,11 @@ +--- +loc_borg: + to_backup: + - /etc + - /home_nounou + - /var + +loc_slapd: + ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}" + replica: true + replica_rid: 5 diff --git a/hosts b/hosts index 9c8c10ee..20038cb8 100644 --- a/hosts +++ b/hosts @@ -11,6 +11,7 @@ cameron.adm.crans.org [backups] backup-ft.adm.crans.org +#backup-thot.adm.crans.org [baie] cameron.adm.crans.org @@ -225,6 +226,7 @@ jack.adm.crans.org sam.adm.crans.org sputnik.adm.crans.org tealc.adm.crans.org +thot.adm.crans.org [sssd] zamok.adm.crans.org @@ -245,6 +247,7 @@ sam.adm.crans.org [virtu_backup] ft.adm.crans.org +thot.adm.crans.org [virtu:children] virtu_adh @@ -272,6 +275,7 @@ zamok.adm.crans.org #zbee.adm.crans.org [crans_physical:children] +aurore_physical baie virtu viarezo_physical @@ -326,6 +330,17 @@ routeur-ft.adm.crans.org viarezo_physical viarezo_vm +[aurore_physical] +thot.adm.crans.org + +[aurore_vm] +#backup-thot.adm.crans.org +#routeur-thot.adm.crans.org + +[aurore:children] +aurore_physical +aurore_vm + [forget_me] ceph-controller-a.adm.crans.org ceph-controller-b.adm.crans.org -- GitLab From f7a2b1174b264793538baa663770be1fb41b334a Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 12:01:01 +0200 Subject: [PATCH 09/13] [network_interfaces] Allow having auto-configurated interfaces Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- group_vars/all/network_interfaces.yml | 2 ++ host_vars/routeur-ft.adm.crans.org.yml | 4 ++++ host_vars/routeur-thot.adm.crans.org.yml | 4 ++++ .../templates/network/interfaces.d/ifalias.j2 | 6 ++++++ 4 files changed, 16 insertions(+) create mode 100644 host_vars/routeur-ft.adm.crans.org.yml create mode 100644 host_vars/routeur-thot.adm.crans.org.yml diff --git a/group_vars/all/network_interfaces.yml b/group_vars/all/network_interfaces.yml index 33772410..a86a9ed8 100644 --- a/group_vars/all/network_interfaces.yml +++ b/group_vars/all/network_interfaces.yml @@ -30,3 +30,5 @@ glob_network_interfaces: gateway: "{{ query('ldap', 'ip', 'dsi', 'renater') | ipv4 | first }}" - name: lp id: 56 + - name: auto + id: 0 diff --git a/host_vars/routeur-ft.adm.crans.org.yml b/host_vars/routeur-ft.adm.crans.org.yml new file mode 100644 index 00000000..307e18eb --- /dev/null +++ b/host_vars/routeur-ft.adm.crans.org.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + auto: ens19 diff --git a/host_vars/routeur-thot.adm.crans.org.yml b/host_vars/routeur-thot.adm.crans.org.yml new file mode 100644 index 00000000..307e18eb --- /dev/null +++ b/host_vars/routeur-thot.adm.crans.org.yml @@ -0,0 +1,4 @@ +--- +interfaces: + adm: ens18 + auto: ens19 diff --git a/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 b/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 index a28afab7..ada7a9f9 100644 --- a/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 +++ b/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 @@ -1,6 +1,11 @@ {{ ansible_header | comment }} {% set vlan_name = (item.name | replace('_', '-')) %} +{% if vlan_name == "auto" %} +auto {{ interfaces[item.name] }} +iface {{ interfaces[item.name] }} inet dhcp +iface {{ interfaces[item.name] }} inet6 auto +{% else %} {% set subnet_network = (query('ldap', 'network', vlan_name) | ipaddr('network')) %} {% set subnet_netmask = (query('ldap', 'network', vlan_name) | ipaddr('netmask')) %} {% set ips = query('ldap', 'ip', ansible_hostname, vlan_name) %} @@ -63,3 +68,4 @@ iface {{ interfaces[item.name] }} inet6 static {% endfor %} {% endif %} {% endif %} +{% endif %} -- GitLab From bac8ffdc72f89e628c29d5c6b6245690b238788a Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 13:39:34 +0200 Subject: [PATCH 10/13] Deploy arpproxy service Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- group_vars/arpproxy.yml | 11 +++++++++++ host_vars/boeing.adm.crans.org.yml | 12 ++++++++++++ host_vars/routeur-ft.adm.crans.org.yml | 10 ++++++++++ host_vars/routeur-thot.adm.crans.org.yml | 10 ++++++++++ hosts | 5 +++++ plays/arpproxy.yml | 7 +++++++ 6 files changed, 55 insertions(+) create mode 100644 group_vars/arpproxy.yml create mode 100755 plays/arpproxy.yml diff --git a/group_vars/arpproxy.yml b/group_vars/arpproxy.yml new file mode 100644 index 00000000..172e0743 --- /dev/null +++ b/group_vars/arpproxy.yml @@ -0,0 +1,11 @@ +--- +glob_service_proxy: + git: + remote: https://gitlab.adm.crans.org/nounous/proxy.git + version: main + name: proxy + install_dir: /var/local/services/proxy + generated: false + cron: + frequency: "* * * * *" + options: "--alter" diff --git a/host_vars/boeing.adm.crans.org.yml b/host_vars/boeing.adm.crans.org.yml index ef288088..e7a38043 100644 --- a/host_vars/boeing.adm.crans.org.yml +++ b/host_vars/boeing.adm.crans.org.yml @@ -16,3 +16,15 @@ loc_wireguard: endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ipv4 | first }}:51820" post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18" post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18" + +loc_service_proxy: + config: + ldap: + server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + protocol: "proxy" + filter: "adm.crans.org" + proxy: + default: "ens18" + viarezo: "sputnik" + aurore: "sputnik" + ovh: "sputnik" diff --git a/host_vars/routeur-ft.adm.crans.org.yml b/host_vars/routeur-ft.adm.crans.org.yml index 307e18eb..ecd69b9f 100644 --- a/host_vars/routeur-ft.adm.crans.org.yml +++ b/host_vars/routeur-ft.adm.crans.org.yml @@ -2,3 +2,13 @@ interfaces: adm: ens18 auto: ens19 + +loc_service_proxy: + config: + ldap: + server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + protocol: "proxy" + filter: "adm.crans.org" + proxy: + default: "wg0" + viarezo: "ens18" diff --git a/host_vars/routeur-thot.adm.crans.org.yml b/host_vars/routeur-thot.adm.crans.org.yml index 307e18eb..3d46351a 100644 --- a/host_vars/routeur-thot.adm.crans.org.yml +++ b/host_vars/routeur-thot.adm.crans.org.yml @@ -2,3 +2,13 @@ interfaces: adm: ens18 auto: ens19 + +loc_service_proxy: + config: + ldap: + server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/" + protocol: "proxy" + filter: "adm.crans.org" + proxy: + default: "wg0" + aurore: "ens18" diff --git a/hosts b/hosts index 20038cb8..110bedc9 100644 --- a/hosts +++ b/hosts @@ -3,6 +3,11 @@ [adh_server] zamok.adm.crans.org +[arpproxy] +boeing.adm.crans.org +routeur-ft.adm.crans.org +#routeur-thot.adm.crans.org + [autoconfig] hodaur.adm.crans.org diff --git a/plays/arpproxy.yml b/plays/arpproxy.yml new file mode 100755 index 00000000..ddc4fdd2 --- /dev/null +++ b/plays/arpproxy.yml @@ -0,0 +1,7 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: arpproxy + vars: + service: "{{ glob_service_proxy | default({}) | combine(loc_service_proxy | default({})) }}" + roles: + - service -- GitLab From 80db7ec7aa953ff96a0d09ab5cca37eb6f0824fa Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 14:19:21 +0200 Subject: [PATCH 11/13] Add wireguard peers between boeing and routeur-ft/thot Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- host_vars/boeing.adm.crans.org.yml | 21 +++++++++++++-- host_vars/routeur-ft.adm.crans.org.yml | 23 ++++++++++++++++ host_vars/routeur-thot.adm.crans.org.yml | 23 ++++++++++++++++ host_vars/sputnik.adm.crans.org.yml | 3 ++- hosts | 2 ++ roles/wireguard/tasks/main.yml | 1 - .../templates/wireguard/tunnel.conf.j2 | 26 +++++++++++++++++-- 7 files changed, 93 insertions(+), 6 deletions(-) diff --git a/host_vars/boeing.adm.crans.org.yml b/host_vars/boeing.adm.crans.org.yml index e7a38043..e945734b 100644 --- a/host_vars/boeing.adm.crans.org.yml +++ b/host_vars/boeing.adm.crans.org.yml @@ -8,14 +8,31 @@ loc_wireguard: - name: "sputnik" listen_port: 51820 private_key: "{{ vault.wireguard.boeing.privkey }}" + table: "off" peers: - public_key: "{{ vault.wireguard.sputnik.pubkey }}" allowed_ips: - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}/32" - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }}/128" endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ipv4 | first }}:51820" - post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18" - post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18" + - public_key: "{{ vault.wireguard.routeur_ft.pubkey }}" + allowed_ips: + - "{{ query('ldap', 'network', 'adm') }}" + - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + persistent_keepalive: 25 + - public_key: "{{ vault.wireguard.routeur_thot.pubkey }}" + allowed_ips: + - "{{ query('ldap', 'network', 'adm') }}" + - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + persistent_keepalive: 25 + post_up: + - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1" + - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1" + - "python3 /var/local/services/proxy/proxy.py --alter" + pre_down: + - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0" + - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0" + - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" loc_service_proxy: config: diff --git a/host_vars/routeur-ft.adm.crans.org.yml b/host_vars/routeur-ft.adm.crans.org.yml index ecd69b9f..7b5b403f 100644 --- a/host_vars/routeur-ft.adm.crans.org.yml +++ b/host_vars/routeur-ft.adm.crans.org.yml @@ -3,6 +3,29 @@ interfaces: adm: ens18 auto: ens19 +loc_wireguard: + tunnels: + - name: "wg0" + listen_port: 51820 + private_key: "{{ vault.wireguard.routeur_ft.privkey }}" + table: "off" + peers: + - public_key: "{{ vault.wireguard.boeing.pubkey }}" + allowed_ips: + - "{{ query('ldap', 'network', 'adm') }}" + - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820" + persistent_keepalive: 25 + post_up: + - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.wg0.proxy_arp=1" + - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.wg0.proxy_ndp=1" + - "ip route add 172.16.10.1 dev wg0 proto proxy" + - "python3 /var/local/services/proxy/proxy.py --alter" + pre_down: + - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.wg0.proxy_arp=0" + - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.wg0.proxy_ndp=0" + - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" + loc_service_proxy: config: ldap: diff --git a/host_vars/routeur-thot.adm.crans.org.yml b/host_vars/routeur-thot.adm.crans.org.yml index 3d46351a..d5c81610 100644 --- a/host_vars/routeur-thot.adm.crans.org.yml +++ b/host_vars/routeur-thot.adm.crans.org.yml @@ -3,6 +3,29 @@ interfaces: adm: ens18 auto: ens19 +loc_wireguard: + tunnels: + - name: "wg0" + listen_port: 51820 + private_key: "{{ vault.wireguard.routeur_thot.privkey }}" + table: "off" + peers: + - public_key: "{{ vault.wireguard.boeing.pubkey }}" + allowed_ips: + - "{{ query('ldap', 'network', 'adm') }}" + - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820" + persistent_keepalive: 25 + post_up: + - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.wg0.proxy_arp=1" + - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.wg0.proxy_ndp=1" + - "ip route add 172.16.10.1 dev wg0 proto proxy" + - "python3 /var/local/services/proxy/proxy.py --alter" + pre_down: + - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.wg0.proxy_arp=0" + - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.wg0.proxy_ndp=0" + - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" + loc_service_proxy: config: ldap: diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml index f9bd8666..356ff00d 100644 --- a/host_vars/sputnik.adm.crans.org.yml +++ b/host_vars/sputnik.adm.crans.org.yml @@ -22,7 +22,8 @@ loc_wireguard: - "{{ query('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820" - post_up: "/sbin/ip link set sputnik alias adm" + post_up: + - "/sbin/ip link set sputnik alias adm" loc_slapd: ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}" diff --git a/hosts b/hosts index 110bedc9..3f3f03b3 100644 --- a/hosts +++ b/hosts @@ -269,6 +269,8 @@ sputnik.adm.crans.org [wireguard] boeing.adm.crans.org +routeur-ft.adm.crans.org +#routeur-thot.adm.crans.org sputnik.adm.crans.org [crans_routeurs:children] diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index c9f9d293..905cbfce 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -5,7 +5,6 @@ name: - wireguard - resolvconf - - linux-headers-amd64 register: apt_result retries: 3 until: apt_result is succeeded diff --git a/roles/wireguard/templates/wireguard/tunnel.conf.j2 b/roles/wireguard/templates/wireguard/tunnel.conf.j2 index e8682637..17aacb31 100644 --- a/roles/wireguard/templates/wireguard/tunnel.conf.j2 +++ b/roles/wireguard/templates/wireguard/tunnel.conf.j2 @@ -8,18 +8,40 @@ Address = {{ item.addresses | join(", ") }} ListenPort = {{ item.listen_port }} {% endif %} PrivateKey = {{ item.private_key }} +{% if item.table is defined %} +Table = {{ item.table }} +{% endif %} +{% if item.pre_up is defined %} +{% for command in item.pre_up %} +PreUp = {{ command }} +{% endfor %} +{% endif %} {% if item.post_up is defined %} -PostUp = {{ item.post_up }} +{% for command in item.post_up %} +PostUp = {{ command }} +{% endfor %} +{% endif %} +{% if item.pre_down is defined %} +{% for command in item.pre_down %} +PreDown = {{ command }} +{% endfor %} {% endif %} {% if item.post_down is defined %} -PostDown = {{ item.post_down }} +{% for command in item.post_down %} +PostDown = {{ command }} +{% endfor %} {% endif %} {% for peer in item.peers %} [Peer] PublicKey = {{ peer.public_key }} AllowedIPs = {{ peer.allowed_ips | join(", ") }} +{% if peer.endpoint is defined %} Endpoint = {{ peer.endpoint }} +{% endif %} +{% if peer.persistent_keepalive is defined %} +PersistentKeepalive = {{ peer.persistent_keepalive }} +{% endif %} {% endfor -%} -- GitLab From 3422500024f0bcadd846998f63e88f4628d6ab6a Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 14:20:51 +0200 Subject: [PATCH 12/13] Move the proxmox user service in the proxmox playbook Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- plays/proxmox.yml | 2 ++ plays/root.yml | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/plays/proxmox.yml b/plays/proxmox.yml index cc44d139..70d55ed0 100755 --- a/plays/proxmox.yml +++ b/plays/proxmox.yml @@ -3,6 +3,8 @@ - hosts: virtu vars: debian_images: '{{ glob_debian_images | default({}) | combine(loc_debian_images | default({})) }}' + service: "{{ glob_service_proxmox_user | default({}) | combine(loc_service_proxmox_user | default({})) }}" roles: - proxmox-apt-sources - proxmox-debian-images + - service diff --git a/plays/root.yml b/plays/root.yml index 6a632c76..e9d7d0ad 100755 --- a/plays/root.yml +++ b/plays/root.yml @@ -3,11 +3,8 @@ # root is the first playbook to launch (as root) whe initiation a new server - hosts: virtu - vars: - service: "{{ glob_service_proxmox_user | default({}) | combine(loc_service_proxmox_user | default({})) }}" roles: - proxmox-apt-sources - - service - hosts: server roles: -- GitLab From f375458aed382ae59f4995430e822c62c1bf1621 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO <ynerant@crans.org> Date: Tue, 28 Jun 2022 14:34:07 +0200 Subject: [PATCH 13/13] Don't mount homes on thot Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> --- plays/root.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plays/root.yml b/plays/root.yml index e9d7d0ad..5b92d4fc 100755 --- a/plays/root.yml +++ b/plays/root.yml @@ -21,7 +21,7 @@ roles: - ldap-client -- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org,!ft.adm.crans.org +- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org,!ft.adm.crans.org,!thot.adm.crans.org vars: nfs_mount: "{{ glob_home_nounou | default({}) | combine(loc_home_nounou | default({})) }}" roles: -- GitLab