aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--os/config/production.yml4
-rw-r--r--os/config/roles/common/tasks/main.yml33
-rw-r--r--os/config/roles/consul/tasks/main.yml20
-rw-r--r--os/config/roles/network/templates/rules.v44
-rw-r--r--os/config/roles/network/templates/rules.v64
-rw-r--r--os/config/roles/nomad/tasks/main.yml20
-rw-r--r--os/config/roles/users/vars/main.yml1
7 files changed, 60 insertions, 26 deletions
diff --git a/os/config/production.yml b/os/config/production.yml
index 8870b52..c0f6371 100644
--- a/os/config/production.yml
+++ b/os/config/production.yml
@@ -12,6 +12,7 @@ cluster_nodes:
dns_1: 212.27.40.240
dns_2: 212.27.40.241
ansible_python_interpreter: python3
+ ssh_port: 22
digitale:
ansible_host: atuin.site.deuxfleurs.fr
@@ -25,6 +26,7 @@ cluster_nodes:
dns_1: 212.27.40.240
dns_2: 212.27.40.241
ansible_python_interpreter: python3
+ ssh_port: 22
drosera:
ansible_host: atuin.site.deuxfleurs.fr
@@ -38,6 +40,7 @@ cluster_nodes:
dns_1: 212.27.40.240
dns_2: 212.27.40.241
ansible_python_interpreter: python3
+ ssh_port: 22
io:
ansible_host: jupiter.site.deuxfleurs.fr
@@ -51,3 +54,4 @@ cluster_nodes:
dns_1: 109.0.66.20
dns_2: 109.0.66.10
ansible_python_interpreter: python3
+ ssh_port: 22
diff --git a/os/config/roles/common/tasks/main.yml b/os/config/roles/common/tasks/main.yml
index f31b2c3..3baeb01 100644
--- a/os/config/roles/common/tasks/main.yml
+++ b/os/config/roles/common/tasks/main.yml
@@ -46,11 +46,40 @@
#- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved
state: present
+# Install Docker if need be
+
+- name: Check if Docker is installed
+ command: 'which docker'
+ args:
+ warn: no
+ register: docker_exists
+ changed_when: docker_exists.rc != 0
+ ignore_errors: true
+
+- name: "Install Docker"
+ include_tasks: docker.yml
+ when: docker_exists.rc != 0
+
+# Install Nomad & Consul if need be
+
+- name: Check if Nomad is installed
+ command: 'which nomad'
+ args:
+ warn: no
+ register: nomad_exists
+ changed_when: nomad_exists.rc != 0
+ ignore_errors: true
+
+- name: "Install Nomad & Consul"
+ include_tasks: hashicorp.yml
+ when: nomad_exists.rc != 0
+
+
+
- name: "Passwordless sudo"
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
- validate: 'visudo -cf %s'
-
+ validate: 'visudo -cf %s' \ No newline at end of file
diff --git a/os/config/roles/consul/tasks/main.yml b/os/config/roles/consul/tasks/main.yml
index 340d4d7..da6f6f1 100644
--- a/os/config/roles/consul/tasks/main.yml
+++ b/os/config/roles/consul/tasks/main.yml
@@ -1,14 +1,14 @@
-- name: "Set consul version"
- set_fact:
- consul_version: 1.9.1
+# - name: "Set consul version"
+# set_fact:
+# consul_version: 1.9.1
-- name: "Download and install Consul for x86_64"
- unarchive:
- src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip"
- dest: /usr/local/bin
- remote_src: yes
- when:
- - "ansible_architecture == 'x86_64'"
+# - name: "Download and install Consul for x86_64"
+# unarchive:
+# src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip"
+# dest: /usr/local/bin
+# remote_src: yes
+# when:
+# - "ansible_architecture == 'x86_64'"
- name: "Create consul configuration directory"
file: path=/etc/consul/ state=directory
diff --git a/os/config/roles/network/templates/rules.v4 b/os/config/roles/network/templates/rules.v4
index a5f138b..83f5348 100644
--- a/os/config/roles/network/templates/rules.v4
+++ b/os/config/roles/network/templates/rules.v4
@@ -7,10 +7,10 @@
-A INPUT -p icmp -j ACCEPT
# Administration
--A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport {{ hostvars[selected_host]['ssh_port'] }} -j ACCEPT
# Diplonat needs everything open to communicate with IGD with the router
--A INPUT -s 192.168.1.254 -j ACCEPT
+-A INPUT -s {{ hostvars[selected_host]['gatewayv4'] }} -j ACCEPT
# Cluster
{% for selected_host in groups['cluster_nodes'] %}
diff --git a/os/config/roles/network/templates/rules.v6 b/os/config/roles/network/templates/rules.v6
index e2b94ea..eace08e 100644
--- a/os/config/roles/network/templates/rules.v6
+++ b/os/config/roles/network/templates/rules.v6
@@ -13,7 +13,7 @@
-A INPUT -p ipv6-icmp -j ACCEPT
# Administration
--A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport {{ hostvars[selected_host]['ssh_port'] }} -j ACCEPT
# Cluster
{% for selected_host in groups['cluster_nodes'] %}
@@ -36,6 +36,8 @@
-A DEUXFLEURS-TRUSTED-NET -s 2a02:8428:81d6:6901::0/64 -j DEUXFLEURS-TRUSTED-PORT
# ADRN@Gandi
-A DEUXFLEURS-TRUSTED-NET -s 2001:4b98:dc0:41:216:3eff:fe9b:1afb/128 -j DEUXFLEURS-TRUSTED-PORT
+# ADRN@Kimsufi
+-A DEUXFLEURS-TRUSTED-NET -s 2001:41d0:8:ba0b::1/64 -j DEUXFLEURS-TRUSTED-PORT
# Quentin@Rennes
-A DEUXFLEURS-TRUSTED-NET -s 2a01:e35:2fdc:dbe0::0/64 -j DEUXFLEURS-TRUSTED-PORT
# Source address is not trusted
diff --git a/os/config/roles/nomad/tasks/main.yml b/os/config/roles/nomad/tasks/main.yml
index 1ddedbe..080a75f 100644
--- a/os/config/roles/nomad/tasks/main.yml
+++ b/os/config/roles/nomad/tasks/main.yml
@@ -1,14 +1,14 @@
-- name: "Set nomad version"
- set_fact:
- nomad_version: 1.0.2
+# - name: "Set nomad version"
+# set_fact:
+# nomad_version: 1.0.2
-- name: "Download and install Nomad for x86_64"
- unarchive:
- src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip"
- dest: /usr/local/bin
- remote_src: yes
- when:
- - "ansible_architecture == 'x86_64'"
+# - name: "Download and install Nomad for x86_64"
+# unarchive:
+# src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip"
+# dest: /usr/local/bin
+# remote_src: yes
+# when:
+# - "ansible_architecture == 'x86_64'"
- name: "Create Nomad configuration directory"
file: path=/etc/nomad/ state=directory
diff --git a/os/config/roles/users/vars/main.yml b/os/config/roles/users/vars/main.yml
index ca2dc0a..c4ca875 100644
--- a/os/config/roles/users/vars/main.yml
+++ b/os/config/roles/users/vars/main.yml
@@ -10,7 +10,6 @@ active_users:
is_admin: true
ssh_keys:
- 'alex-key1.pub'
- #- 'alex-key2.pub'
- 'alex-key3.pub'
- username: 'maximilien'