diff options
Diffstat (limited to 'os_config/roles')
24 files changed, 0 insertions, 404 deletions
diff --git a/os_config/roles/common/tasks/main.yml b/os_config/roles/common/tasks/main.yml deleted file mode 100644 index b4d00bb..0000000 --- a/os_config/roles/common/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ -- name: "Check that host runs Debian buster/sid on armv7l or x86_64" - assert: - that: - - "ansible_architecture == 'aarch64' or ansible_architecture == 'armv7l' or ansible_architecture == 'x86_64'" - - "ansible_os_family == 'Debian'" - -- name: "Upgrade system" - apt: - upgrade: dist # Should we do a full uprade instead of a dist one? - update_cache: yes - cache_valid_time: 3600 - autoclean: yes - autoremove: yes - -- name: "Install base tools" - apt: - name: - - vim - - htop - - screen - - iptables - - iptables-persistent - - nftables - - iproute2 - - curl - - iputils-ping - - dnsutils - - bmon - - iftop - - iotop - - docker.io - - unzip - - tar - - tcpdump - - less - - parted - - btrfs-tools - - libnss-resolve - - net-tools - - strace - - sudo - state: present - -- name: "Passwordless sudo" - lineinfile: - path: /etc/sudoers - state: present - regexp: '^%sudo' - line: '%sudo ALL=(ALL) NOPASSWD: ALL' - validate: 'visudo -cf %s' - diff --git a/os_config/roles/consul/files/consul.service b/os_config/roles/consul/files/consul.service deleted file mode 100644 index ffaa2a3..0000000 --- a/os_config/roles/consul/files/consul.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Consul -After=network-online.target -Wants=network-online.target - -[Service] -ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul - -[Install] -WantedBy=multi-user.target diff --git a/os_config/roles/consul/tasks/main.yml b/os_config/roles/consul/tasks/main.yml deleted file mode 100644 index 2b77080..0000000 --- a/os_config/roles/consul/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -- name: "Set consul version" - set_fact: - consul_version: 1.8.0 - -- name: "Download and install Consul for x86_64" - unarchive: - src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip" - dest: /usr/local/bin - remote_src: yes - when: - - "ansible_architecture == 'x86_64'" - -- name: "Create consul configuration directory" - file: path=/etc/consul/ state=directory - -- name: "Deploy consul configuration" - template: src=consul.json.j2 dest=/etc/consul/consul.json - -- name: "Deploy consul systemd service" - copy: src=consul.service dest=/etc/systemd/system/consul.service - -- name: "Enable consul systemd service at boot" - service: name=consul state=started enabled=yes daemon_reload=yes - -- name: "Deploy resolv.conf to use Consul" - template: src=resolv.conf.j2 dest=/etc/resolv.conf diff --git a/os_config/roles/consul/templates/consul.json.j2 b/os_config/roles/consul/templates/consul.json.j2 deleted file mode 100644 index b6c86aa..0000000 --- a/os_config/roles/consul/templates/consul.json.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{ - "data_dir": "/var/lib/consul", - "bind_addr": "0.0.0.0", - "advertise_addr": "{{ public_ip }}", - "addresses": { - "dns": "0.0.0.0", - "http": "0.0.0.0" - }, - "retry_join": [ - {% for selected_host in groups['cluster_nodes']|reject("sameas", ansible_fqdn) %}{# @FIXME: Reject doesn't work #} - "{{ hostvars[selected_host]['private_ip'] }}" {{ "," if not loop.last else "" }} - {% endfor %} - ], - "bootstrap_expect": 3, - "server": true, - "ui": true, - "ports": { - "dns": 53 - }, - "recursors": [ - "{{ dns_server }}" - ], - "encrypt": "{{ consul_gossip_encrypt }}", - "domain": "2.cluster.deuxfleurs.fr", - "performance": { - "raft_multiplier": 10, - "rpc_hold_timeout": "30s", - "leave_drain_time": "30s" - } -} diff --git a/os_config/roles/consul/templates/resolv.conf.j2 b/os_config/roles/consul/templates/resolv.conf.j2 deleted file mode 100644 index 2404034..0000000 --- a/os_config/roles/consul/templates/resolv.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -nameserver {{ private_ip }} -nameserver {{ dns_server }} diff --git a/os_config/roles/consul/vars/.gitignore b/os_config/roles/consul/vars/.gitignore deleted file mode 100644 index ff5c0bd..0000000 --- a/os_config/roles/consul/vars/.gitignore +++ /dev/null @@ -1 +0,0 @@ -main.yml diff --git a/os_config/roles/consul/vars/main.yml.sample b/os_config/roles/consul/vars/main.yml.sample deleted file mode 100644 index 9c44126..0000000 --- a/os_config/roles/consul/vars/main.yml.sample +++ /dev/null @@ -1,2 +0,0 @@ ---- -consul_gossip_encrypt: "<secret>" diff --git a/os_config/roles/network/files/rules.v6 b/os_config/roles/network/files/rules.v6 deleted file mode 100644 index 17ff71c..0000000 --- a/os_config/roles/network/files/rules.v6 +++ /dev/null @@ -1,12 +0,0 @@ -# WARNING!! When rules.{v4,v6} are changed, the whole iptables configuration is reloaded. -# This creates issues with Docker, which injects its own configuration in iptables when it starts. -# In practice, most (all?) containers will break if rules.{v4,v6} are changed, -# and docker will have to be restared. - - -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -COMMIT - diff --git a/os_config/roles/network/tasks/main.yml b/os_config/roles/network/tasks/main.yml deleted file mode 100644 index 1443e0c..0000000 --- a/os_config/roles/network/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: "Deploy iptablesv4 configuration" - template: src=rules.v4.j2 dest=/etc/iptables/rules.v4 - -- name: "Deploy iptablesv6 configuration" - copy: src=rules.v6 dest=/etc/iptables/rules.v6 - -- name: "Activate IP forwarding" - sysctl: - name: net.ipv4.ip_forward - value: "1" - sysctl_set: yes diff --git a/os_config/roles/network/templates/rules.v4.j2 b/os_config/roles/network/templates/rules.v4.j2 deleted file mode 100644 index a446139..0000000 --- a/os_config/roles/network/templates/rules.v4.j2 +++ /dev/null @@ -1,36 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] - -# Administration --A INPUT -p tcp --dport 22 -j ACCEPT - -# Cluster --A INPUT -s 192.168.1.254 -j ACCEPT --A INPUT -s 82.253.205.190 -j ACCEPT -{% for selected_host in groups['cluster_nodes'] %} --A INPUT -s {{ hostvars[selected_host]['public_ip'] }} -j ACCEPT --A INPUT -s {{ hostvars[selected_host]['private_ip'] }} -j ACCEPT -{% endfor %} - -# Local --A INPUT -i docker0 -j ACCEPT --A INPUT -s 127.0.0.1/8 -j ACCEPT --A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -COMMIT - -*nat -:PREROUTING ACCEPT [0:0] -:INPUT ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] -:POSTROUTING ACCEPT [0:0] -COMMIT - -*mangle -:PREROUTING ACCEPT [0:0] -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] -:POSTROUTING ACCEPT [0:0] -COMMIT diff --git a/os_config/roles/nomad/files/nomad.service b/os_config/roles/nomad/files/nomad.service deleted file mode 100644 index 50116be..0000000 --- a/os_config/roles/nomad/files/nomad.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Nomad -After=network-online.target -After=glusterd.service -After=consul.service -Wants=network-online.target -Wants=glusterd.service -Wants=consul.service - -[Service] -ExecStart=/usr/local/bin/nomad agent -config /etc/nomad - -[Install] -WantedBy=multi-user.target - diff --git a/os_config/roles/nomad/tasks/main.yml b/os_config/roles/nomad/tasks/main.yml deleted file mode 100644 index 7c73362..0000000 --- a/os_config/roles/nomad/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -- name: "Set nomad version" - set_fact: - nomad_version: 0.12.0-beta2 - -- name: "Download and install Nomad for x86_64" - unarchive: - src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip" - dest: /usr/local/bin - remote_src: yes - when: - - "ansible_architecture == 'x86_64'" - -- name: "Create Nomad configuration directory" - file: path=/etc/nomad/ state=directory - -- name: "Deploy Nomad configuration" - template: src=nomad.hcl.j2 dest=/etc/nomad/nomad.hcl - -- name: "Deploy Nomad systemd service" - copy: src=nomad.service dest=/etc/systemd/system/nomad.service - -- name: "Enable Nomad systemd service at boot" - service: name=nomad state=started enabled=yes daemon_reload=yes diff --git a/os_config/roles/nomad/templates/nomad.hcl.j2 b/os_config/roles/nomad/templates/nomad.hcl.j2 deleted file mode 100644 index b0be6a8..0000000 --- a/os_config/roles/nomad/templates/nomad.hcl.j2 +++ /dev/null @@ -1,34 +0,0 @@ -addresses { - http = "0.0.0.0" - rpc = "0.0.0.0" - serf = "0.0.0.0" -} - -advertise { - http = "{{ public_ip }}" - rpc = "{{ public_ip }}" - serf = "{{ public_ip }}" -} - -data_dir = "/var/lib/nomad" - -server { - enabled = true - bootstrap_expect = 3 -} - -consul { - address="127.0.0.1:8500" -} - -client { - enabled = true - #cpu_total_compute = 4000 - servers = ["127.0.0.1:4648"] - network_interface = "{{ interface }}" - options { - docker.privileged.enabled = "true" - docker.volumes.enabled = "true" - } -} - diff --git a/os_config/roles/storage/handlers/main.yml b/os_config/roles/storage/handlers/main.yml deleted file mode 100644 index a395c93..0000000 --- a/os_config/roles/storage/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: umount gluster - shell: umount --force --lazy /mnt/glusterfs ; true diff --git a/os_config/roles/storage/tasks/main.yml b/os_config/roles/storage/tasks/main.yml deleted file mode 100644 index a1f2d8f..0000000 --- a/os_config/roles/storage/tasks/main.yml +++ /dev/null @@ -1,72 +0,0 @@ -- name: "Add GlusterFS Repo Key" - apt_key: - url: https://download.gluster.org/pub/gluster/glusterfs/5/rsa.pub - state: present - -- name: "Add GlusterFS official repository" - apt_repository: - repo: "deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/5/LATEST/Debian/buster/amd64/apt buster main" - state: present - filename: gluster - -- name: "Install GlusterFS" - apt: - name: - - glusterfs-server - - glusterfs-client - state: present - -- name: "Ensure Gluster Daemon started and enabled" - service: - name: glusterd - enabled: yes - state: started - -- name: "Create directory for GlusterFS bricks" - file: path=/mnt/storage/glusterfs/brick1 recurse=yes state=directory - -- name: "Create GlusterFS volumes" - gluster_volume: - state: present - name: donnees - bricks: /mnt/storage/glusterfs/brick1/g1 - #rebalance: yes - redundancies: 1 - disperses: 3 - #replicas: 3 - force: yes - options: - client.event-threads: "8" - server.event-threads: "8" - performance.stat-prefetch: "on" - nfs.disable: "on" - features.cache-invalidation: "on" - performance.client-io-threads: "on" - config.transport: tcp - performance.quick-read: "on" - performance.io-cache: "on" - nfs.export-volumes: "off" - cluster.lookup-optimize: "on" - - cluster: "{% for selected_host in groups['cluster_nodes'] %}{{ hostvars[selected_host]['private_ip'] }}{{ ',' if not loop.last else '' }}{% endfor %}" - run_once: true - -- name: "Create mountpoint" - file: path=/mnt/glusterfs recurse=yes state=directory - -- name: "Flush handlers (umount glusterfs and restart ganesha)" - meta: flush_handlers - -- name: "Add fstab entry" - tags: gluster-fstab - mount: - path: /mnt/glusterfs - src: "{{ private_ip }}:/donnees" - fstype: glusterfs - opts: "defaults,_netdev,noauto,x-systemd.automount" - state: present - -- name: Mount everything - command: mount -a - args: - warn: no diff --git a/os_config/roles/users/files/alex-key1.pub b/os_config/roles/users/files/alex-key1.pub deleted file mode 100644 index 93514ab..0000000 --- a/os_config/roles/users/files/alex-key1.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIDdVbA9fEdqSr5UJ77NnoIqDTVp8ca5kHExhZYI4ecBExFJfonJllXMBN9KdC4ukxtY8Ug47PcMOfMaTBZQc+e+KpvDWpkBt15Xpem3RCxmMBES79sLL7LgtAdBXc5mNaCX8EOEVixWKdarjvxRyf6py6the51G5muaiMpoj5fae4ZpRGjhGTPefzc7y7zRWBUUZ8pYHW774BIaK6XT9gn3hyHV+Occjl/UODXvodktk55YtnuPi8adXTYEsHrVVz8AkFhx+cr0U/U8vtQnsTrZG+JmgQLqpXVs0RDw5bE1RefEbMuYNKxutYKUe3L+ZJtDe0M0MqOFI8a4F5TxP5 katchup@konata diff --git a/os_config/roles/users/files/alex-key2.pub b/os_config/roles/users/files/alex-key2.pub deleted file mode 100644 index 1eddcc8..0000000 --- a/os_config/roles/users/files/alex-key2.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJk4tAEhDkLeik9eEHIHMliyckM/gWr/k6fX/CSmayCM katchup@charlotte diff --git a/os_config/roles/users/files/florian-key1.pub b/os_config/roles/users/files/florian-key1.pub deleted file mode 100644 index 47b5593..0000000 --- a/os_config/roles/users/files/florian-key1.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/qOM2BYy3UFycDylioACWrnDwg69AoTNE6Ym9W4WI2R+FXd6A1DDG+NLW2orUfkARcJGYEXkzsd3wjDg0s+FS23QWTP+JTkZbdGzuMAcoNeJBtgsCq6m5Q2kvrQc5RscYBr/OZtx2PUfrGyRE3yiVCj38zOgRLRWY0Iqs97tlH74YP4BG3jQ/MI5zXEptWcXBO86FtISB3QyHPRg5OH0192094X/QcG18GKd2ORxC/ZcwK9GdEbJJHgkxJ0TbsQO3KfNTEFBCiynYpYViBsQZsrdBkw4sHHy5OKEahIexdpUg8EJhpyzLn6pvGSqua/mVxirJazgNgtvLlrUsAuNd4/HoWRSqzh51/4hQJ3BV4Yed/tX0rwlT/ZzIIzpGw+qJF3IVuxdvXIineNAEyjVfLVT6hADyQu52ziHSE0cVmUkWT0R7ZgPku0PRBuSeewJIm8uLM69GU/GeRt+mSNl6xOvtBrY/j6sRHcMROlgSHhJ6YnvmkiYXl0MyrH9YGc8= diff --git a/os_config/roles/users/files/florian-key2.pub b/os_config/roles/users/files/florian-key2.pub deleted file mode 100644 index f9935b3..0000000 --- a/os_config/roles/users/files/florian-key2.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0OcDsEZdiizsz8UIgOIqOQilnHWq0sOxuu6idOqqLVYLPZEv8owdeC5oIgQj94BcKnRzpe8UHxN13GQdEWsqCim6Zn8G5x1HdZDBC83466x3i6KBkMP0dk+h47tENxKFXBPUbh/2sR8r/lZXEhzCCo7tpVuRZpCc/r8WPbAQpLgDO2D0dR7etwf3ndgObxQU0w7WbN+7NzmaHE+VQLu/pqH0op8jZyebfb26XhZ1JnNrDhp86KYbusagn6wUwp3vaJmK9UyEMi21E5HI0ri51+FP8kaTCUpgIRmgIkKFFWiup5I56K8cpgZHcJ4NY7G3jHJeI3KBlazVMyhDVJ5glI1mV0zgdr7BRGqhn70hjf5vbkzcHbRVaMaGzGENLpTFWnaONB/EbqRghWsiVpV75BYzvxSSM8Yrx8pwKUBtLWU+FjljwuumXNLigLIc/FTxdcLvZudn51+XdJXtCBrBI1H22Q7kYXz7Pi800CDLQ8rUWkW8upQ+zu5fSRH+Ptwc= diff --git a/os_config/roles/users/files/maximilien-key1.pub b/os_config/roles/users/files/maximilien-key1.pub deleted file mode 100644 index 963b1f9..0000000 --- a/os_config/roles/users/files/maximilien-key1.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHMMR6zNzz8NQU80wFquhUCeiXJuGphjP+zNouKbn228GyESu8sfNBwnuZq86vblR11Lz8l2rtCM73GfAKg29qmUWUHRKWvRIYWv2vaUJcCdy0bAxIzcvCvjZX0SpnIKxe9y3Rp0LGO5WLYfw0ZFaavwFZP0Z8w1Kj9/zBmL2X2avbhkaYHi/C1yXhbvESYQysmqLa48EX/TS616MBrgR9zbI9AoTQ9NOHnR14Tve/AP/khcZoBJdm4hTttMbNkEc0wonzdylTDew263SPRs/uoqnQIpUtErdPHqU10Yup8HjXjEyFJsSwcZcM5sZOw5JKckKJwmcd0yjO/x/4/Mk5 diff --git a/os_config/roles/users/files/quentin-key1.pub b/os_config/roles/users/files/quentin-key1.pub deleted file mode 100644 index f3667e0..0000000 --- a/os_config/roles/users/files/quentin-key1.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT1+H08FdUSvdPpPKdcafq4+JRHvFVjfvG5Id97LAoROmFRUb/ZOMTLdNuD7FqvW0Da5CPxIMr8ZxfrFLtpGyuG7qdI030iIRZPlKpBh37epZHaV+l9F4ZwJQMIBO9cuyLPXgsyvM/s7tDtrdK1k7JTf2EVvoirrjSzBaMhAnhi7//to8zvujDtgDZzy6aby75bAaDetlYPBq2brWehtrf9yDDG9WAMYJqp//scje/WmhbRR6eSdim1HaUcWk5+4ZPt8sQJcy8iWxQ4jtgjqTvMOe5v8ZPkxJNBine/ZKoJsv7FzKem00xEH7opzktaGukyEqH0VwOwKhmBiqsX2yN quentin@dufour.io diff --git a/os_config/roles/users/files/quentin-key2.pub b/os_config/roles/users/files/quentin-key2.pub deleted file mode 100644 index c1b19fd..0000000 --- a/os_config/roles/users/files/quentin-key2.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBu+KUebaWwlugMC5fGbNhHc6IaQDAC6+1vMc4Ww7nVU1rs2nwI7L5qcWxOwNdhFaorZQZy/fJuCWdFbF61RCKGayBWPLZHGPsfqDuggYNEi1Qil1kpeCECfDQNjyMTK058ZBBhOWNMHBjlLWXUlRJDkRBBECY0vo4jRv22SvSaPUCAnkdJ9rbAp/kqb497PTIb2r1l1/ew8YdhINAlpYQFQezZVfkZdTKxt22n0QCjhupqjfh3gfNnbBX0z/iO+RvAOWRIZsjPFLC+jXl+n7cnu2cq1nvST5eHiYfXXeIgIwmeENLKqp+2Twr7PIdv22PnJkh6iR5kx7eTRxkNZdN quentin@deuxfleurs.fr diff --git a/os_config/roles/users/tasks/main.yml b/os_config/roles/users/tasks/main.yml deleted file mode 100644 index 990a041..0000000 --- a/os_config/roles/users/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ -- name: Add users in the system - user: - name: "{{ item.username }}" - #groups: docker - shell: "{{ item.shell | default('/bin/bash') }}" - append: no - loop: "{{ active_users - | selectattr('is_admin', 'defined') - | rejectattr('is_admin') - | list - | union( active_users - | selectattr('is_admin', 'undefined') - | list )}}" - -- name: Set admin rights - user: - name: "{{ item.username }}" - groups: docker, sudo - shell: "{{ item.shell | default('/bin/bash') }}" - append: no - loop: "{{ active_users - | selectattr('is_admin', 'defined') - | selectattr('is_admin') - | list }}" - -# [V How SSH Key works] magic is done by subelements, understand the trick at: -# https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter -- name: Add SSH keys - authorized_key: - user: "{{ item.0.username }}" - state: present - key: "{{ lookup('file', item.1) }}" - loop: "{{ active_users | subelements('ssh_keys', skip_missing=True) }}" - -- name: Disable old users - user: - name: "{{ item }}" - state: absent - loop: "{{ disabled_users }}" diff --git a/os_config/roles/users/vars/main.yml b/os_config/roles/users/vars/main.yml deleted file mode 100644 index 5f4df4d..0000000 --- a/os_config/roles/users/vars/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -active_users: - - username: 'quentin' - is_admin: true - ssh_keys: - - 'quentin-key1.pub' - - 'quentin-key2.pub' - - - username: 'alex' - is_admin: true - ssh_keys: - - 'alex-key1.pub' - - 'alex-key2.pub' - - - username: 'maximilien' - is_admin: true - ssh_keys: - - 'maximilien-key1.pub' - - - username: 'florian' - is_admin: false - ssh_keys: - - 'quentin-key1.pub' - #- 'florian-key1.pub' - #- 'florian-key2.pub' - -disabled_users: - - 'john.doe' - - 'erwan' - - 'valentin' |