Commit 631b3693 authored by klafyvel's avatar klafyvel

Better layout for the repo + vault.

parent 84c4a9a4
......@@ -54,7 +54,7 @@ Les playbooks sont les recettes de cuisine à appliquer aux serveurs.
Pour utiliser l'un des playbooks, on n'oubliera pas de spécifier que l'on souhaite utiliser notre fichier hosts perso.
```
ansible-playbook -i hosts.yaml rezo_basic.yaml
ansible-playbook --ask-vault-pass rezo_basic.yaml
```
### post_install.yaml
......@@ -66,7 +66,7 @@ Puisqu'on a pas encore les clés ssh à ce moment, on utilise une commande un pe
```
export ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook -i hosts.yaml post_install.yaml --ask-pass --ask-become-pass --extra-vars "target=re2o-dev"
ansible-playbook post_install.yaml --ask-vault-pass --ask-pass --ask-become-pass --extra-vars "target=re2o-dev"
```
De cette manière, ansible demandera le mot de passe pour se connecter en ssh puis pour passer superutilisateur.
......
......@@ -2,8 +2,8 @@
[defaults]
# Use Aurore inventory
inventory = ./hosts.yaml
# Use Rézo inventory
inventory = ./hosts
# Custom header in templates
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
......
......@@ -2,9 +2,5 @@
# Install Matrix Synapse on corresponding containers
- hosts: dhcp
remote_user: root
vars_prompt:
- name: service_daemon_pass
prompt: "Enter the password for the service user to connect to re2o"
private: yes
roles:
- dhcp
......@@ -2,9 +2,5 @@
# Install Matrix Synapse on corresponding containers
- hosts: dns
remote_user: root
vars_prompt:
- name: service_daemon_pass
prompt: "Enter the password for the service user to connect to re2o"
private: yes
roles:
- dns
---
dns_server: 10.7.0.127
gateway: 10.7.0.254
re2o_address: re2o.rezometz.org
service_user: service-daemon
ntp_server: 193.48.224.215
www_server:
- 193.48.225.242
- 193.48.225.247
irc_server: 193.48.225.244
smtp_server: 193.48.225.249
$ANSIBLE_VAULT;1.2;AES256;rezo
38653634666662636563663864396362393262303534616265666165626233633435643136643762
6536303061613530633830336336626236663835646661630a613930356338373036623233383636
62643662353564616333306433393462393032353566393532613338303962393962663365386438
3564383463323634630a623538336632316532313966633634343361643362613937303963636138
65623438306364636364336333366362666466363239636230376666666634643336376130303538
36646562623062643763396139636630376262383266343466343937646339333130336236346462
62633761666366623234613432343631626332653334393232336532366563346232323565353562
65333061663962333033313062333736366662373334633761633638613733323062666162613462
63643634643130623336366439316466386139656565383961393063306665316235
lists:
- dhcp.rez
- dhcp.rezometz.org
auto_subnets:
- name: Federez
interface: bond0.20
routers: 10.20.254.254
dns: 80.67.188.188
subnet: 10.20.0.0
subnet_mask: 255.255.0.0
broadcast: 10.20.255.255
pool_begin: 10.20.0.1
pool_end: 10.20.0.254
- name: Prerezotage
interface: bond0.68
routers: 10.68.254.254
dns: 80.67.188.188
subnet: 10.68.0.0
subnet_mask: 255.255.0.0
broadcast: 10.68.255.255
pool_begin: 10.68.0.1
pool_end: 10.68.0.254
subnets:
- name: adherents
interface: bond0.69
subnet: 10.69.0.0
netmask: 255.255.240.0
broadcast: 10.69.15.255
routers: 10.69.9.254
dns:
- 10.69.9.127
- 10.69.9.128
domain_name: rez
- name: bornes
interface: bond0.8
subnet: 10.8.0.0
netmask: 255.255.0.0
broadcast: 10.8.255.255
dns:
- 10.8.0.127
- 10.8.0.128
domain_name: rez
---
re2o_address: hydra.rez
keepalived_interface: eno2
keepalived_virtual_router_id: 51
sysctl_config:
- name: net.ipv4.ip_forward
value: 1
- name: net.ipv4.tcp_syncookies
value: 1
- name: net.ipv4.conf.all.rp_filter
value: 1
- name: net.ipv4.conf.default.rp_filter
value: 1
- name: net.ipv4.conf.all.accept_source_route
value: 0
- name: net.ipv4.neigh.default.gc_thresh1
value: 1024
- name: net.ipv4.neigh.default.gc_thresh2
value: 4096
- name: net.ipv4.neigh.default.gc_thresh3
value: 8192
---
mysql_master_host: 10.7.0.243
master_user: repl
---
# For radius
mysql_bind_address: 10.7.0.54
mysql_server_id: 2
# For DHCP
address: 10.7.0.54
peer_address: 10.7.0.57
primary: false
# For router
router_network_address: 10.3.0.54/24
vlan_7_address: 10.7.0.54/16
vlan_2_address: 192.168.2.2/24
vlan_8_address: 10.8.1.12
vlan_13_address: 193.48.225.2/24
vlan_20_address: 10.20.254.54/16
vlan_66_address: 10.66.0.54/24
vlan_68_address: 10.68.254.54/16
vlan_69_address: 10.69.3.54/20
keepalived_state: MASTER
keepalived_priority: 150
---
# For radius
mysql_bind_address: 10.7.0.57
mysql_server_id: 3
# For DHCP
address: 10.7.0.57
peer_address: 10.7.0.54
primary: true
# For router
router_network_address: 10.3.0.57/24
vlan_7_address: 10.7.0.57/16
vlan_2_address: 192.168.2.3/24
vlan_8_address: 10.8.1.43
vlan_13_address: 193.48.225.3/24
vlan_20_address: 10.20.254.57/16
vlan_66_address: 10.66.0.57/24
vlan_68_address: 10.68.254.57/16
vlan_69_address: 10.69.3.57/20
keepalived_state: BACKUP
keepalived_priority: 100
charon.rez
[re2o-dev]
10.7.0.13
[radius]
10.7.0.5
10.7.0.54
[dns]
10.7.0.127
10.7.0.128
[dhcp]
10.7.0.54
10.7.0.57
[gateways]
10.7.0.57
10.7.0.54
[ldap_servers]
ldap.rezometz.org
ldap-ro.rezometz.org
[matrix]
belisama.rezometz.org
all:
vars:
dns_server: 10.7.0.127
gateway: 10.7.0.254
re2o_address: re2o.rezometz.org
service_user: service-daemon
ntp_server: 193.48.224.215
www_server:
- 193.48.225.242
- 193.48.225.247
irc_server: 193.48.225.244
smtp_server: 193.48.225.249
children:
re2o-dev:
hosts:
10.7.0.13:
radius:
vars:
mysql_master_host: 10.7.0.243
master_user: repl
hosts:
10.7.0.57:
mysql_bind_address: 10.7.0.57
mysql_server_id: 3
10.7.0.54:
mysql_bind_address: 10.7.0.54
mysql_server_id: 2
dns:
hosts:
10.7.0.127:
10.7.0.128:
dhcp:
vars:
lists:
- dhcp.rez
- dhcp.rezometz.org
auto_subnets:
- name: Federez
interface: bond0.20
routers: 10.20.254.254
dns: 80.67.188.188
subnet: 10.20.0.0
subnet_mask: 255.255.0.0
broadcast: 10.20.255.255
pool_begin: 10.20.0.1
pool_end: 10.20.0.254
- name: Prerezotage
interface: bond0.68
routers: 10.68.254.254
dns: 80.67.188.188
subnet: 10.68.0.0
subnet_mask: 255.255.0.0
broadcast: 10.68.255.255
pool_begin: 10.68.0.1
pool_end: 10.68.0.254
subnets:
- name: adherents
interface: bond0.69
subnet: 10.69.0.0
netmask: 255.255.240.0
broadcast: 10.69.15.255
routers: 10.69.9.254
dns:
- 10.69.9.127
- 10.69.9.128
domain_name: rez
- name: bornes
interface: bond0.8
subnet: 10.8.0.0
netmask: 255.255.0.0
broadcast: 10.8.255.255
dns:
- 10.8.0.127
- 10.8.0.128
domain_name: rez
hosts:
10.7.0.54:
address: 10.7.0.54
peer_address: 10.7.0.57
primary: false
10.7.0.57:
address: 10.7.0.57
peer_address: 10.7.0.54
primary: true
gateways:
vars:
re2o_address: hydra.rez
keepalived_interface: eno2
keepalived_virtual_router_id: 51
sysctl_config:
- name: net.ipv4.ip_forward
value: 1
- name: net.ipv4.tcp_syncookies
value: 1
- name: net.ipv4.conf.all.rp_filter
value: 1
- name: net.ipv4.conf.default.rp_filter
value: 1
- name: net.ipv4.conf.all.accept_source_route
value: 0
- name: net.ipv4.neigh.default.gc_thresh1
value: 1024
- name: net.ipv4.neigh.default.gc_thresh2
value: 4096
- name: net.ipv4.neigh.default.gc_thresh3
value: 8192
hosts:
10.7.0.57:
router_network_address: 10.3.0.57/24
vlan_7_address: 10.7.0.57/16
vlan_2_address: 192.168.2.3/24
vlan_8_address: 10.8.1.43
vlan_13_address: 193.48.225.3/24
vlan_20_address: 10.20.254.57/16
vlan_66_address: 10.66.0.57/24
vlan_68_address: 10.68.254.57/16
vlan_69_address: 10.69.3.57/20
keepalived_state: BACKUP
keepalived_priority: 100
10.7.0.54:
router_network_address: 10.3.0.54/24
vlan_7_address: 10.7.0.54/16
vlan_2_address: 192.168.2.2/24
vlan_8_address: 10.8.1.12
vlan_13_address: 193.48.225.2/24
vlan_20_address: 10.20.254.54/16
vlan_66_address: 10.66.0.54/24
vlan_68_address: 10.68.254.54/16
vlan_69_address: 10.69.3.54/20
keepalived_state: MASTER
keepalived_priority: 150
ldap_servers:
hosts:
ldap.rezometz.org:
ldap-ro.rezometz.org:
matrix:
hosts:
belisama.rezometz.org:
server_name: rezometz.org
......@@ -6,10 +6,6 @@
---
- hosts: '{{ target }}'
remote_user: root
vars_prompt:
- name: ldap_password
prompt: "Enter ldap password"
private: yes
tasks:
- name: Upgrade the machine
apt:
......@@ -41,6 +37,9 @@
- name: Install Nload
apt:
name: nload
- name: Install tmux
apt:
name: tmux
- include_role:
name: sendmail
- include_role:
......
[Re2o]
hostname = {{ re2o_address }}
username = {{ service_user }}
password = {{ service_daemon_pass }}
password = {{ service_user_pass }}
[Re2o]
hostname = {{ re2o_address }}
username = {{ service_user }}
password = {{ service_daemon_pass }}
password = {{ service_user_pass }}
......@@ -17,7 +17,7 @@ first_port_admin=11135
last_port_admin=65535
[Re2o]
hostname={{ re2o_address }}
password={{ service_daemon_pass }}
password={{ service_user_password }}
username={{ service_user }}
[Firewall]
dmz_name=publique
......@@ -4,13 +4,6 @@
---
- hosts: gateways
remote_user: root
vars_prompt:
- name: keepalived_pass
prompt: "Enter keepalived password"
private: yes
- name: service_daemon_pass
prompt: "Enter the password for the service user to connect to re2o"
private: yes
roles:
- configure_routers_network
- keepalived
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment