...
 
Commits (5)
......@@ -65,6 +65,7 @@ Ce playbook permet de déployer la clé root ansible et rézo après l'installat
Puisqu'on a pas encore les clés ssh à ce moment, on utilise une commande un peu différente.
```
export ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook -i hosts.yaml post_install.yaml --ask-pass --ask-become-pass
```
......@@ -97,4 +98,5 @@ Ce playbook réalise les opérations usuelles après une installation de machine
### routers.yaml
Ce playbook configure les routeurs (Kriek et Lorabelle). Il réalise entre autre:
* Configuration des interfaces réseau.
* Configuration des interfaces réseau;
* Installation de keepalived.
......@@ -8,19 +8,25 @@ all:
10.7.57.54:
admin_address: 10.7.57.54/16
vlan_7_address: 10.7.0.57/16
vlan_2_address: 192.68.2.57/24
vlan_2_address: 192.168.2.57/24
vlan_20_address: 10.20.254.57/16
vlan_66_address: 10.66.0.254/24
vlan_68_address: 10.68.254.254/16
vlan_69_address: 10.69.3.57/24
keepalived_state: MASTER
keepalived_virtual_router_id: 1
keepalived_priority: 100
10.7.54.57:
admin_address: 10.7.54.57/16
vlan_7_address: 10.7.0.54/16
vlan_2_address: 192.68.2.54/24
vlan_2_address: 192.168.2.54/24
vlan_20_address: 10.20.254.54/16
vlan_66_address: 10.66.0.253/24
vlan_68_address: 10.68.254.253/16
vlan_69_address: 10.69.3.54/24
keepalived_state: BACKUP
keepalived_virtual_router_id: 2
keepalived_priority: 50
ldap_servers:
hosts:
ldap.rezometz.org:
......
......@@ -49,4 +49,6 @@
name: motd
- include_role:
name: ldap
- include_role:
name: snmp
......@@ -15,7 +15,7 @@
- name: Add apticron custom from
lineinfile:
path: /etc/apticron/apticron.conf
line: "CUSTOM_FROM=\"{{ hostname.stdout }}\""
line: "CUSTOM_FROM=\"{{ hostname.stdout }}@rezometz.org\""
insertafter: EOF
regexp: "(# )?CUSTOM_FROM=\".*\""
- name: Install Keepalived
apt:
name: keepalived
- name: Deploy keepalived configuration
template:
src: keepalived.j2
dest: /etc/keepalived/keepalived.conf
mode: 0644
register: conf
- name: Restart keepalived
service:
name: keepalived
state: restarted
when: conf.changed
# -*- mode: conf-unix; coding: utf-8 -*-
#
# Keepalived proxy failover
global_defs {
notification_email {
monitoring@rezometz.org
}
notification_email_from keepalived@rezometz.org
smtp_server smtp.rez
}
vrrp_instance VI_ROUT {
state {{ keepalived_state }}
priority {{ keepalived_priority }}
interface bond0.7
virtual_router_id {{ keepalived_virtual_router_id }}
advert_int 2
authentication {
auth_type PASS
auth_pass {{ keepalived_pass }}
}
smtp_alert
virtual_ipaddress {
10.7.0.253/24 brd 10.7.0.255 dev bond0.7 scope global
10.69.0.253/20 brd 10.69.15.255 dev bond0.69 scope global
10.20.0.253/16 dev bond0.20 scope global
10.68.0.253/24 dev bond0.68 scope global
10.66.0.253/24 dev bond0.66 scope global
192.168.2.2/24 dev bond0.2 scope global
}
}
- name: Install sendmail
apt:
name: sendmail
- name: Install sendmail-bin
apt:
name: sendmail-bin
- name: Configure sendmail
blockinfile:
path: /etc/mail/sendmail.mc
......
com2sec readonly default public
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
syslocation Local serveur, Batiment G, Metz, France [49.103675, 6.219099]
syscontact Rezo Metz <rezo-admin@rezometz.org>
#This line allows Observium to detect the host OS if the distro script is installed
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro
- name: "Install snmpd"
apt :
name: snmpd
state: present
register: install
- name: "Copy conf file"
copy:
src: snmpd.conf
dest: /etc/snmp/snmpd.conf
owner: root
group: root
mode: 0644
backup: true
register: copy
- name: "Restart service snmpd"
systemd:
state: restarted
daemon_reload: yes
name: snmpd
when: install.changed or copy.changed
......@@ -4,6 +4,12 @@
---
- hosts: gateways
remote_user: root
vars_prompt:
- name: keepalived_pass
prompt: "Enter keepalived password"
private: yes
tasks:
- include_role:
name: configure_routers_network
- include_role:
name: keepalived