Changeset 3667


Ignore:
Timestamp:
Jun 7, 2017, 3:03:17 AM (2 months ago)
Author:
bruno
Message:

Many updates to MR setup

Location:
branches/3.3/ansible
Files:
18 added
2 deleted
10 edited

Legend:

Unmodified
Added
Removed
  • branches/3.3/ansible/handlers/main.yml

    r3656 r3667  
    22- name: restart httpd
    33  service: name=httpd state=restarted
     4
     5- name: reload httpd
     6  service: name=httpd state=reloaded
     7
     8- name: restart docker
     9  service: name=docker state=restarted
  • branches/3.3/ansible/inventory

    r3657 r3667  
    3737www.mondorescue.org
    3838
     39[pb]
     40www.mondorescue.org
     41
     42[docker]
     43www.mondorescue.org
     44
     45[mageia-docker]
     46www.mondorescue.org
     47
    3948[system]
    4049www.mondorescue.org
  • branches/3.3/ansible/roles/rsync/tasks/main.yml

    r3657 r3667  
    66
    77- name: Configure rsync
    8   copy: src=templates/rsyncd.conf dest=/etc/rsyncd.conf owner=root group=root mode=0600 backup=yes
     8  template: src=templates/rsyncd.conf dest=/etc/rsyncd.conf owner=root group=root mode=0600 backup=yes
    99  notify:
    1010    - restart rsync
  • branches/3.3/ansible/roles/shorewall/defaults/main.yml

    r3657 r3667  
    4141  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 20 }
    4242  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 21 }
     43  # Incoming SMTP
     44  - { action: ACCEPT, source: "net:{{ smtp }}", destination: fw, protocol: tcp, destination_port: 25 }
    4345  # Incoming NTP
    4446  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 123 }
     
    6062  - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 9999 }
    6163  # Outgoing SMTP
    62 - { action: ACCEPT, source: fw, destination: net:{{ smtp }}, protocol: tcp, destination_port: 25 }
     64  - { action: ACCEPT, source: fw, destination: "net:{{ smtp }}", protocol: tcp, destination_port: 25 }
     65  # Outgoing SSH
     66  - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 22 }
    6367  # Outgoing PING
    6468  - { action: ACCEPT, source: fw, destination: net, protocol: icmp, destination_port: 8 }
  • branches/3.3/ansible/roles/smtp/handlers/main.yml

    r3655 r3667  
    44  notify:
    55   - restart postfix
     6   - redo postalias
    67
    78- name: restart postfix
    89  service: name=postfix state=restarted
     10
     11- name: redo postalias
     12  command: /usr/sbin/postalias /etc/postfix/aliases
  • branches/3.3/ansible/roles/system/tasks/main.yml

    r3657 r3667  
    22
    33- name: Check that IP address is setup
    4   copy: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
     4  template: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
    55  tags: system
    66
    77- name: Check that GW is setup
    8   copy: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
     8  template: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
    99  tags: system
    1010
     
    2828  tags: system
    2929
    30 - name: Ensure the fwadmin group exists
    31   group: name=fwadmin state=present
     30- name: Ensure the groups exists
     31  group: name={{ item }} state=present
    3232  tags: system
     33  with_items:
     34    - fwadmin
     35    - bruno
    3336
    34 - name: Ensure the fwadmin account exists
    35   user: name=fwadmin state=present group=fwadmin home=/home/fwadmin move_home=yes
     37- name: Ensure the accounts exists
     38  user: name={{ item }} state=present group={{ item }} home=/home/{{ item }} move_home=yes
    3639  tags: system
     40  with_items:
     41    - fwadmin
     42    - bruno
    3743
    38 - name: Copy public for fwadmin access
    39   lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' owner={{item }} group={{item }} mode=0600 backup=yes
     44- name: Copy special keys for remote access (git...)
     45  copy: src=/users/bruno/prj/musique-ancienne.org/mondorescue.org/{{ item.f }} dest=/home/bruno/{{ item.f }} mode={{ item.m }} backup=yes owner=bruno group=bruno
     46  with_items:
     47    - { f: .ssh, m: 700 }
     48    - { f: .ssh/id_rsa, m: 600 }
     49    - { f: .ssh/id_rsa.pub, m: 644 }
     50
     51- name: Copy public keys for access
     52  lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' mode=0600 backup=yes owner={{ item }} group={{ item }}
    4053  with_items:
    4154    - fwadmin
     
    5265
    5366- name: Check that sshutout is configured
    54   copy: src=templates/sshutout.conf dest=/etc/sshtout.conf owner=root group=root mode=0600 backup=yes
     67  template: src=templates/sshutout.conf dest=/etc/sshutout.conf owner=root group=root mode=0600 backup=yes
    5568  notify:
    5669    - restart sshutout
  • branches/3.3/ansible/roles/system/templates/ifcfg-enp2s0f0

    r3657 r3667  
    11DEVICE=enp2s0f0
    22BOOTPROTO=static
    3 IPADDR={{ ip_int }
     3IPADDR={{ ip_int }}
    44NETMASK={{ netmask_int }}
    55ONBOOT=yes
  • branches/3.3/ansible/roles/system/templates/sshutout.conf

    r3657 r3667  
    5656
    5757#whitelist =
    58 whitelist = {{ hyperlinux }}, hpecore.net
     58whitelist = {{ hyperlinux }}
    5959
    6060# Enabled by default, this parameter automatically whitelists
  • branches/3.3/ansible/roles/urpmi/tasks/main.yml

    r3657 r3667  
    1818    - { pkg: rsyslog }
    1919    - { pkg: rsyslog-journald }
     20    - { pkg: mlocate }
  • branches/3.3/ansible/site.yml

    r3657 r3667  
    1010- include: git.yml
    1111- include: rsync.yml
     12- include: docker.yml
     13- include: pb.yml
     14- include: mageia-docker.yml
Note: See TracChangeset for help on using the changeset viewer.