Changeset 3667 in MondoRescue for branches

Timestamp:

Jun 7, 2017, 3:03:17 AM (8 years ago)

Author:

Bruno Cornec

Message:

Many updates to MR setup

Location:

branches/3.3/ansible

Files:

• handlers/main.yml (modified) (1 diff)
• inventory (modified) (1 diff)
• pb.yml (added)
• roles/docker (added)
• roles/docker/tasks (added)
• roles/docker/tasks/main.yml (added)
• roles/mageia-docker (added)
• roles/mageia-docker/tasks (added)
• roles/mageia-docker/tasks/main.yml (added)
• roles/pb (added)
• roles/pb/tasks (added)
• roles/pb/tasks/main.yml (added)
• roles/rsync/tasks/main.yml (modified) (1 diff)
• roles/shorewall/defaults/main.yml (modified) (2 diffs)
• roles/smtp/handlers/main.yml (modified) (1 diff)
• roles/sympa (added)
• roles/sympa/files (added)
• roles/sympa/files/sympa.conf (added)
• roles/sympa/handlers (added)
• roles/sympa/handlers/main.yml (added)
• roles/sympa/tasks (added)
• roles/sympa/tasks/main.yml (added)
• roles/system/defaults/main.yml (deleted)
• roles/system/tasks/main.yml (modified) (3 diffs)
• roles/system/templates/ifcfg-enp2s0f0 (modified) (1 diff)
• roles/system/templates/sshutout.conf (modified) (1 diff)
• roles/urpmi/defaults (deleted)
• roles/urpmi/tasks/main.yml (modified) (1 diff)
• site.yml (modified) (1 diff)
• sympa.yml (added)

branches/3.3/ansible/handlers/main.yml

@@ -2 +2 @@
 - name: restart httpd
   service: name=httpd state=restarted
+
+- name: reload httpd
+  service: name=httpd state=reloaded
+
+- name: restart docker
+  service: name=docker state=restarted

branches/3.3/ansible/inventory

@@ -37 +37 @@
 www.mondorescue.org
 
+[pb]
+www.mondorescue.org
+
+[docker]
+www.mondorescue.org
+
+[mageia-docker]
+www.mondorescue.org
+
 [system]
 www.mondorescue.org

branches/3.3/ansible/roles/rsync/tasks/main.yml

@@ -6 +6 @@
 
 - name: Configure rsync
-  copy: src=templates/rsyncd.conf dest=/etc/rsyncd.conf owner=root group=root mode=0600 backup=yes
+  template: src=templates/rsyncd.conf dest=/etc/rsyncd.conf owner=root group=root mode=0600 backup=yes
   notify:
     - restart rsync

branches/3.3/ansible/roles/shorewall/defaults/main.yml

@@ -41 +41 @@
   - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 20 }
   - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 21 }
+  # Incoming SMTP
+  - { action: ACCEPT, source: "net:{{ smtp }}", destination: fw, protocol: tcp, destination_port: 25 }
   # Incoming NTP
   - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 123 }
@@ -60 +62 @@
   - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 9999 }
   # Outgoing SMTP
-- { action: ACCEPT, source: fw, destination: net:{{ smtp }}, protocol: tcp, destination_port: 25 }
+  - { action: ACCEPT, source: fw, destination: "net:{{ smtp }}", protocol: tcp, destination_port: 25 }
+  # Outgoing SSH
+  - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 22 }
   # Outgoing PING
   - { action: ACCEPT, source: fw, destination: net, protocol: icmp, destination_port: 8 }

branches/3.3/ansible/roles/smtp/handlers/main.yml

@@ -4 +4 @@
   notify: 
    - restart postfix
+   - redo postalias
 
 - name: restart postfix
   service: name=postfix state=restarted
+
+- name: redo postalias
+  command: /usr/sbin/postalias /etc/postfix/aliases

branches/3.3/ansible/roles/system/tasks/main.yml

@@ -2 +2 @@
 
 - name: Check that IP address is setup
-  copy: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
+  template: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
   tags: system
 
 - name: Check that GW is setup
-  copy: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
+  template: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
   tags: system
 
@@ -28 +28 @@
   tags: system
 
-- name: Ensure the fwadmin group exists
-  group: name=fwadmin state=present 
+- name: Ensure the groups exists
+  group: name={{ item }} state=present 
   tags: system
+  with_items: 
+    - fwadmin
+    - bruno
 
-- name: Ensure the fwadmin account exists
-  user: name=fwadmin state=present group=fwadmin home=/home/fwadmin move_home=yes
+- name: Ensure the accounts exists
+  user: name={{ item }} state=present group={{ item }} home=/home/{{ item }} move_home=yes
   tags: system
+  with_items: 
+    - fwadmin
+    - bruno
 
-- name: Copy public for fwadmin access
-  lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' owner={{item }} group={{item }} mode=0600 backup=yes
+- name: Copy special keys for remote access (git...)
+  copy: src=/users/bruno/prj/musique-ancienne.org/mondorescue.org/{{ item.f }} dest=/home/bruno/{{ item.f }} mode={{ item.m }} backup=yes owner=bruno group=bruno
+  with_items: 
+    - { f: .ssh, m: 700 }
+    - { f: .ssh/id_rsa, m: 600 }
+    - { f: .ssh/id_rsa.pub, m: 644 }
+
+- name: Copy public keys for access
+  lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' mode=0600 backup=yes owner={{ item }} group={{ item }}
   with_items: 
     - fwadmin
@@ -52 +65 @@
 
 - name: Check that sshutout is configured
-  copy: src=templates/sshutout.conf dest=/etc/sshtout.conf owner=root group=root mode=0600 backup=yes
+  template: src=templates/sshutout.conf dest=/etc/sshutout.conf owner=root group=root mode=0600 backup=yes
   notify:
     - restart sshutout

branches/3.3/ansible/roles/system/templates/ifcfg-enp2s0f0

@@ -1 +1 @@
 DEVICE=enp2s0f0
 BOOTPROTO=static
-IPADDR={{ ip_int }
+IPADDR={{ ip_int }}
 NETMASK={{ netmask_int }}
 ONBOOT=yes

branches/3.3/ansible/roles/system/templates/sshutout.conf

@@ -56 +56 @@
 
 #whitelist = 
-whitelist = {{ hyperlinux }}, hpecore.net
+whitelist = {{ hyperlinux }}
 
 # Enabled by default, this parameter automatically whitelists 

branches/3.3/ansible/roles/urpmi/tasks/main.yml

@@ -18 +18 @@
     - { pkg: rsyslog }
     - { pkg: rsyslog-journald }
+    - { pkg: mlocate }

branches/3.3/ansible/site.yml

@@ -10 +10 @@
 - include: git.yml
 - include: rsync.yml
+- include: docker.yml
+- include: pb.yml
+- include: mageia-docker.yml