Merge branch 'main' into 8414_Refactor_MariaDB_rol-Split

.gitignore

@@ -1,6 +1,12 @@
 .vscode/
+venv
 .vault-pass
 .vault.yml
 .passbolt.yml
 inventories/local
-venv
+inventories/local.yml
+inventories/local.yaml
+inventories/host_vars/*/local.yml
+inventories/host_vars/*/local.yaml
+inventories/group_vars/*/local.yml
+inventories/group_vars/*/local.yaml

README.md

@@ -40,10 +40,7 @@ ansible-galaxy collection install -r collections/requirements.yml
 
 ## Run playbook
 
-Before merging changes into protected branches, playbooks should be tested 
-locally to ensure they work properly. The *inventories/local* inventory is not 
-uploaded to the repository and can be used for local testing. In any case, it 
-is advisable to use a different repository to store inventories.
+It is advisable to use a different repository to store inventories.
 
 Run playbook on inventory host.
 ```
@@ -62,6 +59,14 @@ List available tags for playbook.
 ansible-playbook playbooks/<playbook_name>.yml --list-tags
 ```
 
+## Playbook testing
+
+Before merging changes into protected branches, playbooks should be tested 
+locally to ensure they work properly. Take a look to *.gitignore* to known 
+the *inventories* file patterns that are excluded from remote.
+
+* https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html#organizing-host-and-group-variables
+
 ## Manage secrets
 
 Secrets can be managed by using Ansible vault or an external keystore, Passbolt 

playbooks/debian.yml

@@ -1,18 +1,5 @@
 - name: Configure base Debian host
   hosts: all
   tasks:
-  - name: Configure virtual machine or host (not LXC)
-    import_role:
-      name: debian-host
-    when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm'
-  - name: Configure base system (all)
-    import_role:
-      name: debian-base 
-  - name: Configure guest
-    import_role:
-      name: debian-guest
-    when: ansible_virtualization_role == 'guest'
-  - name: Configure virtual machine
-    import_role:
-      name: debian-qemu
-    when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'
+  - import_role:
+      name: debian

playbooks/kube.yml

@@ -1,5 +1,7 @@
 - name: Configure Kubernetes
   hosts: all
   tasks:
+  - import_role:
+      name: debian
   - import_role:
       name: kube

playbooks/pve.yml

@@ -1,5 +1,7 @@
 - name: Configure PVE
   hosts: all
   tasks:
+  - import_role:
+      name: debian
   - import_role:
       name: pve

roles/debian-base/tasks/main.yml

@@ -1,34 +0,0 @@
-- import_tasks: witness.yml
-  tags: witness
-- import_tasks: root.yml
-  tags: root
-- import_tasks: resolv.yml
-  tags: resolv
-- import_tasks: timesync.yml
-  tags: timesync
-- import_tasks: sshd_configure.yml
-  tags: sshd_configure
-- import_tasks: defuser.yml
-  tags: defuser
-- import_tasks: install.yml
-  tags: install
-- import_tasks: locale.yml
-  tags: locale
-- import_tasks: tzdata.yml
-  tags: tzdata
-- import_tasks: relayhost.yml
-  tags: relayhost
-- import_tasks: motd.yml
-  tags: motd
-- import_tasks: profile.yml
-  tags: profile
-- import_tasks: vim.yml
-  tags: vim
-- import_tasks: nrpe.yml
-  tags: nrpe
-- import_tasks: fail2ban.yml
-  tags: fail2ban
-- import_tasks: bacula.yml
-  tags: bacula
-- import_tasks: vn-repo.yml
-  tags: vn-repo

roles/debian-base/tasks/vn-repo.yml

@@ -1,3 +0,0 @@
-- name: Install package
-  apt:
-    deb: "{{ vn_host_url }}"

roles/debian-guest/handlers/main.yml

@@ -1,8 +0,0 @@
-- name: restart-nslcd
-  service:
-    name: nslcd
-    state: restarted
-- name: restart-ssh
-  systemd:
-    name: ssh
-    state: restarted

roles/debian-guest/tasks/main.yml

@@ -1,6 +0,0 @@
-- import_tasks: auth.yml
-  tags: auth
-- import_tasks: sudoers.yml
-  tags: sudoers
-- import_tasks: ssh_keys.yml
-  tags: ssh_keys

roles/debian-host/handlers/main.yml

@@ -1,4 +0,0 @@
-- name: restart-sysctl
-  systemd:
-    name: systemd-sysctl
-    state: restarted

roles/debian-host/tasks/main.yml

@@ -1,6 +0,0 @@
-- import_tasks: hostname.yml
-  tags: hostname
-- import_tasks: sysctl.yml
-  tags: sysctl
-- import_tasks: apparmor.yml
-  tags: apparmor

roles/debian-qemu/defaults/main.yml

@@ -1,8 +0,0 @@
-homes_path: /mnt/homes
-autofs_packages:
-  - nfs-common
-  - autofs
-  - libnfs-utils
-  - autofs-ldap
-blacklist_module_kernel: |
-  blacklist snd_hda_intel

roles/debian-qemu/handlers/main.yml

@@ -1,4 +0,0 @@
-- name: restart-autofs
-  service:
-    name: autofs
-    state: restarted

roles/debian-qemu/tasks/main.yml

@@ -1,10 +0,0 @@
-- import_tasks: agent.yml
-  tags: agent
-- import_tasks: hotplug.yml
-  tags: hotplug
-- import_tasks: autofs.yml
-  tags: autofs
-- import_tasks: blacklist.yml
-  tags: blacklist
-- import_tasks: grub_startup.yml
-  tags: grub_startup

roles/debian/defaults/main.yaml

@@ -1,5 +1,8 @@
 vn_first_time: false
 vn_witness_checked: false
+deb_packages:
+  - https://apt.verdnatura.es/pool/main/v/vn-host/vn-apt-source_3.0.1_all.deb
+  - https://apt.verdnatura.es/pool/main/v/vn-host/vn-host_3.0.1_all.deb
 grub_user: admin
 default_user: user
 fail2ban:
@@ -36,3 +39,11 @@ base_packages:
 locales_present:
   - en_US.UTF-8
   - es_ES.UTF-8
+homes_path: /mnt/homes
+autofs_packages:
+  - nfs-common
+  - autofs
+  - libnfs-utils
+  - autofs-ldap
+blacklist_module_kernel: |
+  blacklist snd_hda_intel

roles/debian/handlers/main.yml

@@ -18,6 +18,22 @@
   systemd:
     name: sshd
     state: restarted
+- name: restart-sysctl
+  systemd:
+    name: systemd-sysctl
+    state: restarted
+- name: restart-nslcd
+  service:
+    name: nslcd
+    state: restarted
+- name: restart-ssh
+  systemd:
+    name: ssh
+    state: restarted
+- name: restart-autofs
+  service:
+    name: autofs
+    state: restarted
 - name: generate locales
   command: /usr/sbin/locale-gen
 - name: reconfigure tzdata

roles/debian/tasks/main.yml

@@ -0,0 +1,71 @@
+
+- name: Configure virtual machine or host (not LXC)
+  when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm'
+  block:
+    - import_tasks: hostname.yml
+      tags: hostname
+    - import_tasks: sysctl.yml
+      tags: sysctl
+    - import_tasks: apparmor.yml
+      tags: apparmor
+
+- name: Configure base system (all)
+  block:
+    - import_tasks: witness.yml
+      tags: witness
+    - import_tasks: root.yml
+      tags: root
+    - import_tasks: resolv.yml
+      tags: resolv
+    - import_tasks: timesync.yml
+      tags: timesync
+    - import_tasks: sshd_configure.yml
+      tags: sshd_configure
+    - import_tasks: defuser.yml
+      tags: defuser
+    - import_tasks: install.yml
+      tags: install
+    - import_tasks: locale.yml
+      tags: locale
+    - import_tasks: tzdata.yml
+      tags: tzdata
+    - import_tasks: relayhost.yml
+      tags: relayhost
+    - import_tasks: motd.yml
+      tags: motd
+    - import_tasks: profile.yml
+      tags: profile
+    - import_tasks: vim.yml
+      tags: vim
+    - import_tasks: nrpe.yml
+      tags: nrpe
+    - import_tasks: fail2ban.yml
+      tags: fail2ban
+    - import_tasks: bacula.yml
+      tags: bacula
+    - import_tasks: vn-repo.yml
+      tags: vn-repo
+
+- name: Configure guest
+  when: ansible_virtualization_role == 'guest'
+  block:
+    - import_tasks: auth.yml
+      tags: auth
+    - import_tasks: sudoers.yml
+      tags: sudoers
+    - import_tasks: ssh_keys.yml
+      tags: ssh_keys
+
+- name: Configure virtual machine
+  when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'
+  block:
+    - import_tasks: agent.yml
+      tags: agent
+    - import_tasks: hotplug.yml
+      tags: hotplug
+    - import_tasks: autofs.yml
+      tags: autofs
+    - import_tasks: blacklist.yml
+      tags: blacklist
+    - import_tasks: grub_startup.yml
+      tags: grub_startup

roles/debian/tasks/vn-repo.yml

@@ -0,0 +1,4 @@
+- name: Install package
+  apt:
+    deb: "{{ item }}"
+  with_items: "{{ deb_packages }}"