verdnatura/vn-ansible
verdnatura
/
vn-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refs #8025 inventory dns suffix and patterns, added ceph pve and kube playboks, small refactor

This commit is contained in:
Juan Ferrer 2024-09-30 08:07:30 +02:00
parent 7b90daa253
commit 5bf05ebb29
23 changed files with 230 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -16,7 +16,7 @@ locally to ensure they work properly.
Launch playbook on the fly on a host not declared in the inventory.
```
ansible-playbook.sh -i <ip_or_hostname>, [--tags tag1,tag2] playbooks/test.yml
ansible-playbook -i <ip_or_hostname>, [-t tag1,tag2] playbooks/test.yml
```
*Note the comma at the end of the hostname or IP.*

35
inventories/core
View File

@ -1,18 +1,17 @@
[all:vars]
host_domain=core.dc.verdnatura.es
[backup:vars]
host_domain=backup.dc.verdnatura.es
[ceph]
ceph1 ansible_host=ceph1.core.dc.verdnatura.es
ceph2 ansible_host=ceph2.core.dc.verdnatura.es
ceph3 ansible_host=ceph3.core.dc.verdnatura.es
ceph[1:3]
[ceph_gw]
ceph-gw1 ansible_host=ceph-gw1.core.dc.verdnatura.es
ceph-gw2 ansible_host=ceph-gw2.core.dc.verdnatura.es
ceph-gw[1:2]
[pve]
pve01 ansible_host=pve01.core.dc.verdnatura.es
pve02 ansible_host=pve02.core.dc.verdnatura.es
pve03 ansible_host=pve03.core.dc.verdnatura.es
pve04 ansible_host=pve04.core.dc.verdnatura.es
pve05 ansible_host=pve04.core.dc.verdnatura.es
pve[01:05]
[infra:children]
ceph
@ -20,13 +19,13 @@ ceph_gw
pve
[core]
core-agent ansible_host=core-agent.core.dc.verdnatura.es
core-proxy ansible_host=core-proxy.core.dc.verdnatura.es
core-agent
core-proxy
[backup]
bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es
bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es
bacularis ansible_host=bacularis.backup.dc.verdnatura.es
backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es
tftp ansible_host=tftp.backup.dc.verdnatura.es
kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es
bacula-dir
bacula-db
bacularis
backup-nas
tftp
kube-backup

1
inventories/group_vars/all.yml
View File

@ -1,3 +1,4 @@
ansible_host: "{{inventory_hostname_short}}.{{host_domain}}"
sysadmin_mail: sysadmin@verdnatura.es
sysadmin_group: sysadmin
smtp_server: smtp.verdnatura.es

37
inventories/lab Normal file
View File

@ -0,0 +1,37 @@
[all:vars]
host_domain=lab.verdnatura.es
[cephlab]
cephlab[01:03]
[pvelab]
pvelab[01:03]
[infra:children]
cephlab
pvelab
[cephtest]
cephtest[01:03]
[kubepre]
kubepre-helm
kubepre-proxy1
kubepre-master[1:3]
kubepre-worker[1:4]
[kubetest]
kubetest-helm
kubetest-master[01:03]
kubetest-worker[01:04]
[laboratory]
corelab-proxy1
zammad
matrix
[guest:children]
cephtest
kubepre
kubetest
laboratory

50
inventories/laboratory
View File

@ -1,50 +0,0 @@
[cephlab]
cephlab01 ansible_host=cephlab01.lab.verdnatura.es
cephlab02 ansible_host=cephlab02.lab.verdnatura.es
cephlab03 ansible_host=cephlab03.lab.verdnatura.es
[pvelab]
pvelab01 ansible_host=pvelab01.lab.verdnatura.es
pvelab02 ansible_host=pvelab02.lab.verdnatura.es
pvelab03 ansible_host=pvelab03.lab.verdnatura.es
[infra:children]
cephlab
pvelab
[cephtest]
cephtest01 ansible_host=cephtest01.lab.verdnatura.es
cephtest02 ansible_host=cephtest02.lab.verdnatura.es
cephtest03 ansible_host=cephtest03.lab.verdnatura.es
[kubepre]
kubepre-helm ansible_host=kubepre-helm.lab.verdnatura.es
kubepre-proxy1 ansible_host=kubepre-proxy1.lab.verdnatura.es
kubepre-master1 ansible_host=kubepre-master1.lab.verdnatura.es
kubepre-master2 ansible_host=kubepre-master2.lab.verdnatura.es
kubepre-master3 ansible_host=kubepre-master3.lab.verdnatura.es
kubepre-worker1 ansible_host=kubepre-worker1.lab.verdnatura.es
kubepre-worker2 ansible_host=kubepre-worker2.lab.verdnatura.es
kubepre-worker3 ansible_host=kubepre-worker3.lab.verdnatura.es
kubepre-worker4 ansible_host=kubepre-worker4.lab.verdnatura.es
[kubetest]
kubetest-helm ansible_host=kubetest-helm.lab.verdnatura.es
kubetest-master01 ansible_host=kubetest-master01.lab.verdnatura.es
kubetest-master02 ansible_host=kubetest-master02.lab.verdnatura.es
kubetest-master03 ansible_host=kubetest-master03.lab.verdnatura.es
kubetest-worker01 ansible_host=kubetest-worker01.lab.verdnatura.es
kubetest-worker02 ansible_host=kubetest-worker02.lab.verdnatura.es
kubetest-worker03 ansible_host=kubetest-worker03.lab.verdnatura.es
kubetest-worker04 ansible_host=kubetest-worker04.lab.verdnatura.es
[laboratory]
corelab-proxy1 ansible_host=corelab-proxy1.lab.verdnatura.es
zammad ansible_host=zammad.lab.verdnatura.es
matrix ansible_host=matrix.lab.verdnatura.es
[guest:children]
cephtest
kubepre
kubetest
laboratory

99
inventories/production
View File

@ -1,99 +0,0 @@
[kube_master]
kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es
kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es
kube-master3 ansible_host=kube-master3.servers.dc.verdnatura.es
kube-master4 ansible_host=kube-master4.servers.dc.verdnatura.es
kube-master5 ansible_host=kube-master5.servers.dc.verdnatura.es
[kube_worker]
kube-worker1 ansible_host=kube-worker1.servers.dc.verdnatura.es
kube-worker2 ansible_host=kube-worker2.servers.dc.verdnatura.es
kube-worker3 ansible_host=kube-worker3.servers.dc.verdnatura.es
kube-worker4 ansible_host=kube-worker4.servers.dc.verdnatura.es
kube-worker5 ansible_host=kube-worker5.servers.dc.verdnatura.es
[kube_proxy]
kube-proxy1 ansible_host=kube-proxy1.servers.dc.verdnatura.es
kube-proxy2 ansible_host=kube-proxy2.servers.dc.verdnatura.es
[kube_helper]
kube-helm ansible_host=kube-helm.servers.dc.verdnatura.es
[kubernetes:children]
kube_master
kube_worker
kube_proxy
kube_helper
[ad]
dc1 ansible_host=dc1.servers.dc.verdnatura.es
dc2 ansible_host=dc2.servers.dc.verdnatura.es
server ansible_host=server.servers.dc.verdnatura.es
[db]
db-proxy1 ansible_host=db-proxy1.servers.dc.verdnatura.es
db-proxy2 ansible_host=db-proxy2.servers.dc.verdnatura.es
db1 ansible_host=db1.servers.dc.verdnatura.es
db2 ansible_host=db2.servers.dc.verdnatura.es
[ldap]
ldap-proxy1 ansible_host=ldap-proxy1.servers.dc.verdnatura.es
ldap-proxy2 ansible_host=ldap-proxy2.servers.dc.verdnatura.es
ldap1 ansible_host=ldap1.servers.dc.verdnatura.es
ldap2 ansible_host=ldap2.servers.dc.verdnatura.es
ldap3 ansible_host=ldap3.servers.dc.verdnatura.es
[mail]
dovecot ansible_host=dovecot.servers.dc.verdnatura.es
mailgw1 ansible_host=mailgw1.servers.dc.verdnatura.es
mailgw2 ansible_host=mailgw2.servers.dc.verdnatura.es
postfix ansible_host=postfix.servers.dc.verdnatura.es
spamd ansible_host=spamd.servers.dc.verdnatura.es
spamd-db ansible_host=spamd-db.servers.dc.verdnatura.es
[monitoring]
cacti ansible_host=cacti.servers.dc.verdnatura.es
logger ansible_host=logger.servers.dc.verdnatura.es
nagios ansible_host=nagios.servers.dc.verdnatura.es
nagiosql-db ansible_host=nagiosql-db.servers.dc.verdnatura.es
librenms ansible_host=librenms.servers.dc.verdnatura.es
[network]
dhcp1 ansible_host=dhcp1.servers.dc.verdnatura.es
dhcp2 ansible_host=dhcp2.servers.dc.verdnatura.es
ns1 ansible_host=ns1.servers.dc.verdnatura.es
ns2 ansible_host=ns2.servers.dc.verdnatura.es
unifi ansible_host=unifi.servers.dc.verdnatura.es
vpn ansible_host=vpn.servers.dc.verdnatura.es
time1 ansible_host=time1.servers.dc.verdnatura.es
time2 ansible_host=time2.servers.dc.verdnatura.es
[princ]
pbx ansible_host=pbx.servers.dc.verdnatura.es
homes ansible_host=homes.servers.dc.verdnatura.es
doku ansible_host=doku.servers.dc.verdnatura.es
iventoy ansible_host=iventoy.servers.dc.verdnatura.es
[rds]
ts-proxy1 ansible_host=ts-proxy1.servers.dc.verdnatura.es
ts-proxy2 ansible_host=ts-proxy2.servers.dc.verdnatura.es
profiles ansible_host=profiles.servers.dc.verdnatura.es
[test]
test-db1 ansible_host=test-db1.servers.dc.verdnatura.es
test-db-proxy1 ansible_host=test-db-proxy1.servers.dc.verdnatura.es
test-db-proxy2 ansible_host=test-db-proxy2.servers.dc.verdnatura.es
monthly-db ansible_host=monthly-db.servers.dc.verdnatura.es
dev-db ansible_host=dev-db.servers.dc.verdnatura.es
[guest:children]
ad
db
kubernetes
ldap
mail
monitoring
network
princ
rds
test

81
inventories/servers Normal file
View File

@ -0,0 +1,81 @@
[all:vars]
host_domain=servers.dc.verdnatura.es
[kube_master]
kube-master[1:5]
[kube_worker]
kube-worker[1:5]
[kube_proxy]
kube-proxy[1:2]
[kube_helper]
kube-helm
[kubernetes:children]
kube_master
kube_worker
kube_proxy
kube_helper
[ad]
dc[1:2]
server
[db]
db-proxy[1:2]
db[1:2]
[ldap]
ldap-proxy[1:2]
ldap[1:3]
[mail]
dovecot
mailgw[1:2]
postfix
spamd
spamd-db
[monitoring]
cacti
logger
nagios
nagiosql-db
librenms
[network]
dhcp[1:2]
ns[1:2]
unifi
vpn
time[1:2]
[princ]
pbx
homes
doku
iventoy
[rds]
ts-proxy[1:2]
profiles
[test]
test-db1
test-db-proxy[1:2]
monthly-db
dev-db
[guest:children]
ad
db
kubernetes
ldap
mail
monitoring
network
princ
rds
test

5
playbooks/ceph.yml Normal file
View File

@ -0,0 +1,5 @@
- name: Configure Ceph
hosts: all
tasks:
- import_role:
name: ceph

5
playbooks/kube.yml Normal file
View File

@ -0,0 +1,5 @@
- name: Configure Kubernetes
hosts: all
tasks:
- import_role:
name: kube

5
playbooks/pve.yml Normal file
View File

@ -0,0 +1,5 @@
- name: Configure PVE
hosts: all
tasks:
- import_role:
name: pve

5
roles/ceph/files/nrpe.cfg Normal file
View File

@ -0,0 +1,5 @@
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 700 -c 1000
command[check_chrony]=/usr/lib/nagios/plugins/check_chrony 1 2
command[check_smartdisk]=/etc/nagios/plugins/check_smartdisk.sh /dev/sda /dev/sdb
command[check_raid]=/usr/lib/nagios/plugins/check_raid
command[check_mon]=/etc/nagios/plugins/check_ceph_mon --id nagios --monid "`hostname`"

4
roles/ceph/handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
- name: restart-nrpe
service:
name: nagios-nrpe-server
state: restarted

8
roles/ceph/tasks/main.yml Normal file
View File

@ -0,0 +1,8 @@
- name: Set NRPE Ceph configuration
copy:
src: nrpe.cfg
dest: /etc/nagios/nrpe.d/95-ceph.cfg
owner: root
group: root
mode: u=rw,g=r,o=r
notify: restart-nrpe

13
roles/debian-base/defaults/main.yaml
View File

@ -5,16 +5,3 @@ fail2ban:
bantime: 600
maxretry: 4
ignore: "127.0.0.0/8 {{ dc_net }}"
exim_dc_eximconfig_configtype: satellite
dc_other_hostnames: "{{ ansible_fqdn }}"
dc_local_interfaces: 127.0.0.1
dc_readhost: "{{ ansible_fqdn }}"
dc_relay_domains: ""
dc_minimaldns: false
dc_relay_nets: ""
dc_smarthost: "{{ smtp_server }}"
CFILEMODE: 644
dc_use_split_config: false
dc_hide_mailname: true
dc_mailname_in_oh: true
dc_localdelivery: mail_spool

26
roles/debian-base/tasks/relayhost.yml
View File

@ -11,31 +11,31 @@
mode: 0644
with_items:
- regexp: '^dc_eximconfig_configtype'
line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'"
line: "dc_eximconfig_configtype='satellite'"
- regexp: '^dc_other_hostnames'
line: "dc_other_hostnames='{{ dc_other_hostnames }}'"
line: "dc_other_hostnames='{{ ansible_fqdn }}'"
- regexp: '^dc_local_interfaces'
line: "dc_local_interfaces='{{ dc_local_interfaces }}'"
line: "dc_local_interfaces='127.0.0.1'"
- regexp: '^dc_readhost'
line: "dc_readhost='{{ dc_readhost }}'"
line: "dc_readhost='{{ ansible_fqdn }}'"
- regexp: '^dc_relay_domains'
line: "dc_relay_domains='{{ dc_relay_domains }}'"
line: "dc_relay_domains=''"
- regexp: '^dc_minimaldns'
line: "dc_minimaldns='{{ dc_minimaldns }}'"
line: "dc_minimaldns='false'"
- regexp: '^dc_relay_nets'
line: "dc_relay_nets='{{ dc_relay_nets }}'"
line: "dc_relay_nets=''"
- regexp: '^dc_smarthost'
line: "dc_smarthost='{{ dc_smarthost }}'"
line: "dc_smarthost='{{ smtp_server }}'"
- regexp: '^CFILEMODE'
line: "CFILEMODE='{{ CFILEMODE }}'"
line: "CFILEMODE='644'"
- regexp: '^dc_use_split_config'
line: "dc_use_split_config='{{ dc_use_split_config }}'"
line: "dc_use_split_config='false'"
- regexp: '^dc_hide_mailname'
line: "dc_hide_mailname='{{ dc_hide_mailname }}'"
line: "dc_hide_mailname='true'"
- regexp: '^dc_mailname_in_oh'
line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'"
line: "dc_mailname_in_oh='true'"
- regexp: '^dc_localdelivery'
line: "dc_localdelivery='{{ dc_localdelivery }}'"
line: "dc_localdelivery='mail_spool'"
notify: restart-exim
register: exim_config
- name: Update exim configuration

5
roles/kube/files/nrpe.cfg Normal file
View File

@ -0,0 +1,5 @@
command[check_mountpoints]=/etc/nagios/plugins/check_mountpoints /var/lib/containerd
command[check_disk_containerd]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /var/lib/containerd
command[check_readonly]=/etc/nagios/plugins/check_fs_readable.pl
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 1000 -c 1500
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 25 -c 50 -s Z

4
roles/kube/handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
- name: restart-nrpe
service:
name: nagios-nrpe-server
state: restarted

8
roles/kube/tasks/main.yml Normal file
View File

@ -0,0 +1,8 @@
- name: Set NRPE Kubernetes configuration
copy:
src: nrpe.cfg
dest: /etc/nagios/nrpe.d/95-kube.cfg
owner: root
group: root
mode: u=rw,g=r,o=r
notify: restart-nrpe

3
roles/pve/files/nrpe.cfg Normal file
View File

@ -0,0 +1,3 @@
command[check_zfs]=/etc/nagios/plugins/check_zfs.pl
command[check_chrony]=/etc/nagios/plugins/check_chrony -w 1 -c 2
command[check_smartdisk]=/etc/nagios/plugins/check_smartdisk.sh /dev/sda /dev/sdb /dev/sdc /dev/sdd

1
roles/pve/files/sudoers Normal file
View File

@ -0,0 +1 @@
nagios ALL=(root) NOPASSWD: /usr/bin/zpool,/usr/sbin/smartctl,/usr/lib/nagios/plugins/check_zfs.pl

1
roles/pve/files/vhost.conf Normal file
View File

@ -0,0 +1 @@
options vhost max_mem_regions=512

4
roles/pve/handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
- name: restart-nrpe
service:
name: nagios-nrpe-server
state: restarted

22
roles/pve/tasks/main.yml Normal file
View File

@ -0,0 +1,22 @@
- name: Set NRPE PVE configuration
copy:
src: nrpe.cfg
dest: /etc/nagios/nrpe.d/95-pve.cfg
owner: root
group: root
mode: u=rw,g=r,o=r
notify: restart-nrpe
- name: Add nagios to sudoers
copy:
src: sudoers
dest: /etc/sudoers.d/nagios
mode: u=rw,g=r,o=
owner: root
group: root
- name: Configure memory regions
copy:
src: vhost.conf
dest: /etc/modprobe.d/
mode: u=rw,g=r,o=r
owner: root
group: root