diff --git a/.gitignore b/.gitignore
index f71c7f0..99c4055 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,12 @@
.vscode/
+venv
.vault-pass
.vault.yml
.passbolt.yml
inventories/local
-venv
+inventories/local.yml
+inventories/local.yaml
+inventories/host_vars/*/local.yml
+inventories/host_vars/*/local.yaml
+inventories/group_vars/*/local.yml
+inventories/group_vars/*/local.yaml
diff --git a/README.md b/README.md
index 3aeee33..7d0991d 100644
--- a/README.md
+++ b/README.md
@@ -40,10 +40,7 @@ ansible-galaxy collection install -r collections/requirements.yml
## Run playbook
-Before merging changes into protected branches, playbooks should be tested
-locally to ensure they work properly. The *inventories/local* inventory is not
-uploaded to the repository and can be used for local testing. In any case, it
-is advisable to use a different repository to store inventories.
+It is advisable to use a different repository to store inventories.
Run playbook on inventory host.
```
@@ -62,6 +59,14 @@ List available tags for playbook.
ansible-playbook playbooks/<playbook_name>.yml --list-tags
```
+## Playbook testing
+
+Before merging changes into protected branches, playbooks should be tested
+locally to ensure they work properly. Take a look to *.gitignore* to known
+the *inventories* file patterns that are excluded from remote.
+
+* https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html#organizing-host-and-group-variables
+
## Manage secrets
Secrets can be managed by using Ansible vault or an external keystore, Passbolt
diff --git a/playbooks/ceph.yml b/playbooks/ceph.yml
index f8189a7..0e9e56c 100644
--- a/playbooks/ceph.yml
+++ b/playbooks/ceph.yml
@@ -1,5 +1,7 @@
- name: Configure Ceph
hosts: all
tasks:
+ - import_role:
+ name: debian
- import_role:
name: ceph
diff --git a/playbooks/clean.yml b/playbooks/clean.yml
index c19a4c5..68958a6 100644
--- a/playbooks/clean.yml
+++ b/playbooks/clean.yml
@@ -2,35 +2,59 @@
hosts: all
gather_facts: no
tasks:
- - name: Delete awx-user
- user:
- name: awx-user
- state: absent
- remove: yes
- tags: awx
- - name: Delete awx-user sudoers file
- file:
- path: /etc/sudoers.d/awx-user
- state: absent
- tags: awx
+
+ - name: Delete old awx-user and it's configuration
+ block:
+ - name: Delete awx-user
+ tags: awx
+ user:
+ name: awx-user
+ state: absent
+ remove: yes
+ - name: Delete awx-user sudoers file
+ tags: awx
+ file:
+ path: /etc/sudoers.d/awx-user
+ state: absent
+
- name: Delete old MOTD configuration
+ tags: motd
file:
path: /etc/profile.d/mymotd.sh
state: absent
- tags: motd
- - name: Delete old Ansible bashrc configuration
- blockinfile:
- path: /root/.bashrc
- marker_begin: 'BEGIN ANSIBLE MANAGED BLOCK'
- marker_end: 'END ANSIBLE MANAGED BLOCK'
- marker: "# {mark}"
- state: absent
- tags: bashrc
- - name: Delete old custom bashrc configuration
- replace:
- path: /root/.bashrc
- regexp: '{{ start_delimiter }}\\s\\S*?{{ end_delimiter }}'
- replace: ''
- vars:
- start_delimiter: '### 4Loo'
- end_delimiter: 'esac'
+
+ - name: Delete old profile configuration
+ tags: profile
+ block:
+ - name: Delete old Ansible bashrc configuration
+ blockinfile:
+ path: /root/.bashrc
+ marker_begin: 'BEGIN ANSIBLE MANAGED BLOCK'
+ marker_end: 'END ANSIBLE MANAGED BLOCK'
+ marker: "# {mark}"
+ state: absent
+ - name: Delete old custom bashrc configuration
+ replace:
+ path: /root/.bashrc
+ regexp: '{{ start_delimiter }}\\s\\S*?{{ end_delimiter }}'
+ replace: ''
+ vars:
+ start_delimiter: '### 4Loo'
+ end_delimiter: 'esac'
+
+ - name: Delete old vn-host package
+ tags: vn-host
+ block:
+ - name: Get vn-host package version
+ shell: "dpkg-query -W -f='${Version}' vn-host 2>/dev/null || echo '0'"
+ register: vn_host_version
+ changed_when: false
+ - name: Display vn-host version
+ debug:
+ msg: "Version: {{ vn_host_version.stdout }}"
+ - name: Uninstall vn-host if old version
+ apt:
+ name: vn-host
+ state: absent
+ when: >
+ vn_host_version.stdout is version('3.0.0', '<')
diff --git a/playbooks/db.yml b/playbooks/db.yml
index b0436c5..2f83f93 100644
--- a/playbooks/db.yml
+++ b/playbooks/db.yml
@@ -1,5 +1,7 @@
- name: Configure DB
hosts: all
tasks:
+ - import_role:
+ name: debian
- import_role:
name: db
diff --git a/playbooks/debian.yml b/playbooks/debian.yml
index 1180f9d..0e337af 100644
--- a/playbooks/debian.yml
+++ b/playbooks/debian.yml
@@ -1,18 +1,5 @@
- name: Configure base Debian host
hosts: all
tasks:
- - name: Configure virtual machine or host (not LXC)
- import_role:
- name: debian-host
- when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm'
- - name: Configure base system (all)
- import_role:
- name: debian-base
- - name: Configure guest
- import_role:
- name: debian-guest
- when: ansible_virtualization_role == 'guest'
- - name: Configure virtual machine
- import_role:
- name: debian-qemu
- when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'
+ - import_role:
+ name: debian
diff --git a/playbooks/debug.yml b/playbooks/debug.yml
new file mode 100644
index 0000000..9efe37e
--- /dev/null
+++ b/playbooks/debug.yml
@@ -0,0 +1,35 @@
+- name: Gather facts from host and debug
+ hosts: all
+ gather_facts: yes
+ tasks:
+
+ - name: Print ansible facts
+ tags: facts
+ debug:
+ var: ansible_facts
+
+ - name: Print all variables
+ tags: vars
+ debug:
+ var: vars
+
+ - name: Print variable value
+ tags: var
+ when: var_name is defined
+ debug:
+ msg: "{{ var_name }}: {{ lookup('vars', var_name, default='undefined') }}"
+
+ - name: Check whether host is alive and reachable
+ tags: ping
+ ping:
+
+ - name: Fetch or create passbolt password
+ tags: passbolt
+ debug:
+ msg: "{{ lookup(passbolt, 'test', password=passbolt_password) }}"
+ vars:
+ passbolt_password: 'S3cR3tP4$$w0rd'
+ environment:
+ PASSBOLT_CREATE_NEW_RESOURCE: true
+ PASSBOLT_NEW_RESOURCE_PASSWORD_LENGTH: 18
+ PASSBOLT_NEW_RESOURCE_PASSWORD_SPECIAL_CHARS: false
diff --git a/playbooks/delete.yml b/playbooks/delete.yml
deleted file mode 100644
index b4e8215..0000000
--- a/playbooks/delete.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-- name: List all disks
- hosts: all
- tasks:
- - name: Get info disk information 2
- shell: blkid | grep LABEL | awk {'print $2'}
- register: blkid
-
- - name: Print valid labels
- debug:
- var: blkid
-
- - name: Parsear stdout_lines para buscar etiquetas específicas
- set_fact:
- found_labels: >-
- {{
- blkid.stdout_lines
- | map('regex_search', 'LABEL="(?P<label>[^"]+)"')
- | select('defined')
- | list
- }}
-
- - name: Print valid labels
- debug:
- var: found_labels
diff --git a/playbooks/facts.yml b/playbooks/facts.yml
deleted file mode 100644
index 0ccd652..0000000
--- a/playbooks/facts.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-- name: Gather facts from host
- hosts: all
- gather_facts: yes
- tasks:
- - name: Print all available facts
- debug:
- var: ansible_facts
- - name: Print variable value
- debug:
- msg: "Variable: {{ ansible_fqdn }}"
diff --git a/playbooks/kube.yml b/playbooks/kube.yml
index 0b7d9bf..8628eb1 100644
--- a/playbooks/kube.yml
+++ b/playbooks/kube.yml
@@ -1,5 +1,7 @@
- name: Configure Kubernetes
hosts: all
tasks:
+ - import_role:
+ name: debian
- import_role:
name: kube
diff --git a/playbooks/passbolt.yml b/playbooks/passbolt.yml
deleted file mode 100644
index 146a2b5..0000000
--- a/playbooks/passbolt.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-- name: Fetch or create passbolt password
- hosts: all
- gather_facts: no
- tasks:
- - debug:
- msg: "{{ lookup(passbolt, 'test', password=passbolt_password) }}"
- vars:
- passbolt_password: 'S3cR3tP4$$w0rd'
- environment:
- PASSBOLT_CREATE_NEW_RESOURCE: true
- PASSBOLT_NEW_RESOURCE_PASSWORD_LENGTH: 18
- PASSBOLT_NEW_RESOURCE_PASSWORD_SPECIAL_CHARS: false
diff --git a/playbooks/ping.yml b/playbooks/ping.yml
deleted file mode 100644
index b7061eb..0000000
--- a/playbooks/ping.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-- name: Check whether host is alive and reachable
- hosts: all
- gather_facts: no
- become: no
- tasks:
- - ping:
\ No newline at end of file
diff --git a/playbooks/pve.yml b/playbooks/pve.yml
index ab7c817..a351148 100644
--- a/playbooks/pve.yml
+++ b/playbooks/pve.yml
@@ -1,5 +1,7 @@
- name: Configure PVE
hosts: all
tasks:
+ - import_role:
+ name: debian
- import_role:
name: pve
diff --git a/roles/db/defaults/main.yaml b/roles/db/defaults/main.yaml
index 85bc205..0144754 100644
--- a/roles/db/defaults/main.yaml
+++ b/roles/db/defaults/main.yaml
@@ -32,7 +32,12 @@ required_files_and_mariabackup_files_and_root_scripts:
- { src: "files/scripts/promote-slave.sh", dest: "/root/scripts/promote-slave.sh", mode: "u=rwx,g=rx,o=rx" }
- { src: "files/scripts/README.md", dest: "/root/scripts/README.md", mode: "u=rw,g=r,o=r" }
- { src: "files/scripts/scheduler-log.sh", dest: "/root/scripts/scheduler-log.sh", mode: "u=rwx,g=rx,o=rx" }
- - { src: "files/marianrpe/95-mariadb.cfg", dest: "/etc/nagios/nrpe.d/95-mariadb.cfg", mode: "u=rw,g=r,o=r" }
+ - { src: "files/marianrpe/95-mariadb.cfg", dest: "/etc/nagios/nrpe.d/95-mariadb.cfg", mode: "u=rw,g=r,o=r" }
+
+mariabackup_test_dev_files:
+ - { src: "mariabackuptest/apply.sql", dest: "/root/mariabackup/", mode: "u=rw,g=r,o=r" }
+ - { src: "mariabackuptest/bacula-after.sh", dest: "/root/mariabackup/", mode: "u=rwx,g=rx,o=rx" }
+
downloads:
- { url: "https://r.mariadb.com/downloads/mariadb_repo_setup", dest: "/tmp/mariadb_repo_setup", mode: "u=rwx,g=rx,o=rx" }
- { url: "https://repo.percona.com/apt/percona-release_latest.generic_all.deb", dest: "/tmp/percona-release_latest.generic_all.deb", mode: "u=rw,g=r,o=r" }
diff --git a/roles/db/files/scheduler-log.cron b/roles/db/files/scheduler-log.cron
new file mode 100644
index 0000000..c11daec
--- /dev/null
+++ b/roles/db/files/scheduler-log.cron
@@ -0,0 +1 @@
+*/30 * * * * root /root/scripts/scheduler-log.sh
diff --git a/roles/db/files/scripts/scheduler-log.sh b/roles/db/files/scripts/scheduler-log.sh
index 9cb0b37..8cb0db0 100755
--- a/roles/db/files/scripts/scheduler-log.sh
+++ b/roles/db/files/scripts/scheduler-log.sh
@@ -3,7 +3,9 @@ set -e
logFile="/var/log/mysql/error.log"
dateFile="/tmp/mysql_scheduler_log-lastdate"
-logTable="util.eventLog"
+logSchema="util"
+logTable="eventLog"
+pattern='^\d{4}-\d{2}-\d{2}\s+\d{1,2}:\d{2}:\d{2}\s+\d+\s+\[ERROR\] Event Scheduler:'
purgeDays=30
quote() {
@@ -17,33 +19,55 @@ if [ "$?" -ne "0" ]; then
exit
fi
-if [ -f "$dateFile" ]; then
- fromDate=$(cat "$dateFile")
-else
- fromDate=0
+tableExists=$(mysql -Ns -e "SHOW TABLES FROM $logSchema LIKE '$logTable'")
+
+if [ -z "$tableExists" ]; then
+ mysql <<-EOF
+ CREATE SCHEMA IF NOT EXISTS $logSchema;
+ CREATE TABLE $logSchema.$logTable (
+ id int(11) NOT NULL AUTO_INCREMENT,
+ date datetime NOT NULL,
+ event varchar(512) NOT NULL,
+ error varchar(1024) NOT NULL,
+ PRIMARY KEY (id),
+ KEY date (date)
+ ) ENGINE=InnoDB COMMENT='Event scheduler error log';
+ EOF
fi
-lastDate=$(tail -n1 "$logFile" | awk '{print $1" "$2}')
-toDate=$(date +%s -d "$lastDate")
+if [ -f "$dateFile" ]; then
+ read -r fromDate < "$dateFile"
+else
+ fromDate=$(date -d "-$purgeDays days" +%s)
+fi
-awk -v fromDate="$fromDate" -v toDate="$toDate" '{
+toDate=$(date +%s)
+
+grep -P "$pattern" "$logFile" | awk -v fromDate="$fromDate" -v toDate="$toDate" '{
split($1, date, "-");
split($2, time, ":");
timestamp = mktime(date[1]" "date[2]" "date[3]" "time[1]" "time[2]" "time[3])
- if (timestamp >= fromDate && timestamp < toDate && $4" "$5" "$6 == "[ERROR] Event Scheduler:") {
+ if (timestamp >= fromDate && timestamp < toDate) {
printf $1" "$2" "$7;
for (i=8; i<=NF; i++) printf FS $i ;
print "";
}
-}' "$logFile" | \
-\
+}' | \
while read line; do
date="$(echo "$line" | cut -d' ' -f1,2)"
event="$(echo "$line" | cut -d' ' -f3)"
error="$(echo "$line" | cut -d' ' -f4-)"
- echo "INSERT INTO $logTable (date, event, error)" \
- "VALUES ($(quote "$date"), $(quote "$event"), $(quote "$error"))" | mysql
+
+ mysql <<-EOF
+ INSERT INTO $logSchema.$logTable SET
+ date = $(quote "$date"),
+ event = $(quote "$event"),
+ error = $(quote "$error")
+ EOF
done
-echo -n "$toDate" > "$dateFile"
-echo "DELETE FROM $logTable WHERE date < TIMESTAMPADD(DAY, -$purgeDays, NOW())" | mysql
+echo "$toDate" > "$dateFile"
+mysql <<-EOF
+ DELETE FROM $logSchema.$logTable
+ WHERE date < TIMESTAMPADD(DAY, -$purgeDays, NOW())
+EOF
diff --git a/roles/db/tasks/mariadb.yml b/roles/db/tasks/mariadb.yml
index a8709fa..9182a91 100644
--- a/roles/db/tasks/mariadb.yml
+++ b/roles/db/tasks/mariadb.yml
@@ -62,10 +62,18 @@
command: mount -a
when: fstab.changed
-- name: Set MariaDB Cron to /etc/cron.d
+- name: Configure MariaDB check memory CRON
template:
- src: templates/cron_mariadb
- dest: /etc/cron.d/vn
+ src: check-memory.cron
+ dest: /etc/cron.d/vn-check-memory
+ owner: root
+ group: root
+ mode: u=rw,g=r,o=r
+
+- name: Configure MariaDB scheduler log CRON
+ copy:
+ src: scheduler-log.cron
+ dest: /etc/cron.d/vn-scheduler-log
owner: root
group: root
mode: u=rw,g=r,o=r
@@ -127,17 +135,6 @@
group: root
mode: u=rw,g=,o=
- - name: Set MariaDB local configuration file for TestDB
- copy:
- src: "{{ item }}"
- dest: /root/mariabackup/
- owner: root
- group: root
- mode: u=rw,g=r,o=r
- with_items:
- - "mariabackuptest/apply.sql"
- - "mariabackuptest/bacula-after.sh"
-
- name: Reminder to check mount points environment TestDB
debug:
msg: |
@@ -168,17 +165,6 @@
group: root
mode: u=rw,g=,o=
- - name: Set MariaDB local configuration file for DevDB
- copy:
- src: "{{ item }}"
- dest: /root/mariabackup/
- owner: root
- group: root
- mode: u=rw,g=r,o=r
- with_items:
- - "mariabackupdev/apply.sql"
- - "mariabackupdev/bacula-after.sh"
-
- name: Reminder to check mount points environment DevDB
debug:
msg: |
@@ -186,6 +172,18 @@
- /mnt/mysqltmp
Make sure they are correctly configured and accessible.
+- when: db.branch == 'dev' or db.branch == 'test'
+
+ block:
+ - name: Set Mariabackup files for TestDB or DevDB
+ copy:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: root
+ group: root
+ mode: "{{ item.mode }}"
+ loop: "{{ mariabackup_test_dev_files }}"
+
- name: Set Custom Configuration local template all Environment
template:
src: z99-local.cnf
@@ -207,7 +205,6 @@
path: /var/lib/mysql/
register: mysql_dir
-
- when: mysql_dir.stat.exists
block:
diff --git a/roles/db/templates/cron_mariadb b/roles/db/templates/check-memory.cron
similarity index 60%
rename from roles/db/templates/cron_mariadb
rename to roles/db/templates/check-memory.cron
index bc281bd..a6cfa3e 100644
--- a/roles/db/templates/cron_mariadb
+++ b/roles/db/templates/check-memory.cron
@@ -1,4 +1,3 @@
MAILTO="{{ sysadmin_mail }}"
*/15 * * * * root /root/scripts/check-memory.sh
-*/30 * * * * root /root/scripts/scheduler-log.sh
diff --git a/roles/debian-base/files/profile.sh b/roles/debian-base/files/profile.sh
deleted file mode 100644
index ab1ac12..0000000
--- a/roles/debian-base/files/profile.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-
-# Prompt
-
-FQDN=$(hostname --fqdn)
-
-if [[ $FQDN == *.verdnatura.es ]]; then
- SHORT_HOST=${FQDN%.verdnatura.es}
-
- case "$SHORT_HOST" in
- *.dc)
- ENVIRONMENT="\[\033[01;31m\]PRO\[\033[00m\]"
- ;;
- *.lab)
- ENVIRONMENT="\[\033[01;35m\]LAB\[\033[00m\]"
- ;;
- *)
- ENVIRONMENT="\[\033[01;32m\]VN\[\033[00m\]"
- ;;
- esac
-
- PS1="\u@$SHORT_HOST[$ENVIRONMENT]:\w"
-
- if [ "$(id -u)" -eq 0 ]; then
- PS1="$PS1# "
- else
- PS1="$PS1\$ "
- fi
-fi
-
-# History
-
-HISTSIZE=10000
-HISTFILESIZE=50000
-HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
-
-# Security
-
-TMOUT=3600
-
-# Aliases
-
-#export LS_OPTIONS='--color=auto'
-#eval "$(dircolors)"
-#alias ls='ls $LS_OPTIONS'
-#alias ll='ls $LS_OPTIONS -l'
-#alias la='ls $LS_OPTIONS -la'
diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml
deleted file mode 100644
index dcd5f94..0000000
--- a/roles/debian-base/tasks/main.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-- import_tasks: witness.yml
- tags: witness
-- import_tasks: root.yml
- tags: root
-- import_tasks: resolv.yml
- tags: resolv
-- import_tasks: timesync.yml
- tags: timesync
-- import_tasks: sshd_configure.yml
- tags: sshd_configure
-- import_tasks: defuser.yml
- tags: defuser
-- import_tasks: install.yml
- tags: install
-- import_tasks: locale.yml
- tags: locale
-- import_tasks: tzdata.yml
- tags: tzdata
-- import_tasks: relayhost.yml
- tags: relayhost
-- import_tasks: motd.yml
- tags: motd
-- import_tasks: profile.yml
- tags: profile
-- import_tasks: vim.yml
- tags: vim
-- import_tasks: nrpe.yml
- tags: nrpe
-- import_tasks: fail2ban.yml
- tags: fail2ban
-- import_tasks: bacula.yml
- tags: bacula
-- import_tasks: vn-repo.yml
- tags: vn-repo
diff --git a/roles/debian-base/tasks/vn-repo.yml b/roles/debian-base/tasks/vn-repo.yml
deleted file mode 100644
index bd85ca4..0000000
--- a/roles/debian-base/tasks/vn-repo.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-- name: Install package
- apt:
- deb: "{{ vn_host_url }}"
diff --git a/roles/debian-guest/handlers/main.yml b/roles/debian-guest/handlers/main.yml
deleted file mode 100644
index dd3e923..0000000
--- a/roles/debian-guest/handlers/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- name: restart-nslcd
- service:
- name: nslcd
- state: restarted
-- name: restart-ssh
- systemd:
- name: ssh
- state: restarted
diff --git a/roles/debian-guest/tasks/main.yml b/roles/debian-guest/tasks/main.yml
deleted file mode 100644
index bb9b76f..0000000
--- a/roles/debian-guest/tasks/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-- import_tasks: auth.yml
- tags: auth
-- import_tasks: sudoers.yml
- tags: sudoers
-- import_tasks: ssh_keys.yml
- tags: ssh_keys
\ No newline at end of file
diff --git a/roles/debian-host/handlers/main.yml b/roles/debian-host/handlers/main.yml
deleted file mode 100644
index 45b25b1..0000000
--- a/roles/debian-host/handlers/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-- name: restart-sysctl
- systemd:
- name: systemd-sysctl
- state: restarted
\ No newline at end of file
diff --git a/roles/debian-host/tasks/main.yml b/roles/debian-host/tasks/main.yml
deleted file mode 100644
index e4f179a..0000000
--- a/roles/debian-host/tasks/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-- import_tasks: hostname.yml
- tags: hostname
-- import_tasks: sysctl.yml
- tags: sysctl
-- import_tasks: apparmor.yml
- tags: apparmor
diff --git a/roles/debian-qemu/defaults/main.yml b/roles/debian-qemu/defaults/main.yml
deleted file mode 100644
index dc2a884..0000000
--- a/roles/debian-qemu/defaults/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-homes_path: /mnt/homes
-autofs_packages:
- - nfs-common
- - autofs
- - libnfs-utils
- - autofs-ldap
-blacklist_module_kernel: |
- blacklist snd_hda_intel
diff --git a/roles/debian-qemu/handlers/main.yml b/roles/debian-qemu/handlers/main.yml
deleted file mode 100644
index 0bca163..0000000
--- a/roles/debian-qemu/handlers/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-- name: restart-autofs
- service:
- name: autofs
- state: restarted
\ No newline at end of file
diff --git a/roles/debian-qemu/tasks/main.yml b/roles/debian-qemu/tasks/main.yml
deleted file mode 100644
index 1b49a8d..0000000
--- a/roles/debian-qemu/tasks/main.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-- import_tasks: agent.yml
- tags: agent
-- import_tasks: hotplug.yml
- tags: hotplug
-- import_tasks: autofs.yml
- tags: autofs
-- import_tasks: blacklist.yml
- tags: blacklist
-- import_tasks: grub_startup.yml
- tags: grub_startup
diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian/defaults/main.yaml
similarity index 65%
rename from roles/debian-base/defaults/main.yaml
rename to roles/debian/defaults/main.yaml
index 6b4f9bf..740257e 100644
--- a/roles/debian-base/defaults/main.yaml
+++ b/roles/debian/defaults/main.yaml
@@ -1,5 +1,10 @@
+vn_env: lab
vn_first_time: false
vn_witness_checked: false
+send_test_email: true
+deb_packages:
+ - https://apt.verdnatura.es/pool/main/v/vn-host/vn-apt-source_3.0.1_all.deb
+ - https://apt.verdnatura.es/pool/main/v/vn-host/vn-host_3.0.1_all.deb
grub_user: admin
default_user: user
fail2ban:
@@ -36,3 +41,11 @@ base_packages:
locales_present:
- en_US.UTF-8
- es_ES.UTF-8
+homes_path: /mnt/homes
+autofs_packages:
+ - nfs-common
+ - autofs
+ - libnfs-utils
+ - autofs-ldap
+blacklist_module_kernel: |
+ blacklist snd_hda_intel
diff --git a/roles/debian-qemu/files/80-hotplug-cpu-mem.rules b/roles/debian/files/80-hotplug-cpu-mem.rules
similarity index 100%
rename from roles/debian-qemu/files/80-hotplug-cpu-mem.rules
rename to roles/debian/files/80-hotplug-cpu-mem.rules
diff --git a/roles/debian-qemu/files/hotplug.cfg b/roles/debian/files/hotplug.cfg
similarity index 100%
rename from roles/debian-qemu/files/hotplug.cfg
rename to roles/debian/files/hotplug.cfg
diff --git a/roles/debian-base/files/motd b/roles/debian/files/motd
similarity index 76%
rename from roles/debian-base/files/motd
rename to roles/debian/files/motd
index 1a11bc4..b0fe752 100644
--- a/roles/debian-base/files/motd
+++ b/roles/debian/files/motd
@@ -9,26 +9,39 @@ BLINK="\033[5m"
# Environment
-PRO="\033[1;5;31m"
-LAB="\033[0;35m"
-VN="\033[0;32m"
-UNKNOWN="\033[0;33m"
-
FQDN=$(hostname --fqdn)
-case "$FQDN" in
- *.dc.verdnatura.es)
- ENVIRONMENT="${PRO}Production${RESET}"
- ;;
- *.lab.verdnatura.es)
- ENVIRONMENT="${LAB}Laboratory${RESET}"
- ;;
- *.verdnatura.es)
- ENVIRONMENT="${VN}Verdnatura${RESET}"
- ;;
- *)
- ENVIRONMENT="${UNKNOWN}Unknown${RESET}"
- ;;
-esac
+
+if [ -f "/etc/vn/env" ]; then
+ read -r VN_ENV < /etc/vn/env
+ case "$VN_ENV" in
+ lab)
+ ENV_COLOR="\033[0;32m"
+ ENV_TEXT="Laboratory"
+ ;;
+ pre)
+ ENV_COLOR="\033[0;35m"
+ ENV_TEXT="Pre-production"
+ ;;
+ test)
+ ENV_COLOR="\033[0;33m"
+ ENV_TEXT="Testing"
+ ;;
+ pro)
+ ENV_COLOR="\033[1;5;31m"
+ ENV_TEXT="Production"
+ ;;
+ *)
+ ENV_COLOR="\033[0;36m"
+ ENV_TEXT="$VN_ENV"
+ ;;
+ esac
+fi
+if [ -z "$ENV_TEXT" ]; then
+ ENV_COLOR="\033[0;37m"
+ ENV_TEXT="Undefined"
+fi
+
+ENV_TEXT="${ENV_COLOR}${ENV_TEXT}${RESET}"
# Last login
@@ -57,7 +70,7 @@ if [ $SHOW_UPGRADEABLE -eq 1 ] ; then
UPGRADEABLE="$(apt list --upgradable 2>/dev/null | tail -n +2 | wc -l)"
if [ "$UPGRADEABLE" -gt 0 ]; then
- UPGRADEABLE_ALERT="${BLINK}($UPGRADEABLE upgradeable)${RESET}"
+ UPGRADEABLE_ALERT="($UPGRADEABLE upgradeable)"
fi
fi
@@ -97,6 +110,6 @@ echo -e "${LABEL}Packages :${RESET} $PACKAGES $UPGRADEABLE_ALERT"
echo -e "${LABEL}IP :${RESET}"
echo -e "$NET_IPS"
echo -e "${LABEL}Last Login :${RESET} $LAST_LOGIN"
-echo -e "${LABEL}Environment :${RESET} $ENVIRONMENT"
+echo -e "${LABEL}Environment :${RESET} $ENV_TEXT"
echo -e "${LABEL}Connected users :${RESET}"
echo -e "$CONNECTED_USERS"
diff --git a/roles/debian/files/profile.sh b/roles/debian/files/profile.sh
new file mode 100644
index 0000000..874e3f6
--- /dev/null
+++ b/roles/debian/files/profile.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# Prompt
+
+FQDN=$(hostname --fqdn)
+
+if [ -f "/etc/vn/env" ]; then
+ SHORT_HOST=${FQDN%.*.*}
+ if [ -z "$SHORT_HOST" ]; then
+ read -r SHORT_HOST < /etc/hostname
+ fi
+
+ read -r VN_ENV < /etc/vn/env
+ ENV_TEXT="$VN_ENV"
+
+ case "$VN_ENV" in
+ lab)
+ ENV_COLOR="\033[01;32m"
+ ;;
+ pre)
+ ENV_COLOR="\033[01;35m"
+ ;;
+ test)
+ ENV_COLOR="\033[01;33m"
+ ;;
+ pro)
+ ENV_COLOR="\033[01;31m"
+ ;;
+ *)
+ ENV_COLOR="\033[01;36m"
+ ENV_TEXT="${VN_ENV:0:3}"
+ ;;
+ esac
+
+ if [ -z "$ENV_TEXT" ]; then
+ ENV_TEXT="???"
+ ENV_COLOR="\033[01;37m"
+ fi
+
+ ENV_TEXT="\[${ENV_COLOR}\]${ENV_TEXT^^}\[\033[00m\]"
+ PS1="\u@$SHORT_HOST[$ENV_TEXT]:\w"
+
+ if [ "$(id -u)" -eq 0 ]; then
+ PS1="$PS1# "
+ else
+ PS1="$PS1\$ "
+ fi
+fi
+
+# History
+
+HISTSIZE=10000
+HISTFILESIZE=50000
+HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
+
+# Security
+
+TMOUT=3600
+
+# Aliases
+
+export LS_OPTIONS='--color=auto'
+eval "$(dircolors)"
+alias ls='ls $LS_OPTIONS'
+alias ll='ls $LS_OPTIONS -l'
+alias la='ls $LS_OPTIONS -la'
diff --git a/roles/debian-base/files/sendmail-common.local b/roles/debian/files/sendmail-common.local
similarity index 100%
rename from roles/debian-base/files/sendmail-common.local
rename to roles/debian/files/sendmail-common.local
diff --git a/roles/debian-host/files/sysctl/30-basic.conf b/roles/debian/files/sysctl/30-basic.conf
similarity index 100%
rename from roles/debian-host/files/sysctl/30-basic.conf
rename to roles/debian/files/sysctl/30-basic.conf
diff --git a/roles/debian-host/files/sysctl/40-network.conf b/roles/debian/files/sysctl/40-network.conf
similarity index 100%
rename from roles/debian-host/files/sysctl/40-network.conf
rename to roles/debian/files/sysctl/40-network.conf
diff --git a/roles/debian-host/files/sysctl/42-noipv6.conf b/roles/debian/files/sysctl/42-noipv6.conf
similarity index 100%
rename from roles/debian-host/files/sysctl/42-noipv6.conf
rename to roles/debian/files/sysctl/42-noipv6.conf
diff --git a/roles/debian-base/files/vimrc.local b/roles/debian/files/vimrc.local
similarity index 100%
rename from roles/debian-base/files/vimrc.local
rename to roles/debian/files/vimrc.local
diff --git a/roles/debian-base/handlers/main.yml b/roles/debian/handlers/main.yml
similarity index 67%
rename from roles/debian-base/handlers/main.yml
rename to roles/debian/handlers/main.yml
index e2ee81e..cc20d9c 100644
--- a/roles/debian-base/handlers/main.yml
+++ b/roles/debian/handlers/main.yml
@@ -18,6 +18,22 @@
systemd:
name: sshd
state: restarted
+- name: restart-sysctl
+ systemd:
+ name: systemd-sysctl
+ state: restarted
+- name: restart-nslcd
+ service:
+ name: nslcd
+ state: restarted
+- name: restart-ssh
+ systemd:
+ name: ssh
+ state: restarted
+- name: restart-autofs
+ service:
+ name: autofs
+ state: restarted
- name: generate locales
command: /usr/sbin/locale-gen
- name: reconfigure tzdata
diff --git a/roles/debian-qemu/tasks/agent.yml b/roles/debian/tasks/agent.yml
similarity index 100%
rename from roles/debian-qemu/tasks/agent.yml
rename to roles/debian/tasks/agent.yml
diff --git a/roles/debian-host/tasks/apparmor.yml b/roles/debian/tasks/apparmor.yml
similarity index 100%
rename from roles/debian-host/tasks/apparmor.yml
rename to roles/debian/tasks/apparmor.yml
diff --git a/roles/debian-guest/tasks/auth.yml b/roles/debian/tasks/auth.yml
similarity index 100%
rename from roles/debian-guest/tasks/auth.yml
rename to roles/debian/tasks/auth.yml
diff --git a/roles/debian-qemu/tasks/autofs.yml b/roles/debian/tasks/autofs.yml
similarity index 100%
rename from roles/debian-qemu/tasks/autofs.yml
rename to roles/debian/tasks/autofs.yml
diff --git a/roles/debian-base/tasks/bacula.yml b/roles/debian/tasks/bacula.yml
similarity index 100%
rename from roles/debian-base/tasks/bacula.yml
rename to roles/debian/tasks/bacula.yml
diff --git a/roles/debian-qemu/tasks/blacklist.yml b/roles/debian/tasks/blacklist.yml
similarity index 100%
rename from roles/debian-qemu/tasks/blacklist.yml
rename to roles/debian/tasks/blacklist.yml
diff --git a/roles/debian/tasks/config.yml b/roles/debian/tasks/config.yml
new file mode 100644
index 0000000..b0152d2
--- /dev/null
+++ b/roles/debian/tasks/config.yml
@@ -0,0 +1,9 @@
+- name: Create company configuration directory
+ file:
+ path: /etc/vn
+ state: directory
+
+- name: Set environment file
+ copy:
+ dest: /etc/vn/env
+ content: "{{vn_env}}\n"
diff --git a/roles/debian-base/tasks/defuser.yml b/roles/debian/tasks/defuser.yml
similarity index 100%
rename from roles/debian-base/tasks/defuser.yml
rename to roles/debian/tasks/defuser.yml
diff --git a/roles/debian-base/tasks/fail2ban.yml b/roles/debian/tasks/fail2ban.yml
similarity index 100%
rename from roles/debian-base/tasks/fail2ban.yml
rename to roles/debian/tasks/fail2ban.yml
diff --git a/roles/debian-qemu/tasks/grub_startup.yml b/roles/debian/tasks/grub_startup.yml
similarity index 100%
rename from roles/debian-qemu/tasks/grub_startup.yml
rename to roles/debian/tasks/grub_startup.yml
diff --git a/roles/debian-host/tasks/hostname.yml b/roles/debian/tasks/hostname.yml
similarity index 100%
rename from roles/debian-host/tasks/hostname.yml
rename to roles/debian/tasks/hostname.yml
diff --git a/roles/debian-qemu/tasks/hotplug.yml b/roles/debian/tasks/hotplug.yml
similarity index 100%
rename from roles/debian-qemu/tasks/hotplug.yml
rename to roles/debian/tasks/hotplug.yml
diff --git a/roles/debian-base/tasks/install.yml b/roles/debian/tasks/install.yml
similarity index 100%
rename from roles/debian-base/tasks/install.yml
rename to roles/debian/tasks/install.yml
diff --git a/roles/debian-base/tasks/locale.yml b/roles/debian/tasks/locale.yml
similarity index 100%
rename from roles/debian-base/tasks/locale.yml
rename to roles/debian/tasks/locale.yml
diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml
new file mode 100644
index 0000000..1734f70
--- /dev/null
+++ b/roles/debian/tasks/main.yml
@@ -0,0 +1,73 @@
+
+- name: Configure virtual machine or host (not LXC)
+ when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm'
+ block:
+ - import_tasks: hostname.yml
+ tags: hostname
+ - import_tasks: sysctl.yml
+ tags: sysctl
+ - import_tasks: apparmor.yml
+ tags: apparmor
+
+- name: Configure base system (all)
+ block:
+ - import_tasks: witness.yml
+ tags: witness
+ - import_tasks: config.yml
+ tags: config
+ - import_tasks: root.yml
+ tags: root
+ - import_tasks: resolv.yml
+ tags: resolv
+ - import_tasks: timesync.yml
+ tags: timesync
+ - import_tasks: sshd_configure.yml
+ tags: sshd_configure
+ - import_tasks: defuser.yml
+ tags: defuser
+ - import_tasks: install.yml
+ tags: install
+ - import_tasks: locale.yml
+ tags: locale
+ - import_tasks: tzdata.yml
+ tags: tzdata
+ - import_tasks: relayhost.yml
+ tags: relayhost
+ - import_tasks: motd.yml
+ tags: motd
+ - import_tasks: profile.yml
+ tags: profile
+ - import_tasks: vim.yml
+ tags: vim
+ - import_tasks: nrpe.yml
+ tags: nrpe
+ - import_tasks: fail2ban.yml
+ tags: fail2ban
+ - import_tasks: bacula.yml
+ tags: bacula
+ - import_tasks: vn-host.yml
+ tags: vn-host
+
+- name: Configure guest
+ when: ansible_virtualization_role == 'guest'
+ block:
+ - import_tasks: auth.yml
+ tags: auth
+ - import_tasks: sudoers.yml
+ tags: sudoers
+ - import_tasks: ssh_keys.yml
+ tags: ssh_keys
+
+- name: Configure virtual machine
+ when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'
+ block:
+ - import_tasks: agent.yml
+ tags: agent
+ - import_tasks: hotplug.yml
+ tags: hotplug
+ - import_tasks: autofs.yml
+ tags: autofs
+ - import_tasks: blacklist.yml
+ tags: blacklist
+ - import_tasks: grub_startup.yml
+ tags: grub_startup
diff --git a/roles/debian-base/tasks/motd.yml b/roles/debian/tasks/motd.yml
similarity index 100%
rename from roles/debian-base/tasks/motd.yml
rename to roles/debian/tasks/motd.yml
diff --git a/roles/debian-base/tasks/nrpe.yml b/roles/debian/tasks/nrpe.yml
similarity index 100%
rename from roles/debian-base/tasks/nrpe.yml
rename to roles/debian/tasks/nrpe.yml
diff --git a/roles/debian-base/tasks/profile.yml b/roles/debian/tasks/profile.yml
similarity index 100%
rename from roles/debian-base/tasks/profile.yml
rename to roles/debian/tasks/profile.yml
diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian/tasks/relayhost.yml
similarity index 82%
rename from roles/debian-base/tasks/relayhost.yml
rename to roles/debian/tasks/relayhost.yml
index f912812..1aeaebd 100644
--- a/roles/debian-base/tasks/relayhost.yml
+++ b/roles/debian/tasks/relayhost.yml
@@ -27,7 +27,11 @@
- name: Force execution of handlers immediately
meta: flush_handlers
- name: Sending mail to verify relay host configuration works
+ when: >
+ exim_config.changed
+ and send_test_email
+ and awx_user_email is defined
+ and awx_user_email | length > 0
shell: >
sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \
- | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}"
- when: exim_config.changed
+ | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ awx_user_email }}"
diff --git a/roles/debian-base/tasks/resolv.yml b/roles/debian/tasks/resolv.yml
similarity index 100%
rename from roles/debian-base/tasks/resolv.yml
rename to roles/debian/tasks/resolv.yml
diff --git a/roles/debian-base/tasks/root.yml b/roles/debian/tasks/root.yml
similarity index 100%
rename from roles/debian-base/tasks/root.yml
rename to roles/debian/tasks/root.yml
diff --git a/roles/debian-guest/tasks/ssh_keys.yml b/roles/debian/tasks/ssh_keys.yml
similarity index 100%
rename from roles/debian-guest/tasks/ssh_keys.yml
rename to roles/debian/tasks/ssh_keys.yml
diff --git a/roles/debian-base/tasks/sshd_configure.yml b/roles/debian/tasks/sshd_configure.yml
similarity index 100%
rename from roles/debian-base/tasks/sshd_configure.yml
rename to roles/debian/tasks/sshd_configure.yml
diff --git a/roles/debian-guest/tasks/sudoers.yml b/roles/debian/tasks/sudoers.yml
similarity index 100%
rename from roles/debian-guest/tasks/sudoers.yml
rename to roles/debian/tasks/sudoers.yml
diff --git a/roles/debian-host/tasks/sysctl.yml b/roles/debian/tasks/sysctl.yml
similarity index 100%
rename from roles/debian-host/tasks/sysctl.yml
rename to roles/debian/tasks/sysctl.yml
diff --git a/roles/debian-base/tasks/timesync.yml b/roles/debian/tasks/timesync.yml
similarity index 100%
rename from roles/debian-base/tasks/timesync.yml
rename to roles/debian/tasks/timesync.yml
diff --git a/roles/debian-base/tasks/tzdata.yml b/roles/debian/tasks/tzdata.yml
similarity index 100%
rename from roles/debian-base/tasks/tzdata.yml
rename to roles/debian/tasks/tzdata.yml
diff --git a/roles/debian-base/tasks/vim.yml b/roles/debian/tasks/vim.yml
similarity index 100%
rename from roles/debian-base/tasks/vim.yml
rename to roles/debian/tasks/vim.yml
diff --git a/roles/debian/tasks/vn-host.yml b/roles/debian/tasks/vn-host.yml
new file mode 100644
index 0000000..c3db0ca
--- /dev/null
+++ b/roles/debian/tasks/vn-host.yml
@@ -0,0 +1,4 @@
+- name: Install package
+ apt:
+ deb: "{{ item }}"
+ with_items: "{{ deb_packages }}"
diff --git a/roles/debian-base/tasks/witness.yml b/roles/debian/tasks/witness.yml
similarity index 100%
rename from roles/debian-base/tasks/witness.yml
rename to roles/debian/tasks/witness.yml
diff --git a/roles/debian-qemu/templates/auto.homes b/roles/debian/templates/auto.homes
similarity index 100%
rename from roles/debian-qemu/templates/auto.homes
rename to roles/debian/templates/auto.homes
diff --git a/roles/debian-base/templates/bacula-fd.conf b/roles/debian/templates/bacula-fd.conf
similarity index 100%
rename from roles/debian-base/templates/bacula-fd.conf
rename to roles/debian/templates/bacula-fd.conf
diff --git a/roles/debian-qemu/templates/homes.autofs b/roles/debian/templates/homes.autofs
similarity index 100%
rename from roles/debian-qemu/templates/homes.autofs
rename to roles/debian/templates/homes.autofs
diff --git a/roles/debian-base/templates/jail.local b/roles/debian/templates/jail.local
similarity index 100%
rename from roles/debian-base/templates/jail.local
rename to roles/debian/templates/jail.local
diff --git a/roles/debian-base/templates/nrpe.cfg b/roles/debian/templates/nrpe.cfg
similarity index 100%
rename from roles/debian-base/templates/nrpe.cfg
rename to roles/debian/templates/nrpe.cfg
diff --git a/roles/debian-guest/templates/nslcd.conf b/roles/debian/templates/nslcd.conf
similarity index 100%
rename from roles/debian-guest/templates/nslcd.conf
rename to roles/debian/templates/nslcd.conf
diff --git a/roles/debian-base/templates/resolv.conf b/roles/debian/templates/resolv.conf
similarity index 100%
rename from roles/debian-base/templates/resolv.conf
rename to roles/debian/templates/resolv.conf
diff --git a/roles/debian-guest/templates/sudoers b/roles/debian/templates/sudoers
similarity index 100%
rename from roles/debian-guest/templates/sudoers
rename to roles/debian/templates/sudoers
diff --git a/scripts/backup_pve.sh b/roles/pve/files/backup_pve.sh
similarity index 100%
rename from scripts/backup_pve.sh
rename to roles/pve/files/backup_pve.sh