Merge branch 'main' into 8414_Refactor_MariaDB_rol-Split

.gitignore

@@ -1,6 +1,12 @@
 .vscode/
+venv
 .vault-pass
 .vault.yml
 .passbolt.yml
 inventories/local
-venv
+inventories/local.yml
+inventories/local.yaml
+inventories/host_vars/*/local.yml
+inventories/host_vars/*/local.yaml
+inventories/group_vars/*/local.yml
+inventories/group_vars/*/local.yaml

README.md

@@ -40,10 +40,7 @@ ansible-galaxy collection install -r collections/requirements.yml
 
 ## Run playbook
 
-Before merging changes into protected branches, playbooks should be tested 
+It is advisable to use a different repository to store inventories.
-locally to ensure they work properly. The *inventories/local* inventory is not 
-uploaded to the repository and can be used for local testing. In any case, it 
-is advisable to use a different repository to store inventories.
 
 Run playbook on inventory host.
 ```
@@ -62,6 +59,14 @@ List available tags for playbook.
 ansible-playbook playbooks/<playbook_name>.yml --list-tags
 ```
 
+## Playbook testing
+
+Before merging changes into protected branches, playbooks should be tested 
+locally to ensure they work properly. Take a look to *.gitignore* to known 
+the *inventories* file patterns that are excluded from remote.
+
+* https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html#organizing-host-and-group-variables
+
 ## Manage secrets
 
 Secrets can be managed by using Ansible vault or an external keystore, Passbolt 

playbooks/ceph.yml

@@ -1,5 +1,7 @@
 - name: Configure Ceph
   hosts: all
   tasks:
+  - import_role:
+      name: debian
   - import_role:
       name: ceph

playbooks/clean.yml

@@ -2,35 +2,59 @@
   hosts: all
   gather_facts: no
   tasks:
-  - name: Delete awx-user
+
-    user:
+  - name: Delete old awx-user and it's configuration
-      name: awx-user
+    block:
-      state: absent
+    - name: Delete awx-user
-      remove: yes
+      tags: awx
-    tags: awx
+      user:
-  - name: Delete awx-user sudoers file
+        name: awx-user
-    file:
+        state: absent
-      path: /etc/sudoers.d/awx-user
+        remove: yes
-      state: absent
+    - name: Delete awx-user sudoers file
-    tags: awx
+      tags: awx
+      file:
+        path: /etc/sudoers.d/awx-user
+        state: absent
+
   - name: Delete old MOTD configuration
+    tags: motd
     file:
       path: /etc/profile.d/mymotd.sh
       state: absent
-    tags: motd
+
-  - name: Delete old Ansible bashrc configuration
+  - name: Delete old profile configuration
-    blockinfile:
+    tags: profile
-      path: /root/.bashrc
+    block:
-      marker_begin: 'BEGIN ANSIBLE MANAGED BLOCK'
+    - name: Delete old Ansible bashrc configuration
-      marker_end: 'END ANSIBLE MANAGED BLOCK'
+      blockinfile:
-      marker: "# {mark}"
+        path: /root/.bashrc
-      state: absent
+        marker_begin: 'BEGIN ANSIBLE MANAGED BLOCK'
-    tags: bashrc
+        marker_end: 'END ANSIBLE MANAGED BLOCK'
-  - name: Delete old custom bashrc configuration
+        marker: "# {mark}"
-    replace:
+        state: absent
-      path: /root/.bashrc
+    - name: Delete old custom bashrc configuration
-      regexp: '{{ start_delimiter }}\\s\\S*?{{ end_delimiter }}'
+      replace:
-      replace: ''
+        path: /root/.bashrc
-    vars:
+        regexp: '{{ start_delimiter }}\\s\\S*?{{ end_delimiter }}'
-      start_delimiter: '### 4Loo'
+        replace: ''
-      end_delimiter: 'esac'
+      vars:
+        start_delimiter: '### 4Loo'
+        end_delimiter: 'esac'
+
+  - name: Delete old vn-host package
+    tags: vn-host
+    block:
+      - name: Get vn-host package version
+        shell: "dpkg-query -W -f='${Version}' vn-host 2>/dev/null || echo '0'"
+        register: vn_host_version
+        changed_when: false
+      - name: Display vn-host version
+        debug:
+          msg: "Version: {{ vn_host_version.stdout }}"
+      - name: Uninstall vn-host if old version
+        apt:
+          name: vn-host
+          state: absent
+        when: >
+          vn_host_version.stdout is version('3.0.0', '<')

playbooks/db.yml

@@ -1,5 +1,7 @@
 - name: Configure DB
   hosts: all
   tasks:
+  - import_role:
+      name: debian
   - import_role:
       name: db

playbooks/debian.yml

@@ -1,18 +1,5 @@
 - name: Configure base Debian host
   hosts: all
   tasks:
-  - name: Configure virtual machine or host (not LXC)
+  - import_role:
-    import_role:
+      name: debian
-      name: debian-host
-    when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm'
-  - name: Configure base system (all)
-    import_role:
-      name: debian-base 
-  - name: Configure guest
-    import_role:
-      name: debian-guest
-    when: ansible_virtualization_role == 'guest'
-  - name: Configure virtual machine
-    import_role:
-      name: debian-qemu
-    when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'

playbooks/debug.yml

@@ -0,0 +1,35 @@
+- name: Gather facts from host and debug
+  hosts: all
+  gather_facts: yes
+  tasks:
+
+  - name: Print ansible facts
+    tags: facts
+    debug:
+      var: ansible_facts
+
+  - name: Print all variables
+    tags: vars
+    debug:
+      var: vars
+
+  - name: Print variable value
+    tags: var
+    when: var_name is defined
+    debug:
+      msg: "{{ var_name }}: {{ lookup('vars', var_name, default='undefined') }}"
+
+  - name: Check whether host is alive and reachable
+    tags: ping
+    ping:
+
+  - name: Fetch or create passbolt password
+    tags: passbolt
+    debug:
+      msg: "{{ lookup(passbolt, 'test', password=passbolt_password) }}"
+    vars:
+      passbolt_password: 'S3cR3tP4$$w0rd'
+    environment:
+      PASSBOLT_CREATE_NEW_RESOURCE: true
+      PASSBOLT_NEW_RESOURCE_PASSWORD_LENGTH: 18
+      PASSBOLT_NEW_RESOURCE_PASSWORD_SPECIAL_CHARS: false

playbooks/delete.yml

@@ -1,24 +0,0 @@
-- name: List all disks
-  hosts: all
-  tasks:
-    - name: Get info disk information 2
-      shell: blkid | grep LABEL | awk {'print $2'}
-      register: blkid
-    
-    - name: Print valid labels
-      debug:
-        var: blkid
-
-    - name: Parsear stdout_lines para buscar etiquetas específicas
-      set_fact:
-        found_labels: >-
-          {{
-            blkid.stdout_lines
-            | map('regex_search', 'LABEL="(?P<label>[^"]+)"')
-            | select('defined')
-            | list
-          }}
-
-    - name: Print valid labels
-      debug:
-        var: found_labels

playbooks/facts.yml

@@ -1,10 +0,0 @@
-- name: Gather facts from host
-  hosts: all
-  gather_facts: yes
-  tasks:
-  - name: Print all available facts
-    debug:
-      var: ansible_facts
-  - name: Print variable value
-    debug:
-      msg: "Variable: {{ ansible_fqdn }}"

playbooks/kube.yml

@@ -1,5 +1,7 @@
 - name: Configure Kubernetes
   hosts: all
   tasks:
+  - import_role:
+      name: debian
   - import_role:
       name: kube

playbooks/passbolt.yml

@@ -1,12 +0,0 @@
-- name: Fetch or create passbolt password
-  hosts: all
-  gather_facts: no
-  tasks:
-  - debug:
-      msg: "{{ lookup(passbolt, 'test', password=passbolt_password) }}"
-    vars:
-      passbolt_password: 'S3cR3tP4$$w0rd'
-    environment:
-      PASSBOLT_CREATE_NEW_RESOURCE: true
-      PASSBOLT_NEW_RESOURCE_PASSWORD_LENGTH: 18
-      PASSBOLT_NEW_RESOURCE_PASSWORD_SPECIAL_CHARS: false

playbooks/ping.yml

@@ -1,6 +0,0 @@
-- name: Check whether host is alive and reachable
-  hosts: all
-  gather_facts: no
-  become: no
-  tasks:
-  - ping:

playbooks/pve.yml

@@ -1,5 +1,7 @@
 - name: Configure PVE
   hosts: all
   tasks:
+  - import_role:
+      name: debian
   - import_role:
       name: pve

roles/db/defaults/main.yaml

@@ -32,7 +32,12 @@ required_files_and_mariabackup_files_and_root_scripts:
   - { src: "files/scripts/promote-slave.sh", dest: "/root/scripts/promote-slave.sh", mode: "u=rwx,g=rx,o=rx" }
   - { src: "files/scripts/README.md", dest: "/root/scripts/README.md", mode: "u=rw,g=r,o=r" }
   - { src: "files/scripts/scheduler-log.sh", dest: "/root/scripts/scheduler-log.sh", mode: "u=rwx,g=rx,o=rx" }
-  - { src: "files/marianrpe/95-mariadb.cfg", dest: "/etc/nagios/nrpe.d/95-mariadb.cfg", mode: "u=rw,g=r,o=r" }  
+  - { src: "files/marianrpe/95-mariadb.cfg", dest: "/etc/nagios/nrpe.d/95-mariadb.cfg", mode: "u=rw,g=r,o=r" }
+
+mariabackup_test_dev_files:
+  - { src: "mariabackuptest/apply.sql", dest: "/root/mariabackup/", mode: "u=rw,g=r,o=r" }
+  - { src: "mariabackuptest/bacula-after.sh", dest: "/root/mariabackup/", mode: "u=rwx,g=rx,o=rx" }
+
 downloads:
   - { url: "https://r.mariadb.com/downloads/mariadb_repo_setup", dest: "/tmp/mariadb_repo_setup", mode: "u=rwx,g=rx,o=rx" }
   - { url: "https://repo.percona.com/apt/percona-release_latest.generic_all.deb", dest: "/tmp/percona-release_latest.generic_all.deb", mode: "u=rw,g=r,o=r" }

roles/db/files/scheduler-log.cron

@@ -0,0 +1 @@
+*/30 *  * * *  root  /root/scripts/scheduler-log.sh

roles/db/files/scripts/scheduler-log.sh

@@ -3,7 +3,9 @@ set -e
 
 logFile="/var/log/mysql/error.log"
 dateFile="/tmp/mysql_scheduler_log-lastdate"
-logTable="util.eventLog"
+logSchema="util"
+logTable="eventLog"
+pattern='^\d{4}-\d{2}-\d{2}\s+\d{1,2}:\d{2}:\d{2}\s+\d+\s+\[ERROR\] Event Scheduler:'
 purgeDays=30
 
 quote() {
@@ -17,33 +19,55 @@ if [ "$?" -ne "0" ]; then
 	exit
 fi
 
-if [ -f "$dateFile" ]; then
+tableExists=$(mysql -Ns -e "SHOW TABLES FROM $logSchema LIKE '$logTable'")
-	fromDate=$(cat "$dateFile")
+
-else
+if [ -z "$tableExists" ]; then
-	fromDate=0
+	mysql <<-EOF
+		CREATE SCHEMA IF NOT EXISTS $logSchema;
+		CREATE TABLE $logSchema.$logTable (
+			id int(11) NOT NULL AUTO_INCREMENT,
+			date datetime NOT NULL,
+			event varchar(512) NOT NULL,
+			error varchar(1024) NOT NULL,
+			PRIMARY KEY (id),
+			KEY date (date)
+		) ENGINE=InnoDB COMMENT='Event scheduler error log';
+	EOF
 fi
 
-lastDate=$(tail -n1 "$logFile" | awk '{print $1" "$2}')
+if [ -f "$dateFile" ]; then
-toDate=$(date +%s -d "$lastDate")
+	read -r fromDate < "$dateFile"
+else
+	fromDate=$(date -d "-$purgeDays days" +%s)
+fi
 
-awk -v fromDate="$fromDate" -v toDate="$toDate" '{
+toDate=$(date +%s)
+
+grep -P "$pattern" "$logFile" | awk -v fromDate="$fromDate" -v toDate="$toDate" '{
 	split($1, date, "-");
 	split($2, time, ":");
 	timestamp = mktime(date[1]" "date[2]" "date[3]" "time[1]" "time[2]" "time[3])
-	if (timestamp >= fromDate && timestamp < toDate && $4" "$5" "$6 == "[ERROR] Event Scheduler:") {
+	if (timestamp >= fromDate && timestamp < toDate) {
 		printf $1" "$2" "$7;
 		for (i=8; i<=NF; i++) printf FS $i ;
 		print "";
 	}
-}' "$logFile" | \
+}' | \
-\
 while read line; do
 	date="$(echo "$line" | cut -d' ' -f1,2)"
 	event="$(echo "$line" | cut -d' ' -f3)"
 	error="$(echo "$line" | cut -d' ' -f4-)"
-	echo "INSERT INTO $logTable (date, event, error)" \
+
-		"VALUES ($(quote "$date"), $(quote "$event"), $(quote "$error"))" | mysql
+	mysql <<-EOF
+		INSERT INTO $logSchema.$logTable SET
+			date = $(quote "$date"),
+			event = $(quote "$event"),
+			error = $(quote "$error")
+	EOF
 done
 
-echo -n "$toDate" > "$dateFile"
+echo "$toDate" > "$dateFile"
-echo "DELETE FROM $logTable WHERE date < TIMESTAMPADD(DAY, -$purgeDays, NOW())" | mysql
+mysql <<-EOF
+	DELETE FROM $logSchema.$logTable
+		WHERE date < TIMESTAMPADD(DAY, -$purgeDays, NOW())
+EOF

roles/db/tasks/mariadb.yml

@@ -62,10 +62,18 @@
   command: mount -a
   when: fstab.changed
 
-- name: Set MariaDB Cron to /etc/cron.d
+- name: Configure MariaDB check memory CRON
   template:
-    src: templates/cron_mariadb
+    src: check-memory.cron
-    dest: /etc/cron.d/vn
+    dest: /etc/cron.d/vn-check-memory
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+
+- name: Configure MariaDB scheduler log CRON
+  copy:
+    src: scheduler-log.cron
+    dest: /etc/cron.d/vn-scheduler-log
     owner: root
     group: root
     mode: u=rw,g=r,o=r
@@ -127,17 +135,6 @@
       group: root
       mode: u=rw,g=,o=
 
-  - name: Set MariaDB local configuration file for TestDB
-    copy:
-      src: "{{ item }}"
-      dest: /root/mariabackup/
-      owner: root
-      group: root
-      mode: u=rw,g=r,o=r
-    with_items:
-      - "mariabackuptest/apply.sql"
-      - "mariabackuptest/bacula-after.sh"
-  
   - name: Reminder to check mount points environment TestDB
     debug:
       msg: |
@@ -168,17 +165,6 @@
       group: root
       mode: u=rw,g=,o=
 
-  - name: Set MariaDB local configuration file for DevDB
-    copy:
-      src: "{{ item }}"
-      dest: /root/mariabackup/
-      owner: root
-      group: root
-      mode: u=rw,g=r,o=r
-    with_items:
-      - "mariabackupdev/apply.sql"
-      - "mariabackupdev/bacula-after.sh"
-  
   - name: Reminder to check mount points environment DevDB
     debug:
       msg: |
@@ -186,6 +172,18 @@
         - /mnt/mysqltmp
         Make sure they are correctly configured and accessible.
 
+- when: db.branch == 'dev' or db.branch == 'test'
+
+  block:  
+  - name: Set Mariabackup files for TestDB or DevDB
+    copy:
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      owner: root
+      group: root
+      mode: "{{ item.mode }}"
+    loop: "{{ mariabackup_test_dev_files }}"
+
 - name: Set Custom Configuration local template all Environment
   template:
     src: z99-local.cnf
@@ -207,7 +205,6 @@
     path: /var/lib/mysql/
   register: mysql_dir
 
-
 - when: mysql_dir.stat.exists
   block:
 

roles/db/templates/check-memory.cron

@@ -1,4 +1,3 @@
 MAILTO="{{ sysadmin_mail }}"
 
 */15 *  * * *  root  /root/scripts/check-memory.sh
-*/30 *  * * *  root  /root/scripts/scheduler-log.sh

roles/debian-base/files/profile.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-
-# Prompt
-
-FQDN=$(hostname --fqdn)
-
-if [[ $FQDN == *.verdnatura.es ]]; then
-    SHORT_HOST=${FQDN%.verdnatura.es}
-
-    case "$SHORT_HOST" in
-        *.dc)
-            ENVIRONMENT="\[\033[01;31m\]PRO\[\033[00m\]"
-            ;;
-        *.lab)
-            ENVIRONMENT="\[\033[01;35m\]LAB\[\033[00m\]"
-            ;;
-        *)
-            ENVIRONMENT="\[\033[01;32m\]VN\[\033[00m\]"
-            ;;
-    esac
-
-    PS1="\u@$SHORT_HOST[$ENVIRONMENT]:\w"
-
-    if [ "$(id -u)" -eq 0 ]; then
-        PS1="$PS1# "
-    else
-        PS1="$PS1\$ "
-    fi
-fi
-
-# History
-
-HISTSIZE=10000
-HISTFILESIZE=50000
-HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
-
-# Security
-
-TMOUT=3600
-
-# Aliases
-
-#export LS_OPTIONS='--color=auto'
-#eval "$(dircolors)"
-#alias ls='ls $LS_OPTIONS'
-#alias ll='ls $LS_OPTIONS -l'
-#alias la='ls $LS_OPTIONS -la'

roles/debian-base/tasks/main.yml

@@ -1,34 +0,0 @@
-- import_tasks: witness.yml
-  tags: witness
-- import_tasks: root.yml
-  tags: root
-- import_tasks: resolv.yml
-  tags: resolv
-- import_tasks: timesync.yml
-  tags: timesync
-- import_tasks: sshd_configure.yml
-  tags: sshd_configure
-- import_tasks: defuser.yml
-  tags: defuser
-- import_tasks: install.yml
-  tags: install
-- import_tasks: locale.yml
-  tags: locale
-- import_tasks: tzdata.yml
-  tags: tzdata
-- import_tasks: relayhost.yml
-  tags: relayhost
-- import_tasks: motd.yml
-  tags: motd
-- import_tasks: profile.yml
-  tags: profile
-- import_tasks: vim.yml
-  tags: vim
-- import_tasks: nrpe.yml
-  tags: nrpe
-- import_tasks: fail2ban.yml
-  tags: fail2ban
-- import_tasks: bacula.yml
-  tags: bacula
-- import_tasks: vn-repo.yml
-  tags: vn-repo

roles/debian-base/tasks/vn-repo.yml

@@ -1,3 +0,0 @@
-- name: Install package
-  apt:
-    deb: "{{ vn_host_url }}"

roles/debian-guest/handlers/main.yml

@@ -1,8 +0,0 @@
-- name: restart-nslcd
-  service:
-    name: nslcd
-    state: restarted
-- name: restart-ssh
-  systemd:
-    name: ssh
-    state: restarted

roles/debian-guest/tasks/main.yml

@@ -1,6 +0,0 @@
-- import_tasks: auth.yml
-  tags: auth
-- import_tasks: sudoers.yml
-  tags: sudoers
-- import_tasks: ssh_keys.yml
-  tags: ssh_keys

roles/debian-host/handlers/main.yml

@@ -1,4 +0,0 @@
-- name: restart-sysctl
-  systemd:
-    name: systemd-sysctl
-    state: restarted

roles/debian-host/tasks/main.yml

@@ -1,6 +0,0 @@
-- import_tasks: hostname.yml
-  tags: hostname
-- import_tasks: sysctl.yml
-  tags: sysctl
-- import_tasks: apparmor.yml
-  tags: apparmor

roles/debian-qemu/defaults/main.yml

@@ -1,8 +0,0 @@
-homes_path: /mnt/homes
-autofs_packages:
-  - nfs-common
-  - autofs
-  - libnfs-utils
-  - autofs-ldap
-blacklist_module_kernel: |
-  blacklist snd_hda_intel

roles/debian-qemu/handlers/main.yml

@@ -1,4 +0,0 @@
-- name: restart-autofs
-  service:
-    name: autofs
-    state: restarted

roles/debian-qemu/tasks/main.yml

@@ -1,10 +0,0 @@
-- import_tasks: agent.yml
-  tags: agent
-- import_tasks: hotplug.yml
-  tags: hotplug
-- import_tasks: autofs.yml
-  tags: autofs
-- import_tasks: blacklist.yml
-  tags: blacklist
-- import_tasks: grub_startup.yml
-  tags: grub_startup

roles/debian/defaults/main.yaml

@@ -1,5 +1,10 @@
+vn_env: lab
 vn_first_time: false
 vn_witness_checked: false
+send_test_email: true
+deb_packages:
+  - https://apt.verdnatura.es/pool/main/v/vn-host/vn-apt-source_3.0.1_all.deb
+  - https://apt.verdnatura.es/pool/main/v/vn-host/vn-host_3.0.1_all.deb
 grub_user: admin
 default_user: user
 fail2ban:
@@ -36,3 +41,11 @@ base_packages:
 locales_present:
   - en_US.UTF-8
   - es_ES.UTF-8
+homes_path: /mnt/homes
+autofs_packages:
+  - nfs-common
+  - autofs
+  - libnfs-utils
+  - autofs-ldap
+blacklist_module_kernel: |
+  blacklist snd_hda_intel

roles/debian/files/motd

@@ -9,26 +9,39 @@ BLINK="\033[5m"
 
 # Environment
 
-PRO="\033[1;5;31m"
-LAB="\033[0;35m"
-VN="\033[0;32m"
-UNKNOWN="\033[0;33m"
-
 FQDN=$(hostname --fqdn)
-case "$FQDN" in
+
-    *.dc.verdnatura.es)
+if [ -f "/etc/vn/env" ]; then
-        ENVIRONMENT="${PRO}Production${RESET}"
+    read -r VN_ENV < /etc/vn/env
-        ;;
+    case "$VN_ENV" in
-    *.lab.verdnatura.es)
+        lab)
-        ENVIRONMENT="${LAB}Laboratory${RESET}"
+            ENV_COLOR="\033[0;32m"
-        ;;
+            ENV_TEXT="Laboratory"
-    *.verdnatura.es)
+            ;;
-        ENVIRONMENT="${VN}Verdnatura${RESET}"
+        pre)
-        ;;
+            ENV_COLOR="\033[0;35m"
-    *)
+            ENV_TEXT="Pre-production"
-        ENVIRONMENT="${UNKNOWN}Unknown${RESET}"
+            ;;
-        ;;
+        test)
-esac
+            ENV_COLOR="\033[0;33m"
+            ENV_TEXT="Testing"
+            ;;
+        pro)
+            ENV_COLOR="\033[1;5;31m"
+            ENV_TEXT="Production"
+            ;;
+        *)
+            ENV_COLOR="\033[0;36m"
+            ENV_TEXT="$VN_ENV"
+            ;;
+    esac
+fi
+if [ -z "$ENV_TEXT" ]; then
+    ENV_COLOR="\033[0;37m"
+    ENV_TEXT="Undefined"
+fi
+
+ENV_TEXT="${ENV_COLOR}${ENV_TEXT}${RESET}"
 
 # Last login
 
@@ -57,7 +70,7 @@ if [ $SHOW_UPGRADEABLE -eq 1 ] ; then
     UPGRADEABLE="$(apt list --upgradable 2>/dev/null | tail -n +2 | wc -l)"
 
     if [ "$UPGRADEABLE" -gt 0 ]; then
-        UPGRADEABLE_ALERT="${BLINK}($UPGRADEABLE upgradeable)${RESET}"
+        UPGRADEABLE_ALERT="($UPGRADEABLE upgradeable)"
     fi
 fi
 
@@ -97,6 +110,6 @@ echo -e "${LABEL}Packages         :${RESET} $PACKAGES $UPGRADEABLE_ALERT"
 echo -e "${LABEL}IP               :${RESET}"
 echo -e "$NET_IPS"
 echo -e "${LABEL}Last Login       :${RESET} $LAST_LOGIN"
-echo -e "${LABEL}Environment      :${RESET} $ENVIRONMENT"
+echo -e "${LABEL}Environment      :${RESET} $ENV_TEXT"
 echo -e "${LABEL}Connected users  :${RESET}"
 echo -e "$CONNECTED_USERS"

roles/debian/files/profile.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# Prompt
+
+FQDN=$(hostname --fqdn)
+
+if [ -f "/etc/vn/env" ]; then
+    SHORT_HOST=${FQDN%.*.*}
+    if [ -z "$SHORT_HOST" ]; then
+        read -r SHORT_HOST < /etc/hostname
+    fi
+
+    read -r VN_ENV < /etc/vn/env
+    ENV_TEXT="$VN_ENV"
+
+    case "$VN_ENV" in
+        lab)
+            ENV_COLOR="\033[01;32m"
+            ;;
+        pre)
+            ENV_COLOR="\033[01;35m"
+            ;;
+        test)
+            ENV_COLOR="\033[01;33m"
+            ;;
+        pro)
+            ENV_COLOR="\033[01;31m"
+            ;;
+        *)
+            ENV_COLOR="\033[01;36m"
+            ENV_TEXT="${VN_ENV:0:3}"
+            ;;
+    esac
+
+    if [ -z "$ENV_TEXT" ]; then
+        ENV_TEXT="???"
+        ENV_COLOR="\033[01;37m"
+    fi
+
+    ENV_TEXT="\[${ENV_COLOR}\]${ENV_TEXT^^}\[\033[00m\]"
+    PS1="\u@$SHORT_HOST[$ENV_TEXT]:\w"
+
+    if [ "$(id -u)" -eq 0 ]; then
+        PS1="$PS1# "
+    else
+        PS1="$PS1\$ "
+    fi
+fi
+
+# History
+
+HISTSIZE=10000
+HISTFILESIZE=50000
+HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
+
+# Security
+
+TMOUT=3600
+
+# Aliases
+
+export LS_OPTIONS='--color=auto'
+eval "$(dircolors)"
+alias ls='ls $LS_OPTIONS'
+alias ll='ls $LS_OPTIONS -l'
+alias la='ls $LS_OPTIONS -la'

roles/debian/handlers/main.yml

@@ -18,6 +18,22 @@
   systemd:
     name: sshd
     state: restarted
+- name: restart-sysctl
+  systemd:
+    name: systemd-sysctl
+    state: restarted
+- name: restart-nslcd
+  service:
+    name: nslcd
+    state: restarted
+- name: restart-ssh
+  systemd:
+    name: ssh
+    state: restarted
+- name: restart-autofs
+  service:
+    name: autofs
+    state: restarted
 - name: generate locales
   command: /usr/sbin/locale-gen
 - name: reconfigure tzdata

roles/debian/tasks/config.yml

@@ -0,0 +1,9 @@
+- name: Create company configuration directory
+  file:
+    path: /etc/vn
+    state: directory
+
+- name: Set environment file
+  copy:
+    dest: /etc/vn/env
+    content: "{{vn_env}}\n"

roles/debian/tasks/main.yml

@@ -0,0 +1,73 @@
+
+- name: Configure virtual machine or host (not LXC)
+  when: ansible_virtualization_role == 'host' or ansible_virtualization_type == 'kvm'
+  block:
+    - import_tasks: hostname.yml
+      tags: hostname
+    - import_tasks: sysctl.yml
+      tags: sysctl
+    - import_tasks: apparmor.yml
+      tags: apparmor
+
+- name: Configure base system (all)
+  block:
+    - import_tasks: witness.yml
+      tags: witness
+    - import_tasks: config.yml
+      tags: config
+    - import_tasks: root.yml
+      tags: root
+    - import_tasks: resolv.yml
+      tags: resolv
+    - import_tasks: timesync.yml
+      tags: timesync
+    - import_tasks: sshd_configure.yml
+      tags: sshd_configure
+    - import_tasks: defuser.yml
+      tags: defuser
+    - import_tasks: install.yml
+      tags: install
+    - import_tasks: locale.yml
+      tags: locale
+    - import_tasks: tzdata.yml
+      tags: tzdata
+    - import_tasks: relayhost.yml
+      tags: relayhost
+    - import_tasks: motd.yml
+      tags: motd
+    - import_tasks: profile.yml
+      tags: profile
+    - import_tasks: vim.yml
+      tags: vim
+    - import_tasks: nrpe.yml
+      tags: nrpe
+    - import_tasks: fail2ban.yml
+      tags: fail2ban
+    - import_tasks: bacula.yml
+      tags: bacula
+    - import_tasks: vn-host.yml
+      tags: vn-host
+
+- name: Configure guest
+  when: ansible_virtualization_role == 'guest'
+  block:
+    - import_tasks: auth.yml
+      tags: auth
+    - import_tasks: sudoers.yml
+      tags: sudoers
+    - import_tasks: ssh_keys.yml
+      tags: ssh_keys
+
+- name: Configure virtual machine
+  when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'
+  block:
+    - import_tasks: agent.yml
+      tags: agent
+    - import_tasks: hotplug.yml
+      tags: hotplug
+    - import_tasks: autofs.yml
+      tags: autofs
+    - import_tasks: blacklist.yml
+      tags: blacklist
+    - import_tasks: grub_startup.yml
+      tags: grub_startup

roles/debian/tasks/relayhost.yml

@@ -27,7 +27,11 @@
   - name: Force execution of handlers immediately
     meta: flush_handlers
   - name: Sending mail to verify relay host configuration works
+    when: >
+      exim_config.changed
+      and send_test_email
+      and awx_user_email is defined
+      and awx_user_email | length > 0
     shell: >
       sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \
-        | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}"
+        | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ awx_user_email }}"
-    when: exim_config.changed

roles/debian/tasks/vn-host.yml

@@ -0,0 +1,4 @@
+- name: Install package
+  apt:
+    deb: "{{ item }}"
+  with_items: "{{ deb_packages }}"