Merge branch 'main' into 8141_Fix_Nrpe_files

2025-03-05 09:03:27 +00:00 · 2025-03-05 09:03:27 +00:00 · 905fdf520c
parent ef2c36abc8 bff3b61714
commit 905fdf520c
14 changed files with 155 additions and 17 deletions
--- a/playbooks/dhcp.yml
+++ b/playbooks/dhcp.yml
@ -0,0 +1,6 @@
+- name: Configure DHCP
+  hosts: all
+  tasks:
+  - name: Configure services to install in the server
+    import_role:
+      name: dhcp
--- a/roles/db/defaults/main.yaml
+++ b/roles/db/defaults/main.yaml
@ -29,8 +29,8 @@ required_mariabackup_files_and_scripts:
  - { src: scripts/check-memory.sh, dest: /root/scripts/check-memory.sh, mode: u=rwx,g=rx,o=rx }
  - { src: scripts/export-privs.sh, dest: /root/scripts/export-privs.sh, mode: u=rwx,g=rx,o=rx }
  - { src: scripts/mysqltuner.pl, dest: /root/scripts/mysqltuner.pl, mode: u=rwx,g=rx,o=rx }
-  - { src: scripts/promote-master.sh, dest: /root/scripts/promote-master.sh, mode: u=rwx,g=rx,o=rx }
-  - { src: scripts/promote-slave.sh, dest: /root/scripts/promote-slave.sh, mode: u=rwx,g=rx,o=rx }
+  - { src: scripts/events-promote.sh, dest: /root/scripts/events-promote.sh, mode: u=rwx,g=rx,o=rx }
+  - { src: scripts/events-demote.sh, dest: /root/scripts/events-demote.sh, mode: u=rwx,g=rx,o=rx }
  - { src: scripts/README.md, dest: /root/scripts/README.md, mode: u=rw,g=r,o=r }
  - { src: scripts/scheduler-log.sh, dest: /root/scripts/scheduler-log.sh, mode: u=rwx,g=rx,o=rx }
 downloads:
--- a/roles/db/files/mariabackup/bacula-after.sh
+++ b/roles/db/files/mariabackup/bacula-after.sh
@ -5,8 +5,7 @@ myDir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 . "$myDir/config.sh"
 . "$myDir/apply.config.sh"

-todayDir=$(date +%Y-%m-%d)
-pattern="$baculaDir/mnt/local-backup/${todayDir}_??-??_full.gz"
+pattern="$baculaDir/mnt/local-backup/*_full.gz"
 files=($pattern)
 backupFile="${files[0]}"

@ -31,19 +30,23 @@ mysql < "$myDir/apply.sql"
 echo "Upgrading tables."
 mysql_upgrade

-echo "Applying repository changes."
-curl --silent --request POST --location --user "$jenkinsAuth" "$jenkinsUrl/build?delay=0sec"

-echo "Waiting for Jenkins job to end."
-jobResult=null
-while [ "$jobResult" = "null" ]; do
-	sleep 10
-	jobResult=$(curl --silent --location --user "$jenkinsAuth" "$jenkinsUrl/lastBuild/api/json" | jq --raw-output ".result")
-done
-echo "Job result: $jobResult"
+if [ -n "$jenkinsUrl" ]; then
+	echo "Applying repository changes."
+	curl --silent --request POST --location --user "$jenkinsAuth" "$jenkinsUrl/build?delay=0sec"

-echo "Promoting to master."
-"/root/scripts/promote-master.sh"
+	echo "Waiting for Jenkins job to end."
+	jobResult=null
+	while [ "$jobResult" = "null" ]; do
+		sleep 10
+		jobResult=$(curl --silent --location --user "$jenkinsAuth" "$jenkinsUrl/lastBuild/api/json" | jq --raw-output ".result")
+	done
+	echo "Job result: $jobResult"
+fi
+
+
+echo "Promoting Events."
+"/root/scripts/events-promote.sh"

 for node in "${dbClusterSiblings[@]}"; do
 	ssh root@$node service mysql start
--- a/roles/db/files/scripts/events-demote.sh
+++ b/roles/db/files/scripts/events-demote.sh
--- a/roles/db/files/scripts/events-promote.sh
+++ b/roles/db/files/scripts/events-promote.sh
--- a/roles/db/tasks/mariadb.yml
+++ b/roles/db/tasks/mariadb.yml
@ -13,7 +13,7 @@

 - name: Run MariaDB repository setup script
  command:
-    cmd: "/bin/bash /tmp/mariadb_repo_setup --mariadb-server-version=10.11.10"
+    cmd: "/bin/bash /tmp/mariadb_repo_setup --mariadb-server-version={{ db.version | default('10.11.10') }}"
    creates: "/etc/apt/sources.list.d/mariadb.list"

 - name: Install Percona repository package
--- a/roles/db/templates/mariabackup/apply.config.sh
+++ b/roles/db/templates/mariabackup/apply.config.sh
@ -15,5 +15,7 @@ dbClusterSiblings=()
 # Jenkins authentication string
 jenkinsAuth=jenkins:{{ lookup(passbolt, 'jenkinsAuth', folder_parent_id=passbolt_folder).password }}

+{% if db.jenkinsUrl is defined %}
 # Jenkins job URL
-jenkinsUrl=https://jenkins.verdnatura.es/job/Scheduler/job/db-apply-changes-{{ db.branch }}
+jenkinsUrl={{ db.jenkinsUrl }}
+{% endif %}
--- a/roles/dhcp/handlers/main.yml
+++ b/roles/dhcp/handlers/main.yml
@ -0,0 +1,4 @@
+- name: restart-dhcp
+  systemd:
+    name: isc-dhcp-server
+    state: restarted
--- a/roles/dhcp/tasks/dhcp.yml
+++ b/roles/dhcp/tasks/dhcp.yml
@ -0,0 +1,56 @@
+- name: Install DHCP packages
+  apt:
+    name: isc-dhcp-server
+    state: present
+    install_recommends: no
+- name: Set DHCP configurations from templates
+  template:
+    src: "{{ item }}"
+    dest: "/etc/dhcp/{{ item }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  loop:
+    - dhcpd.conf
+    - partner.conf
+  notify: restart-dhcp
+- name: Set rndc.key from template
+  template:
+    src: rndc.key
+    dest: /etc/dhcp/rndc.key
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  notify: restart-dhcp
+- name: Ensure that the directories exist
+  file:
+    path: "/etc/dhcp/subnets"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+- name: Map subnets
+  copy:
+    content: "{{ item.value }}"
+    dest: "/etc/dhcp/subnets/{{ item.key }}"
+    owner: root
+    group: root
+    mode: "0644"
+  loop: "{{ subnets_files | dict2items }}"
+- name: Get default IPv4 interface
+  command: ip -o -4 route show default
+  register: default_route
+- name: Extract interface default name
+  set_fact:
+    active_interface: "{{ default_route.stdout.split()[-1] }}"
+- name: Disable IPv6
+  replace:
+    path: /etc/default/isc-dhcp-server
+    regexp: '^INTERFACESv6="(.*)"'
+    replace: '#INTERFACESv6="\1"'
+- name: Set interface IPv4 
+  lineinfile:
+    path: /etc/default/isc-dhcp-server
+    regexp: '^INTERFACESv4='
+    line: 'INTERFACESv4="{{ active_interface }}"'
+    state: present
--- a/roles/dhcp/tasks/main.yml
+++ b/roles/dhcp/tasks/main.yml
@ -0,0 +1,3 @@
+- import_tasks: dhcp.yml
+  tags: dhcp
+
--- a/roles/dhcp/templates/dhcpd.conf
+++ b/roles/dhcp/templates/dhcpd.conf
@ -0,0 +1,58 @@
+include "/etc/dhcp/rndc.key";
+
+omapi-port 7911;
+omapi-key rndc-key;
+
+#++++++++++++++++++++++++++++++++++++++++++++++ Global
+
+authoritative;
+log-facility local7;
+update-static-leases on;
+use-host-decl-names on;
+default-lease-time 86400;
+max-lease-time 86400;
+
+option domain-name "{{ domain_name.name }}";
+option domain-name-servers {{ domain_name.servers }};
+option ntp-servers {{ ntp_servers }};
+
+# DHCP daemon uses default time zone UTC
+db-time-format local;
+
+# Allow each client to have exactly one lease, and expire
+# old leases if a new DHCPDISCOVER occurs
+one-lease-per-client true;
+
+# This checking cause just 1s time delay in responding DHCPDISCOVER messages
+# but it may help to abandone old leases from db
+ping-check true;
+
+#++++++++++++++++++++++++++++++++++++++++++++++ DNS
+
+ddns-update-style interim;
+ddns-updates on;
+
+deny client-updates;
+deny duplicates;
+deny declines;
+
+zone 10.in-addr.arpa. {
+	primary {{ domain_name.server_primary }};
+	key rndc-key;
+}
+zone 16.172.in-addr.arpa. {
+	primary {{ domain_name.server_primary }};
+	key rndc-key;
+}
+zone 168.192.in-addr.arpa. {
+	primary {{ domain_name.server_primary }};
+	key rndc-key;
+}
+
+on commit {
+	log (concat("Host registered: ", config-option host-name));
+}
+
+#++++++++++++++++++++++++++++++++++++++++++++++ Subnets
+
+{{ subnets }}
--- a/roles/dhcp/templates/partner.conf
+++ b/roles/dhcp/templates/partner.conf
@ -0,0 +1 @@
+{{ partner }}
--- a/roles/dhcp/templates/rndc.key
+++ b/roles/dhcp/templates/rndc.key
@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "{{ lookup(passbolt, 'rndc-key', folder_parent_id=passbolt_folder).password }}";
+};
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@ -2,3 +2,4 @@
  tags: timeserver
 - import_tasks: adsamba.yml
  tags: adsamba
+