No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
victor héry bbfc0da8cd ajout d'un role pour configurer des nodes prometheus (config node exporter basique) 11 months ago
host_vars ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly 3 years ago
roles ajout d'un role pour configurer des nodes prometheus (config node exporter basique) 11 months ago
.gitignore ajout des .retry dans le gitignore 1 year ago
LICENSE Initial commit 4 years ago
README.md ajout d'un role pour configurer des nodes prometheus (config node exporter basique) 11 months ago
ircbouncer.yml IRC bouncer corrected 4 years ago
mail.yml reorganizing roles 4 years ago
mariadb.yml typo on mariadb role 4 years ago
ovzdb.yml Add possibility to use beta version for openvzdiff-backup - see README 2 years ago
owncloud.yml ownCloud + NGINX + DOC 4 years ago
postint-full.yml sortie du deploiement de clef ssh du role common vers un role dedie, avec utilisation de dictionnaires au lieu de liste pour utiliser la possibilite d'ansible de merger des dictionnaire. WARN : transformez votre variable admin_ssh_keys en dictionnaire ! (cd README) 1 year ago
postint.yml sortie du deploiement de clef ssh du role common vers un role dedie, avec utilisation de dictionnaires au lieu de liste pour utiliser la possibilite d'ansible de merger des dictionnaire. WARN : transformez votre variable admin_ssh_keys en dictionnaire ! (cd README) 1 year ago
postint.yml.README Common: fix ntp template 4 years ago
prometheus_nodexporter.yml ajout d'un role pour configurer des nodes prometheus (config node exporter basique) 11 months ago
rudder-node.yml add rudder-node role to install a debian/ubuntu rudder node 1 year ago
ssh-curve.yml ssh-curve ajout du role ssh-curve + doc 1 year ago
unbound.yml ajout d'un role permettant de deployer unbound comme resolver local, avec forward zone vers une zone locales (.home, .lan, etc) 1 year ago
update.yml adding the right tag 4 years ago
xymon-client.yml dispatch xymon role into two role client and server to made deployment easier 1 year ago
xymon-server.yml dispatch xymon role into two role client and server to made deployment easier 1 year ago

README.md

configz

=======

Yet another ansible’s playbook repository

playbooks

======

  • postint.yml
    • run common role to install you packages, deploy ssh, keys, …
  • posting-full.yml
    • use roles common, xymon-client and rudder-node to have a fully compliant server

roles

======

  • Common
  • SSH keys
    • provides ssh keys deployement and blacklist
    • possibility to use dictionnaries to list keys
    • possibility to deploy different pools of keys on different servers with ansible hash_behaviour = merge
  • Update
    • allow install all update on hosts (tag normal)
    • allow update specific packages from list (tags packages)
    • use host_vars, group_vars or default vars to update packages list
  • Wallabag
  • Prosody
  • IRCBouncer
  • Mail
    • provides a complete mail server for a given domain name and the vdomain capability for other domains.
    • Note : This role starts in order : common, mariadb, and mail. If you don’t want one of them, please comment out.
    • Note2 : If you already have a SQL server, it wont erase the original config, but it needs a ~/.my.cnf.
    • TODO :
      • Razor/Pyzor
      • Roundcube
      • Simplify template copy
      • Postgrey
  • MariaDB
    • provides a lambda MariaDB server peered on 127.0.0.1:3306 with root MySQL password on ~/.my.cnf
  • ownCloud
    • provides a simple instance of ownCloud, with NGINX, PHP5-FPM, and MariaDB
  • xymon-client and xymon-server
    • https://www.xymon.com/
    • Provide installation of xymon server and xymon client monitoring system
    • Available for Debian (6 to 8) and Centos (6 to 7). WARN : xymon-server only for Debian (Centos dependencies are really hard to automate)
    • Configure apache for xymon-server
    • Configure xymon client and add the client in xymon server configuration to allow fetch data
    • Allow to disable and drop sonde from client
    • Note : Using xymon-client tag/role needs a working xymon-server (whenever the server was installed with the playbook or not)
    • Cloud be (theoretically, to be tested) used to update xymon server binaries to last stable release
  • ovzdb
    • http://projets.developpeur-neurasthenique.fr/projects/openvz-diff-backups
    • Install openvz-diff-backup to an openvz host to backup container
    • enable update of openvz-diff-backup thanks to 0.9.4 version
    • enable backup AND upload feature via cron
    • enable purge feature via cron
    • enable customization of configuration file
    • use standard installation method (conf in /etc, link binary to /usr/local/bin)
    • provide bonus hook to create files when problems occurs (additionnally to send emails), allowing monitoring with standard tool (ie xymon and else)
    • Possibility to use beta version in file directory: hard coded for the moment, name the file openvz-diff-backups_v0.9.8-beta.tar.gz and use -e beta=true on command line
  • rudder-node
  • unbound
    • Possibility to deploy unbound as a local resolver, with forwading zone to your local DNS server (ie .lan, .home, …)
    • You need to add unbound variables (see below)
  • ssh-curve : based from https://blog.arnaudminable.net/secure-shell-mon-amour-dechu/
    • DISCLAIMER : using this role WILL trigger “breaking attempt messages” with SSH as server keys are changed, do not forget to clean your know_hosts file(s)
    • needs debian jessie or later, centos 7 or later
    • configure ssh to use exclusively actual most secure cipher and algorithms
    • allow ssh port, listen address, password authent customization
    • generate ed25519 keys for server instead of RSA
    • configure ssh client to use strong algorithms
    • will create compatibility problem with old ssh versions (openwrt, old putty, debian wheezy)
  • prometheus_nodexporter : allow configuration for node with prometheus node-exporter
    • debian 9 and centos 7 compatible
    • You can configure prometheus_exporter_listen_address (default 0.0.0.0) and prometheus_exporter_listen_port (default 9100)
    • use file_sd_configs on prometheus server with prometheus_sd_directory (default to /etc/prometheus/nodes/) : ```
    • job_name: ‘node’ file_sd_configs:
      • files:
      • ’{{ prometheus_sd_directory }}/*.json’
      • ’{{ prometheus_sd_directory }}/*.yml’
      • ’{{ prometheus_sd_directory }}/*.yaml’ ```

example host file

=====


---
admin_ssh_keys: 
 0: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian

default_packages_debian: htop

description: machine test

# NTP
ntp_servers:
  - 0.pool.ntp.org
  - 1.pool.ntp.org
  - 2.pool.ntp.org
disable_ipv6: true

# Update
deb_packages_to_update:
  - apache2

centos_packages_to_update:
  - httpd

# Mail
domain: test.net

# MariaDB
mariadb_version: 10.0
mysql_root_password: changeme
mysql_host: localhost

# ircbouncer
znc_version: 1.4
irc_nick: (required)
irc_ident: (required)
irc_realname: (required)
irc_quitmsg: (required)
irc_password_hash: (required) # http://wiki.znc.in/Configuration#Pass
irc_password_salt: (required) # http://wiki.znc.in/Configuration#Pass
irc_timezone: "Europe/Paris" #Example: "Europe/Paris"
network_address: irc.my.network.net
network_port: 6697
network_channel: 1337Chan

# xmpp
prosody_admin: "admin@test.net"
prosody_virtual_domain: "test.net"
prosody_accounts: admin@test.net

#Wallabag
wallabag_version: 1.8.1
wallabag_domain: "read.{{ domain }}"
wallabag_salt: (required)
wallabag_db_username: wallabag
wallabag_db_password: (required)
wallabag_db_database: wallabag


#xymon
xymon_server: yyy.yyy.yyy.yyy # server IP address (mandatory)
xymon_htname: admin # server user for webinterface use
xymon_htpasswd: mysecurepasswd # server password for webinterface use
## xymon per client configuration (ie usually done in host_var)##
monitoring_file: dns ## Where to store the host in hosts.d xymon server directory (optionnal)
monitoring_section: dns ## Name of the page to use in xymon server webpage tree view (optionnal)
monitoring_ip: xxx.xxx.xxx.xxx ## IP address of the client to add in server (mandatory)
xymon_checks: "#" ## Checks to use for this client. Default '#' do a simple ping check
xymon_disabled_sondes: ## Allow to disable checks on clients (DEBIAN >= 8 only)
  - ntpq
  - libs

#ovzdb
## You can duplicate backup locally and remotely
## by using openvz host as backup_server and
## remote server as upload_server
## I advice to customize cron hour to have
## backup, then purge, then upload
backup_server: xxx.xxx.xxx.xxx
backup_dir: "/var/lib/vz/backups/OpenVZ/"
backup_minute: 10
backup_hour: 02
purge_minute: 10
purge_hour: 03
upload_server: yyy.yyy.yyy.yyy
upload_dir: "/var/lib/vz/backups/OpenVZ/"
upload_minute: 10
upload_hour: 05
admin_email: "your_email@example.com"

# rudder-node
rudder_server: 192.168.0.100
# vim: set textwidth=0 ft=yaml:

unbound_local_zone: "lan"
unbound_forward_dns: XXX.XXX.XXX.XXX

# ssh-curve
# ssh_port: (default 22)
# ssh_ipv4_listen: (default "0.0.0.0")
# ssh_ipv6_listen: (default "::")
# ssh_authorizedkeysfile: (default ".ssh/authorized_keys")
# ssh_pwd_authent: (default "no")