From 383799879a012710acdcc45d459219f0f947cd33 Mon Sep 17 00:00:00 2001 From: Nemo Date: Sun, 12 Jul 2020 12:04:23 +0200 Subject: [PATCH] Move some specific-OS group_vars into role vars (ex: Debian.yml in the role vars folder) --- group_vars/all/all.yml | 2 ++ group_vars/os_centos.yml | 18 ----------- group_vars/os_debian.yml | 14 -------- group_vars/os_gentoo.yml | 18 ----------- playbook_general_deploy.yml | 9 +++--- roles/auto_reboot/tasks/main.yml | 4 +++ roles/auto_reboot/vars/Debian.yml | 3 ++ roles/auto_reboot/vars/Gentoo.yml | 3 ++ roles/auto_reboot/vars/RedHat.yml | 3 ++ roles/auto_upgrade/tasks/main.yml | 4 +++ roles/auto_upgrade/vars/Debian.yml | 3 ++ roles/auto_upgrade/vars/Gentoo.yml | 3 ++ roles/auto_upgrade/vars/RedHat.yml | 3 ++ roles/client_iptables/tasks/main.yml | 4 +++ roles/client_iptables/vars/Debian.yml | 3 ++ roles/client_iptables/vars/Gentoo.yml | 3 ++ roles/client_iptables/vars/RedHat.yml | 3 ++ roles/client_ntp/tasks/main.yml | 3 ++ roles/client_ntp/vars/Debian.yml | 3 ++ roles/client_ntp/vars/Gentoo.yml | 3 ++ roles/client_ntp/vars/RedHat.yml | 3 ++ roles/munin-async/README.md | 46 +++++++++++++++++++++++++++ roles/munin-async/defaults/main.yml | 12 +++++++ roles/munin-async/meta/main.yml | 26 +++++++++++++++ roles/munin-async/tasks/main.yml | 13 ++++++++ roles/munin-async/tasks/package.yml | 5 +++ roles/munin-async/tasks/service.yml | 6 ++++ roles/munin-async/tasks/user.yml | 8 +++++ roles/munin-async/vars/Debian.yml | 4 +++ roles/munin-async/vars/Gentoo.yml | 4 +++ roles/munin-async/vars/RedHat.yml | 4 +++ roles/users_sudo/tasks/main.yml | 3 ++ roles/users_sudo/vars/Debian.yml | 3 ++ roles/users_sudo/vars/Gentoo.yml | 3 ++ roles/users_sudo/vars/RedHat.yml | 3 ++ 35 files changed, 198 insertions(+), 54 deletions(-) create mode 100644 roles/auto_reboot/vars/Debian.yml create mode 100644 roles/auto_reboot/vars/Gentoo.yml create mode 100644 roles/auto_reboot/vars/RedHat.yml create mode 100644 roles/auto_upgrade/vars/Debian.yml create mode 100644 roles/auto_upgrade/vars/Gentoo.yml create mode 100644 roles/auto_upgrade/vars/RedHat.yml create mode 100644 roles/client_iptables/vars/Debian.yml create mode 100644 roles/client_iptables/vars/Gentoo.yml create mode 100644 roles/client_iptables/vars/RedHat.yml create mode 100644 roles/client_ntp/vars/Debian.yml create mode 100644 roles/client_ntp/vars/Gentoo.yml create mode 100644 roles/client_ntp/vars/RedHat.yml create mode 100644 roles/munin-async/README.md create mode 100644 roles/munin-async/defaults/main.yml create mode 100644 roles/munin-async/meta/main.yml create mode 100644 roles/munin-async/tasks/main.yml create mode 100644 roles/munin-async/tasks/package.yml create mode 100644 roles/munin-async/tasks/service.yml create mode 100644 roles/munin-async/tasks/user.yml create mode 100644 roles/munin-async/vars/Debian.yml create mode 100644 roles/munin-async/vars/Gentoo.yml create mode 100644 roles/munin-async/vars/RedHat.yml create mode 100644 roles/users_sudo/vars/Debian.yml create mode 100644 roles/users_sudo/vars/Gentoo.yml create mode 100644 roles/users_sudo/vars/RedHat.yml diff --git a/group_vars/all/all.yml b/group_vars/all/all.yml index 4085c54..9882a5b 100644 --- a/group_vars/all/all.yml +++ b/group_vars/all/all.yml @@ -23,3 +23,5 @@ main_domain: wirebrass.fr # Certbot admin Email address certbot_admin_email: contact@wirebrass.fr +# Munin server SSH pubkey +public_key_munin_user_host: "{{ vault_public_key_munin_user_host }}" diff --git a/group_vars/os_centos.yml b/group_vars/os_centos.yml index 8c7fee6..8046816 100644 --- a/group_vars/os_centos.yml +++ b/group_vars/os_centos.yml @@ -1,17 +1,3 @@ -# Service and package's name of NTP client on Debian -ntp_service_name: chronyd -ntp_package: chrony - -# Package's name of sudo package on Debian -sudo_package: sudo - -# Service and package's name of CRON on Debian -cron_service_name: crond -cron_package: cronie - -# Sudoers' group name on Debian -sudo_group: wheel - # Command to run to execute a Debian update cron_upgrade_job: /bin/yum -y upgrade ; /bin/yum -y autoremove @@ -22,7 +8,3 @@ tools_package: - sed - grep - net-tools - -# Define iptables save files for CentOS -iptables_save_file: /etc/sysconfig/iptables -ip6tables_save_file: /etc/sysconfig/ip6tables diff --git a/group_vars/os_debian.yml b/group_vars/os_debian.yml index 31895e5..3a1bc01 100644 --- a/group_vars/os_debian.yml +++ b/group_vars/os_debian.yml @@ -1,17 +1,3 @@ -# Service and package's name of NTP client on Debian -ntp_service_name: ntp -ntp_package: ntp - -# Package's name of sudo package on Debian -sudo_package: sudo - -# Service and package's name of CRON on Debian -cron_service_name: cron -cron_package: cron - -# Sudoers' group name on Debian -sudo_group: sudo - # Command to run to execute a Debian update cron_upgrade_job: export PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin; export TERM=rxvt-unicode-256color; apt-get -q update && apt-get -q -y upgrade && apt-get -q -y dist-upgrade && apt-get -q -y autoremove diff --git a/group_vars/os_gentoo.yml b/group_vars/os_gentoo.yml index d724cb6..e55a35e 100644 --- a/group_vars/os_gentoo.yml +++ b/group_vars/os_gentoo.yml @@ -1,24 +1,6 @@ -# Service and package's name of NTP client on Gentoo -ntp_service_name: ntpd -ntp_package: ntp - -# Package's name of sudo package on Gentoo -sudo_package: sudo - -# Service and package's name of CRON on Gentoo -cron_service_name: cronie -cron_package: cronie - -# Sudoers' group name on Gentoo -sudo_group: wheel - # Command to run to execute a Gentoo update cron_upgrade_job: emerge --sync --quiet && emerge --quiet-build -uvDN @world && emerge --quiet-build @preserved-rebuild && emerge --depclean && eselect news read -# Define iptables save files for Gentoo -iptables_save_file: /var/lib/iptables/rules-save -ip6tables_save_file: /var/lib/ip6tables/rules-save - # Tools to install on Gentoo hosts tools_package: - bind-tools diff --git a/playbook_general_deploy.yml b/playbook_general_deploy.yml index 2168a12..93150fe 100644 --- a/playbook_general_deploy.yml +++ b/playbook_general_deploy.yml @@ -1,12 +1,13 @@ --- - hosts: all roles: -# - auto_reboot -# - auto_upgrade + - auto_reboot + - auto_upgrade # - client_ntp # - client_resolvers # - client_tools # - users_sudo -# - client_iptables - - munin-node + - client_iptables +# - munin-node +# - munin-async diff --git a/roles/auto_reboot/tasks/main.yml b/roles/auto_reboot/tasks/main.yml index 3d54f34..189f35f 100644 --- a/roles/auto_reboot/tasks/main.yml +++ b/roles/auto_reboot/tasks/main.yml @@ -1,5 +1,9 @@ --- # Main tasks file for auto_reboot +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + when: auto_reboot + - import_tasks: package.yml - import_tasks: crontask.yml diff --git a/roles/auto_reboot/vars/Debian.yml b/roles/auto_reboot/vars/Debian.yml new file mode 100644 index 0000000..ee95880 --- /dev/null +++ b/roles/auto_reboot/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +cron_service_name: cron +cron_package: cron diff --git a/roles/auto_reboot/vars/Gentoo.yml b/roles/auto_reboot/vars/Gentoo.yml new file mode 100644 index 0000000..117e185 --- /dev/null +++ b/roles/auto_reboot/vars/Gentoo.yml @@ -0,0 +1,3 @@ +--- +cron_service_name: cronie +cron_package: cronie diff --git a/roles/auto_reboot/vars/RedHat.yml b/roles/auto_reboot/vars/RedHat.yml new file mode 100644 index 0000000..1970975 --- /dev/null +++ b/roles/auto_reboot/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- +cron_service_name: crond +cron_package: cronie diff --git a/roles/auto_upgrade/tasks/main.yml b/roles/auto_upgrade/tasks/main.yml index a13e48a..049aa6a 100644 --- a/roles/auto_upgrade/tasks/main.yml +++ b/roles/auto_upgrade/tasks/main.yml @@ -1,5 +1,9 @@ --- # Main tasks file for auto_upgrade +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + when: auto_upgrade + - import_tasks: package.yml - import_tasks: crontask.yml diff --git a/roles/auto_upgrade/vars/Debian.yml b/roles/auto_upgrade/vars/Debian.yml new file mode 100644 index 0000000..ee95880 --- /dev/null +++ b/roles/auto_upgrade/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +cron_service_name: cron +cron_package: cron diff --git a/roles/auto_upgrade/vars/Gentoo.yml b/roles/auto_upgrade/vars/Gentoo.yml new file mode 100644 index 0000000..117e185 --- /dev/null +++ b/roles/auto_upgrade/vars/Gentoo.yml @@ -0,0 +1,3 @@ +--- +cron_service_name: cronie +cron_package: cronie diff --git a/roles/auto_upgrade/vars/RedHat.yml b/roles/auto_upgrade/vars/RedHat.yml new file mode 100644 index 0000000..1970975 --- /dev/null +++ b/roles/auto_upgrade/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- +cron_service_name: crond +cron_package: cronie diff --git a/roles/client_iptables/tasks/main.yml b/roles/client_iptables/tasks/main.yml index 6f16280..0e6ad26 100644 --- a/roles/client_iptables/tasks/main.yml +++ b/roles/client_iptables/tasks/main.yml @@ -1,6 +1,10 @@ --- # Main tasks file for client_iptables +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + when: configure_iptables + - import_tasks: package.yml when: configure_iptables - import_tasks: iptables.yml diff --git a/roles/client_iptables/vars/Debian.yml b/roles/client_iptables/vars/Debian.yml new file mode 100644 index 0000000..0895e0b --- /dev/null +++ b/roles/client_iptables/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +iptables_save_file: /etc/iptables/rules.v4 +ip6tables_save_file: /etc/iptables/rules.v6 diff --git a/roles/client_iptables/vars/Gentoo.yml b/roles/client_iptables/vars/Gentoo.yml new file mode 100644 index 0000000..04f1c9a --- /dev/null +++ b/roles/client_iptables/vars/Gentoo.yml @@ -0,0 +1,3 @@ +--- +iptables_save_file: /var/lib/iptables/rules-save +ip6tables_save_file: /var/lib/ip6tables/rules-save diff --git a/roles/client_iptables/vars/RedHat.yml b/roles/client_iptables/vars/RedHat.yml new file mode 100644 index 0000000..56ed73e --- /dev/null +++ b/roles/client_iptables/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- +iptables_save_file: /etc/sysconfig/iptables +ip6tables_save_file: /etc/sysconfig/ip6tables diff --git a/roles/client_ntp/tasks/main.yml b/roles/client_ntp/tasks/main.yml index cfde7d2..f8eabaa 100644 --- a/roles/client_ntp/tasks/main.yml +++ b/roles/client_ntp/tasks/main.yml @@ -1,5 +1,8 @@ --- # Main tasks file for client_ntp +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + - import_tasks: package.yml - import_tasks: service.yml diff --git a/roles/client_ntp/vars/Debian.yml b/roles/client_ntp/vars/Debian.yml new file mode 100644 index 0000000..4f00cf9 --- /dev/null +++ b/roles/client_ntp/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +ntp_service_name: ntp +ntp_package: ntp diff --git a/roles/client_ntp/vars/Gentoo.yml b/roles/client_ntp/vars/Gentoo.yml new file mode 100644 index 0000000..3d61590 --- /dev/null +++ b/roles/client_ntp/vars/Gentoo.yml @@ -0,0 +1,3 @@ +--- +ntp_service_name: ntpd +ntp_package: ntp diff --git a/roles/client_ntp/vars/RedHat.yml b/roles/client_ntp/vars/RedHat.yml new file mode 100644 index 0000000..bc74787 --- /dev/null +++ b/roles/client_ntp/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- +ntp_service_name: chronyd +ntp_package: chrony diff --git a/roles/munin-async/README.md b/roles/munin-async/README.md new file mode 100644 index 0000000..b17e8ca --- /dev/null +++ b/roles/munin-async/README.md @@ -0,0 +1,46 @@ +Ansible Role: mnin-async +========= + +This role set up munin-async service for a GNU/Linux server. + +Requirements +------------ + +Munin node installed on nodes. + +Role Variables +-------------- + +All variables and default values are defined in `defaults/main.yml` : + + # Name of the munin-async service and munin-async package (depends on your OS, can be munin-async, munin-asyncd...) + munin-async_service_name: munin-asyncd + munin-async_package: munin-async + + # SSH pubkey of Munin server + munin_async_authorized_keys: [] + + # Munin async user + munin_async_user: munin-async + +Dependencies +------------ + +None. + +Example Playbook +---------------- + + - hosts: all + roles: + - munin-async + +License +------- + +BSD + +Author Information +------------------ + +This role was created in 2020 by Nemo. diff --git a/roles/munin-async/defaults/main.yml b/roles/munin-async/defaults/main.yml new file mode 100644 index 0000000..672e5fe --- /dev/null +++ b/roles/munin-async/defaults/main.yml @@ -0,0 +1,12 @@ +--- +# defaults file for munin-async + +# Name of the munin-async service and munin-async package (depends on your OS, can be munin-async, munin-asyncd...) +munin_async_service_name: munin-asyncd +munin_async_package: munin-async + +# SSH pubkey of Munin server +munin_async_authorized_key: "{{ public_key_munin_user_host }}" + +# Munin async user +munin_async_user: munin-async diff --git a/roles/munin-async/meta/main.yml b/roles/munin-async/meta/main.yml new file mode 100644 index 0000000..ade60ce --- /dev/null +++ b/roles/munin-async/meta/main.yml @@ -0,0 +1,26 @@ +galaxy_info: + author: nemo + description: Set up Munin async service for GNU/Linux. + company: Wirebrass + + license: license (BSD) + + min_ansible_version: 2.4 + + platforms: + - name: Debian + versions: + - stretch + - buster + - name: Gentoo + versions: + - all + + galaxy_tags: + - munin-async + - munin + - system + - server + - auto + +dependencies: [] diff --git a/roles/munin-async/tasks/main.yml b/roles/munin-async/tasks/main.yml new file mode 100644 index 0000000..f4a76ee --- /dev/null +++ b/roles/munin-async/tasks/main.yml @@ -0,0 +1,13 @@ +--- +# Main tasks file for munin-async + +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + when: "'munin_server' not in group_names" + +- import_tasks: package.yml + when: "'munin_server' not in group_names" +- import_tasks: service.yml + when: "'munin_server' not in group_names" +- import_tasks: user.yml + when: "'munin_server' not in group_names" diff --git a/roles/munin-async/tasks/package.yml b/roles/munin-async/tasks/package.yml new file mode 100644 index 0000000..a870d23 --- /dev/null +++ b/roles/munin-async/tasks/package.yml @@ -0,0 +1,5 @@ +--- +- name: Munin async installed + package: + name: "{{ munin_async_package }}" + state: present diff --git a/roles/munin-async/tasks/service.yml b/roles/munin-async/tasks/service.yml new file mode 100644 index 0000000..aa4f5f4 --- /dev/null +++ b/roles/munin-async/tasks/service.yml @@ -0,0 +1,6 @@ +--- +- name: Munin async enabled + service: + name: "{{ munin_async_service_name }}" + state: started + enabled: yes diff --git a/roles/munin-async/tasks/user.yml b/roles/munin-async/tasks/user.yml new file mode 100644 index 0000000..ae36e18 --- /dev/null +++ b/roles/munin-async/tasks/user.yml @@ -0,0 +1,8 @@ +--- +- name: Set up authorized key for Munin async user + authorized_key: + user: "{{ munin_async_user }}" + state: present + key: "{{ munin_async_authorized_key }}" + when: munin_async_authorized_key is defined + diff --git a/roles/munin-async/vars/Debian.yml b/roles/munin-async/vars/Debian.yml new file mode 100644 index 0000000..ddb9dca --- /dev/null +++ b/roles/munin-async/vars/Debian.yml @@ -0,0 +1,4 @@ +--- +munin_async_service_name: munin-async +munin_async_package: munin-async +munin_async_user: munin-async diff --git a/roles/munin-async/vars/Gentoo.yml b/roles/munin-async/vars/Gentoo.yml new file mode 100644 index 0000000..118b227 --- /dev/null +++ b/roles/munin-async/vars/Gentoo.yml @@ -0,0 +1,4 @@ +--- +munin_async_service_name: munin-asyncd +munin_async_package: munin-async +munin_async_user: munin-async diff --git a/roles/munin-async/vars/RedHat.yml b/roles/munin-async/vars/RedHat.yml new file mode 100644 index 0000000..ec66d43 --- /dev/null +++ b/roles/munin-async/vars/RedHat.yml @@ -0,0 +1,4 @@ +--- +munin_async_service_name: munin-asyncd +munin_async_package: munin-node +munin_async_user: munin diff --git a/roles/users_sudo/tasks/main.yml b/roles/users_sudo/tasks/main.yml index 2057106..940256e 100644 --- a/roles/users_sudo/tasks/main.yml +++ b/roles/users_sudo/tasks/main.yml @@ -1,6 +1,9 @@ --- # Main tasks file for users_sudo +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + - import_tasks: package.yml - import_tasks: group.yml - import_tasks: users.yml diff --git a/roles/users_sudo/vars/Debian.yml b/roles/users_sudo/vars/Debian.yml new file mode 100644 index 0000000..700edf1 --- /dev/null +++ b/roles/users_sudo/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +sudo_package: sudo +sudo_group: sudo diff --git a/roles/users_sudo/vars/Gentoo.yml b/roles/users_sudo/vars/Gentoo.yml new file mode 100644 index 0000000..833c694 --- /dev/null +++ b/roles/users_sudo/vars/Gentoo.yml @@ -0,0 +1,3 @@ +--- +sudo_package: sudo +sudo_group: wheel diff --git a/roles/users_sudo/vars/RedHat.yml b/roles/users_sudo/vars/RedHat.yml new file mode 100644 index 0000000..833c694 --- /dev/null +++ b/roles/users_sudo/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- +sudo_package: sudo +sudo_group: wheel